Postfix and Dovecot SASL broken - Permission denied

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Postfix and Dovecot SASL broken - Permission denied

etherbell
This post has NOT been accepted by the mailing list yet.
Hello,

Edit:  Just before posting this I searched the mailing list one last time and discovered the postfix set-permissions command used in another situation.  It solved my problem.  I'm posting anyway in case others have the same problem as I (Google did not help me) and because I am very curious as to why I had to use this command.  Anyone?

I'm setting up a new mail server with Postfix 2.10.1 and Dovecot 2.2.10 on CentOS 7.2.1511 and am not sure where the problem lies.  I had SASL and TSL working and changed disable_plaintext_auth to yes in Dovecot auth.conf, ran doveadm stop, then dovecot and Postfix would no longer receive mail.  The smtpd throws out the error message "warning: SASL: Connect to private/auth failed: Permission denied"  and dies.  Changing disable_plaintext_auth  back to no does not fix it.  I have quadruple checked all permissions (I actually gave the user postfix a login shell, su'd to it and navigated to the private/ directory), and making /var/spool/postfix/private/auth world readable and writeable in the Dovecot master.conf  also does not fix it.

This is the second time I've had this problem.  The first time the only way I could eventually get SASL working again was to remove Postscript and reinstall it.

The outputs from postconf -nf and doveadm -n are shown below (after shutting down the TSL capability in Postfix).

John

[root@linuxbox2 postfix]# postconf -nf
alias_database = hash:/etc/aliases
alias_maps = hash:/etc/aliases
broken_sasl_auth_clients = yes
command_directory = /usr/sbin
config_directory = /etc/postfix
daemon_directory = /usr/libexec/postfix
data_directory = /var/lib/postfix
debug_peer_level = 2
debugger_command = PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin ddd
    $daemon_directory/$process_name $process_id & sleep 5
disable_vrfy_command = yes
html_directory = no
inet_protocols = all
mail_owner = postfix
mail_spool_directory = /var/spool/mail
mailbox_size_limit = 99999999
mailq_path = /usr/bin/mailq.postfix
manpage_directory = /usr/share/man
message_size_limit = 60000000
mydestination = $myhostname, localhost.$mydomain, localhost, removed.com,
    removed.net
newaliases_path = /usr/bin/newaliases.postfix
notify_classes = resource, software
queue_directory = /var/spool/postfix
readme_directory = /usr/share/doc/postfix-2.10.1/README_FILES
sample_directory = /usr/share/doc/postfix-2.10.1/samples
sendmail_path = /usr/sbin/sendmail.postfix
setgid_group = postdrop
smtpd_client_restrictions = permit_mynetworks, permit_sasl_authenticated,
    check_sender_access hash:/etc/postfix/sender_access, check_client_access
    hash:/etc/postfix/access, reject_unknown_client, permit
smtpd_data_restrictions = reject_unauth_pipelining, permit
smtpd_delay_reject = yes
smtpd_helo_required = yes
smtpd_helo_restrictions = permit_mynetworks, permit_sasl_authenticated,
    check_sender_access hash:/etc/postfix/sender_access, check_client_access
    hash:/etc/postfix/access, reject_non_fqdn_hostname, reject_invalid_hostname,
    permit
smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated,
    reject_unauth_destination, reject_rbl_client zen.spamhaus.org, permit
smtpd_sasl_auth_enable = yes
smtpd_sasl_path = private/auth
smtpd_sasl_type = dovecot
smtpd_sender_restrictions = permit_mynetworks, permit_sasl_authenticated,
    check_sender_access hash:/etc/postfix/sender_access, check_client_access
    hash:/etc/postfix/access, reject_non_fqdn_sender,
    reject_unknown_sender_domain, permit
smtpd_tls_loglevel = 1
unknown_local_recipient_reject_code = 550
virtual_alias_domains = removed.org
virtual_alias_maps = hash:/etc/postfix/virtual

[root@linuxbox2 postfix]# doveconf -n
# 2.2.10: /etc/dovecot/dovecot.conf
# OS: Linux 3.10.0-327.el7.x86_64 x86_64 CentOS Linux release 7.2.1511 (Core)
auth_mechanisms = plain login
disable_plaintext_auth = no
first_valid_uid = 1000
mail_location = mbox:~/Mail:INBOX=/var/spool/mail/%u
mail_privileged_group = mail
mbox_write_locks = fcntl
namespace inbox {
  inbox = yes
  location =
  mailbox Drafts {
    special_use = \Drafts
  }
  mailbox Junk {
    special_use = \Junk
  }
  mailbox Sent {
    special_use = \Sent
  }
  mailbox "Sent Messages" {
    special_use = \Sent
  }
  mailbox Trash {
    special_use = \Trash
  }
  prefix =
  separator = /
}
passdb {
  driver = pam
}
service auth {
  unix_listener /var/spool/postfix/private/auth {
    group = postfix
    mode = 0660
    user = postfix
  }
}
ssl_cert = </etc/pki/dovecot/certs/dovecot.pem
ssl_key = </etc/pki/dovecot/private/dovecot.pem
userdb {
  driver = passwd
}
Loading...