From: Eero Volotinen (eero.volotineniki.fi)
Date: Thu Nov 12 2009 - 05:11:14 CST

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Quoting Rene Bakkum <rene.bakkumgmail.com>:

> Hello all,
>
> I am struggeling to get my Dovecot SASL to work within postfix. I have used
> the configuration example listed on the main-site of dovecot and it
> basically isn't giving me any success at all. I am probably missing
> something easy, but after spending a few days testing and walking through
> everything I could think about I thought figured it was better to ask :)
> Hope someone can point me to the right direction.
>
> My setup is that I have installed Ubuntu 9.04 (64bit), postfix and dovecot
> linked to a MySQL database. The services are using maildirs which are stored
> locally (no NFS). Postfix is using the LDA from dovecot to deliver the mail
> and dovecot is used for IMAP and POP3. This is working and no problems at
> all so far. The problem starts when I just want to enable the SASL
> authentication from Dovecot. I used the 'guide' posted on
> http://wiki.dovecot.org/HowTo/PostfixAndDovecotSASL or found at
> http://www.postfix.org/SASL_README.html#server_dovecot
>
> When I try to telnet to port 25 (smtp) than I doesn't looks like the SASL is
> working...
> 220 mail003 ESMTP Postfix (Ubuntu)
> ehlo localhost
> 250-mail003
> 250-PIPELINING
> 250-SIZE 10240000
> 250-VRFY
> 250-ETRN
> 250-STARTTLS
> 250-ENHANCEDSTATUSCODES
> 250-8BITMIME
> 250 DSN
>
> Anything I missed in my configuration from either postfix/dovecot?
> rootmail003:/etc/postfix# dovecot --version
> 1.1.11
> rootmail003:~# dpkg-query -l postfix
> +++-==============-===========
> ===-============================================
> ii postfix 2.5.5-1.1 High-performance mail transport agent
>
> Here are my configurations of both:
> rootmail003:/etc/postfix# dovecot -n
> # 1.1.11: /etc/dovecot/dovecot.conf
> # OS: Linux 2.6.28-16-server x86_64 Ubuntu 9.04 ext4
> log_timestamp: %Y-%m-%d %H:%M:%S
> protocols: imap pop3 imaps pop3s managesieve
> ssl_cert_file: /etc/ssl/certs/ssl-mail.pem
> ssl_key_file: /etc/ssl/private/ssl-mail.key
> ssl_cipher_list:
> ALL:!LOW:!SSLv2:ALL:!aNULL:!ADH:!eNULL:!EXP:RC4+RSA:+HIGH:+MEDIUM
> login_dir: /var/run/dovecot/login
> login_executable(default): /usr/lib/dovecot/imap-login
> login_executable(imap): /usr/lib/dovecot/imap-login
> login_executable(pop3): /usr/lib/dovecot/pop3-login
> login_executable(managesieve): /usr/lib/dovecot/managesieve-login
> login_greeting_capability(default): yes
> login_greeting_capability(imap): yes
> login_greeting_capability(pop3): no
> login_greeting_capability(managesieve): no
> mail_max_userip_connections(default): 10
> mail_max_userip_connections(imap): 10
> mail_max_userip_connections(pop3): 3
> mail_max_userip_connections(managesieve): 10
> mail_privileged_group: mail
> mail_uid: 5000
> mail_gid: 5000
> mail_location: maildir:/home/vmail/%d/%n/.Maildir
> mail_executable(default): /usr/lib/dovecot/imap
> mail_executable(imap): /usr/lib/dovecot/imap
> mail_executable(pop3): /usr/lib/dovecot/pop3
> mail_executable(managesieve): /usr/lib/dovecot/managesieve
> mail_plugin_dir(default): /usr/lib/dovecot/modules/imap
> mail_plugin_dir(imap): /usr/lib/dovecot/modules/imap
> mail_plugin_dir(pop3): /usr/lib/dovecot/modules/pop3
> mail_plugin_dir(managesieve): /usr/lib/dovecot/modules/managesieve
> imap_client_workarounds(default): outlook-idle delay-newmail
> imap_client_workarounds(imap): outlook-idle delay-newmail
> imap_client_workarounds(pop3):
> imap_client_workarounds(managesieve):
> pop3_client_workarounds(default):
> pop3_client_workarounds(imap):
> pop3_client_workarounds(pop3): outlook-no-nuls oe-ns-eoh
> pop3_client_workarounds(managesieve):
> sieve_storage(default):
> sieve_storage(imap):
> sieve_storage(pop3):
> sieve_storage(managesieve): ~/sieve
> sieve(default):
> sieve(imap):
> sieve(pop3):
> sieve(managesieve): ~/.dovecot.sieve
> auth default:
> mechanisms: plain login
> passdb:
> driver: sql
> args: /etc/dovecot/dovecot-sql.conf
> userdb:
> driver: sql
> args: /etc/dovecot/dovecot-sql.conf
> socket:
> type: listen
> client:
> path: /var/spool/postfix/private/dovecot-auth
> mode: 432
> user: postfix
> group: postfix
> master:
> path: /var/run/dovecot/auth-master
> mode: 384
> user: vmail
> group: vmail
>
> rootmail003:/etc/dovecot# postconf -n
> alias_database = hash:/etc/aliases
> alias_maps = hash:/etc/aliases
> append_dot_mydomain = no
> biff = no
>
> broken_sasl_auth_clients = yes
> config_directory = /etc/postfix
> home_mailbox = Maildir/
> inet_interfaces = all
> mailbox_command = /usr/lib/dovecot/deliver -c /etc/dovecot/dovecot-postfix.
> conf -n -m "${EXTENSION}"
> mailbox_size_limit = 0
> mydestination = mail003.mydomain.nl, localhost.mydomain.nl, , localhost
> myhostname = mail003.mydomain.nl
> mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128
> myorigin = /etc/mailname
> readme_directory = no
> recipient_delimiter = +
> relayhost =
> smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
> smtp_use_tls = yes
> smtpd_banner = $myhostname ESMTP $mail_name (Ubuntu)
>
> smtpd_recipient_restrictions = reject_unknown_sender_domain,
> reject_unknown_recipient_domain, reject_unauth_pipelining,
> permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination
> smtpd_sasl_auth_enable = yes
> smtpd_sasl_authenticated_header = yes
> smtpd_sasl_local_domain = $myhostname
> smtpd_sasl_path = private/dovecot-auth
> smtpd_sasl_security_options = noanonymous
> smtpd_sasl_type = dovecot
> smtpd_sender_restrictions = reject_unknown_sender_domain
> smtpd_tls_auth_only = yes
> smtpd_tls_cert_file = /etc/ssl/certs/ssl-mail.pem
> smtpd_tls_key_file = /etc/ssl/private/ssl-mail.key
> smtpd_tls_mandatory_ciphers = medium, high
> smtpd_tls_mandatory_protocols = SSLv3, TLSv1
> smtpd_tls_received_header = yes
> smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
> smtpd_use_tls = yes
> tls_random_source = dev:/dev/urandom
> virtual_alias_maps = mysql:/etc/postfix/mysql_alias.cf
> virtual_gid_maps = mysql:/etc/postfix/mysql_gid.cf
> virtual_mailbox_base = /
> virtual_mailbox_domains = mysql:/etc/postfix/mysql_domains.cf
> virtual_mailbox_maps = mysql:/etc/postfix/mysql_mailbox.cf
> virtual_minimum_uid = 5000
> virtual_transport = dovecot:
> virtual_uid_maps = mysql:/etc/postfix/mysql_uid.cf
>
> It's pretty much a default ubuntu install, only added the virtual stuff
> myself.
> Thanks for the help.
>
> - Rene
>

Because you are using smtpd_tls_auth_only = yes, postfix only
announces sasl login to encrypted sessions.

quote from manual:

smtpd_tls_auth_only (default: no)

     When TLS encryption is optional in the Postfix SMTP server, do
not announce or accept SASL authentication over unencrypted connections.

     This feature is available in Postfix 2.2 and later.

So, you cannot use plain telnet for testing, you need to use:

openssl s_client -connect mailserver.address:25 -starttls smtp

--
Eero,
RHCE

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]