[Dovecot] Dovecot SASL
Dear All,
I've installed Postfix 2.7.0 and Dovecot 1.2.9 on Ubuntu 10.04. I want to use Dovecot SASL with Postfix and did the following configuration.
main.cf
smtpd_sasl_auth_enable = yes smtpd_sasl_type = dovecot smtpd_sasl_path = private/dovecot-auth smtpd_sasl_authenticated_header = yes smtpd_sasl_security_options = noanonymous smtpd_sasl_local_domain = $myhostname broken_sasl_auth_clients = yes smtpd_recipient_restrictions = reject_unknown_sender_domain, reject_unknown_recipient_domain, reject_unauth_pipelining, permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination
/etc/dovecot/auth.d/01-dovecot-postfix.auth
mechanisms = plain login socket listen { client { path = /var/spool/postfix/private/dovecot-auth mode = 0660 user = postfix group = postfix } }
I did not see AUTH in the telnet connection.
EHLO mail.domain.mn 250-ns1.domain.mn 250-PIPELINING 250-SIZE 10240000 250-VRFY 250-ETRN 250-STARTTLS 250-ENHANCEDSTATUSCODES 250-8BITMIME 250 DSN
How to solvet this ?
Best regards, Tseveen
On 06/15/2010 03:08 PM Tseveendorj Ochirlantuu wrote:
Dear All,
I've installed Postfix 2.7.0 and Dovecot 1.2.9 on Ubuntu 10.04. I want to use Dovecot SASL with Postfix and did the following configuration.
main.cf
smtpd_sasl_auth_enable = yes smtpd_sasl_type = dovecot smtpd_sasl_path = private/dovecot-auth smtpd_sasl_authenticated_header = yes smtpd_sasl_security_options = noanonymous smtpd_sasl_local_domain = $myhostname broken_sasl_auth_clients = yes smtpd_recipient_restrictions = reject_unknown_sender_domain, reject_unknown_recipient_domain, reject_unauth_pipelining, permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination
/etc/dovecot/auth.d/01-dovecot-postfix.auth
mechanisms = plain login socket listen { client { path = /var/spool/postfix/private/dovecot-auth mode = 0660 user = postfix group = postfix } }
I did not see AUTH in the telnet connection.
EHLO mail.domain.mn 250-ns1.domain.mn 250-PIPELINING 250-SIZE 10240000 250-VRFY 250-ETRN 250-STARTTLS ^^^^^^^^^^^^^^^ 250-ENHANCEDSTATUSCODES 250-8BITMIME 250 DSN
How to solvet this ?
Always send postconf -n output for Postfix related stuff, for Dovecot
related stuff include always doveconf -n || dovecot -n output.
Either start your SSL-session or allow plaintext auth in your Dovecot configuration.
Regards, Pascal
The trapper recommends today: fabaceae.1016615@localdomain.org
Dear Pascal
Sorry for forgetting required thing. Please see the dovecot -n follow
1.2.9: /etc/dovecot/dovecot.conf
OS: Linux 2.6.32-22-server x86_64 Ubuntu 10.04 LTS
log_timestamp: %Y-%m-%d %H:%M:%S protocols: imap pop3 imaps pop3s managesieve ssl_cert_file: /etc/ssl/certs/ssl-mail.pem ssl_key_file: /etc/ssl/private/ssl-mail.key ssl_cipher_list: ALL:!LOW:!SSLv2:ALL:!aNULL:!ADH:!eNULL:!EXP:RC4+RSA:+HIGH:+MEDIUM login_dir: /var/run/dovecot/login login_executable(default): /usr/lib/dovecot/imap-login login_executable(imap): /usr/lib/dovecot/imap-login login_executable(pop3): /usr/lib/dovecot/pop3-login login_executable(managesieve): /usr/lib/dovecot/managesieve-login mail_privileged_group: mail mail_location: maildir:~/Maildir mbox_write_locks: fcntl dotlock mail_executable(default): /usr/lib/dovecot/imap mail_executable(imap): /usr/lib/dovecot/imap mail_executable(pop3): /usr/lib/dovecot/pop3 mail_executable(managesieve): /usr/lib/dovecot/managesieve mail_plugin_dir(default): /usr/lib/dovecot/modules/imap mail_plugin_dir(imap): /usr/lib/dovecot/modules/imap mail_plugin_dir(pop3): /usr/lib/dovecot/modules/pop3 mail_plugin_dir(managesieve): /usr/lib/dovecot/modules/managesieve imap_client_workarounds(default): outlook-idle delay-newmail imap_client_workarounds(imap): outlook-idle delay-newmail imap_client_workarounds(pop3): imap_client_workarounds(managesieve): pop3_client_workarounds(default): pop3_client_workarounds(imap): pop3_client_workarounds(pop3): outlook-no-nuls oe-ns-eoh pop3_client_workarounds(managesieve): lda: postmaster_address: postmaster mail_plugins: cmusieve quota_full_tempfail: yes deliver_log_format: msgid=%m: %$ rejection_reason: Your message to <%t> was automatically rejected:%n%r auth default: mechanisms: plain login passdb: driver: pam userdb: driver: passwd socket: type: listen client: path: /var/spool/postfix/private/dovecot-auth mode: 432 user: postfix group: postfix plugin: sieve: ~/.dovecot.sieve sieve_dir: ~/sieve
Best regards, Tseveen
On Tue, Jun 15, 2010 at 10:31 PM, Pascal Volk < user+dovecot@localhost.localdomain.org<user%2Bdovecot@localhost.localdomain.org>
wrote:
On 06/15/2010 03:08 PM Tseveendorj Ochirlantuu wrote:
Dear All,
I've installed Postfix 2.7.0 and Dovecot 1.2.9 on Ubuntu 10.04. I want to use Dovecot SASL with Postfix and did the following configuration.
main.cf
smtpd_sasl_auth_enable = yes smtpd_sasl_type = dovecot smtpd_sasl_path = private/dovecot-auth smtpd_sasl_authenticated_header = yes smtpd_sasl_security_options = noanonymous smtpd_sasl_local_domain = $myhostname broken_sasl_auth_clients = yes smtpd_recipient_restrictions = reject_unknown_sender_domain, reject_unknown_recipient_domain, reject_unauth_pipelining, permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination
/etc/dovecot/auth.d/01-dovecot-postfix.auth
mechanisms = plain login socket listen { client { path = /var/spool/postfix/private/dovecot-auth mode = 0660 user = postfix group = postfix } }
I did not see AUTH in the telnet connection.
EHLO mail.domain.mn 250-ns1.domain.mn 250-PIPELINING 250-SIZE 10240000 250-VRFY 250-ETRN 250-STARTTLS ^^^^^^^^^^^^^^^ 250-ENHANCEDSTATUSCODES 250-8BITMIME 250 DSN
How to solvet this ?
Always send
postconf -noutput for Postfix related stuff, for Dovecot related stuff include alwaysdoveconf -n||dovecot -noutput.Either start your SSL-session or allow plaintext auth in your Dovecot configuration.
Regards, Pascal
The trapper recommends today: fabaceae.1016615@localdomain.org
On 06/15/2010 03:40 PM Tseveendorj Ochirlantuu wrote:
Dear Pascal
Sorry for forgetting required thing. Please see the dovecot -n follow
1.2.9: /etc/dovecot/dovecot.conf
OS: Linux 2.6.32-22-server x86_64 Ubuntu 10.04 LTS
log_timestamp: %Y-%m-%d %H:%M:%S protocols: imap pop3 imaps pop3s managesieve ssl_cert_file: /etc/ssl/certs/ssl-mail.pem ssl_key_file: /etc/ssl/private/ssl-mail.key ssl_cipher_list: ALL:!LOW:!SSLv2:ALL:!aNULL:!ADH:!eNULL:!EXP:RC4+RSA:+HIGH:+MEDIUM login_dir: /var/run/dovecot/login login_executable(default): /usr/lib/dovecot/imap-login login_executable(imap): /usr/lib/dovecot/imap-login login_executable(pop3): /usr/lib/dovecot/pop3-login login_executable(managesieve): /usr/lib/dovecot/managesieve-login mail_privileged_group: mail mail_location: maildir:~/Maildir mbox_write_locks: fcntl dotlock mail_executable(default): /usr/lib/dovecot/imap mail_executable(imap): /usr/lib/dovecot/imap mail_executable(pop3): /usr/lib/dovecot/pop3 mail_executable(managesieve): /usr/lib/dovecot/managesieve mail_plugin_dir(default): /usr/lib/dovecot/modules/imap mail_plugin_dir(imap): /usr/lib/dovecot/modules/imap mail_plugin_dir(pop3): /usr/lib/dovecot/modules/pop3 mail_plugin_dir(managesieve): /usr/lib/dovecot/modules/managesieve imap_client_workarounds(default): outlook-idle delay-newmail imap_client_workarounds(imap): outlook-idle delay-newmail imap_client_workarounds(pop3): imap_client_workarounds(managesieve): pop3_client_workarounds(default): pop3_client_workarounds(imap): pop3_client_workarounds(pop3): outlook-no-nuls oe-ns-eoh pop3_client_workarounds(managesieve): lda: postmaster_address: postmaster mail_plugins: cmusieve ^^^^^^^^
Please read: file:///usr/share/doc/dovecot-common/README.Debian http://wiki.dovecot.org/Upgrading/1.2
quota_full_tempfail: yes deliver_log_format: msgid=%m: %$ rejection_reason: Your message to <%t> was automatically rejected:%n%r auth default: mechanisms: plain login passdb: driver: pam userdb: driver: passwd socket: type: listen client: path: /var/spool/postfix/private/dovecot-auth mode: 432 user: postfix group: postfix plugin: sieve: ~/.dovecot.sieve sieve_dir: ~/sieve
Best regards, Tseveen
On Tue, Jun 15, 2010 at 10:31 PM, Pascal Volk < user+dovecot@localhost.localdomain.org<user%2Bdovecot@localhost.localdomain.org>
wrote:
I did not see AUTH in the telnet connection.
EHLO mail.domain.mn 250-ns1.domain.mn 250-PIPELINING 250-SIZE 10240000 250-VRFY 250-ETRN 250-STARTTLS
^^^^^^^^^^^^^^^
250-ENHANCEDSTATUSCODES 250-8BITMIME 250 DSN
How to solvet this ?
Either start your SSL-session or allow plaintext auth in your Dovecot configuration.
Please stop top-posting.
Your dovecot -n output doesn't include the disable_plaintext_auth
setting. So disable_plaintext_auth is configured to its default: yes
When disable_plaintext_auth=yes, you can't authenticate plain or login, until you've secured the connection with the STARTTLS command.
Regards, Pascal
The trapper recommends today: fabaceae.1016615@localdomain.org
On Tue, Jun 15, 2010 at 9:48 PM, Pascal Volk < user+dovecot@localhost.localdomain.org<user%2Bdovecot@localhost.localdomain.org>
wrote:
On 06/15/2010 03:40 PM Tseveendorj Ochirlantuu wrote:
Dear Pascal
Sorry for forgetting required thing. Please see the dovecot -n follow
1.2.9: /etc/dovecot/dovecot.conf
OS: Linux 2.6.32-22-server x86_64 Ubuntu 10.04 LTS
log_timestamp: %Y-%m-%d %H:%M:%S protocols: imap pop3 imaps pop3s managesieve ssl_cert_file: /etc/ssl/certs/ssl-mail.pem ssl_key_file: /etc/ssl/private/ssl-mail.key ssl_cipher_list: ALL:!LOW:!SSLv2:ALL:!aNULL:!ADH:!eNULL:!EXP:RC4+RSA:+HIGH:+MEDIUM login_dir: /var/run/dovecot/login login_executable(default): /usr/lib/dovecot/imap-login login_executable(imap): /usr/lib/dovecot/imap-login login_executable(pop3): /usr/lib/dovecot/pop3-login login_executable(managesieve): /usr/lib/dovecot/managesieve-login mail_privileged_group: mail mail_location: maildir:~/Maildir mbox_write_locks: fcntl dotlock mail_executable(default): /usr/lib/dovecot/imap mail_executable(imap): /usr/lib/dovecot/imap mail_executable(pop3): /usr/lib/dovecot/pop3 mail_executable(managesieve): /usr/lib/dovecot/managesieve mail_plugin_dir(default): /usr/lib/dovecot/modules/imap mail_plugin_dir(imap): /usr/lib/dovecot/modules/imap mail_plugin_dir(pop3): /usr/lib/dovecot/modules/pop3 mail_plugin_dir(managesieve): /usr/lib/dovecot/modules/managesieve imap_client_workarounds(default): outlook-idle delay-newmail imap_client_workarounds(imap): outlook-idle delay-newmail imap_client_workarounds(pop3): imap_client_workarounds(managesieve): pop3_client_workarounds(default): pop3_client_workarounds(imap): pop3_client_workarounds(pop3): outlook-no-nuls oe-ns-eoh pop3_client_workarounds(managesieve): lda: postmaster_address: postmaster mail_plugins: cmusieve ^^^^^^^^
Please read: file:///usr/share/doc/dovecot-common/README.Debian http://wiki.dovecot.org/Upgrading/1.2
quota_full_tempfail: yes deliver_log_format: msgid=%m: %$ rejection_reason: Your message to <%t> was automatically rejected:%n%r auth default: mechanisms: plain login passdb: driver: pam userdb: driver: passwd socket: type: listen client: path: /var/spool/postfix/private/dovecot-auth mode: 432 user: postfix group: postfix plugin: sieve: ~/.dovecot.sieve sieve_dir: ~/sieve
Best regards, Tseveen
On Tue, Jun 15, 2010 at 10:31 PM, Pascal Volk < user+dovecot@localhost.localdomain.org<user%2Bdovecot@localhost.localdomain.org> <user%2Bdovecot@localhost.localdomain.org<user%252Bdovecot@localhost.localdomain.org>
wrote:
I did not see AUTH in the telnet connection.
EHLO mail.domain.mn 250-ns1.domain.mn 250-PIPELINING 250-SIZE 10240000 250-VRFY 250-ETRN 250-STARTTLS
^^^^^^^^^^^^^^^
250-ENHANCEDSTATUSCODES 250-8BITMIME 250 DSN
How to solvet this ?
Either start your SSL-session or allow plaintext auth in your Dovecot configuration.
Please stop top-posting.
Your
dovecot -noutput doesn't include the disable_plaintext_auth setting. So disable_plaintext_auth is configured to its default: yesWhen disable_plaintext_auth=yes, you can't authenticate plain or login, until you've secured the connection with the STARTTLS command.
Regards, Pascal
The trapper recommends today: fabaceae.1016615@localdomain.org
disable_plaintext_auth is already set yes in /etc/dovecot/conf.d/01-dovecot-postfix.conf. why it didn't appear.
Today I just upgraded dovecot please see the dovecot -n below.
1.2.9: /etc/dovecot/dovecot.conf
OS: Linux 2.6.32-22-server x86_64 Ubuntu 10.04 LTS
log_timestamp: %Y-%m-%d %H:%M:%S protocols: imap pop3 imaps pop3s managesieve ssl_cert_file: /etc/ssl/certs/ssl-mail.pem ssl_key_file: /etc/ssl/private/ssl-mail.key ssl_cipher_list: ALL:!LOW:!SSLv2:ALL:!aNULL:!ADH:!eNULL:!EXP:RC4+RSA:+HIGH:+MEDIUM login_dir: /var/run/dovecot/login login_executable(default): /usr/lib/dovecot/imap-login login_executable(imap): /usr/lib/dovecot/imap-login login_executable(pop3): /usr/lib/dovecot/pop3-login login_executable(managesieve): /usr/lib/dovecot/managesieve-login mail_privileged_group: mail mail_location: maildir:~/Maildir mbox_write_locks: fcntl dotlock mail_executable(default): /usr/lib/dovecot/imap mail_executable(imap): /usr/lib/dovecot/imap mail_executable(pop3): /usr/lib/dovecot/pop3 mail_executable(managesieve): /usr/lib/dovecot/managesieve mail_plugin_dir(default): /usr/lib/dovecot/modules/imap mail_plugin_dir(imap): /usr/lib/dovecot/modules/imap mail_plugin_dir(pop3): /usr/lib/dovecot/modules/pop3 mail_plugin_dir(managesieve): /usr/lib/dovecot/modules/managesieve imap_client_workarounds(default): outlook-idle delay-newmail imap_client_workarounds(imap): outlook-idle delay-newmail imap_client_workarounds(pop3): imap_client_workarounds(managesieve): pop3_client_workarounds(default): pop3_client_workarounds(imap): pop3_client_workarounds(pop3): outlook-no-nuls oe-ns-eoh pop3_client_workarounds(managesieve): lda: postmaster_address: postmaster mail_plugins: sieve quota_full_tempfail: yes deliver_log_format: msgid=%m: %$ rejection_reason: Your message to <%t> was automatically rejected:%n%r auth default: mechanisms: plain login passdb: driver: pam userdb: driver: passwd socket: type: listen client: path: /var/spool/postfix/private/dovecot-auth mode: 432 user: postfix group: postfix plugin: sieve: ~/.dovecot.sieve sieve_dir: ~/sieve
On 06/17/2010 02:32 PM Tseveendorj Ochirlantuu wrote:
disable_plaintext_auth is already set yes in /etc/dovecot/conf.d/01-dovecot-postfix.conf. why it didn't appear.
Today I just upgraded dovecot please see the dovecot -n below.
1.2.9: /etc/dovecot/dovecot.conf
OS: Linux 2.6.32-22-server x86_64 Ubuntu 10.04 LTS
log_timestamp: %Y-%m-%d %H:%M:%S protocols: imap pop3 imaps pop3s managesieve ssl_cert_file: /etc/ssl/certs/ssl-mail.pem ssl_key_file: /etc/ssl/private/ssl-mail.key ssl_cipher_list: ALL:!LOW:!SSLv2:ALL:!aNULL:!ADH:!eNULL:!EXP:RC4+RSA:+HIGH:+MEDIUM login_dir: /var/run/dovecot/login login_executable(default): /usr/lib/dovecot/imap-login login_executable(imap): /usr/lib/dovecot/imap-login login_executable(pop3): /usr/lib/dovecot/pop3-login login_executable(managesieve): /usr/lib/dovecot/managesieve-login mail_privileged_group: mail mail_location: maildir:~/Maildir mbox_write_locks: fcntl dotlock mail_executable(default): /usr/lib/dovecot/imap mail_executable(imap): /usr/lib/dovecot/imap mail_executable(pop3): /usr/lib/dovecot/pop3 mail_executable(managesieve): /usr/lib/dovecot/managesieve mail_plugin_dir(default): /usr/lib/dovecot/modules/imap mail_plugin_dir(imap): /usr/lib/dovecot/modules/imap mail_plugin_dir(pop3): /usr/lib/dovecot/modules/pop3 mail_plugin_dir(managesieve): /usr/lib/dovecot/modules/managesieve imap_client_workarounds(default): outlook-idle delay-newmail imap_client_workarounds(imap): outlook-idle delay-newmail imap_client_workarounds(pop3): imap_client_workarounds(managesieve): pop3_client_workarounds(default): pop3_client_workarounds(imap): pop3_client_workarounds(pop3): outlook-no-nuls oe-ns-eoh pop3_client_workarounds(managesieve): lda: postmaster_address: postmaster mail_plugins: sieve quota_full_tempfail: yes deliver_log_format: msgid=%m: %$ rejection_reason: Your message to <%t> was automatically rejected:%n%r auth default: mechanisms: plain login passdb: driver: pam userdb: driver: passwd socket: type: listen client: path: /var/spool/postfix/private/dovecot-auth mode: 432 user: postfix group: postfix plugin: sieve: ~/.dovecot.sieve sieve_dir: ~/sieve
By default the disable_plaintext_auth setting is set to yes. dovecot -n
reports only non-default settings. So when you set
disable_plaintext_auth to yes (its default value) in your dovecot.conf
and run dovecot -n | grep disable_plaintext_auth, you will see
nothing.
With Dovecot v2.0 you can use doveconf -N, to see non-default +
explicit configured default settings.
Back to disable_plaintext_auth: Let me copy and paste from the dovecot.conf:
Disable LOGIN command and all other plaintext authentications unless
SSL/TLS is used (LOGINDISABLED capability). Note that if the remote IP
matches the local IP (ie. you're connecting from the same computer), the
connection is considered secure and plaintext authentication is allowed.
#disable_plaintext_auth = yes
You can't use palintext authentication, as long plaintext auth is disabled.
Regards, Pascal
The trapper recommends today: c01dcofe.1016815@localdomain.org
participants (2)
-
Pascal Volk
-
Tseveendorj Ochirlantuu