Okay, I wasn't going to try and fix up the messed up mail server I was given; however, I decided that I might as well try.
Situation:
The system has a Postfix MTA and uses Dovecot for LDA and Cyrus-SASL for SASL. That works fine.
I decided that I wanted to switch over to Dovecot for SASL. dovecot is presently using MySQL for its database.
I make the (I thought) necessary changes in Postfix and restarted it. Big problem. SASL is now broken. I turned on logging in Dovecot to see what was happening, but apparently nothing is happening. There are no entries regarding Postfix attempting to negotiate an SASL request with Dovecot.
This is the "dovecot -n" outout (yes, I know it is an old version)
# 1.2.17: /usr/local/etc/dovecot.conf # OS: FreeBSD 8.3-STABLE amd64 ufs log_path: /var/log/dovecot.log login_dir: /var/run/dovecot/login login_executable: /usr/local/libexec/dovecot/imap-login verbose_proctitle: yes first_valid_uid: 1000 first_valid_gid: 1000 mail_privileged_group: mail mail_location: maildir:/var/mail/vhost/seibercom.net/gerard mail_plugins: expire imap_client_workarounds: delay-newmail netscape-eoh tb-extra-mailbox-sep lda: postmaster_address: postmaster@seibercom.net mail_plugins: sieve sieve_global_path: /usr/local/etc/dovecot/sieve/gerard.sieve sendmail_path: /usr/sbin/sendmail auth default: mechanisms: plain login digest-md5 cram-md5 username_format: %Lu verbose: yes debug: yes debug_passwords: yes passdb: driver: sql args: /usr/local/etc/dovecot-sql.conf userdb: driver: sql args: /usr/local/etc/dovecot-sql.conf socket: type: listen client: path: /var/spool/postfix/private/auth mode: 432 user: postfix group: postfix master: path: /var/run/dovecot/auth-master mode: 384 user: vmail group: vmail plugin: expire: Trash 2 Spam/* 2 expire_dict: proxy::expire dict: expire: mysql:/usr/local/etc/dovecot-dict-expire.conf
This is the "dovecot-sql.conf" file:
driver = mysql
connect = host=localhost dbname=Dovecot user=root password=xxxxxxxx
password_query = SELECT concat(userid, '@', domain) AS user, password
FROM users WHERE userid = '%n' AND domain = '%d'
user_query = SELECT uid, gid, home FROM users WHERE userid = '%n' AND domain = '%d'
This is the pertinent part of the postconf -fn output:
broken_sasl_auth_clients = yes smtp_sasl_auth_enable = yes smtp_sasl_password_maps = hash:/usr/local/etc/postfix/sasl_password_maps smtp_sasl_security_options = noanonymous smtp_sasl_type = dovecot smtpd_client_restrictions = reject_unauth_pipelining permit_sasl_authenticated smtpd_relay_restrictions = permit_mynetworks permit_sasl_authenticated smtpd_sasl_auth_enable = yes smtpd_sasl_authenticated_header = yes smtpd_sasl_local_domain = $mydomain smtpd_sasl_path = private/auth smtpd_sasl_security_options = noanonymous, noplaintext smtpd_sasl_tls_security_options = noanonymous
I have tried using "dovecot" in place of "private/auth", but it doesn't make any difference.
This is the only output from the postfix maillog:
Mar 18 08:13:02 scorpio postfix/smtpd[65217]: connect from localhost[127.0.0.1] Mar 18 08:13:02 scorpio postfix/smtpd[65217]: warning: localhost[127.0.0.1]: SASL CRAM-MD5 authentication failed: authentication failure Mar 18 08:13:02 scorpio postfix/smtpd[65217]: lost connection after AUTH from localhost[127.0.0.1]
Again, it doesn't appear that Postfix ever actually makes contact with Dovecot. I am probably doing something extremely stupid, but I just cannot figure out what it is.
-- Jerry ♔
Disclaimer: off-list followups get on-list replies or get ignored. Please do not ignore the Reply-To header.