Re: [Dovecot] Postfix, Dovecot SASL and Entourage smtps authentication fails.
On Apr 17, 2009, at 3:06 AM, Mart Pirita wrote: So it's my mistake, but I was taught, that Dovecot always give error on startup, if any double config lines exist. Unfortunately not. I'll see if I can add that check to v1.3/v2.0.
Re: [Dovecot] Postfix, Dovecot SASL and Entourage smtps authentication fails.
Tere. If you had changed the mechanisms=plain default, it would have shown up here (and you can see that also with dovecot -a). So something's wrong in that setting. Hmm, You are right, postfix install inserted into config lines: # Postfix - suggested configuration taken from SASL_README (2.3.2). mechanisms = plain login socket listen { client { path = /var/spool/postfix/private/auth mode = 0660 user = postfix group = postfix } } But right after this comes next, old part: # Space separated list of wanted authentication mechanisms: # plain login digest-md5 cram-md5 ntlm rpa apop anonymous gssapi otp skey # gss-spnego # NOTE: See also disable_plaintext_auth setting. mechanisms = plain And Dovecot accepts the last one:(. So it's my mistake, but I was taught, that Dovecot always give error on startup, if any double config lines exist. Now dovecot -n looks better: auth default: mechanisms: plain login cache_size: 1024 failure_delay: 3 passdb: driver: pam args: cache_key=%u%r%s dovecot userdb: driver: passwd socket: type: listen client: path: /var/spool/postfix/private/auth mode: 432 user: postfix group: postfix And also shows up: 50-PIPELINING 250-SIZE 250-ETRN 250-STARTTLS 250-AUTH PLAIN LOGIN 250-AUTH=PLAIN LOGIN 250-ENHANCEDSTATUSCODES 250-8BITMIME 250 DSN And Entourage works fine. Also with smtpd_tls_auth_only = yes settings. Super. Thank You Timo! -- Mart
Re: [Dovecot] Postfix, Dovecot SASL and Entourage smtps authentication fails.
Tere. On Thu, 2009-04-16 at 21:39 +0300, Mart Pirita wrote: 250-AUTH PLAIN 250-AUTH=PLAIN You're missing LOGIN here, which is required by some MS clients (although I thought Outlook belonged to that category too). Yes, I noticed that too, as same test with cyrus-sasl shows: 250-PIPELINING 250-SIZE 250-ETRN 250-STARTTLS 250-AUTH PLAIN LOGIN 250-AUTH=PLAIN LOGIN 250-ENHANCEDSTATUSCODES 250-8BITMIME 250 DSN But I have enabled login in dovecot.conf: # Postfix - suggested configuration taken from SASL_README (2.3.2). mechanisms = plain login socket listen { client { path = /var/spool/postfix/private/auth mode = 0660 user = postfix group = postfix } } So something is still broken, but what? How can I make Doveco SASL advertise auth login too? -- Mart
Re: [Dovecot] Postfix, Dovecot SASL and Entourage smtps authentication fails.
On Apr 17, 2009, at 2:40 AM, Mart Pirita wrote: Tere. Then it should show up.. Post dovecot -n output instead, that'll show what exactly Dovecot is reading from config file. Please: dovecot -n .. auth default: cache_size: 1024 failure_delay: 3 If you had changed the mechanisms=plain default, it would have shown up here (and you can see that also with dovecot -a). So something's wrong in that setting.
Re: [Dovecot] Postfix, Dovecot SASL and Entourage smtps authentication fails.
Tere. Then it should show up.. Post dovecot -n output instead, that'll show what exactly Dovecot is reading from config file. Please: dovecot -n # 1.1.13: /etc/dovecot.conf # OS: Linux 2.6.24.2 i686 Red Hat Linux release 8.0 (Psyche) protocols: imaps pop3 pop3s ssl_parameters_regenerate: 0 disable_plaintext_auth: no login_dir: /var/run/dovecot/login login_executable(default): /usr/libexec/dovecot/imap-login login_executable(imap): /usr/libexec/dovecot/imap-login login_executable(pop3): /usr/libexec/dovecot/pop3-login login_log_format_elements: %u [%r] %m %c mail_max_userip_connections(default): 90 mail_max_userip_connections(imap): 90 mail_max_userip_connections(pop3): 9 maildir_copy_preserve_filename: yes mail_executable(default): /usr/libexec/dovecot/imap mail_executable(imap): /usr/libexec/dovecot/imap mail_executable(pop3): /usr/libexec/dovecot/pop3 mail_plugin_dir(default): /usr/lib/dovecot/imap mail_plugin_dir(imap): /usr/lib/dovecot/imap mail_plugin_dir(pop3): /usr/lib/dovecot/pop3 imap_client_workarounds(default): outlook-idle netscape-eoh tb-extra-mailbox-sep delay-newmail imap_client_workarounds(imap): outlook-idle netscape-eoh tb-extra-mailbox-sep delay-newmail imap_client_workarounds(pop3): pop3_client_workarounds(default): pop3_client_workarounds(imap): pop3_client_workarounds(pop3): outlook-no-nuls oe-ns-eoh pop3_logout_format(default): top=%t/%p, retr=%r/%b, del=%d/%m, size=%s pop3_logout_format(imap): top=%t/%p, retr=%r/%b, del=%d/%m, size=%s pop3_logout_format(pop3): bytes=%i/%o, del=%d/%m, size=%s auth default: cache_size: 1024 failure_delay: 3 passdb: driver: pam args: cache_key=%u%r%s dovecot userdb: driver: passwd socket: type: listen client: path: /var/spool/postfix/private/auth mode: 432 user: postfix group: postfix -- Mart
Re: [Dovecot] Postfix, Dovecot SASL and Entourage smtps authentication fails.
On Apr 17, 2009, at 2:26 AM, Mart Pirita wrote: But I have enabled login in dovecot.conf: Then it should show up.. Post dovecot -n output instead, that'll show what exactly Dovecot is reading from config file.
Re: [Dovecot] Postfix, Dovecot SASL and Entourage smtps authentication fails.
Tere. I think it is mostly a Entourage problem. I just decided to switch to Apple Mail since it works much better with IMAP than Entourage. I'm pretty sure, this is Entourage problem, as Apple Mail (IPhone -s too) works well, but as a lot clients using Entourage as calendar, etc, they just won't change the mail client. If proven, that Dovecot is act by standards, and Entourage does not, I must use Cyrus-sasl also in future but first I must be sure, that I haven't made any mistakes on my side. -- Mart
Re: [Dovecot] Postfix, Dovecot SASL and Entourage smtps authentication fails.
On Thu, 2009-04-16 at 21:39 +0300, Mart Pirita wrote: > 250-AUTH PLAIN > 250-AUTH=PLAIN You're missing LOGIN here, which is required by some MS clients (although I thought Outlook belonged to that category too). signature.asc Description: This is a digitally signed message part
Re: [Dovecot] Postfix, Dovecot SASL and Entourage smtps authentication fails.
I think it is mostly a Entourage problem. I just decided to switch to Apple Mail since it works much better with IMAP than Entourage. On Apr 16, 2009, at 1:41 PM, Mart Pirita wrote: Tere. BTW. Is it possible that all other clients are using STARTTLS (or no encryption) and only Entourage is trying to use smtps port? No, all clients are using same settings. And all clients work with cyrus-sasl, but with Dovecot, Entourage won't work. -- Mart
Re: [Dovecot] Postfix, Dovecot SASL and Entourage smtps authentication fails.
Tere. BTW. Is it possible that all other clients are using STARTTLS (or no encryption) and only Entourage is trying to use smtps port? No, all clients are using same settings. And all clients work with cyrus-sasl, but with Dovecot, Entourage won't work. -- Mart
Re: [Dovecot] Postfix, Dovecot SASL and Entourage smtps authentication fails.
Tere. But you said that other clients would still work? I don't see how that's possible if Postfix doesn't reply to EHLO. Well, I compiled postfix again and somehow now I can see more data using dovecot sasl, no idea, why I didn't see this before: Escape character is '^]'. 220 my.domain.ee ESMTP ehlo k.com 250-my.domain.ee 250-PIPELINING 250-SIZE 250-ETRN 250-STARTTLS 250-ENHANCEDSTATUSCODES 250-8BITMIME 250 DSN starttls 220 2.0.0 Ready to start TLS Using in main.cf smtpd_tls_auth_only = no Escape character is '^]'. 220 my.domain.ee ESMTP ehlo e.com 250-my.domain.ee 250-PIPELINING 250-SIZE 250-ETRN 250-STARTTLS 250-AUTH PLAIN 250-AUTH=PLAIN 250-ENHANCEDSTATUSCODES 250-8BITMIME 250 DSN Anyway, I guess you could see if auth_debug=yes logs something. Enabled, trying to send message with Entourage, SSL enabled, port 465, outgoing server requires authentication with same credentials as incoming servers: Apr 16 21:33:42 server postfix/smtpd[3909]: connect from 88-196-40-172-dsl.noe.estpak.ee[88.196.40.172] Apr 16 21:33:43 server postfix/smtpd[3909]: lost connection after EHLO from 88-196-40-172-dsl.noe.estpak.ee[88.196.40.172] Apr 16 21:33:43 server postfix/smtpd[3909]: disconnect from 88-196-40-172-dsl.noe.estpak.ee[88.196.40.172] "Authentication failed because Entourage doesn't support any of the available authentication methods." Disabling Same settings, sending with with Thunderbird: Apr 16 21:34:10 server postfix/smtpd[3909]: connect from 88-196-40-172-dsl.noe.estpak.ee[88.196.40.172] Apr 16 21:34:10 server postfix/smtpd[3909]: 5548348C172: client=88-196-40-172-dsl.noe.estpak.ee[88.196.40.172], sasl_method=PLAIN, sasl_username=user Apr 16 21:34:10 server postfix/cleanup[3961]: 5548348C172: warning: header Subject: sasa from 88-196-40-172-dsl.noe.estpak.ee[88.196.40.172]; from= to= proto=ESMTP helo=<[192.168.30.3]> Apr 16 21:34:10 server postfix/smtpd[3909]: disconnect from 88-196-40-172-dsl.noe.estpak.ee[88.196.40.172] Message sent. -- Mart
Re: [Dovecot] Postfix, Dovecot SASL and Entourage smtps authentication fails.
On Apr 15, 2009, at 5:33 AM, Mart Pirita wrote: Everything worked well for Outlook Express, Outlook and Thunderbird clients, but Microsoft Entourage 2004 or 2008 clients smtps fails - "Authentication failed because Entourage doesn't support any of the available authentication methods." BTW. Is it possible that all other clients are using STARTTLS (or no encryption) and only Entourage is trying to use smtps port?
Re: [Dovecot] Postfix, Dovecot SASL and Entourage smtps authentication fails.
On Apr 16, 2009, at 9:18 AM, Mart Pirita wrote: Tere. Are you saying that EHLO doesn't return anything when using Dovecot SASL? Yes. But you said that other clients would still work? I don't see how that's possible if Postfix doesn't reply to EHLO. Anyway, I guess you could see if auth_debug=yes logs something.
Re: [Dovecot] Postfix, Dovecot SASL and Entourage smtps authentication fails.
Tere. > > Are you saying that EHLO doesn't return anything when using Dovecot > SASL? Yes. > Something's very broken then. > > Hmm, but what? Dovecot is compiled with options: ./configure \ --prefix=/usr \ --with-ssl=/usr/local/ssl \ --with-ssldir=/etc/ssl \ --with-rawlog \ --sysconfdir=/etc \ --without-vpopmail \ --disable-ipv6 \ --with-pam \ --without-passwd-file \ --without-checkpassword \ --without-bsdauth \ --without-static-userdb \ --without-passdb-userdb \ --without-pgsql \ --without-mysql \ --without-sqlite \ --with-rundir=/var/run/dovecot \ --without-deliver \ --without-gssapi And runs with settings: dovecot -n # 1.1.13: /etc/dovecot.conf # OS: Linux 2.6.24.2 i686 Red Hat Linux release 8.0 (Psyche) protocols: imaps pop3 pop3s ssl_parameters_regenerate: 0 disable_plaintext_auth: no login_dir: /var/run/dovecot/login login_executable(default): /usr/libexec/dovecot/imap-login login_executable(imap): /usr/libexec/dovecot/imap-login login_executable(pop3): /usr/libexec/dovecot/pop3-login login_log_format_elements: %u [%r] %m %c mail_max_userip_connections(default): 90 mail_max_userip_connections(imap): 90 mail_max_userip_connections(pop3): 9 maildir_copy_preserve_filename: yes mail_executable(default): /usr/libexec/dovecot/imap mail_executable(imap): /usr/libexec/dovecot/imap mail_executable(pop3): /usr/libexec/dovecot/pop3 mail_plugin_dir(default): /usr/lib/dovecot/imap mail_plugin_dir(imap): /usr/lib/dovecot/imap mail_plugin_dir(pop3): /usr/lib/dovecot/pop3 imap_client_workarounds(default): outlook-idle netscape-eoh tb-extra-mailbox-sep delay-newmail imap_client_workarounds(imap): outlook-idle netscape-eoh tb-extra-mailbox-sep delay-newmail imap_client_workarounds(pop3): pop3_client_workarounds(default): pop3_client_workarounds(imap): pop3_client_workarounds(pop3): outlook-no-nuls oe-ns-eoh pop3_logout_format(default): top=%t/%p, retr=%r/%b, del=%d/%m, size=%s pop3_logout_format(imap): top=%t/%p, retr=%r/%b, del=%d/%m, size=%s pop3_logout_format(pop3): bytes=%i/%o, del=%d/%m, size=%s auth default: cache_size: 1024 failure_delay: 3 passdb: driver: pam args: cache_key=%u%r%s * userdb: driver: passwd socket: type: listen client: path: /var/spool/postfix/private/auth mode: 432 user: postfix group: postfix Postfix is compiled with options: CCARGS='-DUSE_SASL_AUTH -DDEF_SERVER_SASL_TYPE=\"dovecot\" -DUSE_TLS -DUSE_SSL -I/usr/local/ssl/include -DHAS_DB -I/usr/local/db4/include -I/usr/include' \ AUXLIBS="-L/usr/local/ssl/lib -lssl -lcrypto -L/usr/local/db4/lib -ldb -L/usr/lib -ldl" \ And sasl and tls settings are: smtpd_sasl_auth_enable = yes smtpd_sasl_type = dovecot smtpd_sasl_path = private/auth broken_sasl_auth_clients = yes smtpd_use_tls = yes smtp_use_tls = yes smtpd_tls_security_level = may smtpd_tls_auth_only = yes -- Mart
Re: [Dovecot] Postfix, Dovecot SASL and Entourage smtps authentication fails.
On Wed, 2009-04-15 at 12:33 +0300, Mart Pirita wrote: > With dovecot: > telnet localhost 25 > Trying 127.0.0.1... > Connected to localdomain.localhost. > Escape character is '^]'. > 220 my.host.ee ESMTP > EHLO example.com > starttls > 220 2.0.0 Ready to start TLS Are you saying that EHLO doesn't return anything when using Dovecot SASL? Something's very broken then. signature.asc Description: This is a digitally signed message part