Hi, everyone
After successfully configuring Dovecot with valid Let's Encrypt certificates (manually), I have also configured Postfix to use them.
But, after specifying the certificates, saving and restarting Postfix, the authentication failures continue. I have also redefined the passwords in Virtualmin -> Edit Users, but only IMAP works (SMTP doesn't).
Here are the logs when trying to connect with Thunderbird:
Sep 25 13:30:42 ns1 postfix/smtpd[653]: connect from unknown[187.180.182.192]
Sep 25 13:30:43 ns1 postfix/smtpd[653]: warning: SASL authentication failure: Password verification failed
Sep 25 13:30:43 ns1 postfix/smtpd[653]: warning: unknown[187.180.182.192]: SASL PLAIN authentication failed: authentication failure
Sep 25 13:30:43 ns1 postfix/smtpd[653]: warning: unknown[187.180.182.192]: SASL LOGIN authentication failed: authentication failure
Sep 25 13:31:01 ns1 postfix/smtpd[653]: warning: SASL authentication failure: Password verification failed
Sep 25 13:31:01 ns1 postfix/smtpd[653]: warning: unknown[187.180.182.192]: SASL PLAIN authentication failed: authentication failure
Sep 25 13:31:02 ns1 postfix/smtpd[653]: warning: unknown[187.180.182.192]: SASL LOGIN authentication failed: authentication failure
Sep 25 13:31:04 ns1 postfix/smtpd[653]: disconnect from unknown[187.180.182.192] ehlo=2 starttls=1 auth=0/4 quit=1 commands=4/8
And here are the logs when trying to connect with Gmail:
Sep 25 13:31:25 ns1 postfix/smtpd[653]: connect from mail-wm0-f49.google.com[74.125.82.49]
Sep 25 13:31:25 ns1 postfix/smtpd[653]: warning: SASL authentication failure: Password verification failed
Sep 25 13:31:25 ns1 postfix/smtpd[653]: warning: mail-wm0-f49.google.com[74.125.82.49]: SASL PLAIN authentication failed: authentication failure
Sep 25 13:31:25 ns1 postfix/smtpd[653]: lost connection after AUTH from mail-wm0-f49.google.com[74.125.82.49]
Sep 25 13:31:25 ns1 postfix/smtpd[653]: disconnect from mail-wm0-f49.google.com[74.125.82.49] ehlo=2 starttls=1 auth=0/1 commands=3/4
Here is the output of postconf -n:
alias_database = hash:/etc/aliases
alias_maps = hash:/etc/aliases
allow_percent_hack = no
append_dot_mydomain = no
biff = no
broken_sasl_auth_clients = yes
home_mailbox = Maildir/
inet_interfaces = all
inet_protocols = all
mailbox_command = /usr/bin/procmail-wrapper -o -a $DOMAIN -d $LOGNAME
mailbox_size_limit = 0
message_size_limit = 102400000
milter_default_action = accept
milter_protocol = 2
mydestination = $myhostname, localdomain, localhost, localhost.localdomain, localhost, ns1.adimira.com
myhostname = ns1.adimira.com
mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128
non_smtpd_milters = inet:localhost:8891
readme_directory = no
recipient_delimiter = +
sender_bcc_maps = hash:/etc/postfix/bcc
smtp_tls_security_level = may
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
smtpd_banner = $myhostname ESMTP $mail_name (Ubuntu)
smtpd_milters = inet:localhost:8891
smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination, reject_unknown_recipient_domain, reject_rbl_client sbl.spamhaus.org, reject_rbl_client bl.spamcop.net, reject_rbl_client zen.spamhaus.org, reject_rbl_client cbl.abuseat.org, reject_rbl_client b.barracudacentral.org, permit
smtpd_relay_restrictions = permit_mynetworks permit_sasl_authenticated defer_unauth_destination
smtpd_sasl_auth_enable = yes
smtpd_tls_CAfile = /etc/letsencrypt/live/adimira.com/fullchain.pem
smtpd_tls_cert_file = /etc/letsencrypt/live/adimira.com/cert.pem
smtpd_tls_key_file = /etc/letsencrypt/live/adimira.com/privkey.pem
smtpd_tls_security_level = encrypt
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
smtpd_use_tls = yes
virtual_alias_maps = hash:/etc/postfix/virtual
I believe this is also being discussed in this thread: https://www.virtualmin.com/node/53714
Summary answer:
--minimalinstall doesn't include SASL, and a number of other elements of the mail stack. If you want to host mail locally, you probably don't want the minimal installation target.--
Check out the forum guidelines!