Dovecot / Postfix SMTP Auth Issue

Discussion in 'Installation/Configuration' started by DruKe, Apr 2, 2008.

  1. DruKe

    DruKe New Member

    I switched from cyrus to courier now to Dovecot for small features. ISPConfig 2.2.21 is running on a SLES 10 SP1 box.

    I used the hack to get the @domain.tld working for pop access (which works great). This happened to break the roundcube mail login and the domain.tld/mailuser areas.

    I was able to get the domain.tld/mailuser fixed with a different post in the forum. I'm still left with the round cube mail issue and the an SMTP auth issue.

    I would like to get the SMTP auth to work with the [email protected]

    From the other posts pertaining to this, I see both can be done but after pouring over it for a day I'm left with little option but to ask for help.

    I'm not sure what conf files you'll need info out of but I'll watch this close and report as soon as someone can help :)
     
    Last edited: Apr 2, 2008
  2. till

    till Super Moderator Staff Member ISPConfig Developer

  3. DruKe

    DruKe New Member

    Here is my dovecot.conf

    Code:
    protocols = imap imaps pop3 pop3s
    ssl_cert_file = /etc/ssl/certs/dovecot.pem
    ssl_key_file = /etc/ssl/private/dovecot.pem
    
    disable_plaintext_auth = no
    pop3_uidl_format = %08Xu%08Xv
    protocol pop3 {
    }
    
    protocol lda {
    # Address to use when sending rejection mails.
    postmaster_address = [email protected]
    }
    
    auth_username_format ="%Ld_%Ln"
    
    auth default {
    mechanisms = plain login
    
    passdb pam {
    }
    
    userdb passwd {
    }
    
    socket listen {
    client {
    path = /var/spool/postfix/private/auth
    mode = 0660
    user = postfix
    group = postfix
    }
    }
    }
    
    And here is my postfix main.cf

    Code:
    queue_directory = /var/spool/postfix
    command_directory = /usr/sbin
    daemon_directory = /usr/lib/postfix
    mail_owner = postfix
    unknown_local_recipient_reject_code = 550
    debug_peer_level = 3
    debugger_command =
             PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin
             xxgdb $daemon_directory/$process_name $process_id & sleep 5
    sendmail_path = /usr/sbin/sendmail
    newaliases_path = /usr/bin/newaliases
    mailq_path = /usr/bin/mailq
    setgid_group = maildrop
    html_directory = /usr/share/doc/packages/postfix/html
    manpage_directory = /usr/share/man
    sample_directory = /usr/share/doc/packages/postfix/samples
    readme_directory = /usr/share/doc/packages/postfix/README_FILES
    inet_protocols = all
    biff = no
    mail_spool_directory = /var/mail
    canonical_maps = hash:/etc/postfix/canonical
    virtual_alias_domains = hash:/etc/postfix/virtual
    relocated_maps = hash:/etc/postfix/relocated
    transport_maps = hash:/etc/postfix/transport
    sender_canonical_maps = hash:/etc/postfix/sender_canonical
    masquerade_exceptions = root
    masquerade_classes = envelope_sender, header_sender, header_recipient
    myhostname = web1.$mydomain
    #myhostname = $mydomain
    program_directory = /usr/lib/postfix
    inet_interfaces = all
    masquerade_domains =
    #mydestination = $myhostname, localhost.$mydomain
    defer_transports =
    mynetworks_style = subnet
    disable_dns_lookups = no
    relayhost =
    mailbox_command =
    mailbox_transport =
    strict_8bitmime = no
    disable_mime_output_conversion = no
    smtpd_sender_restrictions = hash:/etc/postfix/access
    smtpd_client_restrictions =
    smtpd_helo_required = no
    smtpd_helo_restrictions =
    strict_rfc821_envelopes = no
    smtpd_recipient_restrictions = permit_sasl_authenticated,permit_mynetworks,reject_unauth_destination
    smtp_sasl_auth_enable = no
    smtpd_sasl_auth_enable = yes
    smtpd_use_tls = yes
    smtp_use_tls = yes
    alias_maps = hash:/etc/aliases
    mailbox_size_limit = 0
    message_size_limit = 10240000
    mydomain = providenttech.com
    smtpd_sasl_local_domain =
    smtpd_sasl_security_options = noanonymous
    broken_sasl_auth_clients = yes
    smtpd_tls_auth_only = no
    smtp_tls_note_starttls_offer = yes
    smtpd_tls_key_file = /etc/postfix/ssl/smtpd.key
    smtpd_tls_cert_file = /etc/postfix/ssl/smtpd.crt
    smtpd_tls_CAfile = /etc/postfix/ssl/cacert.pem
    smtpd_tls_loglevel = 1
    smtpd_tls_received_header = yes
    smtpd_tls_session_cache_timeout = 3600s
    tls_random_source = dev:/dev/urandom
    smtpd_sasl_type = dovecot
    smtpd_sasl_path = private/auth
    virtual_maps = hash:/etc/postfix/virtusertable
    mydestination = /etc/postfix/local-host-names
    
    All looks good from that post? Anything look odd I don't see?
     
  4. DruKe

    DruKe New Member

    Buehler? :D
     
  5. till

    till Super Moderator Staff Member ISPConfig Developer

    Which errors do you get in the mail log?
     
  6. DruKe

    DruKe New Member

    This is from the mail log when I try to use [email protected] with the same PW as the POP account:

    Code:
    Apr  4 10:14:16 web1 postfix/smtpd[26040]: connect from unknown[10.2.3.26]
    Apr  4 10:14:16 web1 postfix/smtpd[26040]: warning: SASL authentication failure: Password verification failed
    Apr  4 10:14:16 web1 postfix/smtpd[26040]: warning: unknown[10.2.3.26]: SASL PLAIN authentication failed
    
     
  7. DruKe

    DruKe New Member

    I've been debugging a bit more. I started saslauthd in debug mode and here is the output:

    Code:
    web1:~ # saslauthd -d -a pam
    saslauthd[28867] :main            : num_procs  : 5
    saslauthd[28867] :main            : mech_option: NULL
    saslauthd[28867] :main            : run_path   : /var/run/sasl2/
    saslauthd[28867] :main            : auth_mech  : pam
    saslauthd[28867] :ipc_init        : using accept lock file: /var/run/sasl2//mux. accept
    saslauthd[28867] :detach_tty      : master pid is: 0
    saslauthd[28867] :ipc_init        : listening on socket: /var/run/sasl2//mux
    saslauthd[28867] :main            : using process model
    saslauthd[28868] :get_accept_lock : acquired accept lock
    saslauthd[28867] :have_baby       : forked child: 28868
    saslauthd[28867] :have_baby       : forked child: 28869
    saslauthd[28867] :have_baby       : forked child: 28870
    saslauthd[28867] :have_baby       : forked child: 28871
    saslauthd[28868] :rel_accept_lock : released accept lock
    saslauthd[28867] :get_accept_lock : acquired accept lock
    saslauthd[28868] :do_auth         : auth failure: [user=tgreene] [service=imap] [realm=] [mech=pam] [reason=PAM auth error]
    saslauthd[28867] :rel_accept_lock : released accept lock
    saslauthd[28868] :get_accept_lock : acquired accept lock
    saslauthd[28867] :do_auth         : auth failure: [user=tgreene] [service=imap] [realm=] [mech=pam] [reason=PAM auth error]
    
    It said it is a PAM error. Here is my /etc/pam.d/smtp config file. All look kosher?

    Code:
    auth required pam_mysql.so user=mailuser passwd=SECRET host=127.0.0.1 db=mail table=users usercolumn=email passwdcolumn=password crypt=1
    account sufficient pam_mysql.so user=mailuser passwd=SECRET host=127.0.0.1 db=mail table=users usercolumn=email passwdcolumn=password crypt=1
    
     
  8. DruKe

    DruKe New Member

    I'd like to go production on this server soon but I need to get this wrapped up. Does anyone have any -thoughts- at this point?
     
  9. falko

    falko Super Moderator ISPConfig Developer

    I'd love to help, but unfortunately I have no idea what's wrong...
    Is AppArmor switched off?
     
  10. DruKe

    DruKe New Member

    Thanks Falko. I actually hate app armor so I don't install it at install time.
    I think I may be having problems with PAM smtp conf.
    Is it a problem to have the user as root and root PW? Shouldn't that work?
     
  11. falko

    falko Super Moderator ISPConfig Developer

    How do you mean that?
     
  12. DruKe

    DruKe New Member

    For the pam.d smtp configuration as the mail user.
     
  13. falko

    falko Super Moderator ISPConfig Developer

    That should work.
     
  14. DruKe

    DruKe New Member

    I think I may have figured out the issue.
    My root password has a '#' in it.
    I am getting this error:
    Code:
     pam_mysql - required option "db" is not set
    Even though I have it set. So I think it's truncating everything after the '#' in the password.
    How can I reconfigure the ISPConfig to use a different mySQL password after I change it?
     
  15. DruKe

    DruKe New Member

    Got it. That was it! Thanks for everyone who looked.
     

Share This Page