I don't see any
smtpd_sasl_auth_enable = yes
in your `postconf -n` output although you claim to have set it. The
default would be "no".
Matthias
On 2016-06-28 05:15, Michael Fox wrote:
I've been using Postfix for a while with no client submission. I'm
trying to set up SASL for the first time, using Dovecot, to support
virtual users.
When I connect with EHLO, I do NOT see "AUTH" capabilities.
Of course, I'm following: http://www.postfix.org/SASL_README.html
First of all, Dovecot is installed and authentication works
$ telnet localhost 110
Trying 127.0.0.1...
Connected to localhost.localdomain.
Escape character is '^]'.
+OK Dovecot ready.
user <virtualuser>@<virtual.domain>
+OK
pass secret
+OK Logged in.
quit
+OK Logging out.
Connection closed by foreign host.
$
And mail is delivered to the virtual mailboxes just fine. This tells
me that the Dovecot passdb and userdb are working.
Now, following the SASL_README:
$ postconf -a
cyrus
dovecot
$ postconf -A
cyrus
I followed the instructions in SASL_README for "Configuring Dovecot
SASL", plus …
smtpd_sasl_type = dovecot
smtpd_sasl_path = private/auth
smtpd_sasl_auth_enable = yes
The socket exists
~$ sudo ls -l /var/spool/postfix/private
total 0
…
srw-rw---- 1 postfix postfix 0 Jun 27 18:55 auth
…
$
After reload, the next step in the README is to try a connection. But
I don't get any AUTH options:
$ telnet localhost 25
Trying 127.0.0.1...
Connected to localhost.localdomain.
Escape character is '^]'.
220 xxxxx ESMTP Postfix (Ubuntu)
EHLO client.example.com
250-xxxxx
250-PIPELINING
250-SIZE 102400
250-VRFY
250-ETRN
250-ENHANCEDSTATUSCODES
250-8BITMIME
250 DSN
QUIT
221 2.0.0 Bye
Connection closed by foreign host.
$
I don't know what to do next. Thanks for any help.
Thanks,
Michael
$ postconf -n
alias_database = hash:/etc/aliases
alias_maps = hash:/etc/aliases
anvil_rate_time_unit = 60s
append_at_myorigin = yes
append_dot_mydomain = yes
biff = no
bounce_queue_lifetime = 8h
bounce_template_file = /etc/postfix/bounce.cf
broken_sasl_auth_clients = yes
canonical_maps = pcre:/etc/postfix/canonical.pcre
config_directory = /etc/postfix
content_filter = amavisfeed:[127.0.0.1]:10024
delay_warning_time = 2h
fast_flush_domains = $relay_domains
header_checks = pcre:/etc/postfix/header_checks.pcre
html_directory = /usr/share/doc/postfix/html
inet_interfaces = all
mailbox_size_limit = 5120000
maximal_queue_lifetime = 8h
message_size_limit = 102400
mydestination = $myhostname localhost.$mydomain localhost.localdomain
localhost
mydomain = <my.domain>
mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128
192.168.8.0/24
myorigin = /etc/mailname
postscreen_access_list = permit_mynetworks
cidr:/etc/postfix/postscreen_access.cidr
postscreen_blacklist_action = drop
postscreen_dnsbl_action = enforce
postscreen_dnsbl_reply_map =
pcre:/etc/postfix/postscreen_dnsbl_reply_map.pcre
postscreen_dnsbl_sites = zen.spamhaus.org*3 bl.spameatingmonkey.net*2
psbl.surriel.com*2 bl.spamcop.net
hostkarma.junkemailfilter.com=127.0.0.2 dnsbl.sorbs.net
bl.mailspike.net swl.spamhaus.org*-4 list.dnswl.org=127.0.[0..255].0*-1
list.dnswl.org=127.0.[0..255].1*-2 list.dnswl.org=127.0.[0..255].2*-3
list.dnswl.org=127.0.[0..255].3*-4
postscreen_dnsbl_threshold = 3
postscreen_dnsbl_ttl = 5m
postscreen_greet_action = enforce
proxy_interfaces = <my.external.ip.address>
readme_directory = /usr/share/doc/postfix
recipient_delimiter = +
relay_domains = n6mef.ampr.org
relay_recipient_maps = pcre:/etc/postfix/relay_recipients.pcre
relay_restrictions = check_sender_access
pcre:/etc/postfix/relay_sender_access.pcre
remote_header_rewrite_domain = invalid.domain
smtp_host_lookup = native
smtp_sasl_auth_enable = yes
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
smtpd_banner = $myhostname ESMTP $mail_name (Ubuntu)
smtpd_client_connection_count_limit = 10
smtpd_client_connection_rate_limit = 10
smtpd_client_restrictions = permit_mynetworks
reject_unknown_reverse_client_hostname check_client_access
pcre:/etc/postfix/client_access.pcre reject_rbl_client zen.spamhaus.org
permit
smtpd_data_restrictions = reject_unauth_pipelining
reject_multi_recipient_bounce permit
smtpd_delay_reject = yes
smtpd_error_sleep_time = 5s
smtpd_etrn_restrictions = permit_mynetworks reject
smtpd_hard_error_limit = 10
smtpd_helo_required = yes
smtpd_helo_restrictions = reject_invalid_helo_hostname
reject_non_fqdn_helo_hostname permit_mynetworks
reject_unknown_helo_hostname check_helo_access
pcre:/etc/postfix/helo_access.pcre permit
smtpd_junk_command_limit = 2
smtpd_recipient_restrictions = reject_non_fqdn_recipient
reject_unknown_recipient_domain permit_mynetworks
reject_unauth_destination check_recipient_access
pcre:/etc/postfix/recipient_access.pcre check_recipient_access
pcre:/etc/postfix/relay_recipient_access.pcre permit
smtpd_reject_unlisted_recipient = yes
smtpd_restriction_classes = relay_restrictions
smtpd_sasl_path = private/auth
smtpd_sasl_type = dovecot
smtpd_sender_restrictions = reject_non_fqdn_sender
reject_unknown_sender_domain permit_mynetworks check_sender_access
pcre:/etc/postfix/sender_access.pcre check_sender_mx_access
cidr:/etc/postfix/sender_mx_access.cidr reject_rhsbl_sender
dsn.rfc-clueless.org permit
smtpd_soft_error_limit = 5
smtpd_tls_cert_file = /etc/ssl/certs/ssl-cert-snakeoil.pem
smtpd_tls_key_file = /etc/ssl/private/ssl-cert-snakeoil.key
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
smtpd_use_tls = no
strict_rfc821_envelopes = yes
transport_maps = hash:/etc/postfix/transport
unknown_address_reject_code = 550
unknown_client_reject_code = 550
unknown_hostname_reject_code = 550
unknown_local_recipient_reject_code = 550
unverified_recipient_reject_code = 550
unverified_sender_reject_code = 550
virtual_alias_maps = hash:/etc/postfix/virtual
virtual_mailbox_domains = <my.virtual.domain.name>
virtual_transport = lmtp:unix:private/dovecot-lmtp
