* Jeff Lacki <j...@rahul.net>: > > Im trying to setup SASL+TLS+dovecot. Overall Ive > gotten things somewhat working, but have a couple questions > since Im new to this aspect of postfix. > > I get 'fatal: no SASL authentication mechanisms' in maillog > I ran saslfinger and it showed no mechanisms, > > my /usr/lib/sasl2/smtpd.conf contains: > > pwcheck_method: saslauthd > mech_list: plain login
Forget saslfinger for Dovecot. It was made for debugging Cyrus SASL only. Also forget /usr/lib/sasl2/smtpd.conf. It configures Cyrus SASL, but you want Dovecot SASL. You have smtpd_sasl_type = dovecot, which is correct. You also have smtpd_tls_auth_only = yes, which only let's you AUTH once a TLS connection has been established. Turn it off, while you test. Have you verified SMTP AUTH works without TLS? If you get "fatal: no SASL authentication mechanisms" then Dovecot likely doesn't export any mechanisms to Postfix. To have it do so you will have to tweak Dovecots configuration. p...@rick > saslauthd is installed and running > > I dont think it matters, but I have what many others > said they were missing: cyrus-sasl-plain installed. > > Am I supposed to add other 'mechanisms' and if so, > how do I do so? Which packages do I add etc? > > Thanks! > > my postconf -n: > > ddress_verify_map = hash:/etc/postfix/address_verify_map > alias_maps = hash:/etc/postfix/aliases > allow_percent_hack = yes > append_at_myorigin = yes > append_dot_mydomain = yes > broken_sasl_auth_clients = yes > canonical_maps = hash:/etc/postfix/canonical > command_directory = /usr/sbin > config_directory = /etc/postfix > daemon_directory = /usr/libexec/postfix > data_directory = /var/lib/postfix > debug_peer_level = 2 > default_transport = smtp > disable_vrfy_command = yes > empty_address_recipient = MAILER-DAEMON > header_checks = regexp:/etc/postfix/header_checks > html_directory = no > ignore_mx_lookup_error = no > in_flow_delay = 1s > inet_interfaces = all > mail_owner = postfix > mail_spool_directory = /var/spool/mail > mailq_path = /usr/bin/mailq.postfix > manpage_directory = /usr/share/man > message_size_limit = 15000000 > mydestination = $myhostname, localhost.$mydomain $mydomain > myhostname = mydomain.com > mynetworks = 127.0.0.0/8 > mynetworks_style = subnet > myorigin = $myhostname > newaliases_path = /usr/bin/newaliases.postfix > notify_classes = resource,software > parent_domain_matches_subdomains = > queue_directory = /var/spool/postfix > readme_directory = /usr/share/doc/postfix-2.4.5/README_FILES > relay_domains = $mynetworks > sample_directory = /usr/share/doc/postfix-2.4.5/samples > sendmail_path = /usr/sbin/sendmail.postfix > setgid_group = postdrop > smtp_always_send_ehlo = no > smtp_connect_timeout = 30s > smtp_data_done_timeout = 600s > smtp_data_init_timeout = 120s > smtp_data_xfer_timeout = 180s > smtp_destination_concurrency_limit = 10 > smtp_helo_timeout = 300s > smtp_mail_timeout = 300s > smtp_never_send_ehlo = no > smtp_pix_workaround_delay_time = 10s > smtp_pix_workaround_threshold_time = 500s > smtp_quit_timeout = 300s > smtp_rcpt_timeout = 300s > smtp_sasl_mechanism_filter = login > smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd > smtp_sasl_security_options = noanonymous > smtp_skip_5xx_greeting = yes > smtp_skip_quit_response = yes > smtp_tls_note_starttls_offer = yes > smtp_use_tls = yes > smtpd_client_restrictions = permit_mynetworks, check_client_access > hash:/etc/postfix/client_access > smtpd_data_restrictions = reject_unauth_pipelining, permit > smtpd_hard_error_limit = 6 > smtpd_helo_required = yes > smtpd_helo_restrictions = permit_mynetworks, check_client_access > hash:/etc/postfix/good_clients, hash:/etc/postfix/access, > hash:/etc/postfix/bad_ips, reject_unknown_helo_hostname, > reject_non_fqdn_hostname, reject_unauth_destination, > reject_unauth_pipelining, > reject_invalid_hostname,reject_unknown_hostname > smtpd_recipient_restrictions = permit_mynetworks, > permit_sasl_authenticated, reject_unauth_destination > smtpd_restriction_classes = restrictive, permissive > smtpd_sasl_auth_enable = yes > smtpd_sasl_authenticated_header = yes > smtpd_sasl_local_domain = > smtpd_sasl_path = private/auth > smtpd_sasl_security_options = noanonymous, noplaintext > smtpd_sasl_tls_security_options = $smtpd_sasl_security_options > smtpd_sasl_type = dovecot > smtpd_sender_login_maps = hash:/etc/postfix/controlled_envelope_senders > smtpd_sender_restrictions = reject_unknown_sender_domain > smtpd_soft_error_limit = 4 > smtpd_tls_CAfile = /etc/postfix/ssl/cacert.pem > smtpd_tls_auth_only = yes > smtpd_tls_cert_file = /etc/postfix/ssl/smtpd.crt > smtpd_tls_key_file = /etc/postfix/ssl/smtpd.key > smtpd_tls_loglevel = 1 > smtpd_tls_received_header = yes > smtpd_tls_session_cache_timeout = 3600s > smtpd_use_tls = yes > tls_random_source = dev:/dev/urandom > unknown_local_recipient_reject_code = 550 > unverified_recipient_reject_code = 550 > virtual_alias_domains = nim-phila.org > virtual_alias_maps = hash:/etc/postfix/virtual > > -- All technical questions asked privately will be automatically answered on the list and archived for public access unless privacy is explicitely required and justified. saslfinger (debugging SMTP AUTH): <http://postfix.state-of-mind.de/patrick.koetter/saslfinger/>
