[Dovecot] SASL plain authentication failed; unable to lookup user record

/dev/rob0 rob0 at gmx.co.uk
Wed Dec 9 22:17:37 EET 2009 

On Wed, Dec 09, 2009 at 11:21:56AM -0800, JP wrote:
> i'll guess the solution to my problem will be something simple and
> obvious,

I think so.

[snip]
> config stuff:
> 
> # postconf -n

> mail_owner = _postfix

That strange non-default setting might be one of the problems.

> queue_directory = /private/var/spool/postfix

That's equally strange and also a likely part of the problem.

> smtpd_client_restrictions = permit_mynetworks permit_sasl_authenticated
> reject

This is not suitable for mail exchange, and not needed anyway. This
says you reject anything which has not authenticated or is not in
mynetworrks.

> smtpd_helo_restrictions = reject_invalid_helo_hostname
> reject_non_fqdn_helo_hostname

These are good restrictions to use, but they will block some MUA
submission. They belong __
                          | below
                          v
> smtpd_recipient_restrictions = permit_sasl_authenticated
> permit_mynetworks reject_unauth_destination check_policy_service
> unix:private/policy reject

in here after the two permit_* restrictions.

> smtpd_pw_server_security_options = plain, login cram-md5
> smtpd_use_pw_server = yes

postconf: warning: smtpd_pw_server_security_options: unknown parameter
postconf: warning: smtpd_use_pw_server: unknown parameter

This is patched. Talk to Apple for support. The patching could be a
part of the problem as well.

> smtpd_sasl_path = private/auth

This pathname, as documented, is relative to $queue_directory. See
above for your strange non-default setting.

> virtual_mailbox_base = /etc/postfix/datastore

This is really bizarre. Sure, files can go anywhere you want, but is
there anything wrong with traditional Unix standards? I'm reminded of
the famous quote: "Those who don't understand Unix are doomed to
reinvent it, poorly."

> # dovecotd -n
> # 1.1.17apple0.5: /private/etc/dovecot/dovecot.conf
> Warning: fd limit 256 is lower than what Dovecot can use under full load
> (more than 456). Either grow the limit or change
> login_max_processes_count and max_mail_processes settings

Hmmm, that sounds like something you might want to consider.

> auth default:
>   verbose: yes
>   debug: yes
>   debug_passwords: yes
>   passdb:
>     driver: passwd-file
>     args: username_format=%n /etc/postfix/datastore/%d-passwd
>   userdb:
>     driver: passwd-file
>     args: username_format=%n /etc/postfix/datastore/%d-passwd
>   socket:
>     type: listen
>     client:
>       path: /var/spool/postfix/private/auth

I see a problem in that path!

>       mode: 432
>       user: postfix
>       group: postfix

I see a problem in that user (and maybe group)!

> it would seem that something's not right between postfix and dovecot.

Perhaps Dovecot should create a socket in the place Postfix needs it,
with ownership such that Postfix can use it.
-- 
    Offlist mail to this address is discarded unless
    "/dev/rob0" or "not-spam" is in Subject: header

More information about the dovecot mailing list