Thanks to another subscriber, I have resolved my TLS problem. However, I
cannot get SMTP authentication working, no matter what I try. My client
"sends" mail without any errors; however, /var/log/maillog reports
connection refused errors and recipients are not receiving my emails.
This is due to no SMTP authentication (I believe).
Please see my dovecot config:
### doveconf -n output
## I've moved auth configuration to the top for easier parsing
# 2.2.9: /usr/local/etc/dovecot/dovecot.conf
# OS: FreeBSD 9.2-RELEASE i386
service auth {
unix_listener /var/spool/postfix/private/auth {
group = postfix
mode = 0660
user = postfix
}
}
auth_mechanisms = plain login
disable_plaintext_auth = no
listen = *
mail_location = maildir:~/Maildir:LAYOUT=fs
namespace inbox {
inbox = yes
location =
mailbox Drafts {
special_use = \Drafts
}
mailbox Junk {
special_use = \Junk
}
mailbox Sent {
special_use = \Sent
}
mailbox "Sent Messages" {
special_use = \Sent
}
mailbox Trash {
special_use = \Trash
}
prefix =
}
passdb {
driver = pam
}
ssl_cert = </etc/ssl/certs/dovecot.pem
ssl_key = </etc/ssl/private/dovecot.pem
userdb {
driver = passwd
}
And my postfix config:
### postfix -n output
## I've moved all the sasl related entries to the top for easier parsing
smtpd_sasl_auth_enable = yes
smtpd_sasl_path = private/auth
smtpd_sasl_type = dovecot
broken_sasl_auth_clients = yes
smtpd_recipient_restrictions = permit_mynetworks
permit_sasl_authenticated reject_unauth_destination
smtpd_relay_restrictions = permit_mynetworks permit_sasl_authenticated
reject_unauth_destination
command_directory = /usr/local/sbin
config_directory = /usr/local/etc/postfix
daemon_directory = /usr/local/libexec/postfix
data_directory = /var/db/postfix
debug_peer_level = 2
debugger_command = PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin ddd
$daemon_directory/$process_name $process_id & sleep 5
home_mailbox = Maildir/
html_directory = /usr/local/share/doc/postfix
inet_interfaces = all
inet_protocols = ipv4
mail_owner = postfix
mailq_path = /usr/local/bin/mailq
manpage_directory = /usr/local/man
mydestination = $myhostname, localhost.$mydomain, localhost, $mydomain
mydomain = bsdbox.co
myhostname = mail.bsdbox.co
newaliases_path = /usr/local/bin/newaliases
queue_directory = /var/spool/postfix
readme_directory = /usr/local/share/doc/postfix
recipient_delimiter = +
relay_domains = $mydestination
sample_directory = /usr/local/etc/postfix
sendmail_path = /usr/local/sbin/sendmail
setgid_group = maildrop
smtp_tls_loglevel = 3
smtp_tls_note_starttls_offer = yes
smtp_tls_security_level = may
smtp_use_tls = yes
smtpd_banner = $myhostname ESMTP $mail_name
smtpd_tls_CAfile = /etc/ssl/certs/cacert.pem
smtpd_tls_CApath = /etc/ssl/certs/
smtpd_tls_auth_only = yes
smtpd_tls_cert_file = /etc/ssl/certs/postfix.crt
smtpd_tls_key_file = /etc/ssl/private/postfix.key
smtpd_tls_loglevel = 3
smtpd_tls_received_header = yes
smtpd_tls_security_level = may
smtpd_tls_session_cache_database = btree:/var/lib/postfix/smtpd_cache
smtpd_tls_session_cache_timeout = 3600s
smtpd_use_tls = yes
tls_random_source = dev:/dev/urandom
unknown_local_recipient_reject_code = 550
And, the glaringly obvious absence of SMTP auth mechanisms:
### no auth mechanisms available
root@mail:~/debug # telnet localhost smtp
Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'.
220 mail.bsdbox.co ESMTP Postfix
ehlo bsdbox.co
250-mail.bsdbox.co
250-PIPELINING
250-SIZE 10240000
250-VRFY
250-ETRN
250-STARTTLS
250-ENHANCEDSTATUSCODES
250-8BITMIME
250 DSN
quit
221 2.0.0 Bye
Connection closed by foreign host.
root@mail:~/debug #
Just for good measure, here is maillog data immediately post receiving
mail and replying:
### note the connection refused reports toward the end
root@mail:~/debug # tail /var/log/maillog
Dec 11 07:11:24 mail postfix/cleanup[65906]: D9F2A2384BA:
message-id=<52A8101B.7
0...@bsdbox.co>
Dec 11 07:11:24 mail postfix/qmgr[65422]: D9F2A2384BA:
from=<de...@bsdbox.co>, s
ize=848, nrcpt=1 (queue active)
Dec 11 07:11:24 mail postfix/smtp[65909]: initializing the client-side
TLS engin
e
Dec 11 07:11:24 mail postfix/smtpd[65902]: disconnect from
CPE-110-146-148-136.k
nmu.knt.bigpond.net.au[110.146.148.136]
Dec 11 07:11:25 mail dovecot: imap-login: Login: user=<debug>,
method=PLAIN, rip
=110.146.148.136, lip=10.0.0.120, mpid=65911, TLS,
session=<zN/e7zzt0QBukpSI>
Dec 11 07:11:25 mail dovecot: imap-login: Login: user=<debug>,
method=PLAIN, rip
=110.146.148.136, lip=10.0.0.120, mpid=65913, TLS,
session=<xQni7zztaABukpSI>
Dec 11 07:11:31 mail postfix/smtp[65909]: connect to
myune-edu-au.mail.eo.outloo
k.com[213.199.154.23]:25: Connection refused
Dec 11 07:11:37 mail postfix/smtp[65909]: connect to
myune-edu-au.mail.eo.outloo
k.com[213.199.154.87]:25: Connection refused
Dec 11 07:11:37 mail postfix/smtp[65909]: D9F2A2384BA:
to=<mjam...@myune.edu.au>
, relay=none, delay=13, delays=0.01/0.02/13/0, dsn=4.4.1,
status=deferred (conne
ct to myune-edu-au.mail.eo.outlook.com[213.199.154.87]:25: Connection
refused)
Dec 11 07:11:38 mail dovecot: imap-login: Login: user=<debug>,
method=PLAIN, rip
=110.146.148.136, lip=10.0.0.120, mpid=65916, TLS,
session=<1SGn8DztMABukpSI>
root@mail:~/debug #
I've scrutinized and parsed my config files with all the relevant
Postfix and Dovecot literature. I guess I am overlooking something
blatantly obvious but I need a fresh set of eyes and some help. I've
been at this all day and getting no where. Thanks, guys.
