dovecot - Feb 2012 - Why is dovecot involved in my smtp process

I've been trying to get smtp auth set up for days. All my sendmail and 
sasl2 stuff seems to be proper, but the user can't use the system on 
port 587, which is where I require authorization.

Now I see where messages are in my maillog of the type:

auth: pam_unix(dovecot:auth) : authentication failure ........

Why is dovecot involved in my smtp processes and how do I fix this. I've 
got some very mad users. The 10-auth.conf file is pretty much stock 
except for allowing plain text logins.

steve campbell

On 23.02.2012 16:16, Steve Campbell wrote:
> I've been trying to get smtp auth set up for days. All my sendmail and 
> sasl2 stuff seems to be proper, but the user can't use the system on 
> port 587, which is where I require authorization.
>
> Now I see where messages are in my maillog of the type:
>
> auth: pam_unix(dovecot:auth) : authentication failure ........
>
> Why is dovecot involved in my smtp processes and how do I fix this. 
> I've got some very mad users. The 10-auth.conf file is pretty much 
> stock except for allowing plain text logins.
Dovecot can be used as authentication source. It has its own 
implementation of SASL library which can be used instead of Cyrus SASL 
implementation.

In Dovecot2 the config for auth is in 10-master.conf, service "auth".

Please see:
for dovecot 1.x: http://wiki.dovecot.org/Sasl
for dovecot 2.x: http://wiki2.dovecot.org/Sasl

on the postfix side: http://www.postfix.org/SASL_README.html#server_dovecot

-- 
Adam Szpakowski

On 2012-02-23 10:16 AM, Steve Campbell <campbell at cnpapers.com>
wrote:
> Why is dovecot involved in my smtp processes
Because you told it to?
> and how do I fix this.
Depends on what your intent is - what MTA you use - how it is configured 
- etc...
> I've got some very mad users.
Don't make changes to an existing and/or go live with a new system 
without properly testing?
> The 10-auth.conf file is pretty much
> stock except for allowing plain text logins.
This file is irrelevant unless you have your MTA configured to use 
dovecot-sasl... dovecot only *assists* an MTA in authenticating, it 
isn't an MTA.

-- 

Best regards,

Charles

> 
> I've been trying to get smtp auth set up for days. All my sendmail and
sasl2 stuff seems to be proper, but the user can't use the system on port
587, which is where I require authorization.
My guess is that your sasl2 configuration is configured to use your imap server
to authenticate users. Check your sasl2 software's documentation.

On Thu, Feb 23, 2012 at 10:16:34AM -0500, Steve Campbell
wrote:
> I've been trying to get smtp auth set up for days. All my sendmail
> and sasl2 stuff seems to be proper, but the user can't use the
> system on port 587, which is where I require authorization.
> 
> Now I see where messages are in my maillog of the type:
> 
> auth: pam_unix(dovecot:auth) : authentication failure ........
>
> Why is dovecot involved in my smtp processes and how do I fix
> this.
I would question that these failures are in fact related to what 
Sendmail is doing. Does Sendmail even support Dovecot SASL? AFAIK it 
does not, therefore there is no way that Dovecot could possibly 
interfere with SMTP AUTH in Sendmail.
> I've got some very mad users.
And you are jumping to conclusions. I suggest that you take this 
matter to a Sendmail forum. When you do, provide all relevant 
configuration as well as complete logging to show the problem. No 
useful help is possible with what you posted here.
> The 10-auth.conf file is pretty much
> stock except for allowing plain text logins.
-- 
  http://rob0.nodns4.us/ -- system administration and consulting
  Offlist GMX mail is seen only if "/dev/rob0" is in the Subject:

Hi Steve,
At 07:16 23-02-2012, Steve Campbell wrote:
>I've been trying to get smtp auth set up for days. All my sendmail 
>and sasl2 stuff seems to be proper, but the user can't use the 
>system on port 587, which is where I require authorization.
>
>Now I see where messages are in my maillog of the type:
>
>auth: pam_unix(dovecot:auth) : authentication failure ........
>
>Why is dovecot involved in my smtp processes and how do I fix this. 
>I've got some very
If you are using sendmail as the MTA, Dovecot is not involved for 
authentication on mail submission.  The maillog line you provided 
does not contain enough information to tell what triggered the error.

Regards,
-sm

From: "Peter A. Giessel" <pgiessel at mac.com>:
> Not totally true.  Typical cyrus sasl2 implementation used with
> sendmail uses an imap server for smtp authentication.  I recall having
> to tweak the sasl2 configuration on my own sendmail server to talk
> correctly with dovecot.  I don't recall the exact tweaks.
Just to make it clear to the OP, I have a Dovecot/Sendmail/SASL working
just fine (which is independent of dovecot).  I suspect Peter hit the
nail on the head here.  Look at the contents of

 	$SASL_INSTALL/lib/Sendmail.conf

Mine is (only)

 	pwcheck_method:saslauthd

which I think looks up my name service backend via the login and plain
plugins.  I'm a little hazy on how this was set up, but if you are able
to successfully login without dovecot, then it appears you have some
sort of authentication stack that will try IMAP first, then fallback
to your the other method.

Joseph Tam <jtam.home at gmail.com>