No AUTH PLAIN with dovecot 2.0.19

Reindl Harald h.reindl at thelounge.net
Mon Sep 29 14:00:59 UTC 2014 

Am 29.09.2014 um 15:51 schrieb Michael Wechner:
> Am 29.09.14 15:30, schrieb Reindl Harald:
> 
>> Am 29.09.2014 um 15:21 schrieb Michael Wechner:
>>>
>>> Hi Harald
>>>
>>> Thanks very much for your quick reply. Please see my answers inline below
>>>
>>>> telnet is worthless because AUTH is likely announced *after STARTTLS*
>>>> http://www.postfix.org/postconf.5.html#smtp_sasl_security_options
>>>
>>> right, but when requesting for example mail.wyona.com, then I can see
> AUTH
> 
>> depends on the servers configuration
> 
>>> hence I would assume to see it also for the new version of postfix
>>> and dovecot, or do I misunderstand something?
> 
>> yes, you did not read
> http://www.postfix.org/postconf.5.html#smtp_sasl_security_options
> 
>> if the server is configured in a way it offers AUTH only
>> over a encrypted channel (recommended) then you need to
>> use STARTTLS before you see the capability and for that
>> telnet is just the wrong tool
> 
> the new server config reads (postfix mail_version = 2.7.0):
> 
> smtpd_sasl_auth_enable = yes
> smtpd_sasl_type = dovecot
> smtpd_sasl_path = private/dovecot-auth
> smtpd_sasl_authenticated_header = yes
> smtpd_sasl_security_options = noanonymous
> smtpd_sasl_local_domain = $myhostname
> broken_sasl_auth_clients = yes
> smtpd_recipient_restrictions = reject_unknown_sender_domain,
> reject_unknown_recipient_domain, reject_unauth_pipelining,
> permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination
> smtpd_sender_restrictions = reject_unknown_sender_domain

* check postfix master.cf for chroot - only explicit "n" disabled it
* check configuration of the private/dovecot-auth (permissions and so on)
* look at your logs careful
____________________________________________________________________

that is my part in dovecot.conf:

service auth {
  unix_listener /var/spool/postfix/private/auth {
  mode = 0660
  user = postfix
  group = postfix
 }
}
____________________________________________________________________

that's my part in postfix's main.cf:

smtpd_sasl_auth_enable  = yes
smtpd_sasl_type = dovecot
smtpd_sasl_path = private/auth
____________________________________________________________________

well, both are unchanged for a very long time and survived
a lot of dist-upgrades (Fedora) as well as Dovecot/Postfix

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 181 bytes
Desc: OpenPGP digital signature
URL: <http://dovecot.org/pipermail/dovecot/attachments/20140929/be03e0b4/attachment.sig>

More information about the dovecot mailing list