[pfx] Now Dovecot doesn't like me

Fri, 12 Jul 2024 14:14:37 -0700

Hi, now that Viktor spotted the config error and fixed yesterday's problem, I'm back with what I hope is another dumb question. Having wrestled Cyrus authentication to a draw, now I'm trying Dovecot which I would have hoped would be easier. It's the same Debian box.
First I set up Dovecot and got its password and user databases working. I can log in for IMAP or POP and it works fine. I have auth debug turned on so it has lots to say about the auth request: 

Jul 12 17:00:12 debian12 systemd[1]: Reloaded dovecot.service - Dovecot 
IMAP/POP3 email server.
Jul 12 17:00:34 debian12 dovecot[50374]: auth: Debug: Loading modules from 
directory: /usr/lib/dovecot/modules/auth
Jul 12 17:00:34 debian12 dovecot[50374]: auth: Debug: Module loaded: 
/usr/lib/dovecot/modules/auth/lib20_auth_var_expand_crypt.so
Jul 12 17:00:34 debian12 dovecot[50374]: auth: Debug: Read auth token secret 
from /run/dovecot/auth-token-secret.dat
Jul 12 17:00:34 debian12 dovecot[50374]: auth: Debug: passwd-file 
/etc/dovecot/users:Read 3 users in 0 secs
Jul 12 17:00:34 debian12 dovecot[50374]: auth: Debug: auth client connected 
(pid=50378)
Jul 12 17:00:50 debian12 dovecot[50374]: auth: Debug: client in: AUTH        1        
PLAIN        service=pop3        secured=tls        session=wc+dLBMdP/6sEJ0B        
lip=172.16.157.132        rip=172.16.157.1        lport=995        rport=65087        
resp=<hidden>
Jul 12 17:00:50 debian12 dovecot[50374]: auth: Debug: 
passwd-file(m...@exotic.qy,172.16.157.1,<wc+dLBMdP/6sEJ0B>): Performing passdb 
lookup
Jul 12 17:00:50 debian12 dovecot[50374]: auth: Debug: 
passwd-file(m...@exotic.qy,172.16.157.1,<wc+dLBMdP/6sEJ0B>): lookup: 
user=m...@exotic.qy file=/etc/dovecot/users
Jul 12 17:00:50 debian12 dovecot[50374]: auth: Debug: 
passwd-file(m...@exotic.qy,172.16.157.1,<wc+dLBMdP/6sEJ0B>): Finished passdb 
lookup
Jul 12 17:00:50 debian12 dovecot[50374]: auth: Debug: 
auth(m...@exotic.qy,172.16.157.1,<wc+dLBMdP/6sEJ0B>): Auth request finished
Jul 12 17:00:50 debian12 dovecot[50374]: auth: Debug: client passdb out: OK     
   1        user=m...@exotic.qy
Jul 12 17:00:50 debian12 dovecot[50374]: auth: Debug: master in: REQUEST        
288227329        50378        1        f96e98986ac3499414a988ea001efb34        
session_pid=50382
Jul 12 17:00:50 debian12 dovecot[50374]: auth: Debug: 
passwd-file(m...@exotic.qy,172.16.157.1,<wc+dLBMdP/6sEJ0B>): Performing userdb 
lookup
Jul 12 17:00:50 debian12 dovecot[50374]: auth: Debug: 
passwd-file(m...@exotic.qy,172.16.157.1,<wc+dLBMdP/6sEJ0B>): lookup: 
user=m...@exotic.qy file=/etc/dovecot/users
Jul 12 17:00:50 debian12 dovecot[50374]: auth: Debug: 
passwd-file(m...@exotic.qy,172.16.157.1,<wc+dLBMdP/6sEJ0B>): Finished userdb 
lookup
Jul 12 17:00:50 debian12 dovecot[50374]: auth: Debug: master userdb out: USER   
     288227329        m...@exotic.qy        uid=1000        gid=1000        
home=/home/mailuser/users/user2        auth_mech=PLAIN
Jul 12 17:00:50 debian12 dovecot[50374]: pop3-login: Login: user=<m...@exotic.qy>, 
method=PLAIN, rip=172.16.157.1, lip=172.16.157.132, mpid=50382, TLS, 
session=<wc+dLBMdP/6sEJ0B>
Jul 12 17:00:51 debian12 dovecot[50374]: 
pop3(m...@exotic.qy)<50382><wc+dLBMdP/6sEJ0B>: Disconnected: Logged out 
top=0/0, retr=0/0, del=0/1, size=275

Then, having done what I think the postfix and dovecot manuals said, I try port 
465 SMTP AUTH with the same user:

Jul 12 17:01:24 debian12 postfix/submissions/smtpd[50383]: connect from 
unknown[172.16.157.1]
Jul 12 17:01:44 debian12 postfix/submissions/smtpd[50383]: warning: SASL 
authentication failure: Password verification failed
Jul 12 17:01:44 debian12 postfix/submissions/smtpd[50383]: warning: 
unknown[172.16.157.1]: SASL plain authentication failed: authentication 
failure, sasl_username=m...@exotic.qy
Jul 12 17:01:46 debian12 postfix/submissions/smtpd[50383]: disconnect from 
unknown[172.16.157.1] ehlo=1 auth=0/1 quit=1 commands=2/3

It looks like postfix didn't even try to contact the auth server.  It has the 
usual socket configured
and lsof says that Dovecot is listening on that socket.  The socket is owned by 
postfix and I am
reasonably sure the directories in the path allow postfix to open it.  I'm 
baffled.

Actual config stuff below, since this is my own test system.  TIA.

R's,
John

# postconf -n
alias_database = hash:/etc/aliases
alias_maps = hash:/etc/aliases
append_dot_mydomain = no
biff = no
compatibility_level = 3.6
inet_interfaces = all
inet_protocols = all
mailbox_size_limit = 0
mydestination = test.qy, $myhostname, debian12.qy, localhost.qy, localhost
myhostname = debian12.qy
mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128
myorigin = /etc/mailname
readme_directory = no
recipient_delimiter = +
relayhost =
smtp_sasl_type = dovecot
smtp_tls_CApath = /etc/ssl/certs
smtp_tls_security_level = may
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
smtpd_banner = $myhostname ESMTP $mail_name (Debian/GNU)
smtpd_relay_restrictions = permit_mynetworks permit_sasl_authenticated 
defer_unauth_destination
smtpd_sasl_path = private/auth
smtpd_tls_cert_file = /etc/ssl/certs/ssl-cert-snakeoil.pem
smtpd_tls_key_file = /etc/ssl/private/ssl-cert-snakeoil.key
smtpd_tls_security_level = may
smtputf8_enable = yes
virtual_gid_maps = static:1000
virtual_mailbox_base = /home/mailuser
virtual_mailbox_domains = exotic.qy
virtual_mailbox_maps = hash:/etc/postfix/vmailbox
virtual_uid_maps = static:1000

# lsof | grep private/auth
dovecot   50124                             root   58u     unix 
0x0000000027be7a65      0t0     944146 /var/spool/postfix/private/auth 
type=STREAM (LISTEN)

# dovecot -n
# 2.3.19.1 (9b53102964): /etc/dovecot/dovecot.conf
# Pigeonhole version 0.5.19 (4eae2f79)
# OS: Linux 6.1.0-18-arm64 aarch64 Debian 12.6
# Hostname: debian12.qy
auth_debug = yes
auth_mechanisms = plain login
auth_username_chars =
mail_location = maildir:~/Maildir
mail_privileged_group = mail
namespace {
  inbox = yes
  location =
  mailbox {
    special_use = \Drafts
    name = Drafts
  }
  mailbox {
    special_use = \Junk
    name = Junk
  }
  mailbox {
    special_use = \Sent
    name = Sent
  }
  mailbox {
    special_use = \Sent
    name = Sent Messages
  }
  mailbox {
    special_use = \Trash
    name = Trash
  }
  prefix =
  name = inbox
}
passdb {
  args = /etc/dovecot/users
  driver = passwd-file
}
protocols = " imap pop3"
service replication-notify-fifo {
  name = aggregator
}
service anvil-auth-penalty {
  name = anvil
}
service auth-worker {
  name = auth-worker
}
service {
  unix_listener {
    group = postfix
    mode = 0666
    user = postfix
    path = /var/spool/postfix/private/auth
  }
  name = auth
}
service config {
  name = config
}
 ... there is more but it doesn't say anything about auth or postfix ...
_______________________________________________
Postfix-users mailing list -- postfix-users@postfix.org
To unsubscribe send an email to postfix-users-le...@postfix.org






















					Reply via email to