deveth0
Anmeldungsdatum: 13. Juli 2016
Beiträge: 6
|
Hallo, ich bin gerade dabei, einen Mailserver mit Dovecot und Postfix aufzusetzen. Mittlerweile bin ich soweit, dass der Mailserver inkl Sieve, Spamassassin etc funktioniert und ich wollte eigentlich noch Managesieve dazupacken.
Leider bin ich dabei auf folgendes Problem gestoßen:
Zwar kann ich mich auf den Managesieve Port (4190) verbinden, dieser bietet aber nur auf localhost eine SASL Authentifizierung an. Wenn ich mich zB von Roundcube aus verbinde, gibt es keine verfügbare Authentifizierung.
Ein ähnliches Problem wird auch hier beschrieben, leider gibt es dazu keine Lösung:
https://discussions.apple.com/thread/6484026 Die Authentifizierung gegen den IMAP Port (993) funktioniert problemlos, egal von wo. Habt ihr eine Idee, wo ich hier nach einer Ursache suchen könnte, ich bin leider mittlerweile ziemlich verzweifelt :-/ Herzlichen Dank
Alex Von meinem Roundcube Server aus: | Trying 192.168.2.12...
Connected to 192.168.2.12.
Escape character is '^]'.
"IMPLEMENTATION" "Dovecot Pigeonhole"
"SIEVE" "fileinto reject envelope encoded-character vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy include variables body enotify environment mailbox date ihave"
"NOTIFY" "mailto"
"SASL" ""
"STARTTLS"
"VERSION" "1.0"
OK "Dovecot ready."
|
Lokal: | Trying ::1...
Connected to localhost.
Escape character is '^]'.
"IMPLEMENTATION" "Dovecot Pigeonhole"
"SIEVE" "fileinto reject envelope encoded-character vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy include variables body enotify environment mailbox date ihave"
"NOTIFY" "mailto"
"SASL" "PLAIN LOGIN"
"STARTTLS"
"VERSION" "1.0"
OK "Dovecot ready."
|
|
sebix
Moderator, Webteam
Anmeldungsdatum: 14. April 2009
Beiträge: 5348
|
Welches Betriebssystem verwendest du? Das ist relevant, weil davon die Version von dovecot klar ist, aber auch eventuelle OS-spezifischen Anedernungen einhergehen. Wie sehen die Konfigurationen zu SASL und Managesieve aus?
|
deveth0
(Themenstarter)
Anmeldungsdatum: 13. Juli 2016
Beiträge: 6
|
Danke für den Hinweis.
Es ist ein Debian mit Dovecot 2.2.13, der Grund warum ich trotzdem im Ubuntu Forum poste ist, dass ich hier bisher immer die besten/zuverlässigsten Antworten erhalten habe 😉 Die relevanten Teile der Konfiguration:
auth_anonymous_username = anonymous
auth_cache_negative_ttl = 1 hours
auth_cache_size = 0
auth_cache_ttl = 1 hours
auth_debug = yes
auth_debug_passwords = no
auth_default_realm =
auth_failure_delay = 2 secs
auth_gssapi_hostname =
auth_krb5_keytab =
auth_master_user_separator =
auth_mechanisms = plain login
auth_proxy_self =
auth_realms =
auth_socket_path = auth-userdb
auth_ssl_require_client_cert = no
auth_ssl_username_from_cert = no
auth_use_winbind = no
auth_username_chars = abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ01234567890.-_@
auth_username_format = %Lu
auth_username_translation =
auth_verbose = no
auth_verbose_passwords = no
auth_winbind_helper_path = /usr/bin/ntlm_auth
auth_worker_max_count = 30
...
managesieve_client_workarounds =
managesieve_implementation_string = Dovecot Pigeonhole
managesieve_logout_format = bytes=%i/%o
managesieve_max_compile_errors = 5
managesieve_max_line_length = 65536
managesieve_notify_capability = mailto
managesieve_sieve_capability = fileinto reject envelope encoded-character vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy include variables body enotify environment mailbox date ihave
service managesieve-login {
chroot = login
client_limit = 0
drop_priv_before_exec = no
executable = managesieve-login
extra_groups =
group =
idle_kill = 0
inet_listener sieve {
address =
port = 4190
reuse_port = no
ssl = no
}
privileged_group =
process_limit = 0
process_min_avail = 0
protocol = sieve
service_count = 1
type = login
user = $default_login_user
vsz_limit = 18446744073709551615 B
}
service managesieve {
chroot =
client_limit = 1
drop_priv_before_exec = no
executable = managesieve
extra_groups =
group =
idle_kill = 0
privileged_group =
process_limit = 0
process_min_avail = 0
protocol = sieve
service_count = 1
type =
unix_listener login/sieve {
group =
mode = 0666
user =
}
user =
vsz_limit = 18446744073709551615 B
}
|
misterunknown
Ehemalige
Anmeldungsdatum: 28. Oktober 2009
Beiträge: 4403
Wohnort: Sachsen
|
deveth0 schrieb: inet_listener sieve {
address =
port = 4190
reuse_port = no
ssl = no
}
Was sagt ein
netstat -tulpen|grep 4190
Meines Wissens musst du, wenn du keine explizite IP angeben willst, die Direktive "address" einfach weglassen. Alternativ kannst du auch 0.0.0.0 (für alle Interfaces) angeben. Bearbeitet von sebix: Codeblock im Zitat korrigiert.
|
deveth0
(Themenstarter)
Anmeldungsdatum: 13. Juli 2016
Beiträge: 6
|
Danke für den Vorschlag.
Das Problem ist ja nicht, dass ich mich nicht von einem anderen host connecten kann sondern, dass ich dort kein SASL angeboten bekomme (s.o.) Netstat zeigt auch die passenden Ports: Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State User Inode PID/Program name
tcp 0 0 0.0.0.0:4190 0.0.0.0:* LISTEN 0 785720726 18561/dovecot
tcp 0 0 0.0.0.0:993 0.0.0.0:* LISTEN 0 785720768 18561/dovecot
tcp 0 0 192.168.2.12:587 0.0.0.0:* LISTEN 0 772343878 24391/master
tcp 0 0 127.0.0.1:783 0.0.0.0:* LISTEN 0 509610967 1626/spamd.pid
tcp 0 0 0.0.0.0:111 0.0.0.0:* LISTEN 0 509615619 824/rpcbind
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 0 509610954 1556/sshd
tcp 0 0 192.168.2.12:25 0.0.0.0:* LISTEN 0 772343863 24391/master
tcp6 0 0 :::993 :::* LISTEN 0 785720769 18561/dovecot
tcp6 0 0 ::1:783 :::* LISTEN 0 509610969 1626/spamd.pid
tcp6 0 0 :::111 :::* LISTEN 0 509615622 824/rpcbind
tcp6 0 0 :::4949 :::* LISTEN 0 771757710 19719/perl
tcp6 0 0 :::22 :::* LISTEN 0 509610956 1556/sshd
udp 0 0 0.0.0.0:111 0.0.0.0:* 0 509615615 824/rpcbind
udp 0 0 0.0.0.0:999 0.0.0.0:* 0 509615618 824/rpcbind
udp6 0 0 :::111 :::* 0 509615620 824/rpcbind
udp6 0 0 :::999 :::* 0 509615621 824/rpcbind
|
misterunknown
Ehemalige
Anmeldungsdatum: 28. Oktober 2009
Beiträge: 4403
Wohnort: Sachsen
|
deveth0 schrieb: Das Problem ist ja nicht, dass ich mich nicht von einem anderen host connecten kann sondern, dass ich dort kein SASL angeboten bekomme (s.o.)
Wie sieht deine restliche Dovecot-Konfiguration aus? Hast du irgendwo ssl=required oder disable_plaintext_auth=yes oder so drin? Das könnte das Problem sein.
|
deveth0
(Themenstarter)
Anmeldungsdatum: 13. Juli 2016
Beiträge: 6
|
Ja, habe ich beides drinnen, aber das ist doch auch nötig um die Authentifizierung korrekt abzuhandeln, oder? Testweise habe ich es aber mal rausgenommen, ändert leider nichts ☹ Das hier ist die komplette config: # 2.2.13: /etc/dovecot/dovecot.conf
# OS: Linux 4.4.8-1-pve x86_64 Debian 8.4 ext4
# NOTE: Send doveconf -n output instead when asking for help.
auth_anonymous_username = anonymous
auth_cache_negative_ttl = 1 hours
auth_cache_size = 0
auth_cache_ttl = 1 hours
auth_debug = yes
auth_debug_passwords = no
auth_default_realm =
auth_failure_delay = 2 secs
auth_gssapi_hostname =
auth_krb5_keytab =
auth_master_user_separator =
auth_mechanisms = plain login
auth_proxy_self =
auth_realms =
auth_socket_path = auth-userdb
auth_ssl_require_client_cert = no
auth_ssl_username_from_cert = no
auth_use_winbind = no
auth_username_chars = abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ01234567890.-_@
auth_username_format = %Lu
auth_username_translation =
auth_verbose = no
auth_verbose_passwords = no
auth_winbind_helper_path = /usr/bin/ntlm_auth
auth_worker_max_count = 30
base_dir = /var/run/dovecot
config_cache_size = 1 M
debug_log_path =
default_client_limit = 1000
default_idle_kill = 1 mins
default_internal_user = dovecot
default_login_user = dovenull
default_process_limit = 100
default_vsz_limit = 256 M
deliver_log_format = msgid=%m: %$
dict_db_config =
director_doveadm_port = 0
director_mail_servers =
director_servers =
director_user_expire = 15 mins
director_username_hash = %u
disable_plaintext_auth = yes
dotlock_use_excl = yes
doveadm_allowed_commands =
doveadm_password =
doveadm_port = 0
doveadm_socket_path = doveadm-server
doveadm_worker_count = 0
dsync_alt_char = _
dsync_remote_cmd = ssh -l%{login} %{host} doveadm dsync-server -u%u -U
first_valid_gid = 1
first_valid_uid = 5000
hostname =
imap_capability =
imap_client_workarounds =
imap_id_log =
imap_id_send = name *
imap_idle_notify_interval = 2 mins
imap_logout_format = in=%i out=%o
imap_max_line_length = 64 k
imap_metadata = no
imap_urlauth_host =
imap_urlauth_logout_format = in=%i out=%o
imap_urlauth_port = 143
imapc_features =
imapc_host =
imapc_list_prefix =
imapc_master_user =
imapc_max_idle_time = 29 mins
imapc_password =
imapc_port = 143
imapc_rawlog_dir =
imapc_ssl = no
imapc_ssl_verify = yes
imapc_user =
import_environment = TZ CORE_OUTOFMEM CORE_ERROR LISTEN_PID LISTEN_FDS
info_log_path =
instance_name = dovecot
last_valid_gid = 0
last_valid_uid = 5000
lda_mailbox_autocreate = no
lda_mailbox_autosubscribe = no
lda_original_recipient_header =
libexec_dir = /usr/lib/dovecot
listen = *, ::
lmtp_address_translate =
lmtp_proxy = no
lmtp_rcpt_check_quota = no
lmtp_save_to_detail_mailbox = no
lock_method = fcntl
log_path = syslog
log_timestamp = "%b %d %H:%M:%S "
login_access_sockets =
login_greeting = Dovecot ready.
login_log_format = %$: %s
login_log_format_elements = user=<%u> method=%m rip=%r lip=%l mpid=%e %c session=<%{session}>
login_trusted_networks =
mail_access_groups =
mail_always_cache_fields =
mail_attachment_dir =
mail_attachment_fs = sis posix
mail_attachment_hash = %{sha1}
mail_attachment_min_size = 128 k
mail_attribute_dict =
mail_cache_fields = flags
mail_cache_min_mail_count = 0
mail_chroot =
mail_debug = yes
mail_fsync = optimized
mail_full_filesystem_access = no
mail_gid =
mail_home =
mail_location = maildir:/var/vmail/%u:LAYOUT=fs
mail_log_prefix = "%s(%u): "
mail_max_keyword_length = 50
mail_max_lock_timeout = 0
mail_max_userip_connections = 10
mail_never_cache_fields = imap.envelope
mail_nfs_index = no
mail_nfs_storage = no
mail_plugin_dir = /usr/lib/dovecot/modules
mail_plugins =
mail_prefetch_count = 0
mail_privileged_group = vmail
mail_save_crlf = no
mail_shared_explicit_inbox = no
mail_temp_dir = /tmp
mail_temp_scan_interval = 1 weeks
mail_uid =
mailbox_idle_check_interval = 30 secs
mailbox_list_index = no
maildir_broken_filename_sizes = no
maildir_copy_with_hardlinks = yes
maildir_empty_new = no
maildir_stat_dirs = no
maildir_very_dirty_syncs = no
managesieve_client_workarounds =
managesieve_implementation_string = Dovecot Pigeonhole
managesieve_logout_format = bytes=%i/%o
managesieve_max_compile_errors = 5
managesieve_max_line_length = 65536
managesieve_notify_capability = mailto
managesieve_sieve_capability = fileinto reject envelope encoded-character vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy include variables body enotify environment mailbox date ihave
master_user_separator =
mbox_dirty_syncs = yes
mbox_dotlock_change_timeout = 2 mins
mbox_lazy_writes = yes
mbox_lock_timeout = 5 mins
mbox_md5 = apop3d
mbox_min_index_size = 0
mbox_read_locks = fcntl
mbox_very_dirty_syncs = no
mbox_write_locks = fcntl dotlock
mdbox_preallocate_space = no
mdbox_purge_preserve_alt = no
mdbox_rotate_interval = 0
mdbox_rotate_size = 2 M
mmap_disable = no
namespace inbox {
disabled = no
hidden = no
ignore_on_failure = no
inbox = yes
list = yes
location =
mailbox Drafts {
auto = subscribe
driver =
special_use = \Drafts
}
mailbox Junk {
auto = subscribe
driver =
special_use = \Junk
}
mailbox Sent {
auto = subscribe
driver =
special_use = \Sent
}
mailbox "Sent Messages" {
auto = no
driver =
special_use = \Sent
}
mailbox Trash {
auto = subscribe
driver =
special_use = \Trash
}
mailbox virtual/All {
auto = subscribe
driver =
special_use = \All
}
prefix =
separator =
subscriptions = yes
type = private
}
passdb {
args = /etc/dovecot/dovecot-ldap.conf.ext
default_fields =
deny = no
driver = ldap
master = no
name =
override_fields =
pass = no
result_failure = continue
result_internalfail = continue
result_success = return-ok
skip = never
}
plugin {
sieve = /var/vmail/%u/sieve/active-script.sieve
sieve_before = /var/vmail/sieve/spam-global.sieve
sieve_dir = /var/vmail/%u/sieve/scripts/
}
pop3_client_workarounds =
pop3_deleted_flag =
pop3_enable_last = no
pop3_fast_size_lookups = no
pop3_lock_session = no
pop3_logout_format = top=%t/%p, retr=%r/%b, del=%d/%m, size=%s
pop3_no_flag_updates = no
pop3_reuse_xuidl = no
pop3_save_uidl = no
pop3_uidl_duplicates = allow
pop3_uidl_format = %08Xu%08Xv
pop3c_host =
pop3c_master_user =
pop3c_password =
pop3c_port = 110
pop3c_quick_received_date = no
pop3c_rawlog_dir =
pop3c_ssl = no
pop3c_ssl_verify = yes
pop3c_user = %u
postmaster_address =
protocols = " imap lmtp sieve"
quota_full_tempfail = no
recipient_delimiter = +
rejection_reason = Your message to <%t> was automatically rejected:%n%r
rejection_subject = Rejected: %s
replication_dsync_parameters = -d -N -l 30 -U
replication_full_sync_interval = 1 days
replication_max_conns = 10
replicator_host = replicator
replicator_port = 0
sendmail_path = /usr/sbin/sendmail
service aggregator {
chroot = .
client_limit = 0
drop_priv_before_exec = no
executable = aggregator
extra_groups =
fifo_listener replication-notify-fifo {
group =
mode = 0600
user =
}
group =
idle_kill = 0
privileged_group =
process_limit = 0
process_min_avail = 0
protocol =
service_count = 0
type =
unix_listener replication-notify {
group =
mode = 0600
user =
}
user = $default_internal_user
vsz_limit = 18446744073709551615 B
}
service anvil {
chroot = empty
client_limit = 0
drop_priv_before_exec = no
executable = anvil
extra_groups =
group =
idle_kill = 4294967295 secs
privileged_group =
process_limit = 1
process_min_avail = 1
protocol =
service_count = 0
type = anvil
unix_listener anvil-auth-penalty {
group =
mode = 0600
user =
}
unix_listener anvil {
group =
mode = 0600
user =
}
user = $default_internal_user
vsz_limit = 18446744073709551615 B
}
service auth-worker {
chroot =
client_limit = 1
drop_priv_before_exec = no
executable = auth -w
extra_groups =
group =
idle_kill = 0
privileged_group =
process_limit = 0
process_min_avail = 0
protocol =
service_count = 1
type =
unix_listener auth-worker {
group =
mode = 0600
user = $default_internal_user
}
user =
vsz_limit = 18446744073709551615 B
}
service auth {
chroot =
client_limit = 0
drop_priv_before_exec = no
executable = auth
extra_groups =
group =
idle_kill = 0
privileged_group =
process_limit = 1
process_min_avail = 0
protocol =
service_count = 0
type =
unix_listener /var/spool/postfix/private/auth {
group = postfix
mode = 0660
user = postfix
}
unix_listener auth-client {
group =
mode = 0600
user = $default_internal_user
}
unix_listener auth-login {
group =
mode = 0600
user = $default_internal_user
}
unix_listener auth-master {
group =
mode = 0600
user =
}
unix_listener auth-userdb {
group = vmail
mode = 0600
user = vmail
}
unix_listener login/login {
group =
mode = 0666
user =
}
unix_listener token-login/tokenlogin {
group =
mode = 0666
user =
}
user = $default_internal_user
vsz_limit = 18446744073709551615 B
}
service config {
chroot =
client_limit = 0
drop_priv_before_exec = no
executable = config
extra_groups =
group =
idle_kill = 0
privileged_group =
process_limit = 0
process_min_avail = 0
protocol =
service_count = 0
type = config
unix_listener config {
group =
mode = 0600
user =
}
user =
vsz_limit = 18446744073709551615 B
}
service dict {
chroot =
client_limit = 1
drop_priv_before_exec = no
executable = dict
extra_groups =
group =
idle_kill = 0
privileged_group =
process_limit = 0
process_min_avail = 0
protocol =
service_count = 0
type =
unix_listener dict {
group =
mode = 0600
user =
}
user = $default_internal_user
vsz_limit = 18446744073709551615 B
}
service director {
chroot = .
client_limit = 0
drop_priv_before_exec = no
executable = director
extra_groups =
fifo_listener login/proxy-notify {
group =
mode = 00
user =
}
group =
idle_kill = 4294967295 secs
inet_listener {
address =
port = 0
reuse_port = no
ssl = no
}
privileged_group =
process_limit = 1
process_min_avail = 0
protocol =
service_count = 0
type =
unix_listener director-admin {
group =
mode = 0600
user =
}
unix_listener director-userdb {
group =
mode = 0600
user =
}
unix_listener login/director {
group =
mode = 00
user =
}
user = $default_internal_user
vsz_limit = 18446744073709551615 B
}
service dns_client {
chroot =
client_limit = 1
drop_priv_before_exec = no
executable = dns-client
extra_groups =
group =
idle_kill = 0
privileged_group =
process_limit = 0
process_min_avail = 0
protocol =
service_count = 0
type =
unix_listener dns-client {
group =
mode = 0666
user =
}
user = $default_internal_user
vsz_limit = 18446744073709551615 B
}
service doveadm {
chroot =
client_limit = 1
drop_priv_before_exec = no
executable = doveadm-server
extra_groups =
group =
idle_kill = 0
privileged_group =
process_limit = 0
process_min_avail = 0
protocol =
service_count = 1
type =
unix_listener doveadm-server {
group =
mode = 0600
user =
}
user =
vsz_limit = 18446744073709551615 B
}
service imap-login {
chroot = login
client_limit = 0
drop_priv_before_exec = no
executable = imap-login
extra_groups =
group =
idle_kill = 0
inet_listener imap {
address =
port = 0
reuse_port = no
ssl = no
}
inet_listener imaps {
address =
port = 993
reuse_port = no
ssl = yes
}
privileged_group =
process_limit = 0
process_min_avail = 0
protocol = imap
service_count = 1
type = login
user = $default_login_user
vsz_limit = 18446744073709551615 B
}
service imap-urlauth-login {
chroot = token-login
client_limit = 0
drop_priv_before_exec = no
executable = imap-urlauth-login
extra_groups =
group =
idle_kill = 0
privileged_group =
process_limit = 0
process_min_avail = 0
protocol = imap
service_count = 1
type = login
unix_listener imap-urlauth {
group =
mode = 0666
user =
}
user = $default_login_user
vsz_limit = 18446744073709551615 B
}
service imap-urlauth-worker {
chroot =
client_limit = 1
drop_priv_before_exec = no
executable = imap-urlauth-worker
extra_groups =
group =
idle_kill = 0
privileged_group =
process_limit = 1024
process_min_avail = 0
protocol = imap
service_count = 1
type =
unix_listener imap-urlauth-worker {
group =
mode = 0600
user = $default_internal_user
}
user =
vsz_limit = 18446744073709551615 B
}
service imap-urlauth {
chroot =
client_limit = 1
drop_priv_before_exec = no
executable = imap-urlauth
extra_groups =
group =
idle_kill = 0
privileged_group =
process_limit = 1024
process_min_avail = 0
protocol = imap
service_count = 1
type =
unix_listener token-login/imap-urlauth {
group =
mode = 0666
user =
}
user = $default_internal_user
vsz_limit = 18446744073709551615 B
}
service imap {
chroot =
client_limit = 1
drop_priv_before_exec = no
executable = imap
extra_groups =
group =
idle_kill = 0
privileged_group =
process_limit = 1024
process_min_avail = 0
protocol = imap
service_count = 1
type =
unix_listener login/imap {
group =
mode = 0666
user =
}
user =
vsz_limit = 18446744073709551615 B
}
service indexer-worker {
chroot =
client_limit = 1
drop_priv_before_exec = no
executable = indexer-worker
extra_groups =
group =
idle_kill = 0
privileged_group =
process_limit = 10
process_min_avail = 0
protocol =
service_count = 0
type =
unix_listener indexer-worker {
group =
mode = 0600
user = $default_internal_user
}
user =
vsz_limit = 18446744073709551615 B
}
service indexer {
chroot =
client_limit = 0
drop_priv_before_exec = no
executable = indexer
extra_groups =
group =
idle_kill = 0
privileged_group =
process_limit = 1
process_min_avail = 0
protocol =
service_count = 0
type =
unix_listener indexer {
group =
mode = 0666
user =
}
user = $default_internal_user
vsz_limit = 18446744073709551615 B
}
service ipc {
chroot = empty
client_limit = 0
drop_priv_before_exec = no
executable = ipc
extra_groups =
group =
idle_kill = 0
privileged_group =
process_limit = 1
process_min_avail = 0
protocol =
service_count = 0
type =
unix_listener ipc {
group =
mode = 0600
user =
}
unix_listener login/ipc-proxy {
group =
mode = 0600
user = $default_login_user
}
user = $default_internal_user
vsz_limit = 18446744073709551615 B
}
service lmtp {
chroot =
client_limit = 1
drop_priv_before_exec = no
executable = lmtp
extra_groups =
group =
idle_kill = 0
privileged_group =
process_limit = 0
process_min_avail = 0
protocol = lmtp
service_count = 0
type =
unix_listener /var/spool/postfix/private/dovecot-lmtp {
group = postfix
mode = 0600
user = postfix
}
unix_listener lmtp {
group =
mode = 0666
user =
}
user =
vsz_limit = 18446744073709551615 B
}
service log {
chroot =
client_limit = 0
drop_priv_before_exec = no
executable = log
extra_groups =
group =
idle_kill = 4294967295 secs
privileged_group =
process_limit = 1
process_min_avail = 0
protocol =
service_count = 0
type = log
unix_listener log-errors {
group =
mode = 0600
user =
}
user =
vsz_limit = 18446744073709551615 B
}
service managesieve-login {
chroot = login
client_limit = 0
drop_priv_before_exec = no
executable = managesieve-login
extra_groups =
group =
idle_kill = 0
inet_listener sieve {
address = 0.0.0.0
port = 4190
reuse_port = no
ssl = no
}
privileged_group =
process_limit = 0
process_min_avail = 0
protocol = sieve
service_count = 1
type = login
user = $default_login_user
vsz_limit = 18446744073709551615 B
}
service managesieve {
chroot =
client_limit = 1
drop_priv_before_exec = no
executable = managesieve
extra_groups =
group =
idle_kill = 0
privileged_group =
process_limit = 0
process_min_avail = 0
protocol = sieve
service_count = 1
type =
unix_listener login/sieve {
group =
mode = 0666
user =
}
user =
vsz_limit = 18446744073709551615 B
}
service pop3-login {
chroot = login
client_limit = 0
drop_priv_before_exec = no
executable = pop3-login
extra_groups =
group =
idle_kill = 0
inet_listener pop3 {
address =
port = 110
reuse_port = no
ssl = no
}
inet_listener pop3s {
address =
port = 995
reuse_port = no
ssl = yes
}
privileged_group =
process_limit = 0
process_min_avail = 0
protocol = pop3
service_count = 1
type = login
user = $default_login_user
vsz_limit = 18446744073709551615 B
}
service pop3 {
chroot =
client_limit = 1
drop_priv_before_exec = no
executable = pop3
extra_groups =
group =
idle_kill = 0
privileged_group =
process_limit = 1024
process_min_avail = 0
protocol = pop3
service_count = 1
type =
unix_listener login/pop3 {
group =
mode = 0666
user =
}
user =
vsz_limit = 18446744073709551615 B
}
service replicator {
chroot =
client_limit = 0
drop_priv_before_exec = no
executable = replicator
extra_groups =
group =
idle_kill = 4294967295 secs
privileged_group =
process_limit = 1
process_min_avail = 0
protocol =
service_count = 0
type =
unix_listener replicator-doveadm {
group =
mode = 00
user = $default_internal_user
}
unix_listener replicator {
group =
mode = 0600
user = $default_internal_user
}
user =
vsz_limit = 18446744073709551615 B
}
service ssl-params {
chroot =
client_limit = 0
drop_priv_before_exec = no
executable = ssl-params
extra_groups =
group =
idle_kill = 0
privileged_group =
process_limit = 0
process_min_avail = 0
protocol =
service_count = 0
type = startup
unix_listener login/ssl-params {
group =
mode = 0666
user =
}
unix_listener ssl-params {
group =
mode = 0666
user =
}
user =
vsz_limit = 18446744073709551615 B
}
service stats {
chroot = empty
client_limit = 0
drop_priv_before_exec = no
executable = stats
extra_groups =
fifo_listener stats-mail {
group =
mode = 0600
user =
}
group =
idle_kill = 4294967295 secs
privileged_group =
process_limit = 1
process_min_avail = 0
protocol =
service_count = 0
type =
unix_listener stats {
group =
mode = 0600
user =
}
user = $default_internal_user
vsz_limit = 18446744073709551615 B
}
service tcpwrap {
chroot =
client_limit = 1
drop_priv_before_exec = no
executable = tcpwrap
extra_groups =
group =
idle_kill = 0
privileged_group =
process_limit = 0
process_min_avail = 0
protocol =
service_count = 0
type =
user = $default_internal_user
vsz_limit = 18446744073709551615 B
}
shutdown_clients = yes
ssl = required
ssl_ca =
ssl_cert = </etc/letsencrypt/live/mail.dev-eth0.de/fullchain.pem
ssl_cert_username_field = commonName
ssl_cipher_list = ALL:!LOW:!SSLv2:!EXP:!aNULL
ssl_client_ca_dir =
ssl_client_ca_file =
ssl_client_cert =
ssl_client_key =
ssl_crypto_device =
ssl_dh_parameters_length = 1024
ssl_key = </etc/letsencrypt/live/mail.dev-eth0.de/privkey.pem
ssl_key_password =
ssl_parameters_regenerate = 0
ssl_prefer_server_ciphers = no
ssl_protocols = !SSLv2
ssl_require_crl = yes
ssl_verify_client_cert = no
state_dir = /var/lib/dovecot
stats_command_min_time = 1 mins
stats_domain_min_time = 12 hours
stats_ip_min_time = 12 hours
stats_memory_limit = 16 M
stats_session_min_time = 15 mins
stats_user_min_time = 1 hours
submission_host =
syslog_facility = mail
userdb {
args = /etc/dovecot/dovecot-ldap.conf.ext
default_fields =
driver = ldap
name =
override_fields =
result_failure = continue
result_internalfail = continue
result_success = return-ok
skip = never
}
valid_chroot_dirs =
verbose_proctitle = no
verbose_ssl = no
version_ignore = no
protocol lmtp {
mail_plugins = " sieve"
userdb {
args = /etc/dovecot/dovecot-ldap-lmtp.conf.ext
driver = ldap
name =
}
}
protocol lda {
info_log_path =
log_path =
}
|
misterunknown
Ehemalige
Anmeldungsdatum: 28. Oktober 2009
Beiträge: 4403
Wohnort: Sachsen
|
deveth0 schrieb: Ja, habe ich beides drinnen, aber das ist doch auch nötig um die Authentifizierung korrekt abzuhandeln, oder?
Ich hab das Setup mal nachgestellt. Wenn ich disable_plaintext_auth auf "no" setze und "ssl=required" auskommentiere, kriege ich auch extern die entsprechenden SASL-Mechanismen.
Testweise habe ich es aber mal rausgenommen, ändert leider nichts ☹
Dovecot neu gestartet?
|
deveth0
(Themenstarter)
Anmeldungsdatum: 13. Juli 2016
Beiträge: 6
|
Ja, neu gestartet. Ich habe jetzt aber nochmal etwas rumprobiert und die Lösung gefunden: Das Problem ist, dass SASL erst angeboten wird, wenn man das STARTTLS command ausgeführt hat. Ich hatte mich auf die Anleitung hier verlassen:
http://wiki2.dovecot.org/Pigeonhole/ManageSieve/Troubleshooting Das hilft aber leider nichts, wenn gnutls das Zertifikat nicht anerkennt. Es wurde dann auch kein Fehler ausgegeben, es passierte einfach nichts. Sprich: jetzt läuft es ☺ Danke
|
sebix
Moderator, Webteam
Anmeldungsdatum: 14. April 2009
Beiträge: 5348
|
deveth0 schrieb: Das Problem ist, dass SASL erst angeboten wird, wenn man das STARTTLS command ausgeführt hat.
Das ist aber genau das, was misterunknown anmerkte:
misterunknown schrieb: Hast du irgendwo ssl=required oder disable_plaintext_auth=yes oder so drin?
Mit disable_plaintext_auth=yes hast du dir die Authentifizierung ohne TLS deaktiviert, was auch gut so ist.
|
deveth0
(Themenstarter)
Anmeldungsdatum: 13. Juli 2016
Beiträge: 6
|
Ja wenn ich so darüber nachdenke: stimmt.
Da scheint dann wohl irgendwas beim Restart von Dovecot nicht geklappt zu haben (oder es gab noch eine weitere Stelle in der ich die beiden Settings hatte). Läuft jetzt jedenfalls ☺
|