Postfix + Dovecot SASL (plain text) login fails only with Imap

Discussion in 'Server Operation' started by CRMark, Feb 12, 2017.

  1. CRMark

    CRMark New Member

    Sorry in advance because maybe the problem is stupid, but after two days trying different configurations from Google it still not working. Im Newbie in Postfix/Dovecot

    After upgrading Debian, I configured (for first time) Postfix with Dovecot and Sasl (plain text).
    **Pop3 works fine now but Imap not (login fails)**. Port 143 is open and cannot change the server configuration because there are already mail users working.


    main.cf

    # See /usr/share/postfix/main.cf.dist for a commented, more complete version


    # Debian specific: Specifying a file name will cause the first
    # line of that file to be used as the name. The Debian default
    # is /etc/mailname.
    #myorigin = /etc/mailname

    smtpd_banner = $myhostname ESMTP $mail_name
    biff = no

    # appending .domain is the MUA's job.
    append_dot_mydomain = no

    # Uncomment the next line to generate "delayed mail" warnings
    #delay_warning_time = 4h

    readme_directory = /usr/share/doc/postfix

    # TLS parameters
    smtpd_tls_cert_file = /etc/postfix/smtpd.cert
    smtpd_tls_key_file = /etc/postfix/smtpd.key
    smtpd_use_tls = no
    smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
    smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache

    # See /usr/share/doc/postfix/TLS_README.gz in the postfix-doc package for
    # information on enabling SSL in the smtp client.

    myhostname = SERVERNAME
    alias_maps = hash:/etc/aliases
    alias_database = hash:/etc/aliases
    myorigin = /etc/mailname
    mydestination = SERVERNAME, localhost, localhost.localdomain
    mynetworks = 127.0.0.0/8
    mailbox_command =
    mailbox_size_limit = 0
    recipient_delimiter = +
    inet_interfaces = all
    inet_protocols = all
    smtpd_sasl_local_domain =
    broken_sasl_auth_clients = yes
    smtpd_sasl_authenticated_header = yes
    smtpd_recipient_restrictions = permit_mynetworks, check_sender_access hash:/etc/postfix/restricted_senders, permit_sasl_authenticated, reject_unauth_destination permit_inet_interfaces
    #smtpd_recipient_restrictions = permit_mynetworks, reject_unauth_destination, permit_inet_interfaces
    #smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, check_recipient_access mysql:/etc/postfix/mysql-virtual_recipient.cf, reject_unauth_destination
    smtpd_tls_auth_only = no
    smtp_use_tls = no
    smtp_tls_note_starttls_offer = yes
    smtpd_tls_CAfile = /etc/postfix/ssl/cacert.pem
    smtpd_tls_loglevel = 1
    smtpd_tls_received_header = yes
    smtpd_tls_session_cache_timeout = 3600s
    tls_random_source = dev:/dev/urandom
    home_mailbox = Maildir/

    smtpd_helo_required = yes
    smtpd_helo_restrictions = permit_mynetworks,
    permit_sasl_authenticated,
    reject_unauth_pipelining,
    reject_non_fqdn_sender,
    reject_non_fqdn_recipient,
    reject_unknown_sender_domain,
    reject_unknown_recipient_domain,
    reject_unauth_destination,
    reject_rbl_client sbl.spamhaus.org,
    reject_rbl_client blackholes.wirehub.net,
    reject_rbl_client bl.spamcop.net,
    permit


    content_filter = amavis:[127.0.0.1]:10024
    receive_override_options = no_address_mappings
    html_directory = /usr/share/doc/postfix/html
    message_size_limit = 30720000
    virtual_alias_maps = proxy:mysql:/etc/postfix/mysql-virtual_forwardings.cf, mysql:/etc/postfix/mysql-virtual_email2email.cf
    virtual_alias_domains =
    virtual_mailbox_domains = proxy:mysql:/etc/postfix/mysql-virtual_domains.cf
    virtual_mailbox_maps = proxy:mysql:/etc/postfix/mysql-virtual_mailboxes.cf
    virtual_mailbox_base = /var/vmail
    virtual_uid_maps = static:5000
    virtual_gid_maps = static:5000
    transport_maps = proxy:mysql:/etc/postfix/mysql-virtual_transports.cf
    #relay_domains = mysql:/etc/postfix/mysql-virtual_relaydomains.cf
    #virtual_create_maildirsize = yes
    #virtual_maildir_extended = yes
    #virtual_mailbox_limit_inbox = yes
    virtual_mailbox_limit_maps = proxy:mysql:/etc/postfix/mysql-virtual_mailbox_limit_maps.cf
    #virtual_mailbox_limit_override = yes
    #virtual_maildir_limit_message = "The user you are trying to reach is over quota."
    #virtual_overquota_bounce = yes
    proxy_read_maps = $local_recipient_maps $mydestination $virtual_alias_maps $virtual_alias_domains $virtual_mailbox_maps $virtual_mailbox_domains $relay_recipient_maps $relay_domains $canonical_maps $sender_canonical_maps $recipient_canonical_maps $relocated_maps $transport_maps $mynetworks $virtual_mailbox_limit_maps
    #smtpd_sender_restrictions = check_sender_access mysql:/etc/postfix/mysql-virtual_sender.cf
    # smtpd_client_restrictions = check_client_access mysql:/etc/postfix/mysql-virtual_client.cf
    maildrop_destination_concurrency_limit = 1
    maildrop_destination_recipient_limit = 1
    virtual_transport = maildrop
    header_checks = regexp:/etc/postfix/header_checks
    mime_header_checks = regexp:/etc/postfix/mime_header_checks
    nested_header_checks = regexp:/etc/postfix/nested_header_checks
    body_checks = regexp:/etc/postfix/body_checks

    ## local ###
    disable_vrfy_command = yes
    smtpd_banner = $myhostname
    #smtpd_client_restrictions = permit_mynetworks permit_inet_interfaces
    smtpd_tls_security_level = may
    smtpd_sasl_auth_enable = yes
    smtpd_client_restrictions = permit_mynetworks permit_inet_interfaces permit_tls_all_clientcerts



    smtpd_sasl_type = dovecot
    smtpd_sasl_path = private/auth
    smtpd_sasl_security_options = noanonymous
    #smtpd_relay_restrictions = permit_mynetworks, permit_sasl_authenticated, check_recipient_access mysql:/etc/postfix/mysql-virtual_recipient.cf, reject_unauth_destinatination



    postconf -a

    cyrus
    dovecot


    dovecot.conf

    # Enable installed protocols
    !include_try /usr/share/dovecot/protocols.d/*.protocol

    dict {
    #quota = mysql:/etc/dovecot/dovecot-dict-sql.conf.ext
    #expire = sqlite:/etc/dovecot/dovecot-dict-sql.conf.ext
    }


    !include conf.d/*.conf


    !include_try local.conf
    userdb {
    driver = passwd
    #driver = shadow
    #driver = slq
    }
    passdb {
    args = %s
    driver = pam
    #driver = shadow
    #args = /etc/dovecot/dovecot-sql.conf
    #driver = slq
    }


    service auth {
    unix_listener /var/spool/postfix/private/auth {
    group = postfix
    mode = 0660
    user = postfix
    }
    unix_listener auth-userdb {
    group = vmail
    mode = 0600
    user = vmail
    }
    user = root
    }
    service imap-login {
    #1
    #process_min_avail = 1
    client_limit = 1000
    process_limit = 500
    }
    protocol imap {
    mail_plugins = quota imap_quota
    #2
    #mail_max_userip_connections = 10
    #imap_idle_notify_interval = 2 mins
    }
    protocol pop3 {
    pop3_uidl_format = %08Xu%08Xv
    mail_plugins = quota
    }
    protocol lda {
    mail_plugins = sieve quota
    }
    #protocols = imap pop3
    auth_mechanisms = plain login
    disable_plaintext_auth = no
    log_timestamp = "%Y-%m-%d %H:%M:%S "
    mail_privileged_group = vmail

    auth_verbose = yes
    auth_debug = yes
    auth_debug_passwords = yes




    var/log/mail.info

    Feb 11 22:02:00 servername dovecot: auth-worker(9414): pam(user@servername,XXX): pam_authenticate() failed: Authentication failure (password mismatch?) (given password: xxx)
    Feb 11 22:02:02 servername dovecot: imap-login: Disconnected (auth failed, 3 attempts in 26 secs): user=<user@servername>, method=PLAIN, rip=XXX, lip=XXX, session=<XwkahUdIQwDZfVMv>


    testsaslauthd -u user@domain -p pass
    connect() : No such file or directory


    Thx in advance! This weekend is being horrible for me :(
     
  2. CRMark

    CRMark New Member

    Ok, solved. The problem was Pop3 was still working with old program Courier (even the logs shows was over Dovecot...) and Imap over Dovecot. Dovecot was difficult to config because the mail bd was made by hand, so I finally installed courier-imap (thats remove Dovecot-imap) and the server was recovered.
     

Share This Page