Dovecot SASL doesn't seem to be working with Postfix

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
6 messages Options
Reply | Threaded
Open this post in threaded view
|

Dovecot SASL doesn't seem to be working with Postfix

Mozmonkey
I've tried to setup Postfix to use SASL, but it still doesn't seem to be working with Dovecot.  I've set things up based on these instructions:

http://wiki.dovecot.org/HowTo/SimpleVirtualInstall
http://wiki.dovecot.org/HowTo/PostfixAndDovecotSASL
http://wiki.dovecot.org/LDA

I've compiled Postfix with Dovecot SASL and SSL/TLS support.  The problems I'm seeing in Postfix are:

 * Virtual users are not being recognized (it'll only delivers mail for local users)
 * For mail it does deliver, it uses the local user permissions ( I want it to use the vmail user)
 * I had to modify 'mail_spool_directory' to get it to use the /home/vmail/ directory
 * For mail delivered to local users, it still doesn't come up in my email client when I check for new mail.

I just keep feeling like the SASL integration is not working.  Can anybody shed some light?

---
DOVECOT config
# 1.0.13: /usr/local/etc/dovecot.conf
log_path: /var/log/dovecot.log
info_log_path: /var/log/dovecot-info.log
protocols: imap pop3 imaps pop3s
disable_plaintext_auth: no
verbose_ssl: yes
login_dir: /usr/local/var/run/dovecot/login
login_executable(default): /usr/local/libexec/dovecot/imap-login
login_executable(imap): /usr/local/libexec/dovecot/imap-login
login_executable(pop3): /usr/local/libexec/dovecot/pop3-login
mail_location: maildir:~/Maildir
dotlock_use_excl: yes
maildir_copy_with_hardlinks: yes
mail_executable(default): /usr/local/libexec/dovecot/imap
mail_executable(imap): /usr/local/libexec/dovecot/imap
mail_executable(pop3): /usr/local/libexec/dovecot/pop3
mail_plugin_dir(default): /usr/local/lib/dovecot/imap
mail_plugin_dir(imap): /usr/local/lib/dovecot/imap
mail_plugin_dir(pop3): /usr/local/lib/dovecot/pop3
pop3_uidl_format: %08Xu%08Xv
auth default:
  mechanisms: plain login
  verbose: yes
  debug: yes
  debug_passwords: yes
  passdb:
    driver: passwd-file
    args: /etc/dovecot/passwd
  userdb:
    driver: static
    args: uid=postfix gid=postfix home=/home/vmail/%u
  socket:
    type: listen
    client:
      path: /var/spool/postfix/private/auth
      mode: 432
      user: postfix
      group: postfix
    master:
      path: /usr/local/var/run/dovecot/auth-master
      mode: 384
      user: vmail

----
POSTFIX main.cf
alias_maps = $alias_database
broken_sasl_auth_clients = yes
command_directory = /usr/sbin
config_directory = /etc/postfix
daemon_directory = /usr/libexec/postfix
data_directory = /var/lib/postfix
debug_peer_level = 2
default_privs = nobody
html_directory = no
inet_interfaces = $myhostname, localhost
mail_owner = postfix
mail_spool_directory = /home/vmail/
mailq_path = /usr/bin/mailq
manpage_directory = /usr/local/man
mydestination = $myhostname, localhost.$mydomain, localhost, $mydomain
mydomain = $myhostname
myhostname = mixermixer3.com
newaliases_path = /usr/bin/newaliases
queue_directory = /var/spool/postfix/
readme_directory = no
sample_directory = /etc/postfix
sendmail_path = /usr/sbin/sendmail
setgid_group = postdrop
smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination
smtpd_sasl_auth_enable = yes
smtpd_sasl_exceptions_networks = $mynetworks
smtpd_sasl_local_domain = $myhostname
smtpd_sasl_path = private/auth
smtpd_sasl_security_options = noanonymous
smtpd_sasl_type = dovecot
smtpd_tls_CAfile = /etc/postfix/ssl/smtpd.pem
smtpd_tls_cert_file = /etc/postfix/ssl/smtpd.pem
smtpd_tls_key_file = /etc/postfix/ssl/smtpd.pem
smtpd_tls_loglevel = 1
smtpd_tls_session_cache_timeout = 3600s
unknown_local_recipient_reject_code = 550
virtual_mailbox_domains = $myhostname
virtual_transport = dovecot

----
POSTFIX master.cf (just the important lines)
smtp      inet  n       -       n       -       -       smtpd
smtps     inet  n       -       n       -       -       smtpd
  -o smtpd_tls_wrappermode=yes
  -o smtpd_sasl_auth_enable=yes
  -o smtpd_client_restrictions=permit_sasl_authenticated,reject
dovecot   unix  -       n       n       -       -       pipe
  flags=DRhu user=vmail:vmail argv=/usr/local/libexec/dovecot/deliver -f ${sender} -d ${recipient}


THANKS,
Jeremy
Reply | Threaded
Open this post in threaded view
|

Re: Dovecot SASL doesn't seem to be working with Postfix

mouss-2
Jeremy Gillick wrote:

> I've tried to setup Postfix to use SASL, but it still doesn't seem to be
> working with Dovecot.  I've set things up based on these instructions:
>
> http://wiki.dovecot.org/HowTo/SimpleVirtualInstall
> http://wiki.dovecot.org/HowTo/PostfixAndDovecotSASL
> http://wiki.dovecot.org/LDA
>
> I've compiled Postfix with Dovecot SASL and SSL/TLS support.  The problems
> I'm seeing in Postfix are:
>
>  * Virtual users are not being recognized (it'll only delivers mail for
> local users)
>  * For mail it does deliver, it uses the local user permissions ( I want it
> to use the vmail user)
>  * I had to modify 'mail_spool_directory' to get it to use the /home/vmail/
> directory
>  * For mail delivered to local users, it still doesn't come up in my email
> client when I check for new mail.
>
> I just keep feeling like the SASL integration is not working.  Can anybody
> shed some light?
>
> ---
> DOVECOT config
> # 1.0.13: /usr/local/etc/dovecot.conf
> log_path: /var/log/dovecot.log
> info_log_path: /var/log/dovecot-info.log
> protocols: imap pop3 imaps pop3s
> disable_plaintext_auth: no
> verbose_ssl: yes
> login_dir: /usr/local/var/run/dovecot/login
> login_executable(default): /usr/local/libexec/dovecot/imap-login
> login_executable(imap): /usr/local/libexec/dovecot/imap-login
> login_executable(pop3): /usr/local/libexec/dovecot/pop3-login
> mail_location: maildir:~/Maildir
> dotlock_use_excl: yes
> maildir_copy_with_hardlinks: yes
> mail_executable(default): /usr/local/libexec/dovecot/imap
> mail_executable(imap): /usr/local/libexec/dovecot/imap
> mail_executable(pop3): /usr/local/libexec/dovecot/pop3
> mail_plugin_dir(default): /usr/local/lib/dovecot/imap
> mail_plugin_dir(imap): /usr/local/lib/dovecot/imap
> mail_plugin_dir(pop3): /usr/local/lib/dovecot/pop3
> pop3_uidl_format: %08Xu%08Xv
> auth default:
>   mechanisms: plain login
>   verbose: yes
>   debug: yes
>   debug_passwords: yes
>   passdb:
>     driver: passwd-file
>     args: /etc/dovecot/passwd
>   userdb:
>     driver: static
>     args: uid=postfix gid=postfix home=/home/vmail/%u
>   socket:
>     type: listen
>     client:
>       path: /var/spool/postfix/private/auth
>       mode: 432
>       user: postfix
>       group: postfix
>     master:
>       path: /usr/local/var/run/dovecot/auth-master
>       mode: 384
>       user: vmail
>
> ----
> POSTFIX main.cf
> alias_maps = $alias_database
> broken_sasl_auth_clients = yes
> command_directory = /usr/sbin
> config_directory = /etc/postfix
> daemon_directory = /usr/libexec/postfix
> data_directory = /var/lib/postfix
> debug_peer_level = 2
> default_privs = nobody
> html_directory = no
> inet_interfaces = $myhostname, localhost
> mail_owner = postfix
> mail_spool_directory = /home/vmail/
> mailq_path = /usr/bin/mailq
> manpage_directory = /usr/local/man
> mydestination = $myhostname, localhost.$mydomain, localhost, $mydomain
> mydomain = $myhostname
> myhostname = mixermixer3.com
> newaliases_path = /usr/bin/newaliases
> queue_directory = /var/spool/postfix/
> readme_directory = no
> sample_directory = /etc/postfix
> sendmail_path = /usr/sbin/sendmail
> setgid_group = postdrop
> smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated,
> reject_unauth_destination
> smtpd_sasl_auth_enable = yes
> smtpd_sasl_exceptions_networks = $mynetworks
> smtpd_sasl_local_domain = $myhostname
> smtpd_sasl_path = private/auth
> smtpd_sasl_security_options = noanonymous
> smtpd_sasl_type = dovecot
> smtpd_tls_CAfile = /etc/postfix/ssl/smtpd.pem
> smtpd_tls_cert_file = /etc/postfix/ssl/smtpd.pem
> smtpd_tls_key_file = /etc/postfix/ssl/smtpd.pem
> smtpd_tls_loglevel = 1
> smtpd_tls_session_cache_timeout = 3600s
> unknown_local_recipient_reject_code = 550
> virtual_mailbox_domains = $myhostname
>  

$myhostname is listed in mydestination, so it is a _local_ domain. if
you want virtual domains, you'll need to remove it from mydestination
and read the  ADDRESS CLASS README.

> virtual_transport = dovecot
>
> ----
> POSTFIX master.cf (just the important lines)
> smtp      inet  n       -       n       -       -       smtpd
> smtps     inet  n       -       n       -       -       smtpd
>   -o smtpd_tls_wrappermode=yes
>   -o smtpd_sasl_auth_enable=yes
>   -o smtpd_client_restrictions=permit_sasl_authenticated,reject
> dovecot   unix  -       n       n       -       -       pipe
>   flags=DRhu user=vmail:vmail argv=/usr/local/libexec/dovecot/deliver -f
> ${sender} -d ${recipient}
>
>
> THANKS,
> Jeremy
>
>  

Reply | Threaded
Open this post in threaded view
|

Re: Dovecot SASL doesn't seem to be working with Postfix

mouss-2
Jeremy Gillick wrote:

>> $myhostname is listed in mydestination, so it is a _local_ domain. if you
>> want virtual domains, you'll need to remove it from mydestination and read
>> the  ADDRESS CLASS README.
>>
>>
>>    
> I don't want virtual domains, I want virtual users.  Are they the same
> thing?  I'm sorry if these questions sound naive, I'm new setting up email
> systems.
>  

you want virtual_mailbox_domains. these are domains delivered to
"virtual" users. you need to set virtual_mailbox_domains and
virtual_mailbox_maps (I understand that you already have
virtual_transport=dovecot, so you don't need to define
virtual(base|uid|gid)_maps). but one domain must be in one "class". if
the domain is in mydestination, then it will be delivered via "local"
(mostly to unix accounts).

if you don't want local delivery at all (no unix accounts), then follow
the "firewall" section of the docs as you already found (set
mydestination and local_transport).
> I just want to be able to create email users that doesn't have a physical
> user on the system.
>  

yes. this is what virtual_mailbox_domains and friends are for.


Reply | Threaded
Open this post in threaded view
|

Re: Dovecot SASL doesn't seem to be working with Postfix

Mozmonkey
In reply to this post by Mozmonkey
If I setup the virtual users in Dovecot and enable SASL in Postfix, does that mean that Postfix should use Dovecot for authentication and for the virtual user table?  Is there anything I need to do outside the following to instruction URLs to make this work?

http://wiki.dovecot.org/HowTo/SimpleVirtualInstall
http://wiki.dovecot.org/HowTo/PostfixAndDovecotSASL

I'm reading the ADDRESS_CLASS_README, but it seems like I'll have to mirror the settings from Dovecot to Postfix.  That doesn't seem right:
http://www.postfix.org/ADDRESS_CLASS_README.html

Thanks,
Jeremy
Reply | Threaded
Open this post in threaded view
|

Re: Dovecot SASL doesn't seem to be working with Postfix

Magnus Bäck
In reply to this post by Mozmonkey
On Sunday, May 04, 2008 at 23:00 CEST,
     Jeremy Gillick <[hidden email]> wrote:

> I've tried to setup Postfix to use SASL, but it still doesn't seem to be
> working with Dovecot.  I've set things up based on these instructions:
>
> http://wiki.dovecot.org/HowTo/SimpleVirtualInstall
> http://wiki.dovecot.org/HowTo/PostfixAndDovecotSASL
> http://wiki.dovecot.org/LDA
>
> I've compiled Postfix with Dovecot SASL and SSL/TLS support.  The problems
> I'm seeing in Postfix are:
>
>  * Virtual users are not being recognized (it'll only delivers mail
> for local users)
>  * For mail it does deliver, it uses the local user permissions ( I
> want it to use the vmail user)
>  * I had to modify 'mail_spool_directory' to get it to use the
> /home/vmail/ directory

These are all signs that indicate that you're listing your virtual
domain in mydestination. Then it will not be virtual.

Show logs of both failing and successful delivery attempts.

>  * For mail delivered to local users, it still doesn't come up in my
> email client when I check for new mail.

Could e.g. be because you've changed mail_spool_directory.

> I just keep feeling like the SASL integration is not working.  Can
> anybody shed some light?

SASL is involved when SMTP authentication takes place. That's not the
case here.


[...]

--
Magnus Bäck
[hidden email]
Reply | Threaded
Open this post in threaded view
|

Re: Dovecot SASL doesn't seem to be working with Postfix

Mozmonkey
w00t.  Thanks everyone for all your input. It works now.  The key was to set mydestination to "localhost, localhost.localdomain".  From there Postfix started using Dovecot LDA (deliver) and I was able to track the rest of the problems down through the log files.

Here's my latest config for anybody interested:

## DOVECOT ##
# 1.0.13: /usr/local/etc/dovecot.conf
log_path: /var/log/dovecot.log
info_log_path: /var/log/dovecot-info.log
protocols: imap pop3 imaps pop3s
disable_plaintext_auth: no
verbose_ssl: yes
login_dir: /usr/local/var/run/dovecot/login
login_executable(default): /usr/local/libexec/dovecot/imap-login
login_executable(imap): /usr/local/libexec/dovecot/imap-login
login_executable(pop3): /usr/local/libexec/dovecot/pop3-login
mail_location: maildir:~/Maildir
dotlock_use_excl: yes
maildir_copy_with_hardlinks: yes
mail_executable(default): /usr/local/libexec/dovecot/imap
mail_executable(imap): /usr/local/libexec/dovecot/imap
mail_executable(pop3): /usr/local/libexec/dovecot/pop3
mail_plugin_dir(default): /usr/local/lib/dovecot/imap
mail_plugin_dir(imap): /usr/local/lib/dovecot/imap
mail_plugin_dir(pop3): /usr/local/lib/dovecot/pop3
pop3_uidl_format: %08Xu%08Xv
auth default:
  mechanisms: plain login
  verbose: yes
  debug: yes
  debug_passwords: yes
  passdb:
    driver: passwd-file
    args: /etc/dovecot/passwd
  userdb:
    driver: static
    args: uid=postfix gid=postfix home=/home/vmail/%u
  socket:
    type: listen
    client:
      path: /var/spool/postfix/private/auth
      mode: 432
      user: postfix
      group: postfix
    master:
      path: /usr/local/var/run/dovecot/auth-master
      mode: 384
      user: vmail
      group: vmail

## POSTFIX main.cf ##
broken_sasl_auth_clients = yes
command_directory = /usr/sbin
config_directory = /etc/postfix
daemon_directory = /usr/libexec/postfix
data_directory = /var/lib/postfix
debug_peer_level = 2
default_privs = nobody
html_directory = no
inet_interfaces = $myhostname, localhost
mail_owner = postfix
mail_spool_directory = /home/vmail/
mailq_path = /usr/bin/mailq
manpage_directory = /usr/local/man
mydestination = localhost, localhost.localdomain
mydomain = $myhostname
myhostname = mixermixer3.com
newaliases_path = /usr/bin/newaliases
queue_directory = /var/spool/postfix/
readme_directory = no
sample_directory = /etc/postfix
sendmail_path = /usr/sbin/sendmail
setgid_group = postdrop
smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination
smtpd_sasl_auth_enable = yes
smtpd_sasl_exceptions_networks = $mynetworks
smtpd_sasl_local_domain = $myhostname
smtpd_sasl_path = private/auth
smtpd_sasl_security_options = noanonymous
smtpd_sasl_type = dovecot
smtpd_tls_CAfile = /etc/postfix/ssl/smtpd.pem
smtpd_tls_cert_file = /etc/postfix/ssl/smtpd.pem
smtpd_tls_key_file = /etc/postfix/ssl/smtpd.pem
smtpd_tls_loglevel = 1
smtpd_tls_session_cache_timeout = 3600s
unknown_local_recipient_reject_code = 550
virtual_mailbox_domains = $myhostname
virtual_transport = dovecot

## POSTFIX (a few lines from master.cf) ##
smtp      inet  n       -       n       -       -       smtpd
smtps     inet  n       -       n       -       -       smtpd
  -o smtpd_tls_wrappermode=yes
  -o smtpd_sasl_auth_enable=yes
  -o smtpd_client_restrictions=permit_sasl_authenticated,reject
# Dovecot LDA
dovecot   unix  -       n       n       -       -       pipe
  flags=DRhu user=nobody:mail argv=/usr/local/libexec/dovecot/deliver -f ${sender} -d ${recipient}


Thanks Everyone!
- Jeremy