Hi,
did it late but I finally upgraded my mailserver from FreeBSD 11.1 to 11.3. Im running a Postfix/Dovecot/MariaDB installation with virtual users and domains. Works without any issues until I finally did the upgrade. After the upgrade from Dovecot 2.2 to 2.3 I only had to add an entry for a missing dh.pem file plus the switch from ssl_protocol to ssl_min_protocol. But now the clients no longer can connect to the server and if sending out emails fails with "fatal: no SASL authentication mechanisms". I´ve found some posts but no one seems to be related to my problem. Here is my postconf -n output:
In addition here is dovecot -n
Any help is welcome.
Best regards,
Mike
did it late but I finally upgraded my mailserver from FreeBSD 11.1 to 11.3. Im running a Postfix/Dovecot/MariaDB installation with virtual users and domains. Works without any issues until I finally did the upgrade. After the upgrade from Dovecot 2.2 to 2.3 I only had to add an entry for a missing dh.pem file plus the switch from ssl_protocol to ssl_min_protocol. But now the clients no longer can connect to the server and if sending out emails fails with "fatal: no SASL authentication mechanisms". I´ve found some posts but no one seems to be related to my problem. Here is my postconf -n output:
Code:
biff = 0
compatibility_level = 2
disable_vrfy_command = yes
inet_interfaces = all
inet_protocols = ipv4
lmtp_tls_mandatory_protocols = !SSLv2, !SSLv3
lmtp_tls_protocols = !SSLv2, !SSLv3
maps_rbl_domains = blackholes.mail-abuse.org, bl.spamcop.net, inputs.orbz.org, outputs.orbz.org, proxies.blackholes.easynet.nl, zombie.dnsbl.sorbs.net, cbl.abuseat.org
message_size_limit = 409600000
milter_default_action = accept
milter_protocol = 2
mydestination =
myhostname = my.server.name
smtp_tls_CAfile = /usr/local/share/certs/ca-root-nss.crt
smtp_tls_loglevel = 1
smtp_tls_mandatory_protocols = !SSLv2, !SSLv3
smtp_tls_protocols = !SSLv2, !SSLv3
smtp_tls_security_level = may
smtpd_banner = my.server.name ESMTP $mail_name
smtpd_client_restrictions = permit_sasl_authenticated, permit_mynetworks, reject_rbl_client proxies.blackholes.easynet.nl, reject_rbl_client zombie.dnsbl.sorbs.net, reject_rbl_client cbl.abuseat.org, reject_rbl_client ix.dnsbl.manitu.net permit
smtpd_helo_required = yes
smtpd_helo_restrictions = permit_mynetworks, reject_invalid_hostname, regexp:/usr/local/etc/postfix/helo.regexp, permit
smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination, reject_invalid_hostname, reject_non_fqdn_sender, reject_unknown_sender_domain, reject_non_fqdn_recipient, reject_unknown_recipient_domain, reject_rbl_client cbl.abuseat.org, permit
smtpd_sasl_auth_enable = yes
smtpd_sasl_path = private/auth
smtpd_sasl_type = dovecot
smtpd_tls_CAfile = /usr/local/share/certs/ca-root-nss.crt
smtpd_tls_auth_only = yes
smtpd_tls_cert_file = /etc/ssl/certs/my.server.name-bundle.crt
smtpd_tls_key_file = /etc/ssl/private/my.server.name.key
smtpd_tls_loglevel = 1
smtpd_tls_mandatory_ciphers = high
smtpd_tls_mandatory_protocols = !SSLv2, !SSLv3
smtpd_tls_protocols = !SSLv2, !SSLv3
smtpd_tls_security_level = may
strict_rfc821_envelopes = yes
tls_high_cipherlist = EDH+CAMELLIA:EDH+aRSA:EECDH+aRSA+AESGCM:EECDH+aRSA+SHA256:EECDH:+CAMELLIA128:+AES128:+SSLv3:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!DSS:!RC4:!SEED:!IDEA:!ECDSA:kEDH:CAMELLIA128-SHA:AES128-SHA
tls_ssl_options = NO_COMPRESSION
unknown_address_reject_code = 554
unknown_client_reject_code = 554
unknown_hostname_reject_code = 554
virtual_alias_maps = mysql:/usr/local/etc/postfix/mysql-virtual-alias-maps.cf
virtual_mailbox_domains = mysql:/usr/local/etc/postfix/mysql-virtual-mailbox-domains.cf
virtual_mailbox_maps = mysql:/usr/local/etc/postfix/mysql-virtual-mailbox-maps.cf
virtual_transport = lmtp:unix:private/dovecot-lmtpIn addition here is dovecot -n
Code:
# 2.3.9.2 (cf2918cac): /usr/local/etc/dovecot/dovecot.conf
# Pigeonhole version 0.5.9 (db4e9a2f)
# OS: FreeBSD 11.3-RELEASE-p6 amd64 zfs
# Hostname: cato.bobkiecom.de
auth_mechanisms = plain login
log_path = /var/log/dovecot.log
mail_location = maildir:/usr/local/var/vmail/%d/%n/Maildir:INDEX=/usr/local/var/vmail/%d/%n/Maildir
managesieve_notify_capability = mailto
managesieve_sieve_capability = fileinto reject envelope encoded-character vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy include variables body enotify environment mailbox date index ihave duplicate mime foreverypart extracttext
namespace {
inbox = yes
location =
mailbox Drafts {
auto = subscribe
special_use = \Drafts
}
mailbox Junk {
auto = subscribe
special_use = \Junk
}
mailbox Sent {
auto = subscribe
special_use = \Sent
}
mailbox "Sent Messages" {
auto = no
special_use = \Sent
}
mailbox Spam {
auto = no
special_use = \Junk
}
mailbox Trash {
auto = subscribe
special_use = \Trash
}
prefix =
separator = /
type = private
}
passdb {
args = /usr/local/etc/dovecot/dovecot-sql.conf.ext
driver = sql
}
protocols = imap sieve lmtp
service auth {
unix_listener /var/spool/postfix/private/auth {
group = postfix
mode = 0666
user = postfix
}
}
service lmtp {
unix_listener /var/spool/postfix/private/dovecot-lmtp {
group = wheel
mode = 0600
user = postfix
}
}
service managesieve-login {
inet_listener sieve {
port = 4190
}
}
ssl_cert = </etc/ssl/certs/my.server.name-bundle.crt
ssl_cipher_list = EDH+CAMELLIA:EDH+aRSA:EECDH+aRSA+AESGCM:EECDH+aRSA+SHA256:EECDH:+CAMELLIA128:+AES128:+SSLv3:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!DSS:!RC4:!SEED:!IDEA:!ECDSA:kEDH:CAMELLIA128-SHA:AES128-SHA
ssl_dh = # hidden, use -P to show it
ssl_key = # hidden, use -P to show it
ssl_min_protocol = TLSv1.2
ssl_options = no_compression
ssl_prefer_server_ciphers = yes
userdb {
args = uid=vmail gid=vmail home=/usr/local/var/vmail/%d/%n
driver = static
}
protocol lmtp {
mail_plugins = " sieve"
}
protocol lda {
mail_plugins = sieve
}Any help is welcome.
Best regards,
Mike