Postfix missing AUTH?

classic Classic list List threaded Threaded
9 messages Options
Reply | Threaded
Open this post in threaded view
|

Postfix missing AUTH?

Mike Jones!
I am trying to set up auth for postfix so I can send mail to addresses
on the internet through my server.  Here is the output from EHLO:


$ nc example.com 25
220 example.com ESMTP Postfix
ehlo example.com
250-example.com
250-PIPELINING
250-SIZE 10240000
250-VRFY
250-ETRN
250-STARTTLS
250-ENHANCEDSTATUSCODES
250-8BITMIME
250 DSN


So postfix is running fine and listening, but just missing the AUTH
parts. Here are my postfix and dovecot infos, respectively.

Postfix config:

$ sudo postconf -n
broken_sasl_auth_clients = yes
config_directory = /etc/postfix
home_mailbox = .system/
inet_interfaces = all
inet_protocols = ipv4
local_recipient_maps =
mailbox_command =
mailbox_size_limit = 0
mydestination = mail.example.com, localhost.localdomain, localhost
myhostname = example.com
mynetworks = 127.0.0.0/8 1.2.3.4
myorigin = /etc/mailname
recipient_delimiter = +
relayhost = mail.example.com
smtp_tls_note_starttls_offer = yes
smtpd_delay_reject = yes
smtpd_recipient_restrictions = permit_mynetworks,
permit_sasl_authenticated, reject_unauth_destination
smtpd_sasl_auth_enable = yes
smtpd_sasl_path = private/auth
smtpd_sasl_security_options = noanonymous
smtpd_sasl_type = dovecot
smtpd_tls_auth_only = yes
smtpd_tls_cert_file = /etc/apache2/ssl/cert-example.com.crt
smtpd_tls_key_file = /etc/apache2/ssl/example.key
smtpd_tls_loglevel = 1
smtpd_tls_received_header = yes
smtpd_tls_session_cache_timeout = 3600s
smtpd_use_tls = yes
tls_random_source = dev:/dev/urandom
virtual_gid_maps = static:1030
virtual_mailbox_base = /home/vmail
virtual_mailbox_domains = /etc/postfix/vdomain
virtual_mailbox_maps = hash:/etc/postfix/vmailbox
virtual_minimum_uid = 1030
virtual_uid_maps = static:1030


/etc/postfix/vdomain:

$ cat /etc/postfix/vdomain
example.com


/etc/postfix/vmailbox:

$ cat /etc/postfix/vmailbox
[hidden email] example.com/mwjones/Maildir/
@example.com example.com/caught/Maildir/


Verifying auth socket:

$ sudo file /var/spool/postfix/private/auth
/var/spool/postfix/private/auth: socket


Dovecot config:

$ doveconf -n
# 2.0.18: /etc/dovecot/dovecot.conf
# OS: Linux 3.2.5-grsec x86_64 Debian wheezy/sid ext4
auth_debug = yes
auth_mechanisms = plain login
auth_verbose = yes
first_valid_gid = 1030
first_valid_uid = 1030
info_log_path = /var/log/dovecot-info.log
last_valid_gid = 1030
last_valid_uid = 1030
log_path = /var/log/dovecot.log
log_timestamp = "%Y-%m-%d %H:%M:%S "
mail_debug = yes
mail_location = maildir:/home/vmail/%d/%n/Maildir
passdb {
  args = /home/vmail/%d/etc/passwd
  driver = passwd-file
}
protocols = imap
service auth {
  unix_listener /var/spool/postfix/private/auth {
    group = postfix
    mode = 0660
    user = postfix
  }
}
service imap-login {
  inet_listener imap {
    port = 0
  }
  inet_listener imaps {
    address = *
    port = 993
  }
  service_count = 1
}
service ssl-params {
  type = startup
}
ssl_cert = </etc/apache2/ssl/cert-example.com.crt
ssl_key = </etc/apache2/ssl/example.key
userdb {
  args = /home/vmail/%d/etc/passwd
  driver = passwd-file
}
verbose_ssl = yes


Please let me know what other info I can provide that would be helpful.

I've been following the postfix documentation, but still get no AUTH
from the daemon.
Reply | Threaded
Open this post in threaded view
|

Re: Postfix missing AUTH?

Scott Kitterman-4
On Thursday, April 05, 2012 02:27:05 PM Mike Jones! wrote:
> I've been following the postfix documentation, but still get no AUTH
> from the daemon.

What documentation specifically have you been following?

Scott K
Reply | Threaded
Open this post in threaded view
|

Re: Postfix missing AUTH?

Wietse Venema
In reply to this post by Mike Jones!
Mike Jones!:
> Please let me know what other info I can provide that would be helpful.

You forgot to look at all the warning messages in the mail logfile.
http://www.postfix.org/DEBUG_README.html#logging

        Wietse
Reply | Threaded
Open this post in threaded view
|

Re: Postfix missing AUTH?

Mike Jones!
In reply to this post by Scott Kitterman-4
On Thu, Apr 5, 2012 at 2:29 PM, Scott Kitterman <[hidden email]> wrote:
> What documentation specifically have you been following?
>
> Scott K

Primarily http://www.postfix.org/SASL_README.html#server_dovecot and
http://www.postfix.org/SASL_README.html#server_sasl_enable

Thanks,
mwjones
Reply | Threaded
Open this post in threaded view
|

Re: Postfix missing AUTH?

Scott Kitterman-4
On Thursday, April 05, 2012 02:32:32 PM Mike Jones! wrote:
> On Thu, Apr 5, 2012 at 2:29 PM, Scott Kitterman <[hidden email]>
wrote:
> > What documentation specifically have you been following?
> >
> > Scott K
>
> Primarily http://www.postfix.org/SASL_README.html#server_dovecot and
> http://www.postfix.org/SASL_README.html#server_sasl_enable

Since your using Debian, there's some additional information here that is
relevant:

/usr/share/doc/postfix/README.Debian

You can also find Debian specific guidance on this at:

http://wiki.debian.org/PostfixAndSASL

Scott K
Reply | Threaded
Open this post in threaded view
|

Re: Postfix missing AUTH?

Noel Jones-2
In reply to this post by Mike Jones!
On 4/5/2012 1:27 PM, Mike Jones! wrote:

> I am trying to set up auth for postfix so I can send mail to addresses
> on the internet through my server.  Here is the output from EHLO:
>
>
> $ nc example.com 25
> 220 example.com ESMTP Postfix
> ehlo example.com
> 250-example.com
> 250-PIPELINING
> 250-SIZE 10240000
> 250-VRFY
> 250-ETRN
> 250-STARTTLS
> 250-ENHANCEDSTATUSCODES
> 250-8BITMIME
> 250 DSN
>
>
> So postfix is running fine and listening, but just missing the AUTH
> parts. Here are my postfix and dovecot infos, respectively.
>
> Postfix config:
>
> $ sudo postconf -n

> smtpd_tls_auth_only = yes

You've told postfix to only offer AUTH after you connect with TLS,
either STARTTLS or via smtps.  For testing, either turn this setting
off or use
openssl s_client -connect example.com:25 -starttls smtp

There may or may not be other issues noted in your logs.




  -- Noel Jones
Reply | Threaded
Open this post in threaded view
|

Re: Postfix missing AUTH?

Mike Jones!
In reply to this post by Wietse Venema
On Thu, Apr 5, 2012 at 2:32 PM, Wietse Venema <[hidden email]> wrote:
> You forgot to look at all the warning messages in the mail logfile.
> http://www.postfix.org/DEBUG_README.html#logging
>
>        Wietse

Good note, I forgot to mention that there were none.  I've been
tailing mail.{err,info,log,warn} and there are no complaints there.
Sorry, forgot to mention :(

Here is the ouput from the previously mentioned log files of
restarting the daemon, then connecting in and giving an EHLO again:

/var/log/mail.info and /var/log/mail.log:
Apr  5 14:33:30 int0x80 postfix/master[6250]: terminating on signal 15
Apr  5 14:33:30 int0x80 postfix/master[6521]: daemon started --
version 2.9.1, configuration /etc/postfix
Apr  5 14:33:37 int0x80 postfix/smtpd[6528]: connect from 6.6.6.6
Apr  5 14:33:45 int0x80 postfix/smtpd[6528]: lost connection after
EHLO from 6.6.6.6
Apr  5 14:33:45 int0x80 postfix/smtpd[6528]: disconnect from 6.6.6.6

/var/log/mail.err and /var/log/mail.warn have nothing.
Reply | Threaded
Open this post in threaded view
|

Re: Postfix missing AUTH?

Mike Jones!
In reply to this post by Noel Jones-2
On Thu, Apr 5, 2012 at 2:38 PM, Noel Jones <[hidden email]> wrote:
> You've told postfix to only offer AUTH after you connect with TLS,
> either STARTTLS or via smtps.  For testing, either turn this setting
> off or use
> openssl s_client -connect example.com:25 -starttls smtp
>
> There may or may not be other issues noted in your logs.

Thanks, that was the problem!  After connecting with openssl, the AUTH is there:

250-ETRN
250-AUTH PLAIN LOGIN
250-AUTH=PLAIN LOGIN
250-ENHANCEDSTATUSCODES
250-8BITMIME
250 DSN
Reply | Threaded
Open this post in threaded view
|

Re: Postfix missing AUTH?

/dev/rob0
In reply to this post by Scott Kitterman-4
On Thu, Apr 05, 2012 at 02:37:25PM -0400, Scott Kitterman wrote:

> On Thursday, April 05, 2012 02:32:32 PM Mike Jones! wrote:
> > On Thu, Apr 5, 2012 at 2:29 PM, Scott Kitterman
> > <[hidden email]> wrote:
> > > What documentation specifically have you been following?
> >
> > Primarily http://www.postfix.org/SASL_README.html#server_dovecot
> > and http://www.postfix.org/SASL_README.html#server_sasl_enable
>
> Since your using Debian, there's some additional information here
> that is relevant:
>
> /usr/share/doc/postfix/README.Debian

This one, very much so, yes.

> You can also find Debian specific guidance on this at:
>
> http://wiki.debian.org/PostfixAndSASL

This one, no. It has little of relevance to a Dovecot user except the
Dovecot wiki link at the end. I would encourage a Debian wiki user to
change that page such that at the TOP it says it is not relevant for
Dovecot users. We often see Debian people who have been misguided by
that page.

Also, the Dovecot wiki link is only for Dovecot 1.x, not the best
source of information for the 2.x releases.
--
  http://rob0.nodns4.us/ -- system administration and consulting
  Offlist GMX mail is seen only if "/dev/rob0" is in the Subject: