[Dovecot] Dovecot SASL Postfix
This is probably a dumb question, but I'll ask anyway. I am currently using Postfix with Dovecot and Cyrus-SASL. I want to switch over to Dovecot SASL. The regular Dovecot user/password file is not the same as the file used by cyrus-sasl. Usewr names and passwords are different. I created a flat file that dovecot can use for SASL look-ups; however, exactly where in the Dovecot config file to I place the entry. -- Jerry ♔ Disclaimer: off-list followups get on-list replies or get ignored. Please do not ignore the Reply-To header. __
Re: [Dovecot] Dovecot SASL Postfix
Am 17.03.2013 13:04, schrieb Jerry: I am currently using Postfix with Dovecot and Cyrus-SASL. I want to switch over to Dovecot SASL. The regular Dovecot user/password file is not the same as the file used by cyrus-sasl I created a flat file that dovecot can use for SASL look-ups the main benefit of dovecot SASL is that SMTP auth is using exactly the same users/passwords and auth-mechs as imap/pop3 - so i do not understand why you want create anything special signature.asc Description: OpenPGP digital signature
Re: [Dovecot] Dovecot SASL Postfix
On Sun, 17 Mar 2013 13:21:38 +0100 Reindl Harald articulated: Am 17.03.2013 13:04, schrieb Jerry: I am currently using Postfix with Dovecot and Cyrus-SASL. I want to switch over to Dovecot SASL. The regular Dovecot user/password file is not the same as the file used by cyrus-sasl I created a flat file that dovecot can use for SASL look-ups the main benefit of dovecot SASL is that SMTP auth is using exactly the same users/passwords and auth-mechs as imap/pop3 - so i do not understand why you want create anything special Because that is the way the system was originally configured. I had nothing to do with it. The system uses a simple format: u...@doman.com password The SASL mechanism presently in use uses: u...@hostname.domain.compassword Worse, the passwords are not the same in both instances. If I try to implement one system I will have to deal with all of the present users and get them all on the same page. That is not something I really want to invest time in right now. If dovecot could be told to use a specific file then that would simplify things greatly. Besides, the SASL file does not need all of the information contained in the regular Dovecot user/passwd file. Otherwise, I might just give up on this entire endeavor. -- Jerry ♔ Disclaimer: off-list followups get on-list replies or get ignored. Please do not ignore the Reply-To header. __ signature.asc Description: PGP signature
Re: [Dovecot] Dovecot SASL Postfix
On 2013-03-17 9:08 AM, Jerry je...@seibercom.net wrote: Because that is the way the system was originally configured. I had nothing to do with it. The system uses a simple format: u...@doman.com password The SASL mechanism presently in use uses: u...@hostname.domain.compassword Worse, the passwords are not the same in both instances. If I try to implement one system I will have to deal with all of the present users and get them all on the same page. That is not something I really want to invest time in right now. If dovecot could be told to use a specific file then that would simplify things greatly. Besides, the SASL file does not need all of the information contained in the regular Dovecot user/passwd file. Otherwise, I might just give up on this entire endeavor. Personally, I would *much* prefer the pain of changing everyone over to a single password backend for both just one time, than to have to continue to maintain a broken system. -- Best regards, Charles
Re: [Dovecot] Dovecot SASL Postfix
Am 17.03.2013 14:08, schrieb Jerry: the main benefit of dovecot SASL is that SMTP auth is using exactly the same users/passwords and auth-mechs as imap/pop3 - so i do not understand why you want create anything special Because that is the way the system was originally configured. I had nothing to do with it. time to fix it or not touch it at all The system uses a simple format: u...@doman.compassword The SASL mechanism presently in use uses: u...@hostname.domain.com password pff - sounds funny for the users whoever did set this up - seek and punish this guy :-) Worse, the passwords are not the same in both instances. If I try to implement one system I will have to deal with all of the present users and get them all on the same page. That is not something I really want to invest time in right now. so do not touch it at all or do it right for one last time If dovecot could be told to use a specific file then that would simplify things greatly. Besides, the SASL file does not need all of the information contained in the regular Dovecot user/passwd file. Otherwise, I might just give up on this entire endeavor. how should it be told? dovecot has it's passwords and usernames, they are still used for IMAP/POP3 if postfix is using dovecot-SASL dovecot will take over SASL auth at all and is using it's usernames and passwords signature.asc Description: OpenPGP digital signature
Re: [Dovecot] Dovecot SASL Postfix
On Sun, 17 Mar 2013 17:27:04 +0100 Reindl Harald articulated: Am 17.03.2013 14:08, schrieb Jerry: the main benefit of dovecot SASL is that SMTP auth is using exactly the same users/passwords and auth-mechs as imap/pop3 - so i do not understand why you want create anything special Because that is the way the system was originally configured. I had nothing to do with it. time to fix it or not touch it at all The system uses a simple format: u...@doman.com password The SASL mechanism presently in use uses: u...@hostname.domain.compassword pff - sounds funny for the users whoever did set this up - seek and punish this guy :-) Worse, the passwords are not the same in both instances. If I try to implement one system I will have to deal with all of the present users and get them all on the same page. That is not something I really want to invest time in right now. so do not touch it at all or do it right for one last time If dovecot could be told to use a specific file then that would simplify things greatly. Besides, the SASL file does not need all of the information contained in the regular Dovecot user/passwd file. Otherwise, I might just give up on this entire endeavor. how should it be told? dovecot has it's passwords and usernames, they are still used for IMAP/POP3 if postfix is using dovecot-SASL dovecot will take over SASL auth at all and is using it's usernames and passwords From what I was told, it was originally set up so that if a user's mailbox password was compromised, it would not also compromise their SASL password. Actually, it does seem to make a somewhat more secure system. Having an optional file for use strictly with SASL in Dovecot would seem like something that could be quite useful under the right circumstances. In any case, I will revisit this problem when I feel inclined to fight with the current users of the system. -- Jerry ♔ Disclaimer: off-list followups get on-list replies or get ignored. Please do not ignore the Reply-To header. __ signature.asc Description: PGP signature
[Dovecot] dovecot sasl + postfix issue
Hello,
I'm trying to configure postfix + Dovecot SASL for user authenticated
mail relay.
I set following configuration on postfix
queue_directory = /var/spool/postfix
smtpd_sasl_auth_enable = yes
smtpd_sasl_type = dovecot
smtpd_sasl_path = private/auth
smtpd_sasl_authenticated_header = yes
smtpd_sasl_security_options = noanonymous
smtpd_sasl_local_domain = $myhostname
broken_sasl_auth_clients = yes
smtpd_recipient_restrictions = reject_unknown_sender_domain,
reject_unknown_recipient_domain, reject_unauth_pipelining,
permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination
Following are dovecot -n
# 2.0.19: /etc/dovecot/dovecot.conf
# OS: Linux 3.2.0-29-generic x86_64 Ubuntu 12.04.1 LTS
auth_mechanisms = plain login digest-md5
base_dir = /var/run/dovecot/
mail_location = maildir:~/Maildir
managesieve_notify_capability = mailto
managesieve_sieve_capability = fileinto reject envelope
encoded-character vacation subaddress comparator-i;ascii-numeric
relational regex imap4flags copy include variables body enotify
environment mailbox date ihave
passdb {
driver = pam
}
plugin {
sieve = ~/.dovecot.sieve
sieve_dir = ~/sieve
}
protocols = imap pop3 sieve
service auth {
unix_listener /var/spool/postfix/private/auth {
group = postfix
mode = 0660
user = postfix
}
unix_listener /var/spool/postfix/private/dovecot-auth {
group = postfix
mode = 0660
user = postfix
}
}
ssl_cert = /etc/ssl/certs/dovecot.pem
ssl_cipher_list =
ALL:!LOW:!SSLv2:ALL:!aNULL:!ADH:!eNULL:!EXP:RC4+RSA:+HIGH:+MEDIUM
ssl_key = /etc/ssl/private/dovecot.pem
userdb {
driver = passwd
}
protocol imap {
imap_client_workarounds = delay-newmail
mail_max_userip_connections = 10
}
protocol pop3 {
mail_max_userip_connections = 10
pop3_client_workarounds = outlook-no-nuls oe-ns-eoh
}
protocol lda {
deliver_log_format = msgid=%m: %$
mail_plugins = sieve
postmaster_address = postmaster
quota_full_tempfail = yes
rejection_reason = Your message to %t was automatically rejected:%n%r
when I see telnet localhost 25
eberx@beastie:/etc/dovecot/conf.d$ telnet localhost 25
Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'.
220 beastie ESMTP Postfix (Ubuntu)
ehlo beastie
250-beastie
250-PIPELINING
250-SIZE 1024
250-VRFY
250-ETRN
250-STARTTLS
250-ENHANCEDSTATUSCODES
250-8BITMIME
250 DSN
quit
221 2.0.0 Bye
Connection closed by foreign host.
there is no 250-AUTH
How do I fix this ?
Re: [Dovecot] dovecot sasl + postfix issue
You should get AUTH after you STARTTLS.
Bill
On 9/3/2012 5:10 AM, tseveendorj wrote:
Hello,
I'm trying to configure postfix + Dovecot SASL for user authenticated
mail relay.
I set following configuration on postfix
queue_directory = /var/spool/postfix
smtpd_sasl_auth_enable = yes
smtpd_sasl_type = dovecot
smtpd_sasl_path = private/auth
smtpd_sasl_authenticated_header = yes
smtpd_sasl_security_options = noanonymous
smtpd_sasl_local_domain = $myhostname
broken_sasl_auth_clients = yes
smtpd_recipient_restrictions = reject_unknown_sender_domain,
reject_unknown_recipient_domain, reject_unauth_pipelining,
permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination
Following are dovecot -n
# 2.0.19: /etc/dovecot/dovecot.conf
# OS: Linux 3.2.0-29-generic x86_64 Ubuntu 12.04.1 LTS
auth_mechanisms = plain login digest-md5
base_dir = /var/run/dovecot/
mail_location = maildir:~/Maildir
managesieve_notify_capability = mailto
managesieve_sieve_capability = fileinto reject envelope
encoded-character vacation subaddress comparator-i;ascii-numeric
relational regex imap4flags copy include variables body enotify
environment mailbox date ihave
passdb {
driver = pam
}
plugin {
sieve = ~/.dovecot.sieve
sieve_dir = ~/sieve
}
protocols = imap pop3 sieve
service auth {
unix_listener /var/spool/postfix/private/auth {
group = postfix
mode = 0660
user = postfix
}
unix_listener /var/spool/postfix/private/dovecot-auth {
group = postfix
mode = 0660
user = postfix
}
}
ssl_cert = /etc/ssl/certs/dovecot.pem
ssl_cipher_list =
ALL:!LOW:!SSLv2:ALL:!aNULL:!ADH:!eNULL:!EXP:RC4+RSA:+HIGH:+MEDIUM
ssl_key = /etc/ssl/private/dovecot.pem
userdb {
driver = passwd
}
protocol imap {
imap_client_workarounds = delay-newmail
mail_max_userip_connections = 10
}
protocol pop3 {
mail_max_userip_connections = 10
pop3_client_workarounds = outlook-no-nuls oe-ns-eoh
}
protocol lda {
deliver_log_format = msgid=%m: %$
mail_plugins = sieve
postmaster_address = postmaster
quota_full_tempfail = yes
rejection_reason = Your message to %t was automatically rejected:%n%r
when I see telnet localhost 25
eberx@beastie:/etc/dovecot/conf.d$ telnet localhost 25
Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'.
220 beastie ESMTP Postfix (Ubuntu)
ehlo beastie
250-beastie
250-PIPELINING
250-SIZE 1024
250-VRFY
250-ETRN
250-STARTTLS
250-ENHANCEDSTATUSCODES
250-8BITMIME
250 DSN
quit
221 2.0.0 Bye
Connection closed by foreign host.
there is no 250-AUTH
How do I fix this ?
Re: [Dovecot] dovecot SASL + Postfix no IMAP or POP3
On Tue, 2009-04-07 at 08:10 -0700, Roderick A. Anderson wrote: The only issue I see is how to disable IMAP and POP3 and use only the SASL authentication feature. I read that Timo is thinking to _someday_ :-) separate the SASL authentication from the rest of Dovecot, but in the mean time can I just leave out the IMAP and POP3 stuff from dovecot.conf, or is there a disable option? protocols = none signature.asc Description: This is a digitally signed message part
[Dovecot] Dovecot SASL Postfix
Hello,
I try to bring Postfix + Dovecot + SASL in the running. Unfortunately, this
has not succeeded to me, only the Pop3 daemon runs without problems.
/var/log/dovecot.log
dovecot: 2009-04-03 01:04:38 Error: auth(default):
bind(/var/spool/postifx/private/auth)
failed: No such file or directory
dovecot: 2009-04-03 01:04:38 Fatal: auth(default):
net_listen_unix(/var/spool/postifx/private/auth) failed: No such file or
directory
dovecot: 2009-04-03 01:04:38 Fatal: Auth process died too early - shutting
down
/var/log/mail.log
Apr 3 01:08:38 server1 postfix/master[14627]: daemon started -- version
2.5.5, configuration /etc/postfix
Apr 3 01:09:07 server1 postfix/smtpd[14650]: warning: SASL: Connect to
private/auth failed: No such file or directory
Apr 3 01:09:07 server1 postfix/smtpd[14650]: fatal: no SASL authentication
mechanisms
Apr 3 01:09:08 server1 postfix/master[14627]: warning: process
/usr/lib/postfix/smtpd pid 14650 exit status 1
Apr 3 01:09:08 server1 postfix/master[14627]: warning:
/usr/lib/postfix/smtpd: bad command startup -- throttling
-
postconf -n
alias_maps = hash:/etc/aliases
broken_sasl_auth_clients = yes
config_directory = /etc/postfix
content_filter = smtp-amavis:[127.0.0.1]:10024
home_mailbox = maildir/
mailbox_size_limit = 0
mydestination = $myhostname, mail.silvio-siefke.de, server1.silviosiefke.de
myhostname = server1.silviosiefke.de
recipient_delimiter = +
smtp_sasl_auth_enable = no
smtpd_recipient_restrictions =
reject_non_fqdn_sender
reject_non_fqdn_recipient
reject_invalid_helo_hostname
reject_non_fqdn_helo_hostname
permit_sasl_authenticated
permit_mynetworks
reject_unauth_destination
reject_unlisted_recipient
reject_rbl_client zen.spamhaus.org
reject_rbl_client dul.dnsbl.sorbs.net
reject_rbl_client bl.spamcop.net
check_policy_service inet:127.0.0.1:10031
reject_unknown_sender_domain
smtpd_sasl_auth_enable = yes
smtpd_sasl_type = dovecot
smtpd_sasl_path = private/auth
smtpd_sasl_local_domain =
smtpd_sasl_security_options = noanonymous
transport_maps = hash:/etc/postfix/transport
unknown_local_recipient_reject_code = 550
virtual_alias_maps = mysql:/etc/postfix/mysql/mysql_virtual_alias_maps.cf
virtual_gid_maps = static:1001
virtual_mailbox_base = /usr/local/virtual
virtual_mailbox_domains =
mysql:/etc/postfix/mysql/mysql_virtual_domains_maps.cf
virtual_mailbox_limit = 5120
virtual_mailbox_maps = mysql:/etc/postfix/mysql/mysql_virtual_mailbox_maps.cf
virtual_minimum_uid = 1001
virtual_transport = virtual
virtual_uid_maps = static:1004
-
/usr/local/etc/dovecot.conf
base_dir = /var/run/dovecot/
log_path = /var/log/dovecot.log
info_log_path = /var/log/dovecot-info.log
log_timestamp = %b %d %H:%M:%S
ssl_disable = yes
auth_verbose=yes
auth_debug=yes
auth_debug_passwords=yes
mail_debug=yes
protocols = pop3 imap
disable_plaintext_auth = no
log_timestamp = %Y-%m-%d %H:%M:%S
mail_location = maildir:/usr/local/virtual/%d/%n
mail_access_groups = virtual
first_valid_uid = 1004
first_valid_gid = 1005
protocol imap {
}
protocol pop3 {
pop3_uidl_format = %08Xu%08Xv
}
auth default {
mechanisms = plain login digest-md5
passdb sql {
args = /usr/local/etc/dovecot-sql.conf
}
userdb sql {
args = /usr/local/etc/dovecot-sql.conf
}
user = root
socket listen {
client {
path = /var/spool/postifx/private/auth
mode = 0660
user = postfix
group = postfix
}
}
}
Has someone a Idea?
Greetings
Silvio
Re: [Dovecot] Dovecot SASL Postfix
On Fri, 2009-04-03 at 01:28 +0200, kosov...@web.de wrote: dovecot: 2009-04-03 01:04:38 Error: auth(default): bind(/var/spool/postifx/private/auth) failed: No such file or directory postfix, not postifx. signature.asc Description: This is a digitally signed message part
Re: [Dovecot] Dovecot SASL Postfix
Hey Timo Sirainen schrieb: On Fri, 2009-04-03 at 01:28 +0200, kosov...@web.de wrote: dovecot: 2009-04-03 01:04:38 Error: auth(default): bind(/var/spool/postifx/private/auth) failed: No such file or directory postfix, not postifx. Now I must position myself in the corner and be ashamed really. Services run without problems. Tomorrow I go sometimes to the oculist. Many thanks Silvio
