[Dovecot] Why is dovecot involved in my smtp process
I've been trying to get smtp auth set up for days. All my sendmail and sasl2 stuff seems to be proper, but the user can't use the system on port 587, which is where I require authorization.
Now I see where messages are in my maillog of the type:
auth: pam_unix(dovecot:auth) : authentication failure ........
Why is dovecot involved in my smtp processes and how do I fix this. I've got some very mad users. The 10-auth.conf file is pretty much stock except for allowing plain text logins.
steve campbell
On 23.02.2012 16:16, Steve Campbell wrote:
I've been trying to get smtp auth set up for days. All my sendmail and sasl2 stuff seems to be proper, but the user can't use the system on port 587, which is where I require authorization.
Now I see where messages are in my maillog of the type:
auth: pam_unix(dovecot:auth) : authentication failure ........
Why is dovecot involved in my smtp processes and how do I fix this. I've got some very mad users. The 10-auth.conf file is pretty much stock except for allowing plain text logins. Dovecot can be used as authentication source. It has its own implementation of SASL library which can be used instead of Cyrus SASL implementation.
In Dovecot2 the config for auth is in 10-master.conf, service "auth".
Please see: for dovecot 1.x: http://wiki.dovecot.org/Sasl for dovecot 2.x: http://wiki2.dovecot.org/Sasl
on the postfix side: http://www.postfix.org/SASL_README.html#server_dovecot
-- Adam Szpakowski
On 2/23/2012 10:30 AM, Adam Szpakowski wrote:
On 23.02.2012 16:16, Steve Campbell wrote:
I've been trying to get smtp auth set up for days. All my sendmail and sasl2 stuff seems to be proper, but the user can't use the system on port 587, which is where I require authorization.
Now I see where messages are in my maillog of the type:
auth: pam_unix(dovecot:auth) : authentication failure ........
Why is dovecot involved in my smtp processes and how do I fix this. I've got some very mad users. The 10-auth.conf file is pretty much stock except for allowing plain text logins. Dovecot can be used as authentication source. It has its own implementation of SASL library which can be used instead of Cyrus SASL implementation.
In Dovecot2 the config for auth is in 10-master.conf, service "auth".
Please see: for dovecot 1.x: http://wiki.dovecot.org/Sasl for dovecot 2.x: http://wiki2.dovecot.org/Sasl
on the postfix side: http://www.postfix.org/SASL_README.html#server_dovecot
That's all great, but what about sendmail. What should my pam.d/dovecot file look like, what should my dovecot.conf file look like, all this just runs me around in circles.
Thanks for the pointers, but I've been over that a million times and nothing seems to work.
steve
On 2012-02-23 10:16 AM, Steve Campbell <campbell@cnpapers.com> wrote:
Why is dovecot involved in my smtp processes
Because you told it to?
and how do I fix this.
Depends on what your intent is - what MTA you use - how it is configured
- etc...
I've got some very mad users.
Don't make changes to an existing and/or go live with a new system without properly testing?
The 10-auth.conf file is pretty much stock except for allowing plain text logins.
This file is irrelevant unless you have your MTA configured to use dovecot-sasl... dovecot only *assists* an MTA in authenticating, it isn't an MTA.
--
Best regards,
Charles
On 2/23/2012 10:47 AM, Charles Marcus wrote:
On 2012-02-23 10:16 AM, Steve Campbell <campbell@cnpapers.com> wrote:
Why is dovecot involved in my smtp processes
Because you told it to? Where did I tell it to do this.
and how do I fix this.
Depends on what your intent is - what MTA you use - how it is configured - etc...
Sendmail - pretty much default except I'm trying to use port submission (587).
I've got some very mad users.
Don't make changes to an existing and/or go live with a new system without properly testing?
Unfortunately, switching over to a new server didn't show me most of the problems until after it had run a while. Dovecot is probably a great application, but the wiki sucks when you run sendmail, the help files are a little vague and run me around in circles. I postponed (actually move the server back to the old server) for a week to fix the problems I ran into upon first putting it into server. After fixing those, it was only later that the last batch of problems showed up.
You right that I should have tested more, but that's not what I need to be hearing right now. Most of my conversions go without problems and I've been doing this for quite a few years (decades).
The 10-auth.conf file is pretty much stock except for allowing plain text logins.
This file is irrelevant unless you have your MTA configured to use dovecot-sasl... dovecot only *assists* an MTA in authenticating, it isn't an MTA.
My sendmail configs don't even list dovecot.
steve
I've been trying to get smtp auth set up for days. All my sendmail and sasl2 stuff seems to be proper, but the user can't use the system on port 587, which is where I require authorization.
My guess is that your sasl2 configuration is configured to use your imap server to authenticate users. Check your sasl2 software's documentation.
On 2/23/2012 11:23 AM, Peter A. Giessel wrote:
I've been trying to get smtp auth set up for days. All my sendmail and sasl2 stuff seems to be proper, but the user can't use the system on port 587, which is where I require authorization. My guess is that your sasl2 configuration is configured to use your imap server to authenticate users. Check your sasl2 software's documentation.
You're correct. This server is our smtp, imap, and pop server. All authentication is done there, supposedly through PAM, but dovecot seems to interfere with sendmail's smtp auth processes and overrides what typically was done in a non-interferred way with sasl.
On Thu, Feb 23, 2012 at 10:16:34AM -0500, Steve Campbell wrote:
I've been trying to get smtp auth set up for days. All my sendmail and sasl2 stuff seems to be proper, but the user can't use the system on port 587, which is where I require authorization.
Now I see where messages are in my maillog of the type:
auth: pam_unix(dovecot:auth) : authentication failure ........
Why is dovecot involved in my smtp processes and how do I fix this.
I would question that these failures are in fact related to what Sendmail is doing. Does Sendmail even support Dovecot SASL? AFAIK it does not, therefore there is no way that Dovecot could possibly interfere with SMTP AUTH in Sendmail.
I've got some very mad users.
And you are jumping to conclusions. I suggest that you take this matter to a Sendmail forum. When you do, provide all relevant configuration as well as complete logging to show the problem. No useful help is possible with what you posted here.
The 10-auth.conf file is pretty much stock except for allowing plain text logins.
http://rob0.nodns4.us/ -- system administration and consulting Offlist GMX mail is seen only if "/dev/rob0" is in the Subject:
On 2/23/2012 11:33 AM, /dev/rob0 wrote:
On Thu, Feb 23, 2012 at 10:16:34AM -0500, Steve Campbell wrote:
I've been trying to get smtp auth set up for days. All my sendmail and sasl2 stuff seems to be proper, but the user can't use the system on port 587, which is where I require authorization.
Now I see where messages are in my maillog of the type:
auth: pam_unix(dovecot:auth) : authentication failure ........
Why is dovecot involved in my smtp processes and how do I fix this. I would question that these failures are in fact related to what Sendmail is doing. Does Sendmail even support Dovecot SASL? AFAIK it does not, therefore there is no way that Dovecot could possibly interfere with SMTP AUTH in Sendmail. Why is sendmail using Dovecot sasl when I have the regular sasl set up.
If I turn off dovecot, telnet to 587, I get no failures in my logs. If I turn on dovecot and do the same, I get auth failures in my secure file.
I've got some very mad users. And you are jumping to conclusions. I suggest that you take this matter to a Sendmail forum. When you do, provide all relevant configuration as well as complete logging to show the problem. No useful help is possible with what you posted here.
In other words, don't use sendmail if I use dovecot?
The 10-auth.conf file is pretty much stock except for allowing plain text logins.
I'm really having problems following the logic here. Seems that postfix and dovecot are the only way to go if I use alternate ports with smtp auth. Is that what everyone is implying?
I'll try to see what sendmail guys are saying, but I don't think they'll provide much as long as it involves dovecot.
Thanks for the help
steve
On Thu, Feb 23, 2012 at 12:10:20PM -0500, Steve Campbell wrote:
On 2/23/2012 11:33 AM, /dev/rob0 wrote:
On Thu, Feb 23, 2012 at 10:16:34AM -0500, Steve Campbell wrote:
Why is dovecot involved in my smtp processes and how do I fix this. I would question that these failures are in fact related to what Sendmail is doing. Does Sendmail even support Dovecot SASL? AFAIK it does not, therefore there is no way that Dovecot could possibly interfere with SMTP AUTH in Sendmail. Why is sendmail using Dovecot sasl when I have the regular sasl set up.
Fortunately it seems that Peter has identified the issue: Cyrus SASL being configured to use IMAP for authentication.
snip
In other words, don't use sendmail if I use dovecot?
I didn't say that at all, and did not mean to imply it.
I'm really having problems following the logic here. Seems that postfix and dovecot are the only way to go if I use alternate ports with smtp auth. Is that what everyone is implying?
One thing I *did* say is that what you posted was inadequate to be able to provide real help. And it seems that your issue is only tangentially related to Dovecot.
I'll try to see what sendmail guys are saying, but I don't think they'll provide much as long as it involves dovecot.
As Peter said, consult the Cyrus SASL documentation. If your SASL will be using IMAP for authentication, you need to ensure that it does so correctly for your Dovecot IMAP.
As an alternative, change how Cyrus SASL is configured. The usual suggestion for Sendmail users is to use the same data backend for Cyrus SASL and Dovecot.
http://rob0.nodns4.us/ -- system administration and consulting Offlist GMX mail is seen only if "/dev/rob0" is in the Subject:
http://dovecot.org/list/dovecot/2009-March/038435.html
dr Tóth Attila, Radiológus, 06-20-825-8057 Attila Toth MD, Radiologist, +36-20-825-8057
2012.Február 23.(Cs) 18:10 időpontban Steve Campbell ezt írta:
On 2/23/2012 11:33 AM, /dev/rob0 wrote:
On Thu, Feb 23, 2012 at 10:16:34AM -0500, Steve Campbell wrote:
I've been trying to get smtp auth set up for days. All my sendmail and sasl2 stuff seems to be proper, but the user can't use the system on port 587, which is where I require authorization.
Now I see where messages are in my maillog of the type:
auth: pam_unix(dovecot:auth) : authentication failure ........
Why is dovecot involved in my smtp processes and how do I fix this. I would question that these failures are in fact related to what Sendmail is doing. Does Sendmail even support Dovecot SASL? AFAIK it does not, therefore there is no way that Dovecot could possibly interfere with SMTP AUTH in Sendmail. Why is sendmail using Dovecot sasl when I have the regular sasl set up.
If I turn off dovecot, telnet to 587, I get no failures in my logs. If I turn on dovecot and do the same, I get auth failures in my secure file.
I've got some very mad users. And you are jumping to conclusions. I suggest that you take this matter to a Sendmail forum. When you do, provide all relevant configuration as well as complete logging to show the problem. No useful help is possible with what you posted here.
In other words, don't use sendmail if I use dovecot?
The 10-auth.conf file is pretty much stock except for allowing plain text logins.
I'm really having problems following the logic here. Seems that postfix and dovecot are the only way to go if I use alternate ports with smtp auth. Is that what everyone is implying?
I'll try to see what sendmail guys are saying, but I don't think they'll provide much as long as it involves dovecot.
Thanks for the help
steve
Hi Steve, At 07:16 23-02-2012, Steve Campbell wrote:
I've been trying to get smtp auth set up for days. All my sendmail and sasl2 stuff seems to be proper, but the user can't use the system on port 587, which is where I require authorization.
Now I see where messages are in my maillog of the type:
auth: pam_unix(dovecot:auth) : authentication failure ........
Why is dovecot involved in my smtp processes and how do I fix this. I've got some very
If you are using sendmail as the MTA, Dovecot is not involved for authentication on mail submission. The maillog line you provided does not contain enough information to tell what triggered the error.
Regards, -sm
If you are using sendmail as the MTA, Dovecot is not involved for authentication on mail submission. The maillog line you provided does not contain enough information to tell what triggered the error.
Not totally true. Typical cyrus sasl2 implementation used with sendmail uses an imap server for smtp authentication. I recall having to tweak the sasl2 configuration on my own sendmail server to talk correctly with dovecot. I don't recall the exact tweaks. I suggest reviewing the sasl2 implementation's documentation (the OP has not to my knowledge stated which sasl implementation he is using). It sounds like an sasl2 problem, not necessarily a dovecot problem.
participants (7)
-
"Tóth Attila"
-
/dev/rob0
-
Adam Szpakowski
-
Charles Marcus
-
Peter A. Giessel
-
SM
-
Steve Campbell