Struggling to get dovecot working with postfix auth

Thu Oct 11 14:21:03 EEST 2018

On Thursday, October 11, 2018 12:07 PM, Ralph Seichter <m16+dovecot at monksofcool.net> wrote:

> On 11.10.18 11:30, Laura Smith wrote:
>
> > unix_listener /var/spool/postfix-authrelay/private/dovecot-auth {
> > group = postfix
> > mode = 0666
> > user = postfix
> > }
>
> I suggest using "mode = 0660" instead.

Makes no difference.

>
> > Dovecot is unable to create the socket ?
>
> What exactly do the logs show?

Erm, they show exactly what I posted earlier ?

2018-10-11T12:14:15.467791+01:00 X dovecot: master: Error: bind(/var/spool/postfix-authrelay/private/dovecot-auth) failed: Permission denied
2018-10-11T12:14:15.468094+01:00 X dovecot: master: Error: service(auth): net_listen_unix(/var/spool/postfix-authrelay/private/dovecot-auth) failed: Permission denied
2018-10-11T12:14:15.468216+01:00 X dovecot: master: Fatal: Failed to start listeners

>
> > postconf -c /etc/postfix-authrelay | fgrep sasl
>
> As described inhttp://www.postfix.org/DEBUG_README.html please use
> "postconf -n".
>

alias_database =
alias_maps =
append_dot_mydomain = no
authorized_submit_users =
command_directory = /usr/sbin
compatibility_level = 2
config_directory = /etc/postfix-authrelay
daemon_directory = /usr/lib/postfix/bin/
data_directory = /var/lib/postfix-authrelay
disable_vrfy_command = yes
html_directory = /usr/share/doc/packages/postfix-doc/html
inet_interfaces = 198.51.100.168
inet_protocols = ipv4
local_recipient_maps =
local_transport = error:5.1.1 Mailbox unavailable
mail_owner = postfix
mail_spool_directory = /var/mail
mailq_path = /usr/bin/mailq
manpage_directory = /usr/share/man
message_size_limit = 20480000
milter_default_action = accept
milter_mail_macros = i {mail_addr} {daemon_addr} {client_name} {auth_authen}
milter_protocol = 2
multi_instance_enable = yes
multi_instance_name = postfix-authrelay
mydestination =
mydomain = example.com
myhostname = X.example.com
mynetworks = 127.0.0.0/8,192.168.107.0/24,192.168.109.0/24
mynetworks_style = subnet
myorigin = $mydomain
newaliases_path = /usr/bin/newaliases
non_smtpd_milters = inet:localhost:8891
parent_domain_matches_subdomains =
queue_directory = /var/spool/postfix-authrelay
readme_directory = /usr/share/doc/packages/postfix-doc/README_FILES
relay_domains =
sample_directory = /usr/share/doc/packages/postfix-doc/samples
sendmail_path = /usr/sbin/sendmail
setgid_group = maildrop
smtp_bind_address = 198.51.100.168
smtp_sasl_auth_enable = no
smtpd_banner = $myhostname ESMTP
smtpd_milters = inet:localhost:8891
smtpd_recipient_restrictions =
    permit_mynetworks,permit_sasl_authenticated,reject_unauth_destination
smtpd_relay_restrictions =
    permit_mynetworks,permit_sasl_authenticated,reject_unauth_destination
smtpd_sasl_auth_enable = yes
smtpd_sasl_local_domain = $myhostname
smtpd_sasl_path = inet:localhost:7425
smtpd_sasl_security_options = noanonymous
smtpd_sasl_type = dovecot
smtpd_tls_auth_only = yes
smtpd_tls_cert_file = ${config_directory}/ssl_certs/star_example_com.pem
smtpd_tls_dh1024_param_file = ${config_directory}/ssl_certs/dh2048.pem
smtpd_tls_dh512_param_file = ${config_directory}/ssl_certs/dh512.pem
smtpd_tls_eecdh_grade = strong
smtpd_tls_key_file = ${config_directory}/ssl_certs/X_workremote_eu.key
smtpd_tls_mandatory_ciphers = high
smtpd_tls_mandatory_protocols = TLSv1.2,!TLSv1.1, !TLSv1, !SSLv2, !SSLv3
smtpd_tls_security_level = encrypt
smtputf8_enable = no
tls_eecdh_strong_curve = prime256v1
tls_preempt_cipherlist = yes
unknown_local_recipient_reject_code = 550