search for: authrelay

Hi, I am trying to create an authenticated relay server using Postfix and Dovecot. However I am having two problems : (a) If I create a dovecot config entry as follows : unix_listener /var/spool/postfix-authrelay/private/dovecot-auth { group = postfix mode = 0666 user = postfix } Dovecot is unable to create the socket ? I thought surely if dovecot is started as root it should create the socket before dropping privileges ? (b) The alternative method of TCP SASL is not working either: 250 DSN...

On Thursday, October 11, 2018 12:07 PM, Ralph Seichter <m16+dovecot at monksofcool.net> wrote: > On 11.10.18 11:30, Laura Smith wrote: > > > unix_listener /var/spool/postfix-authrelay/private/dovecot-auth { > > group = postfix > > mode = 0666 > > user = postfix > > } > > I suggest using "mode = 0660" instead. Makes no difference. > > > Dovecot is unable to create the socket ? > > What exactly do the logs show? Erm, they...

...is not using root to access the directory then it is not going to be able to chmod the socket later is it ? > > You should probably check few things: > > 1. check dmesg or /var/log/audit/audit.log for any possible security framework problems > 2. check namei -vl /var/spool/postfix-authrelay/private/dovecot-auth for anything strange > 3. there is some reason the socket is not bound into, dovecot creates these sockets as root. > > Aki > Thanks. It ended up being an AppArmor issue. That's now fixed the socket gets created. However, the first part of my problem des...

...mode = 0660" instead. > > Makes no difference. That was meant to increase security, not to fix your problem. > > What exactly do the logs show? > > Erm, they show exactly what I posted earlier ? No. Earlier, you posted this: > 2018-10-11T10:17:40.491483+01:00 X postfix-authrelay/smtpd[18312]: > warning: X[X]: SASL PLAIN authentication failed: That's just a warning about an authentication failure. Now this: > 2018-10-11T12:14:15.467791+01:00 X dovecot: master: Error: > bind(/var/spool/postfix-authrelay/private/dovecot-auth) failed: > Permission denied >...

> That's a permission error. Somewhere in your directory hierarchy things > are off. See Postfix' set-permissions command. > But surely if Dovecot is staring as root then directory permissions are relevant, especially if I'm then asking the config to chmod the file anway ? To me, it seems dovecot is not behaving correctly, because if it is not using root to access the

On 11.10.18 11:30, Laura Smith wrote: > unix_listener /var/spool/postfix-authrelay/private/dovecot-auth { > group = postfix > mode = 0666 > user = postfix > } I suggest using "mode = 0660" instead. > Dovecot is unable to create the socket ? What exactly do the logs show? > postconf -c /etc/postfix-authrelay | fgrep sasl As described in http:...

...} ? mailbox Trash { ??? special_use = \Trash ? } ? prefix = } passdb { ? args = /etc/dovecot/local_sql_users.conf ? driver = sql } service auth { ? inet_listener { ??? address = 127.0.0.1 ??? port = 7425 ? } ? inet_listener { ??? address = ::1 ??? port = 7425 ? } ? unix_listener /var/spool/postfix-authrelay/private/dovecot-auth { ??? group = postfix ??? mode = 0660 ??? user = postfix ? } } ssl = no The local_sql_users.conf is the same one that's used on the functioning IMAP servers, just copied accross to the authenticated relay server: $ sudo cat /etc/dovecot/local_sql_users.conf driver = pgsql...

On 11/10/2018 14:21, Laura Smith wrote: > On Thursday, October 11, 2018 12:07 PM, Ralph Seichter <m16+dovecot at monksofcool.net> wrote: > >> On 11.10.18 11:30, Laura Smith wrote: >> >>> unix_listener /var/spool/postfix-authrelay/private/dovecot-auth { >>> group = postfix >>> mode = 0666 >>> user = postfix >>> } >> I suggest using "mode = 0660" instead. > Makes no difference. Do you have SELinux or the like running on the system? Good luck, Reio -------------- next...

...correctly, because if it is not using root to access the directory then it is not going to be able to chmod the socket later is it ? You should probably check few things: 1. check dmesg or /var/log/audit/audit.log for any possible security framework problems 2. check namei -vl /var/spool/postfix-authrelay/private/dovecot-auth for anything strange 3. there is *some* reason the socket is not bound into, dovecot creates these sockets as root. Aki

...ostfix) with ESMTP id 301233FDA8 for <jdeneut-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org>; Tue, 8 Mar 2005 22:51:55 -0800 (PST) X-Eon-Sig: AQIdLpBCLp0L6UAQSwIAAAAB,99b3d5966c8c0368c842a831fa4ddfdd Received: from smtp.everyone.net (62.245.95.172 [62.245.95.172]) by pmta01.mta.everyone.net (EON-AUTHRELAY) with ESMTP id 24AB116D for <jdeneut-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org>; Tue, 8 Mar 2005 22:51:55 -0800 Date: Wed, 9 Mar 2005 07:51:53 +0100 From: do-not-reply-5tc4TXWwyLM@public.gmane.org To: jdeneut-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org Subject: =Thank you for your bug report Conte...