Uncommented the section on userdb that was commented because it was throwing errors. It’s still throwing an error. Specifically this one:
Jan 10 15:42:37 shuttle postfix/smtpd[21046]: connect from pvr[192.168.1.103]
Jan 10 15:42:47 shuttle postfix/smtpd[21046]: fatal: no SASL authentication mechanisms
Jan 10 15:42:48 shuttle postfix/master[18850]: warning: process /usr/libexec/postfix/smtpd pid 21046 exit status 1
Jan 10 15:42:48 shuttle postfix/master[18850]: warning: /usr/libexec/postfix/smtpd: bad command startup -- throttling
I’ve combed Google for information on “no SASL authentication mechanism” with no solution. I appear to have things configured correctly (unless IM missing something, which is entirely possible given that I’m really struggling with this).
Saslauthd is running:
# systemctl status saslauthd
● saslauthd.service - SASL authentication daemon.
Loaded: loaded (/usr/lib/systemd/system/saslauthd.service; enabled; vendor preset: disabled)
Active: active (running) since Mon 2020-01-06 19:13:37 MST; 3 days ago
Main PID: 29506 (saslauthd)
Memory: 1.5M
CGroup: /system.slice/saslauthd.service
├─29506 /usr/sbin/saslauthd -m /run/saslauthd -a pam
├─29507 /usr/sbin/saslauthd -m /run/saslauthd -a pam
├─29508 /usr/sbin/saslauthd -m /run/saslauthd -a pam
├─29509 /usr/sbin/saslauthd -m /run/saslauthd -a pam
└─29510 /usr/sbin/saslauthd -m /run/saslauthd -a pam
Jan 06 19:13:37 shuttle systemd[1]: Starting SASL authentication daemon....
Jan 06 19:13:37 shuttle saslauthd[29506]: : master pid is: 29506
Jan 06 19:13:37 shuttle systemd[1]: Started SASL authentication daemon..
Jan 06 19:13:37 shuttle saslauthd[29506]: : listening on socket: /run/saslauthd/mux
Dovecot and Postfix are running starting and running okay. /var/spool/postfix/private/auth is present and seems to be correct.
Here are my current configs on those items:
# postconf -n
command_directory = /usr/sbin
compatibility_level = 2
daemon_directory = /usr/libexec/postfix
data_directory = /var/lib/postfix
html_directory = /usr/share/doc/postfix/html
inet_interfaces = shuttle
inet_protocols = all
lmtp-filter_destination_concurrency_limit = 2
lmtp_sasl_mechanism_filter = plain
mail_owner = postfix
mailbox_transport = dovecot:shuttle:lmtp
mailq_path = /usr/bin/mailq
manpage_directory = /usr/share/man
meta_directory = /etc/postfix
mydestination = mynetworks
myhostname = shuttle
mynetworks = 192.168.1.0/24, 127.0.0.0/8
mynetworks_style = subnet
myorigin = shuttle
newaliases_path = /usr/bin/newaliases
queue_directory = /var/spool/postfix
readme_directory = /usr/share/doc/postfix/README_FILES
sendmail_path = /usr/sbin/sendmail.postfix
setgid_group = postdrop
shlib_directory = /usr/lib64
smtp-filter_destination_concurrency_limit = 2
smtp_bind_address = 192.168.1.105
smtp_tls_CAfile = /etc/pki/tls/certs/ca-bundle.crt
smtp_tls_security_level = may
smtpd_banner = $myhostname ESMTP $mail_name ($mail_version) (Mageia Linux)
smtpd_recipient_restrictions = permit_sasl_authenticated,permit_mynetworks,reject_unauth_destination
smtpd_sasl_auth_enable = yes
smtpd_sasl_authenticated_header = yes
smtpd_sasl_local_domain = $myhostname
smtpd_sasl_path = private/auth
smtpd_sasl_type = dovecot
smtpd_tls_CAfile = /etc/pki/tls/certs/ca-bundle.crt
smtpd_tls_cert_file = /etc/pki/tls/certs/adams-lan.mail.pem
smtpd_tls_key_file = /etc/pki/tls/private/adams-lan.mail.key
smtpd_use_tls = yes
unknown_local_recipient_reject_code = 450
virtual_alias_maps = mysql:/etc/postfix/mysql-virtual-alias-maps.cf
virtual_mailbox_base = /var/spool/mail/vhosts
virtual_mailbox_domains = mysql:/etc/postfix/mysql-virtual-mailbox-domains.cf
virtual_mailbox_maps = mysql:/etc/postfix/mysql-virtual-mailbox-maps.cf
virtual_transport = dovecot
postconf: warning: /etc/postfix/master.cf: unused parameter: flags=
# dovecot -n
# 2.3.7.2 (3c910f64b): /etc/dovecot/dovecot.conf
# OS: Linux 5.4.6-desktop-2.mga7 x86_64 Mageia 7
# Hostname: shuttle
auth_debug_passwords = yes
auth_mechanisms = plain login cram-md5
auth_username_format = %Ln
disable_plaintext_auth = no
first_valid_uid = 0
last_valid_uid = 10001
mail_gid = 10001
mail_location = mbox:~/mail:INBOX=/var/mail/%u
mail_privileged_group = mail
mail_uid = 10001
namespace inbox {
inbox = yes
location =
mailbox Drafts {
special_use = \Drafts
}
mailbox Junk {
special_use = \Junk
}
mailbox Sent {
special_use = \Sent
}
mailbox "Sent Messages" {
special_use = \Sent
}
mailbox Trash {
special_use = \Trash
}
prefix =
}
passdb {
driver = sql
}
passdb {
args = %s
driver = pam
}
plugin {
sieve = file:~/sieve;active=~/.dovecot.sieve
}
service anvil {
unix_listener anvil {
group = mail
mode = 0666
}
}
service auth-worker {
user = vmail
}
service auth {
unix_listener /var/spool/postfix/private/auth {
group = postfix
mode = 0666
user = postfix
}
unix_listener auth-userdb {
group =
mode = 0666
user = $default_internal_user
}
user = dovecot
}
service imap-login {
inet_listener imap {
port = 143
}
}
service lmtp {
unix_listener /var/spool/postfix/private/dovecot-lmtp {
group = postfix
mode = 0600
user = postfix
}
}
service pop3-login {
inet_listener pop3s {
port = 995
ssl = yes
}
}
service stats {
unix_listener stats-reader {
group = mail
mode = 0666
}
unix_listener stats-writer {
group = mail
mode = 0666
}
}
ssl = required
ssl_cert = </etc/pki/tls/certs/fullchain.cer
ssl_dh = # hidden, use -P to show it
ssl_key = # hidden, use -P to show it
userdb {
driver = passwd
}
protocol lmtp {
hostname = shuttle
postmaster_address = postmaster@shuttle
I just need this stuff to move mail on my LAN as it did for years prior to this upgrade. I’m perfectly willing to blow this config away and reinstall from scratch, which I’ve done twice already. I’ve been through at least 4 tutorials on the web and nothing has led to my getting this thing working. Despite all that I’ve learned about Postfix + Dovecot + Mysql, I am still not smart enough to figure this out.
I’m still looking for help and/or options. I’m also wondering if it might not be a good idea to ditch the configs in /etc/dovecot/conf.d (by commenting out “!include conf.d/*.conf” in dovecot.conf). I’m just looking to move mail on my LAN. This should be simple, no?
Thanks again.
Mark
From: Alexander Dalloz
Sent: Friday, January 10, 2020 11:34 AM
To: Mark ADAMS
Subject: Re: Unable to authenticate on Dovecot - auth-userdb issue?
Mark,
first of all: please take care to whom you reply. Do not communicate
directly with my list mail address. Please keep the discussion on the
dovecot list. Thanks.
Am 09.01.2020 um 18:29 schrieb Mark ADAMS:
> At this point, passdb does not support lookups according to the log. Is there something else I should be looking at?
>
> I’ve worked on this and seem to be making little progress. A sample transaction log looks like this:
>
>
> Jan 09 10:22:32 shuttle dovecot[26851]: master: Warning: SIGHUP received - reloading configuration
> Jan 09 10:23:04 shuttle postfix/smtpd[5448]: connect from pvr[192.168.1.103]
> Jan 09 10:23:04 shuttle dovecot[5432]: auth: Debug: Loading modules from directory: /usr/lib64/dovecot/modules/auth
> Jan 09 10:23:04 shuttle dovecot[5432]: auth: Debug: Module loaded: /usr/lib64/dovecot/modules/auth/lib20_auth_var_expand_crypt.so
> Jan 09 10:23:04 shuttle dovecot[5432]: auth: Debug: Read auth token secret from /run/dovecot/auth-token-secret.dat
> Jan 09 10:23:04 shuttle dovecot[5432]: auth: Debug: auth client connected (pid=0)
> Jan 09 10:23:20 shuttle postfix/smtpd[5448]: 0C6BF4A6302: client=pvr[192.168.1.103]
> Jan 09 10:23:30 shuttle postfix/cleanup[5459]: 0C6BF4A6302: message-id=<>
> Jan 09 10:23:30 shuttle postfix/qmgr[1385]: 0C6BF4A6302: from=<madams@pvr>, size=180, nrcpt=1 (queue active)
> Jan 09 10:23:30 shuttle dovecot[5432]: auth: Debug: master in: USER 1 root@shuttle service=lda
> Jan 09 10:23:30 shuttle dovecot[5432]: auth: Debug: static(root): Performing userdb lookup
> Jan 09 10:23:30 shuttle dovecot[5432]: auth: Debug: pam(root): Performing passdb lookup
> Jan 09 10:23:30 shuttle dovecot[5432]: auth: Debug: pam(root): passdb doesn't support credential lookups
> Jan 09 10:23:30 shuttle dovecot[5432]: auth: Debug: pam(root): Finished passdb lookup
> Jan 09 10:23:30 shuttle dovecot[5432]: auth: Error: static(root): passdb doesn't support lookups, can't verify user's existence
> Jan 09 10:23:30 shuttle dovecot[5432]: auth: Debug: static(root): Finished userdb lookup
> Jan 09 10:23:30 shuttle dovecot[5432]: auth: Debug: userdb out: FAIL 1
> Jan 09 10:23:30 shuttle dovecot[5466]: lda(root@shuttle)<5466><>: Error: auth-master: userdb lookup(root@shuttle): Auth USER lookup failed
> Jan 09 10:23:30 shuttle dovecot[5466]: lda: Fatal: Internal error occurred. Refer to server log for more information.
> Jan 09 10:23:30 shuttle postfix/pipe[5465]: 0C6BF4A6302: to=<root@shuttle>, relay=dovecot, delay=17, delays=17/0.01/0/0.06, dsn=4.3.0, status=deferred (tempora>
> Jan 09 10:23:31 shuttle sshd[5468]: Connection closed by 192.168.1.100 port 48324 [preauth]
> Jan 09 10:23:31 shuttle postfix/smtpd[5448]: disconnect from pvr[192.168.1.103] ehlo=1 mail=1 rcpt=1 data=1 quit=1 commands=5
>
>
> My current dovecot configuration looks like this:
>
> # 2.3.7.2 (3c910f64b): /etc/dovecot/dovecot.conf
> # OS: Linux 5.4.6-desktop-2.mga7 x86_64 Mageia 7
> # Hostname: shuttle
> auth_debug_passwords = yes
> auth_username_format = %Ln
> disable_plaintext_auth = no
> first_valid_uid = 0
> last_valid_uid = 10001
> mail_gid = 10001
> mail_location = mbox:~/mail:INBOX=/var/mail/%u
> mail_privileged_group = mail
> mail_uid = 10001
> namespace inbox {
> inbox = yes
> location =
> mailbox Drafts {
> special_use = \Drafts
> }
> mailbox Junk {
> special_use = \Junk
> }
> mailbox Sent {
> special_use = \Sent
> }
> mailbox "Sent Messages" {
> special_use = \Sent
> }
> mailbox Trash {
> special_use = \Trash
> }
> prefix =
> }
> passdb {
> args = %s
> driver = pam
> }
> plugin {
> sieve = file:~/sieve;active=~/.dovecot.sieve
> }
> service anvil {
> unix_listener anvil {
> group = mail
> mode = 0666
> }
> }
> service auth-worker {
> user = vmail
> }
> service auth {
> unix_listener /var/spool/postfix/private/auth {
> group = postfix
> mode = 0666
> user = postfix
> }
> unix_listener auth-userdb {
> group =
> mode = 0666
> user = $default_internal_user
> }
> user = dovecot
> }
> service imap-login {
> inet_listener imap {
> port = 143
> }
> }
> service lmtp {
> unix_listener /var/spool/postfix/private/dovecot-lmtp {
> group = postfix
> mode = 0600
> user = postfix
> }
> }
> service pop3-login {
> inet_listener pop3s {
> port = 995
> ssl = yes
> }
> }
> service stats {
> unix_listener stats-reader {
> group = mail
> mode = 0666
> }
> unix_listener stats-writer {
> group = mail
> mode = 0666
> }
> }
> ssl = required
> ssl_cert = </etc/pki/tls/certs/fullchain.cer
> ssl_dh = # hidden, use -P to show it
> ssl_key = # hidden, use -P to show it
> protocol lmtp {
> hostname = shuttle
> postmaster_address = postmaster@shuttle
> }
>
>
> As always I appreciate the help and any assistance is appreciated.
>
> Mark
According to your "doveconf -n" output you have no userdb defined. Just
do that.
https://doc.dovecot.org/configuration_manual/authentication/user_databases_userdb/
Maybe this one fits your current system setup
https://doc.dovecot.org/configuration_manual/authentication/passwd/#authentication-passwd
Alexander
> From: Alexander Dalloz<mailto:ad+lists@uni-x.org>
> Sent: Friday, January 3, 2020 5:26 AM
> To: dovecot@dovecot.org<mailto:dovecot@dovecot.org>
> Subject: Re: Unable to authenticate on Dovecot - auth-userdb issue?
>
> Am 03.01.2020 um 03:27 schrieb Mark ADAMS:
>> Jan 02 18:47:37 shuttle dovecot[6744]: lda(root@shuttle)<6744><>: Error: auth-master: userdb lookup(root@shuttle): connect(/run/dovecot/auth-userdb) failed: Permission denied (euid=8(mail) egid=12(mail) missing +r perm: /run/dovecot/auth-userdb, dir owned
by 0:0 mode=0755)
>
> Run "namei -lv /run/dovecot/auth-userdb" to check the permissions of the
> complete path. The auth-userdb socket actually is owned mail:mail
> according to your error logging. Is dovecot member of the mail group?
>
> Actually it does not match the config details you have pasted:
>
> unix_listener auth-userdb {
> group = dovecot
> mode = 0600
> user = vmail
> }
>
> On my side it looks like this and I have not custom configured that
> part. The defaults are:
>
> unix_listener auth-userdb {
> group =
> mode = 0666
> user = $default_internal_user
> }
>
> So on my system the permissions look like this:
>
> # namei -lv /var/run/dovecot/auth-userdb
> f: /var/run/dovecot/auth-userdb
> dr-xr-xr-x root root /
> drwxr-xr-x root root var
> drwxr-xr-x root root run
> drwxr-xr-x root dovecot dovecot
> srw-rw-rw- dovecot root auth-userdb
>
>> Jan 02 18:47:37 shuttle dovecot[6744]: lda: Fatal: Internal error occurred. Refer to server log for more information.
>> Jan 02 18:47:37 shuttle postfix/pipe[6743]: 6345D4A4A97: to=<root@shuttle>, relay=dovecot, delay=1.1, delays=1.1/0.01/0/0.06, dsn=4.3.0, status=deferred (temporary failure. Command output: lda(root@shuttle): Error: net_connect_unix(/run/dovecot/stats-writer)
failed: Permission denied )
>> ^C
>>
>>
>>
>> Note: this error references "/run/dovecot/auth-userdb". That isn't even supposed to be the location of that file. I have no idea why that location shows up. The correct location should be "/etc/dovecot/auth-userdb". The file does exist at that location.
>
> Mark,
>
> I have no idea why you expect the dovecot sockets to be located inside
> /etc/dovecot/. /etc is the FHS location for configurations. /run or
> /var/run (typically a symlink on modern linux distributions) is the
> right location for runtime files like service sockets.
>
> You say /etc/dovecot/auth-userdb exists. Am I correct to guess that you
> have created that manually with whatever content?
>
> Alexander
>
>