Dovecot SASL doesn't seem to be working with Postfix

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
3 messages Options
Reply | Threaded
Open this post in threaded view
|

Dovecot SASL doesn't seem to be working with Postfix

Mozmonkey
I've tried to setup Postfix to use SASL, but it still doesn't seem to be
working with Dovecot.  I've set things up based on these instructions:

http://wiki.dovecot.org/HowTo/SimpleVirtualInstall
http://wiki.dovecot.org/HowTo/PostfixAndDovecotSASL
http://wiki.dovecot.org/LDA

I've compiled Postfix with Dovecot SASL and SSL/TLS support.  The problems
I'm seeing in Postfix are:

 * Virtual users are not being recognized (it'll only delivers mail for
local users)
 * For mail it does deliver, it uses the local user permissions ( I want it
to use the vmail user)
 * I had to modify 'mail_spool_directory' to get it to use the /home/vmail/
directory
 * For mail delivered to local users, it still doesn't come up in my email
client when I check for new mail.

I just keep feeling like the SASL integration is not working.  Can anybody
shed some light?

---
DOVECOT config
# 1.0.13: /usr/local/etc/dovecot.conf
log_path: /var/log/dovecot.log
info_log_path: /var/log/dovecot-info.log
protocols: imap pop3 imaps pop3s
disable_plaintext_auth: no
verbose_ssl: yes
login_dir: /usr/local/var/run/dovecot/login
login_executable(default): /usr/local/libexec/dovecot/imap-login
login_executable(imap): /usr/local/libexec/dovecot/imap-login
login_executable(pop3): /usr/local/libexec/dovecot/pop3-login
mail_location: maildir:~/Maildir
dotlock_use_excl: yes
maildir_copy_with_hardlinks: yes
mail_executable(default): /usr/local/libexec/dovecot/imap
mail_executable(imap): /usr/local/libexec/dovecot/imap
mail_executable(pop3): /usr/local/libexec/dovecot/pop3
mail_plugin_dir(default): /usr/local/lib/dovecot/imap
mail_plugin_dir(imap): /usr/local/lib/dovecot/imap
mail_plugin_dir(pop3): /usr/local/lib/dovecot/pop3
pop3_uidl_format: %08Xu%08Xv
auth default:
  mechanisms: plain login
  verbose: yes
  debug: yes
  debug_passwords: yes
  passdb:
    driver: passwd-file
    args: /etc/dovecot/passwd
  userdb:
    driver: static
    args: uid=postfix gid=postfix home=/home/vmail/%u
  socket:
    type: listen
    client:
      path: /var/spool/postfix/private/auth
      mode: 432
      user: postfix
      group: postfix
    master:
      path: /usr/local/var/run/dovecot/auth-master
      mode: 384
      user: vmail

----
POSTFIX main.cf
alias_maps = $alias_database
broken_sasl_auth_clients = yes
command_directory = /usr/sbin
config_directory = /etc/postfix
daemon_directory = /usr/libexec/postfix
data_directory = /var/lib/postfix
debug_peer_level = 2
default_privs = nobody
html_directory = no
inet_interfaces = $myhostname, localhost
mail_owner = postfix
mail_spool_directory = /home/vmail/
mailq_path = /usr/bin/mailq
manpage_directory = /usr/local/man
mydestination = $myhostname, localhost.$mydomain, localhost, $mydomain
mydomain = $myhostname
myhostname = mixermixer3.com
newaliases_path = /usr/bin/newaliases
queue_directory = /var/spool/postfix/
readme_directory = no
sample_directory = /etc/postfix
sendmail_path = /usr/sbin/sendmail
setgid_group = postdrop
smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated,
reject_unauth_destination
smtpd_sasl_auth_enable = yes
smtpd_sasl_exceptions_networks = $mynetworks
smtpd_sasl_local_domain = $myhostname
smtpd_sasl_path = private/auth
smtpd_sasl_security_options = noanonymous
smtpd_sasl_type = dovecot
smtpd_tls_CAfile = /etc/postfix/ssl/smtpd.pem
smtpd_tls_cert_file = /etc/postfix/ssl/smtpd.pem
smtpd_tls_key_file = /etc/postfix/ssl/smtpd.pem
smtpd_tls_loglevel = 1
smtpd_tls_session_cache_timeout = 3600s
unknown_local_recipient_reject_code = 550
virtual_mailbox_domains = $myhostname
virtual_transport = dovecot

----
POSTFIX master.cf (just the important lines)
smtp      inet  n       -       n       -       -       smtpd
smtps     inet  n       -       n       -       -       smtpd
  -o smtpd_tls_wrappermode=yes
  -o smtpd_sasl_auth_enable=yes
  -o smtpd_client_restrictions=permit_sasl_authenticated,reject
dovecot   unix  -       n       n       -       -       pipe
  flags=DRhu user=vmail:vmail argv=/usr/local/libexec/dovecot/deliver -f
${sender} -d ${recipient}


THANKS,
Jeremy
Reply | Threaded
Open this post in threaded view
|

Re: Dovecot SASL doesn't seem to be working with Postfix

Mozmonkey
If I setup the virtual users in Dovecot and enable SASL in Postfix, does
that mean that Postfix should use Dovecot for authentication and for the
virtual user table?  Is there anything I need to do outside the following to
instruction URLs to make this work?

http://wiki.dovecot.org/HowTo/SimpleVirtualInstall
http://wiki.dovecot.org/HowTo/PostfixAndDovecotSASL

I'm reading the ADDRESS_CLASS_README, but it seems like I'll have to mirror
the settings from Dovecot to Postfix.  That doesn't seem right:
http://www.postfix.org/ADDRESS_CLASS_README.html

Thanks,
Jeremy
Reply | Threaded
Open this post in threaded view
|

Re: Dovecot SASL doesn't seem to be working with Postfix

Mozmonkey
In reply to this post by Mozmonkey
w00t.  Thanks everyone for all your input. It works now.  The key was to set
mydestination to "localhost, localhost.localdomain".  From there Postfix
started using Dovecot LDA (deliver) and I was able to track the rest of the
problems down through the log files.

Here's my latest config for anybody interested:

## DOVECOT ##
# 1.0.13: /usr/local/etc/dovecot.conf
log_path: /var/log/dovecot.log
info_log_path: /var/log/dovecot-info.log
protocols: imap pop3 imaps pop3s
disable_plaintext_auth: no
verbose_ssl: yes
login_dir: /usr/local/var/run/dovecot/login
login_executable(default): /usr/local/libexec/dovecot/imap-login
login_executable(imap): /usr/local/libexec/dovecot/imap-login
login_executable(pop3): /usr/local/libexec/dovecot/pop3-login
mail_location: maildir:~/Maildir
dotlock_use_excl: yes
maildir_copy_with_hardlinks: yes
mail_executable(default): /usr/local/libexec/dovecot/imap
mail_executable(imap): /usr/local/libexec/dovecot/imap
mail_executable(pop3): /usr/local/libexec/dovecot/pop3
mail_plugin_dir(default): /usr/local/lib/dovecot/imap
mail_plugin_dir(imap): /usr/local/lib/dovecot/imap
mail_plugin_dir(pop3): /usr/local/lib/dovecot/pop3
pop3_uidl_format: %08Xu%08Xv
auth default:
  mechanisms: plain login
  verbose: yes
  debug: yes
  debug_passwords: yes
  passdb:
    driver: passwd-file
    args: /etc/dovecot/passwd
  userdb:
    driver: static
    args: uid=postfix gid=postfix home=/home/vmail/%u
  socket:
    type: listen
    client:
      path: /var/spool/postfix/private/auth
      mode: 432
      user: postfix
      group: postfix
    master:
      path: /usr/local/var/run/dovecot/auth-master
      mode: 384
      user: vmail
      group: vmail

## POSTFIX main.cf ##
broken_sasl_auth_clients = yes
command_directory = /usr/sbin
config_directory = /etc/postfix
daemon_directory = /usr/libexec/postfix
data_directory = /var/lib/postfix
debug_peer_level = 2
default_privs = nobody
html_directory = no
inet_interfaces = $myhostname, localhost
mail_owner = postfix
mail_spool_directory = /home/vmail/
mailq_path = /usr/bin/mailq
manpage_directory = /usr/local/man
mydestination = localhost, localhost.localdomain
mydomain = $myhostname
myhostname = mixermixer3.com
newaliases_path = /usr/bin/newaliases
queue_directory = /var/spool/postfix/
readme_directory = no
sample_directory = /etc/postfix
sendmail_path = /usr/sbin/sendmail
setgid_group = postdrop
smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated,
reject_unauth_destination
smtpd_sasl_auth_enable = yes
smtpd_sasl_exceptions_networks = $mynetworks
smtpd_sasl_local_domain = $myhostname
smtpd_sasl_path = private/auth
smtpd_sasl_security_options = noanonymous
smtpd_sasl_type = dovecot
smtpd_tls_CAfile = /etc/postfix/ssl/smtpd.pem
smtpd_tls_cert_file = /etc/postfix/ssl/smtpd.pem
smtpd_tls_key_file = /etc/postfix/ssl/smtpd.pem
smtpd_tls_loglevel = 1
smtpd_tls_session_cache_timeout = 3600s
unknown_local_recipient_reject_code = 550
virtual_mailbox_domains = $myhostname
virtual_transport = dovecot

## POSTFIX (a few lines from master.cf) ##
smtp      inet  n       -       n       -       -       smtpd
smtps     inet  n       -       n       -       -       smtpd
  -o smtpd_tls_wrappermode=yes
  -o smtpd_sasl_auth_enable=yes
  -o smtpd_client_restrictions=permit_sasl_authenticated,reject
# Dovecot LDA
dovecot   unix  -       n       n       -       -       pipe
  flags=DRhu user=nobody:mail argv=/usr/local/libexec/dovecot/deliver -f
${sender} -d ${recipient}


Thanks Everyone!
- Jeremy