[Dovecot] SASL + Postfix woes
jerry at seibercom.net
Mon Mar 18 14:48:59 EET 2013
Okay, I wasn't going to try and fix up the messed up mail server I was
given; however, I decided that I might as well try.
The system has a Postfix MTA and uses Dovecot for LDA and Cyrus-SASL
for SASL. That works fine.
I decided that I wanted to switch over to Dovecot for SASL. dovecot is
presently using MySQL for its database.
I make the (I thought) necessary changes in Postfix and restarted it.
Big problem. SASL is now broken. I turned on logging in Dovecot to see
what was happening, but apparently nothing is happening. There are no
entries regarding Postfix attempting to negotiate an SASL request with
This is the "dovecot -n" outout (yes, I know it is an old version)
# 1.2.17: /usr/local/etc/dovecot.conf
# OS: FreeBSD 8.3-STABLE amd64 ufs
imap_client_workarounds: delay-newmail netscape-eoh tb-extra-mailbox-sep
postmaster_address: postmaster at seibercom.net
mechanisms: plain login digest-md5 cram-md5
expire: Trash 2 Spam/* 2
This is the "dovecot-sql.conf" file:
driver = mysql
connect = host=localhost dbname=Dovecot user=root password=xxxxxxxx
password_query = SELECT concat(userid, '@', domain) AS user, password \
FROM users WHERE userid = '%n' AND domain = '%d'
user_query = SELECT uid, gid, home FROM users WHERE userid = '%n' AND domain = '%d'
This is the pertinent part of the postconf -fn output:
broken_sasl_auth_clients = yes
smtp_sasl_auth_enable = yes
smtp_sasl_password_maps = hash:/usr/local/etc/postfix/sasl_password_maps
smtp_sasl_security_options = noanonymous
smtp_sasl_type = dovecot
smtpd_client_restrictions = reject_unauth_pipelining permit_sasl_authenticated
smtpd_relay_restrictions = permit_mynetworks permit_sasl_authenticated
smtpd_sasl_auth_enable = yes
smtpd_sasl_authenticated_header = yes
smtpd_sasl_local_domain = $mydomain
smtpd_sasl_path = private/auth
smtpd_sasl_security_options = noanonymous, noplaintext
smtpd_sasl_tls_security_options = noanonymous
I have tried using "dovecot" in place of "private/auth", but it doesn't make any difference.
This is the only output from the postfix maillog:
Mar 18 08:13:02 scorpio postfix/smtpd: connect from localhost[127.0.0.1]
Mar 18 08:13:02 scorpio postfix/smtpd: warning: localhost[127.0.0.1]: SASL CRAM-MD5 authentication failed: authentication failure
Mar 18 08:13:02 scorpio postfix/smtpd: lost connection after AUTH from localhost[127.0.0.1]
Again, it doesn't appear that Postfix ever actually makes contact with
Dovecot. I am probably doing something extremely stupid, but I just
cannot figure out what it is.
Disclaimer: off-list followups get on-list replies or get ignored.
Please do not ignore the Reply-To header.
More information about the dovecot