Hi dav, My internet was down overnight, snow plough hit encapsulation point.
These are my postfix config files, plus my dovecot stuff. Hope it helps. John A On 2018-02-11 06:12 PM, David Mehler wrote:
Hello, Does anyone have Android's aquamail app successfully connecting to a Postfix server? If so, w hat settings did you use? I keep getting an authentication denied error. I've tried for authentication choose automatically, sasl plain, sasl login. For server security I've tried ssl strict check, ssl accept any (both on port 465), and starttls strict check and starttls accept any (port 587). Thanks. Dave.
alias_maps = hash:/etc/aliases append_dot_mydomain = no biff = no bounce_size_limit = 65536 compatibility_level = 2 content_filter = smtp-amavis:[127.0.0.1]:10024 default_process_limit = 20 delay_warning_time = 12h disable_vrfy_command = yes header_size_limit = 32768 home_mailbox = Maildir/ html_directory = /usr/share/doc/postfix/html inet_protocols = all mailbox_transport = lmtp:unix:private/dovecot-lmtp message_size_limit = 32768000 mime_header_checks = pcre:/etc/postfix/maps/mime_header_checks.pcre mydestination = localhost, localhost.localdomain, localdomain mydomain = klam.ca myhostname = smtp.$mydomain mynetworks = 127.0.0.0/8, [::1]/128 myorigin = $mydomain postscreen_access_list = permit_mynetworks postscreen_bare_newline_action = enforce postscreen_bare_newline_enable = yes postscreen_blacklist_action = drop postscreen_disable_vrfy_command = $disable_vrfy_command postscreen_dnsbl_action = enforce postscreen_dnsbl_sites = zen.spamhaus.org*3 b.barracudacentral.org*2 bl.spameatingmonkey.net*2 bl.ipv6.spameatingmonkey.net*2 bl.spamcop.net dnsbl.sorbs.net psbl.surriel.com bl.mailspike.net swl.spamhaus.org*-4 list.dnswl.org=127.[0..255].[0..255].0*-2 list.dnswl.org=127.[0..255].[0..255].1*-3 list.dnswl.org=127.[0..255].[0..255].[2..255]*-4 postscreen_dnsbl_threshold = 3 postscreen_dnsbl_whitelist_threshold = -1 postscreen_enforce_tls = $smtpd_enforce_tls postscreen_greet_action = enforce postscreen_helo_required = yes postscreen_non_smtp_command_enable = yes postscreen_pipelining_enable = yes postscreen_use_tls = $smtpd_use_tls readme_directory = /usr/share/doc/postfix recipient_delimiter = + relocated_maps = hash:/etc/postfix/maps/relocated smtp_dns_support_level = dnssec smtp_tls_ciphers = high smtp_tls_exclude_ciphers = DES, MD5, RC2, RC4, RC5, IDEA, SRP, PSK, aDSS, kECDhe, kECDhr, kDHd, kDHr, SEED, LOW, EXPORT smtp_tls_mandatory_protocols = !SSLv2, !SSLv3 smtp_tls_protocols = !SSLv2, !SSLv3 smtp_tls_security_level = dane smtpd_banner = $myhostname ESMTP smtpd_client_restrictions = reject_unknown_reverse_client_hostname, reject_rbl_client zen.spamhaus.org, reject_rbl_client b.barracudacentral.org, reject_rbl_client bl.spameatingmonkey.net, reject_rbl_client bl.ipv6.spameatingmonkey.net, reject_rbl_client bl.spamcop.net smtpd_data_restrictions = reject_multi_recipient_bounce, reject_unauth_pipelining smtpd_delay_reject = yes smtpd_error_sleep_time = 1s smtpd_etrn_restrictions = reject smtpd_helo_required = yes smtpd_helo_restrictions = reject_invalid_helo_hostname, reject_non_fqdn_helo_hostname, check_helo_access pcre:/etc/postfix/maps/helo_checks.pcre smtpd_recipient_limit = 128 smtpd_recipient_restrictions = reject_non_fqdn_recipient, reject_unknown_recipient_domain, check_recipient_access pcre:/etc/postfix/maps/recipient_checks.pcre, check_recipient_access hash:/etc/postfix/maps/recipient_checks smtpd_relay_restrictions = reject_unauth_destination smtpd_sasl_auth_enable = no smtpd_sender_restrictions = reject_non_fqdn_sender, reject_unknown_sender_domain, check_sender_access hash:/etc/postfix/maps/sender_checks smtpd_tls_auth_only = yes smtpd_tls_cert_file = /etc/letsencrypt/live/mail.klam.ca/fullchain.pem smtpd_tls_ciphers = high smtpd_tls_eecdh_grade = auto smtpd_tls_exclude_ciphers = $smtp_tls_exclude_ciphers smtpd_tls_key_file = /etc/letsencrypt/live/mail.klam.ca/privkey.pem smtpd_tls_mandatory_protocols = $smtp_tls_mandatory_protocols smtpd_tls_protocols = $smtp_tls_protocols smtpd_tls_received_header = yes smtpd_tls_security_level = may strict_rfc821_envelopes = yes transport_maps = hash:/etc/postfix/maps/transport virtual_alias_maps = proxy:pgsql:/etc/postfix/sql/virtual_alias_map.sql, proxy:pgsql:/etc/postfix/sql/virtual_alias_domain_map.sql virtual_mailbox_domains = proxy:pgsql:/etc/postfix/sql/virtual_domain_map.sql virtual_mailbox_maps = proxy:pgsql:/etc/postfix/sql/virtual_mailbox_map.sql, proxy:pgsql:/etc/postfix/sql/virtual_alias_domain_mailbox_map.sql virtual_transport = lmtp:unix:private/dovecot-lmtp
smtp inet n - n - 1 postscreen smtpd pass - - n - - smtpd -o cleanup_service_name=pre-cleanup pickup fifo n - n 60 1 pickup -o cleanup_service_name=pre-cleanup submission inet n - n - 30 smtpd -o content_filter=smtp-amavis:[127.0.0.1]:10026 -o syslog_name=postfix/submission -o smtpd_tls_security_level=encrypt -o smtpd_sasl_auth_enable=yes -o smtpd_sasl_type=dovecot -o smtpd_sasl_path=private/dovecot-auth -o smtpd_sasl_local_domain=$mydomain -o broken_sasl_auth_clients=yes -o smtpd_sasl_authenticated_header=yes -o smtpd_client_restrictions= -o smtpd_data_restrictions= -o smtpd_etrn_restrictions=reject -o smtpd_helo_restrictions= -o {smtpd_recipient_restrictions=check_sender_access hash:/etc/postfix/maps/submission_access, reject} -o smtpd_relay_restrictions= -o smtpd_sender_restrictions= -o smtpd_client_connection_count_limit=15 -o smtpd_client_connection_rate_limit=80 -o smtpd_delay_reject=yes -o cleanup_service_name=pre-cleanup qmgr fifo n - n 300 1 qmgr tlsmgr unix - - n 1000? 1 tlsmgr rewrite unix - - n - - trivial-rewrite bounce unix - - n - 0 bounce defer unix - - n - 0 bounce trace unix - - n - 0 bounce verify unix - - n - 1 verify flush unix n - n 1000? 0 flush proxymap unix - - n - - proxymap proxywrite unix - - n - 1 proxymap smtp unix - - n - - smtp -o smtp_sasl_auth_enable=no -o smtp_bind_address=74.116.186.178 -o smtp_bind_address6=2606:6d00:100:4301::1:200 relay unix - - n - - smtp showq unix n - n - - showq error unix - - n - - error retry unix - - n - - error discard unix - - n - - discard local unix - n n - - local virtual unix - n n - - virtual lmtp unix - - n - - lmtp anvil unix - - n - 1 anvil scache unix - - n - 1 scache smtp-amavis unix - - n - 4 smtp -o smtp_data_done_timeout=1200 -o smtp_send_xforward_command=yes -o smtp_tls_note_starttls_offer=no 127.0.0.1:10025 inet n - n - - smtpd -o content_filter= -o mynetworks=127.0.0.0/8 -o smtpd_delay_reject=no -o smtpd_client_restrictions=permit_mynetworks,reject -o smtpd_helo_restrictions= -o smtpd_sender_restrictions= -o smtpd_relay_restrictions=permit_mynetworks,reject -o smtpd_recipient_restrictions=permit_mynetworks,reject -o smtpd_data_restrictions=reject_unauth_pipelining -o smtpd_end_of_data_restrictions= -o smtpd_restriction_classes= -o smtpd_error_sleep_time=0 -o smtpd_soft_error_limit=1001 -o smtpd_hard_error_limit=1000 -o smtpd_client_connection_count_limit=0 -o smtpd_client_connection_rate_limit=0 -o local_header_rewrite_clients= -o local_recipient_maps= -o receive_override_options=no_header_body_checks,no_unknown_recipient_checks,no_milters -o smtpd_tls_security_level=none -o local_recipient_maps= -o relay_recipient_maps= pre-cleanup unix n - n - 0 cleanup -o virtual_alias_maps= cleanup unix n - n - 0 cleanup -o mime_header_checks= -o nested_header_checks= -o header_checks= -o body_checks= dnsblog unix - - n - 0 dnsblog tlsproxy unix - - n - 0 tlsproxy
# 2.0.18: /etc/dovecot/dovecot.conf # OS: Linux 3.2.0-2-amd64 x86_64 Debian wheezy/sid ext4 #=================================================================================== protocols = imap lmtp sieve mail_home = /srv/vmail/%d/%n/home mail_location = maildir:/srv/vmail/%d/%n/maildir mail_uid = vmail mail_gid = vmail mail_privileged_group = vmail first_valid_uid = 1001 last_valid_uid = 0 first_valid_gid = 1001 last_valid_gid = 0 lda_mailbox_autocreate = yes lda_mailbox_autosubscribe = yes recipient_delimiter = + lmtp_save_to_detail_mailbox = yes maildir_copy_with_hardlinks = yes maildir_very_dirty_syncs = yes maildir_broken_filename_sizes = yes #=================================================================================== listen = *,[::] disable_plaintext_auth = yes auth_mechanisms = digest-md5 cram-md5 login passdb { driver = sql args = /etc/dovecot/sql/dovecot-sql.conf.ext } userdb { driver = static args = uid=vmail gid=vmail home=/srv/vmail/%d/%n/home mail=maildir:/srv/vmail/%d/%n/maildir } #=================================================================================== #log_path = syslog log_path = /var/log/dovecot.log syslog_facility = mail mail_debug=no log_timestamp = "%Y-%m-%d %H:%M:%S %b %d - " #=================================================================================== ssl = required ssl_cert = </etc/letsencrypt/live/mail.klam.ca/fullchain.pem ssl_key = </etc/letsencrypt/live/mail.klam.ca/privkey.pem ssl_protocols = !SSLv3 ssl_cipher_list = ALL:!LOW:!ADH:!SSLv2:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!SRP:!DSS:!RC4:+HIGH:+MEDIUM #=================================================================================== namespace inbox { type = private separator = . inbox = yes subscriptions = yes } #=================================================================================== service lmtp { unix_listener /var/spool/postfix/private/dovecot-lmtp { group = postfix mode = 0660 user = postfix } } protocol lmtp { mail_plugins = sieve mail_fsync = optimized postmaster_address = postmas...@klam.ca } #=================================================================================== service auth { unix_listener /var/spool/postfix/private/dovecot-auth { group = postfix mode = 0660 user = postfix } unix_listener auth-master { group = vmail mode = 0660 user = vmail } user = root } #=================================================================================== service imap-login { inet_listener imap { port = 0 } inet_listener imaps { port = 993 } } service imap { } protocol imap { mail_plugins = imap_sieve imap_client_workarounds = delay-newmail tb-extra-mailbox-sep mail_max_userip_connections = 30 } #=================================================================================== service managesieve-login { inet_listener sieve { port = 4190 } # 1 is more secure, but 0 is faster # service_count = 1 # process_min_avail = 0 # vsz_limit = 64M } service managesieve { # Max. number of ManageSieve processes (connections) # process_limit = 1024 } # Service configuration protocol sieve { # managesieve_max_line_length = 65536 # mail_max_userip_connections = 10 # managesieve_logout_format = bytes=%i/%o # managesieve_implementation_string = Dovecot Pigeonhole # managesieve_max_compile_errors = 5 } plugin { sieve = file:~/sieve;active=~/.dovecot.sieve # sieve_default = /srv/vmail/conf.d/sieve/default.sieve # sieve_default_name = default # sieve_global = /srv/vmail/conf.d/sieve # sieve_before = /var/lib/dovecot/sieve.d/ # sieve_before2 = ldap:/etc/sieve-ldap.conf;name=ldap-domain # sieve_before3 = (etc...) # sieve_after = # sieve_after2 = # sieve_after2 = (etc...) sieve_extensions = +notify +imapflags recipient_delimiter = + # The path to the file where the user log is written. If not configured, a # default location is used. If the main user's personal Sieve (as configured # with sieve=) is a file, the logfile is set to <filename>.log by default. If # it is not a file, the default user log file is ~/.dovecot.sieve.log. sieve_user_log = ~/.dovecot.sieve.log # Specifies what envelope sender address is used for redirected messages. # The following values are supported for this setting: # # "sender" - The sender address is used (default). # "recipient" - The final recipient address is used. # "orig_recipient" - The original recipient is used. # "user_email" - The user's primary address is used. This is # configured with the "sieve_user_email" setting. If # that setting is unconfigured, "user_mail" is equal to # "recipient". # "postmaster" - The postmaster_address configured for the LDA. # "<user@domain>" - Redirected messages are always sent from user@domain. # The angle brackets are mandatory. The null "<>" address # is also supported. # # This setting is ignored when the envelope sender is "<>". In that case the # sender of the redirected message is also always "<>". #sieve_redirect_envelope_from = sender ## TRACE DEBUGGING # Trace debugging provides detailed insight in the operations performed by # the Sieve script. These settings apply to both the LDA Sieve plugin and the # IMAPSIEVE plugin. # # WARNING: On a busy server, this functionality can quickly fill up the trace # directory with a lot of trace files. Enable this only temporarily and as # selective as possible. # The directory where trace files are written. Trace debugging is disabled if # this setting is not configured or if the directory does not exist. If the # path is relative or it starts with "~/" it is interpreted relative to the # current user's home directory. #sieve_trace_dir = # The verbosity level of the trace messages. Trace debugging is disabled if # this setting is not configured. Possible values are: # # "actions" - Only print executed action commands, like keep, # fileinto, reject and redirect. # "commands" - Print any executed command, excluding test commands. # "tests" - Print all executed commands and performed tests. # "matching" - Print all executed commands, performed tests and the # values matched in those tests. sieve_trace_level = actions # Enables highly verbose debugging messages that are usually only useful for # developers. #sieve_trace_debug = yes # Enables showing byte code addresses in the trace output, rather than only # the source line numbers. #sieve_trace_addresses = no } #==================================================================================