I'm working with a Postfix/Dovecot/Roundcube setup, aiming for a virtual user mail system that can send mail through the internet, as documented here.
Everything seems to work well; Dovecote shows no problems, I can telnet into all of my ports; however, whenever I try to send mail through Roundcube I get the error:
SMTP Error (220): Authentication failed.
And from the logs:
[17-Jan-2015 05:27:31 +0000]: SMTP Error: SMTP error: Authentication failure: STARTTLS failed (Code: ) in /usr/share/webapps/roundcubemail/program/lib/Roundcube/rcube.php on line 1505 (POST /roundcube/?_task=mail&_unlock=loading1421472451594&_lang=en_US&_framed=1?_task=mail&_action=send)
I figured since Postfix is responsible for SMTP, it must be the culprit. In my Postfix logs I'm seeing:
Jan 16 21:14:35 steelhorse postfix/smtpd[18426]: disconnect from localhost.localdomain[127.0.0.1]
Jan 16 21:14:35 steelhorse postfix/smtpd[18426]: lost connection after STARTTLS from localhost.localdomain[127.0.0.1]
Jan 16 21:14:35 steelhorse postfix/smtpd[18426]: warning: TLS library problem: error:14094418:SSL routines:SSL3_READ_BYTES:tlsv1 alert unknown ca:s3_pkt.c:1293:SSL alert number
Jan 16 21:14:35 steelhorse postfix/smtpd[18426]: SSL_accept error from localhost.localdomain[127.0.0.1]: 0
My SSL certificate is signed with localhost as the CN as that fixed a different issue I was having. Postfix was set with the $myhostname parameter to be mail.[mydomain] and using Afraid DynDNS I set an A record for mail.mydomain as well as an MX record that went like 1:mail.[mydomain]. I tried setting these all to just [mydomain] and it didn't work. A telnet sessions looks like this:
telnet [mydomain] 587
Trying [myip]...
Connected to [mydomain].
Escape character is '^]'.
220 [mydomain] ESMTP Postfix
ehlo [mydomain]
250-[mydomain]
250-PIPELINING
250-SIZE 10240000
250-VRFY
250-ETRN
250-STARTTLS
250-ENHANCEDSTATUSCODES
250-8BITMIME
250 DSN
My Postfix main.cf (Not including most of the default lines):
#soft_bounce = no
queue_directory = /var/spool/postfix
command_directory = /usr/bin
daemon_directory = /usr/lib/postfix
data_directory = /var/lib/postfix
mail_owner = postfix
#default_privs = nobody
myhostname = [mydomain]
#myhostname = virtual.domain.tld
mydomain = [mydomain]
#myorigin = $myhostname
myorigin = $mydomain
#inet_interfaces = all
#inet_interfaces = $myhostname
#inet_interfaces = $myhostname, localhost
#proxy_interfaces =
#proxy_interfaces = 1.2.3.4
#mydestination = $myhostname, localhost.$mydomain, localhost
...
#local_recipient_maps = unix:passwd.byname $alias_maps
unknown_local_recipient_reject_code = 550
#mynetworks_style = class
#mynetworks_style = subnet
mynetworks_style = host
#mynetworks = 168.100.189.0/28, 127.0.0.0/8
#mynetworks = $config_directory/mynetworks
#mynetworks = hash:/etc/postfix/network_table
#relay_domains = $mydestination
#relayhost = $mydomain
...
relay_domains = *
virtual_alias_maps = proxy:mysql:/etc/postfix/virtual_alias_maps.cf
virtual_mailbox_domains = proxy:mysql:/etc/postfix/virtual_mailbox_domains.cf
virtual_mailbox_maps = proxy:mysql:/etc/postfix/virtual_mailbox_maps.cf
virtual_mailbox_base = /home/vmail
virtual_mailbox_limit = 512000000
virtual_minimum_uid = 5000
virtual_transport = virtual
virtual_uid_maps = static:5000
virtual_gid_maps = static:5000
local_transport = virtual
local_recipient_maps = $virtual_mailbox_maps
transport_maps = hash:/etc/postfix/transport
smtpd_sasl_auth_enable = yes
smtpd_sasl_type = dovecot
smtpd_sasl_path = /var/run/dovecot/auth-client
smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination
smtpd_relay_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination
smtpd_sasl_security_options = noanonymous
smtpd_sasl_tls_security_options = $smtpd_sasl_security_options
smtpd_tls_auth_only = yes
smtpd_tls_cert_file = /etc/ssl/private/server.crt
smtpd_tls_key_file = /etc/ssl/private/server.key
smtpd_sasl_local_domain = $mydomain
broken_sasl_auth_clients = yes
smtpd_tls_loglevel = 1
I've also tried setting the Roundcube smtp_conn_options to null as per here. I'm really not sure if the issues lies in the DNS records, the SSL cert or what. Any and all help would be appreciated!
UPDATE
After setting my Roundcube conf.inc.php to verify_peer(_name) = false
/* Local configuration for Roundcube Webmail */
$config['db_dsnw'] = 'mysql://roundcube_user:steelcube@localhost/roundcube_db';
$config['default_host'] = 'ssl://localhost/';
$config['default_port'] = 993;
$config['smtp_server'] = 'tls://localhost/';
$config['smtp_user'] = '%u';
$config['smtp_pass'] = '%p';
$config['smtp_auth_type'] = 'LOGIN';
$config['smtp_conn_options'] = null;
$config['imap_conn_options'] = array(
'ssl' => array(
'verify_peer' => false,
'verfify_peer_name' => false,
),
);
$config['smtp_conn_options'] = array(
'ssl' => array(
'verify_peer' => false,
'verify_peer_name' => false,
),
);
$config['smtp_port'] = 587;
$config['support_url'] = '';
$config['des_key'] = '[secret]';
$config['plugins'] = array('archive', 'zipdownload');
$config['mime_types'] = '/etc/httpd/conf/mime.types';
This gives me new the error SMTP Error (535): Authentication failed
when send email. Here the content of roundcube error
[18-Jan-2015 02:58:06 UTC] PHP Deprecated: Non-static method PEAR::raiseError() should not be called statically, assuming $this from incompatible context in /usr/share/webapps/roundcubemail/program/lib/Net/SMTP.php on line 371
[18-Jan-2015 02:58:06 UTC] PHP Deprecated: Non-static method PEAR::raiseError() should not be called statically, assuming $this from incompatible context in /usr/share/webapps//roundcubemail/program/lib/Net/SMTP.php on line 371
[18-Jan-2015 02:58:06 +0000]: SMTP Error: SMTP error: Failed to set sender /roundcubemail/program/lib/Net/SMTP.php on line 371'[username]@[mydomain]' in /usr/share/webapps/roundcubemail/program/lib/Roundcube/rcube.php on line 1505 (POST /roundcube/?_task=mail&_unlock=loading1421549886598&_lang=en_US&_framed=1?_task=mail&_action=send)
And maillog entry
Jan 18 20:18:21 steelhorse postfix/smtpd[1942]: connect from localhost.localdomain[127.0.0.1]
Jan 18 20:18:21 steelhorse postfix/smtpd[1942]: Anonymous TLS connection established from localhost.localdomain[127.0.0.1]: TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128
Jan 18 20:18:21 steelhorse postfix/smtpd[1942]: warning: localhost.localdomain[127.0.0.1]: SASL LOGIN authentication failed: Invalid authentication mechanism
Jan 18 20:18:21 steelhorse postfix/smtpd[1942]: disconnect from localhost.localdomain[127.0.0.1]
As requested in chat, this is the output of dovecot -a | grep auth_mechanism
auth_mechanisms = plain