Trouble enabling mail_crypt in dovecot / SASL authentication failed
dovecot --version 2.3.4.1 (f79e8e7e4)
Ok, I tried to enable mail-crypt but it's being weird. I'm using https://doc.dovecot.org/configuration_manual/mail_crypt_plugin/#ec-key.
I ran:
cd $HOME
openssl ecparam -name prime256v1 -genkey | openssl pkey -out ecprivkey.pem
openssl pkey -in ecprivkey.pem -pubout -out ecpubkey.pem
I edited the dovecot config to:
. . .
mail_max_userip_connections = 120
. . .
mail_plugins = $mail_plugins mail_crypt
plugin {
mail_crypt_global_private_key = </home/ec2-user/ecprivkey.pem
mail_crypt_global_public_key = </home/ec2-user/ecpubkey.pem
mail_crypt_save_version = 2
}
. . .
I see in the logs now:
deliver | Apr 15 02:43:29 ip-172-31-0-35 postfix/submission/smtpd[19059]: warning: inet-MY IP-1.bos.netblazr.com[MY IP]: SASL PLAIN authentication failed: generic failure
deliver | Apr 15 02:43:29 ip-172-31-0-35 postfix/submission/smtpd[19059]: warning: SASL authentication failure: cannot connect to saslauthd server: No such file or directory
deliver | Apr 15 02:43:29 ip-172-31-0-35 postfix/submission/smtpd[19059]: warning: inet.MY IP.bos.netblazr.com[MY IP]: SASL LOGIN authentication failed: generic failure
. . .
deliver | Apr 15 02:44:08 ip-172-31-0-35 postfix/smtpd[22684]: NOQUEUE: reject: RCPT from mail-qk1-f176.google.com[209.85.222.176]: 451 4.3.5 <MY EEMAIL>: Recipient address rejected: Server configuration problem; from=<[email protected]> to=<MY EMAIL> proto=ESMTP helo=<mail-qk1-f176.google.com>
deliver | Apr 15 02:44:08 ip-172-31-0-35 postfix/smtpd[22684]: disconnect from mail-qk1-f176.google.com[209.85.222.176] ehlo=2 starttls=1 mail=1 rcpt=0/1 bdat=0/1 quit=1 commands=5/7
I wonder why SASL is now enabled for postfix to work/authenticate (when it's not if I turn off mail_crypt).
I'm guessing Server configuration problem is the problem here...
Any suggestions where I should look?
Got it -- Totally misunderstood where to put mail_crypt. Here is what I did:
services:
mailserver:
image: docker.io/mailserver/docker-mailserver:latest
hostname: ${HOSTNAME}
domainname: ${DOMAINNAME}
container_name: ${CONTAINER_NAME}
env_file: mailserver.env
ports:
- "25:25"
- "143:143"
- "587:587"
- "993:993"
volumes:
- ./maildata:/var/mail
- ./mailstate:/var/mail-state
- ./maillogs:/var/log/mail
- ./config/:/tmp/docker-mailserver/${SELINUX_LABEL}
- ./config/dovecot:/etc/dovecot/conf.d
- ./certs/:/certs
- /etc/letsencrypt:/etc/letsencrypt
restart: always
cap_add: [ "NET_ADMIN", "SYS_PTRACE" ]
I then edited the volumed ./config/dovecot/20-lmtp.conf instead of the main dovecot config and added:
protocol lmtp {
# Space separated list of plugins to load (default is global mail_plugins).
mail_plugins = $mail_plugins sieve mail_crypt
plugin {
mail_crypt_global_private_key = </certs/ecprivkey.pem
mail_crypt_global_public_key = </certs/ecpubkey.pem
mail_crypt_save_version = 2
}
}
Then also edited the 20-imap.conf:
protocol imap {
# allow IMAP clients to ask quota usage
mail_plugins = $mail_plugins imap_quota mail_crypt
plugin {
mail_crypt_global_private_key = </certs/ecprivkey.pem
mail_crypt_global_public_key = </certs/ecpubkey.pem
mail_crypt_save_version = 2
}
}
Works great now :)