[Dovecot] Dovecot SASL

newer
[Dovecot] ZFS Index corruption and...

older
[Dovecot] BUG Dovecot 1.0.15 and...

Tseveendorj Ochirlantuu

15 Jun 2010 15 Jun '10

4:08 p.m.

Dear All,

I've installed Postfix 2.7.0 and Dovecot 1.2.9 on Ubuntu 10.04. I want to use Dovecot SASL with Postfix and did the following configuration.

main.cf

smtpd_sasl_auth_enable = yes smtpd_sasl_type = dovecot smtpd_sasl_path = private/dovecot-auth smtpd_sasl_authenticated_header = yes smtpd_sasl_security_options = noanonymous smtpd_sasl_local_domain = $myhostname broken_sasl_auth_clients = yes smtpd_recipient_restrictions = reject_unknown_sender_domain, reject_unknown_recipient_domain, reject_unauth_pipelining, permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination

/etc/dovecot/auth.d/01-dovecot-postfix.auth

mechanisms = plain login socket listen { client { path = /var/spool/postfix/private/dovecot-auth mode = 0660 user = postfix group = postfix } }

I did not see AUTH in the telnet connection.

EHLO mail.domain.mn 250-ns1.domain.mn 250-PIPELINING 250-SIZE 10240000 250-VRFY 250-ETRN 250-STARTTLS 250-ENHANCEDSTATUSCODES 250-8BITMIME 250 DSN

How to solvet this ?

Best regards, Tseveen

Show replies by date

Pascal Volk

15 Jun 15 Jun

4:31 p.m.

On 06/15/2010 03:08 PM Tseveendorj Ochirlantuu wrote:

...

Dear All,

I've installed Postfix 2.7.0 and Dovecot 1.2.9 on Ubuntu 10.04. I want to use Dovecot SASL with Postfix and did the following configuration.

main.cf

smtpd_sasl_auth_enable = yes smtpd_sasl_type = dovecot smtpd_sasl_path = private/dovecot-auth smtpd_sasl_authenticated_header = yes smtpd_sasl_security_options = noanonymous smtpd_sasl_local_domain = $myhostname broken_sasl_auth_clients = yes smtpd_recipient_restrictions = reject_unknown_sender_domain, reject_unknown_recipient_domain, reject_unauth_pipelining, permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination

/etc/dovecot/auth.d/01-dovecot-postfix.auth

mechanisms = plain login socket listen { client { path = /var/spool/postfix/private/dovecot-auth mode = 0660 user = postfix group = postfix } }

I did not see AUTH in the telnet connection.

EHLO mail.domain.mn 250-ns1.domain.mn 250-PIPELINING 250-SIZE 10240000 250-VRFY 250-ETRN 250-STARTTLS ^^^^^^^^^^^^^^^ 250-ENHANCEDSTATUSCODES 250-8BITMIME 250 DSN

How to solvet this ?

Always send postconf -n output for Postfix related stuff, for Dovecot related stuff include always doveconf -n || dovecot -n output.

Either start your SSL-session or allow plaintext auth in your Dovecot configuration.

Regards, Pascal

The trapper recommends today: fabaceae.1016615@localdomain.org

Tseveendorj Ochirlantuu

4:40 p.m.

Dear Pascal

Sorry for forgetting required thing. Please see the dovecot -n follow

# 1.2.9: /etc/dovecot/dovecot.conf # OS: Linux 2.6.32-22-server x86_64 Ubuntu 10.04 LTS log_timestamp: %Y-%m-%d %H:%M:%S protocols: imap pop3 imaps pop3s managesieve ssl_cert_file: /etc/ssl/certs/ssl-mail.pem ssl_key_file: /etc/ssl/private/ssl-mail.key ssl_cipher_list: ALL:!LOW:!SSLv2:ALL:!aNULL:!ADH:!eNULL:!EXP:RC4+RSA:+HIGH:+MEDIUM login_dir: /var/run/dovecot/login login_executable(default): /usr/lib/dovecot/imap-login login_executable(imap): /usr/lib/dovecot/imap-login login_executable(pop3): /usr/lib/dovecot/pop3-login login_executable(managesieve): /usr/lib/dovecot/managesieve-login mail_privileged_group: mail mail_location: maildir:~/Maildir mbox_write_locks: fcntl dotlock mail_executable(default): /usr/lib/dovecot/imap mail_executable(imap): /usr/lib/dovecot/imap mail_executable(pop3): /usr/lib/dovecot/pop3 mail_executable(managesieve): /usr/lib/dovecot/managesieve mail_plugin_dir(default): /usr/lib/dovecot/modules/imap mail_plugin_dir(imap): /usr/lib/dovecot/modules/imap mail_plugin_dir(pop3): /usr/lib/dovecot/modules/pop3 mail_plugin_dir(managesieve): /usr/lib/dovecot/modules/managesieve imap_client_workarounds(default): outlook-idle delay-newmail imap_client_workarounds(imap): outlook-idle delay-newmail imap_client_workarounds(pop3): imap_client_workarounds(managesieve): pop3_client_workarounds(default): pop3_client_workarounds(imap): pop3_client_workarounds(pop3): outlook-no-nuls oe-ns-eoh pop3_client_workarounds(managesieve): lda: postmaster_address: postmaster mail_plugins: cmusieve quota_full_tempfail: yes deliver_log_format: msgid=%m: %$ rejection_reason: Your message to <%t> was automatically rejected:%n%r auth default: mechanisms: plain login passdb: driver: pam userdb: driver: passwd socket: type: listen client: path: /var/spool/postfix/private/dovecot-auth mode: 432 user: postfix group: postfix plugin: sieve: ~/.dovecot.sieve sieve_dir: ~/sieve

Best regards, Tseveen

On Tue, Jun 15, 2010 at 10:31 PM, Pascal Volk < user+dovecot@localhost.localdomain.orguser%2Bdovecot@localhost.localdomain.org

...

wrote:

...

On 06/15/2010 03:08 PM Tseveendorj Ochirlantuu wrote:

...
Dear All,

I've installed Postfix 2.7.0 and Dovecot 1.2.9 on Ubuntu 10.04. I want to use Dovecot SASL with Postfix and did the following configuration.

main.cf

smtpd_sasl_auth_enable = yes smtpd_sasl_type = dovecot smtpd_sasl_path = private/dovecot-auth smtpd_sasl_authenticated_header = yes smtpd_sasl_security_options = noanonymous smtpd_sasl_local_domain = $myhostname broken_sasl_auth_clients = yes smtpd_recipient_restrictions = reject_unknown_sender_domain, reject_unknown_recipient_domain, reject_unauth_pipelining, permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination

/etc/dovecot/auth.d/01-dovecot-postfix.auth

mechanisms = plain login socket listen { client { path = /var/spool/postfix/private/dovecot-auth mode = 0660 user = postfix group = postfix } }

I did not see AUTH in the telnet connection.

EHLO mail.domain.mn 250-ns1.domain.mn 250-PIPELINING 250-SIZE 10240000 250-VRFY 250-ETRN 250-STARTTLS ^^^^^^^^^^^^^^^ 250-ENHANCEDSTATUSCODES 250-8BITMIME 250 DSN

How to solvet this ?

Always send postconf -n output for Postfix related stuff, for Dovecot related stuff include always doveconf -n || dovecot -n output.

Either start your SSL-session or allow plaintext auth in your Dovecot configuration.

Regards, Pascal

The trapper recommends today: fabaceae.1016615@localdomain.org

Pascal Volk

4:48 p.m.

On 06/15/2010 03:40 PM Tseveendorj Ochirlantuu wrote:

...

Dear Pascal

Sorry for forgetting required thing. Please see the dovecot -n follow

# 1.2.9: /etc/dovecot/dovecot.conf # OS: Linux 2.6.32-22-server x86_64 Ubuntu 10.04 LTS log_timestamp: %Y-%m-%d %H:%M:%S protocols: imap pop3 imaps pop3s managesieve ssl_cert_file: /etc/ssl/certs/ssl-mail.pem ssl_key_file: /etc/ssl/private/ssl-mail.key ssl_cipher_list: ALL:!LOW:!SSLv2:ALL:!aNULL:!ADH:!eNULL:!EXP:RC4+RSA:+HIGH:+MEDIUM login_dir: /var/run/dovecot/login login_executable(default): /usr/lib/dovecot/imap-login login_executable(imap): /usr/lib/dovecot/imap-login login_executable(pop3): /usr/lib/dovecot/pop3-login login_executable(managesieve): /usr/lib/dovecot/managesieve-login mail_privileged_group: mail mail_location: maildir:~/Maildir mbox_write_locks: fcntl dotlock mail_executable(default): /usr/lib/dovecot/imap mail_executable(imap): /usr/lib/dovecot/imap mail_executable(pop3): /usr/lib/dovecot/pop3 mail_executable(managesieve): /usr/lib/dovecot/managesieve mail_plugin_dir(default): /usr/lib/dovecot/modules/imap mail_plugin_dir(imap): /usr/lib/dovecot/modules/imap mail_plugin_dir(pop3): /usr/lib/dovecot/modules/pop3 mail_plugin_dir(managesieve): /usr/lib/dovecot/modules/managesieve imap_client_workarounds(default): outlook-idle delay-newmail imap_client_workarounds(imap): outlook-idle delay-newmail imap_client_workarounds(pop3): imap_client_workarounds(managesieve): pop3_client_workarounds(default): pop3_client_workarounds(imap): pop3_client_workarounds(pop3): outlook-no-nuls oe-ns-eoh pop3_client_workarounds(managesieve): lda: postmaster_address: postmaster mail_plugins: cmusieve ^^^^^^^^

Please read: file:///usr/share/doc/dovecot-common/README.Debian http://wiki.dovecot.org/Upgrading/1.2

...

quota_full_tempfail: yes deliver_log_format: msgid=%m: %$ rejection_reason: Your message to <%t> was automatically rejected:%n%r auth default: mechanisms: plain login passdb: driver: pam userdb: driver: passwd socket: type: listen client: path: /var/spool/postfix/private/dovecot-auth mode: 432 user: postfix group: postfix plugin: sieve: ~/.dovecot.sieve sieve_dir: ~/sieve

Best regards, Tseveen

On Tue, Jun 15, 2010 at 10:31 PM, Pascal Volk < user+dovecot@localhost.localdomain.orguser%2Bdovecot@localhost.localdomain.org

...
wrote:

...
I did not see AUTH in the telnet connection.

EHLO mail.domain.mn 250-ns1.domain.mn 250-PIPELINING 250-SIZE 10240000 250-VRFY 250-ETRN 250-STARTTLS

^^^^^^^^^^^^^^^

...
250-ENHANCEDSTATUSCODES 250-8BITMIME 250 DSN

How to solvet this ?

Either start your SSL-session or allow plaintext auth in your Dovecot configuration.

Please stop top-posting.

Your dovecot -n output doesn't include the disable_plaintext_auth setting. So disable_plaintext_auth is configured to its default: yes

When disable_plaintext_auth=yes, you can't authenticate plain or login, until you've secured the connection with the STARTTLS command.

Regards, Pascal

The trapper recommends today: fabaceae.1016615@localdomain.org

Tseveendorj Ochirlantuu

17 Jun 17 Jun

3:32 p.m.

On Tue, Jun 15, 2010 at 9:48 PM, Pascal Volk < user+dovecot@localhost.localdomain.orguser%2Bdovecot@localhost.localdomain.org

...

wrote:

...

On 06/15/2010 03:40 PM Tseveendorj Ochirlantuu wrote:

...
Dear Pascal

Sorry for forgetting required thing. Please see the dovecot -n follow

# 1.2.9: /etc/dovecot/dovecot.conf # OS: Linux 2.6.32-22-server x86_64 Ubuntu 10.04 LTS log_timestamp: %Y-%m-%d %H:%M:%S protocols: imap pop3 imaps pop3s managesieve ssl_cert_file: /etc/ssl/certs/ssl-mail.pem ssl_key_file: /etc/ssl/private/ssl-mail.key ssl_cipher_list: ALL:!LOW:!SSLv2:ALL:!aNULL:!ADH:!eNULL:!EXP:RC4+RSA:+HIGH:+MEDIUM login_dir: /var/run/dovecot/login login_executable(default): /usr/lib/dovecot/imap-login login_executable(imap): /usr/lib/dovecot/imap-login login_executable(pop3): /usr/lib/dovecot/pop3-login login_executable(managesieve): /usr/lib/dovecot/managesieve-login mail_privileged_group: mail mail_location: maildir:~/Maildir mbox_write_locks: fcntl dotlock mail_executable(default): /usr/lib/dovecot/imap mail_executable(imap): /usr/lib/dovecot/imap mail_executable(pop3): /usr/lib/dovecot/pop3 mail_executable(managesieve): /usr/lib/dovecot/managesieve mail_plugin_dir(default): /usr/lib/dovecot/modules/imap mail_plugin_dir(imap): /usr/lib/dovecot/modules/imap mail_plugin_dir(pop3): /usr/lib/dovecot/modules/pop3 mail_plugin_dir(managesieve): /usr/lib/dovecot/modules/managesieve imap_client_workarounds(default): outlook-idle delay-newmail imap_client_workarounds(imap): outlook-idle delay-newmail imap_client_workarounds(pop3): imap_client_workarounds(managesieve): pop3_client_workarounds(default): pop3_client_workarounds(imap): pop3_client_workarounds(pop3): outlook-no-nuls oe-ns-eoh pop3_client_workarounds(managesieve): lda: postmaster_address: postmaster mail_plugins: cmusieve ^^^^^^^^

Please read: file:///usr/share/doc/dovecot-common/README.Debian http://wiki.dovecot.org/Upgrading/1.2

...
quota_full_tempfail: yes deliver_log_format: msgid=%m: %$ rejection_reason: Your message to <%t> was automatically rejected:%n%r auth default: mechanisms: plain login passdb: driver: pam userdb: driver: passwd socket: type: listen client: path: /var/spool/postfix/private/dovecot-auth mode: 432 user: postfix group: postfix plugin: sieve: ~/.dovecot.sieve sieve_dir: ~/sieve

Best regards, Tseveen

On Tue, Jun 15, 2010 at 10:31 PM, Pascal Volk < user+dovecot@localhost.localdomain.orguser%2Bdovecot@localhost.localdomain.org user%252Bdovecot@localhost.localdomain.org

...
wrote:

...
I did not see AUTH in the telnet connection.

EHLO mail.domain.mn 250-ns1.domain.mn 250-PIPELINING 250-SIZE 10240000 250-VRFY 250-ETRN 250-STARTTLS

^^^^^^^^^^^^^^^

...
250-ENHANCEDSTATUSCODES 250-8BITMIME 250 DSN

How to solvet this ?

Either start your SSL-session or allow plaintext auth in your Dovecot configuration.

Please stop top-posting.

Your dovecot -n output doesn't include the disable_plaintext_auth setting. So disable_plaintext_auth is configured to its default: yes

When disable_plaintext_auth=yes, you can't authenticate plain or login, until you've secured the connection with the STARTTLS command.

Regards, Pascal

The trapper recommends today: fabaceae.1016615@localdomain.org

disable_plaintext_auth is already set yes in /etc/dovecot/conf.d/01-dovecot-postfix.conf. why it didn't appear.

Today I just upgraded dovecot please see the dovecot -n below.

# 1.2.9: /etc/dovecot/dovecot.conf # OS: Linux 2.6.32-22-server x86_64 Ubuntu 10.04 LTS log_timestamp: %Y-%m-%d %H:%M:%S protocols: imap pop3 imaps pop3s managesieve ssl_cert_file: /etc/ssl/certs/ssl-mail.pem ssl_key_file: /etc/ssl/private/ssl-mail.key ssl_cipher_list: ALL:!LOW:!SSLv2:ALL:!aNULL:!ADH:!eNULL:!EXP:RC4+RSA:+HIGH:+MEDIUM login_dir: /var/run/dovecot/login login_executable(default): /usr/lib/dovecot/imap-login login_executable(imap): /usr/lib/dovecot/imap-login login_executable(pop3): /usr/lib/dovecot/pop3-login login_executable(managesieve): /usr/lib/dovecot/managesieve-login mail_privileged_group: mail mail_location: maildir:~/Maildir mbox_write_locks: fcntl dotlock mail_executable(default): /usr/lib/dovecot/imap mail_executable(imap): /usr/lib/dovecot/imap mail_executable(pop3): /usr/lib/dovecot/pop3 mail_executable(managesieve): /usr/lib/dovecot/managesieve mail_plugin_dir(default): /usr/lib/dovecot/modules/imap mail_plugin_dir(imap): /usr/lib/dovecot/modules/imap mail_plugin_dir(pop3): /usr/lib/dovecot/modules/pop3 mail_plugin_dir(managesieve): /usr/lib/dovecot/modules/managesieve imap_client_workarounds(default): outlook-idle delay-newmail imap_client_workarounds(imap): outlook-idle delay-newmail imap_client_workarounds(pop3): imap_client_workarounds(managesieve): pop3_client_workarounds(default): pop3_client_workarounds(imap): pop3_client_workarounds(pop3): outlook-no-nuls oe-ns-eoh pop3_client_workarounds(managesieve): lda: postmaster_address: postmaster mail_plugins: sieve quota_full_tempfail: yes deliver_log_format: msgid=%m: %$ rejection_reason: Your message to <%t> was automatically rejected:%n%r auth default: mechanisms: plain login passdb: driver: pam userdb: driver: passwd socket: type: listen client: path: /var/spool/postfix/private/dovecot-auth mode: 432 user: postfix group: postfix plugin: sieve: ~/.dovecot.sieve sieve_dir: ~/sieve

Pascal Volk

4:30 p.m.

On 06/17/2010 02:32 PM Tseveendorj Ochirlantuu wrote:

...

disable_plaintext_auth is already set yes in /etc/dovecot/conf.d/01-dovecot-postfix.conf. why it didn't appear.

Today I just upgraded dovecot please see the dovecot -n below.

# 1.2.9: /etc/dovecot/dovecot.conf # OS: Linux 2.6.32-22-server x86_64 Ubuntu 10.04 LTS log_timestamp: %Y-%m-%d %H:%M:%S protocols: imap pop3 imaps pop3s managesieve ssl_cert_file: /etc/ssl/certs/ssl-mail.pem ssl_key_file: /etc/ssl/private/ssl-mail.key ssl_cipher_list: ALL:!LOW:!SSLv2:ALL:!aNULL:!ADH:!eNULL:!EXP:RC4+RSA:+HIGH:+MEDIUM login_dir: /var/run/dovecot/login login_executable(default): /usr/lib/dovecot/imap-login login_executable(imap): /usr/lib/dovecot/imap-login login_executable(pop3): /usr/lib/dovecot/pop3-login login_executable(managesieve): /usr/lib/dovecot/managesieve-login mail_privileged_group: mail mail_location: maildir:~/Maildir mbox_write_locks: fcntl dotlock mail_executable(default): /usr/lib/dovecot/imap mail_executable(imap): /usr/lib/dovecot/imap mail_executable(pop3): /usr/lib/dovecot/pop3 mail_executable(managesieve): /usr/lib/dovecot/managesieve mail_plugin_dir(default): /usr/lib/dovecot/modules/imap mail_plugin_dir(imap): /usr/lib/dovecot/modules/imap mail_plugin_dir(pop3): /usr/lib/dovecot/modules/pop3 mail_plugin_dir(managesieve): /usr/lib/dovecot/modules/managesieve imap_client_workarounds(default): outlook-idle delay-newmail imap_client_workarounds(imap): outlook-idle delay-newmail imap_client_workarounds(pop3): imap_client_workarounds(managesieve): pop3_client_workarounds(default): pop3_client_workarounds(imap): pop3_client_workarounds(pop3): outlook-no-nuls oe-ns-eoh pop3_client_workarounds(managesieve): lda: postmaster_address: postmaster mail_plugins: sieve quota_full_tempfail: yes deliver_log_format: msgid=%m: %$ rejection_reason: Your message to <%t> was automatically rejected:%n%r auth default: mechanisms: plain login passdb: driver: pam userdb: driver: passwd socket: type: listen client: path: /var/spool/postfix/private/dovecot-auth mode: 432 user: postfix group: postfix plugin: sieve: ~/.dovecot.sieve sieve_dir: ~/sieve

By default the disable_plaintext_auth setting is set to yes. dovecot -n reports only non-default settings. So when you set disable_plaintext_auth to yes (its default value) in your dovecot.conf and run dovecot -n | grep disable_plaintext_auth, you will see nothing.

With Dovecot v2.0 you can use doveconf -N, to see non-default + explicit configured default settings.

Back to disable_plaintext_auth: Let me copy and paste from the dovecot.conf: # Disable LOGIN command and all other plaintext authentications unless # SSL/TLS is used (LOGINDISABLED capability). Note that if the remote IP # matches the local IP (ie. you're connecting from the same computer), the # connection is considered secure and plaintext authentication is allowed. #disable_plaintext_auth = yes

You can't use palintext authentication, as long plaintext auth is disabled.

Regards, Pascal

The trapper recommends today: c01dcofe.1016815@localdomain.org

5272

Age (days ago)

5274

Last active (days ago)

List overview

5 comments

2 participants

participants (2)

Pascal Volk
Tseveendorj Ochirlantuu