postfix auth using dovecot sasl on samba4 ldap backend - postfix sasl auth with email address not working

[Quirin Maier]

Hello,

I've setup dovecot and postfix using dovecot sasl on samba4 ldap backend.
I'd like to authenticate with user's email address as login. While dovecot
authentication works,
postfix authentication fails on 'AUTH PLAIN ...' with '535 5.7.8 Error:
authentication failed:' Dovecot's debug log file shows:

Aug 24 15:12:59 auth: Debug: client in: AUTH 1 PLAIN service=smtp nologin
lip=xxx.xxx.xxx.xxx rip=xxx.xxx.xxx.xxx secured resp=<hidden>
Aug 24 15:13:01 auth: Debug: client passdb out: FAIL 1 user=domain.tld

By trying to authenticate with 'u...@domain.tld' it seems as if only
'domain.tld' is sent to dovecot sasl and thus dovecot sasl authentication
fails.
If I just authenticate with 'user' instead of 'u...@domain.tld' postfix
AUTH PLAIN passes successfully.

What to do, that postfix passes full email addresss to dovecot sasl? Below
my postfix and doveconf configuration.



postconf -n
-----
alias_maps = hash:/etc/aliases
append_dot_mydomain = no
biff = no
broken_sasl_auth_clients = yes
config_directory = /etc/postfix
content_filter = smtp-amavis:[127.0.0.1]:10024
inet_interfaces = 127.0.0.1, [::1], <myipv4> [<myipv6>]
local_transport = virtual
myhostname = mx.<mydomain>
myorigin = $mydomain
policy-spf_time_limit = 3600s
recipient_delimiter = +
sender_canonical_maps = hash:/etc/postfix/sender-canonical
smtp_sasl_mechanism_filter = plain, login
smtp_sasl_security_options = noanonymous
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
smtpd_banner = $myhostname ESMTP $mail_name (Debian/GNU)
smtpd_client_restrictions = permit_mynetworks, permit_sasl_authenticated,
reject_unknown_client_hostname
smtpd_helo_required = yes
smtpd_recipient_restrictions = permit_mynetworks,
permit_sasl_authenticated, reject_invalid_hostname, check_policy_service
inet:127.0.0.1:10023, check_policy_service unix:private/policy-spf
smtpd_sasl_auth_enable = yes
smtpd_sasl_authenticated_header = yes
smtpd_sasl_path = private/auth
smtpd_sasl_security_options = noanonymous
smtpd_sasl_type = dovecot
smtpd_sender_login_maps = ldap:/etc/postfix/ldap/ldap-sender-login.cf
smtpd_sender_restrictions = permit_mynetworks,
reject_sender_login_mismatch, permit_sasl_authenticated,
reject_unknown_helo_hostname, reject_unknown_recipient_domain,
reject_unknown_sender_domain
smtpd_tls_CAfile = /etc/ssl/certs/ca-certificates.crt
smtpd_tls_cert_file = /etc/ssl/certs/<mydomain>.pem
smtpd_tls_key_file = /etc/ssl/private/<mydomain>.key
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
smtpd_use_tls = yes
virtual_alias_maps = ldap:/etc/postfix/ldap/ldap-aliases.cf
virtual_gid_maps = static:998
virtual_mailbox_base = /var/vmail
virtual_mailbox_domains = internal.$mydomain, $mydomain
virtual_mailbox_maps = ldap:/etc/postfix/ldap/ldap-mailbox.cf
virtual_minimum_uid = 998
virtual_uid_maps = static:998
-----



dovecot -n
-----
# 2.2.9: /etc/dovecot/dovecot.conf
# OS: Linux 3.14-0.bpo.2-amd64 x86_64 Debian 7.6 ext4
auth_debug = yes
auth_mechanisms = plain login
auth_verbose = yes
debug_log_path = /var/log/dovecot-debug.log
disable_plaintext_auth = no
log_path = /var/log/dovecot.log
mail_debug = yes
mail_gid = g-vmail
mail_location = maildir:/var/vmail/%Lu
mail_uid = vmail
namespace inbox {
  inbox = yes
  location =
  mailbox Drafts {
    special_use = \Drafts
  }
  mailbox Junk {
    special_use = \Junk
  }
  mailbox Sent {
    special_use = \Sent
  }
  mailbox "Sent Messages" {
    special_use = \Sent
  }
  mailbox Trash {
    special_use = \Trash
  }
  prefix =
}
passdb {
  args = /etc/dovecot/dovecot-ldap.conf.ext
  driver = ldap
}
plugin {
  sieve = ~/.dovecot.sieve
  sieve_dir = ~/sieve
}
protocols = " imap lmtp pop3"
service auth {
  unix_listener /var/spool/postfix/private/auth {
    group = postfix
    mode = 0660
    user = postfix
  }
}
service imap-login {
  inet_listener imap {
    address = 127.0.0.1, ::1, <myipv4>, <myipv6>
    port = 143
  }
  inet_listener imaps {
    address = 127.0.0.1, ::1, <myipv4>, <myipv6>
    port = 993
    ssl = yes
  }
}
service pop3-login {
  inet_listener pop3 {
    address = 127.0.0.1, ::1, <myipv4>, <myipv6>
    port = 110
  }
  inet_listener pop3s {
    address = 127.0.0.1, ::1, <myipv4>, <myipv6>
    port = 995
    ssl = yes
  }
}
ssl = required
ssl_cert = </etc/ssl/certs/<mydomain>.org.pem
ssl_key = </etc/ssl/private/<mydomain>.org.key
userdb {
  args = uid=vmail gid=g-vmail home=/var/vmail/%u
  driver = static
}
verbose_ssl = yes
-----