Serhiy Kolesnyk
2011-Jul-29 22:58 UTC
[Dovecot] Dovecot 2.0.x + Sendmail 8.14.4 SMTP AUTH not working
Hello! After moving from Centos 5.6 to Centos 6, I figured that Sendmail minor version was updated from 8.13.x to 8.14 and Dovecto from 1.2 to 2.0.x In previous configuration SMTP auth worked fine (no SASAUTHD neccessary) for virtual users table. Dovecot was authenticating virtual users virtual checking dovecot.passwd file. I'm not sure how Sendmail was processing SMTP AUTH for virtual users connecting via email clients since there was no obvious connection to Dovecot authentication. But SMTP AUTH was working and virtual users could send email via SSL. Now after this recent upgrade I looked into Dovecot conf changes and updated it according. POP/IMAP are working and Sendmail does deliver incoming mail to the mbox folders. What stopped working is SMTP AUTH. Here's maillog excerpt of authentication process: Jul 29 23:46:11 one2action sendmail[2865]: AUTH: available mech=CRAM-MD5 DIGEST-MD5 LOGIN GSSAPI PLAIN, allowed mech=LOGIN PLAIN Jul 29 23:46:11 one2action sendmail[2865]: STARTTLS=server, get_verify: 0 get_peer: 0x0 Jul 29 23:46:11 one2action sendmail[2865]: STARTTLS=server, relay=136-31-132-95.pool.ukrtel.net [95.132.31.136], version=TLSv1/SSLv3, verify=NO, cipher=RC4-MD5, bits=128/128 Jul 29 23:46:11 one2action sendmail[2865]: STARTTLS=server, cert-subject=, cert-issuer=, verifymsg=ok Jul 29 23:46:11 one2action sendmail[2865]: AUTH: available mech=CRAM-MD5 DIGEST-MD5 LOGIN GSSAPI PLAIN, allowed mech=LOGIN PLAIN Jul 29 23:46:11 one2action sendmail[2865]: p6TMkB95002865: --- 220 one2action.com ESMTP Sendmail 8.14.4/8.14.4; Fri, 29 Jul 2011 23:46:11 +0100 Jul 29 23:46:11 one2action sendmail[2865]: STARTTLS=read, info: fds=8/4, err=2 Jul 29 23:46:12 one2action sendmail[2865]: p6TMkB95002865: <-- EHLO astronaut Jul 29 23:46:12 one2action sendmail[2865]: p6TMkB95002865: --- 250-one2action.com Hello 136-31-132-95.pool.ukrtel.net [95.132.31.136], pleased to meet you Jul 29 23:46:12 one2action sendmail[2865]: p6TMkB95002865: --- 250-ENHANCEDSTATUSCODES Jul 29 23:46:12 one2action sendmail[2865]: p6TMkB95002865: --- 250-PIPELINING Jul 29 23:46:12 one2action sendmail[2865]: p6TMkB95002865: --- 250-8BITMIME Jul 29 23:46:12 one2action sendmail[2865]: p6TMkB95002865: --- 250-SIZE Jul 29 23:46:12 one2action sendmail[2865]: p6TMkB95002865: --- 250-DSN Jul 29 23:46:12 one2action sendmail[2865]: p6TMkB95002865: --- 250-ETRN Jul 29 23:46:12 one2action sendmail[2865]: p6TMkB95002865: --- 250-AUTH LOGIN PLAIN Jul 29 23:46:12 one2action sendmail[2865]: p6TMkB95002865: --- 250-DELIVERBY Jul 29 23:46:12 one2action sendmail[2865]: p6TMkB95002865: --- 250 HELP Jul 29 23:46:12 one2action sendmail[2865]: STARTTLS=read, info: fds=8/4, err=2 Jul 29 23:46:12 one2action sendmail[2865]: p6TMkB95002865: <-- AUTH LOGIN Jul 29 23:46:12 one2action sendmail[2865]: p6TMkB95002865: --- 334 VXNlcm5hbWU6 Jul 29 23:46:12 one2action sendmail[2865]: STARTTLS=read, info: fds=8/4, err=2 Jul 29 23:46:12 one2action sendmail[2865]: p6TMkB95002865: --- 334 UGFzc3dvcmQ6 Jul 29 23:46:12 one2action sendmail[2865]: STARTTLS=read, info: fds=8/4, err=2 Jul 29 23:46:12 one2action sendmail[2865]: p6TMkB95002865: --- 535 5.7.0 authentication failed Jul 29 23:46:12 one2action sendmail[2865]: p6TMkB95002865: AUTH failure (LOGIN): generic failure (-1) SASL(-1): generic failure: checkpass failed, relay=136-31-132-95.pool.ukrtel.net [95.132.31.136] Jul 29 23:46:12 one2action sendmail[2865]: STARTTLS=read, info: fds=8/4, err=2 Jul 29 23:46:12 one2action sendmail[2865]: p6TMkB95002865: --- 421 4.4.1 one2action.com Lost input channel from 136-31-132-95.pool.ukrtel.net [95.132.31.136] Jul 29 23:46:12 one2action sendmail[2865]: p6TMkB95002865: lost input channel from 136-31-132-95.pool.ukrtel.net [95.132.31.136] to TLSMTA after auth Jul 29 23:46:12 one2action sendmail[2865]: p6TMkB95002865: 136-31-132-95.pool.ukrtel.net [95.132.31.136] did not issue MAIL/EXPN/VRFY/ETRN during connection to TLSMTA Here's dovecot -n # dovecot -n # 2.0.beta6 (3156315704ef): /etc/dovecot/dovecot.conf # OS: Linux 2.6.39.1-linode34 i686 CentOS Linux release 6.0 (Final) auth_cache_negative_ttl = 3600 s auth_debug_passwords = yes auth_mechanisms = plain login DIGEST-MD5 cram-md5 auth_worker_max_count = 3 default_client_limit = 10 default_process_limit = 5 disable_plaintext_auth = no listen = * log_path = /var/log/dovecot.log mail_location = mbox:~/mail:INBOX=/var/mail/%u mail_privileged_group = mail mbox_write_locks = fcntl passdb { args = scheme=MD5-CRYPT username_format=%u /etc/dovecot/dovecot.passwd driver = passwd-file } passdb { args = dovecot driver = pam } passdb { args = /etc/passwd driver = passwd-file } protocols = imap pop3 service auth { unix_listener /var/spool/postfix/private/auth { group = postfix mode = 0660 user = postfix } unix_listener auth-userdb { group = smmsp mode = 0666 user = smmsp } unix_listener dovecot-auth { group = smmsp mode = 0666 user = smmsp } } service imap-login { inet_listener imaps { port = 993 ssl = yes } } service pop3-login { inet_listener pop3s { port = 995 ssl = yes } } ssl_cert = </etc/pki/tls/certs/sendmail.pem ssl_cipher_list = TLSv1+HIGH:!SSLv2:RC4+MEDIUM:!aNULL:!eNULL:!3DES:@STRENGTH ssl_key = </etc/pki/tls/certs/sendmail.pem userdb { args = username_format=%u /etc/dovecot/dovecot.passwd driver = passwd-file } protocol lda { auth_socket_path = /var/run/dovecot/auth-master postmaster_address = postmaster at example.com } protocol imap { imap_client_workarounds = delay-newmail } protocol pop3 { pop3_client_workarounds = outlook-no-nuls oe-ns-eoh pop3_uidl_format = %08Xu%08Xv } As I understand Sendmail now can't find Dovecot authentication via userdb and that's why a client isn't authenticated. Please help.
Alexander Dalloz
2011-Jul-30 22:21 UTC
[Dovecot] Dovecot 2.0.x + Sendmail 8.14.4 SMTP AUTH not working
Am 30.07.2011 00:58, schrieb Serhiy Kolesnyk:> As I understand Sendmail now can't find Dovecot authentication via > userdb and that's why a client isn't authenticated. Please help.Sendmail has never worked against dovecot's sasl implementation. To use SMTP AUTH with Sendmail you will have to use Cyrus-SASL. Check your previous setup in detail. Alexander