kelly
2020-Apr-28 20:55 UTC
trying to authenticate postfix against Dovecot 2.3.4.1 passwd-file, using lmtp
Sorry for all the notes;
I'm trying to have postfix 3.4.8, trying to authenticate postfix against
Dovecot 2.3.4.1 passwd-file, using lmtp.
Not sure if I'm failing because of a smtp failure or I'm not getting
authenticated by dovecot.
main.cf
virtual_transport=lmtp:unix:private/dovecot-lmtp
_*postfix log*_
connect from unknown[192.168.212.227]
Apr 28 13:42:14 mail3 postfix/smtpd[21859]: lost connection after EHLO
from unknown[192.168.212.227]
Apr 28 13:42:14 mail3 postfix/smtpd[21859]: disconnect from
unknown[192.168.212.227] ehlo=2 starttls=1 commands=3
I keep getting smtp timed out, it takes a while, but does time out.
_*Using openssl s_client -connect 192.168.0.242:25 -starttls smtp*_
subject=/C=US/ST=CA/L=Fullerton/O=xxxx Law
Group/CN=mail.xxxxlawgroup.com/emailAddress=postmaster at xxxxlawgroup.com
issuer=/C=US/ST=CA/L=Fullerton/O=xxxx Law
Group/CN=mail.xxxxlawgroup.com/emailAddress=postmaster at xxxxlawgroup.com
---
No client certificate CA names sent
Peer signing digest: SHA512
Server Temp Key: ECDH, P-256, 256 bits
---
SSL handshake has read 2717 bytes and written 468 bytes
---
New, TLSv1/SSLv3, Cipher is ECDHE-RSA-AES256-GCM-SHA384
Server public key is 4096 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
SSL-Session:
Protocol : TLSv1.2
Cipher : ECDHE-RSA-AES256-GCM-SHA384
Session-ID: 2F32869DCC5511285AA7D99ABAAD34C1E42EB04A7AA704C5EBC801C2625ECB7A
Session-ID-ctx:
Master-Key:
F8D92A918AC14D31B252D981228A0AA3C0BCA379B9D12DD6E795092C8390382DA09D640B2F24AD8F279C13E71DF86434
Key-Arg : None
PSK identity: None
PSK identity hint: None
SRP username: None
TLS session ticket lifetime hint: 7200 (seconds)
TLS session ticket:
0000 - 89 e1 b7 19 14 7b d6 85-88 cc 8d f0 e0 45 6f 23 .....{.......Eo#
0010 - 34 b7 30 ec 99 39 d9 98-3f 5d 70 b3 f3 fe 0a 13 4.0..9..?]p.....
0020 - 77 3c 2c 20 22 b4 62 71-ec 02 b4 ee 4e 35 78 ef w<, ".bq....N5x.
0030 - f2 2c 7d 01 e3 51 7c 2e-c4 78 65 37 d6 ef 60 32 .,}..Q|..xe7..`2
0040 - f6 62 bc e5 ba fc 82 1b-37 0a de c9 b1 82 99 f5 .b......7.......
0050 - de 6c d5 c1 56 25 5a 2a-27 8d a3 6a 8a bd 37 d8 .l..V%Z*'..j..7.
0060 - 11 65 0d fd 89 c3 e2 86-43 89 9e b9 c2 b7 a4 44 .e......C......D
0070 - dc f3 8b 94 8e 41 37 d3-32 ca 2c 4e 65 6b 1c f9 .....A7.2.,Nek..
0080 - 04 d0 45 32 8a 2d 67 8d-36 05 23 4a 58 c2 d8 b7 ..E2.-g.6.#JX...
0090 - 65 ba e0 8d 8b 85 9c c2-45 31 78 33 86 d1 bf 1f e.......E1x3....
Start Time: 1588106358
Timeout : 300 (sec)
Verify return code: 18 (self signed certificate)
---
250 CHUNKING
helo
401 Syntax: HELO hostname
helo mail3.xxxxlawgroup.com
250 mail3.xxxxlawgroup.com
_*Dovecot Log during client login attempt*_
Apr 28 13:33:17 auth: Debug: Loading modules from directory:
/usr/lib/dovecot/modules/auth
Apr 28 13:33:17 auth: Debug: Module loaded:
/usr/lib/dovecot/modules/auth/lib20_auth_var_expand_crypt.so
Apr 28 13:33:17 auth: Debug: Module loaded:
/usr/lib/dovecot/modules/auth/libdriver_mysql.so
Apr 28 13:33:17 auth: Debug: Module loaded:
/usr/lib/dovecot/modules/auth/libdriver_pgsql.so
Apr 28 13:33:17 auth: Debug: Read auth token secret from
/var/run/dovecot/auth-token-secret.dat
Apr 28 13:33:17 auth: Debug: passwd-file /etc/dovecot/users: Read 3
users in 0 secs
Apr 28 13:33:17 auth: Debug: auth client connected (pid=21786)
Apr 28 13:33:19 auth: Debug: client in: AUTH 1 PLAIN service=imap
secured=tls session=w8T7vV+keNHAqNTj lip=192.168.0.242
rip=192.168.212.227 lport=993 rport=53624
ssl_cipher=ECDHE-RSA-AES256-GCM-SHA384 ssl_cipher_bits=256
ssl_pfs=KxECDHE ssl_protocol=TLSv1.2 resp=<hidden>
Apr 28 13:33:19 auth-worker(21788): Debug: Loading modules from
directory: /usr/lib/dovecot/modules/auth
Apr 28 13:33:19 auth-worker(21788): Debug: Module loaded:
/usr/lib/dovecot/modules/auth/lib20_auth_var_expand_crypt.so
Apr 28 13:33:19 auth-worker(21788): Debug: Module loaded:
/usr/lib/dovecot/modules/auth/libdriver_mysql.so
Apr 28 13:33:19 auth-worker(21788): Debug: Module loaded:
/usr/lib/dovecot/modules/auth/libdriver_pgsql.so
Apr 28 13:33:19 auth-worker(21788): Debug: passwd-file
/etc/dovecot/users: Read 3 users in 0 secs
Apr 28 13:33:19 auth-worker(21788): Debug:
pam(user1 at xxxxlawgroup.com,192.168.212.227,<w8T7vV+keNHAqNTj>): lookup
service=dovecot
Apr 28 13:33:19 auth-worker(21788): Debug:
pam(user1 at xxxxlawgroup.com,192.168.212.227,<w8T7vV+keNHAqNTj>): #1/1
style=1 msg=Password:
Apr 28 13:33:21 auth-worker(21788): Info:
pam(user1 at xxxxlawgroup.com,192.168.212.227,<w8T7vV+keNHAqNTj>):
pam_authenticate() failed: Authentication failure (Password mismatch?)
Apr 28 13:33:21 auth: Debug:
passwd-file(user1 at xxxxlawgroup.com,192.168.212.227,<w8T7vV+keNHAqNTj>):
lookup: user=user1 at xxxxlawgroup.com file=/etc/dovecot/users
Apr 28 13:33:21 auth: Debug: client passdb out: OK 1
user=user1 at xxxxlawgroup.com
Apr 28 13:33:21 auth: Debug: master in: REQUEST 570163201 21786 1
83383e6a14e2c97c394478e56e4e7fd9 session_pid=21789 request_auth_token
Apr 28 13:33:21 auth-worker(21788): Debug:
passwd(user1 at xxxxlawgroup.com,192.168.212.227,<w8T7vV+keNHAqNTj>):
lookup
Apr 28 13:33:21 auth-worker(21788): Info:
passwd(user1 at xxxxlawgroup.com,192.168.212.227,<w8T7vV+keNHAqNTj>):
unknown user
Apr 28 13:33:21 auth: Debug:
passwd-file(user1 at xxxxlawgroup.com,192.168.212.227,<w8T7vV+keNHAqNTj>):
lookup: user=user1 at xxxxlawgroup.com file=/etc/dovecot/users
Apr 28 13:33:21 auth: Debug: master userdb out: USER 570163201
user1 at xxxxlawgroup.com auth_token=918dceaf840599ad8132ae793a11ab5b9d17bb8c
Apr 28 13:33:21 imap-login: Info: Login: user=<user1 at xxxxlawgroup.com>,
method=PLAIN, rip=192.168.212.227, lip=192.168.0.242, mpid=21789, TLS,
session=<w8T7vV+keNHAqNTj>
Apr 28 13:33:21 imap(user1 at
xxxxlawgroup.com)<21789><w8T7vV+keNHAqNTj>:
Debug: Added userdb setting: plugin/=yes
Apr 28 13:33:21 imap(user1 at
xxxxlawgroup.com)<21789><w8T7vV+keNHAqNTj>:
Debug: Effective uid=1001, gid=1001, home=/srv/vmail/user1 at xxxxlawgroup.com
Apr 28 13:33:21 imap(user1 at
xxxxlawgroup.com)<21789><w8T7vV+keNHAqNTj>:
Debug: Home dir not found: /srv/vmail/user1 at xxxxlawgroup.com
Apr 28 13:33:21 imap(user1 at
xxxxlawgroup.com)<21789><w8T7vV+keNHAqNTj>:
Debug: Namespace inbox: type=private, prefix=, sep=/, inbox=yes,
hidden=no, list=yes, subscriptions=yes location=mbox:~/mail
Apr 28 13:33:21 imap(user1 at
xxxxlawgroup.com)<21789><w8T7vV+keNHAqNTj>:
Debug: mbox: INBOX defaulted to /srv/vmail/user1 at xxxxlawgroup.com/mail/inbox
Apr 28 13:33:21 imap(user1 at
xxxxlawgroup.com)<21789><w8T7vV+keNHAqNTj>:
Debug: fs: root=/srv/vmail/user1 at xxxxlawgroup.com/mail, index=,
indexpvt=, control=, inbox=/srv/vmail/user1 at xxxxlawgroup.com/mail/inbox,
alt
Apr 28 13:33:21 imap(user1 at
xxxxlawgroup.com)<21789><w8T7vV+keNHAqNTj>:
Info: Connection closed (IDLE running for 0.001 + waiting input for
0.001 secs, 2 B in + 10+10 B out, state=wait-input) in=11 out=387
deleted=0 expunged=0 trashed=0 hdr_count=0 hdr_bytes=0 body_count=0
body_bytes=0
_*The imap client logon looks to be fine;*_
Apr 27 16:57:02 auth-worker(17516): Debug:
pam(user1 at xxxxlawgroup.com,192.168.212.227,<5oeueE6k4uvAqNTj>): lookup
service=dovecot
Apr 27 16:57:02 auth-worker(17516): Debug:
pam(user1 at xxxxlawgroup.com,192.168.212.227,<5oeueE6k4uvAqNTj>): #1/1
style=1 msg=Password:
Apr 27 16:57:04 auth-worker(17516): Info:
pam(user1 at xxxxlawgroup.com,192.168.212.227,<5oeueE6k4uvAqNTj>):
pam_authenticate() failed: Authentication failure (Password mismatch?)
Apr 27 16:57:04 auth: Debug:
passwd-file(user1 at xxxxlawgroup.com,192.168.212.227,<5oeueE6k4uvAqNTj>):
lookup: user=user1 at xxxxlawgroup.com file=/etc/dovecot/users
Apr 27 16:57:04 auth: Debug: client passdb out: OK 1
user=user1 at xxxxlawgroup.com
Apr 27 16:57:04 auth: Debug: master in: REQUEST 3141009409 17512 1
ee216d7c96d9d2faeb794c94747d479a session_pid=17517 request_auth_token
Apr 27 16:57:04 auth-worker(17516): Debug:
passwd(user1 at xxxxlawgroup.com,192.168.212.227,<5oeueE6k4uvAqNTj>):
lookup
Apr 27 16:57:04 auth-worker(17516): Info:
passwd(user1 at xxxxlawgroup.com,192.168.212.227,<5oeueE6k4uvAqNTj>):
unknown user
Apr 27 16:57:04 auth: Debug:
passwd-file(user1 at xxxxlawgroup.com,192.168.212.227,<5oeueE6k4uvAqNTj>):
lookup: user=user1 at xxxxlawgroup.com file=/etc/dovecot/users
Apr 27 16:57:04 auth: Debug: master userdb out: USER 3141009409
user1 at xxxxlawgroup.com auth_token=3866c7fac33f25e817f9d95c494a13343942f60d
Apr 27 16:57:04 imap-login: Info: Login: user=<user1 at xxxxlawgroup.com>,
method=PLAIN, rip=192.168.212.227, lip=192.168.0.242, mpid=17517, TLS,
session=<5oeueE6k4uvAqNTj>
Apr 27 16:57:04 imap(user1 at
xxxxlawgroup.com)<17517><5oeueE6k4uvAqNTj>:
Debug: Added userdb setting: plugin/=yes
Apr 27 16:57:04 imap(user1 at
xxxxlawgroup.com)<17517><5oeueE6k4uvAqNTj>:
Debug: Effective uid=1001, gid=1001, home=/srv/vmail/user1 at xxxxlawgroup.com
Apr 27 16:57:04 imap(user1 at
xxxxlawgroup.com)<17517><5oeueE6k4uvAqNTj>:
Debug: Home dir not found: /srv/vmail/user1 at xxxxlawgroup.com
Apr 27 16:57:04 imap(user1 at
xxxxlawgroup.com)<17517><5oeueE6k4uvAqNTj>:
Debug: Namespace inbox: type=private, prefix=, sep=/, inbox=yes,
hidden=no, list=yes, subscriptions=yes location=mbox:~/mail
Apr 27 16:57:04 imap(user1 at
xxxxlawgroup.com)<17517><5oeueE6k4uvAqNTj>:
Debug: mbox: INBOX defaulted to /srv/vmail/user1 at xxxxlawgroup.com/mail/inbox
Apr 27 16:57:04 imap(user1 at
xxxxlawgroup.com)<17517><5oeueE6k4uvAqNTj>:
Debug: fs: root=/srv/vmail/user1 at xxxxlawgroup.com/mail, index=,
indexpvt=, control=, inbox=/srv/vmail/user1 at xxxxlawgroup.com/mail/inbox,
alt
_*User test on dovecot*_
_*root at mail3:/etc/dovecot# doveadm user user1 at xxxxlawgroup.com*_
field value
uid vmail
gid vmail
home /srv/vmail/user1 at xxxxlawgroup.com
mail mbox:~/mail
_*root at mail3:/etc/dovecot# doveadm user user2 at xxxxlawgroup.com*_
field value
uid vmail
gid vmail
home /srv/vmail/user2 at xxxxlawgroup.com
mail mbox:~/mail
_*log of test*_
r 28 12:37:53 auth-worker(21333): Debug: passwd(user1 at xxxxlawgroup.com):
lookup
Apr 28 12:37:53 auth-worker(21333): Info:
passwd(user1 at xxxxlawgroup.com): unknown user
Apr 28 12:37:53 auth: Debug: passwd-file(user1 at xxxxlawgroup.com):
lookup: user=user1 at xxxxlawgroup.com file=/etc/dovecot/users
Apr 28 12:37:53 auth: Debug: userdb out: USER 1 user1 at xxxxlawgroup.com
Apr 28 12:38:04 auth: Debug: master in: USER 1 user2 at xxxxlawgroup.com
service=doveadm debug
Apr 28 12:38:04 auth-worker(21333): Debug:
passwd(user2 at xxxxlawgroup.com): lookup
Apr 28 12:38:04 auth-worker(21333): Info:
passwd(user2 at xxxxlawgroup.com): unknown user
Apr 28 12:38:04 auth: Debug: passwd-file(user2 at xxxxlawgroup.com):
lookup: user=user2 at xxxxlawgroup.com file=/etc/dovecot/users
Apr 28 12:38:04 auth: Debug: userdb out: USER 1 user2 at xxxxlawgroup.com
_*Debian 10.2 Buster*_
_*Dovecot 2.3.4.1 (installed using apt)*_
# 2.3.4.1 (f79e8e7e4): /etc/dovecot/dovecot.conf
# Pigeonhole version 0.5.4 ()
# OS: Linux 4.19.0-6-amd64 x86_64 Debian 10.3
# Hostname: mail3.xxxxlawgroup.com
auth_debug = yes
auth_mechanisms = plain login
auth_verbose = yes
debug_log_path = /var/log/dovecot.log
disable_plaintext_auth = no
info_log_path = /var/log/dovecot.log
log_path = /var/log/dovecot.log
login_greeting = xxxx xxxxx Dovecot ready.
mail_debug = yes
mail_gid = vmail
mail_home = /srv/vmail/%u
mail_location = mbox:~/mail
mail_privileged_group = vmail
mail_uid = vmail
namespace inbox {
inbox = yes
location
mailbox Drafts {
special_use = \Drafts
}
mailbox Junk {
special_use = \Junk
}
mailbox Sent {
special_use = \Sent
}
mailbox "Sent Messages" {
special_use = \Sent
}
mailbox Trash {
special_use = \Trash
}
prefix
separator = /
}
passdb {
driver = pam
}
passdb {
args = username_format=%u /etc/dovecot/users
driver = passwd-file
}
plugin {
sieve = file:~/sieve;active=~/.dovecot.sieve
}
protocols = " imap lmtp pop3"
service auth {
unix_listener /var/spool/postfix/private/auth {
group = postfix
mode = 0666
user = postfix
}
}
service lmtp {
unix_listener lmtp {
group = postfix
mode = 0666
user = postfix
}
}
ssl_cert = </etc/ssl/certs/mail.xxxxlawgroup.com.pem
ssl_dh = # hidden, use -P to show it
ssl_key = # hidden, use -P to show it
userdb {
driver = passwd
}
userdb {
args = username_format=%u /etc/dovecot/users
driver = passwd-file
}
verbose_proctitle = yes
protocol lmtp {
postmaster_address = postmaster at xxxxlawgroup.com
}
_*On the postfix side:*_
*main.cf*
*ver 3.4.8*
smtpd_banner = $myhostname ESMTP $mail_name (Debian/GNU)
biff = no
append_dot_mydomain = no
readme_directory = no
compatibility_level = 2
smtpd_tls_cert_file=/etc/ssl/certs/mail.xxxxlawgroup.com.pem
smtpd_tls_key_file=/etc/ssl/private/mail.xxxxlawgroup.com.key
smtpd_use_tls=yes
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
smtpd_relay_restrictions
permit_mynetworks
permit_sasl_authenticated
defer_unauth_destination
myhostname = mail3.xxxxlawgroup.com
myorigin = /etc/mailname
mailbox_size_limit = 0
recipient_delimiter = +
inet_protocols = all
inet_interfaces = 127.0.0.1, 192.168.0.242
mynetworks
127.0.0.0/8
[::ffff:127.0.0.0]/104
[::1]/128
23.120.233.17
192.168.0.0/24
192.168.39.0/24
192.168.14.0/24
192.168.212.0/24
mydestination
localhost
smtpd_recipient_restrictions
permit_sasl_autheticated
permit_mynetworks
reject_unauth_destination
relayhost = [192.168.0.253]:587
soft_bounce=yes
*virtual_transport=lmtp:unix:private/dovecot-lmtp*
*virtual_mailbox_domains = xxxxlawgroup.com*
*virtual_mailbox_maps=hash:/etc/postfix/vmail_maps*
*virtual_alias_maps=hash:/etc/postfix/virtual*
*relay_domains=hash:/etc/postfix/relay_domains*
*smtp_sasl_auth_enable=yes*
*smtpd_sasl_type=dovecot*
*smtpd_sasl_path=private/auth*
*queue_directory=/var/spool/postfix*
*broken_sasl_auth_clients=yes*
*smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd*
debug_peer_level=4
debug_peer_list=192.168.0.242
_*/etc/postfix/sasl_passwd*_
xxxxlawgroup.com username:password
_*/etc/postfix/vmail_maps*_
user1 at xxxxlawgroup.com user1 at xxxxlawgroup.com
user2 at xxxxlawgroup.com user2 at xxxxlawgroup.com
user3 at xxxxlawgroup.com user3 at xxxxlawgroup.com
<mailto:user3 at xxxxlawgroup.com>
_*master.cf*_
smtp inet n - y - - smtpd
submission inet n - y - - smtpd
-o syslog_name=postfix/submission
-o smtpd_tls_security_level=encrypt
-o smtpd_sasl_auth_enable=yes
-o smtpd_recipient_restrictions=permit_sasl_authenticated,reject
-o smtpd_relay_restrictions=permit_sasl_authenticated,reject
-o smtpd_sasl_type=dovecot
-o smtpd_sasl_path=private/auth
-o smtpd_sasl_security_options=noanonymous
-o smtpd_sasl_local_domain=$myhostname
-o smtpd_client_restrictions=permit_sasl_authenticated,reject
-o smtpd_sender_login_maps=/etc/postfix/virtual
pickup unix n - y 60 1 pickup
cleanup unix n - y - 0 cleanup
qmgr unix n - n 300 1 qmgr
tlsmgr unix - - y 1000? 1 tlsmgr
rewrite unix - - y - - trivial-rewrite
bounce unix - - y - 0 bounce
defer unix - - y - 0 bounce
trace unix - - y - 0 bounce
verify unix - - y - 1 verify
flush unix n - y 1000? 0 flush
proxymap unix - - n - - proxymap
proxywrite unix - - n - 1 proxymap
smtp unix - - y - - smtp
relay unix - - y - - smtp
-o syslog_name=postfix/$service_name
showq unix n - y - - showq
error unix - - y - - error
retry unix - - y - - error
discard unix - - y - - discard
local unix - n n - - local
virtual unix - n n - - virtual
lmtp unix - - y - - lmtp
anvil unix - - y - 1 anvil
scache unix - - y - 1 scache
postlog unix-dgram n - n - 1 postlogd
maildrop unix - n n - - pipe
flags=DRhu user=vmail argv=/usr/bin/maildrop -d ${recipient}
uucp unix - n n - - pipe
flags=Fqhu user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail
($recipient)
ifmail unix - n n - - pipe
flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient)
bsmtp unix - n n - - pipe
flags=Fq. user=bsmtp argv=/usr/lib/bsmtp/bsmtp -t$nexthop -f$sender
$recipient
scalemail-backend unix - n n - 2 pipe
flags=R user=scalemail argv=/usr/lib/scalemail/bin/scalemail-store
${nexthop} ${user} ${extension}
mailman unix - n n - - pipe
flags=FR user=list argv=/usr/lib/mailman/bin/postfix-to-mailman.py
${nexthop} ${user}
--
Jon Kelly
CNE
kelly at kel-tek.com
p 714.894.0130
For service calls, please email service at kel-tek.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
<https://dovecot.org/pipermail/dovecot/attachments/20200428/af10af61/attachment-0001.html>
Peter
2020-Apr-28 23:05 UTC
trying to authenticate postfix against Dovecot 2.3.4.1 passwd-file, using lmtp
On 29/04/20 8:55 am, kelly wrote:> Sorry for all the notes; > > I'm trying to have postfix 3.4.8, trying to authenticate postfix against > Dovecot 2.3.4.1 passwd-file, using lmtp. > > Not sure if I'm failing because of a smtp failure or I'm not getting > authenticated by dovecot. > > > > main.cf > > virtual_transport=lmtp:unix:private/dovecot-lmtp > > > > _*postfix log*_ > > connect from unknown[192.168.212.227] > > Apr 28 13:42:14 mail3 postfix/smtpd[21859]: lost connection after EHLO > from unknown[192.168.212.227] > > Apr 28 13:42:14 mail3 postfix/smtpd[21859]: disconnect from > unknown[192.168.212.227] ehlo=2 starttls=1 commands=3This is a postfix issue, you need to ask for help on the postfix mailing list. Make sure you read and follow the DEBUG_README that comes with postfix when posting your question. Peter