I'm using Dovecot to get Imap access to my mail server (on Raspbian). I'm using system users and am able to successfully test logins (doveadm auth test ...
). But I'm not able to get auth option via telnet:
sudo telnet localhost 25
Trying ::1...
Connected to localhost.
Escape character is '^]'.
220 mail.mydomain.org ESMTP Postfix
sudo telnet localhost 143
Trying ::1...
Connected to localhost.
Escape character is '^]'.
Connection closed by foreign host.
I'm missing the [AUTH=PLAIN]
status, which is mentioned in the wiki.
I don't get any errors on systemctl status.
I don't know what else to try! Can u help me?
Thanks!!
My dovecot config dovecot -n
# 2.2.27 (c0f36b0): /etc/dovecot/dovecot.conf
# Pigeonhole version 0.4.16 (fed8554)
# OS: Linux 4.19.42-v7+ armv7l Debian 9.9
auth_debug_passwords = yes
auth_mechanisms = plain login
auth_username_format = %Ln
auth_verbose = yes
auth_verbose_passwords = yes
debug_log_path = /etc/dovecot/log/debug.txt
info_log_path = /etc/dovecot/log/info.txt
mail_debug = yes
mail_location = mbox:~/mail:INBOX=/var/mail/%u
managesieve_notify_capability = mailto
managesieve_sieve_capability = fileinto reject envelope encoded-character vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy include variables body enotify environment mailbox date index ihave duplicate mime foreverypart extracttext
passdb {
driver = shadow
}
plugin {
sieve = file:~/sieve;active=~/.dovecot.sieve
}
protocols = imap lmtp sieve
service auth-worker {
name = auth-worker
}
service {
unix_listener {
group = postfix
mode = 0660
user = postfix
path = /var/spool/postfix/private/auth
}
name = auth
}
service {
inet_listener {
port = 143
name = imap
}
inet_listener {
port = 993
ssl = yes
name = imaps
}
name = imap-login
}
service {
unix_listener {
group = postfix
mode = 0600
user = postfix
path = /var/spool/postfix/private/dovecot-lmtp
}
name = lmtp
}
ssl_cert = /etc/letsencrypt/live/mail.mydomain.org/cert.pem
ssl_key = # hidden, use -P to show it
userdb {
driver = passwd
}
verbose_ssl = yes
protocol lmtp {
mail_plugins = quota sieve
postmaster_address = pi@mydomain.org
}
protocol lda {
...
}
protocol imap {
...
}
protocol sieve {
...
}
My Postfix /etc/postfix/main.cf
# See /usr/share/postfix/main.cf.dist for a commented, more complete version
myhostname = mail.mydomain.org
mydomain = mydomain.org
myorigin = $mydomain
inet_interfaces = all
mydestination = $myhostname, localhost.$mydomain, localhost, $mydomain
mynetworks = 127.0.0.0/8
#relay_domains =
#home_mailbox = Maildir/
inet_protocols = ipv4, ipv6
# TLS
smtpd_use_tls=yes
smtpd_tls_auth_only = yes
smtp_tls_security_level = yes
smtpd_tls_security_level = may
smtpd_tls_cert_file=/etc/letsencrypt/live/mail.mydomain.org/fullchain.pem
smtpd_tls_key_file=/etc/letsencrypt/live/mail.mydomain.org/privkey.pem
# Authentication
smtpd_sasl_auth_enable = yes
smtpd_sasl_type = dovecot
smtpd_sasl_path = private/auth
smtpd_sasl_security_options = noanonymous, noplaintext
smtpd_sasl_tls_security_options = noanonymous
smtpd_sasl_local_domain = $mydomain
# when mail location = maildir:~/.maildir
mailbox_transport = lmtp:unix:private/dovecot-lmtp
# Virtual user scenario
virtual_transport = lmtp:unix:private/dovecot-lmtp
biff = no
# appending .domain is the MUA's job.
append_dot_mydomain = no
readme_directory = no
# See http://www.postfix.org/COMPATIBILITY_README.html -- default to 2 on
# fresh installs.
compatibility_level = 2
My Postfix /etc/postfix/master.cf
# ==========================================================================
# service type private unpriv chroot wakeup maxproc command + args
# (yes) (yes) (no) (never) (100)
# ==========================================================================
smtp inet n - y - - smtpd
#smtp inet n - y - 1 postscreen
#smtpd pass - - y - - smtpd
#dnsblog unix - - y - 0 dnsblog
#tlsproxy unix - - y - 0 tlsproxy
submission inet n - y - - smtpd
-o smtpd_sasl_auth_enable=yes
-o smtpd_sasl_type=dovecot
-o smtpd_sasl_path=private/auth
-o smtpd_sasl_security_options=noanonymous
-o smtpd_sasl_local_domain=$myhostname
-o syslog_name=postfix/submission
-o smtpd_tls_security_level=encrypt
-o smtpd_reject_unlisted_recipient=no
-o smtpd_client_restrictions=permit_sasl_authenticated,reject
# -o smtpd_client_restrictions=$mua_client_restrictions
# -o smtpd_helo_restrictions=$mua_helo_restrictions
# -o smtpd_sender_restrictions=$mua_sender_restrictions
-o smtpd_recipient_restrictions=reject_non_fqdn_recipient,reject_unknown_recipient_domain,permit_sasl_authenticated,reject
-o smtpd_relay_restrictions=permit_sasl_authenticated,reject
-o milter_macro_daemon_name=ORIGINATING
Netstat sudo netstat -tulpn | grep LISTEN
:
tcp 0 0 0.0.0.0:4190 0.0.0.0:* LISTEN 7055/dovecot
tcp 0 0 0.0.0.0:993 0.0.0.0:* LISTEN 7055/dovecot
tcp 0 0 0.0.0.0:587 0.0.0.0:* LISTEN 6999/master
tcp 0 0 0.0.0.0:143 0.0.0.0:* LISTEN 7055/dovecot
tcp 0 0 0.0.0.0:25 0.0.0.0:* LISTEN 6999/master
tcp6 0 0 :::443 :::* LISTEN 657/apache2
tcp6 0 0 :::4190 :::* LISTEN 7055/dovecot
tcp6 0 0 :::993 :::* LISTEN 7055/dovecot
tcp6 0 0 :::587 :::* LISTEN 6999/master
tcp6 0 0 :::143 :::* LISTEN 7055/dovecot
tcp6 0 0 :::80 :::* LISTEN 657/apache2
tcp6 0 0 :::25 :::* LISTEN 6999/master
EDIT 1:
I got this error for the command openssl s_client -connect localhost:imaps
write:errno=104
---
no peer certificate available
---
No client certificate CA names sent
---
SSL handshake has read 0 bytes and written 198 bytes
Verification: OK
---
But it turns out that I forgot <
right before the ssl_cert
and ssl_key
path.