![[personal profile]](https://www.dreamwidth.org/img/silk/identity/user.png){kind=small}
rmdi'm having problems making postfix use dovecot for sasl
so, i'm trying to set up a new centos machine, and want to use dovecot and sasl for authentication. i've been installing everything via yum. postfix looks to have been built with dovecot support built in.
and here's the sasl-related part of my postfix main.cf:
my dovecot.conf config has the following set up for auth:
but when i connect to my smtp port, i don't get any kind of "250-AUTH" offering after my EHLO:
what am i missing, here? dovecot and postfix both seem to start cleanly. in rc2.d, dovecot is S65 and postfix is S80, so i don't think postfix is freaking out because it couldn't find dovecot. and restarting either one doesn't seem to matter.
so, i'm trying to set up a new centos machine, and want to use dovecot and sasl for authentication. i've been installing everything via yum. postfix looks to have been built with dovecot support built in.
# postconf -a cyrus dovecot #
and here's the sasl-related part of my postfix main.cf:
smtpd_sasl_auth_enable = yes
smtpd_sasl_security_options = noanonymous
broken_sasl_auth_clients = yes
smtpd_sasl_type = dovecot
smtpd_sasl_path = private/auth
smtpd_sasl_authenticated_header = yes
smtpd_recipient_restrictions = permit_sasl_authenticated,
permit_mynetworks, reject_unauth_destination
my dovecot.conf config has the following set up for auth:
auth default {
mechanisms = plain login
passdb pam {
}
userdb passwd {
}
user = root
socket listen {
client {
path = /var/spool/postfix/private/auth
mode = 0660
user = postfix
group = postfix
}
}
}
but when i connect to my smtp port, i don't get any kind of "250-AUTH" offering after my EHLO:
250-PIPELINING 250-SIZE 10240000 250-VRFY 250-ETRN 250-STARTTLS 250-ENHANCEDSTATUSCODES 250-8BITMIME 250 DSN
what am i missing, here? dovecot and postfix both seem to start cleanly. in rc2.d, dovecot is S65 and postfix is S80, so i don't think postfix is freaking out because it couldn't find dovecot. and restarting either one doesn't seem to matter.
![[identity profile]](https://www.dreamwidth.org/img/silk/identity/openid.png){kind=small}
no subject
Date: 2008-12-28 05:49 pm (UTC)Its usually in /usr/lib/sasl2/smtpd.conf
If you haven't done so already, checkout the readme for Postfix's SASL support, usually in /usr/share/doc/postfix-*/README_FILES/SASL_README
It has all the goodies on how to set this up.
-- Michael
Let's see…
Date: 2008-12-29 12:07 am (UTC)#smtpd_sasl_security_options = noanonymous
smtpd_sasl_auth_enable = yes
smtpd_sasl_authenticated_header = yes
smtpd_sasl_application_name = smtpd
smtpd_sasl_local_domain = EXAMPLE.COM
smtpd_sasl_path = private/auth
smtpd_sasl_type = dovecot
broken_sasl_auth_clients = yes
smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination check_policy_service inet:127.0.0.1:10023 check_client_access regexp:/etc/postfix/blacklist_clients
#smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination, check_relay_domains
less /usr/local/etc/dovecot.conf | grep -v '^[ ]*#' | cat -s
protocols = none
disable_plaintext_auth = no
ssl_disable = no
ssl_cert_file = /etc/ssl/CA/cacert.pem
ssl_key_file = /etc/ssl/CA/private/cakey.pem
mail_location = mbox:~/mail/:INBOX=/var/mail/%u
mail_extra_groups = mail
verbose_proctitle = yes
first_valid_gid = 0
protocol imap {
imap_client_workarounds = delay-newmail outlook-idle netscape-eoh tb-extra-mailbox-sep
}
protocol pop3 {
pop3_uidl_format = %08Xu%08Xv
pop3_client_workarounds = outlook-no-nuls oe-ns-eoh
}
protocol lda {
postmaster_address = postmaster@example.com
sendmail_path = /usr/sbin/sendmail
}
auth default {
mechanisms = plain login
passdb pam {
}
userdb passwd {
}
user = root
socket listen {
client {
path=/var/spool/postfix/private/auth
mode = 0660
user = postfix
group = postfix
}
}
}
dict {
}
plugin {
}