>> I've set up dovecot to provide SASL for postfix and as far as I can
>> tell everything is working correctly. However, when I do a ehlo
>> localhost
>> I don't see it announcing anything about AUTH :
>>
>> Connected to localhost.
>> Escape character is '^]'.
>> 220 xxx.yyy.QueensU.CA ESMTP Postfix
>> ehlo localhost
>> 250-xxx.yyy.QueensU.CA
>> 250-PIPELINING
>> 250-SIZE 40960000
>> 250-VRFY
>> 250-ETRN
>> 250-STARTTLS
>> 250-ENHANCEDSTATUSCODES
>> 250 DSN
>> 250-8BITMIME
>>
>> Am I missing something in the configuration of postfix ( or dovecot )
>> ?
>
> My telepathy says "no" but if you had done what
> http://www.postfix.org/DEBUG_README.html#mail advises, I could use less
> inconsistent tools.
>
>> The log files tell me that it authenticates and entering the wrong
>> password
>> makes it fail etc.
>
> Right.
>
> While it is not a default, smtpd_tls_auth_only=yes is a commonly
> recommended and wise setting. You probably have it.
>
Sorry about that : Here is the output of postconf - n :
alias_database = hash:/etc/aliases
alias_maps = hash:/etc/aliases
broken_sasl_auth_clients = yes
command_directory = /usr/sbin
config_directory = /etc/postfix
daemon_directory = /usr/libexec/postfix
data_directory = /var/lib/postfix
debug_peer_level = 2
html_directory = no
inet_interfaces = all
inet_protocols = all
mail_owner = postfix
mailq_path = /usr/bin/mailq.postfix
manpage_directory = /usr/share/man
message_size_limit = 40960000
mydestination = $myhostname, localhost.$mydomain, localhost
mynetworks_style = subnet
newaliases_path = /usr/bin/newaliases.postfix
queue_directory = /var/spool/postfix
readme_directory = /usr/share/doc/postfix-2.6.6/README_FILES
sample_directory = /usr/share/doc/postfix-2.6.6/samples
sendmail_path = /usr/sbin/sendmail.postfix
setgid_group = postdrop
smtpd_delay_reject = yes
smtpd_helo_required = yes
smtpd_helo_restrictions = permit_mynetworks, reject_non_fqdn_helo_hostname,
reject_invalid_helo_hostname, permit
smtpd_recipient_restrictions = reject_unauth_pipelining,
reject_non_fqdn_recipient, reject_unknown_recipient_domain,
permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination,
permit
smtpd_sasl_auth_enable = yes
smtpd_sasl_path = private/auth
smtpd_sasl_security_options = noanonymous
smtpd_sasl_type = dovecot
smtpd_sender_restrictions = permit_mynetworks, reject_non_fqdn_sender,
reject_unknown_sender_domain, permit
smtpd_tls_auth_only = yes
smtpd_tls_cert_file = /etc/pki/tls/certs/postfix.pem
smtpd_tls_key_file = /etc/pki/tls/private/postfix.pem
smtpd_tls_loglevel = 1
smtpd_tls_security_level = may
smtpd_tls_session_cache_database = btree:/var/spool/postfix/smtpd_tls_cache
smtpd_tls_session_cache_timeout = 3600s
tls_random_source = dev:/dev/urandom
unknown_local_recipient_reject_code = 550
And dovecon -n
# 2.0.9: /etc/dovecot/dovecot.conf
# OS: Linux 2.6.32-279.2.1.el6.x86_64 x86_64 CentOS release 6.3 (Final)
auth_debug = yes
auth_verbose = yes
disable_plaintext_auth = no
mbox_write_locks = fcntl
passdb {
driver = pam
}
protocols = imap
service auth {
unix_listener /var/spool/postfix/private/auth {
group = postfix
mode = 0660
user = postfix
}
}
ssl_cert = </etc/pki/dovecot/certs/dovecot.pem
ssl_key = </etc/pki/dovecot/private/dovecot.pem
userdb {
driver = passwd
}
peter
