Bug 230010 - PostFix not working with DoveCot + Sasl + TLS
PostFix not working with DoveCot + Sasl + TLS
Status: CLOSED NOTABUG
Product: Red Hat Enterprise Linux 4
Classification: Red Hat
Component: postfix (Show other bugs)
4.4
i386 Linux
medium Severity urgent
: ---
: ---
Assigned To: Thomas Woerner
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2007-02-25 15:06 EST by F
Modified: 2007-11-16 20:14 EST (History)
0 users

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2007-06-05 05:23:49 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description F 2007-02-25 15:06:27 EST
plain RHEL 4.4 box - had a successful setup of sendmail + dovecot with SSL. 
Goal was to switch from sendmail to postfix:

My Current (non-working) setup including steps I took:

up2date -i postfix
system-switch-mail

# The latest PostFix version with RHEL4 is Postfix 2.2.10, but postfix.org 
states "Dovecot SASL support is
# available in Postfix 2.3 and later.", so downloading postfix 2.3.7:
wget http://ftp.wl0.org/official/2.3/RPMS-rhel4....rhel4.i386.rpm
rpm -u postfix-2.3.7-1.rhel4.i386.rpm

# Creating certs:
mkdir /etc/postfix/ssl
cd /etc/postfix/ssl/
openssl genrsa -des3 -rand /etc/hosts -out smtpd.key 1024
chmod 600 smtpd.key
openssl req -new -key smtpd.key -out smtpd.csr
openssl x509 -req -days 3650 -in smtpd.csr -signkey smtpd.key -out smtpd.crt
openssl rsa -in smtpd.key -out smtpd.key.unencrypted
mv -f smtpd.key.unencrypted smtpd.key
openssl req -new -x509 -extensions v3_ca -keyout cakey.pem -out cacert.pem -
days 3650

#Creating a certificate for Outlook:
openssl pkcs12 -export -in smtpd.crt -inkey smtpd.key -out OutlookSMTP.p12
#Then import the OutlookSMTP.p12 file into the Trusted Root Certification 
Authorities store.



#This is my main.cf file copied from howtoforge.com's perfect Centos 4.4 setup:

queue_directory = /var/spool/postfix
command_directory = /usr/sbin
daemon_directory = /usr/libexec/postfix
mail_owner = postfix
inet_interfaces = all
mydestination = $myhostname, localhost.$mydomain, localhost
unknown_local_recipient_reject_code = 550
alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases
debug_peer_level = 2
debugger_command =
PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin
xxgdb $daemon_directory/$process_name $process_id & sleep 5
sendmail_path = /usr/sbin/sendmail.postfix
newaliases_path = /usr/bin/newaliases.postfix
mailq_path = /usr/bin/mailq.postfix
setgid_group = postdrop
html_directory = no
manpage_directory = /usr/share/man
sample_directory = /usr/share/doc/postfix-2.1.5/samples
readme_directory = /usr/share/doc/postfix-2.1.5/README_FILES
smtpd_sasl_local_domain =
smtpd_sasl_auth_enable = yes
smtpd_sasl_security_options = noanonymous
broken_sasl_auth_clients = yes
smtpd_recipient_restrictions = 
permit_sasl_authenticated,permit_mynetworks,reject_unauth_destination
mynetworks = 127.0.0.0/8
smtpd_tls_auth_only = no
smtp_use_tls = yes
smtpd_use_tls = yes
smtp_tls_note_starttls_offer = yes
smtpd_tls_key_file = /etc/postfix/ssl/smtpd.key
smtpd_tls_cert_file = /etc/postfix/ssl/smtpd.crt
smtpd_tls_CAfile = /etc/postfix/ssl/cacert.pem
smtpd_tls_loglevel = 1
smtpd_tls_received_header = yes
smtpd_tls_session_cache_timeout = 3600s
tls_random_source = dev:/dev/urandom

#above conf didn't work, neither with postfix 2.2.10 nor with the 2.3

#This is dovecot specific that I added based on postfix.org:
smtpd_sasl_type = dovecot
smtpd_sasl_path = private/auth

#This is some more I added as dovecot uses maildir and 
#I'm using the virtual file to redirect all local virtual users
#to the "mailuser1" account that I use for logging in, or should
#i use the "postfix" user for loggin in with outlook?

home_mailbox = Maildir/
mailbox_command =
virtual_alias_maps = hash:/etc/postfix/virtual

#Also uncommented this in master.cf to open port 465:

smtps inet n - n - - smtpd 
-o smtpd_tls_wrappermode=yes 
-o smtpd_sasl_auth_enable=yes 
-o smtpd_client_restrictions=permit_sasl_authenticated,reject



Additional Notes:

I'm using outlook express to connect to port 465 for receiving pop3s mail and 
port 995 for sending smtps mail

The Perfect Centos 4.4 setup states:
"We must edit /usr/lib/sasl2/smtpd.conf so that Postfix allows PLAIN and LOGIN 
logins. On a 64Bit Centos 4.4 you must edit the 
file /usr/lib64/sasl2/smtpd.conf instead."

Though I have all cyrus-sasl packages installed:

cyrus-sasl-md5-2.1.19-5.EL4
cyrus-sasl-gssapi-2.1.19-5.EL4
cyrus-sasl-2.1.19-5.EL4
cyrus-sasl-plain-2.1.19-5.EL4
cyrus-sasl-devel-2.1.19-5.EL4

I don't have the smtpd.conf file on my system. So I created it:
nano -w /usr/lib/sasl2/smtpd.conf

And entered:
pwcheck_method: saslauthd
mech_list: plain login

I also edited "/etc/sysconfig/saslauthd" and changed:
MECH=pam

But when i send "ehlo localhost" to test things, there's no:
250-AUTH PLAIN LOGIN
250-AUTH=PLAIN LOGIN

but
250-STARTTLS
exists



When, as stated on "Dovecot SASL configuration for the Postfix SMTP server" 
(http://www.postfix.org/SASL_README.html) - 

"On the Dovecot side you also need to specify the Dovecot authentication daemon 
socket. In this case we specify an absolute pathname. In the example we assume 
that the Postfix queue is under /var/spool/postfix/. "

I try to add the following to dovecot.conf:

/some/where/dovecot.conf:
auth default {
mechanisms = plain login
passdb pam {
}
userdb passwd {
}
socket listen {
client {
path = /var/spool/postfix/private/auth
mode = 0660
user = postfix
group = postfix
}
}
}

It gives me fatal error when I try to restart dovecot.




The error I get when I try to send mail through Outlook is:

The message could not be sent because one of the recipients was rejected by the 
server. The rejected e-mail address was 'sendingto@example.com'. 
Subject 'test', Account: 'Example', Server: 'www.example.com', Protocol: SMTP, 
Server Response: '554 5.7.1 <blah.blah.com[123.123.123.123]>: Client host 
rejected: Access denied', Port: 465, Secure(SSL): Yes, Server Error: 554, Error 
Number: 0x800CCC79


And when I try to receive mail, it logs in successfully, but it says there is 
no mail, though there is.
Comment 1 Thomas Woerner 2007-06-05 05:23:49 EDT
I am sorry, but postfix-2.3.X is not a supported component of RHEL-4. There is
no dovecot support in the 2.2 version though.

You have tree joices:
- Use sendmail with dovecot
- Use postfix with cyrus-imapd
- Use RHEL-5

Closing as "NOT A BUG"

Note You need to log in before you can comment on or make changes to this bug.