On 11/10/15 11:49, Patrick Ben Koetter wrote:
> * niya levi <niyal...@gmail.com>:
>> nano /etc/dovecot/dovecot.conf
>>
>> service auth {
>> unix_listener /var/spool/postfix/private/auth {
>> group = postfix
>> mode = 0666
>> user = postfix
>> }
>> }
> No reason to let others read auth data. Make that:
>
> mode = 0660
>
>> postconf -n
>> broken_sasl_auth_clients = yes
>>
>>
>> myorigin = $myhostname
>> smtpd_sasl_auth_enable = yes
>> smtpd_sasl_exceptions_networks = $mynetworks
>> smtpd_sasl_local_domain = $myhostname
>> smtpd_sasl_path = private/auth
>> smtpd_sasl_security_options = noanonymous noplaintext
> That's the problem. Your dovecot server only annouces PLAIN as auth mechanism
> (by default). Modify the smtpd_sasl_security_options like this:
>
> smtpd_sasl_security_options = noanonymous
>
> Then try again.
>
> I suggest to configure your mail server to offer SMTP AUTH on submission (587)
> only. Enforce TLS on the submission port and PLAIN will be safe to use.
>
> p@rick
>
>> Oct 11 10:45:43 testy postfix/smtpd[16760]:
>> xsasl_dovecot_server_mech_filter: skip mechanism: PLAIN
>> Oct 11 10:45:43 testy postfix/smtpd[16760]:
>> xsasl_dovecot_server_mech_filter: skip mechanism: LOGIN
>> Oct 11 10:45:43 testy postfix/smtpd[16760]: fatal: no SASL authentication
>> mechanisms
thanks p@rick
have corrected smtpd_sasl_security_options.
> I suggest to configure your mail server to offer SMTP AUTH on submission (587)
> only. Enforce TLS on the submission port and PLAIN will be safe to use.
should i change smtpd_sasl_auth_enable = yes to no in main.cf
move the rest of the sasl entries in main.cf yo master.cf
and change the smtpd_tls_auth_only in the submission section in
master.cf to yes ?
shadrock
