On Wed, Jan 19, 2022 at 08:38:07AM -0500, Ruben Safir <ru...@mrbrklyn.com> wrote:
> On Tue, Jan 18, 2022 at 11:14:58AM -0500, Ruben Safir wrote: > > On Tue, Jan 18, 2022 at 04:50:11PM +0100, Matus UHLAR - fantomas wrote: > > > On 18.01.22 10:32, Ruben Safir wrote: > > > >I am sorry, that is wrong. I am getting main and master confused. > > > [...] > > > How do I know that dovecot is being querried for authentication via sasl If your /etc/postfix/main.cf contains: smtpd_sasl_type = dovecot smtpd_sasl_path = private/auth and your /etc/postfix/master.cf contains (for submission/smtps): -o smtpd_sasl_auth_enable=yes then Postfix will be querying Dovecot for SASL authentication. And if Dovecot is up and running and configured to create the /var/spool/postfix/private/auth socket that is referred to above, and that socket exists, and has correct permissions, then those queries should work. > and how would I debug that? > I think it is not being seen. When I see an incoming smtps connection with SASL, my logs look like: postfix/smtps/smtpd[52213]: connect from unknown[IP6addr] postfix/smtps/smtpd[52213]: Anonymous TLS connection established from unknown[IP6addr]: TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256 dovecot: auth-worker(52194): conn unix:auth-worker (pid=52193,uid=109): auth-worker<11>: pam(u...@example.org,IP6addr): pam_authenticate() failed: Authentication failure (Password mismatch?) postfix/smtps/smtpd[52213]: 0C5125E340: client=unknown[IP6addr], sasl_method=PLAIN, sasl_username=u...@example.org postfix/cleanup[52217]: 0C5125E340: message-id=<fbc84fe8-62c0-4fa8-a1ed-263fa963c...@example.org> postfix/qmgr[3563496]: 0C5125E340: from=<u...@example.org>, size=729, nrcpt=2 (queue active) postfix/smtps/smtpd[52213]: disconnect from unknown[IP6addr] ehlo=1 auth=1 mail=1 rcpt=2 data=1 quit=1 commands=7 The dovecot log there might be unrelated (because this connection's authentication did succeed) but the username is correct (wierd, never mind). The following line contains: sasl_method=PLAIN, sasl_username=u...@example.org which shows that SASL happened.s And the last line shows: auth=1 which shows that the incoming SMTP client did issue an authentication command. If it had gone wrong, there would be log messages to indicate the failure. You can probably increase debugging levels in Dovecot and/or Postfix to see more detail. I don't think Dovecot itself logs authentication failures by default (probably because there are usually so many of them from POP/IMAP connection attempts). cheers, raf
