I've set up a new dovecot+postfix instance with virtual (not system) users.
I've a few questions, mostly about auth. I /think/ that postfix handles auth by asking dovecot. Users need to provide user + password to send (smtps) and receive (imaps). I see where I've configured this for dovecot, which is /etc/dovecot/passwd.db. That file contains lines like this: j...@mobilitains.fr:{BLF-CRYPT}$2y$05$c... What concerns me is that I see occasional log items like this: Jan 24 11:26:33 nantes-m1 postfix/smtpd[4597]: fatal: no SASL authentication mechanisms (Also, I can't connect with thunderbird.) But I think I've configured SASL auth, so I'm not sure what to look at / how to debug this. I'm looking for suggestions how to approach this. I do not see how postfix knows who is allowed to connect, however. Am I correct that postfix delegates SASL to dovecot? This is the relevant config, I think: [T] jeff@nantes-m1:log $ doveconf -n # 2.3.7.2 (3c910f64b): /etc/dovecot/dovecot.conf # Pigeonhole version 0.5.7.2 () # OS: Linux 5.4.0-64-generic x86_64 Ubuntu 20.04.1 LTS # Hostname: nantes-m1.p27.eu auth_verbose = yes mail_location = mbox:~/mail:INBOX=/var/mail/%u mail_privileged_group = mail namespace inbox { inbox = yes location = mailbox Archive { auto = subscribe special_use = \Archive } mailbox Drafts { auto = subscribe special_use = \Drafts } mailbox Junk { auto = subscribe special_use = \Junk } mailbox Sent { auto = subscribe special_use = \Sent } mailbox Trash { auto = subscribe special_use = \Trash } prefix = } passdb { args = username_format=%u scheme=blf-crypt /etc/dovecot/passwd.db driver = passwd-file } plugin { sieve = file:~/sieve;active=~/.dovecot.sieve sieve_after = /var/mail/vmail/sieve-after sieve_before = /var/mail/vmail/sieve-before sieve_dir = ~/sieve } protocols = " imap" ssl = required ssl_cert = </etc/letsencrypt/live/nantes-m1.p27.eu/fullchain.pem ssl_client_ca_dir = /etc/ssl/certs ssl_dh = # hidden, use -P to show it ssl_key = # hidden, use -P to show it userdb { args = uid=4000 gid=4000 home=/var/mail/vmail/%d/%n driver = static } protocol lda { deliver_log_format = msgid=%m: %$ mail_plugins = sieve postmaster_address = postmaster@{{ primary_domain }} quota_full_tempfail = yes rejection_reason = Your message to <%t> was automatically rejected:%n%r } protocol imap { imap_client_workarounds = delay-newmail tb-extra-mailbox-sep tb-lsub-flags mail_max_userip_connections = 20 } [T] jeff@nantes-m1:log $ [T] jeff@nantes-m1:log $ postconf -n | grep -i sasl broken_sasl_auth_clients = yes smtpd_recipient_restrictions = reject_unknown_client_hostname,reject_unknown_sender_domain,reject_unknown_recipient_domain,permit_mynetworks,permit_sasl_authenticated,reject_unauth_destination,reject_invalid_hostname,reject_non_fqdn_sender smtpd_relay_restrictions = permit_mynetworks permit_sasl_authenticated defer_unauth_destination smtpd_sasl_auth_enable = yes smtpd_sasl_authenticated_header = yes smtpd_sasl_local_domain = smtpd_sasl_path = private/auth smtpd_sasl_security_options = noanonymous smtpd_sasl_type = dovecot [T] jeff@nantes-m1:log $ postconf -Mf smtp inet n - y - - smtpd submission inet n - y - - smtpd -o syslog_name=postfix/submission -o smtpd_tls_security_level=encrypt -o smtpd_sasl_auth_enable=yes -o smtpd_client_restrictions= -o smtpd_helo_restrictions= -o smtpd_sender_restrictions= -o smtpd_recipient_restrictions= -o smtpd_relay_restrictions=permit_sasl_authenticated,reject -o milter_macro_daemon_name=ORIGINATING smtps inet n - y - - smtpd -o syslog_name=postfix/smtps -o smtpd_tls_wrappermode=yes -o smtpd_sasl_auth_enable=yes -o smtpd_reject_unlisted_recipient=no -o smtpd_client_restrictions= -o smtpd_helo_restrictions= -o smtpd_sender_restrictions= -o smtpd_recipient_restrictions= -o smtpd_relay_restrictions=permit_sasl_authenticated,reject -o milter_macro_daemon_name=ORIGINATING ... Many thanks for any pointers. I'm also a bit confused on how to test it, really, short of connecting with a regular email client (mutt, thunderbird, etc.). If there are more appropriate tools that I've missed, I'm quite open to pointers. -- Jeff Abrahamson +33 6 24 40 01 57 +44 7920 594 255 http://p27.eu/jeff/ http://transport-nantes.com/