thr3ads.net - dovecot - [Dovecot] Configure dovecot to provide SASL authentication [May 2013]

If this information is useful, please help other people find it:
Share via:

Peter Skensved

2013-May-19 15:51 UTC

[Dovecot] Configure dovecot to provide SASL authentication

Hi,
  I'm trying to get dovecot to provide SASL authentication for
postfix My setup appears to be working but I'm not 100% certain
I've got it right. I've come across several examples for dovecot
version 1 but I'm running 2.0.9.  The output of doveconf -n is here :

 2.0.9: /etc/dovecot/dovecot.conf
# OS: Linux 2.6.32-279.2.1.el6.x86_64 x86_64 CentOS release 6.3 (Final) 
auth_debug = yes
auth_verbose = yes
disable_plaintext_auth = no
mbox_write_locks = fcntl
passdb {
  driver = pam
}
protocols = imap
service auth {
  unix_listener /var/spool/postfix/private/auth {
    mode = 0666
  }
}
ssl_cert = </etc/pki/dovecot/certs/dovecot.pem
ssl_key = </etc/pki/dovecot/private/dovecot.pem
userdb {
  driver = passwd
}


 Specifically : are the "service auth", userdb and passdb
sections correct ? And the mode ? Or is it too permissive ?


  For completeness the postfix setup is here :

smtpd_sasl_auth_enable = yes
broken_sasl_auth_clients = yes
smtpd_sasl_type = dovecot
smtpd_sasl_path = private/auth
smtpd_sasl_security_options = noanonymous
#
smtpd_delay_reject = yes
smtpd_helo_required = yes
smtpd_helo_restrictions     permit_mynetworks,
    reject_non_fqdn_helo_hostname,
    reject_invalid_helo_hostname,
    permit
#
smtpd_sender_restrictions     permit_mynetworks,
    reject_non_fqdn_sender,
    reject_unknown_sender_domain,
    permit
#
smtpd_recipient_restrictions    reject_unauth_pipelining,
   reject_non_fqdn_recipient,
   reject_unknown_recipient_domain,
   permit_mynetworks,
   permit_sasl_authenticated,
   reject_unauth_destination,
   permit
#



      peter
----

Peter Skensved
Dept. of Physics,
Queen's University,
Kingston, Ontario,
Canada

Reindl Harald

2013-May-19 16:00 UTC

head link

[Dovecot] Configure dovecot to provide SASL authentication

Am 19.05.2013 17:51, schrieb Peter Skensved:> service auth {
>   unix_listener /var/spool/postfix/private/auth {
>     mode = 0666
>   }
chmod 666 is always a very bad idea


service auth {
  unix_listener /var/spool/postfix/private/auth {
  mode  = 0660
  user  = postfix
  group = postfix
 }
}

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 263 bytes
Desc: OpenPGP digital signature
URL:
<http://dovecot.org/pipermail/dovecot/attachments/20130519/764a5067/attachment.bin>

Reasonably Related Threads

Search for more possibly parallel threads

dovecot - May 2013 - Configure dovecot to provide SASL authentication

[Dovecot] Configure dovecot to provide SASL authentication

[Dovecot] Configure dovecot to provide SASL authentication

Reasonably Related Threads