Re: dovecot sasl with postfix, smtp auth not available
Hi Markus,
The output as follows.
1. postconf -n
alias_database = hash:/etc/aliases
alias_maps = hash:/etc/aliases
append_dot_mydomain = no
biff = no
broken_sasl_auth_clients = yes
cafile = /etc/letsencrypt/live/www.zystro.xyz/cert.
pem
compatibility_level = 3.5
disable_vrfy_command = yes
home_mailbox = Mailbox
inet_interfaces = all
inet_protocols = all
mailbox_command =
mailbox_size_limit = 1048576000
maximal_backoff_time = 3h
message_size_limit = 10485760
minimal_backoff_time = 180s
mydestination = $mydomain, $myhostname, localhost
mydomain = zystro.xyz
myhostname = www.zystro.xyz
mynetworks_style = host
myorigin = $mydomain
readme_directory = no
recipient_delimiter = +
relayhost =
smtp_always_send_ehlo = yes
smtp_helo_timeout = 15s
smtp_rcpt_timeout = 15s
smtp_sasl_auth_enable = yes
smtp_tls_CAfile = $cafile
smtp_tls_cert_file = $tcert
smtp_tls_key_file = $tkey
smtp_tls_security_level = may
smtp_tls_session_cache_database = btree:${data_dire
ctory}/smtp_scache
smtpd_banner = $myhostname
smtpd_client_restrictions = reject_rbl_client dnsbl
.sorbs.net
smtpd_delay_reject = yes
smtpd_helo_required = yes
smtpd_helo_restrictions = reject_invalid_helo_hostn
ame, reject_non_fqdn_helo_hostname, reject_unknown_
helo_hostname
smtpd_recipient_limit = 40
smtpd_recipient_restrictions = reject_invalid_hostn
ame, reject_unknown_recipient_domain, reject_unauth
_destination, reject_rbl_client sbl.spamhaus.org, p
ermit
smtpd_relay_restrictions = permit_mynetworks permit
_sasl_authenticated reject_unauth_destination
smtpd_sasl_auth_enable = yes
smtpd_sasl_path = private/auth
smtpd_sasl_type = dovecot
smtpd_timeout = 30s
smtpd_tls_cert_file = $tcert
smtpd_tls_key_file = $tkey
smtpd_tls_security_level = encrypt
strict_rfc821_envelopes = yes
tcert = /etc/letsencrypt/live/www.zystro.xyz/fullch
ain.pem
tkey = /etc/letsencrypt/live/www.zystro.xyz/privkey
.pem
virtual_alias_maps = hash:/etc/postfix/virtual
root@www:~#
2. postconf -M
smtp inet n - y - -
smtpd
pickup unix n - y 60 1
pickup
cleanup unix n - y - 0
cleanup
qmgr unix n - n 300 1
qmgr
tlsmgr unix - - y 1000? 1
tlsmgr
rewrite unix - - y - -
trivial-rewrite
bounce unix - - y - 0
bounce
defer unix - - y - 0
bounce
trace unix - - y - 0
bounce
verify unix - - y - 1
verify
flush unix n - y 1000? 0
flush
proxymap unix - - n - -
proxymap
proxywrite unix - - n - 1
proxymap
smtp unix - - y - -
smtp
relay unix - - y - -
smtp -o syslog_name=postfix/$service_name
showq unix n - y - -
showq
error unix - - y - -
error
retry unix - - y - -
error
discard unix - - y - -
discard
local unix - n n - -
local
virtual unix - n n - -
virtual
lmtp unix - - y - -
lmtp
anvil unix - - y - 1
anvil
scache unix - - y - 1
scache
postlog unix-dgram n - n - 1
postlogd
maildrop unix - n n - -
pipe flags=DRXhu user=vmail argv=/usr/bin/mai
ldrop -d ${recipient}
uucp unix - n n - -
pipe flags=Fqhu user=uucp argv=uux -r -n -z -
a$sender - $nexthop!rmail ($recipient)
ifmail unix - n n - -
pipe flags=F user=ftn argv=/usr/lib/ifmail/if
mail -r $nexthop ($recipient)
bsmtp unix - n n - -
pipe flags=Fq. user=bsmtp argv=/usr/lib/bsmtp
/bsmtp -t$nexthop -f$sender $recipient
scalemail-backend unix - n n - 2
pipe flags=R user=scalemail argv=/usr/lib/sca
lemail/bin/scalemail-store ${nexthop} ${user} ${ext
ension}
mailman unix - n n - -
pipe flags=FRX user=list argv=/usr/lib/mailma
n/bin/postfix-to-mailman.py ${nexthop} ${user}
smtps inet n - - - -
smtpd -o syslog_name=postfix/smtps -o smtpd_t
ls_wrappermode=yes -o smtpd_sasl_auth_enable=yes -o
smtpd_client_restrictions= permit_sasl_authenticat
ed, reject -o milter_macro_daemon_name= ORIGINATING
submission inet n - - - -
smtpd -o smtpd_etrn_restrictions=reject -o sm
tpd_enforce_tls=yes -o smtpd_tls_security_level=enc
rypt -o smtpd_sasl_auth_enable=yes -o smtpd_sasl_ty
pe=dovecot -o smtpd_sasl_path=private/auth -o smtpd
_sasl_security_options= noanonymous -o smtpd_sasl_l
ocal_domain=$mydomain -o smtpd_client_restrictions=
permit_sasl_authenticated, reject -o smtpd_sender_
login_maps= hash:/etc/postfix/virtual -o smtpd_send
er_restrictions= reject_sender_login_mismatch -o sm
tpd_recipient_restrictions= reject_non_fqdn_recipie
nt, reject_unknown_recipient_domain, permit_sasl_au
thenticated,reject
root@www:~#
Regards,
-badli
From: Markus Winkler
Sent: Monday, April 24, 2023, 05:33
To: dovecot@dovecot.org
Subject: Re: dovecot sasl with postfix, smtp auth not available
Hi Badli,
On 23.04.23 05:15, Badli Al Rashid wrote:
> Anybody got any ideas ?
please post the output of:
1) postconf -n
2) postconf -M
Regards,
Markus
___
dovecot mailing list -- dovecot@dovecot.org
To unsubscribe send an email to dovecot-le...@dovecot.org
___
dovecot mailing list
Re: dovecot sasl with postfix, smtp auth not available
HI Benny, master.cf already have enteries for 465 and 587 as I followed the guide. Noted and thank you. Regards, -badli From: Benny Pedersen Sent: Monday, April 24, 2023, 02:54 To: dovecot@dovecot.org Subject: Re: dovecot sasl with postfix, smtp auth not available dovecot--- via dovecot skrev den 2023-04-23 20:25: >> I tried to enable it on postfix smtp_sasl_auth_enable, but it is was >> not advertise. > > That is because "smtp" is not the same as "smtpd". > > http://www.postfix.org/postconf.5.html#smtpd_sasl_auth_enable port 25 should not support sasl auth, make this a override in master.cf so it only is on port 465, or 587 when remote mta's blindly just try sasl auth on port 25 thay miss a password, and give up, after wasting resourses in both ends ___ dovecot mailing list -- dovecot@dovecot.org To unsubscribe send an email to dovecot-le...@dovecot.org ___ dovecot mailing list -- dovecot@dovecot.org To unsubscribe send an email to dovecot-le...@dovecot.org
Re: dovecot sasl with postfix, smtp auth not available
Hi Badli, On 23.04.23 05:15, Badli Al Rashid wrote: Anybody got any ideas ? please post the output of: 1) postconf -n 2) postconf -M Regards, Markus ___ dovecot mailing list -- dovecot@dovecot.org To unsubscribe send an email to dovecot-le...@dovecot.org
Re: dovecot sasl with postfix, smtp auth not available
dovecot--- via dovecot skrev den 2023-04-23 20:25: I tried to enable it on postfix smtp_sasl_auth_enable, but it is was not advertise. That is because "smtp" is not the same as "smtpd". http://www.postfix.org/postconf.5.html#smtpd_sasl_auth_enable port 25 should not support sasl auth, make this a override in master.cf so it only is on port 465, or 587 when remote mta's blindly just try sasl auth on port 25 thay miss a password, and give up, after wasting resourses in both ends ___ dovecot mailing list -- dovecot@dovecot.org To unsubscribe send an email to dovecot-le...@dovecot.org
Re: dovecot sasl with postfix, smtp auth not available
I tried to enable it on postfix smtp_sasl_auth_enable, but it is was not advertise. That is because "smtp" is not the same as "smtpd". http://www.postfix.org/postconf.5.html#smtpd_sasl_auth_enable ___ dovecot mailing list -- dovecot@dovecot.org To unsubscribe send an email to dovecot-le...@dovecot.org
Re: dovecot sasl with postfix, smtp auth not available
Hi, There is also a feature in postfix where AUTH is only advertised over TLS (i.e. port 465, or port 25/587 after STARTTLS). https://www.postfix.org/postconf.5.html#smtpd_tls_auth_only On 23-04-2023 14:41, Badli Al Rashid wrote: > logs No logs as I have to redo a new setup. > bound to fail I was only trying to check if the smtp-auth is advertise by doing ehlo. > where is this change ? My client ip was listed in sorbs.net. I could not connect to the smtp server. > how do you know its postfix ? Because i did an apt install postfix on the node. dovecot is on the same node. Regards, -badli *From:* Benny Pedersen *Sent:* Sunday, April 23, 2023, 20:22 *To:* dovecot@dovecot.org *Subject:* Re: dovecot sasl with postfix, smtp auth not available Badli Al Rashid skrev den 2023-04-23 13:06: My apologies, i am not using dovecot for submission server using postfix with dovecot-sasl. then post doveconf -n that shows it I was not able to authenticate if I use a webmail when testing using username to authenticate with smtp connection it fails. logs I could authenticate normally using port 465 / 587 but it is block at the moment. where is this change ? When checking there was no smtp-auth on the smtp listed. I tried to enable it on postfix smtp_sasl_auth_enable, but it is was not advertise. # telnet 127.0.0.1 25 bound to fail Should the smtp be advertise with smtp-auth when dovecot-sasl is enable on the postfix ? how do you know its postfix ? to help more its esitiential to know witch part failing random questions gives random answers ___ dovecot mailing list -- dovecot@dovecot.org To unsubscribe send an email to dovecot-le...@dovecot.org ___ dovecot mailing list -- dovecot@dovecot.org To unsubscribe send an email to dovecot-le...@dovecot.org ___ dovecot mailing list -- dovecot@dovecot.org To unsubscribe send an email to dovecot-le...@dovecot.org
Indexer opening emails in write mode ?
Hi, I have dovecot indexer working inside AppArmor, and I am confused by some error messages: > name="/home/users/andre/mails/maildir/.Sent/cur/1682251668.M110083P109814.pigment,S=1743,W=1776:2,S" > pid=111784 > comm="indexer-worker" requested_mask="wd" denied_mask="wd" fsuid=1001 > ouid=1001 Why the indexer would open email files in write mode, please ? Thanks for your advice ___ dovecot mailing list -- dovecot@dovecot.org To unsubscribe send an email to dovecot-le...@dovecot.org
Re: dovecot sasl with postfix, smtp auth not available
> logs No logs as I have to redo a new setup. > bound to fail I was only trying to check if the smtp-auth is advertise by doing ehlo. > where is this change ? My client ip was listed in sorbs.net. I could not connect to the smtp server. > how do you know its postfix ? Because i did an apt install postfix on the node. dovecot is on the same node. Regards, -badli From: Benny Pedersen Sent: Sunday, April 23, 2023, 20:22 To: dovecot@dovecot.org Subject: Re: dovecot sasl with postfix, smtp auth not available Badli Al Rashid skrev den 2023-04-23 13:06: > My apologies, i am not using dovecot for submission server using > postfix with dovecot-sasl. then post doveconf -n that shows it > I was not able to authenticate if I use a webmail when testing using > username to authenticate with smtp connection it fails. logs > I could authenticate normally using port 465 / 587 but it is block at > the moment. where is this change ? > When checking there was no smtp-auth on the smtp listed. I tried to > enable it on postfix > smtp_sasl_auth_enable, but it is was not advertise. > > # telnet 127.0.0.1 25 bound to fail > Should the smtp be advertise with smtp-auth when dovecot-sasl is > enable on the postfix ? how do you know its postfix ? to help more its esitiential to know witch part failing random questions gives random answers ___ dovecot mailing list -- dovecot@dovecot.org To unsubscribe send an email to dovecot-le...@dovecot.org ___ dovecot mailing list -- dovecot@dovecot.org To unsubscribe send an email to dovecot-le...@dovecot.org
Re: dovecot sasl with postfix, smtp auth not available
Badli Al Rashid skrev den 2023-04-23 13:06: My apologies, i am not using dovecot for submission server using postfix with dovecot-sasl. then post doveconf -n that shows it I was not able to authenticate if I use a webmail when testing using username to authenticate with smtp connection it fails. logs I could authenticate normally using port 465 / 587 but it is block at the moment. where is this change ? When checking there was no smtp-auth on the smtp listed. I tried to enable it on postfix smtp_sasl_auth_enable, but it is was not advertise. # telnet 127.0.0.1 25 bound to fail Should the smtp be advertise with smtp-auth when dovecot-sasl is enable on the postfix ? how do you know its postfix ? to help more its esitiential to know witch part failing random questions gives random answers ___ dovecot mailing list -- dovecot@dovecot.org To unsubscribe send an email to dovecot-le...@dovecot.org
Re: dovecot sasl with postfix, smtp auth not available
Hi, My apologies, i am not using dovecot for submission server using postfix with dovecot-sasl. I was not able to authenticate if I use a webmail when testing using username to authenticate with smtp connection it fails. I could authenticate normally using port 465 / 587 but it is block at the moment. When checking there was no smtp-auth on the smtp listed. I tried to enable it on postfix smtp_sasl_auth_enable, but it is was not advertise. # telnet 127.0.0.1 25 Trying 127.0.0.1... Connected to 127.0.0.1. Escape character is '^]'. 220 www.zystro.xyz ehlo x.zystro.xyz 250-www.zystro.xyz 250-PIPELINING 250-SIZE 10485760 250-ETRN 250-STARTTLS 250-ENHANCEDSTATUSCODES 250-8BITMIME 250-DSN 250-SMTPUTF8 250 CHUNKING 421 4.4.2 www.zystro.xyz Error: timeout exceeded Connection closed by foreign host. Should the smtp be advertise with smtp-auth when dovecot-sasl is enable on the postfix ? Thank you. Regards, -badli From: dovecot--- via dovecot Sent: Sunday, April 23, 2023, 15:22 To: dovecot@dovecot.org Subject: Re: dovecot sasl with postfix, smtp auth not available > On 04-22-2023 11:15 pm, Badli Al Rashid wrote: > I have set up dovecot sasl with postfix. When I check the smtp with ehlo > there is no auth advertise. There shouldn't be on port 25. Users should do email submission on port 587 or 465. But if you really want there to be... http://www.postfix.org/postconf.5.html#smtp_sasl_auth_enable FYI; Just in case it was confusing, dovecot does not take submission email nor answers ehlo, that is a postfix thing. ___ dovecot mailing list -- dovecot@dovecot.org To unsubscribe send an email to dovecot-le...@dovecot.org ___ dovecot mailing list -- dovecot@dovecot.org To unsubscribe send an email to dovecot-le...@dovecot.org
Re: sieve traces not logged
Hello again, > For that I configured in /etc/dovecot/conf.d/90-sieve.conf > sieve_trace_dir = /var/log/dovecot/ > sieve_trace_level = matching > and created /var/log/dovecot/ and gave it the user+group > "Debian-exim". > > Unfortunately, no logs are written into that direcory. It turned out that I had overwritten the trace directory in local.conf, and that directory did not exist. Sorry for the noise. -- Regards/Mit freundlichen Grüßen Christian Weiske -=≡ Geeking around in the name of science since 1982 ≡=- ___ dovecot mailing list -- dovecot@dovecot.org To unsubscribe send an email to dovecot-le...@dovecot.org
Re: dovecot sasl with postfix, smtp auth not available
On 04-22-2023 11:15 pm, Badli Al Rashid wrote: I have set up dovecot sasl with postfix. When I check the smtp with ehlo there is no auth advertise. There shouldn't be on port 25. Users should do email submission on port 587 or 465. But if you really want there to be... http://www.postfix.org/postconf.5.html#smtp_sasl_auth_enable FYI; Just in case it was confusing, dovecot does not take submission email nor answers ehlo, that is a postfix thing. ___ dovecot mailing list -- dovecot@dovecot.org To unsubscribe send an email to dovecot-le...@dovecot.org
sieve traces not logged
Hello,
Some sieve filters do not work as expected and I want to debug why.
For that I configured in /etc/dovecot/conf.d/90-sieve.conf
sieve_trace_dir = /var/log/dovecot/
sieve_trace_level = matching
and created /var/log/dovecot/ and gave it the user+group "Debian-exim".
Unfortunately, no logs are written into that direcory.
The normal log file in /var/log/dovecot.log contains no information -
except that lmtp stored the mail in mailbox "test".
The docs[1] only say that those two options need to be enabled.
Sieve itself works, which I confirmed by creating a rule that moves
mails with subject "test" into a separate folder.
What am I doing wrong?
$ dovecot --version
2.3.20 (80a5ac675d)
Running on Debian 11, packages from
https://repo.dovecot.org/ce-2.3-latest/debian/bullseye
Full sieve config from "dovecot -n":
plugin {
imapsieve_mailbox1_before =
file:/var/lib/dovecot/sieve/learn-spam.sieve
imapsieve_mailbox1_causes = COPY
imapsieve_mailbox1_name = Spam
imapsieve_mailbox2_before =
file:/var/lib/dovecot/sieve/learn-ham.sieve
imapsieve_mailbox2_causes = COPY
imapsieve_mailbox2_from = Spam
imapsieve_mailbox2_name = *
sieve = file:~/sieve;active=~/.dovecot.sieve
sieve_default = /var/lib/dovecot/sieve/default.sieve
sieve_global_extensions = +vnd.dovecot.pipe +vnd.dovecot.environment
sieve_pipe_bin_dir = /etc/dovecot/sieve-bin/
sieve_plugins = sieve_imapsieve sieve_extprograms
sieve_trace_debug = no
sieve_trace_dir = /var/log/dovecot-sieve
sieve_trace_level = matching
}
[1]
https://doc.dovecot.org/configuration_manual/sieve/configuration/#trace-debugging
--
Regards/Mit freundlichen Grüßen
Christian Weiske
-=≡ Geeking around in the name of science since 1982 ≡=-
___
dovecot mailing list -- dovecot@dovecot.org
To unsubscribe send an email to dovecot-le...@dovecot.org
