Jeremy Gillick
2008-May-04 21:00 UTC
[Dovecot] Dovecot SASL doesn't seem to be working with Postfix
I've tried to setup Postfix to use SASL, but it still doesn't seem to be
working with Dovecot. I've set things up based on these instructions:
http://wiki.dovecot.org/HowTo/SimpleVirtualInstall
http://wiki.dovecot.org/HowTo/PostfixAndDovecotSASL
http://wiki.dovecot.org/LDA
I've compiled Postfix with Dovecot SASL and SSL/TLS support. The problems
I'm seeing in Postfix are:
* Virtual users are not being recognized (it'll only delivers mail for
local users)
* For mail it does deliver, it uses the local user permissions ( I want it
to use the vmail user)
* I had to modify 'mail_spool_directory' to get it to use the
/home/vmail/
directory
* For mail delivered to local users, it still doesn't come up in my email
client when I check for new mail.
I just keep feeling like the SASL integration is not working. Can anybody
shed some light?
---
DOVECOT config
# 1.0.13: /usr/local/etc/dovecot.conf
log_path: /var/log/dovecot.log
info_log_path: /var/log/dovecot-info.log
protocols: imap pop3 imaps pop3s
disable_plaintext_auth: no
verbose_ssl: yes
login_dir: /usr/local/var/run/dovecot/login
login_executable(default): /usr/local/libexec/dovecot/imap-login
login_executable(imap): /usr/local/libexec/dovecot/imap-login
login_executable(pop3): /usr/local/libexec/dovecot/pop3-login
mail_location: maildir:~/Maildir
dotlock_use_excl: yes
maildir_copy_with_hardlinks: yes
mail_executable(default): /usr/local/libexec/dovecot/imap
mail_executable(imap): /usr/local/libexec/dovecot/imap
mail_executable(pop3): /usr/local/libexec/dovecot/pop3
mail_plugin_dir(default): /usr/local/lib/dovecot/imap
mail_plugin_dir(imap): /usr/local/lib/dovecot/imap
mail_plugin_dir(pop3): /usr/local/lib/dovecot/pop3
pop3_uidl_format: %08Xu%08Xv
auth default:
mechanisms: plain login
verbose: yes
debug: yes
debug_passwords: yes
passdb:
driver: passwd-file
args: /etc/dovecot/passwd
userdb:
driver: static
args: uid=postfix gid=postfix home=/home/vmail/%u
socket:
type: listen
client:
path: /var/spool/postfix/private/auth
mode: 432
user: postfix
group: postfix
master:
path: /usr/local/var/run/dovecot/auth-master
mode: 384
user: vmail
----
POSTFIX main.cf
alias_maps = $alias_database
broken_sasl_auth_clients = yes
command_directory = /usr/sbin
config_directory = /etc/postfix
daemon_directory = /usr/libexec/postfix
data_directory = /var/lib/postfix
debug_peer_level = 2
default_privs = nobody
html_directory = no
inet_interfaces = $myhostname, localhost
mail_owner = postfix
mail_spool_directory = /home/vmail/
mailq_path = /usr/bin/mailq
manpage_directory = /usr/local/man
mydestination = $myhostname, localhost.$mydomain, localhost, $mydomain
mydomain = $myhostname
myhostname = mixermixer3.com
newaliases_path = /usr/bin/newaliases
queue_directory = /var/spool/postfix/
readme_directory = no
sample_directory = /etc/postfix
sendmail_path = /usr/sbin/sendmail
setgid_group = postdrop
smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated,
reject_unauth_destination
smtpd_sasl_auth_enable = yes
smtpd_sasl_exceptions_networks = $mynetworks
smtpd_sasl_local_domain = $myhostname
smtpd_sasl_path = private/auth
smtpd_sasl_security_options = noanonymous
smtpd_sasl_type = dovecot
smtpd_tls_CAfile = /etc/postfix/ssl/smtpd.pem
smtpd_tls_cert_file = /etc/postfix/ssl/smtpd.pem
smtpd_tls_key_file = /etc/postfix/ssl/smtpd.pem
smtpd_tls_loglevel = 1
smtpd_tls_session_cache_timeout = 3600s
unknown_local_recipient_reject_code = 550
virtual_mailbox_domains = $myhostname
virtual_transport = dovecot
----
POSTFIX master.cf (just the important lines)
smtp inet n - n - - smtpd
smtps inet n - n - - smtpd
-o smtpd_tls_wrappermode=yes
-o smtpd_sasl_auth_enable=yes
-o smtpd_client_restrictions=permit_sasl_authenticated,reject
dovecot unix - n n - - pipe
flags=DRhu user=vmail:vmail argv=/usr/local/libexec/dovecot/deliver -f
${sender} -d ${recipient}
THANKS,
Jeremy
Jeremy Gillick
2008-May-04 21:36 UTC
[Dovecot] Dovecot SASL doesn't seem to be working with Postfix
If I setup the virtual users in Dovecot and enable SASL in Postfix, does that mean that Postfix should use Dovecot for authentication and for the virtual user table? Is there anything I need to do outside the following to instruction URLs to make this work? http://wiki.dovecot.org/HowTo/SimpleVirtualInstall http://wiki.dovecot.org/HowTo/PostfixAndDovecotSASL I'm reading the ADDRESS_CLASS_README, but it seems like I'll have to mirror the settings from Dovecot to Postfix. That doesn't seem right: http://www.postfix.org/ADDRESS_CLASS_README.html Thanks, Jeremy
Jeremy Gillick
2008-May-04 23:19 UTC
[Dovecot] Dovecot SASL doesn't seem to be working with Postfix
w00t. Thanks everyone for all your input. It works now. The key was to set
mydestination to "localhost, localhost.localdomain". From there
Postfix
started using Dovecot LDA (deliver) and I was able to track the rest of the
problems down through the log files.
Here's my latest config for anybody interested:
## DOVECOT ##
# 1.0.13: /usr/local/etc/dovecot.conf
log_path: /var/log/dovecot.log
info_log_path: /var/log/dovecot-info.log
protocols: imap pop3 imaps pop3s
disable_plaintext_auth: no
verbose_ssl: yes
login_dir: /usr/local/var/run/dovecot/login
login_executable(default): /usr/local/libexec/dovecot/imap-login
login_executable(imap): /usr/local/libexec/dovecot/imap-login
login_executable(pop3): /usr/local/libexec/dovecot/pop3-login
mail_location: maildir:~/Maildir
dotlock_use_excl: yes
maildir_copy_with_hardlinks: yes
mail_executable(default): /usr/local/libexec/dovecot/imap
mail_executable(imap): /usr/local/libexec/dovecot/imap
mail_executable(pop3): /usr/local/libexec/dovecot/pop3
mail_plugin_dir(default): /usr/local/lib/dovecot/imap
mail_plugin_dir(imap): /usr/local/lib/dovecot/imap
mail_plugin_dir(pop3): /usr/local/lib/dovecot/pop3
pop3_uidl_format: %08Xu%08Xv
auth default:
mechanisms: plain login
verbose: yes
debug: yes
debug_passwords: yes
passdb:
driver: passwd-file
args: /etc/dovecot/passwd
userdb:
driver: static
args: uid=postfix gid=postfix home=/home/vmail/%u
socket:
type: listen
client:
path: /var/spool/postfix/private/auth
mode: 432
user: postfix
group: postfix
master:
path: /usr/local/var/run/dovecot/auth-master
mode: 384
user: vmail
group: vmail
## POSTFIX main.cf ##
broken_sasl_auth_clients = yes
command_directory = /usr/sbin
config_directory = /etc/postfix
daemon_directory = /usr/libexec/postfix
data_directory = /var/lib/postfix
debug_peer_level = 2
default_privs = nobody
html_directory = no
inet_interfaces = $myhostname, localhost
mail_owner = postfix
mail_spool_directory = /home/vmail/
mailq_path = /usr/bin/mailq
manpage_directory = /usr/local/man
mydestination = localhost, localhost.localdomain
mydomain = $myhostname
myhostname = mixermixer3.com
newaliases_path = /usr/bin/newaliases
queue_directory = /var/spool/postfix/
readme_directory = no
sample_directory = /etc/postfix
sendmail_path = /usr/sbin/sendmail
setgid_group = postdrop
smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated,
reject_unauth_destination
smtpd_sasl_auth_enable = yes
smtpd_sasl_exceptions_networks = $mynetworks
smtpd_sasl_local_domain = $myhostname
smtpd_sasl_path = private/auth
smtpd_sasl_security_options = noanonymous
smtpd_sasl_type = dovecot
smtpd_tls_CAfile = /etc/postfix/ssl/smtpd.pem
smtpd_tls_cert_file = /etc/postfix/ssl/smtpd.pem
smtpd_tls_key_file = /etc/postfix/ssl/smtpd.pem
smtpd_tls_loglevel = 1
smtpd_tls_session_cache_timeout = 3600s
unknown_local_recipient_reject_code = 550
virtual_mailbox_domains = $myhostname
virtual_transport = dovecot
## POSTFIX (a few lines from master.cf) ##
smtp inet n - n - - smtpd
smtps inet n - n - - smtpd
-o smtpd_tls_wrappermode=yes
-o smtpd_sasl_auth_enable=yes
-o smtpd_client_restrictions=permit_sasl_authenticated,reject
# Dovecot LDA
dovecot unix - n n - - pipe
flags=DRhu user=nobody:mail argv=/usr/local/libexec/dovecot/deliver -f
${sender} -d ${recipient}
Thanks Everyone!
- Jeremy