[Dovecot] Dovecot SASL Postfix
This is probably a dumb question, but I'll ask anyway. I am currently using Postfix with Dovecot and Cyrus-SASL. I want to switch over to Dovecot SASL. The regular Dovecot user/password file is not the same as the file used by cyrus-sasl. Usewr names and passwords are different. I created a flat file that dovecot can use for SASL look-ups; however, exactly where in the Dovecot config file to I place the entry. -- Jerry ♔ Disclaimer: off-list followups get on-list replies or get ignored. Please do not ignore the Reply-To header. __
Re: [Dovecot] Dovecot SASL Postfix
Am 17.03.2013 13:04, schrieb Jerry: I am currently using Postfix with Dovecot and Cyrus-SASL. I want to switch over to Dovecot SASL. The regular Dovecot user/password file is not the same as the file used by cyrus-sasl I created a flat file that dovecot can use for SASL look-ups the main benefit of dovecot SASL is that SMTP auth is using exactly the same users/passwords and auth-mechs as imap/pop3 - so i do not understand why you want create anything special signature.asc Description: OpenPGP digital signature
Re: [Dovecot] Dovecot SASL Postfix
On Sun, 17 Mar 2013 13:21:38 +0100 Reindl Harald articulated: Am 17.03.2013 13:04, schrieb Jerry: I am currently using Postfix with Dovecot and Cyrus-SASL. I want to switch over to Dovecot SASL. The regular Dovecot user/password file is not the same as the file used by cyrus-sasl I created a flat file that dovecot can use for SASL look-ups the main benefit of dovecot SASL is that SMTP auth is using exactly the same users/passwords and auth-mechs as imap/pop3 - so i do not understand why you want create anything special Because that is the way the system was originally configured. I had nothing to do with it. The system uses a simple format: u...@doman.com password The SASL mechanism presently in use uses: u...@hostname.domain.compassword Worse, the passwords are not the same in both instances. If I try to implement one system I will have to deal with all of the present users and get them all on the same page. That is not something I really want to invest time in right now. If dovecot could be told to use a specific file then that would simplify things greatly. Besides, the SASL file does not need all of the information contained in the regular Dovecot user/passwd file. Otherwise, I might just give up on this entire endeavor. -- Jerry ♔ Disclaimer: off-list followups get on-list replies or get ignored. Please do not ignore the Reply-To header. __ signature.asc Description: PGP signature
Re: [Dovecot] Dovecot SASL Postfix
On 2013-03-17 9:08 AM, Jerry je...@seibercom.net wrote: Because that is the way the system was originally configured. I had nothing to do with it. The system uses a simple format: u...@doman.com password The SASL mechanism presently in use uses: u...@hostname.domain.compassword Worse, the passwords are not the same in both instances. If I try to implement one system I will have to deal with all of the present users and get them all on the same page. That is not something I really want to invest time in right now. If dovecot could be told to use a specific file then that would simplify things greatly. Besides, the SASL file does not need all of the information contained in the regular Dovecot user/passwd file. Otherwise, I might just give up on this entire endeavor. Personally, I would *much* prefer the pain of changing everyone over to a single password backend for both just one time, than to have to continue to maintain a broken system. -- Best regards, Charles
Re: [Dovecot] Dovecot SASL Postfix
Am 17.03.2013 14:08, schrieb Jerry: the main benefit of dovecot SASL is that SMTP auth is using exactly the same users/passwords and auth-mechs as imap/pop3 - so i do not understand why you want create anything special Because that is the way the system was originally configured. I had nothing to do with it. time to fix it or not touch it at all The system uses a simple format: u...@doman.compassword The SASL mechanism presently in use uses: u...@hostname.domain.com password pff - sounds funny for the users whoever did set this up - seek and punish this guy :-) Worse, the passwords are not the same in both instances. If I try to implement one system I will have to deal with all of the present users and get them all on the same page. That is not something I really want to invest time in right now. so do not touch it at all or do it right for one last time If dovecot could be told to use a specific file then that would simplify things greatly. Besides, the SASL file does not need all of the information contained in the regular Dovecot user/passwd file. Otherwise, I might just give up on this entire endeavor. how should it be told? dovecot has it's passwords and usernames, they are still used for IMAP/POP3 if postfix is using dovecot-SASL dovecot will take over SASL auth at all and is using it's usernames and passwords signature.asc Description: OpenPGP digital signature
Re: [Dovecot] Dovecot SASL Postfix
On Sun, 17 Mar 2013 17:27:04 +0100 Reindl Harald articulated: Am 17.03.2013 14:08, schrieb Jerry: the main benefit of dovecot SASL is that SMTP auth is using exactly the same users/passwords and auth-mechs as imap/pop3 - so i do not understand why you want create anything special Because that is the way the system was originally configured. I had nothing to do with it. time to fix it or not touch it at all The system uses a simple format: u...@doman.com password The SASL mechanism presently in use uses: u...@hostname.domain.compassword pff - sounds funny for the users whoever did set this up - seek and punish this guy :-) Worse, the passwords are not the same in both instances. If I try to implement one system I will have to deal with all of the present users and get them all on the same page. That is not something I really want to invest time in right now. so do not touch it at all or do it right for one last time If dovecot could be told to use a specific file then that would simplify things greatly. Besides, the SASL file does not need all of the information contained in the regular Dovecot user/passwd file. Otherwise, I might just give up on this entire endeavor. how should it be told? dovecot has it's passwords and usernames, they are still used for IMAP/POP3 if postfix is using dovecot-SASL dovecot will take over SASL auth at all and is using it's usernames and passwords From what I was told, it was originally set up so that if a user's mailbox password was compromised, it would not also compromise their SASL password. Actually, it does seem to make a somewhat more secure system. Having an optional file for use strictly with SASL in Dovecot would seem like something that could be quite useful under the right circumstances. In any case, I will revisit this problem when I feel inclined to fight with the current users of the system. -- Jerry ♔ Disclaimer: off-list followups get on-list replies or get ignored. Please do not ignore the Reply-To header. __ signature.asc Description: PGP signature
[Dovecot] dovecot sasl + postfix issue
Hello, I'm trying to configure postfix + Dovecot SASL for user authenticated mail relay. I set following configuration on postfix queue_directory = /var/spool/postfix smtpd_sasl_auth_enable = yes smtpd_sasl_type = dovecot smtpd_sasl_path = private/auth smtpd_sasl_authenticated_header = yes smtpd_sasl_security_options = noanonymous smtpd_sasl_local_domain = $myhostname broken_sasl_auth_clients = yes smtpd_recipient_restrictions = reject_unknown_sender_domain, reject_unknown_recipient_domain, reject_unauth_pipelining, permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination Following are dovecot -n # 2.0.19: /etc/dovecot/dovecot.conf # OS: Linux 3.2.0-29-generic x86_64 Ubuntu 12.04.1 LTS auth_mechanisms = plain login digest-md5 base_dir = /var/run/dovecot/ mail_location = maildir:~/Maildir managesieve_notify_capability = mailto managesieve_sieve_capability = fileinto reject envelope encoded-character vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy include variables body enotify environment mailbox date ihave passdb { driver = pam } plugin { sieve = ~/.dovecot.sieve sieve_dir = ~/sieve } protocols = imap pop3 sieve service auth { unix_listener /var/spool/postfix/private/auth { group = postfix mode = 0660 user = postfix } unix_listener /var/spool/postfix/private/dovecot-auth { group = postfix mode = 0660 user = postfix } } ssl_cert = /etc/ssl/certs/dovecot.pem ssl_cipher_list = ALL:!LOW:!SSLv2:ALL:!aNULL:!ADH:!eNULL:!EXP:RC4+RSA:+HIGH:+MEDIUM ssl_key = /etc/ssl/private/dovecot.pem userdb { driver = passwd } protocol imap { imap_client_workarounds = delay-newmail mail_max_userip_connections = 10 } protocol pop3 { mail_max_userip_connections = 10 pop3_client_workarounds = outlook-no-nuls oe-ns-eoh } protocol lda { deliver_log_format = msgid=%m: %$ mail_plugins = sieve postmaster_address = postmaster quota_full_tempfail = yes rejection_reason = Your message to %t was automatically rejected:%n%r when I see telnet localhost 25 eberx@beastie:/etc/dovecot/conf.d$ telnet localhost 25 Trying 127.0.0.1... Connected to localhost. Escape character is '^]'. 220 beastie ESMTP Postfix (Ubuntu) ehlo beastie 250-beastie 250-PIPELINING 250-SIZE 1024 250-VRFY 250-ETRN 250-STARTTLS 250-ENHANCEDSTATUSCODES 250-8BITMIME 250 DSN quit 221 2.0.0 Bye Connection closed by foreign host. there is no 250-AUTH How do I fix this ?
Re: [Dovecot] dovecot sasl + postfix issue
You should get AUTH after you STARTTLS. Bill On 9/3/2012 5:10 AM, tseveendorj wrote: Hello, I'm trying to configure postfix + Dovecot SASL for user authenticated mail relay. I set following configuration on postfix queue_directory = /var/spool/postfix smtpd_sasl_auth_enable = yes smtpd_sasl_type = dovecot smtpd_sasl_path = private/auth smtpd_sasl_authenticated_header = yes smtpd_sasl_security_options = noanonymous smtpd_sasl_local_domain = $myhostname broken_sasl_auth_clients = yes smtpd_recipient_restrictions = reject_unknown_sender_domain, reject_unknown_recipient_domain, reject_unauth_pipelining, permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination Following are dovecot -n # 2.0.19: /etc/dovecot/dovecot.conf # OS: Linux 3.2.0-29-generic x86_64 Ubuntu 12.04.1 LTS auth_mechanisms = plain login digest-md5 base_dir = /var/run/dovecot/ mail_location = maildir:~/Maildir managesieve_notify_capability = mailto managesieve_sieve_capability = fileinto reject envelope encoded-character vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy include variables body enotify environment mailbox date ihave passdb { driver = pam } plugin { sieve = ~/.dovecot.sieve sieve_dir = ~/sieve } protocols = imap pop3 sieve service auth { unix_listener /var/spool/postfix/private/auth { group = postfix mode = 0660 user = postfix } unix_listener /var/spool/postfix/private/dovecot-auth { group = postfix mode = 0660 user = postfix } } ssl_cert = /etc/ssl/certs/dovecot.pem ssl_cipher_list = ALL:!LOW:!SSLv2:ALL:!aNULL:!ADH:!eNULL:!EXP:RC4+RSA:+HIGH:+MEDIUM ssl_key = /etc/ssl/private/dovecot.pem userdb { driver = passwd } protocol imap { imap_client_workarounds = delay-newmail mail_max_userip_connections = 10 } protocol pop3 { mail_max_userip_connections = 10 pop3_client_workarounds = outlook-no-nuls oe-ns-eoh } protocol lda { deliver_log_format = msgid=%m: %$ mail_plugins = sieve postmaster_address = postmaster quota_full_tempfail = yes rejection_reason = Your message to %t was automatically rejected:%n%r when I see telnet localhost 25 eberx@beastie:/etc/dovecot/conf.d$ telnet localhost 25 Trying 127.0.0.1... Connected to localhost. Escape character is '^]'. 220 beastie ESMTP Postfix (Ubuntu) ehlo beastie 250-beastie 250-PIPELINING 250-SIZE 1024 250-VRFY 250-ETRN 250-STARTTLS 250-ENHANCEDSTATUSCODES 250-8BITMIME 250 DSN quit 221 2.0.0 Bye Connection closed by foreign host. there is no 250-AUTH How do I fix this ?
Re: [Dovecot] dovecot SASL + Postfix no IMAP or POP3
On Tue, 2009-04-07 at 08:10 -0700, Roderick A. Anderson wrote: The only issue I see is how to disable IMAP and POP3 and use only the SASL authentication feature. I read that Timo is thinking to _someday_ :-) separate the SASL authentication from the rest of Dovecot, but in the mean time can I just leave out the IMAP and POP3 stuff from dovecot.conf, or is there a disable option? protocols = none signature.asc Description: This is a digitally signed message part
[Dovecot] Dovecot SASL Postfix
Hello, I try to bring Postfix + Dovecot + SASL in the running. Unfortunately, this has not succeeded to me, only the Pop3 daemon runs without problems. /var/log/dovecot.log dovecot: 2009-04-03 01:04:38 Error: auth(default): bind(/var/spool/postifx/private/auth) failed: No such file or directory dovecot: 2009-04-03 01:04:38 Fatal: auth(default): net_listen_unix(/var/spool/postifx/private/auth) failed: No such file or directory dovecot: 2009-04-03 01:04:38 Fatal: Auth process died too early - shutting down /var/log/mail.log Apr 3 01:08:38 server1 postfix/master[14627]: daemon started -- version 2.5.5, configuration /etc/postfix Apr 3 01:09:07 server1 postfix/smtpd[14650]: warning: SASL: Connect to private/auth failed: No such file or directory Apr 3 01:09:07 server1 postfix/smtpd[14650]: fatal: no SASL authentication mechanisms Apr 3 01:09:08 server1 postfix/master[14627]: warning: process /usr/lib/postfix/smtpd pid 14650 exit status 1 Apr 3 01:09:08 server1 postfix/master[14627]: warning: /usr/lib/postfix/smtpd: bad command startup -- throttling - postconf -n alias_maps = hash:/etc/aliases broken_sasl_auth_clients = yes config_directory = /etc/postfix content_filter = smtp-amavis:[127.0.0.1]:10024 home_mailbox = maildir/ mailbox_size_limit = 0 mydestination = $myhostname, mail.silvio-siefke.de, server1.silviosiefke.de myhostname = server1.silviosiefke.de recipient_delimiter = + smtp_sasl_auth_enable = no smtpd_recipient_restrictions = reject_non_fqdn_sender reject_non_fqdn_recipient reject_invalid_helo_hostname reject_non_fqdn_helo_hostname permit_sasl_authenticated permit_mynetworks reject_unauth_destination reject_unlisted_recipient reject_rbl_client zen.spamhaus.org reject_rbl_client dul.dnsbl.sorbs.net reject_rbl_client bl.spamcop.net check_policy_service inet:127.0.0.1:10031 reject_unknown_sender_domain smtpd_sasl_auth_enable = yes smtpd_sasl_type = dovecot smtpd_sasl_path = private/auth smtpd_sasl_local_domain = smtpd_sasl_security_options = noanonymous transport_maps = hash:/etc/postfix/transport unknown_local_recipient_reject_code = 550 virtual_alias_maps = mysql:/etc/postfix/mysql/mysql_virtual_alias_maps.cf virtual_gid_maps = static:1001 virtual_mailbox_base = /usr/local/virtual virtual_mailbox_domains = mysql:/etc/postfix/mysql/mysql_virtual_domains_maps.cf virtual_mailbox_limit = 5120 virtual_mailbox_maps = mysql:/etc/postfix/mysql/mysql_virtual_mailbox_maps.cf virtual_minimum_uid = 1001 virtual_transport = virtual virtual_uid_maps = static:1004 - /usr/local/etc/dovecot.conf base_dir = /var/run/dovecot/ log_path = /var/log/dovecot.log info_log_path = /var/log/dovecot-info.log log_timestamp = %b %d %H:%M:%S ssl_disable = yes auth_verbose=yes auth_debug=yes auth_debug_passwords=yes mail_debug=yes protocols = pop3 imap disable_plaintext_auth = no log_timestamp = %Y-%m-%d %H:%M:%S mail_location = maildir:/usr/local/virtual/%d/%n mail_access_groups = virtual first_valid_uid = 1004 first_valid_gid = 1005 protocol imap { } protocol pop3 { pop3_uidl_format = %08Xu%08Xv } auth default { mechanisms = plain login digest-md5 passdb sql { args = /usr/local/etc/dovecot-sql.conf } userdb sql { args = /usr/local/etc/dovecot-sql.conf } user = root socket listen { client { path = /var/spool/postifx/private/auth mode = 0660 user = postfix group = postfix } } } Has someone a Idea? Greetings Silvio
Re: [Dovecot] Dovecot SASL Postfix
On Fri, 2009-04-03 at 01:28 +0200, kosov...@web.de wrote: dovecot: 2009-04-03 01:04:38 Error: auth(default): bind(/var/spool/postifx/private/auth) failed: No such file or directory postfix, not postifx. signature.asc Description: This is a digitally signed message part
Re: [Dovecot] Dovecot SASL Postfix
Hey Timo Sirainen schrieb: On Fri, 2009-04-03 at 01:28 +0200, kosov...@web.de wrote: dovecot: 2009-04-03 01:04:38 Error: auth(default): bind(/var/spool/postifx/private/auth) failed: No such file or directory postfix, not postifx. Now I must position myself in the corner and be ashamed really. Services run without problems. Tomorrow I go sometimes to the oculist. Many thanks Silvio