[Dovecot] Proxying LMTP - Auth PASS lookup failed
I'm trying to configure my proxy/director server, which proxies imap/pop/managesieve correctly already, to proxy LMTP to my backend message store server (dovecot+postfix already configured there)
This is what I have so far:
10-auth.conf using auth-static.conf.ext instead of auth-ldap.conf.ext (switching to this made proxying imap/pop/managesieve work)
10-director.conf protocol lmtp { auth_socket_path = /usr/local/var/run/dovecot/director-userdb }
10-master.conf (changed user from vmail to dovecot as it was giving permission denied error before -- on the backend dovecot server this is still 'vmail') unix_listener auth-userdb { mode = 0600 user = dovecot }
20-lmtp.conf lmtp_proxy = yes
auth-static.conf.ext passdb { driver = static args = proxy=y nopassword=y }
my dovecot logs show: auth: Debug: password(user@dev.domain.com): passdb doesn't support credential lookups lmtp(1261): Error: user user@dev.domain.com: Auth PASS lookup failed
postfix show: [private/dovecot-lmtp] said: 451 4.3.0 <user@dev.domain.com> Temporary user lookup failure (in reply to RCPT TO command)
Any ideas? Something missing/incorrect?
Thanks!
On 4.10.2010, at 22.42, Edward Carraro wrote:
passdb { driver = static args = proxy=y nopassword=y }
my dovecot logs show: auth: Debug: password(user@dev.domain.com): passdb doesn't support credential lookups lmtp(1261): Error: user user@dev.domain.com: Auth PASS lookup failed
Let me know if the attached patch fixes it. It compiles, other than that I haven't tested it yet.
Thanks Timo,
Now in my dovecot log i get: lmtp(21186): Error: lmtp client: connect(192.168.12.205, 0) failed: Connection refused
and postfix: [private/dovecot-lmtp] said: 451 4.4.0 Remote server not answering (connect) (in reply to end of DATA command))
Do I apply this patch to both the proxy and backend dovecot 2.0.4 servers? (i only did proxy right now)
On Mon, Oct 4, 2010 at 5:59 PM, Timo Sirainen <tss@iki.fi> wrote:
On 4.10.2010, at 22.42, Edward Carraro wrote:
passdb { driver = static args = proxy=y nopassword=y }
my dovecot logs show: auth: Debug: password(user@dev.domain.com): passdb doesn't support credential lookups lmtp(1261): Error: user user@dev.domain.com: Auth PASS lookup failed
Let me know if the attached patch fixes it. It compiles, other than that I haven't tested it yet.
The problem is that unlike imap/pop3, there is no default port for lmtp. Use:
protocol lmtp { passdb { driver = static args = proxy=y nopassword=y port=1234 } }
On 4.10.2010, at 23.23, Edward Carraro wrote:
Thanks Timo,
Now in my dovecot log i get: lmtp(21186): Error: lmtp client: connect(192.168.12.205, 0) failed: Connection refused
and postfix: [private/dovecot-lmtp] said: 451 4.4.0 Remote server not answering (connect) (in reply to end of DATA command))
Do I apply this patch to both the proxy and backend dovecot 2.0.4 servers? (i only did proxy right now)
On Mon, Oct 4, 2010 at 5:59 PM, Timo Sirainen <tss@iki.fi> wrote:
On 4.10.2010, at 22.42, Edward Carraro wrote:
passdb { driver = static args = proxy=y nopassword=y }
my dovecot logs show: auth: Debug: password(user@dev.domain.com): passdb doesn't support credential lookups lmtp(1261): Error: user user@dev.domain.com: Auth PASS lookup failed
Let me know if the attached patch fixes it. It compiles, other than that I haven't tested it yet.
I added this to "10-director.conf" on the proxy server only (correct spot?)
protocol lmtp { passdb { driver = static args = proxy=y nopassword=y port=1234 } }
but still the same thing.
The proxy receives mail from the postfix server that does the mail validation and, i would think it would then pass it along to the backend mail server, getting the hostname/ip from director (postfix shows the hostname of the proxy itself, but in the dovecot logs it shows the correct IP for the backend mail server)
Postfix log: postfix/smtpd[21340]: connect from validate.domain.com[192.168.12.203] postfix/smtpd[21340]: E8B6B4502C4: client=validate.domain.com [192.168.12.203] postfix/cleanup[21344]: E8B6B4502C4: message-id=<22143348.2682.1286239482405.JavaMail.web@application> postfix/qmgr[12730]: E8B6B4502C4: from=<user@domain.com>, size=2300, nrcpt=1 (queue active) postfix/smtpd[21340]: disconnect from validate.domain.com[192.168.12.203] postfix/lmtp[21346]: E8B6B4502C4: to=<user@dev.domain.com>, relay= proxy.domain.com[private/dovecot-lmtp], delay=0.1, delays=0.02/0.01/0.04/0.03, dsn=4.4.0, status=deferred (host proxy.domain.com[private/dovecot-lmtp] said: 451 4.4.0 Remote server not answering (connect) (in reply to end of DATA command))
Dovecot log: lmtp(21249): Debug: none: root=, index=, control=, inbox= auth: Debug: Loading modules from directory: /usr/local/lib/dovecot/auth auth: Debug: master in: PASS 1 user@dev.domain.com service=lmtp auth: Debug: static(user@dev.domain.com): lookup auth: Debug: password(user@dev.domain.com): Credentials: auth: Debug: master out: PASS 1 user=user@dev.domain.com proxy lmtp(21249): Debug: auth input: user=user@dev.domain.com proxy host=192.168.12.205 proxy_refresh=450 auth: Debug: master in: PASS 2 user@dev.domain.com service=lmtp auth: Debug: static(user@dev.domain.com): lookup auth: Debug: password(user@dev.domain.com): Credentials: auth: Debug: master out: PASS 2 user=user@dev.domain.com proxy lmtp(21249): Debug: auth input: user=user@dev.domain.com proxy host=192.168.12.205 proxy_refresh=450 lmtp(21249): Error: lmtp client: connect(192.168.12.205, 0) failed: Connection refused
If I add port 1234 to postfix/master.cf in the backend dovecot server, I'd get:
Postfix log: postfix/lmtp[21334]: 45D434502C4: to=<user@dev.domain.com>, relay= proxy.domain.com[private/dovecot-lmtp], delay=457, delays=457/0.03/0.01/0.02, dsn=4.5.2, status=deferred (host proxy.domain.com[private/dovecot-lmtp] said: 402 4.5.2 Error: command not recognized (in reply to end of DATA command))
Dovecot log: lmtp(21297): Debug: none: root=, index=, control=, inbox= auth: Debug: Loading modules from directory: /usr/local/lib/dovecot/auth auth: Debug: master in: PASS 1 user@dev.domain.com service=lmtp auth: Debug: static(user@dev.domain.com): lookup auth: Debug: password(user@dev.domain.com): Credentials: auth: Debug: master out: PASS 1 user=user@dev.domain.com proxy port=1234 lmtp(21297): Debug: auth input: user=user@dev.domain.com proxy port=1234 host=192.168.12.205 proxy_refresh=450 lmtp(21297): Error: lmtp client: connect(192.168.12.205, 1234) failed: Connection refused
On 5.10.2010, at 2.11, Edward Carraro wrote:
I added this to "10-director.conf" on the proxy server only (correct spot?)
protocol lmtp { passdb { driver = static args = proxy=y nopassword=y port=1234 } } .. lmtp(21297): Error: lmtp client: connect(192.168.12.205, 1234) failed: Connection refused
Well, you'd of course replace the 1234 with the actual LMTP port that the backend is listening on. There is no default port assigned for LMTP, so I don't know what you've used. Or have you added any inet_listener to LMTP at all?
Well, you'd of course replace the 1234 with the actual LMTP port that the backend is listening on. There is no default port assigned for LMTP, so I don't know what you've used. Or have you added any inet_listener to LMTP at all?
wasnt using inet_listener since I was using UNIX sockets
Switching to inet_listener and changing port to 24 on the proxy
10-master.conf
service lmtp { #unix_listener /var/spool/postfix/private/dovecot-lmtp { #group = postfix #mode = 0666 #user = postfix #}
# Create inet listener only if you can't use the above UNIX socket inet_listener lmtp { port = 24 } }
postfix/main.cf virtual_transport = lmtp:om005pp1:24 #lmtp:hostname:port - om005pp1 is the proxy itself mailbox_transport = lmtp:om005pp1:24
Postfix shows
postfix/lmtp[21872]: C23824502C4: to=<user@dev.domain.com>, relay=om005pp1[192.168.12.204]:24, delay=0.06, delays=0.02/0.01/0.01/0.03, dsn=4.5.2, status=deferred (host om005pp1[192.168.12.204] said: 402 4.5.2 Error: command not recognized (in reply to end of DATA command))
postfix/master.cf on the backend dovecot is 24 inet n - n - - smtpd
when postfix/master.cf on the backend dovecot is 24 inet n - n - - lmtp
proxy postfix shows
postfix/lmtp[21971]: 86CD04502C4: to=<user@dev.domain.com>, relay=om005pp1[192.168.12.204]:24, delay=30, delays=0.02/0.01/0.01/30, dsn=4.4.0, status=deferred (host om005pp1[192.168.12.204] said: 451 4.4.0 Remote server not answering (DATA output timeout) (in reply to end of DATA command))
Working now...
I enabled port 24 in dovecot on both proxy and backend (previously i was just telling postfix to listen to port 24 on the backend server) -- Confirmed lmtp on 24 was working on both servers by telnet localhost 24 (220 Dovecot LMTP ready response)
here are my settings
proxy is using inet for LMTP
dovecot/conf/10-master.conf service lmtp { unix_listener lmtp { #mode = 0666 }
# Create inet listener only if you can't use the above UNIX socket inet_listener lmtp { port = 24 } }
postfix/main.cf
virtual_transport = lmtp:localhost mailbox_transport = lmtp:localhost
backend is also inet (to receive) and unix socket (to deliver locally)
dovecot/conf/10-master.conf service lmtp { unix_listener lmtp { #mode = 0666 }
unix_listener /var/spool/postfix/private/dovecot-lmtp { group = postfix # mode = 0660 user = postfix }
# Create inet listener only if you can't use the above UNIX socket inet_listener lmtp { port = 24 } }
postfix/main.cf virtual_transport = lmtp:unix:private/dovecot-lmtp mailbox_transport = lmtp:unix:private/dovecot-lmtp
postfix/master.cf removed: 24 inet n - n - - lmtp
participants (2)
-
Edward Carraro
-
Timo Sirainen