[Dovecot] Dovecot SASL
Dear All,
I've installed Postfix 2.7.0 and Dovecot 1.2.9 on Ubuntu 10.04. I want to use Dovecot SASL with Postfix and did the following configuration.
main.cf
smtpd_sasl_auth_enable = yes smtpd_sasl_type = dovecot smtpd_sasl_path = private/dovecot-auth smtpd_sasl_authenticated_header = yes smtpd_sasl_security_options = noanonymous smtpd_sasl_local_domain = $myhostname broken_sasl_auth_clients = yes smtpd_recipient_restrictions = reject_unknown_sender_domain, reject_unknown_recipient_domain, reject_unauth_pipelining, permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination
/etc/dovecot/auth.d/01-dovecot-postfix.auth
mechanisms = plain login socket listen { client { path = /var/spool/postfix/private/dovecot-auth mode = 0660 user = postfix group = postfix } }
I did not see AUTH in the telnet connection.
EHLO mail.domain.mn 250-ns1.domain.mn 250-PIPELINING 250-SIZE 10240000 250-VRFY 250-ETRN 250-STARTTLS 250-ENHANCEDSTATUSCODES 250-8BITMIME 250 DSN
How to solvet this ?
Best regards, Tseveen
On 06/15/2010 03:08 PM Tseveendorj Ochirlantuu wrote:
Dear All,
I've installed Postfix 2.7.0 and Dovecot 1.2.9 on Ubuntu 10.04. I want to use Dovecot SASL with Postfix and did the following configuration.
main.cf
smtpd_sasl_auth_enable = yes smtpd_sasl_type = dovecot smtpd_sasl_path = private/dovecot-auth smtpd_sasl_authenticated_header = yes smtpd_sasl_security_options = noanonymous smtpd_sasl_local_domain = $myhostname broken_sasl_auth_clients = yes smtpd_recipient_restrictions = reject_unknown_sender_domain, reject_unknown_recipient_domain, reject_unauth_pipelining, permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination
/etc/dovecot/auth.d/01-dovecot-postfix.auth
mechanisms = plain login socket listen { client { path = /var/spool/postfix/private/dovecot-auth mode = 0660 user = postfix group = postfix } }
I did not see AUTH in the telnet connection.
EHLO mail.domain.mn 250-ns1.domain.mn 250-PIPELINING 250-SIZE 10240000 250-VRFY 250-ETRN 250-STARTTLS ^^^^^^^^^^^^^^^ 250-ENHANCEDSTATUSCODES 250-8BITMIME 250 DSN
How to solvet this ?
Always send postconf -n
output for Postfix related stuff, for Dovecot
related stuff include always doveconf -n
|| dovecot -n
output.
Either start your SSL-session or allow plaintext auth in your Dovecot configuration.
Regards, Pascal
The trapper recommends today: fabaceae.1016615@localdomain.org
Dear Pascal
Sorry for forgetting required thing. Please see the dovecot -n follow
# 1.2.9: /etc/dovecot/dovecot.conf # OS: Linux 2.6.32-22-server x86_64 Ubuntu 10.04 LTS log_timestamp: %Y-%m-%d %H:%M:%S protocols: imap pop3 imaps pop3s managesieve ssl_cert_file: /etc/ssl/certs/ssl-mail.pem ssl_key_file: /etc/ssl/private/ssl-mail.key ssl_cipher_list: ALL:!LOW:!SSLv2:ALL:!aNULL:!ADH:!eNULL:!EXP:RC4+RSA:+HIGH:+MEDIUM login_dir: /var/run/dovecot/login login_executable(default): /usr/lib/dovecot/imap-login login_executable(imap): /usr/lib/dovecot/imap-login login_executable(pop3): /usr/lib/dovecot/pop3-login login_executable(managesieve): /usr/lib/dovecot/managesieve-login mail_privileged_group: mail mail_location: maildir:~/Maildir mbox_write_locks: fcntl dotlock mail_executable(default): /usr/lib/dovecot/imap mail_executable(imap): /usr/lib/dovecot/imap mail_executable(pop3): /usr/lib/dovecot/pop3 mail_executable(managesieve): /usr/lib/dovecot/managesieve mail_plugin_dir(default): /usr/lib/dovecot/modules/imap mail_plugin_dir(imap): /usr/lib/dovecot/modules/imap mail_plugin_dir(pop3): /usr/lib/dovecot/modules/pop3 mail_plugin_dir(managesieve): /usr/lib/dovecot/modules/managesieve imap_client_workarounds(default): outlook-idle delay-newmail imap_client_workarounds(imap): outlook-idle delay-newmail imap_client_workarounds(pop3): imap_client_workarounds(managesieve): pop3_client_workarounds(default): pop3_client_workarounds(imap): pop3_client_workarounds(pop3): outlook-no-nuls oe-ns-eoh pop3_client_workarounds(managesieve): lda: postmaster_address: postmaster mail_plugins: cmusieve quota_full_tempfail: yes deliver_log_format: msgid=%m: %$ rejection_reason: Your message to <%t> was automatically rejected:%n%r auth default: mechanisms: plain login passdb: driver: pam userdb: driver: passwd socket: type: listen client: path: /var/spool/postfix/private/dovecot-auth mode: 432 user: postfix group: postfix plugin: sieve: ~/.dovecot.sieve sieve_dir: ~/sieve
Best regards, Tseveen
On Tue, Jun 15, 2010 at 10:31 PM, Pascal Volk < user+dovecot@localhost.localdomain.org<user%2Bdovecot@localhost.localdomain.org>
wrote:
On 06/15/2010 03:08 PM Tseveendorj Ochirlantuu wrote:
Dear All,
I've installed Postfix 2.7.0 and Dovecot 1.2.9 on Ubuntu 10.04. I want to use Dovecot SASL with Postfix and did the following configuration.
main.cf
smtpd_sasl_auth_enable = yes smtpd_sasl_type = dovecot smtpd_sasl_path = private/dovecot-auth smtpd_sasl_authenticated_header = yes smtpd_sasl_security_options = noanonymous smtpd_sasl_local_domain = $myhostname broken_sasl_auth_clients = yes smtpd_recipient_restrictions = reject_unknown_sender_domain, reject_unknown_recipient_domain, reject_unauth_pipelining, permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination
/etc/dovecot/auth.d/01-dovecot-postfix.auth
mechanisms = plain login socket listen { client { path = /var/spool/postfix/private/dovecot-auth mode = 0660 user = postfix group = postfix } }
I did not see AUTH in the telnet connection.
EHLO mail.domain.mn 250-ns1.domain.mn 250-PIPELINING 250-SIZE 10240000 250-VRFY 250-ETRN 250-STARTTLS ^^^^^^^^^^^^^^^ 250-ENHANCEDSTATUSCODES 250-8BITMIME 250 DSN
How to solvet this ?
Always send
postconf -n
output for Postfix related stuff, for Dovecot related stuff include alwaysdoveconf -n
||dovecot -n
output.Either start your SSL-session or allow plaintext auth in your Dovecot configuration.
Regards, Pascal
The trapper recommends today: fabaceae.1016615@localdomain.org
On 06/15/2010 03:40 PM Tseveendorj Ochirlantuu wrote:
Dear Pascal
Sorry for forgetting required thing. Please see the dovecot -n follow
# 1.2.9: /etc/dovecot/dovecot.conf # OS: Linux 2.6.32-22-server x86_64 Ubuntu 10.04 LTS log_timestamp: %Y-%m-%d %H:%M:%S protocols: imap pop3 imaps pop3s managesieve ssl_cert_file: /etc/ssl/certs/ssl-mail.pem ssl_key_file: /etc/ssl/private/ssl-mail.key ssl_cipher_list: ALL:!LOW:!SSLv2:ALL:!aNULL:!ADH:!eNULL:!EXP:RC4+RSA:+HIGH:+MEDIUM login_dir: /var/run/dovecot/login login_executable(default): /usr/lib/dovecot/imap-login login_executable(imap): /usr/lib/dovecot/imap-login login_executable(pop3): /usr/lib/dovecot/pop3-login login_executable(managesieve): /usr/lib/dovecot/managesieve-login mail_privileged_group: mail mail_location: maildir:~/Maildir mbox_write_locks: fcntl dotlock mail_executable(default): /usr/lib/dovecot/imap mail_executable(imap): /usr/lib/dovecot/imap mail_executable(pop3): /usr/lib/dovecot/pop3 mail_executable(managesieve): /usr/lib/dovecot/managesieve mail_plugin_dir(default): /usr/lib/dovecot/modules/imap mail_plugin_dir(imap): /usr/lib/dovecot/modules/imap mail_plugin_dir(pop3): /usr/lib/dovecot/modules/pop3 mail_plugin_dir(managesieve): /usr/lib/dovecot/modules/managesieve imap_client_workarounds(default): outlook-idle delay-newmail imap_client_workarounds(imap): outlook-idle delay-newmail imap_client_workarounds(pop3): imap_client_workarounds(managesieve): pop3_client_workarounds(default): pop3_client_workarounds(imap): pop3_client_workarounds(pop3): outlook-no-nuls oe-ns-eoh pop3_client_workarounds(managesieve): lda: postmaster_address: postmaster mail_plugins: cmusieve ^^^^^^^^
Please read: file:///usr/share/doc/dovecot-common/README.Debian http://wiki.dovecot.org/Upgrading/1.2
quota_full_tempfail: yes deliver_log_format: msgid=%m: %$ rejection_reason: Your message to <%t> was automatically rejected:%n%r auth default: mechanisms: plain login passdb: driver: pam userdb: driver: passwd socket: type: listen client: path: /var/spool/postfix/private/dovecot-auth mode: 432 user: postfix group: postfix plugin: sieve: ~/.dovecot.sieve sieve_dir: ~/sieve
Best regards, Tseveen
On Tue, Jun 15, 2010 at 10:31 PM, Pascal Volk < user+dovecot@localhost.localdomain.org<user%2Bdovecot@localhost.localdomain.org>
wrote:
I did not see AUTH in the telnet connection.
EHLO mail.domain.mn 250-ns1.domain.mn 250-PIPELINING 250-SIZE 10240000 250-VRFY 250-ETRN 250-STARTTLS
^^^^^^^^^^^^^^^
250-ENHANCEDSTATUSCODES 250-8BITMIME 250 DSN
How to solvet this ?
Either start your SSL-session or allow plaintext auth in your Dovecot configuration.
Please stop top-posting.
Your dovecot -n
output doesn't include the disable_plaintext_auth
setting. So disable_plaintext_auth is configured to its default: yes
When disable_plaintext_auth=yes, you can't authenticate plain or login, until you've secured the connection with the STARTTLS command.
Regards, Pascal
The trapper recommends today: fabaceae.1016615@localdomain.org
On Tue, Jun 15, 2010 at 9:48 PM, Pascal Volk < user+dovecot@localhost.localdomain.org<user%2Bdovecot@localhost.localdomain.org>
wrote:
On 06/15/2010 03:40 PM Tseveendorj Ochirlantuu wrote:
Dear Pascal
Sorry for forgetting required thing. Please see the dovecot -n follow
# 1.2.9: /etc/dovecot/dovecot.conf # OS: Linux 2.6.32-22-server x86_64 Ubuntu 10.04 LTS log_timestamp: %Y-%m-%d %H:%M:%S protocols: imap pop3 imaps pop3s managesieve ssl_cert_file: /etc/ssl/certs/ssl-mail.pem ssl_key_file: /etc/ssl/private/ssl-mail.key ssl_cipher_list: ALL:!LOW:!SSLv2:ALL:!aNULL:!ADH:!eNULL:!EXP:RC4+RSA:+HIGH:+MEDIUM login_dir: /var/run/dovecot/login login_executable(default): /usr/lib/dovecot/imap-login login_executable(imap): /usr/lib/dovecot/imap-login login_executable(pop3): /usr/lib/dovecot/pop3-login login_executable(managesieve): /usr/lib/dovecot/managesieve-login mail_privileged_group: mail mail_location: maildir:~/Maildir mbox_write_locks: fcntl dotlock mail_executable(default): /usr/lib/dovecot/imap mail_executable(imap): /usr/lib/dovecot/imap mail_executable(pop3): /usr/lib/dovecot/pop3 mail_executable(managesieve): /usr/lib/dovecot/managesieve mail_plugin_dir(default): /usr/lib/dovecot/modules/imap mail_plugin_dir(imap): /usr/lib/dovecot/modules/imap mail_plugin_dir(pop3): /usr/lib/dovecot/modules/pop3 mail_plugin_dir(managesieve): /usr/lib/dovecot/modules/managesieve imap_client_workarounds(default): outlook-idle delay-newmail imap_client_workarounds(imap): outlook-idle delay-newmail imap_client_workarounds(pop3): imap_client_workarounds(managesieve): pop3_client_workarounds(default): pop3_client_workarounds(imap): pop3_client_workarounds(pop3): outlook-no-nuls oe-ns-eoh pop3_client_workarounds(managesieve): lda: postmaster_address: postmaster mail_plugins: cmusieve ^^^^^^^^
Please read: file:///usr/share/doc/dovecot-common/README.Debian http://wiki.dovecot.org/Upgrading/1.2
quota_full_tempfail: yes deliver_log_format: msgid=%m: %$ rejection_reason: Your message to <%t> was automatically rejected:%n%r auth default: mechanisms: plain login passdb: driver: pam userdb: driver: passwd socket: type: listen client: path: /var/spool/postfix/private/dovecot-auth mode: 432 user: postfix group: postfix plugin: sieve: ~/.dovecot.sieve sieve_dir: ~/sieve
Best regards, Tseveen
On Tue, Jun 15, 2010 at 10:31 PM, Pascal Volk < user+dovecot@localhost.localdomain.org<user%2Bdovecot@localhost.localdomain.org> <user%2Bdovecot@localhost.localdomain.org<user%252Bdovecot@localhost.localdomain.org>
wrote:
I did not see AUTH in the telnet connection.
EHLO mail.domain.mn 250-ns1.domain.mn 250-PIPELINING 250-SIZE 10240000 250-VRFY 250-ETRN 250-STARTTLS
^^^^^^^^^^^^^^^
250-ENHANCEDSTATUSCODES 250-8BITMIME 250 DSN
How to solvet this ?
Either start your SSL-session or allow plaintext auth in your Dovecot configuration.
Please stop top-posting.
Your
dovecot -n
output doesn't include the disable_plaintext_auth setting. So disable_plaintext_auth is configured to its default: yesWhen disable_plaintext_auth=yes, you can't authenticate plain or login, until you've secured the connection with the STARTTLS command.
Regards, Pascal
The trapper recommends today: fabaceae.1016615@localdomain.org
disable_plaintext_auth is already set yes in /etc/dovecot/conf.d/01-dovecot-postfix.conf. why it didn't appear.
Today I just upgraded dovecot please see the dovecot -n below.
# 1.2.9: /etc/dovecot/dovecot.conf # OS: Linux 2.6.32-22-server x86_64 Ubuntu 10.04 LTS log_timestamp: %Y-%m-%d %H:%M:%S protocols: imap pop3 imaps pop3s managesieve ssl_cert_file: /etc/ssl/certs/ssl-mail.pem ssl_key_file: /etc/ssl/private/ssl-mail.key ssl_cipher_list: ALL:!LOW:!SSLv2:ALL:!aNULL:!ADH:!eNULL:!EXP:RC4+RSA:+HIGH:+MEDIUM login_dir: /var/run/dovecot/login login_executable(default): /usr/lib/dovecot/imap-login login_executable(imap): /usr/lib/dovecot/imap-login login_executable(pop3): /usr/lib/dovecot/pop3-login login_executable(managesieve): /usr/lib/dovecot/managesieve-login mail_privileged_group: mail mail_location: maildir:~/Maildir mbox_write_locks: fcntl dotlock mail_executable(default): /usr/lib/dovecot/imap mail_executable(imap): /usr/lib/dovecot/imap mail_executable(pop3): /usr/lib/dovecot/pop3 mail_executable(managesieve): /usr/lib/dovecot/managesieve mail_plugin_dir(default): /usr/lib/dovecot/modules/imap mail_plugin_dir(imap): /usr/lib/dovecot/modules/imap mail_plugin_dir(pop3): /usr/lib/dovecot/modules/pop3 mail_plugin_dir(managesieve): /usr/lib/dovecot/modules/managesieve imap_client_workarounds(default): outlook-idle delay-newmail imap_client_workarounds(imap): outlook-idle delay-newmail imap_client_workarounds(pop3): imap_client_workarounds(managesieve): pop3_client_workarounds(default): pop3_client_workarounds(imap): pop3_client_workarounds(pop3): outlook-no-nuls oe-ns-eoh pop3_client_workarounds(managesieve): lda: postmaster_address: postmaster mail_plugins: sieve quota_full_tempfail: yes deliver_log_format: msgid=%m: %$ rejection_reason: Your message to <%t> was automatically rejected:%n%r auth default: mechanisms: plain login passdb: driver: pam userdb: driver: passwd socket: type: listen client: path: /var/spool/postfix/private/dovecot-auth mode: 432 user: postfix group: postfix plugin: sieve: ~/.dovecot.sieve sieve_dir: ~/sieve
On 06/17/2010 02:32 PM Tseveendorj Ochirlantuu wrote:
disable_plaintext_auth is already set yes in /etc/dovecot/conf.d/01-dovecot-postfix.conf. why it didn't appear.
Today I just upgraded dovecot please see the dovecot -n below.
# 1.2.9: /etc/dovecot/dovecot.conf # OS: Linux 2.6.32-22-server x86_64 Ubuntu 10.04 LTS log_timestamp: %Y-%m-%d %H:%M:%S protocols: imap pop3 imaps pop3s managesieve ssl_cert_file: /etc/ssl/certs/ssl-mail.pem ssl_key_file: /etc/ssl/private/ssl-mail.key ssl_cipher_list: ALL:!LOW:!SSLv2:ALL:!aNULL:!ADH:!eNULL:!EXP:RC4+RSA:+HIGH:+MEDIUM login_dir: /var/run/dovecot/login login_executable(default): /usr/lib/dovecot/imap-login login_executable(imap): /usr/lib/dovecot/imap-login login_executable(pop3): /usr/lib/dovecot/pop3-login login_executable(managesieve): /usr/lib/dovecot/managesieve-login mail_privileged_group: mail mail_location: maildir:~/Maildir mbox_write_locks: fcntl dotlock mail_executable(default): /usr/lib/dovecot/imap mail_executable(imap): /usr/lib/dovecot/imap mail_executable(pop3): /usr/lib/dovecot/pop3 mail_executable(managesieve): /usr/lib/dovecot/managesieve mail_plugin_dir(default): /usr/lib/dovecot/modules/imap mail_plugin_dir(imap): /usr/lib/dovecot/modules/imap mail_plugin_dir(pop3): /usr/lib/dovecot/modules/pop3 mail_plugin_dir(managesieve): /usr/lib/dovecot/modules/managesieve imap_client_workarounds(default): outlook-idle delay-newmail imap_client_workarounds(imap): outlook-idle delay-newmail imap_client_workarounds(pop3): imap_client_workarounds(managesieve): pop3_client_workarounds(default): pop3_client_workarounds(imap): pop3_client_workarounds(pop3): outlook-no-nuls oe-ns-eoh pop3_client_workarounds(managesieve): lda: postmaster_address: postmaster mail_plugins: sieve quota_full_tempfail: yes deliver_log_format: msgid=%m: %$ rejection_reason: Your message to <%t> was automatically rejected:%n%r auth default: mechanisms: plain login passdb: driver: pam userdb: driver: passwd socket: type: listen client: path: /var/spool/postfix/private/dovecot-auth mode: 432 user: postfix group: postfix plugin: sieve: ~/.dovecot.sieve sieve_dir: ~/sieve
By default the disable_plaintext_auth setting is set to yes. dovecot -n
reports only non-default settings. So when you set
disable_plaintext_auth to yes (its default value) in your dovecot.conf
and run dovecot -n | grep disable_plaintext_auth
, you will see
nothing.
With Dovecot v2.0 you can use doveconf -N
, to see non-default +
explicit configured default settings.
Back to disable_plaintext_auth: Let me copy and paste from the dovecot.conf: # Disable LOGIN command and all other plaintext authentications unless # SSL/TLS is used (LOGINDISABLED capability). Note that if the remote IP # matches the local IP (ie. you're connecting from the same computer), the # connection is considered secure and plaintext authentication is allowed. #disable_plaintext_auth = yes
You can't use palintext authentication, as long plaintext auth is disabled.
Regards, Pascal
The trapper recommends today: c01dcofe.1016815@localdomain.org
participants (2)
-
Pascal Volk
-
Tseveendorj Ochirlantuu