-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 thanks very much for your configuration. It seems with dovecot 2.0.19 the configuration has changed quite a bit and things have been splitted into several files (http://wiki2.dovecot.org/QuickConfiguration)
sudo grep -rl postfix /etc/dovecot/* /etc/dovecot/conf.d/10-master.conf /etc/dovecot/conf.d/01-mail-stack-delivery.conf and included inside dovecot.conf (!include conf.d/*.conf) I finally found that auth_debug is inside /etc/dovecot/conf.d/10-logging.conf I will turn on the logging and hopefully better understand what is happening. Thanks Michael Am 29.09.14 16:00, schrieb Reindl Harald: > > Am 29.09.2014 um 15:51 schrieb Michael Wechner: >> Am 29.09.14 15:30, schrieb Reindl Harald: >> >>> Am 29.09.2014 um 15:21 schrieb Michael Wechner: >>>> >>>> Hi Harald >>>> >>>> Thanks very much for your quick reply. Please see my answers inline below >>>> >>>>> telnet is worthless because AUTH is likely announced *after STARTTLS* >>>>> http://www.postfix.org/postconf.5.html#smtp_sasl_security_options >>>> >>>> right, but when requesting for example mail.wyona.com, then I can see >> AUTH >> >>> depends on the servers configuration >> >>>> hence I would assume to see it also for the new version of postfix >>>> and dovecot, or do I misunderstand something? >> >>> yes, you did not read >> http://www.postfix.org/postconf.5.html#smtp_sasl_security_options >> >>> if the server is configured in a way it offers AUTH only >>> over a encrypted channel (recommended) then you need to >>> use STARTTLS before you see the capability and for that >>> telnet is just the wrong tool >> >> the new server config reads (postfix mail_version = 2.7.0): >> >> smtpd_sasl_auth_enable = yes >> smtpd_sasl_type = dovecot >> smtpd_sasl_path = private/dovecot-auth >> smtpd_sasl_authenticated_header = yes >> smtpd_sasl_security_options = noanonymous >> smtpd_sasl_local_domain = $myhostname >> broken_sasl_auth_clients = yes >> smtpd_recipient_restrictions = reject_unknown_sender_domain, >> reject_unknown_recipient_domain, reject_unauth_pipelining, >> permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination >> smtpd_sender_restrictions = reject_unknown_sender_domain > > * check postfix master.cf for chroot - only explicit "n" disabled it > * check configuration of the private/dovecot-auth (permissions and so on) > * look at your logs careful > ____________________________________________________________________ > > that is my part in dovecot.conf: > > service auth { > unix_listener /var/spool/postfix/private/auth { > mode = 0660 > user = postfix > group = postfix > } > } > ____________________________________________________________________ > > that's my part in postfix's main.cf: > > smtpd_sasl_auth_enable = yes > smtpd_sasl_type = dovecot > smtpd_sasl_path = private/auth > ____________________________________________________________________ > > well, both are unchanged for a very long time and survived > a lot of dist-upgrades (Fedora) as well as Dovecot/Postfix > -----BEGIN PGP SIGNATURE----- Version: GnuPG/MacGPG2 v2.0.22 (Darwin) Comment: GPGTools - https://gpgtools.org iQEcBAEBCgAGBQJUKaixAAoJECV0ivYw6bPKtjAH/AiMIS4I0+8q8vqJYwzs9Pzr LgQfe/O9O6HwtL0u63bkZ8SPslxKUxhpl9dmv6HcodfGxHSkaGdlcVS96o6ynjS4 rcWoco6qQ0PsRiJTT1x2IGqO8mPQgH9ovHmI+6ZKAqjWi4S8iFT6G/D6tdtmikME GqW2p2r0mE4xyn0RwU6IWb+cxEYPq3X/8GuSbQsO3Ux0AcejUBgI1ex9xfHM8xhi vfxPDNY9M1s/l+lwBiEqAjkwe99cOpuBPr9u9Mg6WS3+fGwa+Di642ZeZAy3SB63 /wYtLProbJ7enHar7t0sEb0/WvpqUvchNunlw3R1KRe/RhMSbxKYY0x4t6WLSGo= =MLa2 -----END PGP SIGNATURE-----
