[Dovecot] Dovecot 2.0.x + Sendmail 8.14.4 SMTP AUTH not working

Serhiy Kolesnyk skolesnyk at gmail.com
Sat Jul 30 01:58:56 EEST 2011 

Hello!

After moving from Centos 5.6 to Centos 6, I figured that Sendmail
minor version was updated from 8.13.x to 8.14 and Dovecto from 1.2 to
2.0.x

In previous configuration SMTP auth worked fine (no SASAUTHD
neccessary) for virtual users table. Dovecot was authenticating
virtual users virtual checking dovecot.passwd file. I'm not sure how
Sendmail was processing SMTP AUTH for virtual users connecting via
email clients since there was no obvious connection to Dovecot
authentication. But SMTP AUTH was working and virtual users could send
email via SSL.

Now after this recent upgrade I looked into Dovecot conf changes and
updated it according. POP/IMAP are working and Sendmail does deliver
incoming mail to the mbox folders.

What stopped working is SMTP AUTH.

Here's maillog excerpt of authentication process:
Jul 29 23:46:11 one2action sendmail[2865]: AUTH: available
mech=CRAM-MD5 DIGEST-MD5 LOGIN GSSAPI PLAIN, allowed mech=LOGIN PLAIN
Jul 29 23:46:11 one2action sendmail[2865]: STARTTLS=server,
get_verify: 0 get_peer: 0x0
Jul 29 23:46:11 one2action sendmail[2865]: STARTTLS=server,
relay=136-31-132-95.pool.ukrtel.net [95.132.31.136],
version=TLSv1/SSLv3, verify=NO, cipher=RC4-MD5, bits=128/128
Jul 29 23:46:11 one2action sendmail[2865]: STARTTLS=server,
cert-subject=, cert-issuer=, verifymsg=ok
Jul 29 23:46:11 one2action sendmail[2865]: AUTH: available
mech=CRAM-MD5 DIGEST-MD5 LOGIN GSSAPI PLAIN, allowed mech=LOGIN PLAIN
Jul 29 23:46:11 one2action sendmail[2865]: p6TMkB95002865: --- 220
one2action.com ESMTP Sendmail 8.14.4/8.14.4; Fri, 29 Jul 2011 23:46:11
+0100
Jul 29 23:46:11 one2action sendmail[2865]: STARTTLS=read, info: fds=8/4, err=2
Jul 29 23:46:12 one2action sendmail[2865]: p6TMkB95002865: <-- EHLO astronaut
Jul 29 23:46:12 one2action sendmail[2865]: p6TMkB95002865: ---
250-one2action.com Hello 136-31-132-95.pool.ukrtel.net
[95.132.31.136], pleased to meet you
Jul 29 23:46:12 one2action sendmail[2865]: p6TMkB95002865: ---
250-ENHANCEDSTATUSCODES
Jul 29 23:46:12 one2action sendmail[2865]: p6TMkB95002865: --- 250-PIPELINING
Jul 29 23:46:12 one2action sendmail[2865]: p6TMkB95002865: --- 250-8BITMIME
Jul 29 23:46:12 one2action sendmail[2865]: p6TMkB95002865: --- 250-SIZE
Jul 29 23:46:12 one2action sendmail[2865]: p6TMkB95002865: --- 250-DSN
Jul 29 23:46:12 one2action sendmail[2865]: p6TMkB95002865: --- 250-ETRN
Jul 29 23:46:12 one2action sendmail[2865]: p6TMkB95002865: ---
250-AUTH LOGIN PLAIN
Jul 29 23:46:12 one2action sendmail[2865]: p6TMkB95002865: --- 250-DELIVERBY
Jul 29 23:46:12 one2action sendmail[2865]: p6TMkB95002865: --- 250 HELP
Jul 29 23:46:12 one2action sendmail[2865]: STARTTLS=read, info: fds=8/4, err=2
Jul 29 23:46:12 one2action sendmail[2865]: p6TMkB95002865: <-- AUTH LOGIN
Jul 29 23:46:12 one2action sendmail[2865]: p6TMkB95002865: --- 334 VXNlcm5hbWU6
Jul 29 23:46:12 one2action sendmail[2865]: STARTTLS=read, info: fds=8/4, err=2
Jul 29 23:46:12 one2action sendmail[2865]: p6TMkB95002865: --- 334 UGFzc3dvcmQ6
Jul 29 23:46:12 one2action sendmail[2865]: STARTTLS=read, info: fds=8/4, err=2
Jul 29 23:46:12 one2action sendmail[2865]: p6TMkB95002865: --- 535
5.7.0 authentication failed
Jul 29 23:46:12 one2action sendmail[2865]: p6TMkB95002865: AUTH
failure (LOGIN): generic failure (-1) SASL(-1): generic failure:
checkpass failed, relay=136-31-132-95.pool.ukrtel.net [95.132.31.136]
Jul 29 23:46:12 one2action sendmail[2865]: STARTTLS=read, info: fds=8/4, err=2
Jul 29 23:46:12 one2action sendmail[2865]: p6TMkB95002865: --- 421
4.4.1 one2action.com Lost input channel from
136-31-132-95.pool.ukrtel.net [95.132.31.136]
Jul 29 23:46:12 one2action sendmail[2865]: p6TMkB95002865: lost input
channel from 136-31-132-95.pool.ukrtel.net [95.132.31.136] to TLSMTA
after auth
Jul 29 23:46:12 one2action sendmail[2865]: p6TMkB95002865:
136-31-132-95.pool.ukrtel.net [95.132.31.136] did not issue
MAIL/EXPN/VRFY/ETRN during connection to TLSMTA

Here's dovecot -n

# dovecot -n
# 2.0.beta6 (3156315704ef): /etc/dovecot/dovecot.conf
# OS: Linux 2.6.39.1-linode34 i686 CentOS Linux release 6.0 (Final)
auth_cache_negative_ttl = 3600 s
auth_debug_passwords = yes
auth_mechanisms = plain login DIGEST-MD5 cram-md5
auth_worker_max_count = 3
default_client_limit = 10
default_process_limit = 5
disable_plaintext_auth = no
listen = *
log_path = /var/log/dovecot.log
mail_location = mbox:~/mail:INBOX=/var/mail/%u
mail_privileged_group = mail
mbox_write_locks = fcntl
passdb {
  args = scheme=MD5-CRYPT username_format=%u /etc/dovecot/dovecot.passwd
  driver = passwd-file
}
passdb {
  args = dovecot
  driver = pam
}
passdb {
  args = /etc/passwd
  driver = passwd-file
}
protocols = imap pop3
service auth {
  unix_listener /var/spool/postfix/private/auth {
    group = postfix
    mode = 0660
    user = postfix
  }
  unix_listener auth-userdb {
    group = smmsp
    mode = 0666
    user = smmsp
  }
  unix_listener dovecot-auth {
    group = smmsp
    mode = 0666
    user = smmsp
  }
}
service imap-login {
  inet_listener imaps {
    port = 993
    ssl = yes
  }
}
service pop3-login {
  inet_listener pop3s {
    port = 995
    ssl = yes
  }
}
ssl_cert = </etc/pki/tls/certs/sendmail.pem
ssl_cipher_list = TLSv1+HIGH:!SSLv2:RC4+MEDIUM:!aNULL:!eNULL:!3DES:@STRENGTH
ssl_key = </etc/pki/tls/certs/sendmail.pem
userdb {
  args = username_format=%u /etc/dovecot/dovecot.passwd
  driver = passwd-file
}
protocol lda {
  auth_socket_path = /var/run/dovecot/auth-master
  postmaster_address = postmaster at example.com
}
protocol imap {
  imap_client_workarounds = delay-newmail
}
protocol pop3 {
  pop3_client_workarounds = outlook-no-nuls oe-ns-eoh
  pop3_uidl_format = %08Xu%08Xv
}

As I understand Sendmail now can't find Dovecot authentication via
userdb and that's why a client isn't authenticated. Please help.

More information about the dovecot mailing list