Dovecot postfix login failure

Discussion in 'Installation/Configuration' started by badmonkey, Feb 10, 2017.

  1. badmonkey

    badmonkey New Member

    Setting up a new installation of ispconfig 3.1.2, dovecot, and postfix as outlined in the how-to documentation.

    I'm about at my wit's end. Most things are operational. LEMP stack with ispconfig. Everything works well except mail. Forums can send out mail but it's a big no-go with clients. Not that my knowledge is all that great with other server aspects, but this is all new territory for me setting up mail services. Dumb as a fence post you might say.

    When trying to login squirrelmail, this shows in the error log:
    Feb 902:57:55 postfix/smtpd[21547]: warning: SASL:Connect to private/auth failed:permission denied
    Feb 902:57:55 postfix/smtpd[21547]: fatal:no SASL authentication mechanisms
    Feb 902:57:56 postfix/master[18521]: warning: process /usr/libexec/postfix/smtpd pid 21547exit status 1
    Feb 902:57:56 postfix/master[18521]: warning:/usr/libexec/postfix/smtpd: bad command startup -- throttling

    Here's a sample from the error logs:

    Logging in by command line this happens:
    telnet localhost 143
    Connected to localhost.
    Escape character is'^]'.
    a login user@example password
    a NO [AUTHENTICATIONFAILED]Authentication failed.

    And in the error log:
    Feb 902:58:24 dovecot: imap-login:Disconnected:Inactivity(auth failed,1 attempts): user=<user@example>, method=PLAIN, rip=::1, lip=::1, secured

    Please help! Again, I'm new to all this. I have no idea where to go from here. Thanks!!
  2. ahrasis

    ahrasis Well-Known Member HowtoForge Supporter

    I wonder if you have tried this one:
  3. badmonkey

    badmonkey New Member

    Thanks ahrasis. You're a good man to help. The problem is probably something very simple. Unfortuntately that wasn't the fix.
  4. ahrasis

    ahrasis Well-Known Member HowtoForge Supporter

    I agree that the problem could be something simple.

    If your dovecot dovecot.conf and 10-master.conf files and postfix file are all already correct, then I am not sure where lie your problems.
    badmonkey likes this.
  5. badmonkey

    badmonkey New Member

    Perhaps I should post those! Perhaps you eagle eyed guys can spot the issue.


    listen = *,[::]
    protocols = imap pop3
    auth_mechanisms = plain login
    disable_plaintext_auth = no
    log_timestamp = "%Y-%m-%d %H:%M:%S "
    mail_privileged_group = vmail
    ssl_cert = </etc/postfix/smtpd.cert
    ssl_key = </etc/postfix/smtpd.key
    passdb {
      args = /etc/dovecot-sql.conf
      driver = sql
    userdb {
      driver = prefetch
    userdb {
      args = /etc/dovecot-sql.conf
      driver = sql
    plugin {
      quota = dict:user::file:/var/vmail/%d/%n/.quotausage
    service auth {
      unix_listener /var/spool/postfix/private/auth {
        group = postfix
        mode = 0660
        user = postfix
      unix_listener auth-userdb {
        group = vmail
        mode = 0600
        user = vmail
      user = root
    service lmtp {
      unix_listener /var/spool/postfix/private/dovecot-lmtp {
       group = postfix
       mode = 0600
       user = postfix
    service imap-login {
      client_limit = 1000
      process_limit = 500
    protocol imap {
      mail_plugins = quota imap_quota
    protocol pop3 {
      pop3_uidl_format = %08Xu%08Xv
      mail_plugins = quota
    protocol lda {
      mail_plugins = sieve quota
      postmaster_address = root@localhost
    protocol lmtp {
      postmaster_address = webmaster@localhost
      mail_plugins = quota sieve
    mail_plugins = $mail_plugins quota
    client {
           path = /var/spool/postfix/private/auth
           mode = 0660
           user = postfix
           group = postfix

    queue_directory = /var/spool/postfix
    command_directory = /usr/sbin
    daemon_directory = /usr/libexec/postfix
    data_directory = /var/lib/postfix
    mail_owner = postfix
    inet_interfaces = all
    inet_protocols = all
    unknown_local_recipient_reject_code = 550
    debug_peer_level = 2
    debugger_command =
         ddd $daemon_directory/$process_name $process_id & sleep 5
    sendmail_path = /usr/sbin/sendmail.postfix
    newaliases_path = /usr/bin/newaliases.postfix
    mailq_path = /usr/bin/mailq.postfix
    setgid_group = postdrop
    html_directory = no
    manpage_directory = /usr/share/man
    sample_directory = /usr/share/doc/postfix-2.6.6/samples
    readme_directory = /usr/share/doc/postfix-2.6.6/README_FILES
    virtual_alias_domains =
    virtual_alias_maps = hash:/etc/mailman/virtual-mailman, proxy:mysql:/etc/postfix/, proxy:mysql:/etc/postfix/
    virtual_mailbox_domains = proxy:mysql:/etc/postfix/
    virtual_mailbox_maps = proxy:mysql:/etc/postfix/
    virtual_mailbox_base = /var/vmail
    virtual_uid_maps = mysql:/etc/postfix/
    virtual_gid_maps = mysql:/etc/postfix/
    sender_bcc_maps = proxy:mysql:/etc/postfix/
    smtpd_sasl_auth_enable = yes
    broken_sasl_auth_clients = yes
    smtpd_sasl_authenticated_header = yes
    smtpd_restriction_classes = greylisting
    greylisting = check_policy_service inet:
    smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination, check_recipient_access mysql:/etc/postfix/
    smtpd_use_tls = yes
    smtpd_tls_security_level = may
    smtpd_tls_cert_file = /etc/postfix/smtpd.cert
    smtpd_tls_key_file = /etc/postfix/smtpd.key
    transport_maps = hash:/var/lib/mailman/data/transport-mailman, proxy:mysql:/etc/postfix/
    relay_domains = mysql:/etc/postfix/
    relay_recipient_maps = mysql:/etc/postfix/
    smtpd_sender_login_maps = proxy:mysql:/etc/postfix/
    proxy_read_maps = $local_recipient_maps $mydestination $virtual_alias_maps $virtual_alias_domains $sender_bcc_maps $virtual_mailbox_maps $virtual_mailbox_domains $relay_recipient_maps $relay_domains $canonical_maps $sender_canonical_maps $recipient_canonical_maps $relocated_maps $transport_maps $mynetworks $smtpd_sender_login_maps
    smtpd_helo_required = yes
    smtpd_helo_restrictions = permit_sasl_authenticated, permit_mynetworks, check_helo_access regexp:/etc/postfix/helo_access, reject_invalid_hostname, reject_non_fqdn_hostname, check_helo_access regexp:/etc/postfix/blacklist_helo
    smtpd_sender_restrictions = check_sender_access regexp:/etc/postfix/ , permit_mynetworks, permit_sasl_authenticated, check_sender_access mysql:/etc/postfix/, check_sender_access regexp:/etc/postfix/
    smtpd_client_restrictions = check_client_access mysql:/etc/postfix/
    smtpd_client_message_rate_limit = 100
    maildrop_destination_concurrency_limit = 1
    maildrop_destination_recipient_limit = 1
    virtual_transport = dovecot
    header_checks = regexp:/etc/postfix/header_checks
    mime_header_checks = regexp:/etc/postfix/mime_header_checks
    nested_header_checks = regexp:/etc/postfix/nested_header_checks
    body_checks = regexp:/etc/postfix/body_checks
    smtp_tls_security_level = may
    smtpd_tls_mandatory_protocols = !SSLv2, !SSLv3
    smtpd_tls_protocols = !SSLv2,!SSLv3
    smtp_tls_protocols = !SSLv2,!SSLv3
    smtpd_tls_exclude_ciphers = RC4, aNULL
    smtp_tls_exclude_ciphers = RC4, aNULL
    dovecot_destination_recipient_limit = 1
    smtpd_sasl_type = dovecot
    smtpd_sasl_path = private/auth


    #default_process_limit = 100
    #default_client_limit = 1000
    # Default VSZ (virtual memory size) limit for service processes. This is mainly
    # intended to catch and kill processes that leak memory before they eat up
    # everything.
    #default_vsz_limit = 256M
    # Login user is internally used by login processes. This is the most untrusted
    # user in Dovecot system. It shouldn't have access to anything at all.
    #default_login_user = dovenull
    # Internal user is used by unprivileged processes. It should be separate from
    # login user, so that login processes can't disturb other processes.
    #default_internal_user = dovecot
    service imap-login {
      inet_listener imap {
      #port = 143
      inet_listener imaps {
      #port = 993
      #ssl = yes
      # Number of connections to handle before starting a new process. Typically
      # the only useful values are 0 (unlimited) or 1. 1 is more secure, but 0
      # is faster. <doc/wiki/LoginProcess.txt>
      #service_count = 1
      # Number of processes to always keep waiting for more connections.
      #process_min_avail = 0
      # If you set service_count=0, you probably need to grow this.
      #vsz_limit = 64M
    service pop3-login {
      inet_listener pop3 {
      #port = 110
      inet_listener pop3s {
      #port = 995
      #ssl = yes
    service lmtp {
      unix_listener lmtp {
      #mode = 0666
      # Create inet listener only if you can't use the above UNIX socket
      #inet_listener lmtp {
      # Avoid making LMTP visible for the entire internet
      #address =
      #port =
    service imap {
      # Most of the memory goes to mmap()ing files. You may need to increase this
      # limit if you have huge mailboxes.
      #vsz_limit = 256M
      # Max. number of IMAP processes (connections)
      #process_limit = 1024
    service pop3 {
      # Max. number of POP3 processes (connections)
      #process_limit = 1024
    service auth {
      # auth_socket_path points to this userdb socket by default. It's typically
      # used by dovecot-lda, doveadm, possibly imap process, etc. Its default
      # permissions make it readable only by root, but you may need to relax these
      # permissions. Users that have access to this socket are able to get a list
      # of all usernames and get results of everyone's userdb lookups.
      unix_listener auth-userdb {
      mode = 0666
      user = postfix
      group = postfix
      #Postfix smtp-auth
      unix_listener /var/spool/postfix/private/auth {
      mode = 0666
      # Auth process is run as this user.
      #user = $default_internal_user
    service auth-worker {
      # Auth worker process is run as root by default, so that it can access
      # /etc/shadow. If this isn't necessary, the user should be changed to
      # $default_internal_user.
      #user = root
    service dict {
      # If dict proxy is used, mail processes should have access to its socket.
      # For example: mode=0660, group=vmail and global mail_access_groups=vmail
      unix_listener dict {
      #mode = 0600
      #user =
      #group =
  6. ahrasis

    ahrasis Well-Known Member HowtoForge Supporter

    At least you are missing myhostname and mydestination in your postfix/, something like this:
    myhostname = yourserverdomain
    mydestination = localhost, localhost.localdomain
    To check whether these files are properly symlinked, please post the output of:
    ls -l /etc/postfix/smtpd.cert
    ls -l /etc/postfix/smtpd.key
    I will try to go through the others later i.e. when I am freer.
  7. badmonkey

    badmonkey New Member

    Variables in fixed.

    ls: cannot access /etc/postfix/smtpd.cert: No such file or directory
    ls: cannot access /etc/postfix/smtpd.key: No such file or directory

    Can it be setup without ssl until the issue is found? Or is that a bad idea?
  8. ahrasis

    ahrasis Well-Known Member HowtoForge Supporter

    How did you fix it when the files that it is referring to do not exist? Did you remove the lines and disable tls / ssl?

    I do think postfix without ssl is a bad idea though I am not so sure whether that is possible to be setup in such away. My preference is always to follow the tutorials and guides in here.
  9. sjau

    sjau Local Meanie Moderator

    With ISPC Installation you should have the smtpd.cert and .key file in the /etc/postfix folder.
    ahrasis likes this.
  10. badmonkey

    badmonkey New Member

    Hhmm...those files are not present. The setup is vanilla by the how-to guide.

    I didn't fix it. It's never yet worked. Seems a great clue but I still have no idea how to fix it.
  11. badmonkey

    badmonkey New Member

  12. ahrasis

    ahrasis Well-Known Member HowtoForge Supporter

    Have you restarted both postfix and dovecot afterwards and then reupdate ispconfig?

    By the way can you enter phpmyadmin as rouncube user and using its password?
  13. badmonkey

    badmonkey New Member

    Hey ahrasis! Hope you are well. Restarted dovecot and postfix. How do I update ispconfig?

    Honestly, I haven't yet installed roundcube. I wanted to fix the existing issue before confusing myself with something else in the mix. lol!
  14. ahrasis

    ahrasis Well-Known Member HowtoForge Supporter

    Sorry. Try to log in phpmyadmin with your squirrelmail username and its password. You can also check this if your have a root access to phpmyadmin or mysql.

    Your update your ispconfig the same way as installing it i.e. :
    cd /tmp
    tar xfz ISPConfig-3-stable.tar.gz
    cd ispconfig3_install/install/
    Only you do update instead of install, like this:
    php -q update.php
    Last edited: Feb 22, 2017
  15. badmonkey

    badmonkey New Member

    Still fighting this. I've done the update and restarts. Installed Roundcube. Yes, logging into phpmyadmin with Roundcube credentials is successful. Logging into Roundcube fails with valid email credentials as well as the Roundcube credentials.

    Can anyone point to the next step? I'm completely lost.
  16. ahrasis

    ahrasis Well-Known Member HowtoForge Supporter

    Did you try reconfiguring ISPC via updating as suggested above?
  17. badmonkey

    badmonkey New Member

    Oh, sorry. Yes. Everything was successful.
  18. ahrasis

    ahrasis Well-Known Member HowtoForge Supporter

    What about the error log? Anything?
    badmonkey likes this.
  19. badmonkey

    badmonkey New Member

    Ah, yes. There is this:

    May 29 02:53:44 auth: Info: pam(user@domain,::1): unknown user
    May 29 02:53:46 imap-login: Info: Disconnected (auth failed, 1 attempts): user=<user@domain>, method=PLAIN, rip=::1, lip=::1, secured

    Hope you are well ahrasis!
  20. ahrasis

    ahrasis Well-Known Member HowtoForge Supporter

    As stated your user is unknown, so do first check whether you are using the correct credentials. Do use full email as username. Then check your /etc/dovecot/dovecot.conf whether you are using /etc/dovecot/dovecot-sql.conf for passdb and userdb. Then check your /etc/dovecot/dovecot-sql.conf whether it has all the necessary access to ispconfig database something like the following (note this is just a sample from old post):

Share This Page