[Dovecot] Openbsd Postfix-Dovecot-SASL
Greetings all,
I have a OpenBSD /Dovecot server at home running and sending / receiving email "internally" without issue.. Recently, I set up the same at our Parish, but one of our users wants to get their email externally.
The user can read their email but has to "send" via the local ISP server..
The problem After much searching I have not found an answer to my question. I would like the user to authenticate to be able to "send" email "through" the server.. OpenBSD uses bsdauth by default in Dovecot. After reading the Postfix http://www.postfix.org/SASL_README.html and the Dovecot Wiki http://wiki.dovecot.org/HowTo/PostfixAndDovecotSASL
I have tried multiple configurations but I can't seem to get this to work.. It may be something very simple that I am missing..
All users on the Server have accounts in /etc/passwd (just no shell)
Postfix - main.cf mailbox_command = /usr/local/libexec/dovecot/deliver mynetworks = 127.0.0.0/8 smtpd_sasl_type = dovecot smtpd_sasl_path = private/auth smtpd_sasl_auth_enable = yes smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination
dovecot --version 1.1.16
dovecot -n
# OS: OpenBSD 4.6 i386
base_dir: /var/dovecot/
protocols: imaps
listen: *, [::]
ssl_cert_file: /etc/ssl/dovecotcert.pem
disable_plaintext_auth: no
login_dir: /var/dovecot/login
login_executable: /usr/local/libexec/dovecot/imap-login
login_user: _dovecot
login_max_processes_count: 256
max_mail_processes: 32
mail_location: maildir:~/Maildir
mbox_write_locks: fcntl
imap_client_workarounds: delay-newmail netscape-eoh tb-extra-mailbox-sep
auth default:
cache_size: 1024
passdb:
driver: bsdauth
args: cache_key=%u
userdb:
driver: passwd
socket:
type: listen
client:
path: /var/run/auth-client
mode: 432
user: _postfix
master:
path: /var/run/auth-master
mode: 384
user: _postfix
Error using bsdauth Dec 21 15:07:09 aml000t3 dovecot: dovecot v1.1.16 starting up Dec 21 15:07:09 aml000t3 dovecot: Panic: auth(default): file passdb.c: line 190 (passdb_init): assertion failed: (passdb->passdb->default_pass_scheme != NULL || passdb->passdb->cache_key == NULL) Dec 21 15:07:09 aml000t3 dovecot: child 18954 (auth) killed with signal 6 (core not dumped) Dec 21 15:07:09 aml000t3 dovecot: Fatal: Auth process died too early - shutting down
It looks like bsdauth has a bug and even though this thread "lists" a patch, I haven't been able to find it.. http://old.nabble.com/bsdauth-with-cache_key-failed-ts25800484.html#a2580048...
so I guess I am looking for an alternative to be able to allow users to "send through the server"
Thx for any pointers tk
-- View this message in context: http://old.nabble.com/Openbsd-Postfix-Dovecot-SASL-tp26890148p26890148.html Sent from the Dovecot mailing list archive at Nabble.com.
On 12/22/2009 04:37 PM thekat wrote:
… The user can read their email but has to "send" via the local ISP server..
The problem After much searching I have not found an answer to my question. I would like the user to authenticate to be able to "send" email "through" the server.. OpenBSD uses bsdauth by default in Dovecot. After reading the Postfix http://www.postfix.org/SASL_README.html and the Dovecot Wiki http://wiki.dovecot.org/HowTo/PostfixAndDovecotSASL
I have tried multiple configurations but I can't seem to get this to work.. It may be something very simple that I am missing..
All users on the Server have accounts in /etc/passwd (just no shell)
Postfix - main.cf mailbox_command = /usr/local/libexec/dovecot/deliver mynetworks = 127.0.0.0/8 smtpd_sasl_type = dovecot smtpd_sasl_path = private/auth ^^^^^^^^^^^^^^ smtpd_sasl_auth_enable = yes smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination
dovecot --version 1.1.16
dovecot -n … socket: type: listen client: path: /var/run/auth-client ^^^^^^^^^^^^^^^^^^^^^^^^^^^^ mode: 432 user: _postfix master: path: /var/run/auth-master mode: 384 user: _postfix
Check your logs. I think Postfix should have logged something, because it was unable to find $(postconf -h queue_directory)/private/auth Please read http://wiki.dovecot.org/HowTo/PostfixAndDovecotSASL again. Then check path setting of the client auth socket.
Regards, Pascal
The trapper recommends today: fabaceae.0935616@localdomain.org
On 12/22/2009 04:37 PM thekat wrote:
… Error using bsdauth Dec 21 15:07:09 aml000t3 dovecot: Panic: auth(default): file passdb.c: line 190 (passdb_init): assertion failed: (passdb->passdb->default_pass_scheme != NULL || passdb->passdb->cache_key == NULL)
It looks like bsdauth has a bug and even though this thread "lists" a patch, I haven't been able to find it.. http://old.nabble.com/bsdauth-with-cache_key-failed-ts25800484.html#a2580048...
so I guess I am looking for an alternative to be able to allow users to "send through the server"
Sorry, I misread this part. My reply <http://old.nabble.com/bsdauth-with-cache_key-failed-ts25800484.html#a25845782> includes the patch. The patch is also available in the official Dovecot repository: http://hg.dovecot.org/dovecot-1.1/rev/b521d13ea89e
But the best alternative would be to update to v1.1.20 or even better to v1.2.9
Regards, Pascal
The trapper recommends today: deadbeef.0935617@localdomain.org
Pascal Volk-3 wrote:
Sorry, I misread this part. My reply <http://old.nabble.com/bsdauth-with-cache_key-failed-ts25800484.html#a25845782> includes the patch. The patch is also available in the official Dovecot repository: http://hg.dovecot.org/dovecot-1.1/rev/b521d13ea89e
But the best alternative would be to update to v1.1.20 or even better to v1.2.9
Regards, Pascal
Thx for the reply... OpenBSD is one of the systems that I have never done a "third party" patch on.. and my guess is that v1.1.20 will not be available until 4.7 .. v1.1.20 is available in 4.6 -current
That being said can you provide the configure and compile options for OpenBSD ? Or would a better route be to use a "different" authentication other than bsdauth ?
Thx tk
View this message in context: http://old.nabble.com/Openbsd-Postfix-Dovecot-SASL-tp26890148p26893055.html Sent from the Dovecot mailing list archive at Nabble.com.
On 12/22/2009 08:30 PM thekat wrote:
Thx for the reply... OpenBSD is one of the systems that I have never done a "third party" patch on.. and my guess is that v1.1.20 will not be available until 4.7 .. v1.1.20 is available in 4.6 -current
That being said can you provide the configure and compile options for OpenBSD ?
My config.log contains: $ ./configure --prefix=/usr/local --build=i386-unknown-openbsd --host=i386-unknown-openbsd --with-bsdauth --with-checkpassword --with-libiconv-prefix --with-passwd --with-passwd-file --with-pgsql --with-ssl=openssl --with-zlib --without-db --without-gssapi --without-ldap --without-mysql --without-nss --without-pam --without-shadow --without-sqlite --without-static-userdb --without-vpopmail
When configured use gmake, not make.
Or would a better route be to use a "different" authentication other than bsdauth ?
Depends on your demands.
Regards, Pascal
The trapper recommends today: c01dcofe.0935621@localdomain.org
participants (2)
-
Pascal Volk
-
thekat