Re: dovecot sasl with postfix, smtp auth not available
Hi Markus, The output as follows. 1. postconf -n alias_database = hash:/etc/aliases alias_maps = hash:/etc/aliases append_dot_mydomain = no biff = no broken_sasl_auth_clients = yes cafile = /etc/letsencrypt/live/www.zystro.xyz/cert. pem compatibility_level = 3.5 disable_vrfy_command = yes home_mailbox = Mailbox inet_interfaces = all inet_protocols = all mailbox_command = mailbox_size_limit = 1048576000 maximal_backoff_time = 3h message_size_limit = 10485760 minimal_backoff_time = 180s mydestination = $mydomain, $myhostname, localhost mydomain = zystro.xyz myhostname = www.zystro.xyz mynetworks_style = host myorigin = $mydomain readme_directory = no recipient_delimiter = + relayhost = smtp_always_send_ehlo = yes smtp_helo_timeout = 15s smtp_rcpt_timeout = 15s smtp_sasl_auth_enable = yes smtp_tls_CAfile = $cafile smtp_tls_cert_file = $tcert smtp_tls_key_file = $tkey smtp_tls_security_level = may smtp_tls_session_cache_database = btree:${data_dire ctory}/smtp_scache smtpd_banner = $myhostname smtpd_client_restrictions = reject_rbl_client dnsbl .sorbs.net smtpd_delay_reject = yes smtpd_helo_required = yes smtpd_helo_restrictions = reject_invalid_helo_hostn ame, reject_non_fqdn_helo_hostname, reject_unknown_ helo_hostname smtpd_recipient_limit = 40 smtpd_recipient_restrictions = reject_invalid_hostn ame, reject_unknown_recipient_domain, reject_unauth _destination, reject_rbl_client sbl.spamhaus.org, p ermit smtpd_relay_restrictions = permit_mynetworks permit _sasl_authenticated reject_unauth_destination smtpd_sasl_auth_enable = yes smtpd_sasl_path = private/auth smtpd_sasl_type = dovecot smtpd_timeout = 30s smtpd_tls_cert_file = $tcert smtpd_tls_key_file = $tkey smtpd_tls_security_level = encrypt strict_rfc821_envelopes = yes tcert = /etc/letsencrypt/live/www.zystro.xyz/fullch ain.pem tkey = /etc/letsencrypt/live/www.zystro.xyz/privkey .pem virtual_alias_maps = hash:/etc/postfix/virtual root@www:~# 2. postconf -M smtp inet n - y - - smtpd pickup unix n - y 60 1 pickup cleanup unix n - y - 0 cleanup qmgr unix n - n 300 1 qmgr tlsmgr unix - - y 1000? 1 tlsmgr rewrite unix - - y - - trivial-rewrite bounce unix - - y - 0 bounce defer unix - - y - 0 bounce trace unix - - y - 0 bounce verify unix - - y - 1 verify flush unix n - y 1000? 0 flush proxymap unix - - n - - proxymap proxywrite unix - - n - 1 proxymap smtp unix - - y - - smtp relay unix - - y - - smtp -o syslog_name=postfix/$service_name showq unix n - y - - showq error unix - - y - - error retry unix - - y - - error discard unix - - y - - discard local unix - n n - - local virtual unix - n n - - virtual lmtp unix - - y - - lmtp anvil unix - - y - 1 anvil scache unix - - y - 1 scache postlog unix-dgram n - n - 1 postlogd maildrop unix - n n - - pipe flags=DRXhu user=vmail argv=/usr/bin/mai ldrop -d ${recipient} uucp unix - n n - - pipe flags=Fqhu user=uucp argv=uux -r -n -z - a$sender - $nexthop!rmail ($recipient) ifmail unix - n n - - pipe flags=F user=ftn argv=/usr/lib/ifmail/if mail -r $nexthop ($recipient) bsmtp unix - n n - - pipe flags=Fq. user=bsmtp argv=/usr/lib/bsmtp /bsmtp -t$nexthop -f$sender $recipient scalemail-backend unix - n n - 2 pipe flags=R user=scalemail argv=/usr/lib/sca lemail/bin/scalemail-store ${nexthop} ${user} ${ext ension} mailman unix - n n - - pipe flags=FRX user=list argv=/usr/lib/mailma n/bin/postfix-to-mailman.py ${nexthop} ${user} smtps inet n - - - - smtpd -o syslog_name=postfix/smtps -o smtpd_t ls_wrappermode=yes -o smtpd_sasl_auth_enable=yes -o smtpd_client_restrictions= permit_sasl_authenticat ed, reject -o milter_macro_daemon_name= ORIGINATING submission inet n - - - - smtpd -o smtpd_etrn_restrictions=reject -o sm tpd_enforce_tls=yes -o smtpd_tls_security_level=enc rypt -o smtpd_sasl_auth_enable=yes -o smtpd_sasl_ty pe=dovecot -o smtpd_sasl_path=private/auth -o smtpd _sasl_security_options= noanonymous -o smtpd_sasl_l ocal_domain=$mydomain -o smtpd_client_restrictions= permit_sasl_authenticated, reject -o smtpd_sender_ login_maps= hash:/etc/postfix/virtual -o smtpd_send er_restrictions= reject_sender_login_mismatch -o sm tpd_recipient_restrictions= reject_non_fqdn_recipie nt, reject_unknown_recipient_domain, permit_sasl_au thenticated,reject root@www:~# Regards, -badli From: Markus Winkler Sent: Monday, April 24, 2023, 05:33 To: dovecot@dovecot.org Subject: Re: dovecot sasl with postfix, smtp auth not available Hi Badli, On 23.04.23 05:15, Badli Al Rashid wrote: > Anybody got any ideas ? please post the output of: 1) postconf -n 2) postconf -M Regards, Markus ___ dovecot mailing list -- dovecot@dovecot.org To unsubscribe send an email to dovecot-le...@dovecot.org ___ dovecot mailing list
Re: dovecot sasl with postfix, smtp auth not available
HI Benny, master.cf already have enteries for 465 and 587 as I followed the guide. Noted and thank you. Regards, -badli From: Benny Pedersen Sent: Monday, April 24, 2023, 02:54 To: dovecot@dovecot.org Subject: Re: dovecot sasl with postfix, smtp auth not available dovecot--- via dovecot skrev den 2023-04-23 20:25: >> I tried to enable it on postfix smtp_sasl_auth_enable, but it is was >> not advertise. > > That is because "smtp" is not the same as "smtpd". > > http://www.postfix.org/postconf.5.html#smtpd_sasl_auth_enable port 25 should not support sasl auth, make this a override in master.cf so it only is on port 465, or 587 when remote mta's blindly just try sasl auth on port 25 thay miss a password, and give up, after wasting resourses in both ends ___ dovecot mailing list -- dovecot@dovecot.org To unsubscribe send an email to dovecot-le...@dovecot.org ___ dovecot mailing list -- dovecot@dovecot.org To unsubscribe send an email to dovecot-le...@dovecot.org
Re: dovecot sasl with postfix, smtp auth not available
Hi Badli, On 23.04.23 05:15, Badli Al Rashid wrote: Anybody got any ideas ? please post the output of: 1) postconf -n 2) postconf -M Regards, Markus ___ dovecot mailing list -- dovecot@dovecot.org To unsubscribe send an email to dovecot-le...@dovecot.org
Re: dovecot sasl with postfix, smtp auth not available
dovecot--- via dovecot skrev den 2023-04-23 20:25: I tried to enable it on postfix smtp_sasl_auth_enable, but it is was not advertise. That is because "smtp" is not the same as "smtpd". http://www.postfix.org/postconf.5.html#smtpd_sasl_auth_enable port 25 should not support sasl auth, make this a override in master.cf so it only is on port 465, or 587 when remote mta's blindly just try sasl auth on port 25 thay miss a password, and give up, after wasting resourses in both ends ___ dovecot mailing list -- dovecot@dovecot.org To unsubscribe send an email to dovecot-le...@dovecot.org
Re: dovecot sasl with postfix, smtp auth not available
I tried to enable it on postfix smtp_sasl_auth_enable, but it is was not advertise. That is because "smtp" is not the same as "smtpd". http://www.postfix.org/postconf.5.html#smtpd_sasl_auth_enable ___ dovecot mailing list -- dovecot@dovecot.org To unsubscribe send an email to dovecot-le...@dovecot.org
Re: dovecot sasl with postfix, smtp auth not available
Hi, There is also a feature in postfix where AUTH is only advertised over TLS (i.e. port 465, or port 25/587 after STARTTLS). https://www.postfix.org/postconf.5.html#smtpd_tls_auth_only On 23-04-2023 14:41, Badli Al Rashid wrote: > logs No logs as I have to redo a new setup. > bound to fail I was only trying to check if the smtp-auth is advertise by doing ehlo. > where is this change ? My client ip was listed in sorbs.net. I could not connect to the smtp server. > how do you know its postfix ? Because i did an apt install postfix on the node. dovecot is on the same node. Regards, -badli *From:* Benny Pedersen *Sent:* Sunday, April 23, 2023, 20:22 *To:* dovecot@dovecot.org *Subject:* Re: dovecot sasl with postfix, smtp auth not available Badli Al Rashid skrev den 2023-04-23 13:06: My apologies, i am not using dovecot for submission server using postfix with dovecot-sasl. then post doveconf -n that shows it I was not able to authenticate if I use a webmail when testing using username to authenticate with smtp connection it fails. logs I could authenticate normally using port 465 / 587 but it is block at the moment. where is this change ? When checking there was no smtp-auth on the smtp listed. I tried to enable it on postfix smtp_sasl_auth_enable, but it is was not advertise. # telnet 127.0.0.1 25 bound to fail Should the smtp be advertise with smtp-auth when dovecot-sasl is enable on the postfix ? how do you know its postfix ? to help more its esitiential to know witch part failing random questions gives random answers ___ dovecot mailing list -- dovecot@dovecot.org To unsubscribe send an email to dovecot-le...@dovecot.org ___ dovecot mailing list -- dovecot@dovecot.org To unsubscribe send an email to dovecot-le...@dovecot.org ___ dovecot mailing list -- dovecot@dovecot.org To unsubscribe send an email to dovecot-le...@dovecot.org
Indexer opening emails in write mode ?
Hi, I have dovecot indexer working inside AppArmor, and I am confused by some error messages: > name="/home/users/andre/mails/maildir/.Sent/cur/1682251668.M110083P109814.pigment,S=1743,W=1776:2,S" > pid=111784 > comm="indexer-worker" requested_mask="wd" denied_mask="wd" fsuid=1001 > ouid=1001 Why the indexer would open email files in write mode, please ? Thanks for your advice ___ dovecot mailing list -- dovecot@dovecot.org To unsubscribe send an email to dovecot-le...@dovecot.org
Re: dovecot sasl with postfix, smtp auth not available
> logs No logs as I have to redo a new setup. > bound to fail I was only trying to check if the smtp-auth is advertise by doing ehlo. > where is this change ? My client ip was listed in sorbs.net. I could not connect to the smtp server. > how do you know its postfix ? Because i did an apt install postfix on the node. dovecot is on the same node. Regards, -badli From: Benny Pedersen Sent: Sunday, April 23, 2023, 20:22 To: dovecot@dovecot.org Subject: Re: dovecot sasl with postfix, smtp auth not available Badli Al Rashid skrev den 2023-04-23 13:06: > My apologies, i am not using dovecot for submission server using > postfix with dovecot-sasl. then post doveconf -n that shows it > I was not able to authenticate if I use a webmail when testing using > username to authenticate with smtp connection it fails. logs > I could authenticate normally using port 465 / 587 but it is block at > the moment. where is this change ? > When checking there was no smtp-auth on the smtp listed. I tried to > enable it on postfix > smtp_sasl_auth_enable, but it is was not advertise. > > # telnet 127.0.0.1 25 bound to fail > Should the smtp be advertise with smtp-auth when dovecot-sasl is > enable on the postfix ? how do you know its postfix ? to help more its esitiential to know witch part failing random questions gives random answers ___ dovecot mailing list -- dovecot@dovecot.org To unsubscribe send an email to dovecot-le...@dovecot.org ___ dovecot mailing list -- dovecot@dovecot.org To unsubscribe send an email to dovecot-le...@dovecot.org
Re: dovecot sasl with postfix, smtp auth not available
Badli Al Rashid skrev den 2023-04-23 13:06: My apologies, i am not using dovecot for submission server using postfix with dovecot-sasl. then post doveconf -n that shows it I was not able to authenticate if I use a webmail when testing using username to authenticate with smtp connection it fails. logs I could authenticate normally using port 465 / 587 but it is block at the moment. where is this change ? When checking there was no smtp-auth on the smtp listed. I tried to enable it on postfix smtp_sasl_auth_enable, but it is was not advertise. # telnet 127.0.0.1 25 bound to fail Should the smtp be advertise with smtp-auth when dovecot-sasl is enable on the postfix ? how do you know its postfix ? to help more its esitiential to know witch part failing random questions gives random answers ___ dovecot mailing list -- dovecot@dovecot.org To unsubscribe send an email to dovecot-le...@dovecot.org
Re: dovecot sasl with postfix, smtp auth not available
Hi, My apologies, i am not using dovecot for submission server using postfix with dovecot-sasl. I was not able to authenticate if I use a webmail when testing using username to authenticate with smtp connection it fails. I could authenticate normally using port 465 / 587 but it is block at the moment. When checking there was no smtp-auth on the smtp listed. I tried to enable it on postfix smtp_sasl_auth_enable, but it is was not advertise. # telnet 127.0.0.1 25 Trying 127.0.0.1... Connected to 127.0.0.1. Escape character is '^]'. 220 www.zystro.xyz ehlo x.zystro.xyz 250-www.zystro.xyz 250-PIPELINING 250-SIZE 10485760 250-ETRN 250-STARTTLS 250-ENHANCEDSTATUSCODES 250-8BITMIME 250-DSN 250-SMTPUTF8 250 CHUNKING 421 4.4.2 www.zystro.xyz Error: timeout exceeded Connection closed by foreign host. Should the smtp be advertise with smtp-auth when dovecot-sasl is enable on the postfix ? Thank you. Regards, -badli From: dovecot--- via dovecot Sent: Sunday, April 23, 2023, 15:22 To: dovecot@dovecot.org Subject: Re: dovecot sasl with postfix, smtp auth not available > On 04-22-2023 11:15 pm, Badli Al Rashid wrote: > I have set up dovecot sasl with postfix. When I check the smtp with ehlo > there is no auth advertise. There shouldn't be on port 25. Users should do email submission on port 587 or 465. But if you really want there to be... http://www.postfix.org/postconf.5.html#smtp_sasl_auth_enable FYI; Just in case it was confusing, dovecot does not take submission email nor answers ehlo, that is a postfix thing. ___ dovecot mailing list -- dovecot@dovecot.org To unsubscribe send an email to dovecot-le...@dovecot.org ___ dovecot mailing list -- dovecot@dovecot.org To unsubscribe send an email to dovecot-le...@dovecot.org
Re: sieve traces not logged
Hello again, > For that I configured in /etc/dovecot/conf.d/90-sieve.conf > sieve_trace_dir = /var/log/dovecot/ > sieve_trace_level = matching > and created /var/log/dovecot/ and gave it the user+group > "Debian-exim". > > Unfortunately, no logs are written into that direcory. It turned out that I had overwritten the trace directory in local.conf, and that directory did not exist. Sorry for the noise. -- Regards/Mit freundlichen Grüßen Christian Weiske -=≡ Geeking around in the name of science since 1982 ≡=- ___ dovecot mailing list -- dovecot@dovecot.org To unsubscribe send an email to dovecot-le...@dovecot.org
Re: dovecot sasl with postfix, smtp auth not available
On 04-22-2023 11:15 pm, Badli Al Rashid wrote: I have set up dovecot sasl with postfix. When I check the smtp with ehlo there is no auth advertise. There shouldn't be on port 25. Users should do email submission on port 587 or 465. But if you really want there to be... http://www.postfix.org/postconf.5.html#smtp_sasl_auth_enable FYI; Just in case it was confusing, dovecot does not take submission email nor answers ehlo, that is a postfix thing. ___ dovecot mailing list -- dovecot@dovecot.org To unsubscribe send an email to dovecot-le...@dovecot.org
sieve traces not logged
Hello, Some sieve filters do not work as expected and I want to debug why. For that I configured in /etc/dovecot/conf.d/90-sieve.conf sieve_trace_dir = /var/log/dovecot/ sieve_trace_level = matching and created /var/log/dovecot/ and gave it the user+group "Debian-exim". Unfortunately, no logs are written into that direcory. The normal log file in /var/log/dovecot.log contains no information - except that lmtp stored the mail in mailbox "test". The docs[1] only say that those two options need to be enabled. Sieve itself works, which I confirmed by creating a rule that moves mails with subject "test" into a separate folder. What am I doing wrong? $ dovecot --version 2.3.20 (80a5ac675d) Running on Debian 11, packages from https://repo.dovecot.org/ce-2.3-latest/debian/bullseye Full sieve config from "dovecot -n": plugin { imapsieve_mailbox1_before = file:/var/lib/dovecot/sieve/learn-spam.sieve imapsieve_mailbox1_causes = COPY imapsieve_mailbox1_name = Spam imapsieve_mailbox2_before = file:/var/lib/dovecot/sieve/learn-ham.sieve imapsieve_mailbox2_causes = COPY imapsieve_mailbox2_from = Spam imapsieve_mailbox2_name = * sieve = file:~/sieve;active=~/.dovecot.sieve sieve_default = /var/lib/dovecot/sieve/default.sieve sieve_global_extensions = +vnd.dovecot.pipe +vnd.dovecot.environment sieve_pipe_bin_dir = /etc/dovecot/sieve-bin/ sieve_plugins = sieve_imapsieve sieve_extprograms sieve_trace_debug = no sieve_trace_dir = /var/log/dovecot-sieve sieve_trace_level = matching } [1] https://doc.dovecot.org/configuration_manual/sieve/configuration/#trace-debugging -- Regards/Mit freundlichen Grüßen Christian Weiske -=≡ Geeking around in the name of science since 1982 ≡=- ___ dovecot mailing list -- dovecot@dovecot.org To unsubscribe send an email to dovecot-le...@dovecot.org