Dovecot postfix login failure

Discussion in 'Installation/Configuration' started by badmonkey, Feb 10, 2017.

  1. badmonkey

    badmonkey New Member

    Setting up a new installation of ispconfig 3.1.2, dovecot, and postfix as outlined in the how-to documentation.
    /perfect-server-centos-6.4-x86_64-nginx-dovecot-ispconfig-3-p4

    I'm about at my wit's end. Most things are operational. LEMP stack with ispconfig. Everything works well except mail. Forums can send out mail but it's a big no-go with clients. Not that my knowledge is all that great with other server aspects, but this is all new territory for me setting up mail services. Dumb as a fence post you might say.


    When trying to login squirrelmail, this shows in the error log:
    Feb 902:57:55 postfix/smtpd[21547]: warning: SASL:Connect to private/auth failed:permission denied
    Feb 902:57:55 postfix/smtpd[21547]: fatal:no SASL authentication mechanisms
    Feb 902:57:56 postfix/master[18521]: warning: process /usr/libexec/postfix/smtpd pid 21547exit status 1
    Feb 902:57:56 postfix/master[18521]: warning:/usr/libexec/postfix/smtpd: bad command startup -- throttling

    Here's a sample from the error logs:

    Logging in by command line this happens:
    telnet localhost 143
    Trying::1...
    Connected to localhost.
    Escape character is'^]'.
    * OK [CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE IDLE STARTTLS AUTH=PLAIN]Dovecot ready.
    a login [email protected] password
    a NO [AUTHENTICATIONFAILED]Authentication failed.

    And in the error log:
    Feb 902:58:24 dovecot: imap-login:Disconnected:Inactivity(auth failed,1 attempts): user=<[email protected]>, method=PLAIN, rip=::1, lip=::1, secured


    Please help! Again, I'm new to all this. I have no idea where to go from here. Thanks!!
     
  2. ahrasis

    ahrasis Member

    I wonder if you have tried this one:
     
  3. badmonkey

    badmonkey New Member

    Thanks ahrasis. You're a good man to help. The problem is probably something very simple. Unfortuntately that wasn't the fix.
     
  4. ahrasis

    ahrasis Member

    I agree that the problem could be something simple.

    If your dovecot dovecot.conf and 10-master.conf files and postfix main.cf file are all already correct, then I am not sure where lie your problems.
     
    badmonkey likes this.
  5. badmonkey

    badmonkey New Member

    Perhaps I should post those! Perhaps you eagle eyed guys can spot the issue.

    dovecot.conf:

    Code:
    listen = *,[::]
    protocols = imap pop3
    auth_mechanisms = plain login
    disable_plaintext_auth = no
    log_timestamp = "%Y-%m-%d %H:%M:%S "
    mail_privileged_group = vmail
    ssl_cert = </etc/postfix/smtpd.cert
    ssl_key = </etc/postfix/smtpd.key
    passdb {
      args = /etc/dovecot-sql.conf
      driver = sql
    }
    userdb {
      driver = prefetch
    }
    userdb {
      args = /etc/dovecot-sql.conf
      driver = sql
    }
    plugin {
      quota = dict:user::file:/var/vmail/%d/%n/.quotausage
      sieve=/var/vmail/%d/%n/.sieve
    }
    service auth {
      unix_listener /var/spool/postfix/private/auth {
        group = postfix
        mode = 0660
        user = postfix
      }
      unix_listener auth-userdb {
        group = vmail
        mode = 0600
        user = vmail
      }
      user = root
    }
    service lmtp {
      unix_listener /var/spool/postfix/private/dovecot-lmtp {
       group = postfix
       mode = 0600
       user = postfix
      }
    }
    service imap-login {
      client_limit = 1000
      process_limit = 500
    }
    protocol imap {
      mail_plugins = quota imap_quota
    }
    protocol pop3 {
      pop3_uidl_format = %08Xu%08Xv
      mail_plugins = quota
    }
    protocol lda {
      mail_plugins = sieve quota
      postmaster_address = [email protected]
    }
    protocol lmtp {
      postmaster_address = [email protected]
      mail_plugins = quota sieve
    }
    mail_plugins = $mail_plugins quota
    client {
           path = /var/spool/postfix/private/auth
           mode = 0660
           user = postfix
           group = postfix
    }
    main.cf:

    Code:
    
    queue_directory = /var/spool/postfix
    
    command_directory = /usr/sbin
    
    daemon_directory = /usr/libexec/postfix
    
    data_directory = /var/lib/postfix
    
    mail_owner = postfix
    
    inet_interfaces = all
    
    inet_protocols = all
     
    unknown_local_recipient_reject_code = 550
    
    debug_peer_level = 2
    
    debugger_command =
         PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin
         ddd $daemon_directory/$process_name $process_id & sleep 5
    
    sendmail_path = /usr/sbin/sendmail.postfix
    
    newaliases_path = /usr/bin/newaliases.postfix
    
    mailq_path = /usr/bin/mailq.postfix
    
    setgid_group = postdrop
    
    html_directory = no
    
    manpage_directory = /usr/share/man
    
    sample_directory = /usr/share/doc/postfix-2.6.6/samples
    
    
    readme_directory = /usr/share/doc/postfix-2.6.6/README_FILES
    virtual_alias_domains =
    virtual_alias_maps = hash:/etc/mailman/virtual-mailman, proxy:mysql:/etc/postfix/mysql-virtual_forwardings.cf, proxy:mysql:/etc/postfix/mysql-virtual_email2email.cf
    virtual_mailbox_domains = proxy:mysql:/etc/postfix/mysql-virtual_domains.cf
    virtual_mailbox_maps = proxy:mysql:/etc/postfix/mysql-virtual_mailboxes.cf
    virtual_mailbox_base = /var/vmail
    virtual_uid_maps = mysql:/etc/postfix/mysql-virtual_uids.cf
    virtual_gid_maps = mysql:/etc/postfix/mysql-virtual_gids.cf
    sender_bcc_maps = proxy:mysql:/etc/postfix/mysql-virtual_outgoing_bcc.cf
    smtpd_sasl_auth_enable = yes
    broken_sasl_auth_clients = yes
    smtpd_sasl_authenticated_header = yes
    smtpd_restriction_classes = greylisting
    greylisting = check_policy_service inet:127.0.0.1:10023
    smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination, check_recipient_access mysql:/etc/postfix/mysql-virtual_recipient.cf
    smtpd_use_tls = yes
    smtpd_tls_security_level = may
    smtpd_tls_cert_file = /etc/postfix/smtpd.cert
    smtpd_tls_key_file = /etc/postfix/smtpd.key
    transport_maps = hash:/var/lib/mailman/data/transport-mailman, proxy:mysql:/etc/postfix/mysql-virtual_transports.cf
    relay_domains = mysql:/etc/postfix/mysql-virtual_relaydomains.cf
    relay_recipient_maps = mysql:/etc/postfix/mysql-virtual_relayrecipientmaps.cf
    smtpd_sender_login_maps = proxy:mysql:/etc/postfix/mysql-virtual_sender_login_maps.cf
    proxy_read_maps = $local_recipient_maps $mydestination $virtual_alias_maps $virtual_alias_domains $sender_bcc_maps $virtual_mailbox_maps $virtual_mailbox_domains $relay_recipient_maps $relay_domains $canonical_maps $sender_canonical_maps $recipient_canonical_maps $relocated_maps $transport_maps $mynetworks $smtpd_sender_login_maps
    smtpd_helo_required = yes
    smtpd_helo_restrictions = permit_sasl_authenticated, permit_mynetworks, check_helo_access regexp:/etc/postfix/helo_access, reject_invalid_hostname, reject_non_fqdn_hostname, check_helo_access regexp:/etc/postfix/blacklist_helo
    smtpd_sender_restrictions = check_sender_access regexp:/etc/postfix/tag_as_originating.re , permit_mynetworks, permit_sasl_authenticated, check_sender_access mysql:/etc/postfix/mysql-virtual_sender.cf, check_sender_access regexp:/etc/postfix/tag_as_foreign.re
    smtpd_client_restrictions = check_client_access mysql:/etc/postfix/mysql-virtual_client.cf
    smtpd_client_message_rate_limit = 100
    maildrop_destination_concurrency_limit = 1
    maildrop_destination_recipient_limit = 1
    virtual_transport = dovecot
    header_checks = regexp:/etc/postfix/header_checks
    mime_header_checks = regexp:/etc/postfix/mime_header_checks
    nested_header_checks = regexp:/etc/postfix/nested_header_checks
    body_checks = regexp:/etc/postfix/body_checks
    smtp_tls_security_level = may
    smtpd_tls_mandatory_protocols = !SSLv2, !SSLv3
    smtpd_tls_protocols = !SSLv2,!SSLv3
    smtp_tls_protocols = !SSLv2,!SSLv3
    smtpd_tls_exclude_ciphers = RC4, aNULL
    smtp_tls_exclude_ciphers = RC4, aNULL
    dovecot_destination_recipient_limit = 1
    smtpd_sasl_type = dovecot
    smtpd_sasl_path = private/auth
    



    10-master.conf:

    Code:
    #default_process_limit = 100
    #default_client_limit = 1000
    
    # Default VSZ (virtual memory size) limit for service processes. This is mainly
    # intended to catch and kill processes that leak memory before they eat up
    # everything.
    #default_vsz_limit = 256M
    
    # Login user is internally used by login processes. This is the most untrusted
    # user in Dovecot system. It shouldn't have access to anything at all.
    #default_login_user = dovenull
    
    # Internal user is used by unprivileged processes. It should be separate from
    # login user, so that login processes can't disturb other processes.
    #default_internal_user = dovecot
    
    service imap-login {
      inet_listener imap {
      #port = 143
      }
      inet_listener imaps {
      #port = 993
      #ssl = yes
      }
    
      # Number of connections to handle before starting a new process. Typically
      # the only useful values are 0 (unlimited) or 1. 1 is more secure, but 0
      # is faster. <doc/wiki/LoginProcess.txt>
      #service_count = 1
    
      # Number of processes to always keep waiting for more connections.
      #process_min_avail = 0
    
      # If you set service_count=0, you probably need to grow this.
      #vsz_limit = 64M
    }
    
    service pop3-login {
      inet_listener pop3 {
      #port = 110
      }
      inet_listener pop3s {
      #port = 995
      #ssl = yes
      }
    }
    
    service lmtp {
      unix_listener lmtp {
      #mode = 0666
      }
    
      # Create inet listener only if you can't use the above UNIX socket
      #inet_listener lmtp {
      # Avoid making LMTP visible for the entire internet
      #address =
      #port =
      #}
    }
    
    service imap {
      # Most of the memory goes to mmap()ing files. You may need to increase this
      # limit if you have huge mailboxes.
      #vsz_limit = 256M
    
      # Max. number of IMAP processes (connections)
      #process_limit = 1024
    }
    
    service pop3 {
      # Max. number of POP3 processes (connections)
      #process_limit = 1024
    }
    
    service auth {
      # auth_socket_path points to this userdb socket by default. It's typically
      # used by dovecot-lda, doveadm, possibly imap process, etc. Its default
      # permissions make it readable only by root, but you may need to relax these
      # permissions. Users that have access to this socket are able to get a list
      # of all usernames and get results of everyone's userdb lookups.
      unix_listener auth-userdb {
      mode = 0666
      user = postfix
      group = postfix
      }
    
      #Postfix smtp-auth
      unix_listener /var/spool/postfix/private/auth {
      mode = 0666
      }
    
      # Auth process is run as this user.
      #user = $default_internal_user
    }
    
    service auth-worker {
      # Auth worker process is run as root by default, so that it can access
      # /etc/shadow. If this isn't necessary, the user should be changed to
      # $default_internal_user.
      #user = root
    }
    
    service dict {
      # If dict proxy is used, mail processes should have access to its socket.
      # For example: mode=0660, group=vmail and global mail_access_groups=vmail
      unix_listener dict {
      #mode = 0600
      #user =
      #group =
      }
    }
    
    
    
     
  6. ahrasis

    ahrasis Member

    At least you are missing myhostname and mydestination in your postfix/main.cf, something like this:
    Code:
    [...]
    myhostname = yourserverdomain
    [...]
    mydestination = localhost, localhost.localdomain
    To check whether these files are properly symlinked, please post the output of:
    Code:
    ls -l /etc/postfix/smtpd.cert
    ls -l /etc/postfix/smtpd.key
    
    I will try to go through the others later i.e. when I am freer.
     
  7. badmonkey

    badmonkey New Member

    Variables in main.cf fixed.

    ls: cannot access /etc/postfix/smtpd.cert: No such file or directory
    ls: cannot access /etc/postfix/smtpd.key: No such file or directory

    Can it be setup without ssl until the issue is found? Or is that a bad idea?
     
  8. ahrasis

    ahrasis Member

    How did you fix it when the files that it is referring to do not exist? Did you remove the lines and disable tls / ssl?

    I do think postfix without ssl is a bad idea though I am not so sure whether that is possible to be setup in such away. My preference is always to follow the tutorials and guides in here.
     
  9. sjau

    sjau Local Meanie Moderator

    With ISPC Installation you should have the smtpd.cert and .key file in the /etc/postfix folder.
     
    ahrasis likes this.
  10. badmonkey

    badmonkey New Member

    Hhmm...those files are not present. The setup is vanilla by the how-to guide.

    I didn't fix it. It's never yet worked. Seems a great clue but I still have no idea how to fix it.
     
  11. badmonkey

    badmonkey New Member

  12. ahrasis

    ahrasis Member

    Have you restarted both postfix and dovecot afterwards and then reupdate ispconfig?

    By the way can you enter phpmyadmin as rouncube user and using its password?
     
  13. badmonkey

    badmonkey New Member

    Hey ahrasis! Hope you are well. Restarted dovecot and postfix. How do I update ispconfig?

    Honestly, I haven't yet installed roundcube. I wanted to fix the existing issue before confusing myself with something else in the mix. lol!
     
  14. ahrasis

    ahrasis Member

    Sorry. Try to log in phpmyadmin with your squirrelmail username and its password. You can also check this if your have a root access to phpmyadmin or mysql.

    Your update your ispconfig the same way as installing it i.e. :
    Code:
    cd /tmp
    wget http://www.ispconfig.org/downloads/ISPConfig-3-stable.tar.gz
    tar xfz ISPConfig-3-stable.tar.gz
    cd ispconfig3_install/install/
    
    Only you do update instead of install, like this:
    Code:
    php -q update.php
    
     
    Last edited: Feb 22, 2017

Share This Page