Postfix and Dovecot SASL

> Hello all,
>
> I am struggeling to get my Dovecot SASL to work within postfix. I
> have used the configuration example listed on the main-site of
> dovecot and it basically isn't giving me any success at all. I am
> probably missing something easy, but after spending a few days
> testing and walking through everything I could think about I thought
> figured it was better to ask :) Hope someone can point me to the
> right direction.
>
> My setup is that I have installed Ubuntu 9.04 (64bit), postfix and
> dovecot linked to a MySQL database. The services are using maildirs
> which are stored locally (no NFS). Postfix is using the LDA from
> dovecot to deliver the mail and dovecot is used for IMAP and POP3.
> This is working and no problems at all so far. The problem starts
> when I just want to enable the SASL authentication from Dovecot. I
> used the 'guide' posted on
> http://wiki.dovecot.org/HowTo/PostfixAndDovecotSASL
>
> When I try to telnet to port 25 (smtp) than I doesn't looks like the
> SASL is working...
> 220 mail003 ESMTP Postfix (Ubuntu)
> ehlo localhost
> 250-mail003
> 250-PIPELINING
> 250-SIZE 10240000
> 250-VRFY
> 250-ETRN
> 250-STARTTLS
> 250-ENHANCEDSTATUSCODES
> 250-8BITMIME
> 250 DSN
>
> Anything I missed in my configuration from either postfix/dovecot?
> root@mail003:/etc/postfix# dovecot --version
> 1.1.11
> root@mail003:~# dpkg-query -l postfix
> +++-==============-==============-============================================
> ii  postfix        2.5.5-1.1      High-performance mail transport
> agent
>
> Here are my configurations of both:
> root@mail003:/etc/postfix# dovecot -n
> # 1.1.11: /etc/dovecot/dovecot.conf
> # OS: Linux 2.6.28-16-server x86_64 Ubuntu 9.04 ext4
> log_timestamp: %Y-%m-%d %H:%M:%S
> protocols: imap pop3 imaps pop3s managesieve
> ssl_cert_file: /etc/ssl/certs/ssl-mail.pem
> ssl_key_file: /etc/ssl/private/ssl-mail.key
> ssl_cipher_list:
> ALL:!LOW:!SSLv2:ALL:!aNULL:!ADH:!eNULL:!EXP:RC4+RSA:+HIGH:+MEDIUM
> login_dir: /var/run/dovecot/login
> login_executable(default): /usr/lib/dovecot/imap-login
> login_executable(imap): /usr/lib/dovecot/imap-login
> login_executable(pop3): /usr/lib/dovecot/pop3-login
> login_executable(managesieve): /usr/lib/dovecot/managesieve-login
> login_greeting_capability(default): yes
> login_greeting_capability(imap): yes
> login_greeting_capability(pop3): no
> login_greeting_capability(managesieve): no
> mail_max_userip_connections(default): 10
> mail_max_userip_connections(imap): 10
> mail_max_userip_connections(pop3): 3
> mail_max_userip_connections(managesieve): 10
> mail_privileged_group: mail
> mail_uid: 5000
> mail_gid: 5000
> mail_location: maildir:/home/vmail/%d/%n/.Maildir
> mail_executable(default): /usr/lib/dovecot/imap
> mail_executable(imap): /usr/lib/dovecot/imap
> mail_executable(pop3): /usr/lib/dovecot/pop3
> mail_executable(managesieve): /usr/lib/dovecot/managesieve
> mail_plugin_dir(default): /usr/lib/dovecot/modules/imap
> mail_plugin_dir(imap): /usr/lib/dovecot/modules/imap
> mail_plugin_dir(pop3): /usr/lib/dovecot/modules/pop3
> mail_plugin_dir(managesieve): /usr/lib/dovecot/modules/managesieve
> imap_client_workarounds(default): outlook-idle delay-newmail
> imap_client_workarounds(imap): outlook-idle delay-newmail
> imap_client_workarounds(pop3):
> imap_client_workarounds(managesieve):
> pop3_client_workarounds(default):
> pop3_client_workarounds(imap):
> pop3_client_workarounds(pop3): outlook-no-nuls oe-ns-eoh
> pop3_client_workarounds(managesieve):
> sieve_storage(default):
> sieve_storage(imap):
> sieve_storage(pop3):
> sieve_storage(managesieve): ~/sieve
> sieve(default):
> sieve(imap):
> sieve(pop3):
> sieve(managesieve): ~/.dovecot.sieve
> auth default:
>   mechanisms: plain login
>   passdb:
>     driver: sql
>     args: /etc/dovecot/dovecot-sql.conf
>   userdb:
>     driver: sql
>     args: /etc/dovecot/dovecot-sql.conf
>   socket:
>     type: listen
>     client:
>       path: /var/spool/postfix/private/dovecot-auth
>       mode: 432
>       user: postfix
>       group: postfix
>     master:
>       path: /var/run/dovecot/auth-master
>       mode: 384
>       user: vmail
>       group: vmail
>
> root@mail003:/etc/postfix# postconf | grep sasl
> broken_sasl_auth_clients = yes
> cyrus_sasl_config_path =
> lmtp_sasl_auth_cache_name =
> lmtp_sasl_auth_cache_time = 90d
> lmtp_sasl_auth_enable = no
> lmtp_sasl_auth_soft_bounce = yes
> lmtp_sasl_mechanism_filter =
> lmtp_sasl_password_maps =
> lmtp_sasl_path =
> lmtp_sasl_security_options = noplaintext, noanonymous
> lmtp_sasl_tls_security_options = $lmtp_sasl_security_options
> lmtp_sasl_tls_verified_security_options =
> $lmtp_sasl_tls_security_options lmtp_sasl_type = cyrus
> proxy_write_maps = $smtp_sasl_auth_cache_name
> $lmtp_sasl_auth_cache_name send_cyrus_sasl_authzid = no
> smtp_sasl_auth_cache_name =
> smtp_sasl_auth_cache_time = 90d
> smtp_sasl_auth_enable = no
> smtp_sasl_auth_soft_bounce = yes
> smtp_sasl_mechanism_filter =
> smtp_sasl_password_maps =
> smtp_sasl_path =
> smtp_sasl_security_options = noplaintext, noanonymous
> smtp_sasl_tls_security_options = $smtp_sasl_security_options
> smtp_sasl_tls_verified_security_options =
> $smtp_sasl_tls_security_options smtp_sasl_type = cyrus
> smtpd_recipient_restrictions = reject_unknown_sender_domain,
> reject_unknown_recipient_domain, reject_unauth_pipelining,
> permit_mynetworks, permit_sasl_authenticated,
> reject_unauth_destination smtpd_sasl_auth_enable = yes
> smtpd_sasl_authenticated_header = yes
> smtpd_sasl_exceptions_networks =
> smtpd_sasl_local_domain = $myhostname
> smtpd_sasl_path = private/dovecot-auth
> smtpd_sasl_security_options = noanonymous
> smtpd_sasl_tls_security_options = $smtpd_sasl_security_options
> smtpd_sasl_type = dovecot
>
>
> Any ideas?
> Thanks for the response.
> - Rene

> On Wed, 11 Nov 2009 15:45:33 +0100
> Rene Bakkum <rene.bakkum@...> replied:
>
> > Hello all,
> >
> > I am struggeling to get my Dovecot SASL to work within postfix. I
> > have used the configuration example listed on the main-site of
> > dovecot and it basically isn't giving me any success at all. I am
> > probably missing something easy, but after spending a few days
> > testing and walking through everything I could think about I thought
> > figured it was better to ask :) Hope someone can point me to the
> > right direction.
> >
> > My setup is that I have installed Ubuntu 9.04 (64bit), postfix and
> > dovecot linked to a MySQL database. The services are using maildirs
> > which are stored locally (no NFS). Postfix is using the LDA from
> > dovecot to deliver the mail and dovecot is used for IMAP and POP3.
> > This is working and no problems at all so far. The problem starts
> > when I just want to enable the SASL authentication from Dovecot. I
> > used the 'guide' posted on
> > http://wiki.dovecot.org/HowTo/PostfixAndDovecotSASL
> >
> > When I try to telnet to port 25 (smtp) than I doesn't looks like the
> > SASL is working...
> > 220 mail003 ESMTP Postfix (Ubuntu)
> > ehlo localhost
> > 250-mail003
> > 250-PIPELINING
> > 250-SIZE 10240000
> > 250-VRFY
> > 250-ETRN
> > 250-STARTTLS
> > 250-ENHANCEDSTATUSCODES
> > 250-8BITMIME
> > 250 DSN
> >
> > Anything I missed in my configuration from either postfix/dovecot?
> > root@mail003:/etc/postfix# dovecot --version
> > 1.1.11
> > root@mail003:~# dpkg-query -l postfix
> >
> +++-==============-==============-============================================
> > ii  postfix        2.5.5-1.1      High-performance mail transport
> > agent
> >
> > Here are my configurations of both:
> > root@mail003:/etc/postfix# dovecot -n
> > # 1.1.11: /etc/dovecot/dovecot.conf
> > # OS: Linux 2.6.28-16-server x86_64 Ubuntu 9.04 ext4
> > log_timestamp: %Y-%m-%d %H:%M:%S
> > protocols: imap pop3 imaps pop3s managesieve
> > ssl_cert_file: /etc/ssl/certs/ssl-mail.pem
> > ssl_key_file: /etc/ssl/private/ssl-mail.key
> > ssl_cipher_list:
> > ALL:!LOW:!SSLv2:ALL:!aNULL:!ADH:!eNULL:!EXP:RC4+RSA:+HIGH:+MEDIUM
> > login_dir: /var/run/dovecot/login
> > login_executable(default): /usr/lib/dovecot/imap-login
> > login_executable(imap): /usr/lib/dovecot/imap-login
> > login_executable(pop3): /usr/lib/dovecot/pop3-login
> > login_executable(managesieve): /usr/lib/dovecot/managesieve-login
> > login_greeting_capability(default): yes
> > login_greeting_capability(imap): yes
> > login_greeting_capability(pop3): no
> > login_greeting_capability(managesieve): no
> > mail_max_userip_connections(default): 10
> > mail_max_userip_connections(imap): 10
> > mail_max_userip_connections(pop3): 3
> > mail_max_userip_connections(managesieve): 10
> > mail_privileged_group: mail
> > mail_uid: 5000
> > mail_gid: 5000
> > mail_location: maildir:/home/vmail/%d/%n/.Maildir
> > mail_executable(default): /usr/lib/dovecot/imap
> > mail_executable(imap): /usr/lib/dovecot/imap
> > mail_executable(pop3): /usr/lib/dovecot/pop3
> > mail_executable(managesieve): /usr/lib/dovecot/managesieve
> > mail_plugin_dir(default): /usr/lib/dovecot/modules/imap
> > mail_plugin_dir(imap): /usr/lib/dovecot/modules/imap
> > mail_plugin_dir(pop3): /usr/lib/dovecot/modules/pop3
> > mail_plugin_dir(managesieve): /usr/lib/dovecot/modules/managesieve
> > imap_client_workarounds(default): outlook-idle delay-newmail
> > imap_client_workarounds(imap): outlook-idle delay-newmail
> > imap_client_workarounds(pop3):
> > imap_client_workarounds(managesieve):
> > pop3_client_workarounds(default):
> > pop3_client_workarounds(imap):
> > pop3_client_workarounds(pop3): outlook-no-nuls oe-ns-eoh
> > pop3_client_workarounds(managesieve):
> > sieve_storage(default):
> > sieve_storage(imap):
> > sieve_storage(pop3):
> > sieve_storage(managesieve): ~/sieve
> > sieve(default):
> > sieve(imap):
> > sieve(pop3):
> > sieve(managesieve): ~/.dovecot.sieve
> > auth default:
> >   mechanisms: plain login
> >   passdb:
> >     driver: sql
> >     args: /etc/dovecot/dovecot-sql.conf
> >   userdb:
> >     driver: sql
> >     args: /etc/dovecot/dovecot-sql.conf
> >   socket:
> >     type: listen
> >     client:
> >       path: /var/spool/postfix/private/dovecot-auth
> >       mode: 432
> >       user: postfix
> >       group: postfix
> >     master:
> >       path: /var/run/dovecot/auth-master
> >       mode: 384
> >       user: vmail
> >       group: vmail
> >
> > root@mail003:/etc/postfix# postconf | grep sasl
> > broken_sasl_auth_clients = yes
> > cyrus_sasl_config_path =
> > lmtp_sasl_auth_cache_name =
> > lmtp_sasl_auth_cache_time = 90d
> > lmtp_sasl_auth_enable = no
> > lmtp_sasl_auth_soft_bounce = yes
> > lmtp_sasl_mechanism_filter =
> > lmtp_sasl_password_maps =
> > lmtp_sasl_path =
> > lmtp_sasl_security_options = noplaintext, noanonymous
> > lmtp_sasl_tls_security_options = $lmtp_sasl_security_options
> > lmtp_sasl_tls_verified_security_options =
> > $lmtp_sasl_tls_security_options lmtp_sasl_type = cyrus
> > proxy_write_maps = $smtp_sasl_auth_cache_name
> > $lmtp_sasl_auth_cache_name send_cyrus_sasl_authzid = no
> > smtp_sasl_auth_cache_name =
> > smtp_sasl_auth_cache_time = 90d
> > smtp_sasl_auth_enable = no
> > smtp_sasl_auth_soft_bounce = yes
> > smtp_sasl_mechanism_filter =
> > smtp_sasl_password_maps =
> > smtp_sasl_path =
> > smtp_sasl_security_options = noplaintext, noanonymous
> > smtp_sasl_tls_security_options = $smtp_sasl_security_options
> > smtp_sasl_tls_verified_security_options =
> > $smtp_sasl_tls_security_options smtp_sasl_type = cyrus
> > smtpd_recipient_restrictions = reject_unknown_sender_domain,
> > reject_unknown_recipient_domain, reject_unauth_pipelining,
> > permit_mynetworks, permit_sasl_authenticated,
> > reject_unauth_destination smtpd_sasl_auth_enable = yes
> > smtpd_sasl_authenticated_header = yes
> > smtpd_sasl_exceptions_networks =
> > smtpd_sasl_local_domain = $myhostname
> > smtpd_sasl_path = private/dovecot-auth
> > smtpd_sasl_security_options = noanonymous
> > smtpd_sasl_tls_security_options = $smtpd_sasl_security_options
> > smtpd_sasl_type = dovecot
> >
> >
> > Any ideas?
> > Thanks for the response.
> > - Rene
>
> Use "postconf -n" to obtain what Postfix actually sees. All you are
> showing is what is entered in the Postfix main.cf file. You can easily
> enter garbage into that file that Postfix will ignore. Also, post the
> complete output. Snippets are useless.
>
> --
> Jerry
> gesbbb@...
>
> |::::=======
> |::::=======
> |===========
> |===========
> |
>
> Why, every one as they like; as the good woman said when she
> kissed her cow.
>
>
>        Rabelais
>
>

> root@mail003:/etc/dovecot# postconf -n
> alias_database = hash:/etc/aliases
> alias_maps = hash:/etc/aliases
> append_dot_mydomain = no
> biff = no
> broken_sasl_auth_clients = yes
> config_directory = /etc/postfix
> home_mailbox = Maildir/
> inet_interfaces = all
> mailbox_command = /usr/lib/dovecot/deliver -c
> /etc/dovecot/dovecot-postfix.conf -n -m "${EXTENSION}"
> mailbox_size_limit = 0
> mydestination = mail003.mydomain.nl, localhost.mydomain.nl, ,
> localhost myhostname = mail003.mydomain.nl
> mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128
> myorigin = /etc/mailname
> readme_directory = no
> recipient_delimiter = +
> relayhost =
> smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
> smtp_use_tls = yes
> smtpd_banner = $myhostname ESMTP $mail_name (Ubuntu)
> smtpd_recipient_restrictions = reject_unknown_sender_domain,
> reject_unknown_recipient_domain, reject_unauth_pipelining,
> permit_mynetworks, permit_sasl_authenticated,
> reject_unauth_destination smtpd_sasl_auth_enable = yes
> smtpd_sasl_authenticated_header = yes
> smtpd_sasl_local_domain = $myhostname
> smtpd_sasl_path = private/dovecot-auth
> smtpd_sasl_security_options = noanonymous
> smtpd_sasl_type = dovecot
> smtpd_sender_restrictions = reject_unknown_sender_domain
> smtpd_tls_auth_only = yes
> smtpd_tls_cert_file = /etc/ssl/certs/ssl-mail.pem
> smtpd_tls_key_file = /etc/ssl/private/ssl-mail.key
> smtpd_tls_mandatory_ciphers = medium, high
> smtpd_tls_mandatory_protocols = SSLv3, TLSv1
> smtpd_tls_received_header = yes
> smtpd_tls_session_cache_database =
> btree:${data_directory}/smtpd_scache smtpd_use_tls = yes
> tls_random_source = dev:/dev/urandom
> virtual_alias_maps = mysql:/etc/postfix/mysql_alias.cf
> virtual_gid_maps = mysql:/etc/postfix/mysql_gid.cf
> virtual_mailbox_base = /
> virtual_mailbox_domains = mysql:/etc/postfix/mysql_domains.cf
> virtual_mailbox_maps = mysql:/etc/postfix/mysql_mailbox.cf
> virtual_minimum_uid = 5000
> virtual_transport = dovecot:
> virtual_uid_maps = mysql:/etc/postfix/mysql_uid.cf