Re: Help regarding Postfix and Dovecot SASL

2026-01-19 Thread Christophe Lohr via dovecot 

Le 19/01/2026 à 13:41, Aki Tuomi via dovecot a écrit :

Drop user=dovecot from service lmtp.


Many thanks !
Dovecot seems to work like a charm now!

Best regards
Christophe

___
dovecot mailing list -- [email protected]
To unsubscribe send an email to [email protected]

Re: Help regarding Postfix and Dovecot SASL

2026-01-19 Thread Aki Tuomi via dovecot 
Drop user=dovecot from service lmtp.

Aki

> On 19/01/2026 14:35 EET Christophe Lohr via dovecot  
> wrote:
> 
>  
> Le 19/01/2026 à 10:58, Aki Tuomi via dovecot a écrit :
> > you can try
> >
> > log_debug=category=lmtp
> 
> Many thanks!
> 
> Thereisclearlysomeconfusionsomewherebetweenthevmailuserandthedovecotuser(nottomentionthatanvilisundertherootuser):
> 
> Jan 19 13:13:56 lmtp(4940): Error: conn unix:/run/dovecot/anvil: 
> net_connect_unix(/run/dovecot/anvil) failed: Permission denied
> Jan 19 13:13:56 
> lmtp(alice7@my_domain.org)<4940>: Fatal: 
> setresgid((vmail),(vmail),8(mail)) failed with 
> euid=118(dovecot): Operation not permitted
> Jan 19 13:13:56 lmtp: Fatal: master: service(lmtp): child 4940 returned 
> error 89 (Fatal failure)
> 
> How can I fix this?
> 
> Best regards
> Christophe
> 
> 
> PS:  Here is my current doveconf:
> 
> # 2.4.1-4 (7d8c0e5759): /etc/dovecot/dovecot.conf
> # Pigeonhole version 2.4.1-4 (0a86619f)
> # OS: Linux 6.12.63+deb13-amd64 x86_64 Debian 13.3
> # Hostname: pc-serveur
> # 4 default setting changes since version 2.4.0
> dovecot_config_version = 2.4.0
> auth_allow_cleartext = yes
> auth_debug = yes
> auth_debug_passwords = yes
> auth_mechanisms = plain
> auth_verbose = yes
> auth_verbose_passwords = yes
> default_login_user = vmail
> dovecot_storage_version = 2.4.0
> first_valid_gid = 
> first_valid_uid = 
> fts_autoindex = yes
> fts_autoindex_max_recent_msgs = 999
> fts_search_add_missing = yes
> info_log_path = /var/log/dovecot-info.log
> log_debug = category=lmtp
> log_path = /var/log/dovecot.log
> mail_access_groups = vmail
> mail_driver = maildir
> mail_home = /var/spool/vmail/%{user|lower}
> mail_inbox_path = /var/spool/vmail/%{user|lower}/Maildir
> mail_path = ~/Maildir
> mail_privileged_group = mail
> protocols = imap lmtp
> ssl = no
> verbose_proctitle = yes
> namespace inbox {
>    inbox = yes
>    mailbox Drafts {
>      special_use = "\\Drafts"
>    }
>    mailbox Junk {
>      special_use = "\\Junk"
>    }
>    mailbox Trash {
>      special_use = "\\Trash"
>    }
>    mailbox Sent {
>      special_use = "\\Sent"
>    }
>    mailbox "Sent Messages" {
>      special_use = "\\Sent"
>    }
> }
> service imap-login {
>    process_min_avail = 1
>    user = vmail
>    inet_listener imap {
>      port = 143
>      listen = 192.168.100.1 127.0.0.1 [::1]
>    }
>    inet_listener imaps {
>    }
> }
> service pop3-login {
>    inet_listener pop3 {
>    }
>    inet_listener pop3s {
>    }
> }
> service submission-login {
>    inet_listener submission {
>    }
>    inet_listener submissions {
>    }
> }
> service lmtp {
>    executable = lmtp -L
>    user = dovecot
>    unix_listener lmtp {
>    }
>    unix_listener /var/spool/postfix/private/dovecot-lmtp {
>      group = postfix
>      mode = 0600
>      user = postfix
>    }
> }
> service imap {
> }
> service pop3 {
> }
> service submission {
> }
> service auth {
>    user = dovecot
>    unix_listener auth-userdb {
>    }
>    unix_listener auth-chasquid-userdb {
>      mode = 0660
>      user = chasquid
>    }
>    unix_listener auth-chasquid-client {
>      mode = 0660
>      user = chasquid
>    }
>    unix_listener /var/spool/postfix/private/auth {
>      group = postfix
>      mode = 0660
>      user = postfix
>    }
> }
> service auth-worker {
>    user = dovecot
> }
> service dict {
>    unix_listener dict {
>    }
> }
> ssl_server {
>    cert_file = /etc/dovecot/private/dovecot.pem
>    key_file = /etc/dovecot/private/dovecot.key
> }
> protocol lmtp {
>    auth_username_format = %{user|lower}
>    info_log_path = /var/log/dovecot-lmtp.log
> }
> passdb passwd-file {
>    passwd_file_path = /etc/dovecot/passwd
> }
> userdb passwd-file {
>    passwd_file_path = /etc/dovecot/passwd
>    fields {
>      gid = vmail
>      home = /var/spool/vmail/%{user|lower}
>      uid = vmail
>    }
> }
>Le 19/01/2026 `a 10:58, Aki Tuomi via dovecot a ecrit :
> 
>  you can try
> 
>  log_debug=category=lmtp
> 
>Many thanks!
> 
>There  is  clearly  some  confusion  somewhere  between  the  vmail  user
>and  the  dovecot  user (not  to  mention  that  anvil  is  under  the
>root  user):
> 
>Jan 19 13:13:56 lmtp(4940): Error: conn unix:/run/dovecot/anvil:
>net_connect_unix(/run/dovecot/anvil) failed: Permission denied
>Jan 19 13:13:56
>lmtp([1]alice7@my_domain.org)<4940>: Fatal:
>setresgid((vmail),(vmail),8(mail)) failed with euid=118(dovecot):
>Operation not permitted
>Jan 19 13:13:56 lmtp: Fatal: master: service(lmtp): child 4940 returned
>error 89 (Fatal failure)
> 
>How can I fix this?
> 
>Best regards
>Christophe
> 
>PS:  Here is my current doveconf:
> 
># 2.4.1-4 (7d8c0e5759): /etc/dovecot/dovecot.conf
># Pigeonhole version 2.4.1-4 (0a86619f)
># OS: Linux 6.12.63+deb13-amd64 x86_64 Debian 13.3
># Hostname: pc-serveur
># 4 default setting changes since version 2.4.0
>dovecot_config_version = 2.4.0
>auth_a

Re: Help regarding Postfix and Dovecot SASL

2026-01-19 Thread Christophe Lohr via dovecot 
   Le 19/01/2026 `a 10:58, Aki Tuomi via dovecot a ecrit :

 you can try

 log_debug=category=lmtp

   Many thanks!

   There  is  clearly  some  confusion  somewhere  between  the  vmail  user
   and  the  dovecot  user (not  to  mention  that  anvil  is  under  the
   root  user):

   Jan 19 13:13:56 lmtp(4940): Error: conn unix:/run/dovecot/anvil:
   net_connect_unix(/run/dovecot/anvil) failed: Permission denied
   Jan 19 13:13:56
   lmtp([1]alice7@my_domain.org)<4940>: Fatal:
   setresgid((vmail),(vmail),8(mail)) failed with euid=118(dovecot):
   Operation not permitted
   Jan 19 13:13:56 lmtp: Fatal: master: service(lmtp): child 4940 returned
   error 89 (Fatal failure)

   How can I fix this?

   Best regards
   Christophe

   PS:  Here is my current doveconf:

   # 2.4.1-4 (7d8c0e5759): /etc/dovecot/dovecot.conf
   # Pigeonhole version 2.4.1-4 (0a86619f)
   # OS: Linux 6.12.63+deb13-amd64 x86_64 Debian 13.3
   # Hostname: pc-serveur
   # 4 default setting changes since version 2.4.0
   dovecot_config_version = 2.4.0
   auth_allow_cleartext = yes
   auth_debug = yes
   auth_debug_passwords = yes
   auth_mechanisms = plain
   auth_verbose = yes
   auth_verbose_passwords = yes
   default_login_user = vmail
   dovecot_storage_version = 2.4.0
   first_valid_gid = 
   first_valid_uid = 
   fts_autoindex = yes
   fts_autoindex_max_recent_msgs = 999
   fts_search_add_missing = yes
   info_log_path = /var/log/dovecot-info.log
   log_debug = category=lmtp
   log_path = /var/log/dovecot.log
   mail_access_groups = vmail
   mail_driver = maildir
   mail_home = /var/spool/vmail/%{user|lower}
   mail_inbox_path = /var/spool/vmail/%{user|lower}/Maildir
   mail_path = ~/Maildir
   mail_privileged_group = mail
   protocols = imap lmtp
   ssl = no
   verbose_proctitle = yes
   namespace inbox {
 inbox = yes
 mailbox Drafts {
   special_use = "\\Drafts"
 }
 mailbox Junk {
   special_use = "\\Junk"
 }
 mailbox Trash {
   special_use = "\\Trash"
 }
 mailbox Sent {
   special_use = "\\Sent"
 }
 mailbox "Sent Messages" {
   special_use = "\\Sent"
 }
   }
   service imap-login {
 process_min_avail = 1
 user = vmail
 inet_listener imap {
   port = 143
   listen = 192.168.100.1 127.0.0.1 [::1]
 }
 inet_listener imaps {
 }
   }
   service pop3-login {
 inet_listener pop3 {
 }
 inet_listener pop3s {
 }
   }
   service submission-login {
 inet_listener submission {
 }
 inet_listener submissions {
 }
   }
   service lmtp {
 executable = lmtp -L
 user = dovecot
 unix_listener lmtp {
 }
 unix_listener /var/spool/postfix/private/dovecot-lmtp {
   group = postfix
   mode = 0600
   user = postfix
 }
   }
   service imap {
   }
   service pop3 {
   }
   service submission {
   }
   service auth {
 user = dovecot
 unix_listener auth-userdb {
 }
 unix_listener auth-chasquid-userdb {
   mode = 0660
   user = chasquid
 }
 unix_listener auth-chasquid-client {
   mode = 0660
   user = chasquid
 }
 unix_listener /var/spool/postfix/private/auth {
   group = postfix
   mode = 0660
   user = postfix
 }
   }
   service auth-worker {
 user = dovecot
   }
   service dict {
 unix_listener dict {
 }
   }
   ssl_server {
 cert_file = /etc/dovecot/private/dovecot.pem
 key_file = /etc/dovecot/private/dovecot.key
   }
   protocol lmtp {
 auth_username_format = %{user|lower}
 info_log_path = /var/log/dovecot-lmtp.log
   }
   passdb passwd-file {
 passwd_file_path = /etc/dovecot/passwd
   }
   userdb passwd-file {
 passwd_file_path = /etc/dovecot/passwd
 fields {
   gid = vmail
   home = /var/spool/vmail/%{user|lower}
   uid = vmail
 }
   }

References

   Visible links
   1. mailto:alice7@my_domain.org
___
dovecot mailing list -- [email protected]
To unsubscribe send an email to [email protected]

Re: Help regarding Postfix and Dovecot SASL

2026-01-19 Thread Paul Kudla via dovecot 


sorry without ssl enabled (typo)



Thanks - Paul Kudla (Manager SCOM.CA Internet Services Inc.)

Have A Happy Monday AND Happy Sucessful 2026 !

Scom.ca Internet Services 
104-1009 Byron Street South
Whitby, Ontario - Canada
L1N 4S3

Toronto 416.642.7266
Main 1.866.411.7266
Fax 1.888.892.7266
Email [email protected]

On 2026-01-19 7:14 a.m., Paul Kudla via dovecot wrote:


ok these go in to dovecot config file

switch various debug = yes

also make sure debug log path = syslog so everything goes to the system 
logger


also best to try with ssl enabled first as that can cause complications 
until you are up and running.


auth_debug = no
auth_debug_passwords = no

default_process_limit = 16384

mail_debug = no

#lock_method = dotlock
#mail_max_lock_timeout = 300s

#mbox_read_locks = dotlock
#mbox_write_locks = dotlock

mmap_disable = yes
dotlock_use_excl = no
mail_fsync = always
mail_nfs_storage = no
mail_nfs_index = no

#submission_host = 10.220.0.2:25


auth_mechanisms = plain login
auth_verbose = yes
base_dir = /data/dovecot/run/
debug_log_path = syslog
disable_plaintext_auth = no
dsync_features = empty-header-workaround



Thanks - Paul Kudla (Manager SCOM.CA Internet Services Inc.)

Have A Happy Monday AND Happy Sucessful 2026 !

Scom.ca Internet Services 
104-1009 Byron Street South
Whitby, Ontario - Canada
L1N 4S3

Toronto 416.642.7266
Main 1.866.411.7266
Fax 1.888.892.7266
Email [email protected]

On 2026-01-19 4:58 a.m., Aki Tuomi via dovecot wrote:


On 19/01/2026 11:53 EET Christophe Lohr via dovecot 
 wrote:


Le 19/01/2026 à 09:07, Aki Tuomi via dovecot a écrit :
Looks like the logs are missing all the useful things that would've 
hopefully come after this. The error is coming from lmtp, not auth.


How can I ask Dovecot to produce more logs concerning lmtp?

  From the postfix side I just have: "lost connection with
pc-serveur.my_domain.org[private/dovecot-lmtp] while receiving the
initial server greeting"
I'd like to know why...

Best regards
Christophe
    Le 19/01/2026 `a 09:07, Aki Tuomi via dovecot a ecrit :

  Looks like the logs are missing all the useful things that would've 
hopefully come after this. The error is coming from lmtp, not auth.


    How can I ask Dovecot to produce more logs concerning lmtp?

    From the postfix side I just have: "lost connection with
    pc-serveur.my_domain.org[private/dovecot-lmtp] while receiving 
the initial

    server greeting"
    I'd like to know why...

    Best regards
    Christophe


you can try

log_debug=category=lmtp

Aki

___
dovecot mailing list -- [email protected]
To unsubscribe send an email to [email protected]



___
dovecot mailing list -- [email protected]
To unsubscribe send an email to [email protected]



___
dovecot mailing list -- [email protected]
To unsubscribe send an email to [email protected]

Re: Help regarding Postfix and Dovecot SASL

2026-01-19 Thread Paul Kudla via dovecot 


note postfix has log levels set to 15 for everything.



Thanks - Paul Kudla (Manager SCOM.CA Internet Services Inc.)

Have A Happy Monday AND Happy Sucessful 2026 !

Scom.ca Internet Services 
104-1009 Byron Street South
Whitby, Ontario - Canada
L1N 4S3

Toronto 416.642.7266
Main 1.866.411.7266
Fax 1.888.892.7266
Email [email protected]

On 2026-01-19 4:53 a.m., Christophe Lohr via dovecot wrote:

Le 19/01/2026 `a 09:07, Aki Tuomi via dovecot a ecrit :

  Looks like the logs are missing all the useful things that would've hopefully 
come after this. The error is coming from lmtp, not auth.

How can I ask Dovecot to produce more logs concerning lmtp?

From the postfix side I just have: "lost connection with
pc-serveur.my_domain.org[private/dovecot-lmtp] while receiving the initial
server greeting"
I'd like to know why...

Best regards
Christophe


___
dovecot mailing list -- [email protected]
To unsubscribe send an email to [email protected]


___
dovecot mailing list -- [email protected]
To unsubscribe send an email to [email protected]

Re: Help regarding Postfix and Dovecot SASL

2026-01-19 Thread Paul Kudla via dovecot 


ok these go in to dovecot config file

switch various debug = yes

also make sure debug log path = syslog so everything goes to the system 
logger


also best to try with ssl enabled first as that can cause complications 
until you are up and running.


auth_debug = no
auth_debug_passwords = no

default_process_limit = 16384

mail_debug = no

#lock_method = dotlock
#mail_max_lock_timeout = 300s

#mbox_read_locks = dotlock
#mbox_write_locks = dotlock

mmap_disable = yes
dotlock_use_excl = no
mail_fsync = always
mail_nfs_storage = no
mail_nfs_index = no

#submission_host = 10.220.0.2:25


auth_mechanisms = plain login
auth_verbose = yes
base_dir = /data/dovecot/run/
debug_log_path = syslog
disable_plaintext_auth = no
dsync_features = empty-header-workaround



Thanks - Paul Kudla (Manager SCOM.CA Internet Services Inc.)

Have A Happy Monday AND Happy Sucessful 2026 !

Scom.ca Internet Services 
104-1009 Byron Street South
Whitby, Ontario - Canada
L1N 4S3

Toronto 416.642.7266
Main 1.866.411.7266
Fax 1.888.892.7266
Email [email protected]

On 2026-01-19 4:58 a.m., Aki Tuomi via dovecot wrote:



On 19/01/2026 11:53 EET Christophe Lohr via dovecot  wrote:

  
Le 19/01/2026 à 09:07, Aki Tuomi via dovecot a écrit :

Looks like the logs are missing all the useful things that would've hopefully 
come after this. The error is coming from lmtp, not auth.


How can I ask Dovecot to produce more logs concerning lmtp?

  From the postfix side I just have: "lost connection with
pc-serveur.my_domain.org[private/dovecot-lmtp] while receiving the
initial server greeting"
I'd like to know why...

Best regards
Christophe
Le 19/01/2026 `a 09:07, Aki Tuomi via dovecot a ecrit :

  Looks like the logs are missing all the useful things that would've hopefully 
come after this. The error is coming from lmtp, not auth.

How can I ask Dovecot to produce more logs concerning lmtp?

From the postfix side I just have: "lost connection with
pc-serveur.my_domain.org[private/dovecot-lmtp] while receiving the initial
server greeting"
I'd like to know why...

Best regards
Christophe


you can try

log_debug=category=lmtp

Aki

___
dovecot mailing list -- [email protected]
To unsubscribe send an email to [email protected]



___
dovecot mailing list -- [email protected]
To unsubscribe send an email to [email protected]

Re: Help regarding Postfix and Dovecot SASL

2026-01-19 Thread Aki Tuomi via dovecot 

> On 19/01/2026 11:53 EET Christophe Lohr via dovecot  
> wrote:
> 
>  
> Le 19/01/2026 à 09:07, Aki Tuomi via dovecot a écrit :
> > Looks like the logs are missing all the useful things that would've 
> > hopefully come after this. The error is coming from lmtp, not auth.
> 
> How can I ask Dovecot to produce more logs concerning lmtp?
> 
>  From the postfix side I just have: "lost connection with 
> pc-serveur.my_domain.org[private/dovecot-lmtp] while receiving the 
> initial server greeting"
> I'd like to know why...
> 
> Best regards
> Christophe
>Le 19/01/2026 `a 09:07, Aki Tuomi via dovecot a ecrit :
> 
>  Looks like the logs are missing all the useful things that would've 
> hopefully come after this. The error is coming from lmtp, not auth.
> 
>How can I ask Dovecot to produce more logs concerning lmtp?
> 
>From the postfix side I just have: "lost connection with
>pc-serveur.my_domain.org[private/dovecot-lmtp] while receiving the initial
>server greeting"
>I'd like to know why...
> 
>Best regards
>Christophe

you can try

log_debug=category=lmtp

Aki

___
dovecot mailing list -- [email protected]
To unsubscribe send an email to [email protected]

Re: Help regarding Postfix and Dovecot SASL

2026-01-19 Thread Christophe Lohr via dovecot 
   Le 19/01/2026 `a 09:07, Aki Tuomi via dovecot a ecrit :

 Looks like the logs are missing all the useful things that would've hopefully 
come after this. The error is coming from lmtp, not auth.

   How can I ask Dovecot to produce more logs concerning lmtp?

   From the postfix side I just have: "lost connection with
   pc-serveur.my_domain.org[private/dovecot-lmtp] while receiving the initial
   server greeting"
   I'd like to know why...

   Best regards
   Christophe
___
dovecot mailing list -- [email protected]
To unsubscribe send an email to [email protected]

Re: Help regarding Postfix and Dovecot SASL

2026-01-19 Thread Aki Tuomi via dovecot 

> On 19/01/2026 10:02 EET Christophe Lohr via dovecot  
> wrote:
> 
>  
> Le 16/01/2026 à 21:56, John Fawcett via dovecot a écrit :
> >
> > Maybe this should be
> >
> > protocol lmtp {
> >  auth_username_format = %{user | lower}
> >    }
> >
> 
> Great, thankyouverymuch! Authenticationseemstobeworkingfinenow.
> 
> Thingsareprogressingwell... but... Istillhaveoneproblem: thereisnodelivery.
> 
> WhichdirectionshouldIlook?
> 
> 
> 
> postqueue -p
> -Queue ID-  --Size-- Arrival Time -Sender/Recipient---
> 7496C880028    7846 Mon Jan 19 08:48:06 bob7@my_domain.org
> (lost connection with pc-serveur.my_domain.org[private/dovecot-lmtp] 
> while sending end of data -- message may be sent more than once)
> alice7@my_domain.org
> 
> 1F8D38800E7    7846 Mon Jan 19 08:21:42 bob7@my_domain.org
> (lost connection with pc-serveur.my_domain.org[private/dovecot-lmtp] 
> while sending end of data -- message may be sent more than once)
> alice7@my_domain.org
> 
> -- 15 Kbytes in 2 Requests.
> 
> 
> 
> Postfix logs:
> 
> 2026-01-19T08:48:06.446455+01:00 pc-serveur postfix/smtpd[2476]: connect 
> from linux7.my_domain.org[192.168.100.17]
> 2026-01-19T08:48:06.477701+01:00 pc-serveur postfix/smtpd[2476]: 
> 7496C880028: client=linux7.my_domain.org[192.168.100.17], 
> sasl_method=PLAIN, sasl_username=bob7@my_domain.org
> 2026-01-19T08:48:06.482176+01:00 pc-serveur postfix/cleanup[2480]: 
> 7496C880028: message-id=<89c5190c-0cf6-4d9d-86d9-bd92070cfa87@my_domain.org>
> 2026-01-19T08:48:06.483278+01:00 pc-serveur postfix/qmgr[1721]: 
> 7496C880028: from=, size=7846, nrcpt=1 (queue active)
> 2026-01-19T08:48:06.510492+01:00 pc-serveur postfix/lmtp[2481]: 
> 7496C880028: to=, 
> relay=pc-serveur.my_domain.org[private/dovecot-lmtp], delay=0.04, 
> delays=0.02/0.01/0.01/0, dsn=4.4.2, status=deferred (lost connection 
> with pc-serveur.my_domain.org[private/dovecot-lmtp] while sending end of 
> data -- message may be sent more than once)
> 2026-01-19T08:48:11.487184+01:00 pc-serveur postfix/smtpd[2476]: 
> disconnect from linux7.my_domain.org[192.168.100.17] ehlo=1 auth=1 
> mail=1 rcpt=1 data=1 quit=1 commands=6
> 
> Dovecot logs:
> 
> Jan 19 08:48:06 auth: Debug: conn unix:auth (pid=2476,uid=122) [3]: 
> Server accepted connection (fd=22)
> Jan 19 08:48:06 auth: Debug: conn unix:auth (pid=2476,uid=122) [3]: auth 
> client connected (pid=0)
> Jan 19 08:48:06 auth: Debug: conn unix:auth (pid=2476,uid=122) [3]: 
> client in: AUTH    1    PLAIN    service=smtp    nologin 
> lip=192.168.100.1    rip=192.168.100.17 
> resp=AGJvYjdAdHAtcmVzZWF1eC5lbnN0Yi5vcmcAYm9iN3NlY3JldA== (previous 
> base64 data may contain sensitive data)
> Jan 19 08:48:06 auth(bob7@my_domain.org,192.168.100.17,sasl:plain): 
> Debug: passwd-file: Performing passdb lookup
> Jan 19 08:48:06 auth(bob7@my_domain.org,192.168.100.17,sasl:plain): 
> Debug: passwd-file: lookup: user=bob7@my_domain.org file=/etc/dovecot/passwd
> Jan 19 08:48:06 auth(bob7@my_domain.org,192.168.100.17,sasl:plain): 
> Debug: passwd-file: Finished passdb lookup
> Jan 19 08:48:06 auth(bob7@my_domain.org,192.168.100.17,sasl:plain): 
> Debug: Auth request finished
> Jan 19 08:48:06 auth: Debug: conn unix:auth (pid=2476,uid=122) [3]: 
> client passdb out: OK    1 user=bob7@my_domain.org
> Jan 19 08:48:06 lmtp(2482): Info: Connect from local
> Jan 19 08:48:06 auth: Debug: conn unix:/run/dovecot/auth-userdb 
> (pid=2482,uid=118): Server accepted connection (fd=24)
> Jan 19 08:48:06 auth: Debug: master in: USER    1 alice7@my_domain.org  
>    protocol=lmtp
> Jan 19 08:48:06 auth(alice7@my_domain.org): Debug: passwd-file: 
> Performing userdb lookup
> Jan 19 08:48:06 auth(alice7@my_domain.org): Debug: passwd-file: lookup: 
> user=alice7@my_domain.org file=/etc/dovecot/passwd
> Jan 19 08:48:06 auth(alice7@my_domain.org): Debug: passwd-file: Finished 
> userdb lookup
> Jan 19 08:48:06 auth: Debug: userdb out: USER    1 alice7@my_domain.org  
>    uid=    gid= home=/var/spool/vmail/alice7@my_domain.org
> Jan 19 08:48:06 auth: Debug: conn unix:/run/dovecot/auth-userdb 
> (pid=2482,uid=118): auth-master client: Disconnected: Connection closed 
> (fd=24) (created 2 msecs ago, handshake 2 msecs ago)
> Jan 19 08:49:51 auth: Debug: conn unix:auth (pid=2476,uid=122) [3]: 
> Disconnected: Connection closed (fd=22)
> 
> 
> Many thanks !
> Regards,
> Christophe
> 
>Le 16/01/2026 `a 21:56, John Fawcett via dovecot a ecrit :
> 
>  Maybe this should be
> 
>  protocol lmtp {
>   auth_username_format = %{user | lower}
> }
> 
>Great, thank  you  very  much! Authentication  seems  to  be  working
>fine  now.
>Things  are  progressing  well... but... I  still  have  one  problem:
>there  is  no  delivery.
> 
>Which  direction  should  I  look?
> 
>postqueue -p
>-Queue ID-  --Size-- Arrival Time -Sender/Recipient---
>7496C8800287846 Mon Jan 19 08:48:06  [1]bob7@my_domain.org
>(lost connection with pc-serveur.my_domain.org[p

Re: Help regarding Postfix and Dovecot SASL

2026-01-19 Thread Christophe Lohr via dovecot 
   Le 16/01/2026 `a 21:56, John Fawcett via dovecot a ecrit :

 Maybe this should be

 protocol lmtp {
  auth_username_format = %{user | lower}
}

   Great, thank  you  very  much! Authentication  seems  to  be  working
   fine  now.
   Things  are  progressing  well... but... I  still  have  one  problem:
   there  is  no  delivery.

   Which  direction  should  I  look?

   postqueue -p
   -Queue ID-  --Size-- Arrival Time -Sender/Recipient---
   7496C8800287846 Mon Jan 19 08:48:06  [1]bob7@my_domain.org
   (lost connection with pc-serveur.my_domain.org[private/dovecot-lmtp] while
   sending end of data -- message may be sent more than once)
[2]alice7@my_domain.org

   1F8D38800E77846 Mon Jan 19 08:21:42  [3]bob7@my_domain.org
   (lost connection with pc-serveur.my_domain.org[private/dovecot-lmtp] while
   sending end of data -- message may be sent more than once)
[4]alice7@my_domain.org

   -- 15 Kbytes in 2 Requests.

   Postfix logs:

   2026-01-19T08:48:06.446455+01:00 pc-serveur postfix/smtpd[2476]: connect
   from linux7.my_domain.org[192.168.100.17]
   2026-01-19T08:48:06.477701+01:00 pc-serveur postfix/smtpd[2476]:
   7496C880028: client=linux7.my_domain.org[192.168.100.17],
   sasl_method=PLAIN, [5]sasl_username=bob7@my_domain.org
   2026-01-19T08:48:06.482176+01:00 pc-serveur postfix/cleanup[2480]:
   7496C880028:
   message-id=[6]<89c5190c-0cf6-4d9d-86d9-bd92070cfa87@my_domain.org>
   2026-01-19T08:48:06.483278+01:00 pc-serveur postfix/qmgr[1721]:
   7496C880028: from=[7], size=7846, nrcpt=1 (queue
   active)
   2026-01-19T08:48:06.510492+01:00 pc-serveur postfix/lmtp[2481]:
   7496C880028: to=[8],
   relay=pc-serveur.my_domain.org[private/dovecot-lmtp], delay=0.04,
   delays=0.02/0.01/0.01/0, dsn=4.4.2, status=deferred (lost connection with
   pc-serveur.my_domain.org[private/dovecot-lmtp] while sending end of data
   -- message may be sent more than once)
   2026-01-19T08:48:11.487184+01:00 pc-serveur postfix/smtpd[2476]:
   disconnect from linux7.my_domain.org[192.168.100.17] ehlo=1 auth=1 mail=1
   rcpt=1 data=1 quit=1 commands=6

   Dovecot logs:

   Jan 19 08:48:06 auth: Debug: conn unix:auth (pid=2476,uid=122) [3]: Server
   accepted connection (fd=22)
   Jan 19 08:48:06 auth: Debug: conn unix:auth (pid=2476,uid=122) [3]: auth
   client connected (pid=0)
   Jan 19 08:48:06 auth: Debug: conn unix:auth (pid=2476,uid=122) [3]: client
   in: AUTH1PLAINservice=smtpnologinlip=192.168.100.1
   rip=192.168.100.17
   resp=AGJvYjdAdHAtcmVzZWF1eC5lbnN0Yi5vcmcAYm9iN3NlY3JldA== (previous base64
   data may contain sensitive data)
   Jan 19 08:48:06 auth([9]bob7@my_domain.org,192.168.100.17,sasl:plain):
   Debug: passwd-file: Performing passdb lookup
   Jan 19 08:48:06 auth([10]bob7@my_domain.org,192.168.100.17,sasl:plain):
   Debug: passwd-file: lookup: [11]user=bob7@my_domain.org
   file=/etc/dovecot/passwd
   Jan 19 08:48:06 auth([12]bob7@my_domain.org,192.168.100.17,sasl:plain):
   Debug: passwd-file: Finished passdb lookup
   Jan 19 08:48:06 auth([13]bob7@my_domain.org,192.168.100.17,sasl:plain):
   Debug: Auth request finished
   Jan 19 08:48:06 auth: Debug: conn unix:auth (pid=2476,uid=122) [3]: client
   passdb out: OK1[14]user=bob7@my_domain.org
   Jan 19 08:48:06 lmtp(2482): Info: Connect from local
   Jan 19 08:48:06 auth: Debug: conn unix:/run/dovecot/auth-userdb
   (pid=2482,uid=118): Server accepted connection (fd=24)
   Jan 19 08:48:06 auth: Debug: master in: USER1
   [15]alice7@my_domain.orgprotocol=lmtp
   Jan 19 08:48:06 auth([16]alice7@my_domain.org): Debug: passwd-file:
   Performing userdb lookup
   Jan 19 08:48:06 auth([17]alice7@my_domain.org): Debug: passwd-file:
   lookup: [18]user=alice7@my_domain.org file=/etc/dovecot/passwd
   Jan 19 08:48:06 auth([19]alice7@my_domain.org): Debug: passwd-file:
   Finished userdb lookup
   Jan 19 08:48:06 auth: Debug: userdb out: USER1
   [20]alice7@my_domain.orguid=gid=
   [21]home=/var/spool/vmail/alice7@my_domain.org
   Jan 19 08:48:06 auth: Debug: conn unix:/run/dovecot/auth-userdb
   (pid=2482,uid=118): auth-master client: Disconnected: Connection closed
   (fd=24) (created 2 msecs ago, handshake 2 msecs ago)
   Jan 19 08:49:51 auth: Debug: conn unix:auth (pid=2476,uid=122) [3]:
   Disconnected: Connection closed (fd=22)

   Many thanks !
   Regards,
   Christophe

References

   Visible links
   1. mailto:bob7@my_domain.org
   2. mailto:alice7@my_domain.org
   3. mailto:bob7@my_domain.org
   4. mailto:alice7@my_domain.org
   5. mailto:sasl_username=bob7@my_domain.org
   6. mailto:89c5190c-0cf6-4d9d-86d9-bd92070cfa87@my_domain.org
   7. mailto:bob7@my_domain.org
   8. mailto:alice7@my_domain.org
   9. 
file:///tmp/tmpew0z9oja/mailto:bob7@my_domain.org,192.168.100.17,sasl:plain
  10. 
file:///tmp/tmpew0z9oja/mailto:bob7@my_domain.org,192.168.100.17,sas

Re: Help regarding Postfix and Dovecot SASL

2026-01-17 Thread Mike via dovecot 

Hello,

I'm currently testing a new setup for my internal mail server with a 
similar configuration (I'm authenticating users against a Samba4 AD-DC) 
and I encountered the same error. I was starting to get desperate trying 
to troubleshoot it.


Am 16.01.2026 um 21:56 schrieb John Fawcett via dovecot:

> Maybe this should be
>
> protocol lmtp {
>   auth_username_format = %{user | lower}
> }

That was the solution! Sometimes it's so simple when you think about it 
calmly and know where to look.


Thanks, John. You're my hero. And thanks, Christophe, for asking at just 
the right time. 😉


Best regards,
Mike

___
dovecot mailing list -- [email protected]
To unsubscribe send an email to [email protected]

Re: Help regarding Postfix and Dovecot SASL

2026-01-16 Thread Paul Kudla via dovecot 


ok here are my sniplets as this was fun the first time around

please note that postfix requires database tables setup etc when using sql

i use postgresql, mysql will be similiar however sasl also requires 
extra setup


basically postfix uses sasl, dovecot uses the database directly (no 
sasl) and the virtual transport has to be dovecot


also note postfix has to be built with sasl support (aka libs compiled in)

i use freebsd, configs are similiar accross th various distros but this 
should point you in the right direction


if you need further help please email me directly ([email protected])

i dont charge for stuff like this and dont feel bad took a few months 
for me to put it all together and i program in machine code, assember, 
c, python and build my own systems, its common for doc's to miss 
'putting it all together'



relative parts from main.cf (postfix)

please be aware i run multiple instances of postfix so i use 
/usr/home/postfix as my base dir, you will need to adjust paths


#Cyrus
smtpd_sasl_type = cyrus
smtpd_sasl_path = smtpd

#SASL Common
broken_sasl_auth_clients = yes
smtpd_sasl_security_options = noanonymous
smtpd_sasl_authenticated_header = yes
smtpd_sasl_local_domain = $myhostname

dovecot_destination_recipient_limit = 1
virtual_transport = dovecot

#Postgres Stuff
mydestination = pgsql:/usr/home/postfix/config/pgsql-mydestination.cf
#virtual_maps=pgsql:/usr/home/postfix/config/pgsql-virtual.cf
alias_maps=pgsql:/usr/home/postfix/config/pgsql-aliases.cf
#sender_canonical_maps = pgsql:/usr/home/postfix/config/pgsql-canonical.cf

transport_maps = hash:/usr/home/postfix/config/transport

#virtual_mailbox_lock = dotlock (i dont use this but dovecot lmtp might 
if sharing accross network nfs shares)


file(s)

transport (is a black file just use touch to create it)

pgsql-aliases.cf :

#  pgsql-virtual.cf   ***
#
# pgsql config file for alias lookups on postfix
# comments are ok.
#
# the user name and password to log into the pgsql server
hosts = dovecot-mail18.scom.ca:5433
user = pgsql
password = 00
# the database name on the servers
dbname = scom_billing
# the table name
table = email_users
#
#Select source email address alias (ie sales@ etc aliases )
where_field = source

#Select destination email account address (final delivery)
select_field = destination

#Account Status (1=good)
additional_conditions = and status = '1'


pgsql-canonical.cf :

# pgsql-canonical.cf 
#
# pgsql config file for canonical lookups on postfix comments are ok.
#
# the user name and password to log into the pgsql server
hosts = dovecot-mail18.scom.ca:5433
user = pgsql
password = 00
# the database name on the servers
dbname = scom_billing
# the table name
table = email_users
#

select_field = source

where_field = destination

pgsql-mydestination.cf :

# /etc/postfix/pgsql-mydestination.cf
#
# pgsql config file for local domain (like sendmail's sendmail.cw)
# lookups on postfix
# comments are ok.
#
# the user name and password to log into the pgsql server
hosts = dovecot-mail18.scom.ca:5433
user = pgsql
password = 00
# the database name on the servers
dbname = scom_billing
# the table name
table = email_users
#
select_field = domain
where_field = domain

#Account Status (1=good)
additional_conditions = and status = '1'

pgsql-virtual.cf (this is the big one) :

#  pgsql-virtual.cf   ***
#
# pgsql config file for alias lookups on postfix
# comments are ok.
#
# the user name and password to log into the pgsql server
hosts = dovecot-mail18.scom.ca:5433
user = pgsql
password = 00
# the database name on the servers
dbname = scom_billing
# the table name
table = email_users
#
#Select source email address alias (ie sales@ etc aliases )
where_field = source

#Select destination email account address (final delivery)
select_field = destination

#Account Status (1=good)
additional_conditions = and status = '1'


for sasl to work on outgoing postfix connections you need to map to a 
sasl config file


i makde a sasl dir inside postfix config dir that links to where it 
usually needs to be for sasl to find it


[00:29:56] mail18.scom.ca [root:0] /usr/home/postfix/config/sasl
# ll
total 10
drwxr-xr-x  2 root  vmail  uarch3B Sep  1  2024 .
drwxr-xr-x  7 root  wheel  uarch   59B Jan 17 00:29 ..
lrwxr-xr-x  1 root  wheel  -   31B Mar 27  2013 smtpd.conf -> 
/usr/local/lib/sasl2/smtpd.conf


smtpd.conf contains :

# cat smtpd.conf
#Local Password Database
#pwcheck_method: saslauthd
#mech_list: login plain
#saslauthd_path: /var/run/saslauthd

#Postygres
pwcheck_method: auxprop
mech_list: PLAIN LOGIN
auxprop_plugin: sql
sql_engine: pgsql
sql_hostnames: dovecot-mail18.scom.ca:5433
sql_database: scom_billing
sql_user: pgsql
sql_passwd: 00

sql_select: SELECT password FROM email_users WHERE username = '%u@%r' 
and password <> 'alias' and currentcount_bad < maxcount and currentcount 
< currentcount_threshold and currentcount_

Re: Help regarding Postfix and Dovecot SASL

2026-01-16 Thread John Fawcett via dovecot 



On 16/01/2026 21:48, Christophe Lohr via dovecot wrote:

protocol lmtp {
  auth_username_format = %{user | username | lower}
}


Maybe this should be

protocol lmtp {
 auth_username_format = %{user | lower}
   }

John


___
dovecot mailing list -- [email protected]
To unsubscribe send an email to [email protected]

Re: Help regarding Postfix and Dovecot SASL

2026-01-16 Thread Christophe Lohr via dovecot 
   Le 16/01/2026 `a 21:17, Christophe Lohr via dovecot a ecrit :

 Le 16/01/2026 `a 20:50, John Fawcett via dovecot a ecrit :

   where are the dovecot users configured?

 in  /etc/dovecot/passwd

   Maybe it would help if you post your configuration (doveconf -n).

 Thankyou for your help. See attached file

   hum, I think the mailing list removed the attached file... well, here is
   the content:

   # 2.4.1-4 (7d8c0e5759): /etc/dovecot/dovecot.conf
   # Pigeonhole version 2.4.1-4 (0a86619f)
   # OS: Linux 6.12.63+deb13-amd64 x86_64 Debian 13.3
   # Hostname: pc-serveur
   # 4 default setting changes since version 2.4.0
   dovecot_config_version = 2.4.0
   auth_allow_cleartext = yes
   auth_debug = yes
   auth_debug_passwords = yes
   auth_mechanisms = plain login
   auth_verbose = yes
   auth_verbose_passwords = yes
   default_login_user = vmail
   dovecot_storage_version = 2.4.0
   first_valid_gid = 
   first_valid_uid = 
   fts_autoindex = yes
   fts_autoindex_max_recent_msgs = 999
   fts_search_add_missing = yes
   info_log_path = /var/log/dovecot-info.log
   log_path = /var/log/dovecot.log
   mail_access_groups = vmail
   mail_driver = maildir
   mail_home = /var/spool/vmail/%{user}
   mail_inbox_path = /var/spool/vmail/%{user}/Maildir
   mail_path = ~/Maildir
   mail_privileged_group = mail
   protocols = imap lmtp
   ssl = no
   verbose_proctitle = yes
   namespace inbox {
 inbox = yes
 mailbox Drafts {
   auto = subscribe
   special_use = "\\Drafts"
 }
 mailbox Junk {
   auto = subscribe
   special_use = "\\Junk"
 }
 mailbox Trash {
   auto = subscribe
   special_use = "\\Trash"
 }
 mailbox Sent {
   auto = subscribe
   special_use = "\\Sent"
 }
 mailbox "Sent Messages" {
   special_use = "\\Sent"
 }
   }
   service imap-login {
 process_min_avail = 1
 user = vmail
 inet_listener imap {
   port = 143
   listen = 192.168.100.1 127.0.0.1 [::1]
 }
 inet_listener imaps {
 }
   }
   service pop3-login {
 inet_listener pop3 {
 }
 inet_listener pop3s {
 }
   }
   service submission-login {
 inet_listener submission {
 }
 inet_listener submissions {
 }
   }
   service lmtp {
 user = dovecot
 unix_listener lmtp {
 }
 unix_listener /var/spool/postfix/private/dovecot-lmtp {
   group = postfix
   mode = 0600
   user = postfix
 }
   }
   service imap {
   }
   service pop3 {
   }
   service submission {
   }
   service auth {
 user = dovecot
 unix_listener auth-userdb {
 }
 unix_listener auth-chasquid-userdb {
   mode = 0660
   user = chasquid
 }
 unix_listener auth-chasquid-client {
   mode = 0660
   user = chasquid
 }
 unix_listener /var/spool/postfix/private/auth {
   group = postfix
   mode = 0660
   user = postfix
 }
   }
   service auth-worker {
 user = dovecot
   }
   service dict {
 unix_listener dict {
 }
   }
   ssl_server {
 cert_file = /etc/dovecot/private/dovecot.pem
 key_file = /etc/dovecot/private/dovecot.key
   }
   protocol lmtp {
 auth_username_format = %{user | username | lower}
   }
   passdb passwd-file {
 passwd_file_path = /etc/dovecot/passwd
   }
   userdb passwd-file {
 passwd_file_path = /etc/dovecot/passwd
 fields {
   gid = vmail
   home = /var/spool/vmail/%{user}
   uid = vmail
 }
   }
___
dovecot mailing list -- [email protected]
To unsubscribe send an email to [email protected]

Re: Help regarding Postfix and Dovecot SASL

2026-01-16 Thread Christophe Lohr via dovecot 

Le 16/01/2026 à 20:50, John Fawcett via dovecot a écrit :


where are the dovecot users configured? 


in  /etc/dovecot/passwd


Maybe it would help if you post your configuration (doveconf -n).


Thankyou for your help. See attached file

Regards
Christophe
___
dovecot mailing list -- [email protected]
To unsubscribe send an email to [email protected]

Re: Help regarding Postfix and Dovecot SASL

2026-01-16 Thread John Fawcett via dovecot 



On 16/01/2026 17:48, Christophe Lohr via dovecot wrote:

Le 16/01/2026 `a 17:22, John Fawcett via dovecot a ecrit :

  Have you configured users on dovecot and are you able to login to imap
  ok? Before integrating postfix and dovecot, is dovecot configured and
  working?

Yes, Bob and Alice are configured on Dovecot and can connect to it.
(Tested with Thunderbird.)
According to the log file, Dovecot accepts connections from
bob@my_domain.org and alice@my_domain.org

___
dovecot mailing list -- [email protected]
To unsubscribe send an email to [email protected]


Hi

where are the dovecot users configured? Maybe it would help if you post 
your configuration (doveconf -n).


John

___
dovecot mailing list -- [email protected]
To unsubscribe send an email to [email protected]

Re: Help regarding Postfix and Dovecot SASL

2026-01-16 Thread Christophe Lohr via dovecot 
   Le 16/01/2026 `a 17:22, John Fawcett via dovecot a ecrit :

 Have you configured users on dovecot and are you able to login to imap
 ok? Before integrating postfix and dovecot, is dovecot configured and
 working?

   Yes, Bob and Alice are configured on Dovecot and can connect to it.
   (Tested with Thunderbird.)
   According to the log file, Dovecot accepts connections from
   bob@my_domain.org and alice@my_domain.org
___
dovecot mailing list -- [email protected]
To unsubscribe send an email to [email protected]

Re: Help regarding Postfix and Dovecot SASL

2026-01-16 Thread John Fawcett via dovecot 


On 16/01/2026 15:09, Christophe Lohr via dovecot wrote:

Hello,
  Please excuse my naive question.
I am trying to understand how "service auth" is supposed to work 
between Postfix and Dovecot.

(https://doc.dovecot.org/2.4.2/howto/sasl/postfix.html)

Here is my test setup:
- dovecot and postfix talking in lmtpd (via unix_listener 
/var/spool/postfix/private/dovecot-lmtp)
- dovecot and postfix talking in sasl (via unix_listener 
/var/spool/postfix/private/auth)
- "bob" and "alice" are virtual users of the virtual domain 
"my_domain.org"

- passwd-file (plain) is /etc/dovecot/passwd

Now, postrfix receive (by smtp) an email  From: bob@my_domain.org To: 
alice@my_domain.org
Postfix validate the domain according to its config (main.cf: 
virtual_mailbox_domains=my_domain.org)
Then, it queries dovecot about these users via sasl: and that's where 
it fails!



Here are logs from postfix:

2026-01-16T14:28:55.829532+01:00 pc-serveur postfix/qmgr[25055]: 
CA20D880486: from=, size=9988, nrcpt=1 (queue active)
2026-01-16T14:28:55.831365+01:00 pc-serveur postfix/lmtp[25080]: 
CA20D880486: to=, 
relay=pc-serveur.my_domain.org[private/dovecot-lmtp], delay=0, 
delays=0/0/0/0, dsn=5.1.1, status=bounced (host 
pc-serveur.tp-reseaux.enstb.org[private/dovecot-lmtp] said: 550 5.1.1 
 User doesn't exist: alice@my_domain.org (in 
reply to RCPT TO command))
That does not look like a sasl request. This is postfix lmtp delivery 
agent connecting to dovecot to deliver the message to dovecot, but 
dovecot rejecting the email due to user not found.



Here are logs from dovecot:

Jan 16 14:28:55 lmtp(25081): Info: Connect from local
Jan 16 14:28:55 auth: Debug: conn unix:/run/dovecot/auth-userdb 
(pid=25081,uid=118): Server accepted connection (fd=24)
Jan 16 14:28:55 auth: Debug: master in: USER    1 bob@my_domain.org    
protocol=lmtp

Jan 16 14:28:55 auth(bob7): Debug: passwd-file: Performing userdb lookup
Jan 16 14:28:55 auth(bob7): Debug: passwd-file: lookup: user=bob7 
file=/etc/dovecot/passwd

Jan 16 14:28:55 auth(bob7): Info: passwd-file: unknown user
Jan 16 14:28:55 auth(bob7): Debug: passwd-file: Finished userdb lookup
Jan 16 14:28:55 auth: Debug: userdb out: NOTFOUND    1
Jan 16 14:28:55 lmtp(25081): Info: Disconnect from local: Logged out 
(state=READY)

Jan 16 14:28:55 lmtp(25081): Info: Connect from local
Jan 16 14:28:55 auth: Debug: master in: USER    2 alice@my_domain.org  
  protocol=lmtp
Jan 16 14:28:55 auth(alice7): Debug: passwd-file: Performing userdb 
lookup
Jan 16 14:28:55 auth(alice7): Debug: passwd-file: lookup: user=alice7 
file=/etc/dovecot/passwd

Jan 16 14:28:55 auth(alice7): Info: passwd-file: unknown user
Jan 16 14:28:55 auth(alice7): Debug: passwd-file: Finished userdb lookup
Jan 16 14:28:55 auth: Debug: userdb out: NOTFOUND    2
Jan 16 14:28:55 lmtp(25081): Info: Disconnect from local: Logged out 
(state=READY)



So, what's wrong?
It seems to me that Dovecot receives a SASL request for the user 
"bob@my_domain.org", but only does a lookup for "bob", without the 
domain. Isn't it?

So, why? What can I do?

Best regards,
Christophe

Have you configured users on dovecot and are you able to login to imap 
ok? Before integrating postfix and dovecot, is dovecot configured and 
working?


John


___
dovecot mailing list -- [email protected]
To unsubscribe send an email to [email protected]

Help regarding Postfix and Dovecot SASL

2026-01-16 Thread Klaus Tachtler via dovecot 
Hi,

this is a actual DokuWiki entry, made for myself, but maybe it could help.

https://dokuwiki.tachtler.net/doku.php?id=tachtler:dovecot_archlinux_-_sasl


Greetings
Klaus.

-- 

---
e-Mail  : [email protected]
Homepage: https://www.tachtler.net
DokuWiki: https://dokuwiki.tachtler.net
---
___
dovecot mailing list -- [email protected]
To unsubscribe send an email to [email protected]

Help regarding Postfix and Dovecot SASL

2026-01-16 Thread Christophe Lohr via dovecot 

Hello,
  Please excuse my naive question.
I am trying to understand how "service auth" is supposed to work between 
Postfix and Dovecot.

(https://doc.dovecot.org/2.4.2/howto/sasl/postfix.html)

Here is my test setup:
- dovecot and postfix talking in lmtpd (via unix_listener 
/var/spool/postfix/private/dovecot-lmtp)
- dovecot and postfix talking in sasl (via unix_listener 
/var/spool/postfix/private/auth)

- "bob" and "alice" are virtual users of the virtual domain "my_domain.org"
- passwd-file (plain) is /etc/dovecot/passwd

Now, postrfix receive (by smtp) an email  From: bob@my_domain.org To: 
alice@my_domain.org
Postfix validate the domain according to its config (main.cf: 
virtual_mailbox_domains=my_domain.org)
Then, it queries dovecot about these users via sasl: and that's where it 
fails!



Here are logs from postfix:

2026-01-16T14:28:55.829532+01:00 pc-serveur postfix/qmgr[25055]: 
CA20D880486: from=, size=9988, nrcpt=1 (queue active)
2026-01-16T14:28:55.831365+01:00 pc-serveur postfix/lmtp[25080]: 
CA20D880486: to=, 
relay=pc-serveur.my_domain.org[private/dovecot-lmtp], delay=0, 
delays=0/0/0/0, dsn=5.1.1, status=bounced (host 
pc-serveur.tp-reseaux.enstb.org[private/dovecot-lmtp] said: 550 5.1.1 
 User doesn't exist: alice@my_domain.org (in reply 
to RCPT TO command))



Here are logs from dovecot:

Jan 16 14:28:55 lmtp(25081): Info: Connect from local
Jan 16 14:28:55 auth: Debug: conn unix:/run/dovecot/auth-userdb 
(pid=25081,uid=118): Server accepted connection (fd=24)
Jan 16 14:28:55 auth: Debug: master in: USER    1 bob@my_domain.org    
protocol=lmtp

Jan 16 14:28:55 auth(bob7): Debug: passwd-file: Performing userdb lookup
Jan 16 14:28:55 auth(bob7): Debug: passwd-file: lookup: user=bob7 
file=/etc/dovecot/passwd

Jan 16 14:28:55 auth(bob7): Info: passwd-file: unknown user
Jan 16 14:28:55 auth(bob7): Debug: passwd-file: Finished userdb lookup
Jan 16 14:28:55 auth: Debug: userdb out: NOTFOUND    1
Jan 16 14:28:55 lmtp(25081): Info: Disconnect from local: Logged out 
(state=READY)

Jan 16 14:28:55 lmtp(25081): Info: Connect from local
Jan 16 14:28:55 auth: Debug: master in: USER    2 alice@my_domain.org    
protocol=lmtp

Jan 16 14:28:55 auth(alice7): Debug: passwd-file: Performing userdb lookup
Jan 16 14:28:55 auth(alice7): Debug: passwd-file: lookup: user=alice7 
file=/etc/dovecot/passwd

Jan 16 14:28:55 auth(alice7): Info: passwd-file: unknown user
Jan 16 14:28:55 auth(alice7): Debug: passwd-file: Finished userdb lookup
Jan 16 14:28:55 auth: Debug: userdb out: NOTFOUND    2
Jan 16 14:28:55 lmtp(25081): Info: Disconnect from local: Logged out 
(state=READY)



So, what's wrong?
It seems to me that Dovecot receives a SASL request for the user 
"bob@my_domain.org", but only does a lookup for "bob", without the 
domain. Isn't it?

So, why? What can I do?

Best regards,
Christophe

___
dovecot mailing list -- [email protected]
To unsubscribe send an email to [email protected]

Help regarding Postfix and Dovecot SASL

2026-01-16 Thread Christophe Lohr via dovecot 

Hello,
  Please excuse my naive question.
I am trying to understand how "service auth" is supposed to work between 
Postfix and Dovecot.

(https://doc.dovecot.org/2.4.2/howto/sasl/postfix.html)

Here is my test setup:
- dovecot and postfix talking in lmtpd (via unix_listener 
/var/spool/postfix/private/dovecot-lmtp)
- dovecot and postfix talking in sasl (via unix_listener 
/var/spool/postfix/private/auth)

- "bob" and "alice" are virtual users of the virtual domain "my_domain.org"
- passwd-file (plain) is /etc/dovecot/passwd

Now, postrfix receive (by smtp) an email  From: bob@my_domain.org To: 
alice@my_domain.org
Postfix validate the domain according to its config (main.cf: 
virtual_mailbox_domains=my_domain.org)
Then, it queries dovecot about these users via sasl: and that's where it 
fails!



Here are logs from postfix:

2026-01-16T14:28:55.829532+01:00 pc-serveur postfix/qmgr[25055]: 
CA20D880486: from=, size=9988, nrcpt=1 (queue active)
2026-01-16T14:28:55.831365+01:00 pc-serveur postfix/lmtp[25080]: 
CA20D880486: to=, 
relay=pc-serveur.my_domain.org[private/dovecot-lmtp], delay=0, 
delays=0/0/0/0, dsn=5.1.1, status=bounced (host 
pc-serveur.tp-reseaux.enstb.org[private/dovecot-lmtp] said: 550 5.1.1 
 User doesn't exist: alice@my_domain.org (in reply 
to RCPT TO command))



Here are logs from dovecot:

Jan 16 14:28:55 lmtp(25081): Info: Connect from local
Jan 16 14:28:55 auth: Debug: conn unix:/run/dovecot/auth-userdb 
(pid=25081,uid=118): Server accepted connection (fd=24)
Jan 16 14:28:55 auth: Debug: master in: USER    1 bob@my_domain.org    
protocol=lmtp

Jan 16 14:28:55 auth(bob7): Debug: passwd-file: Performing userdb lookup
Jan 16 14:28:55 auth(bob7): Debug: passwd-file: lookup: user=bob7 
file=/etc/dovecot/passwd

Jan 16 14:28:55 auth(bob7): Info: passwd-file: unknown user
Jan 16 14:28:55 auth(bob7): Debug: passwd-file: Finished userdb lookup
Jan 16 14:28:55 auth: Debug: userdb out: NOTFOUND    1
Jan 16 14:28:55 lmtp(25081): Info: Disconnect from local: Logged out 
(state=READY)

Jan 16 14:28:55 lmtp(25081): Info: Connect from local
Jan 16 14:28:55 auth: Debug: master in: USER    2 alice@my_domain.org    
protocol=lmtp

Jan 16 14:28:55 auth(alice7): Debug: passwd-file: Performing userdb lookup
Jan 16 14:28:55 auth(alice7): Debug: passwd-file: lookup: user=alice7 
file=/etc/dovecot/passwd

Jan 16 14:28:55 auth(alice7): Info: passwd-file: unknown user
Jan 16 14:28:55 auth(alice7): Debug: passwd-file: Finished userdb lookup
Jan 16 14:28:55 auth: Debug: userdb out: NOTFOUND    2
Jan 16 14:28:55 lmtp(25081): Info: Disconnect from local: Logged out 
(state=READY)



So, what's wrong?
It seems to me that Dovecot receives a SASL request for the user 
"bob@my_domain.org", but only does a lookup for "bob", without the 
domain. Isn't it?

So, why? What can I do?

Best regards,
Christophe

___
dovecot mailing list -- [email protected]
To unsubscribe send an email to [email protected]