You are not logged in.
I followed the wiki for setting up a virtual mail system. I can telnet or ssl in, and can successfully send emails from my accounts to gmail from postfixadmin.
I cannot however, receive messages from the outside world. They make it to the server, but cannot authenticate. Everything else works as it should, include domain records.
Output of journalctl -f --unit postfix.service
Nov 24 06:03:56 lolihunter-server postfix/smtpd[7792]: connect from mail-io0-f178.google.com[209.85.223.178]
Nov 24 06:03:56 lolihunter-server postfix/smtpd[7792]: Anonymous TLS connection established from mail-io0-f178.google.com[209.85.223.178]: TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)
Nov 24 06:03:56 lolihunter-server postfix/smtpd[7792]: warning: SASL: Connect to /var/run/dovecot/auth-client failed: Permission denied
Nov 24 06:03:56 lolihunter-server postfix/smtpd[7792]: fatal: no SASL authentication mechanisms
Nov 24 06:03:57 lolihunter-server postfix/master[7676]: warning: process /usr/lib/postfix/bin/smtpd pid 7792 exit status 1
Nov 24 06:03:57 lolihunter-server postfix/master[7676]: warning: /usr/lib/postfix/bin/smtpd: bad command startup -- throttlingThis leads me to believe it is either a simple problem with my config, or rather a permissions issue, especially the third line, yet I can't fix the issue on my own.
Output of postconf -n
alias_database = $alias_maps
alias_maps = hash:/etc/postfix/aliases
broken_sasl_auth_clients = yes
command_directory = /usr/bin
compatibility_level = 2
daemon_directory = /usr/lib/postfix/bin
data_directory = /var/lib/postfix
debug_peer_level = 2
debugger_command = PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin ddd $daemon_directory/$process_name $process_id & sleep 5
html_directory = no
inet_protocols = ipv4
local_recipient_maps = $virtual_mailbox_maps
local_transport = virtual
mail_owner = postfix
mailq_path = /usr/bin/mailq
manpage_directory = /usr/share/man
meta_directory = /etc/postfix
mydestination = localhost.$mydomain, localhost, $mydomain
mydomain = lolihunter.me
myhostname = lolihunter.me
mynetworks_style = host
myorigin = $mydomain
newaliases_path = /usr/bin/newaliases
queue_directory = /var/spool/postfix
readme_directory = /usr/share/doc/postfix
relay_domains = $mydestination
sample_directory = /etc/postfix
sendmail_path = /usr/bin/sendmail
setgid_group = postdrop
shlib_directory = /usr/lib/postfix
smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination
smtpd_relay_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination
smtpd_sasl_auth_enable = yes
smtpd_sasl_local_domain = lolihunter.me
smtpd_sasl_path = /var/run/dovecot/auth-client
smtpd_sasl_security_options = noanonymous
smtpd_sasl_tls_security_options = $smtpd_sasl_security_options
smtpd_sasl_type = dovecot
smtpd_tls_auth_only = yes
smtpd_tls_cert_file = /etc/letsencrypt/live/lolihunter.me/fullchain.pem
smtpd_tls_dh1024_param_file = /etc/letsencrypt/dhparams.pem
smtpd_tls_exclude_ciphers = aNULL, eNULL, EXPORT, DES, RC4, MD5, PSK, aECDH, EDH-DSS-DES-CBC3-SHA, EDH-RSA-DES-CBC3-SHA, KRB5-DES, CBC3-SHA
smtpd_tls_key_file = /etc/letsencrypt/live/lolihunter.me/privkey.pem
smtpd_tls_loglevel = 1
smtpd_tls_received_header = yes
smtpd_tls_security_level = may
transport_maps = hash:/etc/postfix/transport
unknown_local_recipient_reject_code = 550
virtual_alias_maps = proxy:mysql:/etc/postfix/virtual_alias_maps.cf
virtual_gid_maps = static:5000
virtual_mailbox_base = /home/vmail
virtual_mailbox_domains = proxy:mysql:/etc/postfix/virtual_mailbox_domains.cf
virtual_mailbox_limit = 512000000
virtual_mailbox_maps = proxy:mysql:/etc/postfix/virtual_mailbox_maps.cf
virtual_minimum_uid = 5000
virtual_transport = virtual
virtual_uid_maps = static:5000/etc/dovecot/dovecot.conf
protocols = imap pop3
auth_mechanisms = plain
passdb {
driver = sql
args = /etc/dovecot/dovecot-sql.conf
}
userdb {
driver = sql
args = /etc/dovecot/dovecot-sql.conf
}
service auth {
unix_listener auth-client {
group = vmail
mode = 0660
user = vmail
}
user = root
}
login_greeting = Dovecot ready for action.
auth_mechanisms = plain login
mail_home = /home/vmail/%d/%n
mail_location = maildir:~
ssl_cipher_list=ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECD$
ssl_prefer_server_ciphers = yes
ssl_dh_parameters_length = 2048
ssl_cert = </etc/letsencrypt/live/lolihunter.me/fullchain.pem
ssl_key = </etc/letsencrypt/live/lolihunter.me/privkey.pem/etc/dovecot/dovecot-sql.conf
driver = mysql
connect = host=localhost dbname=postfix_db user=postfix_user password=postfixadmin
# It is highly recommended to not use deprecated MD5-CRYPT. Read more at http://wiki2.dovecot.org/Authentication/PasswordSchemes
default_pass_scheme = SHA512-CRYPT
# Get the mailbox
user_query = SELECT '/home/vmail/%d/%n' as home, 'maildir:/home/vmail/%d/%n' as mail, 5000 AS uid, 5000 AS gid, concat('dirsize:storage=', quota) AS quota FROM mailbox WHERE username = '%u' AND active = '1'
# Get the password
password_query = SELECT username as user, password, '/home/vmail/%d/%n' as userdb_home, 'maildir:/home/vmail/%d/%n' as userdb_mail, 5000 as userdb_uid, 5000 as userdb_gid FROM mailbox WHERE username = '%u' AND active = '1'
# If using client certificates for authentication, comment the above and uncomment the following
#password_query = SELECT null AS password, ‘%u’ AS userAny help would be greatly appreciated.
Last edited by lolihunter (2016-11-27 14:44:45)
Offline
Our wiki is little outdated...
My setup is very similar to yours with the exceptions:
Postfix:
smtpd_sasl_path = private/authDovecot:
ssl_protocols = !SSLv2 !SSLv3
ssl_cipher_list = ALL:!LOW:!SSLv2:!EXP:!aNULL
service auth {
unix_listener /var/spool/postfix/private/auth {
mode = 0660
# Assuming the default Postfix user and group
user = postfix
group = postfix
}
}More on Dovecot Postfix SASL wiki
Offline
Thanks for the help edacval, you helped me get this sorted out. Finally got some time to play with it this morning.
I had I had to set both smtpd_sasl_path and unix_listener to the full path, /var/spool/postfix/private/auth.
I also had to change back to the postfix user. Trying to run things as vmail as the wiki suggests no longer works, and always results in the permission denied error. I was even able to get roundcube working easily right after.
Offline