Re: dovecot sasl with postfix, smtp auth not available
Hi Markus, The output as follows. 1. postconf -n alias_database = hash:/etc/aliases alias_maps = hash:/etc/aliases append_dot_mydomain = no biff = no broken_sasl_auth_clients = yes cafile = /etc/letsencrypt/live/www.zystro.xyz/cert. pem compatibility_level = 3.5 disable_vrfy_command = yes home_mailbox = Mailbox inet_interfaces = all inet_protocols = all mailbox_command = mailbox_size_limit = 1048576000 maximal_backoff_time = 3h message_size_limit = 10485760 minimal_backoff_time = 180s mydestination = $mydomain, $myhostname, localhost mydomain = zystro.xyz myhostname = www.zystro.xyz mynetworks_style = host myorigin = $mydomain readme_directory = no recipient_delimiter = + relayhost = smtp_always_send_ehlo = yes smtp_helo_timeout = 15s smtp_rcpt_timeout = 15s smtp_sasl_auth_enable = yes smtp_tls_CAfile = $cafile smtp_tls_cert_file = $tcert smtp_tls_key_file = $tkey smtp_tls_security_level = may smtp_tls_session_cache_database = btree:${data_dire ctory}/smtp_scache smtpd_banner = $myhostname smtpd_client_restrictions = reject_rbl_client dnsbl .sorbs.net smtpd_delay_reject = yes smtpd_helo_required = yes smtpd_helo_restrictions = reject_invalid_helo_hostn ame, reject_non_fqdn_helo_hostname, reject_unknown_ helo_hostname smtpd_recipient_limit = 40 smtpd_recipient_restrictions = reject_invalid_hostn ame, reject_unknown_recipient_domain, reject_unauth _destination, reject_rbl_client sbl.spamhaus.org, p ermit smtpd_relay_restrictions = permit_mynetworks permit _sasl_authenticated reject_unauth_destination smtpd_sasl_auth_enable = yes smtpd_sasl_path = private/auth smtpd_sasl_type = dovecot smtpd_timeout = 30s smtpd_tls_cert_file = $tcert smtpd_tls_key_file = $tkey smtpd_tls_security_level = encrypt strict_rfc821_envelopes = yes tcert = /etc/letsencrypt/live/www.zystro.xyz/fullch ain.pem tkey = /etc/letsencrypt/live/www.zystro.xyz/privkey .pem virtual_alias_maps = hash:/etc/postfix/virtual root@www:~# 2. postconf -M smtp inet n - y - - smtpd pickup unix n - y 60 1 pickup cleanup unix n - y - 0 cleanup qmgr unix n - n 300 1 qmgr tlsmgr unix - - y 1000? 1 tlsmgr rewrite unix - - y - - trivial-rewrite bounce unix - - y - 0 bounce defer unix - - y - 0 bounce trace unix - - y - 0 bounce verify unix - - y - 1 verify flush unix n - y 1000? 0 flush proxymap unix - - n - - proxymap proxywrite unix - - n - 1 proxymap smtp unix - - y - - smtp relay unix - - y - - smtp -o syslog_name=postfix/$service_name showq unix n - y - - showq error unix - - y - - error retry unix - - y - - error discard unix - - y - - discard local unix - n n - - local virtual unix - n n - - virtual lmtp unix - - y - - lmtp anvil unix - - y - 1 anvil scache unix - - y - 1 scache postlog unix-dgram n - n - 1 postlogd maildrop unix - n n - - pipe flags=DRXhu user=vmail argv=/usr/bin/mai ldrop -d ${recipient} uucp unix - n n - - pipe flags=Fqhu user=uucp argv=uux -r -n -z - a$sender - $nexthop!rmail ($recipient) ifmail unix - n n - - pipe flags=F user=ftn argv=/usr/lib/ifmail/if mail -r $nexthop ($recipient) bsmtp unix - n n - - pipe flags=Fq. user=bsmtp argv=/usr/lib/bsmtp /bsmtp -t$nexthop -f$sender $recipient scalemail-backend unix - n n - 2 pipe flags=R user=scalemail argv=/usr/lib/sca lemail/bin/scalemail-store ${nexthop} ${user} ${ext ension} mailman unix - n n - - pipe flags=FRX user=list argv=/usr/lib/mailma n/bin/postfix-to-mailman.py ${nexthop} ${user} smtps inet n - - - - smtpd -o syslog_name=postfix/smtps -o smtpd_t ls_wrappermode=yes -o smtpd_sasl_auth_enable=yes -o smtpd_client_restrictions= permit_sasl_authenticat ed, reject -o milter_macro_daemon_name= ORIGINATING submission inet n - - - - smtpd -o smtpd_etrn_restrictions=reject -o sm tpd_enforce_tls=yes -o smtpd_tls_security_level=enc rypt -o smtpd_sasl_auth_enable=yes -o smtpd_sasl_ty pe=dovecot -o smtpd_sasl_path=private/auth -o smtpd _sasl_security_options= noanonymous -o smtpd_sasl_l ocal_domain=$mydomain -o smtpd_client_restrictions= permit_sasl_authenticated, reject -o smtpd_sender_ login_maps= hash:/etc/postfix/virtual -o smtpd_send er_restrictions= reject_sender_login_mismatch -o sm tpd_recipient_restrictions= reject_non_fqdn_recipie nt, reject_unknown_recipient_domain, permit_sasl_au thenticated,reject root@www:~# Regards, -badli From: Markus Winkler Sent: Monday, April 24, 2023, 05:33 To: dovecot@dovecot.org Subject: Re: dovecot sasl with postfix, smtp auth not available Hi Badli, On 23.04.23 05:15, Badli Al Rashid wrote: > Anybody got any ideas ? please post the output of: 1) postconf -n 2) postconf -M Regards, Markus ___ dovecot mailing list -- dovecot@dovecot.org To unsubscribe send an email to dovecot-le...@dovecot.org ___ dovecot mailing l
Re: dovecot sasl with postfix, smtp auth not available
HI Benny, master.cf already have enteries for 465 and 587 as I followed the guide. Noted and thank you. Regards, -badli From: Benny Pedersen Sent: Monday, April 24, 2023, 02:54 To: dovecot@dovecot.org Subject: Re: dovecot sasl with postfix, smtp auth not available dovecot--- via dovecot skrev den 2023-04-23 20:25: >> I tried to enable it on postfix smtp_sasl_auth_enable, but it is was >> not advertise. > > That is because "smtp" is not the same as "smtpd". > > http://www.postfix.org/postconf.5.html#smtpd_sasl_auth_enable port 25 should not support sasl auth, make this a override in master.cf so it only is on port 465, or 587 when remote mta's blindly just try sasl auth on port 25 thay miss a password, and give up, after wasting resourses in both ends ___ dovecot mailing list -- dovecot@dovecot.org To unsubscribe send an email to dovecot-le...@dovecot.org ___ dovecot mailing list -- dovecot@dovecot.org To unsubscribe send an email to dovecot-le...@dovecot.org
Re: dovecot sasl with postfix, smtp auth not available
> logs No logs as I have to redo a new setup. > bound to fail I was only trying to check if the smtp-auth is advertise by doing ehlo. > where is this change ? My client ip was listed in sorbs.net. I could not connect to the smtp server. > how do you know its postfix ? Because i did an apt install postfix on the node. dovecot is on the same node. Regards, -badli From: Benny Pedersen Sent: Sunday, April 23, 2023, 20:22 To: dovecot@dovecot.org Subject: Re: dovecot sasl with postfix, smtp auth not available Badli Al Rashid skrev den 2023-04-23 13:06: > My apologies, i am not using dovecot for submission server using > postfix with dovecot-sasl. then post doveconf -n that shows it > I was not able to authenticate if I use a webmail when testing using > username to authenticate with smtp connection it fails. logs > I could authenticate normally using port 465 / 587 but it is block at > the moment. where is this change ? > When checking there was no smtp-auth on the smtp listed. I tried to > enable it on postfix > smtp_sasl_auth_enable, but it is was not advertise. > > # telnet 127.0.0.1 25 bound to fail > Should the smtp be advertise with smtp-auth when dovecot-sasl is > enable on the postfix ? how do you know its postfix ? to help more its esitiential to know witch part failing random questions gives random answers ___ dovecot mailing list -- dovecot@dovecot.org To unsubscribe send an email to dovecot-le...@dovecot.org ___ dovecot mailing list -- dovecot@dovecot.org To unsubscribe send an email to dovecot-le...@dovecot.org
Re: dovecot sasl with postfix, smtp auth not available
Hi, My apologies, i am not using dovecot for submission server using postfix with dovecot-sasl. I was not able to authenticate if I use a webmail when testing using username to authenticate with smtp connection it fails. I could authenticate normally using port 465 / 587 but it is block at the moment. When checking there was no smtp-auth on the smtp listed. I tried to enable it on postfix smtp_sasl_auth_enable, but it is was not advertise. # telnet 127.0.0.1 25 Trying 127.0.0.1... Connected to 127.0.0.1. Escape character is '^]'. 220 www.zystro.xyz ehlo x.zystro.xyz 250-www.zystro.xyz 250-PIPELINING 250-SIZE 10485760 250-ETRN 250-STARTTLS 250-ENHANCEDSTATUSCODES 250-8BITMIME 250-DSN 250-SMTPUTF8 250 CHUNKING 421 4.4.2 www.zystro.xyz Error: timeout exceeded Connection closed by foreign host. Should the smtp be advertise with smtp-auth when dovecot-sasl is enable on the postfix ? Thank you. Regards, -badli From: dovecot--- via dovecot Sent: Sunday, April 23, 2023, 15:22 To: dovecot@dovecot.org Subject: Re: dovecot sasl with postfix, smtp auth not available > On 04-22-2023 11:15 pm, Badli Al Rashid wrote: > I have set up dovecot sasl with postfix. When I check the smtp with ehlo > there is no auth advertise. There shouldn't be on port 25. Users should do email submission on port 587 or 465. But if you really want there to be... http://www.postfix.org/postconf.5.html#smtp_sasl_auth_enable FYI; Just in case it was confusing, dovecot does not take submission email nor answers ehlo, that is a postfix thing. ___ dovecot mailing list -- dovecot@dovecot.org To unsubscribe send an email to dovecot-le...@dovecot.org ___ dovecot mailing list -- dovecot@dovecot.org To unsubscribe send an email to dovecot-le...@dovecot.org
dovecot sasl with postfix, smtp auth not available
Hi All, I have set up dovecot sasl with postfix. When I check the smtp with ehlo there is no auth advertise. Connected to www.zystro.xyz. Escape character is '^]'. 220 www.zystro.xyz ehlo x.zystro.xyz 250-www.zystro.xyz 250-PIPELINING 250-SIZE 10485760 250-ETRN 250-STARTTLS 250-ENHANCEDSTATUSCODES 250-8BITMIME 250-DSN 250-SMTPUTF8 250 CHUNKING I did a number of installations the auth was not shown. I have use debian distributed and also dovecot packages. Sasl. root@www:~# postconf -a cyrus dovecot root@www:~# postconf -A cyrus Dovecot version. root@www:~# dovecot --version 2.3.20 (80a5ac675d) Dovecot configuration. root@www:~# dovecot -n # 2.3.20 (80a5ac675d): /etc/dovecot/dovecot.conf # OS: Linux 5.10.0-21-amd64 x86_64 Debian 11.6 # Hostname: www.zystro.xyz auth_mechanisms = plain login debug_log_path = /var/log/dovecot-debug.log info_log_path = /var/log/dovecot-info.log log_path = /var/log/dovecot.log mail_location = mbox:~/Mailbox namespace { inbox = yes location = prefix = separator = / } passdb { driver = pam } postmaster_address = postmas...@zystro.xyz protocols = imap service auth { unix_listener /var/spool/postfix/private/auth { group = postfix mode = 0660 user = postfix } } service imap-login { inet_listener imap { address = 127.0.0.1,::1 port = 143 } inet_listener imaps { address = * port = 993 ssl = yes } } ssl_cert = https://doc.dovecot.org/configuration_manual/howto/postfix_and_dovecot_sasl/ https://www.postfix.org/SASL_README.html Anybody got any ideas ? Regards, -badli ___ dovecot mailing list -- dovecot@dovecot.org To unsubscribe send an email to dovecot-le...@dovecot.org