[Dovecot] Postfix and Dovecot SASL

[Jerry]

On Wed, 11 Nov 2009 17:49:22 +0100
Rene Bakkum <rene.bakkum at gmail.com> replied:

> root at mail003:/etc/dovecot# postconf -n
> alias_database = hash:/etc/aliases
> alias_maps = hash:/etc/aliases
> append_dot_mydomain = no
> biff = no
> broken_sasl_auth_clients = yes
> config_directory = /etc/postfix
> home_mailbox = Maildir/
> inet_interfaces = all
> mailbox_command = /usr/lib/dovecot/deliver -c
> /etc/dovecot/dovecot-postfix.conf -n -m "${EXTENSION}"
> mailbox_size_limit = 0
> mydestination = mail003.mydomain.nl, localhost.mydomain.nl, ,
> localhost myhostname = mail003.mydomain.nl
> mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128
> myorigin = /etc/mailname
> readme_directory = no
> recipient_delimiter = +
> relayhost =
> smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
> smtp_use_tls = yes
> smtpd_banner = $myhostname ESMTP $mail_name (Ubuntu)
> smtpd_recipient_restrictions = reject_unknown_sender_domain,
> reject_unknown_recipient_domain, reject_unauth_pipelining,
> permit_mynetworks, permit_sasl_authenticated,
> reject_unauth_destination smtpd_sasl_auth_enable = yes
> smtpd_sasl_authenticated_header = yes
> smtpd_sasl_local_domain = $myhostname
> smtpd_sasl_path = private/dovecot-auth
> smtpd_sasl_security_options = noanonymous
> smtpd_sasl_type = dovecot
> smtpd_sender_restrictions = reject_unknown_sender_domain
> smtpd_tls_auth_only = yes
> smtpd_tls_cert_file = /etc/ssl/certs/ssl-mail.pem
> smtpd_tls_key_file = /etc/ssl/private/ssl-mail.key
> smtpd_tls_mandatory_ciphers = medium, high
> smtpd_tls_mandatory_protocols = SSLv3, TLSv1
> smtpd_tls_received_header = yes
> smtpd_tls_session_cache_database =
> btree:${data_directory}/smtpd_scache smtpd_use_tls = yes
> tls_random_source = dev:/dev/urandom
> virtual_alias_maps = mysql:/etc/postfix/mysql_alias.cf
> virtual_gid_maps = mysql:/etc/postfix/mysql_gid.cf
> virtual_mailbox_base = /
> virtual_mailbox_domains = mysql:/etc/postfix/mysql_domains.cf
> virtual_mailbox_maps = mysql:/etc/postfix/mysql_mailbox.cf
> virtual_minimum_uid = 5000
> virtual_transport = dovecot:
> virtual_uid_maps = mysql:/etc/postfix/mysql_uid.cf

Please don't top post. It makes following this thread much harder
than necessary.

Your configuration does not follow the recommendations on the Postfix
site: http://www.postfix.org/SASL_README.html

Starting with this one:

/etc/postfix/main.cf:
    smtpd_sasl_type = dovecot
    smtpd_sasl_path = private/auth

/some/where/dovecot.conf:
    auth default {
      mechanisms = plain login
      passdb pam {
      }
      userdb passwd {
      }
      socket listen {
        client {
          path = /var/spool/postfix/private/auth
          mode = 0660
          user = postfix
          group = postfix
        }
      }
    }

Your user, group and mode settings are completely different. Your
settings are no doubt different on your system. However, the mode, user
and group settings might be the cause of the problem. If I am
not mistaken, Postfix does not use the virtual user/group ID to access
SASL. You might want to post this on the Postfix forum if you cannot
get the problem resolved here.

I use FreeBSD-7.2 with Postfix (2.7-20091008), with Cyrus-SASL2 and
SQL as the back end; therefore, I cannot personally test your
configuration.

-- 
Jerry
gesbbb at yahoo.com

|::::=======
|::::=======
|===========
|===========
|

Two is company, three is an orgy.