Hi dav,
My internet was down overnight, snow plough hit encapsulation point.
These are my postfix config files, plus my dovecot stuff.
Hope it helps.
John A
On 2018-02-11 06:12 PM, David Mehler wrote:
Hello,
Does anyone have Android's aquamail app successfully connecting to a
Postfix server? If so, w hat settings did you use? I keep getting an
authentication denied error. I've tried for authentication choose
automatically, sasl plain, sasl login. For server security I've tried
ssl strict check, ssl accept any (both on port 465), and starttls
strict check and starttls accept any (port 587).
Thanks.
Dave.
alias_maps = hash:/etc/aliases
append_dot_mydomain = no
biff = no
bounce_size_limit = 65536
compatibility_level = 2
content_filter = smtp-amavis:[127.0.0.1]:10024
default_process_limit = 20
delay_warning_time = 12h
disable_vrfy_command = yes
header_size_limit = 32768
home_mailbox = Maildir/
html_directory = /usr/share/doc/postfix/html
inet_protocols = all
mailbox_transport = lmtp:unix:private/dovecot-lmtp
message_size_limit = 32768000
mime_header_checks = pcre:/etc/postfix/maps/mime_header_checks.pcre
mydestination = localhost, localhost.localdomain, localdomain
mydomain = klam.ca
myhostname = smtp.$mydomain
mynetworks = 127.0.0.0/8, [::1]/128
myorigin = $mydomain
postscreen_access_list = permit_mynetworks
postscreen_bare_newline_action = enforce
postscreen_bare_newline_enable = yes
postscreen_blacklist_action = drop
postscreen_disable_vrfy_command = $disable_vrfy_command
postscreen_dnsbl_action = enforce
postscreen_dnsbl_sites = zen.spamhaus.org*3 b.barracudacentral.org*2
bl.spameatingmonkey.net*2 bl.ipv6.spameatingmonkey.net*2 bl.spamcop.net
dnsbl.sorbs.net psbl.surriel.com bl.mailspike.net swl.spamhaus.org*-4
list.dnswl.org=127.[0..255].[0..255].0*-2
list.dnswl.org=127.[0..255].[0..255].1*-3
list.dnswl.org=127.[0..255].[0..255].[2..255]*-4
postscreen_dnsbl_threshold = 3
postscreen_dnsbl_whitelist_threshold = -1
postscreen_enforce_tls = $smtpd_enforce_tls
postscreen_greet_action = enforce
postscreen_helo_required = yes
postscreen_non_smtp_command_enable = yes
postscreen_pipelining_enable = yes
postscreen_use_tls = $smtpd_use_tls
readme_directory = /usr/share/doc/postfix
recipient_delimiter = +
relocated_maps = hash:/etc/postfix/maps/relocated
smtp_dns_support_level = dnssec
smtp_tls_ciphers = high
smtp_tls_exclude_ciphers = DES, MD5, RC2, RC4, RC5, IDEA, SRP, PSK, aDSS,
kECDhe, kECDhr, kDHd, kDHr, SEED, LOW, EXPORT
smtp_tls_mandatory_protocols = !SSLv2, !SSLv3
smtp_tls_protocols = !SSLv2, !SSLv3
smtp_tls_security_level = dane
smtpd_banner = $myhostname ESMTP
smtpd_client_restrictions = reject_unknown_reverse_client_hostname,
reject_rbl_client zen.spamhaus.org, reject_rbl_client b.barracudacentral.org,
reject_rbl_client bl.spameatingmonkey.net, reject_rbl_client
bl.ipv6.spameatingmonkey.net, reject_rbl_client bl.spamcop.net
smtpd_data_restrictions = reject_multi_recipient_bounce,
reject_unauth_pipelining
smtpd_delay_reject = yes
smtpd_error_sleep_time = 1s
smtpd_etrn_restrictions = reject
smtpd_helo_required = yes
smtpd_helo_restrictions = reject_invalid_helo_hostname,
reject_non_fqdn_helo_hostname, check_helo_access
pcre:/etc/postfix/maps/helo_checks.pcre
smtpd_recipient_limit = 128
smtpd_recipient_restrictions = reject_non_fqdn_recipient,
reject_unknown_recipient_domain, check_recipient_access
pcre:/etc/postfix/maps/recipient_checks.pcre, check_recipient_access
hash:/etc/postfix/maps/recipient_checks
smtpd_relay_restrictions = reject_unauth_destination
smtpd_sasl_auth_enable = no
smtpd_sender_restrictions = reject_non_fqdn_sender,
reject_unknown_sender_domain, check_sender_access
hash:/etc/postfix/maps/sender_checks
smtpd_tls_auth_only = yes
smtpd_tls_cert_file = /etc/letsencrypt/live/mail.klam.ca/fullchain.pem
smtpd_tls_ciphers = high
smtpd_tls_eecdh_grade = auto
smtpd_tls_exclude_ciphers = $smtp_tls_exclude_ciphers
smtpd_tls_key_file = /etc/letsencrypt/live/mail.klam.ca/privkey.pem
smtpd_tls_mandatory_protocols = $smtp_tls_mandatory_protocols
smtpd_tls_protocols = $smtp_tls_protocols
smtpd_tls_received_header = yes
smtpd_tls_security_level = may
strict_rfc821_envelopes = yes
transport_maps = hash:/etc/postfix/maps/transport
virtual_alias_maps = proxy:pgsql:/etc/postfix/sql/virtual_alias_map.sql,
proxy:pgsql:/etc/postfix/sql/virtual_alias_domain_map.sql
virtual_mailbox_domains = proxy:pgsql:/etc/postfix/sql/virtual_domain_map.sql
virtual_mailbox_maps = proxy:pgsql:/etc/postfix/sql/virtual_mailbox_map.sql,
proxy:pgsql:/etc/postfix/sql/virtual_alias_domain_mailbox_map.sql
virtual_transport = lmtp:unix:private/dovecot-lmtp
smtp inet n - n - 1 postscreen
smtpd pass - - n - - smtpd -o
cleanup_service_name=pre-cleanup
pickup fifo n - n 60 1 pickup -o
cleanup_service_name=pre-cleanup
submission inet n - n - 30 smtpd -o
content_filter=smtp-amavis:[127.0.0.1]:10026 -o syslog_name=postfix/submission
-o smtpd_tls_security_level=encrypt -o smtpd_sasl_auth_enable=yes -o
smtpd_sasl_type=dovecot -o smtpd_sasl_path=private/dovecot-auth -o
smtpd_sasl_local_domain=$mydomain -o broken_sasl_auth_clients=yes -o
smtpd_sasl_authenticated_header=yes -o smtpd_client_restrictions= -o
smtpd_data_restrictions= -o smtpd_etrn_restrictions=reject -o
smtpd_helo_restrictions= -o {smtpd_recipient_restrictions=check_sender_access
hash:/etc/postfix/maps/submission_access, reject} -o smtpd_relay_restrictions=
-o smtpd_sender_restrictions= -o smtpd_client_connection_count_limit=15 -o
smtpd_client_connection_rate_limit=80 -o smtpd_delay_reject=yes -o
cleanup_service_name=pre-cleanup
qmgr fifo n - n 300 1 qmgr
tlsmgr unix - - n 1000? 1 tlsmgr
rewrite unix - - n - - trivial-rewrite
bounce unix - - n - 0 bounce
defer unix - - n - 0 bounce
trace unix - - n - 0 bounce
verify unix - - n - 1 verify
flush unix n - n 1000? 0 flush
proxymap unix - - n - - proxymap
proxywrite unix - - n - 1 proxymap
smtp unix - - n - - smtp -o
smtp_sasl_auth_enable=no -o smtp_bind_address=74.116.186.178 -o
smtp_bind_address6=2606:6d00:100:4301::1:200
relay unix - - n - - smtp
showq unix n - n - - showq
error unix - - n - - error
retry unix - - n - - error
discard unix - - n - - discard
local unix - n n - - local
virtual unix - n n - - virtual
lmtp unix - - n - - lmtp
anvil unix - - n - 1 anvil
scache unix - - n - 1 scache
smtp-amavis unix - - n - 4 smtp -o
smtp_data_done_timeout=1200 -o smtp_send_xforward_command=yes -o
smtp_tls_note_starttls_offer=no
127.0.0.1:10025 inet n - n - - smtpd -o
content_filter= -o mynetworks=127.0.0.0/8 -o smtpd_delay_reject=no -o
smtpd_client_restrictions=permit_mynetworks,reject -o smtpd_helo_restrictions=
-o smtpd_sender_restrictions= -o
smtpd_relay_restrictions=permit_mynetworks,reject -o
smtpd_recipient_restrictions=permit_mynetworks,reject -o
smtpd_data_restrictions=reject_unauth_pipelining -o
smtpd_end_of_data_restrictions= -o smtpd_restriction_classes= -o
smtpd_error_sleep_time=0 -o smtpd_soft_error_limit=1001 -o
smtpd_hard_error_limit=1000 -o smtpd_client_connection_count_limit=0 -o
smtpd_client_connection_rate_limit=0 -o local_header_rewrite_clients= -o
local_recipient_maps= -o
receive_override_options=no_header_body_checks,no_unknown_recipient_checks,no_milters
-o smtpd_tls_security_level=none -o local_recipient_maps= -o
relay_recipient_maps=
pre-cleanup unix n - n - 0 cleanup -o
virtual_alias_maps=
cleanup unix n - n - 0 cleanup -o
mime_header_checks= -o nested_header_checks= -o header_checks= -o body_checks=
dnsblog unix - - n - 0 dnsblog
tlsproxy unix - - n - 0 tlsproxy
# 2.0.18: /etc/dovecot/dovecot.conf
# OS: Linux 3.2.0-2-amd64 x86_64 Debian wheezy/sid ext4
#===================================================================================
protocols = imap lmtp sieve
mail_home = /srv/vmail/%d/%n/home
mail_location = maildir:/srv/vmail/%d/%n/maildir
mail_uid = vmail
mail_gid = vmail
mail_privileged_group = vmail
first_valid_uid = 1001
last_valid_uid = 0
first_valid_gid = 1001
last_valid_gid = 0
lda_mailbox_autocreate = yes
lda_mailbox_autosubscribe = yes
recipient_delimiter = +
lmtp_save_to_detail_mailbox = yes
maildir_copy_with_hardlinks = yes
maildir_very_dirty_syncs = yes
maildir_broken_filename_sizes = yes
#===================================================================================
listen = *,[::]
disable_plaintext_auth = yes
auth_mechanisms = digest-md5 cram-md5 login
passdb {
driver = sql
args = /etc/dovecot/sql/dovecot-sql.conf.ext
}
userdb {
driver = static
args = uid=vmail gid=vmail home=/srv/vmail/%d/%n/home
mail=maildir:/srv/vmail/%d/%n/maildir
}
#===================================================================================
#log_path = syslog
log_path = /var/log/dovecot.log
syslog_facility = mail
mail_debug=no
log_timestamp = "%Y-%m-%d %H:%M:%S %b %d - "
#===================================================================================
ssl = required
ssl_cert = </etc/letsencrypt/live/mail.klam.ca/fullchain.pem
ssl_key = </etc/letsencrypt/live/mail.klam.ca/privkey.pem
ssl_protocols = !SSLv3
ssl_cipher_list =
ALL:!LOW:!ADH:!SSLv2:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!SRP:!DSS:!RC4:+HIGH:+MEDIUM
#===================================================================================
namespace inbox {
type = private
separator = .
inbox = yes
subscriptions = yes
}
#===================================================================================
service lmtp {
unix_listener /var/spool/postfix/private/dovecot-lmtp {
group = postfix
mode = 0660
user = postfix
}
}
protocol lmtp {
mail_plugins = sieve
mail_fsync = optimized
postmaster_address = [email protected]
}
#===================================================================================
service auth {
unix_listener /var/spool/postfix/private/dovecot-auth {
group = postfix
mode = 0660
user = postfix
}
unix_listener auth-master {
group = vmail
mode = 0660
user = vmail
}
user = root
}
#===================================================================================
service imap-login {
inet_listener imap {
port = 0
}
inet_listener imaps {
port = 993
}
}
service imap {
}
protocol imap {
mail_plugins = imap_sieve
imap_client_workarounds = delay-newmail tb-extra-mailbox-sep
mail_max_userip_connections = 30
}
#===================================================================================
service managesieve-login {
inet_listener sieve {
port = 4190
}
# 1 is more secure, but 0 is faster
# service_count = 1
# process_min_avail = 0
# vsz_limit = 64M
}
service managesieve {
# Max. number of ManageSieve processes (connections)
# process_limit = 1024
}
# Service configuration
protocol sieve {
# managesieve_max_line_length = 65536
# mail_max_userip_connections = 10
# managesieve_logout_format = bytes=%i/%o
# managesieve_implementation_string = Dovecot Pigeonhole
# managesieve_max_compile_errors = 5
}
plugin {
sieve = file:~/sieve;active=~/.dovecot.sieve
# sieve_default = /srv/vmail/conf.d/sieve/default.sieve
# sieve_default_name = default
# sieve_global = /srv/vmail/conf.d/sieve
# sieve_before = /var/lib/dovecot/sieve.d/
# sieve_before2 = ldap:/etc/sieve-ldap.conf;name=ldap-domain
# sieve_before3 = (etc...)
# sieve_after =
# sieve_after2 =
# sieve_after2 = (etc...)
sieve_extensions = +notify +imapflags
recipient_delimiter = +
# The path to the file where the user log is written. If not configured, a
# default location is used. If the main user's personal Sieve (as configured
# with sieve=) is a file, the logfile is set to <filename>.log by default. If
# it is not a file, the default user log file is ~/.dovecot.sieve.log.
sieve_user_log = ~/.dovecot.sieve.log
# Specifies what envelope sender address is used for redirected messages.
# The following values are supported for this setting:
#
# "sender" - The sender address is used (default).
# "recipient" - The final recipient address is used.
# "orig_recipient" - The original recipient is used.
# "user_email" - The user's primary address is used. This is
# configured with the "sieve_user_email" setting. If
# that setting is unconfigured, "user_mail" is equal to
# "recipient".
# "postmaster" - The postmaster_address configured for the LDA.
# "<user@domain>" - Redirected messages are always sent from user@domain.
# The angle brackets are mandatory. The null "<>" address
# is also supported.
#
# This setting is ignored when the envelope sender is "<>". In that case the
# sender of the redirected message is also always "<>".
#sieve_redirect_envelope_from = sender
## TRACE DEBUGGING
# Trace debugging provides detailed insight in the operations performed by
# the Sieve script. These settings apply to both the LDA Sieve plugin and the
# IMAPSIEVE plugin.
#
# WARNING: On a busy server, this functionality can quickly fill up the trace
# directory with a lot of trace files. Enable this only temporarily and as
# selective as possible.
# The directory where trace files are written. Trace debugging is disabled if
# this setting is not configured or if the directory does not exist. If the
# path is relative or it starts with "~/" it is interpreted relative to the
# current user's home directory.
#sieve_trace_dir =
# The verbosity level of the trace messages. Trace debugging is disabled if
# this setting is not configured. Possible values are:
#
# "actions" - Only print executed action commands, like keep,
# fileinto, reject and redirect.
# "commands" - Print any executed command, excluding test commands.
# "tests" - Print all executed commands and performed tests.
# "matching" - Print all executed commands, performed tests and the
# values matched in those tests.
sieve_trace_level = actions
# Enables highly verbose debugging messages that are usually only useful for
# developers.
#sieve_trace_debug = yes
# Enables showing byte code addresses in the trace output, rather than only
# the source line numbers.
#sieve_trace_addresses = no
}
#==================================================================================
