Postfix dovecot unable to authenticate

postfix dovecot smtp-auth imap

I use to work with postfix/sasl/courrier-auth on Gentoo for years. I just migrated to Debian 10 postfix/dovecot. I'm unable to make it work : Send mail ok, TLS ok. But unable to authenticate (SMTP 587, IMAP 993). I'm not familiar with dovecot and I can't figure out what I missed because I found nothing in log (nothing in auth.log so maybe related to pam ?) and I can't find any tools to simply test authentication.

Here are the config files I updated : master.cf:

 submission inet n       -       y       -       -       smtpd
      -o smtpd_tls_security_level=encrypt
      -o smtpd_sasl_auth_enable=yes
      -o smtpd_sasl_type=dovecot
      -o smtpd_sasl_path=private/auth
      -o smtpd_sasl_security_options=noanonymous
      -o smtpd_sasl_local_domain=$myhostname
      -o smtpd_client_restrictions=permit_sasl_authenticated,reject
      -o smtpd_sender_login_maps=hash:/etc/postfix/virtual
      -o smtpd_sender_restrictions=reject_sender_login_mismatch
      -o smtpd_recipient_restrictions=reject_non_fqdn_recipient,reject_unknown_recipient_domain,permit_sasl_authenticated,reject
...
dovecot   unix  -       n       n       -       -       pipe
  flags=DRhu user=vmail:vmail argv=/usr/lib/dovecot/dovecot-lda -f ${sender} -d ${recipient}

main.cf :

smtpd_use_tls=yes
virtual_mailbox_domains = mysql:/etc/postfix/mysql-virtual-mailbox-domains.cf
virtual_mailbox_maps = mysql:/etc/postfix/mysql-virtual-mailbox-maps.cf
virtual_transport = dovecot
dovecot_destination_recipient_limit = 1
smtpd_sasl_type = dovecot
smtpd_sasl_path = private/auth
smtpd_sasl_auth_enable = yes

(connection to mysql database ok)

dovecot-sql.conf.ext

driver = mysql
connect = host=127.0.0.1 dbname=***** user=****** password=******
password_query = SELECT username,domain,password FROM mailbox WHERE username='%u';
user_query = SELECT ('5000') as 'uid',('5000') as 'gid'

10-master.conf

service auth {
...
  # Postfix smtp-auth
  unix_listener /var/spool/postfix/private/auth {
    mode = 0666
    user = postfix
    group = postfix
  }
...
}

auth-sql.conf.ext

userdb {
  driver = sql
  args = /etc/dovecot/dovecot-sql.conf.ext
}

The command openssl s_client -connect 127.0.0.1:587 -starttls smtp works. I can also use telnet on port 587 and start TLS session. However, imap and smtp return authentication error. Tried from mail client, and from the telnet session encoding user/pwd in base64. Thanks in advance for any clue.


Ok, that's what I missed in dovecot.conf :

passdb {
  driver = sql
  args = /etc/dovecot/dovecot-sql.conf.ext
}

I found it after enabling devcot debug, in same configuration file :

auth_verbose = yes
auth_debug = yes

And to test authentication :

/usr/bin/doveadm auth login <user> <password>

Related

Do glue records/child hosts override DNS wildcard entries or A records at the domain names DNS servers records?
Ubuntu 18.04.1, cannot add PPA wireguard/ubuntu/wireguard
Using nginx with dockerized fast cgi - root path
Debian preseed.cfg - Language not set
Client PC (Win7/Win8) cannot ping to VMware server (CentOS 8), but server can ping client
RHEL PHP 7.3.5 with mysqlnd and apache
Nginx as reverse proxy for Docker-contained Tomcat
GoDaddy SSL Cert Not Working With Java
jinja2 - how to put a block in an if statement?
lazy loading: progressive vs on-demand
Can Java class files use reserved keywords as names?
PostgreSQL: Create an index to quickly distinguish NULL from non-NULL values