Dovecot / Postfix SMTP Auth Issue

I switched from cyrus to courier now to Dovecot for small features. ISPConfig 2.2.21 is running on a SLES 10 SP1 box.

I used the hack to get the @domain.tld working for pop access (which works great). This happened to break the roundcube mail login and the domain.tld/mailuser areas.

I was able to get the domain.tld/mailuser fixed with a different post in the forum. I'm still left with the round cube mail issue and the an SMTP auth issue.

I would like to get the SMTP auth to work with the [email protected]

From the other posts pertaining to this, I see both can be done but after pouring over it for a day I'm left with little option but to ask for help.

I'm not sure what conf files you'll need info out of but I'll watch this close and report as soon as someone can help

 

Here is my dovecot.conf

Code:

protocols = imap imaps pop3 pop3s
ssl_cert_file = /etc/ssl/certs/dovecot.pem
ssl_key_file = /etc/ssl/private/dovecot.pem

disable_plaintext_auth = no
pop3_uidl_format = %08Xu%08Xv
protocol pop3 {
}

protocol lda {
# Address to use when sending rejection mails.
postmaster_address = [email protected]
}

auth_username_format ="%Ld_%Ln"

auth default {
mechanisms = plain login

passdb pam {
}

userdb passwd {
}

socket listen {
client {
path = /var/spool/postfix/private/auth
mode = 0660
user = postfix
group = postfix
}
}
}

And here is my postfix main.cf

Code:

queue_directory = /var/spool/postfix
command_directory = /usr/sbin
daemon_directory = /usr/lib/postfix
mail_owner = postfix
unknown_local_recipient_reject_code = 550
debug_peer_level = 3
debugger_command =
         PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin
         xxgdb $daemon_directory/$process_name $process_id & sleep 5
sendmail_path = /usr/sbin/sendmail
newaliases_path = /usr/bin/newaliases
mailq_path = /usr/bin/mailq
setgid_group = maildrop
html_directory = /usr/share/doc/packages/postfix/html
manpage_directory = /usr/share/man
sample_directory = /usr/share/doc/packages/postfix/samples
readme_directory = /usr/share/doc/packages/postfix/README_FILES
inet_protocols = all
biff = no
mail_spool_directory = /var/mail
canonical_maps = hash:/etc/postfix/canonical
virtual_alias_domains = hash:/etc/postfix/virtual
relocated_maps = hash:/etc/postfix/relocated
transport_maps = hash:/etc/postfix/transport
sender_canonical_maps = hash:/etc/postfix/sender_canonical
masquerade_exceptions = root
masquerade_classes = envelope_sender, header_sender, header_recipient
myhostname = web1.$mydomain
#myhostname = $mydomain
program_directory = /usr/lib/postfix
inet_interfaces = all
masquerade_domains =
#mydestination = $myhostname, localhost.$mydomain
defer_transports =
mynetworks_style = subnet
disable_dns_lookups = no
relayhost =
mailbox_command =
mailbox_transport =
strict_8bitmime = no
disable_mime_output_conversion = no
smtpd_sender_restrictions = hash:/etc/postfix/access
smtpd_client_restrictions =
smtpd_helo_required = no
smtpd_helo_restrictions =
strict_rfc821_envelopes = no
smtpd_recipient_restrictions = permit_sasl_authenticated,permit_mynetworks,reject_unauth_destination
smtp_sasl_auth_enable = no
smtpd_sasl_auth_enable = yes
smtpd_use_tls = yes
smtp_use_tls = yes
alias_maps = hash:/etc/aliases
mailbox_size_limit = 0
message_size_limit = 10240000
mydomain = providenttech.com
smtpd_sasl_local_domain =
smtpd_sasl_security_options = noanonymous
broken_sasl_auth_clients = yes
smtpd_tls_auth_only = no
smtp_tls_note_starttls_offer = yes
smtpd_tls_key_file = /etc/postfix/ssl/smtpd.key
smtpd_tls_cert_file = /etc/postfix/ssl/smtpd.crt
smtpd_tls_CAfile = /etc/postfix/ssl/cacert.pem
smtpd_tls_loglevel = 1
smtpd_tls_received_header = yes
smtpd_tls_session_cache_timeout = 3600s
tls_random_source = dev:/dev/urandom
smtpd_sasl_type = dovecot
smtpd_sasl_path = private/auth
virtual_maps = hash:/etc/postfix/virtusertable
mydestination = /etc/postfix/local-host-names

All looks good from that post? Anything look odd I don't see?

 

Buehler?

 

This is from the mail log when I try to use [email protected] with the same PW as the POP account:

Code:

Apr  4 10:14:16 web1 postfix/smtpd[26040]: connect from unknown[10.2.3.26]
Apr  4 10:14:16 web1 postfix/smtpd[26040]: warning: SASL authentication failure: Password verification failed
Apr  4 10:14:16 web1 postfix/smtpd[26040]: warning: unknown[10.2.3.26]: SASL PLAIN authentication failed

 

I've been debugging a bit more. I started saslauthd in debug mode and here is the output:

Code:

web1:~ # saslauthd -d -a pam
saslauthd[28867] :main            : num_procs  : 5
saslauthd[28867] :main            : mech_option: NULL
saslauthd[28867] :main            : run_path   : /var/run/sasl2/
saslauthd[28867] :main            : auth_mech  : pam
saslauthd[28867] :ipc_init        : using accept lock file: /var/run/sasl2//mux. accept
saslauthd[28867] :detach_tty      : master pid is: 0
saslauthd[28867] :ipc_init        : listening on socket: /var/run/sasl2//mux
saslauthd[28867] :main            : using process model
saslauthd[28868] :get_accept_lock : acquired accept lock
saslauthd[28867] :have_baby       : forked child: 28868
saslauthd[28867] :have_baby       : forked child: 28869
saslauthd[28867] :have_baby       : forked child: 28870
saslauthd[28867] :have_baby       : forked child: 28871
saslauthd[28868] :rel_accept_lock : released accept lock
saslauthd[28867] :get_accept_lock : acquired accept lock
saslauthd[28868] :do_auth         : auth failure: [user=tgreene] [service=imap] [realm=] [mech=pam] [reason=PAM auth error]
saslauthd[28867] :rel_accept_lock : released accept lock
saslauthd[28868] :get_accept_lock : acquired accept lock
saslauthd[28867] :do_auth         : auth failure: [user=tgreene] [service=imap] [realm=] [mech=pam] [reason=PAM auth error]

It said it is a PAM error. Here is my /etc/pam.d/smtp config file. All look kosher?

Code:

auth required pam_mysql.so user=mailuser passwd=SECRET host=127.0.0.1 db=mail table=users usercolumn=email passwdcolumn=password crypt=1
account sufficient pam_mysql.so user=mailuser passwd=SECRET host=127.0.0.1 db=mail table=users usercolumn=email passwdcolumn=password crypt=1

 

I'd like to go production on this server soon but I need to get this wrapped up. Does anyone have any -thoughts- at this point?

 

I'd love to help, but unfortunately I have no idea what's wrong...
Is AppArmor switched off?

 

Thanks Falko. I actually hate app armor so I don't install it at install time.
I think I may be having problems with PAM smtp conf.
Is it a problem to have the user as root and root PW? Shouldn't that work?

 

How do you mean that?

 

For the pam.d smtp configuration as the mail user.

 

That should work.

 

I think I may have figured out the issue.
My root password has a '#' in it.
I am getting this error:

Code:

 pam_mysql - required option "db" is not set

Even though I have it set. So I think it's truncating everything after the '#' in the password.
How can I reconfigure the ISPConfig to use a different mySQL password after I change it?

 

Got it. That was it! Thanks for everyone who looked.