[olug] Postfix/dovecot

Lou Duchez lou at paprikash.com
Tue Apr 16 03:13:34 UTC 2013


What happens if you get rid of the "unix_listener auth-master" part?

Can you confirm whether mail clients can authenticate when connecting to 
Dovecot?  Make sure that's working first.


> didn't work, postfix says:
> smtpd_sasl_type = dovecot
> smtpd_sasl_path = /home/vmail/auth
> smtpd_sasl_auth_enable = yes
> broken_sasl_auth_clients = yes
> smtpd_sasl_authenticated_header = yes
>
> dovecot says:
> service auth {
>    unix_listener /home/vmail/auth {
>      group = postfix
>      mode = 0660
>      user = postfix
>    }
>    unix_listener auth-master {
>      mode = 0600
>      user = vmail
>    }
>    user = root
> }
>
> Sam
>
>
> On Mon, Apr 15, 2013 at 8:37 PM, Lou Duchez <lou at paprikash.com> wrote:
>
>> Reboot the server -- sometimes I find dovecot and postfix won't talk until
>> you've done a reboot -- and after that, if there's still a problem, post
>> the "smtpd_sasl_path" line from main.cf, plus the "service auth" section
>> from dovecot.conf.
>>
>>
>>
>>   Apr 16 01:39:40 li455-174 postfix/smtpd[6411]: warning: SASL: Connect to
>>> /home/vmail/auth failed: Permission denied
>>> Apr 16 01:39:40 li455-174 postfix/smtpd[6411]: fatal: no SASL
>>> authentication mechanisms
>>> Apr 16 01:39:41 li455-174 postfix/master[6398]: warning: process
>>> /usr/libexec/postfix/smtpd pid 6411 exit status 1
>>> Apr 16 01:39:41 li455-174 postfix/master[6398]: warning:
>>> /usr/libexec/postfix/smtpd: bad command startup -- throttling
>>>
>>>
>>> \Log entries
>>>
>>>
>>> On Mon, Apr 15, 2013 at 8:34 PM, Sam Flint <harmonicnm7h at gmail.com>
>>> wrote:
>>>
>>>   messages still won't send, no server reply.
>>>>
>>>> On Mon, Apr 15, 2013 at 8:18 PM, Lou Duchez <lou at paprikash.com> wrote:
>>>>
>>>>   "smtpd_sasl_path = private/auth" ... two questions.
>>>>> 1) As you have it written that's a relative path, and that's not good.
>>>>>    (Okay, that's not a question.)
>>>>>
>>>>> 2) Do you have a section in your dovecot.conf that looks like this?
>>>>>
>>>>> service auth {
>>>>>     unix_listener /vmail/passwd {
>>>>>       user = postfix
>>>>>       group = postfix
>>>>>       mode = 0660
>>>>>     }
>>>>>     user = vmail
>>>>> }
>>>>>
>>>>> In my case, my Dovecot will create a socket at "/vmail/passwd" that
>>>>> postfix can access to do its authentications.  Your "unix_listener"
>>>>> parameter would need to specifiy "private/auth" (or whatever that needs
>>>>> to
>>>>> become so the path's not relative).  In your case, you might need to
>>>>> change
>>>>> the "user = vmail" to something like "user = dovecot".
>>>>>
>>>>>
>>>>>    myhostname = mail.flintfam.org
>>>>>
>>>>>> mydomain = flintfam.org
>>>>>> myorigin = $mydomain
>>>>>> inet_interfaces = all
>>>>>> inet_protocols = ipv4, ipv6
>>>>>> mydestination = $myhostname, localhost, localhost.localdomain
>>>>>> #mynetworks = 127.0.0.0/8
>>>>>> mynetworks = all
>>>>>> relay_domains = .com .org .net .info $mydestination
>>>>>> home_mailbox = Maildir/
>>>>>> message_size_limit = 30720000
>>>>>> # virtual_alias_domains =
>>>>>> virtual_alias_maps = proxy:mysql:/etc/postfix/**mysql**
>>>>>> -virtual_forwardings.cf <http://mysql-virtual_**forwardings.cf<http://mysql-virtual_forwardings.cf>
>>>>>>> ,
>>>>>> mysql:/etc/postfix/mysql-**vir**tual_email2email.cf<http://virtual_email2email.cf>
>>>>>> <http://**mysql-virtual_email2email.cf<http://mysql-virtual_email2email.cf>
>>>>>> virtual_mailbox_domains = proxy:mysql:/etc/postfix/**mysql**
>>>>>> -virtual_domains.cf <http://mysql-virtual_domains.**cf<http://mysql-virtual_domains.cf>
>>>>>> virtual_mailbox_maps = proxy:mysql:/etc/postfix/**mysql**
>>>>>> -virtual_mailboxes.cf <http://mysql-virtual_**mailboxes.cf<http://mysql-virtual_mailboxes.cf>
>>>>>> virtual_mailbox_base = /home/vmail
>>>>>> virtual_uid_maps = static:5000
>>>>>> virtual_gid_maps = static:5000
>>>>>> smtpd_sasl_type = dovecot
>>>>>> smtpd_sasl_path = private/auth
>>>>>> smtpd_sasl_auth_enable = yes
>>>>>> broken_sasl_auth_clients = yes
>>>>>> smtpd_sasl_authenticated_****header = yes
>>>>>>
>>>>>> smtpd_recipient_restrictions = permit_mynetworks,
>>>>>> permit_sasl_authenticated, reject_unauth_destination, permit
>>>>>> smtpd_use_tls = yes
>>>>>> smtpd_tls_cert_file = /etc/pki/dovecot/certs/****dovecot.pem
>>>>>> smtpd_tls_key_file = /etc/pki/dovecot/private/****dovecot.pem
>>>>>>
>>>>>> virtual_create_maildirsize = yes
>>>>>> virtual_maildir_extended = yes
>>>>>> proxy_read_maps = $local_recipient_maps $mydestination
>>>>>> $virtual_alias_maps
>>>>>> $virtual_alias_domains $virtual_mailbox_maps $virtual_mailbox_domains
>>>>>> $relay_recipient_maps $relay_domains $canonical_maps
>>>>>> $sender_canonical_maps
>>>>>> $recipient_canonical_maps $relocated_maps $transport_maps $mynetworks
>>>>>> $virtual_mailbox_limit_maps
>>>>>> virtual_transport = dovecot
>>>>>> dovecot_destination_recipient_****limit = 1
>>>>>>
>>>>>>
>>>>>>
>>>>>> On Mon, Apr 15, 2013 at 7:23 PM, Lou Duchez <lou at paprikash.com> wrote:
>>>>>>
>>>>>>    Let's see yer main.cf.
>>>>>>
>>>>>>>     none related to dovecot, just that it isn't allowed to relay
>>>>>>>
>>>>>>>   On Mon, Apr 15, 2013 at 7:21 PM, Lou Duchez <lou at paprikash.com>
>>>>>>>> wrote:
>>>>>>>>
>>>>>>>>     What are the messages you're getting now?
>>>>>>>>
>>>>>>>>       I just did an en passant replacement of the conf with the
>>>>>>>>> output of
>>>>>>>>>
>>>>>>>>>    dovecot
>>>>>>>>>
>>>>>>>>>> -n.  Now what about postfix and sending
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>> On Mon, Apr 15, 2013 at 6:39 PM, Lou Duchez <lou at paprikash.com>
>>>>>>>>>> wrote:
>>>>>>>>>>
>>>>>>>>>>      It's giving you all kinds of warnings, why not act on them?
>>>>>>>>>>   It's
>>>>>>>>>> more or
>>>>>>>>>>
>>>>>>>>>>    less telling you what to fix.
>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>>       Does anyone have any ideas?
>>>>>>>>>>>
>>>>>>>>>>>     On Sun, Apr 14, 2013 at 4:45 PM, Sam Flint <
>>>>>>>>>>> harmonicnm7h at gmail.com>
>>>>>>>>>>>
>>>>>>>>>>>   wrote:
>>>>>>>>>>>>       Well, for postfix, it now accepts email, but when it sends
>>>>>>>>>>>> it
>>>>>>>>>>>> through
>>>>>>>>>>>>
>>>>>>>>>>>>     dovecot, dovecot complains, and the email won't go through.
>>>>>>>>>>>>   Log
>>>>>>>>>>>>
>>>>>>>>>>>>   entry:
>>>>>>>>>>>>>                Apr 14 19:22:32 li455-174 postfix/qmgr[24423]:
>>>>>>>>>>>>> 2C4B69382:
>>>>>>>>>>>>>                from=<harmonicnm7h at gmail.com>, size=1911, nrcpt=1
>>>>>>>>>>>>> (queue
>>>>>>>>>>>>>                active)
>>>>>>>>>>>>>                Apr 14 19:22:32 li455-174 postfix/pipe[32234]:
>>>>>>>>>>>>> 2C4B69382:
>>>>>>>>>>>>>                to=<swflint at flintfam.org>, relay=dovecot,
>>>>>>>>>>>>> delay=433995,
>>>>>>>>>>>>>                delays=433994/0.04/0/0.11, dsn=4.3.0,
>>>>>>>>>>>>> status=deferred
>>>>>>>>>>>>>                (temporary failure. Command output: doveconf:
>>>>>>>>>>>>> Warning:
>>>>>>>>>>>>> NOTE:
>>>>>>>>>>>>>                You can get a new clean config file with: doveconf
>>>>>>>>>>>>> -n >
>>>>>>>>>>>>>                dovecot-new.conf doveconf: Warning: Obsolete
>>>>>>>>>>>>> setting
>>>>>>>>>>>>> in
>>>>>>>>>>>>>                /etc/dovecot/dovecot.conf:25: add auth_ prefix to
>>>>>>>>>>>>> all
>>>>>>>>>>>>> settings
>>>>>>>>>>>>>                inside auth {} and remove the auth {} section
>>>>>>>>>>>>> completely
>>>>>>>>>>>>>                doveconf: Warning: Obsolete setting in
>>>>>>>>>>>>>                /etc/dovecot/dovecot.conf:26: auth_user has been
>>>>>>>>>>>>> replaced by
>>>>>>>>>>>>>                service auth { user } doveconf: Warning: Obsolete
>>>>>>>>>>>>> setting in
>>>>>>>>>>>>>                /etc/dovecot/dovecot.conf:28: passdb  {} has been
>>>>>>>>>>>>> replaced
>>>>>>>>>>>>> by
>>>>>>>>>>>>>                passdb { driver= } doveconf: Warning: Obsolete
>>>>>>>>>>>>> setting in
>>>>>>>>>>>>>                /etc/dovecot/dovecot.conf:33: userdb  {} has been
>>>>>>>>>>>>> replaced
>>>>>>>>>>>>> by
>>>>>>>>>>>>>                userdb { driver= } Can't open log file
>>>>>>>>>>>>>                /home/vmail/dovecot-deliver.**********log:
>>>>>>>>>>>>> Permission
>>>>>>>>>>>>>
>>>>>>>>>>>>>
>>>>>>>>>>>>> denied )
>>>>>>>>>>>>>
>>>>>>>>>>>>>
>>>>>>>>>>>>>                Apr 14 19:22:32 li455-174 postfix/qmgr[24423]:
>>>>>>>>>>>>> 2C4B69382:
>>>>>>>>>>>>>                from=<harmonicnm7h at gmail.com>, status=expired,
>>>>>>>>>>>>> returnedto
>>>>>>>>>>>>>                sender
>>>>>>>>>>>>>
>>>>>>>>>>>>> Postfix also refuses to send email out, error in webmail app is:
>>>>>>>>>>>>>
>>>>>>>>>>>>>               Transaction failed
>>>>>>>>>>>>>               554 5.7.1 <harmonicnm7h at gmail.com>: Relay access
>>>>>>>>>>>>> denied
>>>>>>>>>>>>>
>>>>>>>>>>>>> Log has:
>>>>>>>>>>>>>
>>>>>>>>>>>>>               Apr 14 21:49:12 li455-174 postfix/smtpd[32585]:
>>>>>>>>>>>>> connect
>>>>>>>>>>>>> from
>>>>>>>>>>>>>               localhost[::1]
>>>>>>>>>>>>>               Apr 14 21:49:12 li455-174 postfix/smtpd[32585]:
>>>>>>>>>>>>> NOQUEUE:
>>>>>>>>>>>>> reject:
>>>>>>>>>>>>>               RCPT from localhost[::1]: 554 5.7.1 <
>>>>>>>>>>>>> harmonicnm7h at gmail.com
>>>>>>>>>>>>>
>>>>>>>>>>>>>    :
>>>>>>>>>>>>>
>>>>>>>>>>>>>>                Relay access denied; from=<swflint at flintfam.org>
>>>>>>>>>>>>>>
>>>>>>>>>>>>>               to=<harmonicnm7h at gmail.com> proto=ESMTP helo=<
>>>>>>>>>>>>> flintfam.org>
>>>>>>>>>>>>>               Apr 14 21:49:12 li455-174 postfix/smtpd[32585]:
>>>>>>>>>>>>> lost
>>>>>>>>>>>>> connection
>>>>>>>>>>>>>               after RCPT from localhost[::1]
>>>>>>>>>>>>>               Apr 14 21:49:12 li455-174 postfix/smtpd[32585]:
>>>>>>>>>>>>> disconnect
>>>>>>>>>>>>> from
>>>>>>>>>>>>> localhost[::1]
>>>>>>>>>>>>>
>>>>>>>>>>>>> Thanks,
>>>>>>>>>>>>> Sam
>>>>>>>>>>>>>
>>>>>>>>>>>>> --
>>>>>>>>>>>>> Sam Flint
>>>>>>>>>>>>> Happy Hacking!
>>>>>>>>>>>>> swflint at flintfam.org
>>>>>>>>>>>>> flintfam.org/~swflint
>>>>>>>>>>>>>
>>>>>>>>>>>>>
>>>>>>>>>>>>>
>>>>>>>>>>>>>       ______________________________**********_________________
>>>>>>>>>>>>>
>>>>>>>>>>>>>   OLUG mailing list
>>>>>>>>>>> OLUG at olug.org
>>>>>>>>>>> https://lists.olug.org/**********mailman/listinfo/olug<https://lists.olug.org/********mailman/listinfo/olug>
>>>>>>>>>>> <https:/**/lists.olug.org/******mailman/**listinfo/olug<https://lists.olug.org/******mailman/listinfo/olug>
>>>>>>>>>>> <https://**lists.olug.org/******mailman/**listinfo/olug<http://lists.olug.org/****mailman/**listinfo/olug>
>>>>>>>>>>> <https:**//lists.olug.org/****mailman/**listinfo/olug<https://lists.olug.org/****mailman/listinfo/olug>
>>>>>>>>>>> <https://**lists.olug.org/******mailman/**listinfo/olug<http://lists.olug.org/****mailman/**listinfo/olug>
>>>>>>>>>>> <http:/**/lists.olug.org/**mailman/****listinfo/olug<http://lists.olug.org/**mailman/**listinfo/olug>
>>>>>>>>>>> <https:**//lists.olug.org/****mailman/**listinfo/olug<http://lists.olug.org/**mailman/**listinfo/olug>
>>>>>>>>>>> <https:**//lists.olug.org/**mailman/**listinfo/olug<https://lists.olug.org/**mailman/listinfo/olug>
>>>>>>>>>>> <https://**lists.olug.org/******mailman/**listinfo/olug<http://lists.olug.org/****mailman/**listinfo/olug>
>>>>>>>>>>> <http:/**/lists.olug.org/**mailman/****listinfo/olug<http://lists.olug.org/**mailman/**listinfo/olug>
>>>>>>>>>>> <http:/**/lists.olug.org/**mailman/****listinfo/olug<http://lists.olug.org/mailman/****listinfo/olug>
>>>>>>>>>>> <http**://lists.olug.org/mailman/****listinfo/olug<http://lists.olug.org/mailman/**listinfo/olug>
>>>>>>>>>>> <https:**//lists.olug.org/****mailman/**listinfo/olug<http://lists.olug.org/**mailman/**listinfo/olug>
>>>>>>>>>>> <http:/**/lists.olug.org/mailman/****listinfo/olug<http://lists.olug.org/mailman/**listinfo/olug>
>>>>>>>>>>> <https:**//lists.olug.org/**mailman/**listinfo/olug<http://lists.olug.org/mailman/**listinfo/olug>
>>>>>>>>>>> <https:**//lists.olug.org/mailman/**listinfo/olug<https://lists.olug.org/mailman/listinfo/olug>
>>>>>>>>>>>      ______________________________********_________________
>>>>>>>>>>>
>>>>>>>>>> OLUG mailing list
>>>>>>>>> OLUG at olug.org
>>>>>>>>> https://lists.olug.org/********mailman/listinfo/olug<https://lists.olug.org/******mailman/listinfo/olug>
>>>>>>>>> <https://**lists.olug.org/****mailman/**listinfo/olug<https://lists.olug.org/****mailman/listinfo/olug>
>>>>>>>>> <https://**lists.olug.org/****mailman/**listinfo/olug<http://lists.olug.org/**mailman/**listinfo/olug>
>>>>>>>>> <https:**//lists.olug.org/**mailman/**listinfo/olug<https://lists.olug.org/**mailman/listinfo/olug>
>>>>>>>>> <https://**lists.olug.org/****mailman/**listinfo/olug<http://lists.olug.org/**mailman/**listinfo/olug>
>>>>>>>>> <http:/**/lists.olug.org/mailman/****listinfo/olug<http://lists.olug.org/mailman/**listinfo/olug>
>>>>>>>>> <https:**//lists.olug.org/**mailman/**listinfo/olug<http://lists.olug.org/mailman/**listinfo/olug>
>>>>>>>>> <https:**//lists.olug.org/mailman/**listinfo/olug<https://lists.olug.org/mailman/listinfo/olug>
>>>>>>>>>     ______________________________******_________________
>>>>>>> OLUG mailing list
>>>>>>> OLUG at olug.org
>>>>>>> https://lists.olug.org/******mailman/listinfo/olug<https://lists.olug.org/****mailman/listinfo/olug>
>>>>>>> <https://**lists.olug.org/**mailman/**listinfo/olug<https://lists.olug.org/**mailman/listinfo/olug>
>>>>>>> <https://**lists.olug.org/**mailman/**listinfo/olug<http://lists.olug.org/mailman/**listinfo/olug>
>>>>>>> <https:**//lists.olug.org/mailman/**listinfo/olug<https://lists.olug.org/mailman/listinfo/olug>
>>>>>>>
>>>>>>   ______________________________****_________________
>>>>> OLUG mailing list
>>>>> OLUG at olug.org
>>>>> https://lists.olug.org/****mailman/listinfo/olug<https://lists.olug.org/**mailman/listinfo/olug>
>>>>> <https://**lists.olug.org/mailman/**listinfo/olug<https://lists.olug.org/mailman/listinfo/olug>
>>>>>
>>>> --
>>>> Sam Flint
>>>> flintfam.org/~swflint
>>>>
>>>>
>>>
>> ______________________________**_________________
>> OLUG mailing list
>> OLUG at olug.org
>> https://lists.olug.org/**mailman/listinfo/olug<https://lists.olug.org/mailman/listinfo/olug>
>>
>
>




More information about the OLUG mailing list