Uploaded image for project: 'RHEL'
  1. RHEL
  2. RHEL-22169

Postfix dont work with dovecot or cyrus-sasl

Linking RHIVOS CVEs to...Migration: Automation ...RHELPRIO AssignedTeam ...SWIFT: POC ConversionSync from "Extern...XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Won't Do
    • Icon: Normal Normal
    • None
    • CentOS Stream 9
    • postfix
    • None
    • Moderate
    • rhel-net-perf
    • None
    • None
    • CentOS Stream
    • None
    • None
    • None
    • x86_64
    • None

      I have a problem with postfix with dovecot ( i already try cyrus-sasl too ). I recive the same error from log when i try log via telnet localhost 25 without SSL. Dovecot its work fine, i test using doveadm -a /var/spool/postfix/private/auth and recive a success, but postfix dont work for some reason. I am using CentOS Stream 9

      Postfix version: postfix-3.5.9-24.el9.x86_64

      Dovecot version: dovecot-2.3.16-10.el9.x86_64

      1. Dovecot 10-master.conf
        ...
      2. Postfix smtp-auth
        unix_listener /var/spool/postfix/private/auth { mode = 0600 user = postfix group = postfix }

      ...

      [root@mail postfix]# doveadm auth test -a /var/spool/postfix/private/auth user@domain.com test
      passdb: user@domain.com auth succeeded
      extra fields:
      user=user@domain.com

      1. Permission dovecot
        root@mail postfix]# ls -la /var/spool/postfix/private/auth
        srw------- 1 postfix postfix 0 jan 19 06:17 /var/spool/postfix/private/auth

      [root@mail postfix]# telnet localhost 25
      Trying ::1...
      Connected to localhost.
      Escape character is '^]'.
      Connection closed by foreign host.

      1. /var/log/maillog
        Jan 19 07:05:11 mail dovecot[19825]: auth: Debug: Loading modules from directory: /usr/lib64/dovecot/auth
        Jan 19 07:05:11 mail dovecot[19825]: auth: Debug: Module loaded: /usr/lib64/dovecot/auth/lib20_auth_var_expand_crypt.so
        Jan 19 07:05:11 mail dovecot[19825]: auth: Debug: Module loaded: /usr/lib64/dovecot/auth/libdriver_mysql.so
        Jan 19 07:05:11 mail dovecot[19825]: auth: Debug: Module loaded: /usr/lib64/dovecot/auth/libdriver_sqlite.so
        Jan 19 07:05:11 mail dovecot[19825]: auth: Debug: sqlpool(mysql): Creating new connection
        Jan 19 07:05:11 mail dovecot[19825]: auth: Debug: Read auth token secret from /run/dovecot/auth-token-secret.dat
        Jan 19 07:05:11 mail postfix/smtpd[52633]: fatal: no SASL authentication mechanisms
        Jan 19 07:05:11 mail dovecot[19825]: auth: Debug: auth client connected (pid=0)
        Jan 19 07:05:12 mail postfix/master[52325]: warning: process /usr/libexec/postfix/smtpd pid 52633 exit status 1
        Jan 19 07:05:12 mail postfix/master[52325]: warning: /usr/libexec/postfix/smtpd: bad command startup – throttling
      1. main.cf
        mynetworks = 127.0.0.0/8
        myhostname = mail.domain.com
        mydomain = domain.com
        myorigin = $mydomain
        compatibility_level = 2
        queue_directory = /var/spool/postfix
        command_directory = /usr/sbin
        daemon_directory = /usr/libexec/postfix
        data_directory = /var/lib/postfix
        mail_owner = postfix
        inet_interfaces = all
        inet_protocols = all
        mydestination = $myhostname, localhost.$mydomain, localhost
        unknown_local_recipient_reject_code = 550
        debug_peer_level = 10
        debugger_command =
        PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin
        ddd $daemon_directory/$process_name $process_id & sleep 5
        sendmail_path = /usr/sbini/sendmail.postfix
        newaliases_path = /usr/bin/newaliases.postfix
        mailq_path = /usr/bin/mailq.postfix
        setgid_group = postdrop
        html_directory = no
        manpage_directory = /usr/share/man
        sample_directory = /usr/share/doc/postfix/samples
        readme_directory = /usr/share/doc/postfix/README_FILES
        meta_directory = /etc/postfix
        shlib_directory = /usr/lib64/postfix
        transport_maps = hash:/etc/postfix/transport
        home_mailbox = Maildir/
        recipient_delimiter = +
        smtpd_sasl_auth_enable = yes
        smtpd_sasl_authenticated_header = yes
        smtpd_sasl_path = private/auth
        smtpd_sasl_type = dovecot
        broken_sasl_auth_clients = yes
        smtpd_sasl_security_options = noanonymous, noplaintext
        smtpd_sasl_tls_security_options = $smtpd_sasl_security_options
      1. Configuracoes de TLS
        smtpd_tls_auth_only = no
        smtpd_tls_received_header = yes
        smtpd_sasl_local_domain = $mydomain
        smtpd_tls_loglevel = 1
        smtpd_tls_cert_file = /etc/pki/tls/certs/postfix.pem
        smtpd_tls_key_file = /etc/pki/tls/private/postfix.key
        smtpd_tls_security_level = may
        smtp_tls_CApath = /etc/pki/tls/certs
        smtp_tls_CAfile = /etc/pki/tls/certs/ca-bundle.crt
        smtp_tls_security_level = may
      1. Configuracoes Virtuais
        virtual_alias_maps = proxy:mysql:/etc/postfix/virtual_alias_maps.cf
        virtual_mailbox_maps = proxy:mysql:/etc/postfix/virtual_mailbox_maps.cf
        virtual_mailbox_domains = proxy:mysql:/etc/postfix/virtual_mailbox_domains.cf
        virtual_mailbox_base = /var/spool/mail/psitech.com.br
        virtual_minimum_uid = 89
        virtual_transport = dovecot
        virtual_uid_maps = static:89
        virtual_gid_maps = static:89
        local_transport = virtual
        local_recipient_maps = $virtual_mailbox_maps
      1. Configuracoes de envio
        smtpd_recipient_restrictions = reject_unknown_sender_domain, reject_unknow_recicpient_domain, permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination, reject_non_fqdn_hostname, reject_invalid_hostname, reject_unverified_sender, permit
      1. master.cf
        ==========================================================================
      2. service type private unpriv chroot wakeup maxproc command + args
      3. (yes) (yes) (no) (never) (100)
      4. ==========================================================================
        smtp inet n - n - - smtpd

      submission inet n - n - - smtpd
      -o syslog_name=postfix/submission
      -o smtpd_tls_security_level=encrypt
      -o smtpd_sasl_auth_enable=yes
      -o smtpd_sasl_type=dovecot
      -o smtpd_sasl_path=private/auth
      -o smtpd_sasl_security_options=noanonymous
      -o milter_macro_daemon_name=ORIGINATING
      -o smtpd_helo_required=no
      -o smtpd_helo_restrictions=
      -o cleanup_service_name=submission-header-cleanup

      smtps inet n - n - - smtpd
      -o syslog_name=postfix/smtps
      -o smtpd_tls_wrappermode=yes
      -o smtpd_sasl_auth_enable=yes
      -o smtpd_reject_unlisted_recipient=no

      pickup unix n - n 60 1 pickup
      cleanup unix n - n - 0 cleanup
      qmgr unix n - n 300 1 qmgr

      tlsmgr unix - - n 1000? 1 tlsmgr
      rewrite unix - - n - - trivial-rewrite
      bounce unix - - n - 0 bounce
      defer unix - - n - 0 bounce
      trace unix - - n - 0 bounce
      verify unix - - n - 1 verify
      flush unix n - n 1000? 0 flush
      proxymap unix - - n - - proxymap
      proxywrite unix - - n - 1 proxymap
      smtp unix - - n - - smtp
      relay unix - - n - - smtp
      -o syslog_name=postfix/$service_name

      showq unix n - n - - showq
      error unix - - n - - error
      retry unix - - n - - error
      discard unix - - n - - discard
      local unix - n n - - local
      virtual unix - n n - - virtual
      lmtp unix - - n - - lmtp
      anvil unix - - n - 1 anvil
      scache unix - - n - 1 scache
      postlog unix-dgram n - n - 1 postlogd
      dovecot unix - n n - - pipe
      flags=DRhu user=vmail:vmail argv=/usr/libexec/dovecot/deliver -d ${recipient}

              Unassigned Unassigned
              brunooliveirabastos@gmail.com Bruno de Oliveira Bastos (Inactive)
              Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

                Created:
                Updated:
                Resolved: