Hello, i am trying to configure a smtp server with postfix and dovecot sasl with LDAP and i have a problem when i try to connect via thunderbird it says in dovecot's log password mismatch while i am logging with the right one. Also it is not creating the mailboxes. I tried to do binding for admin user of LDAP and it is working but for everything else it is not. I am not sure what i am doing wrong and i will put postfix + dovecot configs below. This is main.cf Code: smtpd_banner = $myhostname ESMTP $mail_name (Ubuntu) lmtp_tls_verify_cert_match = $myhostname smtp_tls_verify_cert_match = $myhostname smtp_helo_name = $myhostname biff = no append_dot_mydomain = yes readme_directory = no compatibility_level = 2 smtp_use_tls = yes smtpd_tls_security_level = may disable_vrfy_command = yes smtp_send_xforward_command = yes tls_preempt_cipherlist = yes smtpd_tls_mandatory_ciphers = high smtpd_tls_mandatory_exclude_ciphers = aNULL, MD5 smtpd_tls_protocols = !SSLv2,!SSLv3,!TLSv1 smtpd_tls_mandatory_protocols = >=TLSv1.2 smtpd_tls_cert_file = /etc/letsencrypt/ssl/live/smtp0.my.domain/fullchain.pem smtpd_tls_key_file = /etc/letsencrypt/ssl/live/smtp0.my.domain/privkey.pem smtp_tls_cert_file = /etc/letsencrypt/ssl/live/smtp0.my.domain/fullchain.pem smtp_tls_key_file = /etc/letsencrypt/ssl/live/smtp0.my.domain/privkey.pem smtpd_tls_ask_ccert = yes #smtpd_tls_chain_files = /etc/postfix/rsachain.pem smtpd_tls_ciphers = medium smtpd_use_tls = yes mailbox_size_limit = 0 smtp_sasl_auth_enable = no smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd header_size_limit = 4096000 #smtp_tls_CApath=/etc/ssl/certs smtp_tls_security_level=may smtp_tls_protocols = !SSLv2,!SSLv3,!TLSv1 smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache smtp_tls_loglevel=3 smtp_tls_mandatory_exclude_ciphers=3DES smtpd_relay_restrictions = permit_mynetworks permit_sasl_authenticated defer_unauth_destination myhostname = smtp0.my.domain alias_maps = hash:/etc/aliases alias_database = hash:/etc/aliases myorigin = $myhostname mydestination = $myhostname, my.domain, localhost.localdomain, localhost relayhost = mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128 10.0.0.0/8 mailbox_size_limit = 0 recipient_delimiter = + inet_interfaces = 127.0.0.1,10.2.1.98 inet_protocols = ipv4 masquerade_domains = my.domain milter_default_action = accept milter_protocol = 6 smtpd_milters = local:opendkim/opendkim.sock non_smtpd_milters = $smtpd_milters queue_directory = /var/spool/postfix meta_directory = /etc/postfix setgid_group = postdrop command_directory = /usr/sbin sample_directory = /etc/postfix newaliases_path = /usr/bin/newaliases mailq_path = /usr/bin/mailq sendmail_path = /usr/sbin/sendmail mail_owner = postfix daemon_directory = /usr/lib/postfix/sbin/ manpage_directory = /usr/share/man html_directory = no data_directory = /var/lib/postfix shlib_directory = no home_mailbox = Maildir/ mailbox_command = smtpd_recipient_restrictions = permit_sasl_authenticated, permit_mynetworks, reject_unauth_destination smtpd_helo_required = yes smtpd_helo_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_invalid_helo_hostname, reject_non_fqdn_helo_hostname, reject_unknown_helo_hostname smtpd_sasl_type = dovecot smtpd_sasl_path = private/auth smtpd_sasl_auth_enable = yes smtpd_tls_received_header = yes master.cf Code: dovecot unix - n n - - pipe flags=DRhu user=vmail:vmail argv=/usr/lib/dovecot/deliver -f ${sender} -d ${recipient} gnarwl unix - n n - - pipe flags=F user=vmail argv=/usr/bin/gnarwl -a ${user}@${nexthop} -s ${sender} smtp inet n - y - - smtpd -v pickup unix n - y 60 1 pickup cleanup unix n - y - 0 cleanup qmgr unix n - n 300 1 qmgr tlsmgr unix - - y 1000? 1 tlsmgr rewrite unix - - y - - trivial-rewrite bounce unix - - y - 0 bounce defer unix - - y - 0 bounce trace unix - - y - 0 bounce verify unix - - y - 1 verify flush unix n - y 1000? 0 flush proxymap unix - - n - - proxymap proxywrite unix - - n - 1 proxymap smtp unix - - y - - smtp relay unix - - y - - smtp -o syslog_name=postfix/$service_name showq unix n - y - - showq error unix - - y - - error retry unix - - y - - error discard unix - - y - - discard local unix - n n - - local virtual unix - n n - - virtual lmtp unix - - y - - lmtp anvil unix - - y - 1 anvil scache unix - - y - 1 scache postlog unix-dgram n - n - 1 postlogd maildrop unix - n n - - pipe flags=DRhu user=vmail argv=/usr/bin/maildrop -d ${recipient} uucp unix - n n - - pipe flags=Fqhu user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail ($recipient) ifmail unix - n n - - pipe flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient) bsmtp unix - n n - - pipe flags=Fq. user=bsmtp argv=/usr/lib/bsmtp/bsmtp -t$nexthop -f$sender $recipient scalemail-backend unix - n n - 2 pipe flags=R user=scalemail argv=/usr/lib/scalemail/bin/scalemail-store ${nexthop} ${user} ${extension} mailman unix - n n - - pipe flags=FR user=list argv=/usr/lib/mailman/bin/postfix-to-mailman.py ${nexthop} ${user} dovecot.conf Code: !include_try /usr/share/dovecot/protocols.d/*.protocol listen = 127.0.0.1, 10.2.1.98 login_trusted_networks = 10.0.0.0/8 dict { #quota = mysql:/etc/dovecot/dovecot-dict-sql.conf.ext #expire = sqlite:/etc/dovecot/dovecot-dict-sql.conf.ext } !include conf.d/*.conf !include_try local.conf dovecot-ldap.conf.ext Code: hosts = ldap.auth.my.domain:389 dn = cn=admin,dc=my,dc=domain dnpass = adminpass debug_level = -1 auth_bind = yes auth_bind_userdn = mail=%u,ou=People,dc=my,dc=domain ldap_version = 3 base = ou=People,dc=my,dc=domain pass_attrs = mail=user, userPassword=password 10-auth.conf Code: disable_plaintext_auth = yes auth_mechanisms = plain login !include auth-ldap.conf.ext 10-master.conf Code: service auth { unix_listener auth-userdb { mode = 0666 user = vmail group = vmail } # Postfix smtp-auth #unix_listener /var/spool/postfix/private/auth { # mode = 0666 #} unix_listener /var/spool/postfix/private/auth { mode = 0660 user = postfix group = postfix } # Auth process is run as this user. #user = $default_internal_user } 10-ssl.conf Code: ssl = yes ssl_cert = </etc/letsencrypt/ssl/live/smtp0.my.domain/fullchain.pem ssl_key = </etc/letsencrypt/ssl/live/smtp0.my.domain/privkey.pem ssl_client_ca_dir = /etc/ssl/certs ssl_dh = </usr/share/dovecot/dh.pem This is my LDAP tree: And this is my LDAP user: Dovecot debug log: Code: Jul 21 11:01:36 auth: Debug: client passdb out: FAIL 2 [email protected] Jul 21 11:01:36 auth: Debug: client passdb out: FAIL 2 [email protected] Jul 21 11:01:36 auth: Debug: client in: AUTH 3 PLAIN service=imap secured=tls session=+Hfuo07kuv0KAgBn lip=10.2.1.98 rip=10.2.0.103 lport=143 rport=64954 local_name=smtp0.my.domain ssl_cipher=TLS_AES_128_GCM_SHA256 ssl_cipher_bits=128 ssl_pfs=KxANY ssl_protocol=TLSv1.3 resp=AGpvaG4ud2lsbEBpbi5pY25lLmV1AHRlc3QxMjM= (previous base64 data may contain sensitive data) Jul 21 11:01:36 auth: Debug: ldap([email protected],10.2.0.103,<+Hfuo07kuv0KAgBn>): Performing passdb lookup Jul 21 11:01:36 auth: Debug: client in: AUTH 3 PLAIN service=imap secured=tls session=WWXuo07ku/0KAgBn lip=10.2.1.98 rip=10.2.0.103 lport=143 rport=64955 local_name=smtp0.my.domain ssl_cipher=TLS_AES_128_GCM_SHA256 ssl_cipher_bits=128 ssl_pfs=KxANY ssl_protocol=TLSv1.3 resp=AGpvaG4ud2lsbEBpbi5pY25lLmV1AHRlc3QxMjM= (previous base64 data may contain sensitive data) Jul 21 11:01:36 auth: Debug: ldap([email protected],10.2.0.103,<WWXuo07ku/0KAgBn>): Performing passdb lookup Jul 21 11:01:36 auth: Debug: ldap([email protected],10.2.0.103,<+Hfuo07kuv0KAgBn>): Finished passdb lookup Jul 21 11:01:36 auth: Debug: auth([email protected],10.2.0.103,<+Hfuo07kuv0KAgBn>): Auth request finished Jul 21 11:01:36 auth: Debug: ldap([email protected],10.2.0.103,<WWXuo07ku/0KAgBn>): Finished passdb lookup Jul 21 11:01:36 auth: Debug: auth([email protected],10.2.0.103,<WWXuo07ku/0KAgBn>): Auth request finished Jul 21 11:01:38 auth: Debug: client passdb out: FAIL 3 [email protected] Jul 21 11:01:38 auth: Debug: client passdb out: FAIL 3 [email protected] Jul 21 11:01:38 imap-login: Debug: SSL alert: close notify Jul 21 11:01:38 imap-login: Debug: SSL alert: close notify Jul 21 11:01:38 imap-login: Debug: SSL alert: close notify Jul 21 11:01:38 imap-login: Debug: SSL alert: close notify Dovecot info log: Code: Jul 21 11:11:43 auth: Info: ldap([email protected],10.2.0.103,<sjtXyE7kN/4KAgBn>): Password mismatch (for LDAP bind) (given password: test123) Jul 21 11:11:43 auth: Info: ldap([email protected],10.2.0.103,<ZD9XyE7kOP4KAgBn>): Password mismatch (for LDAP bind) (given password: test123) Jul 21 11:11:45 auth: Info: ldap([email protected],10.2.0.103,<ZD9XyE7kOP4KAgBn>): Password mismatch (for LDAP bind) (given password: test123) Jul 21 11:11:45 auth: Info: ldap([email protected],10.2.0.103,<sjtXyE7kN/4KAgBn>): Password mismatch (for LDAP bind) (given password: test123) Jul 21 11:11:47 auth: Info: ldap([email protected],10.2.0.103,<ZD9XyE7kOP4KAgBn>): Password mismatch (for LDAP bind) (given password: test123) Jul 21 11:11:47 auth: Info: ldap([email protected],10.2.0.103,<sjtXyE7kN/4KAgBn>): Password mismatch (for LDAP bind) (given password: test123) Jul 21 11:11:49 imap-login: Info: Disconnected (auth failed, 3 attempts in 6 secs): user=<[email protected]>, method=PLAIN, rip=10.2.0.103, lip=10.2.1.98, TLS, session=<ZD9XyE7kOP4KAgBn> Jul 21 11:11:49 imap-login: Info: Disconnected (auth failed, 3 attempts in 6 secs): user=<[email protected]>, method=PLAIN, rip=10.2.0.103, lip=10.2.1.98, TLS, session=<sjtXyE7kN/4KAgBn>
Why not use ISPConfig? It would be easier to get a working server that way. https://www.ispconfig.org/documentation/
This would be much easier but I need postfix and dovecot, this is what i am searching for my further use.
The problem was i redeployed the LDAP vm and reset user bind permissions, now it is working. This wasn't a Postfix or Dovecot config issue.
