Re: dovecot sasl with postfix, smtp auth not available
Hi Markus,
The output as follows.
1. postconf -n
alias_database = hash:/etc/aliases
alias_maps = hash:/etc/aliases
append_dot_mydomain = no
biff = no
broken_sasl_auth_clients = yes
cafile = /etc/letsencrypt/live/www.zystro.xyz/cert.
pem
compatibility_level = 3.5
disable_vrfy_command = yes
home_mailbox = Mailbox
inet_interfaces = all
inet_protocols = all
mailbox_command =
mailbox_size_limit = 1048576000
maximal_backoff_time = 3h
message_size_limit = 10485760
minimal_backoff_time = 180s
mydestination = $mydomain, $myhostname, localhost
mydomain = zystro.xyz
myhostname = www.zystro.xyz
mynetworks_style = host
myorigin = $mydomain
readme_directory = no
recipient_delimiter = +
relayhost =
smtp_always_send_ehlo = yes
smtp_helo_timeout = 15s
smtp_rcpt_timeout = 15s
smtp_sasl_auth_enable = yes
smtp_tls_CAfile = $cafile
smtp_tls_cert_file = $tcert
smtp_tls_key_file = $tkey
smtp_tls_security_level = may
smtp_tls_session_cache_database = btree:${data_dire
ctory}/smtp_scache
smtpd_banner = $myhostname
smtpd_client_restrictions = reject_rbl_client dnsbl
.sorbs.net
smtpd_delay_reject = yes
smtpd_helo_required = yes
smtpd_helo_restrictions = reject_invalid_helo_hostn
ame, reject_non_fqdn_helo_hostname, reject_unknown_
helo_hostname
smtpd_recipient_limit = 40
smtpd_recipient_restrictions = reject_invalid_hostn
ame, reject_unknown_recipient_domain, reject_unauth
_destination, reject_rbl_client sbl.spamhaus.org, p
ermit
smtpd_relay_restrictions = permit_mynetworks permit
_sasl_authenticated reject_unauth_destination
smtpd_sasl_auth_enable = yes
smtpd_sasl_path = private/auth
smtpd_sasl_type = dovecot
smtpd_timeout = 30s
smtpd_tls_cert_file = $tcert
smtpd_tls_key_file = $tkey
smtpd_tls_security_level = encrypt
strict_rfc821_envelopes = yes
tcert = /etc/letsencrypt/live/www.zystro.xyz/fullch
ain.pem
tkey = /etc/letsencrypt/live/www.zystro.xyz/privkey
.pem
virtual_alias_maps = hash:/etc/postfix/virtual
root@www:~#
2. postconf -M
smtp inet n - y - -
smtpd
pickup unix n - y 60 1
pickup
cleanup unix n - y - 0
cleanup
qmgr unix n - n 300 1
qmgr
tlsmgr unix - - y 1000? 1
tlsmgr
rewrite unix - - y - -
trivial-rewrite
bounce unix - - y - 0
bounce
defer unix - - y - 0
bounce
trace unix - - y - 0
bounce
verify unix - - y - 1
verify
flush unix n - y 1000? 0
flush
proxymap unix - - n - -
proxymap
proxywrite unix - - n - 1
proxymap
smtp unix - - y - -
smtp
relay unix - - y - -
smtp -o syslog_name=postfix/$service_name
showq unix n - y - -
showq
error unix - - y - -
error
retry unix - - y - -
error
discard unix - - y - -
discard
local unix - n n - -
local
virtual unix - n n - -
virtual
lmtp unix - - y - -
lmtp
anvil unix - - y - 1
anvil
scache unix - - y - 1
scache
postlog unix-dgram n - n - 1
postlogd
maildrop unix - n n - -
pipe flags=DRXhu user=vmail argv=/usr/bin/mai
ldrop -d ${recipient}
uucp unix - n n - -
pipe flags=Fqhu user=uucp argv=uux -r -n -z -
a$sender - $nexthop!rmail ($recipient)
ifmail unix - n n - -
pipe flags=F user=ftn argv=/usr/lib/ifmail/if
mail -r $nexthop ($recipient)
bsmtp unix - n n - -
pipe flags=Fq. user=bsmtp argv=/usr/lib/bsmtp
/bsmtp -t$nexthop -f$sender $recipient
scalemail-backend unix - n n - 2
pipe flags=R user=scalemail argv=/usr/lib/sca
lemail/bin/scalemail-store ${nexthop} ${user} ${ext
ension}
mailman unix - n n - -
pipe flags=FRX user=list argv=/usr/lib/mailma
n/bin/postfix-to-mailman.py ${nexthop} ${user}
smtps inet n - - - -
smtpd -o syslog_name=postfix/smtps -o smtpd_t
ls_wrappermode=yes -o smtpd_sasl_auth_enable=yes -o
smtpd_client_restrictions= permit_sasl_authenticat
ed, reject -o milter_macro_daemon_name= ORIGINATING
submission inet n - - - -
smtpd -o smtpd_etrn_restrictions=reject -o sm
tpd_enforce_tls=yes -o smtpd_tls_security_level=enc
rypt -o smtpd_sasl_auth_enable=yes -o smtpd_sasl_ty
pe=dovecot -o smtpd_sasl_path=private/auth -o smtpd
_sasl_security_options= noanonymous -o smtpd_sasl_l
ocal_domain=$mydomain -o smtpd_client_restrictions=
permit_sasl_authenticated, reject -o smtpd_sender_
login_maps= hash:/etc/postfix/virtual -o smtpd_send
er_restrictions= reject_sender_login_mismatch -o sm
tpd_recipient_restrictions= reject_non_fqdn_recipie
nt, reject_unknown_recipient_domain, permit_sasl_au
thenticated,reject
root@www:~#
Regards,
-badli
From: Markus Winkler
Sent: Monday, April 24, 2023, 05:33
To: dovecot@dovecot.org
Subject: Re: dovecot sasl with postfix, smtp auth not available
Hi Badli,
On 23.04.23 05:15, Badli Al Rashid wrote:
> Anybody got any ideas ?
please post the output of:
1) postconf -n
2) postconf -M
Regards,
Markus
___
dovecot mailing list -- dovecot@dovecot.org
To unsubscribe send an email to dovecot-le...@dovecot.org
___
dovecot mailing l
Re: dovecot sasl with postfix, smtp auth not available
HI Benny, master.cf already have enteries for 465 and 587 as I followed the guide. Noted and thank you. Regards, -badli From: Benny Pedersen Sent: Monday, April 24, 2023, 02:54 To: dovecot@dovecot.org Subject: Re: dovecot sasl with postfix, smtp auth not available dovecot--- via dovecot skrev den 2023-04-23 20:25: >> I tried to enable it on postfix smtp_sasl_auth_enable, but it is was >> not advertise. > > That is because "smtp" is not the same as "smtpd". > > http://www.postfix.org/postconf.5.html#smtpd_sasl_auth_enable port 25 should not support sasl auth, make this a override in master.cf so it only is on port 465, or 587 when remote mta's blindly just try sasl auth on port 25 thay miss a password, and give up, after wasting resourses in both ends ___ dovecot mailing list -- dovecot@dovecot.org To unsubscribe send an email to dovecot-le...@dovecot.org ___ dovecot mailing list -- dovecot@dovecot.org To unsubscribe send an email to dovecot-le...@dovecot.org
Re: dovecot sasl with postfix, smtp auth not available
> logs No logs as I have to redo a new setup. > bound to fail I was only trying to check if the smtp-auth is advertise by doing ehlo. > where is this change ? My client ip was listed in sorbs.net. I could not connect to the smtp server. > how do you know its postfix ? Because i did an apt install postfix on the node. dovecot is on the same node. Regards, -badli From: Benny Pedersen Sent: Sunday, April 23, 2023, 20:22 To: dovecot@dovecot.org Subject: Re: dovecot sasl with postfix, smtp auth not available Badli Al Rashid skrev den 2023-04-23 13:06: > My apologies, i am not using dovecot for submission server using > postfix with dovecot-sasl. then post doveconf -n that shows it > I was not able to authenticate if I use a webmail when testing using > username to authenticate with smtp connection it fails. logs > I could authenticate normally using port 465 / 587 but it is block at > the moment. where is this change ? > When checking there was no smtp-auth on the smtp listed. I tried to > enable it on postfix > smtp_sasl_auth_enable, but it is was not advertise. > > # telnet 127.0.0.1 25 bound to fail > Should the smtp be advertise with smtp-auth when dovecot-sasl is > enable on the postfix ? how do you know its postfix ? to help more its esitiential to know witch part failing random questions gives random answers ___ dovecot mailing list -- dovecot@dovecot.org To unsubscribe send an email to dovecot-le...@dovecot.org ___ dovecot mailing list -- dovecot@dovecot.org To unsubscribe send an email to dovecot-le...@dovecot.org
Re: dovecot sasl with postfix, smtp auth not available
Hi, My apologies, i am not using dovecot for submission server using postfix with dovecot-sasl. I was not able to authenticate if I use a webmail when testing using username to authenticate with smtp connection it fails. I could authenticate normally using port 465 / 587 but it is block at the moment. When checking there was no smtp-auth on the smtp listed. I tried to enable it on postfix smtp_sasl_auth_enable, but it is was not advertise. # telnet 127.0.0.1 25 Trying 127.0.0.1... Connected to 127.0.0.1. Escape character is '^]'. 220 www.zystro.xyz ehlo x.zystro.xyz 250-www.zystro.xyz 250-PIPELINING 250-SIZE 10485760 250-ETRN 250-STARTTLS 250-ENHANCEDSTATUSCODES 250-8BITMIME 250-DSN 250-SMTPUTF8 250 CHUNKING 421 4.4.2 www.zystro.xyz Error: timeout exceeded Connection closed by foreign host. Should the smtp be advertise with smtp-auth when dovecot-sasl is enable on the postfix ? Thank you. Regards, -badli From: dovecot--- via dovecot Sent: Sunday, April 23, 2023, 15:22 To: dovecot@dovecot.org Subject: Re: dovecot sasl with postfix, smtp auth not available > On 04-22-2023 11:15 pm, Badli Al Rashid wrote: > I have set up dovecot sasl with postfix. When I check the smtp with ehlo > there is no auth advertise. There shouldn't be on port 25. Users should do email submission on port 587 or 465. But if you really want there to be... http://www.postfix.org/postconf.5.html#smtp_sasl_auth_enable FYI; Just in case it was confusing, dovecot does not take submission email nor answers ehlo, that is a postfix thing. ___ dovecot mailing list -- dovecot@dovecot.org To unsubscribe send an email to dovecot-le...@dovecot.org ___ dovecot mailing list -- dovecot@dovecot.org To unsubscribe send an email to dovecot-le...@dovecot.org
dovecot sasl with postfix, smtp auth not available
Hi All,
I have set up dovecot sasl with postfix. When I check the smtp with ehlo there
is no auth advertise.
Connected to www.zystro.xyz.
Escape character is '^]'.
220 www.zystro.xyz
ehlo x.zystro.xyz
250-www.zystro.xyz
250-PIPELINING
250-SIZE 10485760
250-ETRN
250-STARTTLS
250-ENHANCEDSTATUSCODES
250-8BITMIME
250-DSN
250-SMTPUTF8
250 CHUNKING
I did a number of installations the auth was not shown. I have use debian
distributed and also dovecot packages.
Sasl.
root@www:~# postconf -a
cyrus
dovecot
root@www:~# postconf -A
cyrus
Dovecot version.
root@www:~# dovecot --version
2.3.20 (80a5ac675d)
Dovecot configuration.
root@www:~# dovecot -n
# 2.3.20 (80a5ac675d): /etc/dovecot/dovecot.conf
# OS: Linux 5.10.0-21-amd64 x86_64 Debian 11.6
# Hostname: www.zystro.xyz
auth_mechanisms = plain login
debug_log_path = /var/log/dovecot-debug.log
info_log_path = /var/log/dovecot-info.log
log_path = /var/log/dovecot.log
mail_location = mbox:~/Mailbox
namespace {
inbox = yes
location =
prefix =
separator = /
}
passdb {
driver = pam
}
postmaster_address = postmas...@zystro.xyz
protocols = imap
service auth {
unix_listener /var/spool/postfix/private/auth {
group = postfix
mode = 0660
user = postfix
}
}
service imap-login {
inet_listener imap {
address = 127.0.0.1,::1
port = 143
}
inet_listener imaps {
address = *
port = 993
ssl = yes
}
}
ssl_cert = https://doc.dovecot.org/configuration_manual/howto/postfix_and_dovecot_sasl/
https://www.postfix.org/SASL_README.html
Anybody got any ideas ?
Regards,
-badli
___
dovecot mailing list -- dovecot@dovecot.org
To unsubscribe send an email to dovecot-le...@dovecot.org
