[Dovecot] Using dovecot auth with Postfix
Attempting to setup smtpd auth for Postfix using the Dovecot authorization unix socket.
Some info is at: http://www.postfix.org/SASL_README.html
To enable operation when Postfix is chrooted, a method from the reference above is to locate the socket at: /var/spool/postfix/private/auth
To do this, I have this configuration in dovecot.conf:
# listener sockets will be created by Dovecot's master process using the # settings given inside the auth section auth default_with_listener { mechanisms = plain passdb passwd { } userdb pam { } socket listen { master { path = /var/spool/postfix/private/dovecot-auth-master # WARNING: Giving untrusted users access to master socket may be a # security risk, don't give too wide permissions to it! mode = 0600 # Default user/group is the one who started dovecot-auth (root) user = group = } client { path = /var/spool/postfix/private/dovecot-auth-master mode = 0660 } } }
With this configuration Dovecot writes this to the log at startup:
dovecot: Dec 31 17:04:32 Error: child 3536 (auth) returned error 89 dovecot: Dec 31 17:25:34 Error: Auth process died too early - shutting down dovecot: Dec 31 17:25:34 Error: auth(default_with_listener): Unknown userdb driver 'pam' (typo, or Dovecot was built without support for it? Check with dovecot --build-options)
Before modifying the setup for this auth function, pam authentication was working fine.
Also, Dovecot will make /auth owned by root which Postfix considers a 'fatal' problem. Should it be setup to run as user Postfix ?
Any help here is vy appreciated
-kim
-- w8hdkim@gmail.com
I used cyrus sasl for the authentication mech when i set that up with postfix. That worked a lot easier for me then the dovecot which I tried as well.
David Willoughby email: dlw@d1w.org icq: 1852393
On Saturday 2005-December-31 17:17, Kim Culhan wrote:
Attempting to setup smtpd auth for Postfix using the Dovecot authorization unix socket.
Some info is at: http://www.postfix.org/SASL_README.html
And did you first follow the #build_dovecot instructions?
To enable operation when Postfix is chrooted, a method from the reference above is to locate the socket at: /var/spool/postfix/private/auth
And what is in your Postfix config? I followed the instructions more or less exactly, and it works for me.
To do this, I have this configuration in dovecot.conf:
# listener sockets will be created by Dovecot's master process using the # settings given inside the auth section auth default_with_listener {
This is what I don't understand. My socket is defined in the "auth default" section. I'm not clear about (and found nothing at the Wiki) the use of other auth sections. I know they are separate authentication processes, and it says this in my dovecot.conf comments:
"You can have multiple authentication processes. With plaintext authentication the password is checked against each process, the first one which succeeds is used. ..."
Also, Dovecot will make /auth owned by root which Postfix considers a 'fatal' problem. Should it be setup to run as user Postfix ?
My socket, /var/spool/postfix/private/auth, is mode 0666 and owned by root:root. SMTP AUTH works.
Sorry, I know this is a lame reply, but I've been an advocate of this feature, so I hope to learn more about it. :)
mail to this address is discarded unless "/dev/rob0"
or "not-spam" is in Subject: headerOn Sat, 2005-12-31 at 18:17 -0500, Kim Culhan wrote:
client { path = /var/spool/postfix/private/dovecot-auth-master mode = 0660
This isn't -master socket, so the path is a bit misleading.
And either set mode = 0666 or add a line with "user = postfix".
dovecot: Dec 31 17:04:32 Error: child 3536 (auth) returned error 89 dovecot: Dec 31 17:25:34 Error: Auth process died too early - shutting down dovecot: Dec 31 17:25:34 Error: auth(default_with_listener): Unknown userdb driver 'pam' (typo, or Dovecot was built without support for it? Check with dovecot --build-options)
Before modifying the setup for this auth function, pam authentication was working fine.
PAM is only a "passdb", not an "userdb". So I'd think you wanted to set passdb pam, userdb passwd (or whatever, since postfix doesn't use it at all).
On 12/31/05, Timo Sirainen tss@iki.fi wrote:
On Sat, 2005-12-31 at 18:17 -0500, Kim Culhan wrote:
client { path = /var/spool/postfix/private/dovecot-auth-master mode = 0660This isn't -master socket, so the path is a bit misleading.
Yes this is a mistake, changed it to: dovecot-auth-client
And either set mode = 0666 or add a line with "user = postfix".
dovecot: Dec 31 17:04:32 Error: child 3536 (auth) returned error 89 dovecot: Dec 31 17:25:34 Error: Auth process died too early - shutting down dovecot: Dec 31 17:25:34 Error: auth(default_with_listener): Unknown userdb driver 'pam' (typo, or Dovecot was built without support for it? Check with dovecot --build-options)
Before modifying the setup for this auth function, pam authentication was working fine.
PAM is only a "passdb", not an "userdb". So I'd think you wanted to set passdb pam, userdb passwd (or whatever, since postfix doesn't use it at all).
Yes, dovecot-example.conf has # userdb pam {
changed to
userdb passwd {
Also, one goal is to locate the auth socket in a place which is accessable to postfix if postfix is running chrooted.
It would appear that if set: login_dir = /var/spool/postfix/private dovecot sets ownership of the above to root.
When this is the case, postfix will not start.
If dovecot is not running as root it can't read the passwd database so is it necessary to change the type of database to something other than passwd for this to work ?
regards -kim
-- w8hdkim@gmail.com
participants (4)
-
/dev/rob0
-
David Willoughby
-
Kim Culhan
-
Timo Sirainen