ok here are my sniplets as this was fun the first time around
please note that postfix requires database tables setup etc when using sql
i use postgresql, mysql will be similiar however sasl also requires
extra setup
basically postfix uses sasl, dovecot uses the database directly (no
sasl) and the virtual transport has to be dovecot
also note postfix has to be built with sasl support (aka libs compiled in)
i use freebsd, configs are similiar accross th various distros but this
should point you in the right direction
if you need further help please email me directly ([email protected])
i dont charge for stuff like this and dont feel bad took a few months
for me to put it all together and i program in machine code, assember,
c, python and build my own systems, its common for doc's to miss
'putting it all together'
relative parts from main.cf (postfix)
please be aware i run multiple instances of postfix so i use
/usr/home/postfix as my base dir, you will need to adjust paths
#Cyrus
smtpd_sasl_type = cyrus
smtpd_sasl_path = smtpd
#SASL Common
broken_sasl_auth_clients = yes
smtpd_sasl_security_options = noanonymous
smtpd_sasl_authenticated_header = yes
smtpd_sasl_local_domain = $myhostname
dovecot_destination_recipient_limit = 1
virtual_transport = dovecot
#Postgres Stuff
mydestination = pgsql:/usr/home/postfix/config/pgsql-mydestination.cf
#virtual_maps=pgsql:/usr/home/postfix/config/pgsql-virtual.cf
alias_maps=pgsql:/usr/home/postfix/config/pgsql-aliases.cf
#sender_canonical_maps = pgsql:/usr/home/postfix/config/pgsql-canonical.cf
transport_maps = hash:/usr/home/postfix/config/transport
#virtual_mailbox_lock = dotlock (i dont use this but dovecot lmtp might
if sharing accross network nfs shares)
file(s)
transport (is a black file just use touch to create it)
pgsql-aliases.cf :
# **** pgsql-virtual.cf ***
#
# pgsql config file for alias lookups on postfix
# comments are ok.
#
# the user name and password to log into the pgsql server
hosts = dovecot-mail18.scom.ca:5433
user = pgsql
password = 00
# the database name on the servers
dbname = scom_billing
# the table name
table = email_users
#
#Select source email address alias (ie sales@ etc aliases )
where_field = source
#Select destination email account address (final delivery)
select_field = destination
#Account Status (1=good)
additional_conditions = and status = '1'
pgsql-canonical.cf :
# **** pgsql-canonical.cf ****
#############################################
# pgsql config file for canonical lookups on postfix comments are ok.
#
# the user name and password to log into the pgsql server
hosts = dovecot-mail18.scom.ca:5433
user = pgsql
password = 00
# the database name on the servers
dbname = scom_billing
# the table name
table = email_users
#
select_field = source
where_field = destination
pgsql-mydestination.cf :
# /etc/postfix/pgsql-mydestination.cf
#####################################
# pgsql config file for local domain (like sendmail's sendmail.cw)
# lookups on postfix
# comments are ok.
#
# the user name and password to log into the pgsql server
hosts = dovecot-mail18.scom.ca:5433
user = pgsql
password = 00
# the database name on the servers
dbname = scom_billing
# the table name
table = email_users
#
select_field = domain
where_field = domain
#Account Status (1=good)
additional_conditions = and status = '1'
pgsql-virtual.cf (this is the big one) :
# **** pgsql-virtual.cf ***
#
# pgsql config file for alias lookups on postfix
# comments are ok.
#
# the user name and password to log into the pgsql server
hosts = dovecot-mail18.scom.ca:5433
user = pgsql
password = 00
# the database name on the servers
dbname = scom_billing
# the table name
table = email_users
#
#Select source email address alias (ie sales@ etc aliases )
where_field = source
#Select destination email account address (final delivery)
select_field = destination
#Account Status (1=good)
additional_conditions = and status = '1'
for sasl to work on outgoing postfix connections you need to map to a
sasl config file
i makde a sasl dir inside postfix config dir that links to where it
usually needs to be for sasl to find it
[00:29:56] mail18.scom.ca [root:0] /usr/home/postfix/config/sasl
# ll
total 10
drwxr-xr-x 2 root vmail uarch 3B Sep 1 2024 .
drwxr-xr-x 7 root wheel uarch 59B Jan 17 00:29 ..
lrwxr-xr-x 1 root wheel - 31B Mar 27 2013 smtpd.conf ->
/usr/local/lib/sasl2/smtpd.conf
smtpd.conf contains :
# cat smtpd.conf
#Local Password Database
#pwcheck_method: saslauthd
#mech_list: login plain
#saslauthd_path: /var/run/saslauthd
#Postygres
pwcheck_method: auxprop
mech_list: PLAIN LOGIN
auxprop_plugin: sql
sql_engine: pgsql
sql_hostnames: dovecot-mail18.scom.ca:5433
sql_database: scom_billing
sql_user: pgsql
sql_passwd: 00
sql_select: SELECT password FROM email_users WHERE username = '%u@%r'
and password <> 'alias' and currentcount_bad < maxcount and currentcount
< currentcount_threshold and currentcount_daily <
currentcount_daily_threshold and currentcount_monthly <
currentcount_monthly_threshold and currentcount_yearly <
currentcount_yearly_threshold and status = True
#Logging?
log_level: 7
Thanks - Paul Kudla (Manager SCOM.CA Internet Services Inc.)
Have A Happy Saturday AND Happy Sucessful 2026 !
Scom.ca Internet Services <http://www.scom.ca>
104-1009 Byron Street South
Whitby, Ontario - Canada
L1N 4S3
Toronto 416.642.7266
Main 1.866.411.7266
Fax 1.888.892.7266
Email [email protected]
On 2026-01-16 11:22 a.m., John Fawcett via dovecot wrote:
On 16/01/2026 15:09, Christophe Lohr via dovecot wrote:
Hello,
Please excuse my naive question.
I am trying to understand how "service auth" is supposed to work
between Postfix and Dovecot.
(https://doc.dovecot.org/2.4.2/howto/sasl/postfix.html)
Here is my test setup:
- dovecot and postfix talking in lmtpd (via unix_listener /var/spool/
postfix/private/dovecot-lmtp)
- dovecot and postfix talking in sasl (via unix_listener /var/spool/
postfix/private/auth)
- "bob" and "alice" are virtual users of the virtual domain
"my_domain.org"
- passwd-file (plain) is /etc/dovecot/passwd
Now, postrfix receive (by smtp) an email From: bob@my_domain.org To:
alice@my_domain.org
Postfix validate the domain according to its config (main.cf:
virtual_mailbox_domains=my_domain.org)
Then, it queries dovecot about these users via sasl: and that's where
it fails!
Here are logs from postfix:
2026-01-16T14:28:55.829532+01:00 pc-serveur postfix/qmgr[25055]:
CA20D880486: from=<bob@my_domain.org>, size=9988, nrcpt=1 (queue active)
2026-01-16T14:28:55.831365+01:00 pc-serveur postfix/lmtp[25080]:
CA20D880486: to=<alice@my_domain.org>, relay=pc-
serveur.my_domain.org[private/dovecot-lmtp], delay=0, delays=0/0/0/0,
dsn=5.1.1, status=bounced (host pc-serveur.tp-
reseaux.enstb.org[private/dovecot-lmtp] said: 550 5.1.1
<alice@my_domain.org> User doesn't exist: alice@my_domain.org (in
reply to RCPT TO command))
That does not look like a sasl request. This is postfix lmtp delivery
agent connecting to dovecot to deliver the message to dovecot, but
dovecot rejecting the email due to user not found.
Here are logs from dovecot:
Jan 16 14:28:55 lmtp(25081): Info: Connect from local
Jan 16 14:28:55 auth: Debug: conn unix:/run/dovecot/auth-userdb
(pid=25081,uid=118): Server accepted connection (fd=24)
Jan 16 14:28:55 auth: Debug: master in: USER 1 bob@my_domain.org
protocol=lmtp
Jan 16 14:28:55 auth(bob7): Debug: passwd-file: Performing userdb lookup
Jan 16 14:28:55 auth(bob7): Debug: passwd-file: lookup: user=bob7
file=/etc/dovecot/passwd
Jan 16 14:28:55 auth(bob7): Info: passwd-file: unknown user
Jan 16 14:28:55 auth(bob7): Debug: passwd-file: Finished userdb lookup
Jan 16 14:28:55 auth: Debug: userdb out: NOTFOUND 1
Jan 16 14:28:55 lmtp(25081): Info: Disconnect from local: Logged out
(state=READY)
Jan 16 14:28:55 lmtp(25081): Info: Connect from local
Jan 16 14:28:55 auth: Debug: master in: USER 2 alice@my_domain.org
protocol=lmtp
Jan 16 14:28:55 auth(alice7): Debug: passwd-file: Performing userdb
lookup
Jan 16 14:28:55 auth(alice7): Debug: passwd-file: lookup: user=alice7
file=/etc/dovecot/passwd
Jan 16 14:28:55 auth(alice7): Info: passwd-file: unknown user
Jan 16 14:28:55 auth(alice7): Debug: passwd-file: Finished userdb lookup
Jan 16 14:28:55 auth: Debug: userdb out: NOTFOUND 2
Jan 16 14:28:55 lmtp(25081): Info: Disconnect from local: Logged out
(state=READY)
So, what's wrong?
It seems to me that Dovecot receives a SASL request for the user
"bob@my_domain.org", but only does a lookup for "bob", without the
domain. Isn't it?
So, why? What can I do?
Best regards,
Christophe
Have you configured users on dovecot and are you able to login to imap
ok? Before integrating postfix and dovecot, is dovecot configured and
working?
John
_______________________________________________
dovecot mailing list -- [email protected]
To unsubscribe send an email to [email protected]
_______________________________________________
dovecot mailing list -- [email protected]
To unsubscribe send an email to [email protected]
