On 11/13/2010 12:34 AM, Pete wrote:
Hello all,
I have finally attained the unenviable position of being able to effortlessly
see
the entire wood without being able to clearly identify a single tree. IOW, I'm
completely stuck.
OS = Centos 5.5 (2.6.18-194.26.1.el5) x86_64
Postfix = postfix-2.3.3-2.1.el5_2
Dovecot = dovecot-1.0.7-7.el5
Goal = Enable SMTP AUTH using Postfix and Dovecot
Problem = Postfix cannot locate a suitable authentication mechanism ?
Common errors shown in /var/log/maillog :
Nov 12 21:49:46 caprica postfix/postfix-script: starting the Postfix mail
system
Nov 12 21:49:46 caprica postfix/master[7182]: daemon started -- version
2.3.3, configuration /etc/postfix
Nov 12 21:50:09 caprica postfix/smtpd[7189]: fatal: no SASL authentication
mechanisms
Nov 12 21:50:10 caprica postfix/master[7182]: warning: process
/usr/libexec/postfix/smtpd pid 7189 exit status$
When 'smtpd_sasl_auth_enable = yes' is set, I cannot connect to Postfix using
a simple telnet command :
[r...@caprica postfix]# telnet localhost 25
Trying 127.0.0.1...
Connected to localhost.localdomain (127.0.0.1).
Escape character is '^]'.
This just times out and gives the aforementioned 'no SASL authentication'
error in /var/log/maillog.
Dovecot is incorrectly configured to provide said mechanisms.
Postfix does not provide any of this by itself; it relies on the dovecot
SASL provider to tell it what mechanisms are supported.
Commenting out 'smtpd_sasl_auth_enable = yes' gives
this output :
[r...@caprica postfix]# telnet localhost 25
Trying 127.0.0.1...
Connected to localhost.localdomain (127.0.0.1).
Escape character is '^]'.
220 caprica.nrth.lab ESMTP Postfix
ehlo localhost
250-caprica.nrth.lab
250-PIPELINING
250-SIZE 15728640
250-ETRN
250-ENHANCEDSTATUSCODES
250-8BITMIME
250 DSN
quit
221 2.0.0 Bye
Connection closed by foreign host.
I'm not sure exactly what to include here so apologies if I've included the
wrong output or too much. My configurations are below.
The most pertinent output would be the dovecot log, possibly in debug
mode, when this happens.
postconf -n :
alias_database = hash:/etc/aliases
alias_maps = hash:/etc/aliases
broken_sasl_auth_clients = yes
command_directory = /usr/sbin
config_directory = /etc/postfix
daemon_directory = /usr/libexec/postfix
debug_peer_level = 2
disable_vrfy_command = yes
header_checks = pcre:/etc/postfix/header_checks
html_directory = no
inet_interfaces = $myhostname, localhost
Thta's a very bad idea, as a downed network means postfix has no way to
determine what $myhostname is. Use either a static IP or "all".
mail_owner = postfix
mailbox_command = /usr/bin/procmail
mailq_path = /usr/bin/mailq.postfix
manpage_directory = /usr/share/man
message_size_limit = 15728640
mydestination = $myhostname, localhost.$mydomain, localhost, nrth.org
mydomain = nrth.lab
myhostname = caprica.nrth.lab
And here's the kicker: it's not a real resolvable hostname at all.
mynetworks = 127.0.0.0/8, 10.20.30.0/24
mynetworks_style = subnet
myorigin = nrth.org
newaliases_path = /usr/bin/newaliases.postfix
queue_directory = /var/spool/postfix
readme_directory = /usr/share/doc/postfix-2.3.3/README_FILES
2.3.3 is quite old; consider upgrading to, say, 2.7.1 (current stable).
relayhost = outbound.mailhop.org
sample_directory = /usr/share/doc/postfix-2.3.3/samples
sendmail_path = /usr/sbin/sendmail.postfix
setgid_group = postdrop
smtp_sasl_auth_enable = yes
smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd
smtp_sasl_security_options =
smtp_tls_security_level = may
smtpd_helo_required = yes
smtpd_recipient_restrictions = permit_mynetworks,
permit_sasl_authenticated, reject_unauth_destination,
reject_unauth_pipelining, reject_invalid_helo_hostname,
reject_unknown_sender_domain, check_sender_access
hash:/etc/postfix/smtp_sender_access, check_client_access
hash:/etc/postfix/smtp_client_access, reject_invalid_hostname
smtpd_sasl_auth_enable = yes
smtpd_sasl_path = /var/spool/postfix/private/auth
Have you *verified* the existence of this socket ?
Are the permissions correct for postfix to read and write ?
smtpd_sasl_security_options = noanonymous
smtpd_sasl_type = dovecot
As expected.
dovecot -n :
# 1.0.7: /etc/dovecot.conf
login_dir: /var/run/dovecot/login
login_executable(default): /usr/libexec/dovecot/imap-login
login_executable(imap): /usr/libexec/dovecot/imap-login
login_executable(pop3): /usr/libexec/dovecot/pop3-login
mail_executable(default): /usr/libexec/dovecot/imap
mail_executable(imap): /usr/libexec/dovecot/imap
mail_executable(pop3): /usr/libexec/dovecot/pop3
mail_plugin_dir(default): /usr/lib64/dovecot/imap
mail_plugin_dir(imap): /usr/lib64/dovecot/imap
mail_plugin_dir(pop3): /usr/lib64/dovecot/pop3
auth default:
mechanisms: plain login
passdb:
driver: pam
userdb:
driver: passwd
socket:
type: listen
client:
path: /var/run/dovecot/auth-client
mode: 432
user: postfix
group: postfix
master:
path: /var/spool/postfix/private/auth
mode: 432
user: postfix
group: postfix
Looks similar to mine in all the essentials, although again, 1.0.7 is
quite old (I have 1.2.9)
You'll have to dig in to the dovecot side to find out what is going wrong.
--
J.
