SASL plain authentication failed; unable to lookup user record
in [Postfix]
|
Prev: Mysterious error
Next: PATCH: smtpd_proxy logging
From: JP on 4 Dec 2009 13:05 i'll guess the solution to my problem will be something simple and obvious, because i know i ain't the first person to do this, but i've been staring at it for days and can't see what's wrong. os x snow leopard server; postfix 2.5.5; dovecot 1.1.17apple0.5 trying to get SMTP auth working via SASL. using a plain password scheme and plain auth scheme over SSL. client is apple mail. deliveries are working, and dovecot's pop3s and imaps are working just fine. but when i attempt to use smtp auth, postfix says SASL plain authentication failed unable to lookup user record scoured months worth of list archives and didn't see anything specific to this. other eyes are appreciated! thanks. # postconf -n biff = no command_directory = /usr/sbin config_directory = /etc/postfix content_filter = smtp-amavis:[127.0.0.1]:10024 daemon_directory = /usr/libexec/postfix debug_peer_level = 2 enable_server_options = yes header_checks = pcre:/etc/postfix/custom_header_checks html_directory = /usr/share/doc/postfix/html inet_interfaces = all mail_owner = _postfix mailbox_size_limit = 0 mailbox_transport = dovecot mailq_path = /usr/bin/mailq manpage_directory = /usr/share/man message_size_limit = 10485760 mydomain = example.com mydomain_fallback = localhost mynetworks = 127.0.0.0/8,192.168.61.0/24 newaliases_path = /usr/bin/newaliases queue_directory = /private/var/spool/postfix readme_directory = /usr/share/doc/postfix recipient_delimiter = + relayhost = sample_directory = /usr/share/doc/postfix/examples sendmail_path = /usr/sbin/sendmail setgid_group = _postdrop smtpd_client_restrictions = permit_mynetworks permit_sasl_authenticated reject smtpd_enforce_tls = no smtpd_helo_required = yes smtpd_helo_restrictions = reject_invalid_helo_hostname reject_non_fqdn_helo_hostname smtpd_pw_server_security_options = plain, login cram-md5 smtpd_recipient_restrictions = permit_sasl_authenticated permit_mynetworks reject_unauth_destination check_policy_service unix:private/policy reject smtpd_sasl_auth_enable = yes smtpd_sasl_path = private/auth smtpd_sasl_type = dovecot smtpd_tls_CAfile = /etc/certificates/osx-106.example.com.E2FA6EFB8203E2E09C605D30A179669E4B4F69EB.chain.pem smtpd_tls_cert_file = /etc/certificates/osx-106.example.com.E2FA6EFB8203E2E09C605D30A179669E4B4F69EB.cert.pem smtpd_tls_exclude_ciphers = SSLv2, aNULL, ADH, eNULL smtpd_tls_key_file = /etc/certificates/osx-106.example.com.E2FA6EFB8203E2E09C605D30A179669E4B4F69EB.key.pem smtpd_use_pw_server = yes smtpd_use_tls = yes unknown_local_recipient_reject_code = 550 virtual_alias_maps = virtual_gid_maps = static:5000 virtual_mailbox_base = /etc/postfix/datastore virtual_mailbox_domains = osx.example.com virtual_mailbox_maps = hash:/etc/postfix/datausers virtual_minimum_uid = 100 virtual_uid_maps = static:5000 # dovecotd -n # 1.1.17apple0.5: /private/etc/dovecot/dovecot.conf Warning: fd limit 256 is lower than what Dovecot can use under full load (more than 456). Either grow the limit or change login_max_processes_count and max_mail_processes settings # OS: Darwin 10.2.0 i386 hfs base_dir: /var/run/dovecot syslog_facility: local6 protocols: pop3s imaps ssl_cert_file: /etc/certificates/osx-106.example.com.E2FA6EFB8203E2E09C605D30A179669E4B4F69EB.cert.pem ssl_key_file: /etc/certificates/osx-106.example.com.E2FA6EFB8203E2E09C605D30A179669E4B4F69EB.key.pem ssl_cipher_list: ALL:!LOW:!SSLv2:!aNULL:!ADH:!eNULL disable_plaintext_auth: no login_dir: /var/run/dovecot/login login_executable(default): /usr/libexec/dovecot/imap-login login_executable(imap): /usr/libexec/dovecot/imap-login login_executable(pop3): /usr/libexec/dovecot/pop3-login login_user: _dovecot login_process_per_connection: no max_mail_processes: 200 mail_max_userip_connections(default): 20 mail_max_userip_connections(imap): 20 mail_max_userip_connections(pop3): 10 verbose_proctitle: yes first_valid_uid: 6 first_valid_gid: 6 mail_access_groups: mail mail_location: maildir:/etc/postfix/datastore/%d/%n mail_debug: yes mail_executable(default): /usr/libexec/dovecot/imap mail_executable(imap): /usr/libexec/dovecot/imap mail_executable(pop3): /usr/libexec/dovecot/pop3 mail_process_sharing: full mail_max_connections: 5 mail_plugins(default): quota imap_quota mail_plugins(imap): quota imap_quota mail_plugins(pop3): quota mail_plugin_dir(default): /usr/lib/dovecot/imap mail_plugin_dir(imap): /usr/lib/dovecot/imap mail_plugin_dir(pop3): /usr/lib/dovecot/pop3 auth default: verbose: yes debug: yes debug_passwords: yes passdb: driver: passwd-file args: username_format=%n /etc/postfix/datastore/%d-passwd userdb: driver: passwd-file args: username_format=%n /etc/postfix/datastore/%d-passwd socket: type: listen client: path: /var/spool/postfix/private/auth mode: 432 user: postfix group: postfix plugin: quota_warning: storage=100%% /usr/libexec/dovecot/quota-exceeded.sh quota: maildir:User quota sieve: /var/spool/imap/dovecot/sieve-scripts/%u/dovecot.sieve
From: Patrick Ben Koetter on 4 Dec 2009 15:29 * JP <postfix(a)postfix.exjay.com>: > i'll guess the solution to my problem will be something simple and > obvious, because i know i ain't the first person to do this, but i've > been staring at it for days and can't see what's wrong. > > os x snow leopard server; postfix 2.5.5; dovecot 1.1.17apple0.5 > > trying to get SMTP auth working via SASL. using a plain password > scheme and plain auth scheme over SSL. client is apple mail. > deliveries are working, and dovecot's pop3s and imaps are working > just fine. but when i attempt to use smtp auth, postfix says > > SASL plain authentication failed > unable to lookup user record Your Postfix uses Dovecot SASL. Have you tried to authenticate using a telnet session, sending AUTH identity on command line? p(a)rick > > scoured months worth of list archives and didn't see anything > specific to this. other eyes are appreciated! thanks. > > # postconf -n > biff = no > command_directory = /usr/sbin > config_directory = /etc/postfix > content_filter = smtp-amavis:[127.0.0.1]:10024 > daemon_directory = /usr/libexec/postfix > debug_peer_level = 2 > enable_server_options = yes > header_checks = pcre:/etc/postfix/custom_header_checks > html_directory = /usr/share/doc/postfix/html > inet_interfaces = all > mail_owner = _postfix > mailbox_size_limit = 0 > mailbox_transport = dovecot > mailq_path = /usr/bin/mailq > manpage_directory = /usr/share/man > message_size_limit = 10485760 > mydomain = example.com > mydomain_fallback = localhost > mynetworks = 127.0.0.0/8,192.168.61.0/24 > newaliases_path = /usr/bin/newaliases > queue_directory = /private/var/spool/postfix > readme_directory = /usr/share/doc/postfix > recipient_delimiter = + > relayhost = > sample_directory = /usr/share/doc/postfix/examples > sendmail_path = /usr/sbin/sendmail > setgid_group = _postdrop > smtpd_client_restrictions = permit_mynetworks permit_sasl_authenticated > reject > smtpd_enforce_tls = no > smtpd_helo_required = yes > smtpd_helo_restrictions = reject_invalid_helo_hostname > reject_non_fqdn_helo_hostname > smtpd_pw_server_security_options = plain, login cram-md5 > smtpd_recipient_restrictions = permit_sasl_authenticated > permit_mynetworks reject_unauth_destination check_policy_service > unix:private/policy reject > smtpd_sasl_auth_enable = yes > smtpd_sasl_path = private/auth > smtpd_sasl_type = dovecot > smtpd_tls_CAfile = > /etc/certificates/osx-106.example.com.E2FA6EFB8203E2E09C605D30A179669E4B4F69EB.chain.pem > smtpd_tls_cert_file = > /etc/certificates/osx-106.example.com.E2FA6EFB8203E2E09C605D30A179669E4B4F69EB.cert.pem > smtpd_tls_exclude_ciphers = SSLv2, aNULL, ADH, eNULL > smtpd_tls_key_file = > /etc/certificates/osx-106.example.com.E2FA6EFB8203E2E09C605D30A179669E4B4F69EB.key.pem > smtpd_use_pw_server = yes > smtpd_use_tls = yes > unknown_local_recipient_reject_code = 550 > virtual_alias_maps = > virtual_gid_maps = static:5000 > virtual_mailbox_base = /etc/postfix/datastore > virtual_mailbox_domains = osx.example.com > virtual_mailbox_maps = hash:/etc/postfix/datausers > virtual_minimum_uid = 100 > virtual_uid_maps = static:5000 > > > > > # dovecotd -n > # 1.1.17apple0.5: /private/etc/dovecot/dovecot.conf > Warning: fd limit 256 is lower than what Dovecot can use under full load > (more than 456). Either grow the limit or change > login_max_processes_count and max_mail_processes settings > # OS: Darwin 10.2.0 i386 hfs > base_dir: /var/run/dovecot > syslog_facility: local6 > protocols: pop3s imaps > ssl_cert_file: > /etc/certificates/osx-106.example.com.E2FA6EFB8203E2E09C605D30A179669E4B4F69EB.cert.pem > ssl_key_file: > /etc/certificates/osx-106.example.com.E2FA6EFB8203E2E09C605D30A179669E4B4F69EB.key.pem > ssl_cipher_list: ALL:!LOW:!SSLv2:!aNULL:!ADH:!eNULL > disable_plaintext_auth: no > login_dir: /var/run/dovecot/login > login_executable(default): /usr/libexec/dovecot/imap-login > login_executable(imap): /usr/libexec/dovecot/imap-login > login_executable(pop3): /usr/libexec/dovecot/pop3-login > login_user: _dovecot > login_process_per_connection: no > max_mail_processes: 200 > mail_max_userip_connections(default): 20 > mail_max_userip_connections(imap): 20 > mail_max_userip_connections(pop3): 10 > verbose_proctitle: yes > first_valid_uid: 6 > first_valid_gid: 6 > mail_access_groups: mail > mail_location: maildir:/etc/postfix/datastore/%d/%n > mail_debug: yes > mail_executable(default): /usr/libexec/dovecot/imap > mail_executable(imap): /usr/libexec/dovecot/imap > mail_executable(pop3): /usr/libexec/dovecot/pop3 > mail_process_sharing: full > mail_max_connections: 5 > mail_plugins(default): quota imap_quota > mail_plugins(imap): quota imap_quota > mail_plugins(pop3): quota > mail_plugin_dir(default): /usr/lib/dovecot/imap > mail_plugin_dir(imap): /usr/lib/dovecot/imap > mail_plugin_dir(pop3): /usr/lib/dovecot/pop3 > auth default: > verbose: yes > debug: yes > debug_passwords: yes > passdb: > driver: passwd-file > args: username_format=%n /etc/postfix/datastore/%d-passwd > userdb: > driver: passwd-file > args: username_format=%n /etc/postfix/datastore/%d-passwd > socket: > type: listen > client: > path: /var/spool/postfix/private/auth > mode: 432 > user: postfix > group: postfix > plugin: > quota_warning: storage=100%% /usr/libexec/dovecot/quota-exceeded.sh > quota: maildir:User quota > sieve: /var/spool/imap/dovecot/sieve-scripts/%u/dovecot.sieve > > > > > -- All technical questions asked privately will be automatically answered on the list and archived for public access unless privacy is explicitely required and justified. saslfinger (debugging SMTP AUTH): <http://postfix.state-of-mind.de/patrick.koetter/saslfinger/>
From: JP on 4 Dec 2009 16:23 Patrick Ben Koetter wrote: > * JP <postfix(a)postfix.exjay.com>: >> i'll guess the solution to my problem will be something simple and >> obvious, because i know i ain't the first person to do this, but i've >> been staring at it for days and can't see what's wrong. >> >> os x snow leopard server; postfix 2.5.5; dovecot 1.1.17apple0.5 >> >> trying to get SMTP auth working via SASL. using a plain password >> scheme and plain auth scheme over SSL. client is apple mail. >> deliveries are working, and dovecot's pop3s and imaps are working >> just fine. but when i attempt to use smtp auth, postfix says >> >> SASL plain authentication failed >> unable to lookup user record > > Your Postfix uses Dovecot SASL. Have you tried to authenticate using a telnet > session, sending AUTH identity on command line? > > p(a)rick > > >> scoured months worth of list archives and didn't see anything >> specific to this. other eyes are appreciated! thanks. >> >> # postconf -n >> biff = no >> command_directory = /usr/sbin >> config_directory = /etc/postfix >> content_filter = smtp-amavis:[127.0.0.1]:10024 >> daemon_directory = /usr/libexec/postfix >> debug_peer_level = 2 >> enable_server_options = yes >> header_checks = pcre:/etc/postfix/custom_header_checks >> html_directory = /usr/share/doc/postfix/html >> inet_interfaces = all >> mail_owner = _postfix >> mailbox_size_limit = 0 >> mailbox_transport = dovecot >> mailq_path = /usr/bin/mailq >> manpage_directory = /usr/share/man >> message_size_limit = 10485760 >> mydomain = example.com >> mydomain_fallback = localhost >> mynetworks = 127.0.0.0/8,192.168.61.0/24 >> newaliases_path = /usr/bin/newaliases >> queue_directory = /private/var/spool/postfix >> readme_directory = /usr/share/doc/postfix >> recipient_delimiter = + >> relayhost = >> sample_directory = /usr/share/doc/postfix/examples >> sendmail_path = /usr/sbin/sendmail >> setgid_group = _postdrop >> smtpd_client_restrictions = permit_mynetworks permit_sasl_authenticated >> reject >> smtpd_enforce_tls = no >> smtpd_helo_required = yes >> smtpd_helo_restrictions = reject_invalid_helo_hostname >> reject_non_fqdn_helo_hostname >> smtpd_pw_server_security_options = plain, login cram-md5 >> smtpd_recipient_restrictions = permit_sasl_authenticated >> permit_mynetworks reject_unauth_destination check_policy_service >> unix:private/policy reject >> smtpd_sasl_auth_enable = yes >> smtpd_sasl_path = private/auth >> smtpd_sasl_type = dovecot >> smtpd_tls_CAfile = >> /etc/certificates/osx-106.example.com.E2FA6EFB8203E2E09C605D30A179669E4B4F69EB.chain.pem >> smtpd_tls_cert_file = >> /etc/certificates/osx-106.example.com.E2FA6EFB8203E2E09C605D30A179669E4B4F69EB.cert.pem >> smtpd_tls_exclude_ciphers = SSLv2, aNULL, ADH, eNULL >> smtpd_tls_key_file = >> /etc/certificates/osx-106.example.com.E2FA6EFB8203E2E09C605D30A179669E4B4F69EB.key.pem >> smtpd_use_pw_server = yes >> smtpd_use_tls = yes >> unknown_local_recipient_reject_code = 550 >> virtual_alias_maps = >> virtual_gid_maps = static:5000 >> virtual_mailbox_base = /etc/postfix/datastore >> virtual_mailbox_domains = osx.example.com >> virtual_mailbox_maps = hash:/etc/postfix/datausers >> virtual_minimum_uid = 100 >> virtual_uid_maps = static:5000 >> >> >> >> >> # dovecotd -n >> # 1.1.17apple0.5: /private/etc/dovecot/dovecot.conf >> Warning: fd limit 256 is lower than what Dovecot can use under full load >> (more than 456). Either grow the limit or change >> login_max_processes_count and max_mail_processes settings >> # OS: Darwin 10.2.0 i386 hfs >> base_dir: /var/run/dovecot >> syslog_facility: local6 >> protocols: pop3s imaps >> ssl_cert_file: >> /etc/certificates/osx-106.example.com.E2FA6EFB8203E2E09C605D30A179669E4B4F69EB.cert.pem >> ssl_key_file: >> /etc/certificates/osx-106.example.com.E2FA6EFB8203E2E09C605D30A179669E4B4F69EB.key.pem >> ssl_cipher_list: ALL:!LOW:!SSLv2:!aNULL:!ADH:!eNULL >> disable_plaintext_auth: no >> login_dir: /var/run/dovecot/login >> login_executable(default): /usr/libexec/dovecot/imap-login >> login_executable(imap): /usr/libexec/dovecot/imap-login >> login_executable(pop3): /usr/libexec/dovecot/pop3-login >> login_user: _dovecot >> login_process_per_connection: no >> max_mail_processes: 200 >> mail_max_userip_connections(default): 20 >> mail_max_userip_connections(imap): 20 >> mail_max_userip_connections(pop3): 10 >> verbose_proctitle: yes >> first_valid_uid: 6 >> first_valid_gid: 6 >> mail_access_groups: mail >> mail_location: maildir:/etc/postfix/datastore/%d/%n >> mail_debug: yes >> mail_executable(default): /usr/libexec/dovecot/imap >> mail_executable(imap): /usr/libexec/dovecot/imap >> mail_executable(pop3): /usr/libexec/dovecot/pop3 >> mail_process_sharing: full >> mail_max_connections: 5 >> mail_plugins(default): quota imap_quota >> mail_plugins(imap): quota imap_quota >> mail_plugins(pop3): quota >> mail_plugin_dir(default): /usr/lib/dovecot/imap >> mail_plugin_dir(imap): /usr/lib/dovecot/imap >> mail_plugin_dir(pop3): /usr/lib/dovecot/pop3 >> auth default: >> verbose: yes >> debug: yes >> debug_passwords: yes >> passdb: >> driver: passwd-file >> args: username_format=%n /etc/postfix/datastore/%d-passwd >> userdb: >> driver: passwd-file >> args: username_format=%n /etc/postfix/datastore/%d-passwd >> socket: >> type: listen >> client: >> path: /var/spool/postfix/private/auth >> mode: 432 >> user: postfix >> group: postfix >> plugin: >> quota_warning: storage=100%% /usr/libexec/dovecot/quota-exceeded.sh >> quota: maildir:User quota >> sieve: /var/spool/imap/dovecot/sieve-scripts/%u/dovecot.sieve >> >> >> >> >> > > Your Postfix uses Dovecot SASL. Have you tried to authenticate using a > telnet > session, sending AUTH identity on command line? > > p(a)rick > yes, i have. Escape character is '^]'. 220 osx-106.example.com ESMTP Postfix EHLO foobie.example.com 250-osx-106.example.com 250-PIPELINING 250-SIZE 10485760 250-VRFY 250-ETRN 250-AUTH LOGIN PLAIN CRAM-MD5 250-STARTTLS 250-ENHANCEDSTATUSCODES 250-8BITMIME 250 DSN AUTH PLAIN 1a1dc91c907325c69271ddf0c944bc72blahblahblah 535 Error: authentication failed
From: Patrick Ben Koetter on 4 Dec 2009 16:45 * JP <postfix(a)postfix.exjay.com>: > >Your Postfix uses Dovecot SASL. Have you tried to authenticate using a telnet > >session, sending AUTH identity on command line? > > > Escape character is '^]'. > 220 osx-106.example.com ESMTP Postfix > EHLO foobie.example.com > 250-osx-106.example.com > 250-PIPELINING > 250-SIZE 10485760 > 250-VRFY > 250-ETRN > 250-AUTH LOGIN PLAIN CRAM-MD5 > 250-STARTTLS > 250-ENHANCEDSTATUSCODES > 250-8BITMIME > 250 DSN > AUTH PLAIN 1a1dc91c907325c69271ddf0c944bc72blahblahblah > 535 Error: authentication failed Postfix and Dovecot both use the Dovecot authentication methods. Dovecot works, Postfix doesn't. Where's the difference? What happens if you try an IMAP "login" on command line and send the same credentials? If you send the same credentials and it succeeds, then something between Postfix and the Dovecot auth socket is probably wrong. If IMAP login fails too, then you probably send the wrong credentials during SMTP AUTH and you should find out what is sent during IMAP login. p(a)rick -- All technical questions asked privately will be automatically answered on the list and archived for public access unless privacy is explicitely required and justified. saslfinger (debugging SMTP AUTH): <http://postfix.state-of-mind.de/patrick.koetter/saslfinger/>
From: JP on 9 Dec 2009 13:51 Patrick Ben Koetter wrote: > * JP <postfix(a)postfix.exjay.com>: >> i'll guess the solution to my problem will be something simple and >> obvious, because i know i ain't the first person to do this, but i've >> been staring at it for days and can't see what's wrong. >> >> os x snow leopard server; postfix 2.5.5; dovecot 1.1.17apple0.5 >> >> trying to get SMTP auth working via SASL. using a plain password >> scheme and plain auth scheme over SSL. client is apple mail. >> deliveries are working, and dovecot's pop3s and imaps are working >> just fine. but when i attempt to use smtp auth, postfix says >> >> SASL plain authentication failed >> unable to lookup user record > > Your Postfix uses Dovecot SASL. Have you tried to authenticate using a telnet > session, sending AUTH identity on command line? > > p(a)rick > > >> scoured months worth of list archives and didn't see anything >> specific to this. other eyes are appreciated! thanks. >> >> # postconf -n >> biff = no >> command_directory = /usr/sbin >> config_directory = /etc/postfix >> content_filter = smtp-amavis:[127.0.0.1]:10024 >> daemon_directory = /usr/libexec/postfix >> debug_peer_level = 2 >> enable_server_options = yes >> header_checks = pcre:/etc/postfix/custom_header_checks >> html_directory = /usr/share/doc/postfix/html >> inet_interfaces = all >> mail_owner = _postfix >> mailbox_size_limit = 0 >> mailbox_transport = dovecot >> mailq_path = /usr/bin/mailq >> manpage_directory = /usr/share/man >> message_size_limit = 10485760 >> mydomain = example.com >> mydomain_fallback = localhost >> mynetworks = 127.0.0.0/8,192.168.61.0/24 >> newaliases_path = /usr/bin/newaliases >> queue_directory = /private/var/spool/postfix >> readme_directory = /usr/share/doc/postfix >> recipient_delimiter = + >> relayhost = >> sample_directory = /usr/share/doc/postfix/examples >> sendmail_path = /usr/sbin/sendmail >> setgid_group = _postdrop >> smtpd_client_restrictions = permit_mynetworks permit_sasl_authenticated >> reject >> smtpd_enforce_tls = no >> smtpd_helo_required = yes >> smtpd_helo_restrictions = reject_invalid_helo_hostname >> reject_non_fqdn_helo_hostname >> smtpd_pw_server_security_options = plain, login cram-md5 >> smtpd_recipient_restrictions = permit_sasl_authenticated >> permit_mynetworks reject_unauth_destination check_policy_service >> unix:private/policy reject >> smtpd_sasl_auth_enable = yes >> smtpd_sasl_path = private/auth >> smtpd_sasl_type = dovecot >> smtpd_tls_CAfile = >> /etc/certificates/osx-106.example.com.E2FA6EFB8203E2E09C605D30A179669E4B4F69EB.chain.pem >> smtpd_tls_cert_file = >> /etc/certificates/osx-106.example.com.E2FA6EFB8203E2E09C605D30A179669E4B4F69EB.cert.pem >> smtpd_tls_exclude_ciphers = SSLv2, aNULL, ADH, eNULL >> smtpd_tls_key_file = >> /etc/certificates/osx-106.example.com.E2FA6EFB8203E2E09C605D30A179669E4B4F69EB.key.pem >> smtpd_use_pw_server = yes >> smtpd_use_tls = yes >> unknown_local_recipient_reject_code = 550 >> virtual_alias_maps = >> virtual_gid_maps = static:5000 >> virtual_mailbox_base = /etc/postfix/datastore >> virtual_mailbox_domains = osx.example.com >> virtual_mailbox_maps = hash:/etc/postfix/datausers >> virtual_minimum_uid = 100 >> virtual_uid_maps = static:5000 >> >> >> >> >> # dovecotd -n >> # 1.1.17apple0.5: /private/etc/dovecot/dovecot.conf >> Warning: fd limit 256 is lower than what Dovecot can use under full load >> (more than 456). Either grow the limit or change >> login_max_processes_count and max_mail_processes settings >> # OS: Darwin 10.2.0 i386 hfs >> base_dir: /var/run/dovecot >> syslog_facility: local6 >> protocols: pop3s imaps >> ssl_cert_file: >> /etc/certificates/osx-106.example.com.E2FA6EFB8203E2E09C605D30A179669E4B4F69EB.cert.pem >> ssl_key_file: >> /etc/certificates/osx-106.example.com.E2FA6EFB8203E2E09C605D30A179669E4B4F69EB.key.pem >> ssl_cipher_list: ALL:!LOW:!SSLv2:!aNULL:!ADH:!eNULL >> disable_plaintext_auth: no >> login_dir: /var/run/dovecot/login >> login_executable(default): /usr/libexec/dovecot/imap-login >> login_executable(imap): /usr/libexec/dovecot/imap-login >> login_executable(pop3): /usr/libexec/dovecot/pop3-login >> login_user: _dovecot >> login_process_per_connection: no >> max_mail_processes: 200 >> mail_max_userip_connections(default): 20 >> mail_max_userip_connections(imap): 20 >> mail_max_userip_connections(pop3): 10 >> verbose_proctitle: yes >> first_valid_uid: 6 >> first_valid_gid: 6 >> mail_access_groups: mail >> mail_location: maildir:/etc/postfix/datastore/%d/%n >> mail_debug: yes >> mail_executable(default): /usr/libexec/dovecot/imap >> mail_executable(imap): /usr/libexec/dovecot/imap >> mail_executable(pop3): /usr/libexec/dovecot/pop3 >> mail_process_sharing: full >> mail_max_connections: 5 >> mail_plugins(default): quota imap_quota >> mail_plugins(imap): quota imap_quota >> mail_plugins(pop3): quota >> mail_plugin_dir(default): /usr/lib/dovecot/imap >> mail_plugin_dir(imap): /usr/lib/dovecot/imap >> mail_plugin_dir(pop3): /usr/lib/dovecot/pop3 >> auth default: >> verbose: yes >> debug: yes >> debug_passwords: yes >> passdb: >> driver: passwd-file >> args: username_format=%n /etc/postfix/datastore/%d-passwd >> userdb: >> driver: passwd-file >> args: username_format=%n /etc/postfix/datastore/%d-passwd >> socket: >> type: listen >> client: >> path: /var/spool/postfix/private/auth >> mode: 432 >> user: postfix >> group: postfix >> plugin: >> quota_warning: storage=100%% /usr/libexec/dovecot/quota-exceeded.sh >> quota: maildir:User quota >> sieve: /var/spool/imap/dovecot/sieve-scripts/%u/dovecot.sieve >> >>> Your Postfix uses Dovecot SASL. Have you tried to authenticate using a telnet >>> session, sending AUTH identity on command line? >>> >> Escape character is '^]'. >> 220 osx-106.example.com ESMTP Postfix >> EHLO foobie.example.com >> 250-osx-106.example.com >> 250-PIPELINING >> 250-SIZE 10485760 >> 250-VRFY >> 250-ETRN >> 250-AUTH LOGIN PLAIN CRAM-MD5 >> 250-STARTTLS >> 250-ENHANCEDSTATUSCODES >> 250-8BITMIME >> 250 DSN >> AUTH PLAIN 1a1dc91c907325c69271ddf0c944bc72blahblahblah >> 535 Error: authentication failed > > Postfix and Dovecot both use the Dovecot authentication methods. > Dovecot works, Postfix doesn't. Where's the difference? > > What happens if you try an IMAP "login" on command line and send the same > credentials? > > If you send the same credentials and it succeeds, then something between > Postfix and the Dovecot auth socket is probably wrong. > > If IMAP login fails too, then you probably send the wrong credentials during > SMTP AUTH and you should find out what is sent during IMAP login. > > p(a)rick yes, the imap login works. i agree that it is obviously something between postfix and dovecot, and that's where i'm stuck. my configuration is the same simple config that is well documented on both the postfix and dovecot sites. as it should be, the socket is srw-rw---- 1 _postfix _postfix 0 Dec 4 08:51 /var/spool/postfix/private/auth lsof shows the socket is open by dovecot-auth (which is running as root): dovecot-a 63614 root 5u unix 0x0888b990 0t0 /var/spool/postfix/private/auth i haven't seen the socket opened by postfix. i'm assuming that that event is transient. so both postfix and dovecot have read/write access to the socket. the credentials sent are the same whether they're sent via a true mail client or via the command line. when sent via the command line, they're generated via perl -MMIME::Base64 -e 'print encode_base64("\0username\0password");'and i've verified they're correct via decode_base64 any other insight would be appreciated. thanks.
|
Pages: 1 Prev: Mysterious error Next: PATCH: smtpd_proxy logging |