I'm one step away from getting my mail server back online and I need some advice.
dovecot/postfix setup using TLS
My mailbox structure is owned by tcb:mail (770); however, I'm getting permission errors when I try to log in and use mail from Thunderbird...essentially Dovecot doesn't have the proper permissions to access the folder structures. I can fix this with a quick chmod 777 -R but I don't really what to do that.
I thought that dovecot ran as root - why is it requiring public access to read/write to the folder structure? Where do I assign a the group "mail" to dovecot so that I can leave my permissions at 770? btw is 770 correct for mail boxes?
Thanks
What are the specific errors that you're seeing in the mail logs? Depending on what errors you're getting, we can offer some tips to solve the problem you're having. Thanks!
-Eric
I went ahead and did a chmod 777 - that cleared up the obvious errors in the log (essentially it said permission error -x is required)
I think I have a firewall problem now. I can get good authentication using openssl with localhost
openssl s_client -starttls smtp -crlf -connect localhost:587
250 DSN AUTH PLAIN (base64 login/pass) 235 2.7.0 Authentication successful
However, when I try to authenticate using Thunderbird I get the following in the logs- warning: [x.x.x.208]: SASL PLAIN authentication failed:
So that leads me to the ipTables which I attached
Am I missing anything there?
Thanks
Howdy,
If that's the error you're seeing in the logs, it's not likely an iptables issue... what settings are you using when authenticating with Dovecot? For example, is Dovecot configured to hit port 587? And is it setup to use SSL, TLS, or neither, when performing the authentication?
-Eric
I think I have just one or two settings off that are causing me problems...just keep running in circles when I try to trouble shoot this.
Here's my main.cf info
readme_directory = /usr/share/doc/postfix-2.6.7/README_FILES
virtual_alias_maps = hash:/etc/postfix/virtual
sender_bcc_maps = hash:/etc/postfix/bcc
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
mailbox_command = /usr/bin/procmail-wrapper -o -a $DOMAIN -d $LOGNAME
home_mailbox = Maildir/
smtpd_sasl_auth_enable = yes
smtpd_sasl_type = dovecot
smtpd_sasl_path = private/auth
broken_sasl_auth_clients = yes
smtpd_tls_security_level = may
smtpd_recipient_restrictions = permit_mynetworks permit_sasl_authenticated reject_unauth_destination
data_directory = /var/lib/postfix
smtpd_tls_cert_file = /etc/pki/dovecot/certs/dovecot.pem
smtpd_tls_key_file = /etc/pki/dovecot/private/dovecot.pem
master.cf
smtp inet n - n - - smtpd
submission inet n - n - - smtpd
-o smtpd_tls_security_level=encrypt
-o smtpd_sasl_auth_enable=yes
-o smtpd_client_restrictions=permit_sasl_authenticated,reject
-o milter_macro_daemon_name=ORIGINATING
smtps inet n - n - - smtpd
-o smtpd_tls_wrappermode=yes
-o smtpd_sasl_auth_enable=yes
-o smtpd_client_restrictions=permit_sasl_authenticated,reject
-o milter_macro_daemon_name=ORIGINATING
and dovecot
ssl = yes
ssl_cert_file = /etc/pki/dovecot/certs/dovecot.pem
ssl_key_file = /etc/pki/dovecot/private/dovecot.pem
mail_location = maildir:~/Maildir
auth default {
mechanisms = plain
passdb pam { }
userdb passwd { }
user = root
socket listen {
client {
path = /var/spool/postfix/private/auth
mode = 0660
user = postfix
group = postfix
}
}
Wish this wasn't so complicated
Thanks