Quoting Rene Bakkum <rene.bak...@gmail.com>:
Hello all,
I am struggeling to get my Dovecot SASL to work within postfix. I have used
the configuration example listed on the main-site of dovecot and it
basically isn't giving me any success at all. I am probably missing
something easy, but after spending a few days testing and walking through
everything I could think about I thought figured it was better to ask :)
Hope someone can point me to the right direction.
My setup is that I have installed Ubuntu 9.04 (64bit), postfix and dovecot
linked to a MySQL database. The services are using maildirs which are stored
locally (no NFS). Postfix is using the LDA from dovecot to deliver the mail
and dovecot is used for IMAP and POP3. This is working and no problems at
all so far. The problem starts when I just want to enable the SASL
authentication from Dovecot. I used the 'guide' posted on
http://wiki.dovecot.org/HowTo/PostfixAndDovecotSASL or found at
http://www.postfix.org/SASL_README.html#server_dovecot
When I try to telnet to port 25 (smtp) than I doesn't looks like the SASL is
working...
220 mail003 ESMTP Postfix (Ubuntu)
ehlo localhost
250-mail003
250-PIPELINING
250-SIZE 10240000
250-VRFY
250-ETRN
250-STARTTLS
250-ENHANCEDSTATUSCODES
250-8BITMIME
250 DSN
Anything I missed in my configuration from either postfix/dovecot?
r...@mail003:/etc/postfix# dovecot --version
1.1.11
r...@mail003:~# dpkg-query -l postfix
+++-==============-===========
===-============================================
ii postfix 2.5.5-1.1 High-performance mail transport agent
Here are my configurations of both:
r...@mail003:/etc/postfix# dovecot -n
# 1.1.11: /etc/dovecot/dovecot.conf
# OS: Linux 2.6.28-16-server x86_64 Ubuntu 9.04 ext4
log_timestamp: %Y-%m-%d %H:%M:%S
protocols: imap pop3 imaps pop3s managesieve
ssl_cert_file: /etc/ssl/certs/ssl-mail.pem
ssl_key_file: /etc/ssl/private/ssl-mail.key
ssl_cipher_list:
ALL:!LOW:!SSLv2:ALL:!aNULL:!ADH:!eNULL:!EXP:RC4+RSA:+HIGH:+MEDIUM
login_dir: /var/run/dovecot/login
login_executable(default): /usr/lib/dovecot/imap-login
login_executable(imap): /usr/lib/dovecot/imap-login
login_executable(pop3): /usr/lib/dovecot/pop3-login
login_executable(managesieve): /usr/lib/dovecot/managesieve-login
login_greeting_capability(default): yes
login_greeting_capability(imap): yes
login_greeting_capability(pop3): no
login_greeting_capability(managesieve): no
mail_max_userip_connections(default): 10
mail_max_userip_connections(imap): 10
mail_max_userip_connections(pop3): 3
mail_max_userip_connections(managesieve): 10
mail_privileged_group: mail
mail_uid: 5000
mail_gid: 5000
mail_location: maildir:/home/vmail/%d/%n/.Maildir
mail_executable(default): /usr/lib/dovecot/imap
mail_executable(imap): /usr/lib/dovecot/imap
mail_executable(pop3): /usr/lib/dovecot/pop3
mail_executable(managesieve): /usr/lib/dovecot/managesieve
mail_plugin_dir(default): /usr/lib/dovecot/modules/imap
mail_plugin_dir(imap): /usr/lib/dovecot/modules/imap
mail_plugin_dir(pop3): /usr/lib/dovecot/modules/pop3
mail_plugin_dir(managesieve): /usr/lib/dovecot/modules/managesieve
imap_client_workarounds(default): outlook-idle delay-newmail
imap_client_workarounds(imap): outlook-idle delay-newmail
imap_client_workarounds(pop3):
imap_client_workarounds(managesieve):
pop3_client_workarounds(default):
pop3_client_workarounds(imap):
pop3_client_workarounds(pop3): outlook-no-nuls oe-ns-eoh
pop3_client_workarounds(managesieve):
sieve_storage(default):
sieve_storage(imap):
sieve_storage(pop3):
sieve_storage(managesieve): ~/sieve
sieve(default):
sieve(imap):
sieve(pop3):
sieve(managesieve): ~/.dovecot.sieve
auth default:
mechanisms: plain login
passdb:
driver: sql
args: /etc/dovecot/dovecot-sql.conf
userdb:
driver: sql
args: /etc/dovecot/dovecot-sql.conf
socket:
type: listen
client:
path: /var/spool/postfix/private/dovecot-auth
mode: 432
user: postfix
group: postfix
master:
path: /var/run/dovecot/auth-master
mode: 384
user: vmail
group: vmail
r...@mail003:/etc/dovecot# postconf -n
alias_database = hash:/etc/aliases
alias_maps = hash:/etc/aliases
append_dot_mydomain = no
biff = no
broken_sasl_auth_clients = yes
config_directory = /etc/postfix
home_mailbox = Maildir/
inet_interfaces = all
mailbox_command = /usr/lib/dovecot/deliver -c /etc/dovecot/dovecot-postfix.
conf -n -m "${EXTENSION}"
mailbox_size_limit = 0
mydestination = mail003.mydomain.nl, localhost.mydomain.nl, , localhost
myhostname = mail003.mydomain.nl
mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128
myorigin = /etc/mailname
readme_directory = no
recipient_delimiter = +
relayhost =
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
smtp_use_tls = yes
smtpd_banner = $myhostname ESMTP $mail_name (Ubuntu)
smtpd_recipient_restrictions = reject_unknown_sender_domain,
reject_unknown_recipient_domain, reject_unauth_pipelining,
permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination
smtpd_sasl_auth_enable = yes
smtpd_sasl_authenticated_header = yes
smtpd_sasl_local_domain = $myhostname
smtpd_sasl_path = private/dovecot-auth
smtpd_sasl_security_options = noanonymous
smtpd_sasl_type = dovecot
smtpd_sender_restrictions = reject_unknown_sender_domain
smtpd_tls_auth_only = yes
smtpd_tls_cert_file = /etc/ssl/certs/ssl-mail.pem
smtpd_tls_key_file = /etc/ssl/private/ssl-mail.key
smtpd_tls_mandatory_ciphers = medium, high
smtpd_tls_mandatory_protocols = SSLv3, TLSv1
smtpd_tls_received_header = yes
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
smtpd_use_tls = yes
tls_random_source = dev:/dev/urandom
virtual_alias_maps = mysql:/etc/postfix/mysql_alias.cf
virtual_gid_maps = mysql:/etc/postfix/mysql_gid.cf
virtual_mailbox_base = /
virtual_mailbox_domains = mysql:/etc/postfix/mysql_domains.cf
virtual_mailbox_maps = mysql:/etc/postfix/mysql_mailbox.cf
virtual_minimum_uid = 5000
virtual_transport = dovecot:
virtual_uid_maps = mysql:/etc/postfix/mysql_uid.cf
It's pretty much a default ubuntu install, only added the virtual stuff
myself.
Thanks for the help.
- Rene
Because you are using smtpd_tls_auth_only = yes, postfix only
announces sasl login to encrypted sessions.
quote from manual:
smtpd_tls_auth_only (default: no)
When TLS encryption is optional in the Postfix SMTP server, do
not announce or accept SASL authentication over unencrypted connections.
This feature is available in Postfix 2.2 and later.
So, you cannot use plain telnet for testing, you need to use:
openssl s_client -connect mailserver.address:25 -starttls smtp
--
Eero,
RHCE
