From: Dave (no email)
Date: Thu Apr 17 2008 - 00:15:58 EDT
Hello,
I've got postfix i think it's 2.3 or 2.4 installed on an fc6 vps as well
as dovecot 1.0.4 I think. I've got dovecot working with postfix virtual
mailbox domains, none of my users have unix accounts. Users can retrieve
their mail, but sending doesn't work, my recipient restrictions has
permit_sasl_authenticated first, which isn't happening. My thinking is if
users can retrieve mail then dovecot sasl auth is working, postconf -a does
show dovecot along with cyrus, but smtps is not. Relevant parts of postfix
and dovecot configuration files are below. I'd appreciate any suggestions.
Thanks.
Dave.
main.cf:
mynetworks_style = host
alias_maps = hash:/etc/postfix/aliases
alias_database = hash:/etc/postfix/aliases
home_mailbox = Maildir/
virtual_mailbox_domains = /etc/postfix/vhosts
virtual_mailbox_base = /home/vmail
virtual_mailbox_maps = hash:/etc/postfix/vmaps
virtual_minimum_uid = 1000
virtual_uid_maps = static:5000
virtual_gid_maps = static:5000
virtual_alias_maps = hash:/etc/postfix/virtual
virtual_transport = dovecot
dovecot_destination_recipient_limit = 1
strict_rfc821_envelopes = yes
smtpd_helo_required = yes
disable_vrfy_command = yes
smtpd_sender_restrictions =
permit_sasl_authenticated,
permit_mynetworks,
reject_non_fqdn_sender,
reject_unknown_sender_domain,
reject_unauth_pipelining
reject_sender_login_mismatch
reject_rhsbl_sender dsn.rfc-ignorant.org,
smtpd_recipient_restrictions =
permit_sasl_authenticated,
permit_mynetworks,
reject_unauth_destination,
reject_invalid_hostname,
reject_non_fqdn_hostname,
reject_non_fqdn_sender,
reject_non_fqdn_recipient,
reject_unknown_sender_domain,
reject_unknown_recipient_domain,
reject_unverified_recipient
reject_multi_recipient_bounce,
check_helo_access pcre:/etc/postfix/helo_checks.pcre
check_sender_mx_access cidr:/etc/postfix/bogus_mx
reject_rhsbl_sender dsn.rfc-ignorant.org
reject_rbl_client multi.uribl.com,
# this next line checks all senders for validity
#reject_unverified_sender
# this option does selective sender address verification based on the
contents of the map
check_sender_access hash:/etc/postfix/common_spam_senderdomains
#check_policy_service inet:127.0.0.1:10023
#check_policy_service unix:private/policy
smtpd_data_restrictions = reject_unauth_pipelining
# Additions for SASL / TLS / Auth:
smtpd_sasl_auth_enable = yes
smtpd_sasl_local_domain = $mydomain
smtpd_sasl_security_options = noanonymous
broken_sasl_auth_clients = yes
smtpd_sasl_type = dovecot
smtpd_sasl_path = private/auth
#TLS
smtp_use_tls = yes
smtpd_use_tls = yes
smtpd_tls_auth_only = yes
smtp_tls_note_starttls_offer = yes
smtpd_tls_key_file = /etc/postfix/ssl/smtp.key
smtpd_tls_cert_file = /etc/postfix/ssl/smtp.cert
smtpd_tls_CAfile = /etc/postfix/ssl/ca-cert.pem
smtpd_tls_received_header = yes
smtpd_tls_session_cache_timeout = 3600s
tls_random_source = dev:/dev/urandom
smtpd_tls_loglevel = 1
smtpd_client_restrictions =
check_recipient_access hash:/etc/postfix/recipient_access
#check_client_access cidr:/etc/postfix/whitelist.cf
#check_client_access cidr:/etc/postfix/blacklist.cf
reject_rbl_client images.rbl.msrbl.net,
reject_rbl_client list.dsbl.org
reject_rbl_client zen.spamhaus.org,
smtpd_soft_error_limit = 2
smtpd_hard_error_limit = 5
smtpd_error_sleep_time = 10s
# address verification and caching
address_verify_map = btree:/var/spool/postfix/verified_senders
# do not cache negative responses
#address_verify_negative_cache = no
# sets up a restriction class of what external clients may and may not use
as their envelope sender, not my domain name and not my private ip's yet
internal clients may do so
smtpd_restriction_classes =
has_our_domain_as_sender
has_our_domain_as_sender =
check_sender_access hash:/etc/postfix/our_domain_as_sender
reject
dovecot.conf:
# 1.0.3: /etc/dovecot.conf
base_dir: /var/run/dovecot/
log_path: /var/log/dovecot.log
protocols: pop3s
listen: 74.208.64.129
ssl_ca_file: /etc/dovecot/ca-cert.pem
ssl_cert_file: /etc/dovecot/pop.cert
ssl_key_file: /etc/dovecot/pop.key
ssl_cipher_list: ALL:!LOW
disable_plaintext_auth: yes
login_dir: /var/run/dovecot/login
login_executable: /usr/libexec/dovecot/pop3-login
mail_extra_groups: mail
mail_location: maildir:/home/vmail/%d/%n
maildir_copy_with_hardlinks: yes
mail_executable: /usr/libexec/dovecot/pop3
mail_plugin_dir: /usr/lib64/dovecot/pop3
pop3_client_workarounds: outlook-no-nuls oe-ns-eoh
auth default:
user: vmail
verbose: yes
passdb:
driver: passwd-file
args: /etc/dovecot/passwd
userdb:
driver: passwd-file
args: /etc/dovecot/users
socket:
type: listen
client:
path: /var/spool/postfix/private/auth
mode: 432
user: postfix
group: postfix
master:
path: /var/run/dovecot/auth-master
mode: 384
|
|
|