Loading ...
Sorry, an error occurred while loading the content.
Skip to search.
 

Re: postfix and dovecot SASL

Expand Messages
  • Bill Cole
    ... My telepathy says no but if you had done what http://www.postfix.org/DEBUG_README.html#mail advises, I could use less inconsistent tools. ... Right.
    Message 1 of 6 , May 22, 2013
      On 22 May 2013, at 13:42, Peter Skensved wrote:

      > I've set up dovecot to provide SASL for postfix and as far as I can
      > tell everything is working correctly. However, when I do a ehlo
      > localhost
      > I don't see it announcing anything about AUTH :
      >
      > Connected to localhost.
      > Escape character is '^]'.
      > 220 xxx.yyy.QueensU.CA ESMTP Postfix
      > ehlo localhost
      > 250-xxx.yyy.QueensU.CA
      > 250-PIPELINING
      > 250-SIZE 40960000
      > 250-VRFY
      > 250-ETRN
      > 250-STARTTLS
      > 250-ENHANCEDSTATUSCODES
      > 250-8BITMIME
      > 250 DSN
      >
      > Am I missing something in the configuration of postfix ( or dovecot )
      > ?

      My telepathy says "no" but if you had done what
      http://www.postfix.org/DEBUG_README.html#mail advises, I could use less
      inconsistent tools.

      > The log files tell me that it authenticates and entering the wrong
      > password
      > makes it fail etc.

      Right.

      While it is not a default, smtpd_tls_auth_only=yes is a commonly
      recommended and wise setting. You probably have it.
    • Peter Skensved
      ... Sorry about that : Here is the output of postconf - n : alias_database = hash:/etc/aliases alias_maps = hash:/etc/aliases broken_sasl_auth_clients = yes
      Message 2 of 6 , May 24, 2013
        >> I've set up dovecot to provide SASL for postfix and as far as I can
        >> tell everything is working correctly. However, when I do a ehlo
        >> localhost
        >> I don't see it announcing anything about AUTH :
        >>
        >> Connected to localhost.
        >> Escape character is '^]'.
        >> 220 xxx.yyy.QueensU.CA ESMTP Postfix
        >> ehlo localhost
        >> 250-xxx.yyy.QueensU.CA
        >> 250-PIPELINING
        >> 250-SIZE 40960000
        >> 250-VRFY
        >> 250-ETRN
        >> 250-STARTTLS
        >> 250-ENHANCEDSTATUSCODES
        >> 250 DSN
        >> 250-8BITMIME
        >>
        >> Am I missing something in the configuration of postfix ( or dovecot )
        >> ?
        >
        > My telepathy says "no" but if you had done what
        > http://www.postfix.org/DEBUG_README.html#mail advises, I could use less
        > inconsistent tools.
        >
        >> The log files tell me that it authenticates and entering the wrong
        >> password
        >> makes it fail etc.
        >
        > Right.
        >
        > While it is not a default, smtpd_tls_auth_only=yes is a commonly
        > recommended and wise setting. You probably have it.
        >

        Sorry about that : Here is the output of postconf - n :

        alias_database = hash:/etc/aliases
        alias_maps = hash:/etc/aliases
        broken_sasl_auth_clients = yes
        command_directory = /usr/sbin
        config_directory = /etc/postfix
        daemon_directory = /usr/libexec/postfix
        data_directory = /var/lib/postfix
        debug_peer_level = 2
        html_directory = no
        inet_interfaces = all
        inet_protocols = all
        mail_owner = postfix
        mailq_path = /usr/bin/mailq.postfix
        manpage_directory = /usr/share/man
        message_size_limit = 40960000
        mydestination = $myhostname, localhost.$mydomain, localhost
        mynetworks_style = subnet
        newaliases_path = /usr/bin/newaliases.postfix
        queue_directory = /var/spool/postfix
        readme_directory = /usr/share/doc/postfix-2.6.6/README_FILES
        sample_directory = /usr/share/doc/postfix-2.6.6/samples
        sendmail_path = /usr/sbin/sendmail.postfix
        setgid_group = postdrop
        smtpd_delay_reject = yes
        smtpd_helo_required = yes
        smtpd_helo_restrictions = permit_mynetworks, reject_non_fqdn_helo_hostname, reject_invalid_helo_hostname, permit
        smtpd_recipient_restrictions = reject_unauth_pipelining, reject_non_fqdn_recipient, reject_unknown_recipient_domain, permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination, permit
        smtpd_sasl_auth_enable = yes
        smtpd_sasl_path = private/auth
        smtpd_sasl_security_options = noanonymous
        smtpd_sasl_type = dovecot
        smtpd_sender_restrictions = permit_mynetworks, reject_non_fqdn_sender, reject_unknown_sender_domain, permit
        smtpd_tls_auth_only = yes
        smtpd_tls_cert_file = /etc/pki/tls/certs/postfix.pem
        smtpd_tls_key_file = /etc/pki/tls/private/postfix.pem
        smtpd_tls_loglevel = 1
        smtpd_tls_security_level = may
        smtpd_tls_session_cache_database = btree:/var/spool/postfix/smtpd_tls_cache
        smtpd_tls_session_cache_timeout = 3600s
        tls_random_source = dev:/dev/urandom
        unknown_local_recipient_reject_code = 550


        And dovecon -n

        # 2.0.9: /etc/dovecot/dovecot.conf
        # OS: Linux 2.6.32-279.2.1.el6.x86_64 x86_64 CentOS release 6.3 (Final)
        auth_debug = yes
        auth_verbose = yes
        disable_plaintext_auth = no
        mbox_write_locks = fcntl
        passdb {
        driver = pam
        }
        protocols = imap
        service auth {
        unix_listener /var/spool/postfix/private/auth {
        group = postfix
        mode = 0660
        user = postfix
        }
        }
        ssl_cert = </etc/pki/dovecot/certs/dovecot.pem
        ssl_key = </etc/pki/dovecot/private/dovecot.pem
        userdb {
        driver = passwd
        }


        peter
      • LuKreme
        ... So, questioned answered then?
        Message 3 of 6 , May 24, 2013
          On May 24, 2013, at 7:14, Peter Skensved <peter@...> wrote:

          > smtpd_tls_auth_only = yes

          So, questioned answered then?
        • /dev/rob0
          ... Did you see this part ^^ up here? ... snip ... -- http://rob0.nodns4.us/ -- system administration and consulting Offlist GMX mail is seen only if
          Message 4 of 6 , May 24, 2013
            On Fri, May 24, 2013 at 09:14:14AM -0400, Peter Skensved wrote:
            > >> I don't see it announcing anything about AUTH :
            > >>
            > >> Connected to localhost.
            > >> Escape character is '^]'.
            > >> 220 xxx.yyy.QueensU.CA ESMTP Postfix
            > >> ehlo localhost
            > >> 250-xxx.yyy.QueensU.CA
            > >> 250-PIPELINING
            > >> 250-SIZE 40960000
            > >> 250-VRFY
            > >> 250-ETRN
            > >> 250-STARTTLS
            > >> 250-ENHANCEDSTATUSCODES
            > >> 250 DSN
            > >> 250-8BITMIME
            > >>
            > >> Am I missing something in the configuration of postfix ( or
            > >> dovecot ) ?
            > >
            > > My telepathy says "no" but if you had done what
            > > http://www.postfix.org/DEBUG_README.html#mail advises, I could
            > > use less inconsistent tools.
            > >
            > >> The log files tell me that it authenticates and entering the
            > >> wrong password makes it fail etc.
            > >
            > > Right.
            > >
            > > While it is not a default, smtpd_tls_auth_only=yes is a
            > > commonly recommended and wise setting. You probably have it.

            Did you see this part ^^ up here?

            > Sorry about that : Here is the output of postconf - n :
            snip
            > smtpd_tls_auth_only = yes
            --
            http://rob0.nodns4.us/ -- system administration and consulting
            Offlist GMX mail is seen only if "/dev/rob0" is in the Subject:
          Your message has been successfully submitted and would be delivered to recipients shortly.