[Dovecot] Problem with Dovecot SASL in Postfix

Chris McMacken chris.mcmacken at gmail.com
Thu Jul 12 18:52:18 EEST 2007


Ok lets try this again...

I'm trying to configure my postfix server to use Dovecot as an SASL
server and running into some problems. My server supports a couple of
domain, I have multiple user/password files for multiple domains to
make the files a little easier to manage. Not sure if this question
should belong in the dovecot mailing list or the postfix one, but here
goes anyway. I have everything configured to use CRAM-MD5
authentication, including my mail client.

Here is the Dovecot -n output:

mail# dovecot -n
# /usr/local/etc/dovecot.conf
log_path: /var/log/dovecot
info_log_path: /var/log/dovecot.info
protocols: imap pop3
ssl_disable: yes
disable_plaintext_auth: no
login_dir: /var/run/dovecot/login
login_executable(default): /usr/local/libexec/dovecot/imap-login
login_executable(imap): /usr/local/libexec/dovecot/imap-login
login_executable(pop3): /usr/local/libexec/dovecot/pop3-login
verbose_proctitle: yes
first_valid_gid: 0
mail_extra_groups: mail
mail_location: maildir:/home/vmail/%d/%n
mail_executable(default): /usr/local/libexec/dovecot/imap
mail_executable(imap): /usr/local/libexec/dovecot/imap
mail_executable(pop3): /usr/local/libexec/dovecot/pop3
mail_plugin_dir(default): /usr/local/lib/dovecot/imap
mail_plugin_dir(imap): /usr/local/lib/dovecot/imap
mail_plugin_dir(pop3): /usr/local/lib/dovecot/pop3
imap_client_workarounds(default): delay-newmail outlook-idle
netscape-eoh tb-extra-mailbox-sep
imap_client_workarounds(imap): delay-newmail outlook-idle netscape-eoh
tb-extra-mailbox-sep
imap_client_workarounds(pop3): outlook-idle
pop3_uidl_format(default):
pop3_uidl_format(imap):
pop3_uidl_format(pop3): %08Xu%08Xv
pop3_client_workarounds(default):
pop3_client_workarounds(imap):
pop3_client_workarounds(pop3): outlook-no-nuls oe-ns-eoh
auth default:
  mechanisms: plain cram-md5
  passdb:
    driver: passwd-file
    args: /usr/local/etc/dovecot/%d/passwd
  userdb:
    driver: passwd-file
    args: /usr/local/etc/dovecot/%d/passwd
  socket:
    type: listen
    client:
      path: /var/spool/postfix/private/auth
      mode: 432
      user: postfix
      group: postfix
    master:


heres a sample line from one of the passwd files:

chrism:{CRAM-MD5}a67a65704086a046b3f875d1eaac8cb5c6fd13406507fead30d9bcb1bf82b:1003:1003::/home/vmail/example.com

and to login through SASL I am trying to use the username
chrism at example.com when I use the full email address like this to
login like this I get this output into my postfix log:

Jul 10 18:46:59 mail postfix/smtpd[57343]: connect from unknown[12.244.148.123]
Jul 10 18:46:59 mail postfix/smtpd[57343]: NOQUEUE: reject: RCPT from
unknown[12.244.148.123]: 554 5.7.1 <chrism at gmail.com>: Relay access
denied; from=<chrism at example.com> to=<chrism at gmail.com> proto=ESMTP
helo=<[192.168.1.14]>
Jul 10 18:47:00 mail postfix/smtpd[57343]: disconnect from
unknown[12.244.148.123]

(not actually using example.com but I changed it here)
heres my smtpd_recipient_restricitons from postconf

smtpd_recipient_restrictions = permit_mynetworks,
reject_unauth_destination, permit_sasl_authenticated

so when I use the full user name (chrism at example.com) it doesn't
appear to even attempt logging into the sasl server. If I change it to
simply chrism, heres the output:

Jul 10 18:50:36 mail postfix/smtpd[57356]: connect from unknown[12.244.148.123]
Jul 10 18:50:38 mail postfix/smtpd[57356]: warning:
unknown[12.244.148.123]: SASL CRAM-MD5 authentication failed:
PDI3NjU4MTE4NDExMTQzN0BtYWlsPg==
Jul 10 18:50:39 mail postfix/smtpd[57356]: lost connection after AUTH
from unknown[12.244.148.123]
Jul 10 18:50:39 mail postfix/smtpd[57356]: disconnect from
unknown[12.244.148.123]

if I put my user name in as chrism and don't add the @example.com it
tried to login but it can't login.

anyone have any ideas?


More information about the dovecot mailing list