[Dovecot] Postfix and Dovecot SASL

Rene Bakkum rene.bakkum at gmail.com
Wed Nov 11 18:49:22 EET 2009


Hi Jerry,

My bad, I thought I did postconf -n. I was already wondering why I had so
many garbage in my output :)

Hereby the right postfix config:
root at mail003:/etc/dovecot# postconf -n
alias_database = hash:/etc/aliases
alias_maps = hash:/etc/aliases
append_dot_mydomain = no
biff = no
broken_sasl_auth_clients = yes
config_directory = /etc/postfix
home_mailbox = Maildir/
inet_interfaces = all
mailbox_command = /usr/lib/dovecot/deliver -c
/etc/dovecot/dovecot-postfix.conf -n -m "${EXTENSION}"
mailbox_size_limit = 0
mydestination = mail003.mydomain.nl, localhost.mydomain.nl, , localhost
myhostname = mail003.mydomain.nl
mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128
myorigin = /etc/mailname
readme_directory = no
recipient_delimiter = +
relayhost =
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
smtp_use_tls = yes
smtpd_banner = $myhostname ESMTP $mail_name (Ubuntu)
smtpd_recipient_restrictions = reject_unknown_sender_domain,
reject_unknown_recipient_domain, reject_unauth_pipelining,
permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination
smtpd_sasl_auth_enable = yes
smtpd_sasl_authenticated_header = yes
smtpd_sasl_local_domain = $myhostname
smtpd_sasl_path = private/dovecot-auth
smtpd_sasl_security_options = noanonymous
smtpd_sasl_type = dovecot
smtpd_sender_restrictions = reject_unknown_sender_domain
smtpd_tls_auth_only = yes
smtpd_tls_cert_file = /etc/ssl/certs/ssl-mail.pem
smtpd_tls_key_file = /etc/ssl/private/ssl-mail.key
smtpd_tls_mandatory_ciphers = medium, high
smtpd_tls_mandatory_protocols = SSLv3, TLSv1
smtpd_tls_received_header = yes
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
smtpd_use_tls = yes
tls_random_source = dev:/dev/urandom
virtual_alias_maps = mysql:/etc/postfix/mysql_alias.cf
virtual_gid_maps = mysql:/etc/postfix/mysql_gid.cf
virtual_mailbox_base = /
virtual_mailbox_domains = mysql:/etc/postfix/mysql_domains.cf
virtual_mailbox_maps = mysql:/etc/postfix/mysql_mailbox.cf
virtual_minimum_uid = 5000
virtual_transport = dovecot:
virtual_uid_maps = mysql:/etc/postfix/mysql_uid.cf

It's pretty much a default ubuntu install, only added the virtual stuff
myself.
Thanks for the help.

- Rene


On Wed, Nov 11, 2009 at 4:41 PM, Jerry <gesbbb at yahoo.com> wrote:

> On Wed, 11 Nov 2009 15:45:33 +0100
> Rene Bakkum <rene.bakkum at gmail.com> replied:
>
> > Hello all,
> >
> > I am struggeling to get my Dovecot SASL to work within postfix. I
> > have used the configuration example listed on the main-site of
> > dovecot and it basically isn't giving me any success at all. I am
> > probably missing something easy, but after spending a few days
> > testing and walking through everything I could think about I thought
> > figured it was better to ask :) Hope someone can point me to the
> > right direction.
> >
> > My setup is that I have installed Ubuntu 9.04 (64bit), postfix and
> > dovecot linked to a MySQL database. The services are using maildirs
> > which are stored locally (no NFS). Postfix is using the LDA from
> > dovecot to deliver the mail and dovecot is used for IMAP and POP3.
> > This is working and no problems at all so far. The problem starts
> > when I just want to enable the SASL authentication from Dovecot. I
> > used the 'guide' posted on
> > http://wiki.dovecot.org/HowTo/PostfixAndDovecotSASL
> >
> > When I try to telnet to port 25 (smtp) than I doesn't looks like the
> > SASL is working...
> > 220 mail003 ESMTP Postfix (Ubuntu)
> > ehlo localhost
> > 250-mail003
> > 250-PIPELINING
> > 250-SIZE 10240000
> > 250-VRFY
> > 250-ETRN
> > 250-STARTTLS
> > 250-ENHANCEDSTATUSCODES
> > 250-8BITMIME
> > 250 DSN
> >
> > Anything I missed in my configuration from either postfix/dovecot?
> > root at mail003:/etc/postfix# dovecot --version
> > 1.1.11
> > root at mail003:~# dpkg-query -l postfix
> >
> +++-==============-==============-============================================
> > ii  postfix        2.5.5-1.1      High-performance mail transport
> > agent
> >
> > Here are my configurations of both:
> > root at mail003:/etc/postfix# dovecot -n
> > # 1.1.11: /etc/dovecot/dovecot.conf
> > # OS: Linux 2.6.28-16-server x86_64 Ubuntu 9.04 ext4
> > log_timestamp: %Y-%m-%d %H:%M:%S
> > protocols: imap pop3 imaps pop3s managesieve
> > ssl_cert_file: /etc/ssl/certs/ssl-mail.pem
> > ssl_key_file: /etc/ssl/private/ssl-mail.key
> > ssl_cipher_list:
> > ALL:!LOW:!SSLv2:ALL:!aNULL:!ADH:!eNULL:!EXP:RC4+RSA:+HIGH:+MEDIUM
> > login_dir: /var/run/dovecot/login
> > login_executable(default): /usr/lib/dovecot/imap-login
> > login_executable(imap): /usr/lib/dovecot/imap-login
> > login_executable(pop3): /usr/lib/dovecot/pop3-login
> > login_executable(managesieve): /usr/lib/dovecot/managesieve-login
> > login_greeting_capability(default): yes
> > login_greeting_capability(imap): yes
> > login_greeting_capability(pop3): no
> > login_greeting_capability(managesieve): no
> > mail_max_userip_connections(default): 10
> > mail_max_userip_connections(imap): 10
> > mail_max_userip_connections(pop3): 3
> > mail_max_userip_connections(managesieve): 10
> > mail_privileged_group: mail
> > mail_uid: 5000
> > mail_gid: 5000
> > mail_location: maildir:/home/vmail/%d/%n/.Maildir
> > mail_executable(default): /usr/lib/dovecot/imap
> > mail_executable(imap): /usr/lib/dovecot/imap
> > mail_executable(pop3): /usr/lib/dovecot/pop3
> > mail_executable(managesieve): /usr/lib/dovecot/managesieve
> > mail_plugin_dir(default): /usr/lib/dovecot/modules/imap
> > mail_plugin_dir(imap): /usr/lib/dovecot/modules/imap
> > mail_plugin_dir(pop3): /usr/lib/dovecot/modules/pop3
> > mail_plugin_dir(managesieve): /usr/lib/dovecot/modules/managesieve
> > imap_client_workarounds(default): outlook-idle delay-newmail
> > imap_client_workarounds(imap): outlook-idle delay-newmail
> > imap_client_workarounds(pop3):
> > imap_client_workarounds(managesieve):
> > pop3_client_workarounds(default):
> > pop3_client_workarounds(imap):
> > pop3_client_workarounds(pop3): outlook-no-nuls oe-ns-eoh
> > pop3_client_workarounds(managesieve):
> > sieve_storage(default):
> > sieve_storage(imap):
> > sieve_storage(pop3):
> > sieve_storage(managesieve): ~/sieve
> > sieve(default):
> > sieve(imap):
> > sieve(pop3):
> > sieve(managesieve): ~/.dovecot.sieve
> > auth default:
> >   mechanisms: plain login
> >   passdb:
> >     driver: sql
> >     args: /etc/dovecot/dovecot-sql.conf
> >   userdb:
> >     driver: sql
> >     args: /etc/dovecot/dovecot-sql.conf
> >   socket:
> >     type: listen
> >     client:
> >       path: /var/spool/postfix/private/dovecot-auth
> >       mode: 432
> >       user: postfix
> >       group: postfix
> >     master:
> >       path: /var/run/dovecot/auth-master
> >       mode: 384
> >       user: vmail
> >       group: vmail
> >
> > root at mail003:/etc/postfix# postconf | grep sasl
> > broken_sasl_auth_clients = yes
> > cyrus_sasl_config_path =
> > lmtp_sasl_auth_cache_name =
> > lmtp_sasl_auth_cache_time = 90d
> > lmtp_sasl_auth_enable = no
> > lmtp_sasl_auth_soft_bounce = yes
> > lmtp_sasl_mechanism_filter =
> > lmtp_sasl_password_maps =
> > lmtp_sasl_path =
> > lmtp_sasl_security_options = noplaintext, noanonymous
> > lmtp_sasl_tls_security_options = $lmtp_sasl_security_options
> > lmtp_sasl_tls_verified_security_options =
> > $lmtp_sasl_tls_security_options lmtp_sasl_type = cyrus
> > proxy_write_maps = $smtp_sasl_auth_cache_name
> > $lmtp_sasl_auth_cache_name send_cyrus_sasl_authzid = no
> > smtp_sasl_auth_cache_name =
> > smtp_sasl_auth_cache_time = 90d
> > smtp_sasl_auth_enable = no
> > smtp_sasl_auth_soft_bounce = yes
> > smtp_sasl_mechanism_filter =
> > smtp_sasl_password_maps =
> > smtp_sasl_path =
> > smtp_sasl_security_options = noplaintext, noanonymous
> > smtp_sasl_tls_security_options = $smtp_sasl_security_options
> > smtp_sasl_tls_verified_security_options =
> > $smtp_sasl_tls_security_options smtp_sasl_type = cyrus
> > smtpd_recipient_restrictions = reject_unknown_sender_domain,
> > reject_unknown_recipient_domain, reject_unauth_pipelining,
> > permit_mynetworks, permit_sasl_authenticated,
> > reject_unauth_destination smtpd_sasl_auth_enable = yes
> > smtpd_sasl_authenticated_header = yes
> > smtpd_sasl_exceptions_networks =
> > smtpd_sasl_local_domain = $myhostname
> > smtpd_sasl_path = private/dovecot-auth
> > smtpd_sasl_security_options = noanonymous
> > smtpd_sasl_tls_security_options = $smtpd_sasl_security_options
> > smtpd_sasl_type = dovecot
> >
> >
> > Any ideas?
> > Thanks for the response.
> > - Rene
>
> Use "postconf -n" to obtain what Postfix actually sees. All you are
> showing is what is entered in the Postfix main.cf file. You can easily
> enter garbage into that file that Postfix will ignore. Also, post the
> complete output. Snippets are useless.
>
> --
> Jerry
> gesbbb at yahoo.com
>
> |::::=======
> |::::=======
> |===========
> |===========
> |
>
> Why, every one as they like; as the good woman said when she
> kissed her cow.
>
>
>        Rabelais
>
>


More information about the dovecot mailing list