• This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn more.

Solved [Solved] Postfix + Dovecot SMTP Authentication

nanotek

Active Member

Thanks: 1
Messages: 212

#1
I've resolved my TLS problem. Now I have an SMTP authentication problem. I believe I have the correct configuration in both Dovecot and Postfix, but my server still offers no SMTP authentication. I've read a couple really good threads on this forum and many more from blogs and other boards. I've paid close attention to the Dovecot and Postfix documentation, which, for SASL/SMTP authentication, is actually very very simple. Yet, something is obviously amiss with my configuration.

Please see my Dovecot configuration (I've moved the authentication configuration to the top for easier parsing):
Code:
# 2.2.9: /usr/local/etc/dovecot/dovecot.conf
# OS: FreeBSD 9.2-RELEASE i386
service auth {
  unix_listener /var/spool/postfix/private/auth {
    group = postfix
    mode = 0660
    user = postfix
  }
}
auth_mechanisms = plain login
disable_plaintext_auth = no
listen = *
mail_location = maildir:~/Maildir:LAYOUT=fs
namespace inbox {
  inbox = yes
  location =
  mailbox Drafts {
    special_use = \Drafts
  }
  mailbox Junk {
    special_use = \Junk
  }
  mailbox Sent {
    special_use = \Sent
  }
  mailbox "Sent Messages" {
    special_use = \Sent
  }
  mailbox Trash {
    special_use = \Trash
  }
  prefix =
}
passdb {
  driver = pam
}
ssl_cert = </etc/ssl/certs/dovecot.pem
ssl_key = </etc/ssl/private/dovecot.pem
userdb {
  driver = passwd
}
And my Postfix configuration (I've moved all the SASL related entries to the top for easier parsing):
Code:
smtpd_sasl_auth_enable = yes
smtpd_sasl_path = private/auth
smtpd_sasl_type = dovecot
broken_sasl_auth_clients = yes
smtpd_recipient_restrictions = permit_mynetworks permit_sasl_authenticated reject_unauth_destination
smtpd_relay_restrictions = permit_mynetworks permit_sasl_authenticated reject_unauth_destination
command_directory = /usr/local/sbin
config_directory = /usr/local/etc/postfix
daemon_directory = /usr/local/libexec/postfix
data_directory = /var/db/postfix
debug_peer_level = 2
debugger_command = PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin ddd $daemon_directory/$process_name $process_id & sleep 5
home_mailbox = Maildir/
html_directory = /usr/local/share/doc/postfix
inet_interfaces = all
inet_protocols = ipv4
mail_owner = postfix
mailq_path = /usr/local/bin/mailq
manpage_directory = /usr/local/man
mydestination = $myhostname, localhost.$mydomain, localhost, $mydomain
mydomain = bsdbox.co
myhostname = mail.bsdbox.co
newaliases_path = /usr/local/bin/newaliases
queue_directory = /var/spool/postfix
readme_directory = /usr/local/share/doc/postfix
recipient_delimiter = +
relay_domains = $mydestination
sample_directory = /usr/local/etc/postfix
sendmail_path = /usr/local/sbin/sendmail
setgid_group = maildrop
smtp_tls_loglevel = 3
smtp_tls_note_starttls_offer = yes
smtp_tls_security_level = may
smtp_use_tls = yes
smtpd_banner = $myhostname ESMTP $mail_name
smtpd_tls_CAfile = /etc/ssl/certs/cacert.pem
smtpd_tls_CApath = /etc/ssl/certs/
smtpd_tls_auth_only = yes
smtpd_tls_cert_file = /etc/ssl/certs/postfix.crt
smtpd_tls_key_file = /etc/ssl/private/postfix.key
smtpd_tls_loglevel = 3
smtpd_tls_received_header = yes
smtpd_tls_security_level = may
smtpd_tls_session_cache_database = btree:/var/lib/postfix/smtpd_cache
smtpd_tls_session_cache_timeout = 3600s
smtpd_use_tls = yes
tls_random_source = dev:/dev/urandom
unknown_local_recipient_reject_code = 550
And, the glaringly obvious absence of SMTP authentication mechanisms:
Code:
root@mail:~/debug # telnet localhost smtp
Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'.
220 mail.bsdbox.co ESMTP Postfix
ehlo bsdbox.co
250-mail.bsdbox.co
250-PIPELINING
250-SIZE 10240000
250-VRFY
250-ETRN
250-STARTTLS
250-ENHANCEDSTATUSCODES
250-8BITMIME
250 DSN
quit
221 2.0.0 Bye
Connection closed by foreign host.
root@mail:~/debug #
Just for good measure, here is the maillog data immediately post receiving mail and replying:
Code:
root@mail:~/debug # tail /var/log/maillog
Dec 11 07:11:24 mail postfix/cleanup[65906]: D9F2A2384BA: message-id=<52A8101B.7
0204@bsdbox.co>
Dec 11 07:11:24 mail postfix/qmgr[65422]: D9F2A2384BA: from=<debug@bsdbox.co>, s
ize=848, nrcpt=1 (queue active)
Dec 11 07:11:24 mail postfix/smtp[65909]: initializing the client-side TLS engin
e
Dec 11 07:11:24 mail postfix/smtpd[65902]: disconnect from CPE-110-146-148-136.k
nmu.knt.bigpond.net.au[110.146.148.136]
Dec 11 07:11:25 mail dovecot: imap-login: Login: user=<debug>, method=PLAIN, rip
=110.146.148.136, lip=10.0.0.120, mpid=65911, TLS, session=<zN/e7zzt0QBukpSI>
Dec 11 07:11:25 mail dovecot: imap-login: Login: user=<debug>, method=PLAIN, rip
=110.146.148.136, lip=10.0.0.120, mpid=65913, TLS, session=<xQni7zztaABukpSI>
Dec 11 07:11:31 mail postfix/smtp[65909]: connect to myune-edu-au.mail.eo.outloo
k.com[213.199.154.23]:25: Connection refused
Dec 11 07:11:37 mail postfix/smtp[65909]: connect to myune-edu-au.mail.eo.outloo
k.com[213.199.154.87]:25: Connection refused
Dec 11 07:11:37 mail postfix/smtp[65909]: D9F2A2384BA: to=<mjamsek@myune.edu.au>
, relay=none, delay=13, delays=0.01/0.02/13/0, dsn=4.4.1, status=deferred (conne
ct to myune-edu-au.mail.eo.outlook.com[213.199.154.87]:25: Connection refused)
Dec 11 07:11:38 mail dovecot: imap-login: Login: user=<debug>, method=PLAIN, rip
=110.146.148.136, lip=10.0.0.120, mpid=65916, TLS, session=<1SGn8DztMABukpSI>
root@mail:~/debug #
I've scrutinized and parsed my configuration files with all the relevant Postfix and Dovecot literature. I guess I am overlooking something blatantly obvious but I need a fresh set of eyes and some help. I've been at this all day and getting nowhere. Thank you.
 

Ben

Well-Known Member

Thanks: 2
Messages: 259

#2
Re: Postfix + Dovecot SMTP Authentication

Have you tried to connect from outside? In your restrictions you permit_mynetworks which skips over any authentication.
 

nanotek

Active Member

Thanks: 1
Messages: 212

#3
Re: Postfix + Dovecot SMTP Authentication

Yes, I tried connections from multiple remote clients. No bueno. However, I have -- thanks to an awesome member of the Postfix mailing list -- solved the problem! Thanks for your suggestion, @Ben. I really appreciate the effort.
 
Last edited by a moderator: