Dovecot postfix login failure

Setting up a new installation of ispconfig 3.1.2, dovecot, and postfix as outlined in the how-to documentation.
/perfect-server-centos-6.4-x86_64-nginx-dovecot-ispconfig-3-p4

I'm about at my wit's end. Most things are operational. LEMP stack with ispconfig. Everything works well except mail. Forums can send out mail but it's a big no-go with clients. Not that my knowledge is all that great with other server aspects, but this is all new territory for me setting up mail services. Dumb as a fence post you might say.


When trying to login squirrelmail, this shows in the error log:
Feb 902:57:55 postfix/smtpd[21547]: warning: SASL:Connect to private/auth failedermission denied
Feb 902:57:55 postfix/smtpd[21547]: fatal:no SASL authentication mechanisms
Feb 902:57:56 postfix/master[18521]: warning: process /usr/libexec/postfix/smtpd pid 21547exit status 1
Feb 902:57:56 postfix/master[18521]: warning:/usr/libexec/postfix/smtpd: bad command startup -- throttling

Here's a sample from the error logs:

Logging in by command line this happens:
telnet localhost 143
Trying::1...
Connected to localhost.
Escape character is'^]'.
* OK [CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE IDLE STARTTLS AUTH=PLAIN]Dovecot ready.
a login [email protected] password
a NO [AUTHENTICATIONFAILED]Authentication failed.

And in the error log:
Feb 902:58:24 dovecot: imap-loginisconnected:Inactivity(auth failed,1 attempts): user=<[email protected]>, method=PLAIN, rip=::1, lip=::1, secured


Please help! Again, I'm new to all this. I have no idea where to go from here. Thanks!!

 

I wonder if you have tried this one:

 

Thanks ahrasis. You're a good man to help. The problem is probably something very simple. Unfortuntately that wasn't the fix.

 

I agree that the problem could be something simple.

If your dovecot dovecot.conf and 10-master.conf files and postfix main.cf file are all already correct, then I am not sure where lie your problems.

 

Perhaps I should post those! Perhaps you eagle eyed guys can spot the issue.

dovecot.conf:

Code:

listen = *,[::]
protocols = imap pop3
auth_mechanisms = plain login
disable_plaintext_auth = no
log_timestamp = "%Y-%m-%d %H:%M:%S "
mail_privileged_group = vmail
ssl_cert = </etc/postfix/smtpd.cert
ssl_key = </etc/postfix/smtpd.key
passdb {
  args = /etc/dovecot-sql.conf
  driver = sql
}
userdb {
  driver = prefetch
}
userdb {
  args = /etc/dovecot-sql.conf
  driver = sql
}
plugin {
  quota = dict:user::file:/var/vmail/%d/%n/.quotausage
  sieve=/var/vmail/%d/%n/.sieve
}
service auth {
  unix_listener /var/spool/postfix/private/auth {
    group = postfix
    mode = 0660
    user = postfix
  }
  unix_listener auth-userdb {
    group = vmail
    mode = 0600
    user = vmail
  }
  user = root
}
service lmtp {
  unix_listener /var/spool/postfix/private/dovecot-lmtp {
   group = postfix
   mode = 0600
   user = postfix
  }
}
service imap-login {
  client_limit = 1000
  process_limit = 500
}
protocol imap {
  mail_plugins = quota imap_quota
}
protocol pop3 {
  pop3_uidl_format = %08Xu%08Xv
  mail_plugins = quota
}
protocol lda {
  mail_plugins = sieve quota
  postmaster_address = [email protected]
}
protocol lmtp {
  postmaster_address = [email protected]
  mail_plugins = quota sieve
}
mail_plugins = $mail_plugins quota
client {
       path = /var/spool/postfix/private/auth
       mode = 0660
       user = postfix
       group = postfix
}

main.cf:

Code:

queue_directory = /var/spool/postfix

command_directory = /usr/sbin

daemon_directory = /usr/libexec/postfix

data_directory = /var/lib/postfix

mail_owner = postfix

inet_interfaces = all

inet_protocols = all
 
unknown_local_recipient_reject_code = 550

debug_peer_level = 2

debugger_command =
     PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin
     ddd $daemon_directory/$process_name $process_id & sleep 5

sendmail_path = /usr/sbin/sendmail.postfix

newaliases_path = /usr/bin/newaliases.postfix

mailq_path = /usr/bin/mailq.postfix

setgid_group = postdrop

html_directory = no

manpage_directory = /usr/share/man

sample_directory = /usr/share/doc/postfix-2.6.6/samples


readme_directory = /usr/share/doc/postfix-2.6.6/README_FILES
virtual_alias_domains =
virtual_alias_maps = hash:/etc/mailman/virtual-mailman, proxy:mysql:/etc/postfix/mysql-virtual_forwardings.cf, proxy:mysql:/etc/postfix/mysql-virtual_email2email.cf
virtual_mailbox_domains = proxy:mysql:/etc/postfix/mysql-virtual_domains.cf
virtual_mailbox_maps = proxy:mysql:/etc/postfix/mysql-virtual_mailboxes.cf
virtual_mailbox_base = /var/vmail
virtual_uid_maps = mysql:/etc/postfix/mysql-virtual_uids.cf
virtual_gid_maps = mysql:/etc/postfix/mysql-virtual_gids.cf
sender_bcc_maps = proxy:mysql:/etc/postfix/mysql-virtual_outgoing_bcc.cf
smtpd_sasl_auth_enable = yes
broken_sasl_auth_clients = yes
smtpd_sasl_authenticated_header = yes
smtpd_restriction_classes = greylisting
greylisting = check_policy_service inet:127.0.0.1:10023
smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination, check_recipient_access mysql:/etc/postfix/mysql-virtual_recipient.cf
smtpd_use_tls = yes
smtpd_tls_security_level = may
smtpd_tls_cert_file = /etc/postfix/smtpd.cert
smtpd_tls_key_file = /etc/postfix/smtpd.key
transport_maps = hash:/var/lib/mailman/data/transport-mailman, proxy:mysql:/etc/postfix/mysql-virtual_transports.cf
relay_domains = mysql:/etc/postfix/mysql-virtual_relaydomains.cf
relay_recipient_maps = mysql:/etc/postfix/mysql-virtual_relayrecipientmaps.cf
smtpd_sender_login_maps = proxy:mysql:/etc/postfix/mysql-virtual_sender_login_maps.cf
proxy_read_maps = $local_recipient_maps $mydestination $virtual_alias_maps $virtual_alias_domains $sender_bcc_maps $virtual_mailbox_maps $virtual_mailbox_domains $relay_recipient_maps $relay_domains $canonical_maps $sender_canonical_maps $recipient_canonical_maps $relocated_maps $transport_maps $mynetworks $smtpd_sender_login_maps
smtpd_helo_required = yes
smtpd_helo_restrictions = permit_sasl_authenticated, permit_mynetworks, check_helo_access regexp:/etc/postfix/helo_access, reject_invalid_hostname, reject_non_fqdn_hostname, check_helo_access regexp:/etc/postfix/blacklist_helo
smtpd_sender_restrictions = check_sender_access regexp:/etc/postfix/tag_as_originating.re , permit_mynetworks, permit_sasl_authenticated, check_sender_access mysql:/etc/postfix/mysql-virtual_sender.cf, check_sender_access regexp:/etc/postfix/tag_as_foreign.re
smtpd_client_restrictions = check_client_access mysql:/etc/postfix/mysql-virtual_client.cf
smtpd_client_message_rate_limit = 100
maildrop_destination_concurrency_limit = 1
maildrop_destination_recipient_limit = 1
virtual_transport = dovecot
header_checks = regexp:/etc/postfix/header_checks
mime_header_checks = regexp:/etc/postfix/mime_header_checks
nested_header_checks = regexp:/etc/postfix/nested_header_checks
body_checks = regexp:/etc/postfix/body_checks
smtp_tls_security_level = may
smtpd_tls_mandatory_protocols = !SSLv2, !SSLv3
smtpd_tls_protocols = !SSLv2,!SSLv3
smtp_tls_protocols = !SSLv2,!SSLv3
smtpd_tls_exclude_ciphers = RC4, aNULL
smtp_tls_exclude_ciphers = RC4, aNULL
dovecot_destination_recipient_limit = 1
smtpd_sasl_type = dovecot
smtpd_sasl_path = private/auth

10-master.conf:

Code:

#default_process_limit = 100
#default_client_limit = 1000

# Default VSZ (virtual memory size) limit for service processes. This is mainly
# intended to catch and kill processes that leak memory before they eat up
# everything.
#default_vsz_limit = 256M

# Login user is internally used by login processes. This is the most untrusted
# user in Dovecot system. It shouldn't have access to anything at all.
#default_login_user = dovenull

# Internal user is used by unprivileged processes. It should be separate from
# login user, so that login processes can't disturb other processes.
#default_internal_user = dovecot

service imap-login {
  inet_listener imap {
  #port = 143
  }
  inet_listener imaps {
  #port = 993
  #ssl = yes
  }

  # Number of connections to handle before starting a new process. Typically
  # the only useful values are 0 (unlimited) or 1. 1 is more secure, but 0
  # is faster. <doc/wiki/LoginProcess.txt>
  #service_count = 1

  # Number of processes to always keep waiting for more connections.
  #process_min_avail = 0

  # If you set service_count=0, you probably need to grow this.
  #vsz_limit = 64M
}

service pop3-login {
  inet_listener pop3 {
  #port = 110
  }
  inet_listener pop3s {
  #port = 995
  #ssl = yes
  }
}

service lmtp {
  unix_listener lmtp {
  #mode = 0666
  }

  # Create inet listener only if you can't use the above UNIX socket
  #inet_listener lmtp {
  # Avoid making LMTP visible for the entire internet
  #address =
  #port =
  #}
}

service imap {
  # Most of the memory goes to mmap()ing files. You may need to increase this
  # limit if you have huge mailboxes.
  #vsz_limit = 256M

  # Max. number of IMAP processes (connections)
  #process_limit = 1024
}

service pop3 {
  # Max. number of POP3 processes (connections)
  #process_limit = 1024
}

service auth {
  # auth_socket_path points to this userdb socket by default. It's typically
  # used by dovecot-lda, doveadm, possibly imap process, etc. Its default
  # permissions make it readable only by root, but you may need to relax these
  # permissions. Users that have access to this socket are able to get a list
  # of all usernames and get results of everyone's userdb lookups.
  unix_listener auth-userdb {
  mode = 0666
  user = postfix
  group = postfix
  }

  #Postfix smtp-auth
  unix_listener /var/spool/postfix/private/auth {
  mode = 0666
  }

  # Auth process is run as this user.
  #user = $default_internal_user
}

service auth-worker {
  # Auth worker process is run as root by default, so that it can access
  # /etc/shadow. If this isn't necessary, the user should be changed to
  # $default_internal_user.
  #user = root
}

service dict {
  # If dict proxy is used, mail processes should have access to its socket.
  # For example: mode=0660, group=vmail and global mail_access_groups=vmail
  unix_listener dict {
  #mode = 0600
  #user =
  #group =
  }
}

 

At least you are missing myhostname and mydestination in your postfix/main.cf, something like this:

Code:

[...]
myhostname = yourserverdomain
[...]
mydestination = localhost, localhost.localdomain

To check whether these files are properly symlinked, please post the output of:

Code:

ls -l /etc/postfix/smtpd.cert
ls -l /etc/postfix/smtpd.key

I will try to go through the others later i.e. when I am freer.

 

Variables in main.cf fixed.

ls: cannot access /etc/postfix/smtpd.cert: No such file or directory
ls: cannot access /etc/postfix/smtpd.key: No such file or directory

Can it be setup without ssl until the issue is found? Or is that a bad idea?

 

How did you fix it when the files that it is referring to do not exist? Did you remove the lines and disable tls / ssl?

I do think postfix without ssl is a bad idea though I am not so sure whether that is possible to be setup in such away. My preference is always to follow the tutorials and guides in here.

 

With ISPC Installation you should have the smtpd.cert and .key file in the /etc/postfix folder.

 

Hhmm...those files are not present. The setup is vanilla by the how-to guide.

I didn't fix it. It's never yet worked. Seems a great clue but I still have no idea how to fix it.

 

Followed this post:
https://www.howtoforge.com/community/threads/perfect-server-centos-6-5-no-smtpd-cert-file.66559/

Now the files are present, but still cannot authenticate.

 

Have you restarted both postfix and dovecot afterwards and then reupdate ispconfig?

By the way can you enter phpmyadmin as rouncube user and using its password?

 

Hey ahrasis! Hope you are well. Restarted dovecot and postfix. How do I update ispconfig?

Honestly, I haven't yet installed roundcube. I wanted to fix the existing issue before confusing myself with something else in the mix. lol!

 

Sorry. Try to log in phpmyadmin with your squirrelmail username and its password. You can also check this if your have a root access to phpmyadmin or mysql.

Your update your ispconfig the same way as installing it i.e. :

Code:

cd /tmp
wget http://www.ispconfig.org/downloads/ISPConfig-3-stable.tar.gz
tar xfz ISPConfig-3-stable.tar.gz
cd ispconfig3_install/install/

Only you do update instead of install, like this:

Code:

php -q update.php

 

Still fighting this. I've done the update and restarts. Installed Roundcube. Yes, logging into phpmyadmin with Roundcube credentials is successful. Logging into Roundcube fails with valid email credentials as well as the Roundcube credentials.

Can anyone point to the next step? I'm completely lost.

 

Did you try reconfiguring ISPC via updating as suggested above?

 

Oh, sorry. Yes. Everything was successful.

 

What about the error log? Anything?

 

Ah, yes. There is this:

Code:

May 29 02:53:44 auth: Info: pam([email protected],::1): unknown user
May 29 02:53:46 imap-login: Info: Disconnected (auth failed, 1 attempts): user=<[email protected]>, method=PLAIN, rip=::1, lip=::1, secured

Hope you are well ahrasis!

 

As stated your user is unknown, so do first check whether you are using the correct credentials. Do use full email as username. Then check your /etc/dovecot/dovecot.conf whether you are using /etc/dovecot/dovecot-sql.conf for passdb and userdb. Then check your /etc/dovecot/dovecot-sql.conf whether it has all the necessary access to ispconfig database something like the following (note this is just a sample from old post):