Okay, I wasn't going to try and fix up the messed up mail server I was
given; however, I decided that I might as well try.
Situation:
The system has a Postfix MTA and uses Dovecot for LDA and Cyrus-SASL
for SASL. That works fine.
I decided that I wanted to switch over to Dovecot for SASL. dovecot is
presently using MySQL for its database.
I make the (I thought) necessary changes in Postfix and restarted it.
Big problem. SASL is now broken. I turned on logging in Dovecot to see
what was happening, but apparently nothing is happening. There are no
entries regarding Postfix attempting to negotiate an SASL request with
Dovecot.
This is the "dovecot -n" outout (yes, I know it is an old version)
# 1.2.17: /usr/local/etc/dovecot.conf
# OS: FreeBSD 8.3-STABLE amd64 ufs
log_path: /var/log/dovecot.log
login_dir: /var/run/dovecot/login
login_executable: /usr/local/libexec/dovecot/imap-login
verbose_proctitle: yes
first_valid_uid: 1000
first_valid_gid: 1000
mail_privileged_group: mail
mail_location: maildir:/var/mail/vhost/seibercom.net/gerard
mail_plugins: expire
imap_client_workarounds: delay-newmail netscape-eoh tb-extra-mailbox-sep
lda:
postmaster_address: postmaster at seibercom.net
mail_plugins: sieve
sieve_global_path: /usr/local/etc/dovecot/sieve/gerard.sieve
sendmail_path: /usr/sbin/sendmail
auth default:
mechanisms: plain login digest-md5 cram-md5
username_format: %Lu
verbose: yes
debug: yes
debug_passwords: yes
passdb:
driver: sql
args: /usr/local/etc/dovecot-sql.conf
userdb:
driver: sql
args: /usr/local/etc/dovecot-sql.conf
socket:
type: listen
client:
path: /var/spool/postfix/private/auth
mode: 432
user: postfix
group: postfix
master:
path: /var/run/dovecot/auth-master
mode: 384
user: vmail
group: vmail
plugin:
expire: Trash 2 Spam/* 2
expire_dict: proxy::expire
dict:
expire: mysql:/usr/local/etc/dovecot-dict-expire.conf
This is the "dovecot-sql.conf" file:
driver = mysql
connect = host=localhost dbname=Dovecot user=root password=xxxxxxxx
password_query = SELECT concat(userid, '@', domain) AS user, password \
FROM users WHERE userid = '%n' AND domain = '%d'
user_query = SELECT uid, gid, home FROM users WHERE userid = '%n' AND
domain = '%d'
This is the pertinent part of the postconf -fn output:
broken_sasl_auth_clients = yes
smtp_sasl_auth_enable = yes
smtp_sasl_password_maps = hash:/usr/local/etc/postfix/sasl_password_maps
smtp_sasl_security_options = noanonymous
smtp_sasl_type = dovecot
smtpd_client_restrictions = reject_unauth_pipelining permit_sasl_authenticated
smtpd_relay_restrictions = permit_mynetworks permit_sasl_authenticated
smtpd_sasl_auth_enable = yes
smtpd_sasl_authenticated_header = yes
smtpd_sasl_local_domain = $mydomain
smtpd_sasl_path = private/auth
smtpd_sasl_security_options = noanonymous, noplaintext
smtpd_sasl_tls_security_options = noanonymous
I have tried using "dovecot" in place of "private/auth", but
it doesn't make any difference.
This is the only output from the postfix maillog:
Mar 18 08:13:02 scorpio postfix/smtpd[65217]: connect from localhost[127.0.0.1]
Mar 18 08:13:02 scorpio postfix/smtpd[65217]: warning: localhost[127.0.0.1]:
SASL CRAM-MD5 authentication failed: authentication failure
Mar 18 08:13:02 scorpio postfix/smtpd[65217]: lost connection after AUTH from
localhost[127.0.0.1]
Again, it doesn't appear that Postfix ever actually makes contact with
Dovecot. I am probably doing something extremely stupid, but I just
cannot figure out what it is.
--
Jerry ?
Disclaimer: off-list followups get on-list replies or get ignored.
Please do not ignore the Reply-To header.
__________________________________________________________________