Dovecot not authenticating clients in mail server with postfix cyrus(for sasl authentication) and dovecot in centos 7

Question

As i have been building a mailserver i have another question in process that i haven't been able to find in google so i am expecting i will get a answer here

so The update is i have created a mailserver with postfix authenticated with sasl using cyrus and now i am attaching a imap server in it so for the process i am using dovecot.

As upto now i figured out that my smtp setup is fine and working as i wanted but dovecot is there giving some errors

my configurations are as follows

postconf -n

alias_database = hash:/etc/aliases
alias_maps = hash:/etc/aliases
broken_sasl_auth_clients = yes
command_directory = /usr/sbin
config_directory = /etc/postfix
daemon_directory = /usr/libexec/postfix
data_directory = /var/lib/postfix
debug_peer_level = 2
debugger_command = PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin ddd $daemon_directory/$process_name $process_id & sleep 5
html_directory = no
inet_interfaces = localhost, <interface ip>
inet_protocols = ipv4
local_recipient_maps = mysql:/etc/postfix/mysql-local.cf
mail_owner = postfix
mailq_path = /usr/bin/mailq.postfix
manpage_directory = /usr/share/man
mydestination = $myhostname, localhost.$mydomain, localhost, $mydomain
mydomain = ossnepal.com
myhostname = fqdn.mydomain.com
myorigin = $mydomain
newaliases_path = /usr/bin/newaliases.postfix
queue_directory = /var/spool/postfix
readme_directory = /usr/share/doc/postfix-2.10.1/README_FILES
sample_directory = /usr/share/doc/postfix-2.10.1/samples
sendmail_path = /usr/sbin/sendmail.postfix
setgid_group = postdrop
smtpd_sasl_auth_enable = yes
smtpd_sasl_path = smtpd
smtpd_sasl_security_options = noanonymous, noplaintext
smtpd_sasl_tls_security_options = noanonymous
smtpd_tls_auth_only = yes
smtpd_tls_cert_file = /etc/letsencrypt/live/fqdn.mydomain.com/cert.pem
smtpd_tls_key_file = /etc/letsencrypt/live/fqdn.mydomain.com/privkey.pem
smtpd_tls_security_level = encrypt
smtpd_use_tls = yes
unknown_local_recipient_reject_code = 550
virtual_alias_maps = mysql:/etc/postfix/mysql-alias.cf, mysql:/etc/postfix/mysql-check_email.cf
virtual_mailbox_domains = mysql:/etc/postfix/mysql-domains.cf
virtual_mailbox_maps = mysql:/etc/postfix/mysql-users.cf
virtual_transport = lmtp:unix:private/dovecot-lmtp

yum install dovecot*

dovecot -n

# 2.2.36 (1f10bfa63): /etc/dovecot/dovecot.conf
    # Pigeonhole version 0.4.24 (124e06aa)
    # OS: Linux 3.10.0-1160.15.2.el7.x86_64 x86_64 CentOS Linux release 7.9.2009 (Core) xfs
    # Hostname: fqdn.mydomain.com
    auth_mechanisms = plain login
    first_valid_uid = 1000
    mail_gid = vmail
    mail_location = maildir:/var/vmail/%d/%n
    mail_privileged_group = vmail
    mail_uid = vmail
    managesieve_notify_capability = mailto
    managesieve_sieve_capability = fileinto reject envelope encoded-character vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy include variables body enotify environment mailbox date index ihave duplicate mime foreverypart extracttext
    mbox_write_locks = fcntl
    namespace inbox {
      inbox = yes
      location = 
      mailbox Drafts {
        special_use = \Drafts
      }
      mailbox Junk {
        special_use = \Junk
      }
      mailbox Sent {
        special_use = \Sent
      }
      mailbox "Sent Messages" {
        special_use = \Sent
      }
      mailbox Trash {
        special_use = \Trash
      }
      prefix = 
    }
    passdb {
      driver = pam
    }
    passdb {
      args = /etc/dovecot/dovecot-sql.conf.ext
      driver = sql
    }
    plugin {
      sieve = file:~/sieve;active=~/.dovecot.sieve
    }
    service auth-worker {
      user = vmail
    }
    service auth {
      unix_listener /var/spool/postfix/private/auth {
        group = postfix
        mode = 0600
        user = postfix
      }
      unix_listener auth-userdb {
        mode = 0600
        user = vmail
      }
      user = dovecot
    }
    service imap-login {
      inet_listener imaps {
        port = 993
        ssl = yes
      }
    }
    service lmtp {
      unix_listener /var/spool/postfix/private/dovecot-lmtp {
        group = postfix
        mode = 0600
        user = postfix
      }
    }
    service pop3-login {
      inet_listener pop3s {
        port = 995
        ssl = yes
      }
    }
    ssl = required
    ssl_cert = </etc/letsencrypt/live/fqdn.mydomain.com/fullchain.pem
    ssl_key =  # hidden, use -P to show it
    userdb {
      driver = passwd
    }
    userdb {
      args = uid=vmail gid=vmail home=/var/vmail/%d/%n allow_all_users=yes
      driver = static
    }

cat /etc/dovecot/dovecot-sql.conf.ext

driver = mysql
connect = host=127.0.0.1 dbname=mailserver user=user password=secret
default_pass_scheme = SHA512-CRYPT
password_query = SELECT email as user, password FROM users WHERE email='%u';

tail -f /var/log/maillog

Feb 12 16:02:42 fqdn postfix/smtpd[9116]: connect from unknown[212.70.149.71]
Feb 12 16:02:43 fqdn postfix/smtpd[9116]: disconnect from unknown[212.70.149.71]
Feb 12 16:03:14 fqdn postfix/smtpd[9135]: connect from unknown[192.168.1.1]
Feb 12 16:03:14 fqdn postfix/smtpd[9131]: connect from unknown[192.168.1.1]
Feb 12 16:03:14 fqdn postfix/smtpd[9147]: connect from unknown[192.168.1.1]
Feb 12 16:03:14 fqdn postfix/smtpd[9137]: connect from unknown[192.168.1.1]
Feb 12 16:03:15 fqdn postfix/smtpd[9116]: connect from unknown[192.168.1.1]
Feb 12 16:03:15 fqdn postfix/smtpd[9136]: connect from unknown[192.168.1.1]
Feb 12 16:03:15 fqdn dovecot: imap-login: Aborted login (no auth attempts in 1 secs): user=<>, rip=192.168.1.1, lip=111.11.11.22, session=</BNE9CC7qOl0WuTK>
Feb 12 16:03:15 fqdn postfix/smtpd[9135]: improper command pipelining after EHLO from unknown[192.168.1.1]: QUIT\r\n
Feb 12 16:03:15 fqdn postfix/smtpd[9131]: improper command pipelining after EHLO from unknown[192.168.1.1]: QUIT\r\n
Feb 12 16:03:15 fqdn postfix/smtpd[9131]: disconnect from unknown[192.168.1.1]
Feb 12 16:03:15 fqdn postfix/smtpd[9135]: disconnect from unknown[192.168.1.1]
Feb 12 16:03:15 fqdn dovecot: imap-login: Aborted login (no auth attempts in 1 secs): user=<>, rip=192.168.1.1, lip=111.11.11.22, session=<LBZE9CC7qul0WuTK>
Feb 12 16:03:15 fqdn postfix/smtpd[9137]: improper command pipelining after EHLO from unknown[192.168.1.1]: QUIT\r\n
Feb 12 16:03:15 fqdn postfix/smtpd[9147]: improper command pipelining after EHLO from unknown[192.168.1.1]: QUIT\r\n
Feb 12 16:03:15 fqdn postfix/smtpd[9136]: improper command pipelining after EHLO from unknown[192.168.1.1]: QUIT\r\n
Feb 12 16:03:15 fqdn postfix/smtpd[9116]: improper command pipelining after EHLO from unknown[192.168.1.1]: QUIT\r\n
Feb 12 16:03:15 fqdn postfix/smtpd[9147]: disconnect from unknown[192.168.1.1]
Feb 12 16:03:15 fqdn postfix/smtpd[9136]: disconnect from unknown[192.168.1.1]
Feb 12 16:03:15 fqdn postfix/smtpd[9137]: disconnect from unknown[192.168.1.1]
Feb 12 16:03:15 fqdn postfix/smtpd[9116]: disconnect from unknown[192.168.1.1]
Feb 12 16:03:15 fqdn postfix/smtpd[9135]: connect from unknown[192.168.1.1]
Feb 12 16:03:15 fqdn postfix/smtpd[9148]: connect from unknown[192.168.1.1]
Feb 12 16:03:15 fqdn dovecot: pop3-login: Aborted login (no auth attempts in 1 secs): user=<>, rip=192.168.1.1, lip=111.11.11.22, session=<xxxE9CC7qel0WuTK>
Feb 12 16:03:15 fqdn postfix/smtpd[9135]: lost connection after CONNECT from unknown[192.168.1.1]
Feb 12 16:03:15 fqdn postfix/smtpd[9148]: lost connection after CONNECT from unknown[192.168.1.1]
Feb 12 16:03:15 fqdn postfix/smtpd[9135]: disconnect from unknown[192.168.1.1]
Feb 12 16:03:15 fqdn postfix/smtpd[9148]: disconnect from unknown[192.168.1.1]
Feb 12 16:03:15 fqdn dovecot: pop3-login: Aborted login (no auth attempts in 0 secs): user=<>, rip=192.168.1.1, lip=111.11.11.22, session=<ME1E9CC7q+l0WuTK>



Feb 12 16:03:56 fqdn dovecot: imap-login: Disconnected (auth failed, 3 attempts in 20 secs): user=<user>, method=PLAIN, rip=192.168.1.1, lip=111.11.11.22, TLS, session=<KPmR9SC7tOl0WuTK>
Feb 12 16:04:16 fqdn dovecot: imap-login: Disconnected (auth failed, 3 attempts in 20 secs): user=<user@domain.com>, method=PLAIN, rip=192.168.1.1, lip=111.11.11.22, TLS, session=<BRG99iC7tel0WuTK>

I have allowed every required port in database 993,995,143,80,443,25,587,465,110.....

My table structure is as this sites

http://blog.vettore.org/centos-7-or-rhel-very-simple-configuration-of-a-mailserver-with-postfix-dovecot-mysql-part-1/

I have followed this article for setup

https://www.linode.com/docs/guides/email-with-postfix-dovecot-and-mariadb-on-centos-7/

Answer 1

I've read through your post and did not see a question. :-)

If I understand well, you have an SMTP server (postfix) running and are using Cyrus SASL for authentication. Although the logs seems to suggest otherwise, I will assume this is working.

You are now adding an IMAP server (dovecot) to this setup. Since dovecot also has it's own SASL implementation, it is important to be aware that those two SASL implementations exist.

From your mail log, I see both warnings/errors for postfix and dovecot. I wonder if your question is about either postfix or dovecot. Or even if it's firewall related (opening ports in a database???).

Can you specify your question?

Answer 2

I guess i got your error again ... haha

i am pretty sure you have messed around with the table configuration about how to look for the table going through your question very nicely and watching the sites solution you have given i found that you have might mixed the configuration of two sites where both sites have same solution but the issue is that you might have defined the uplook mechanism for dovecot to leek in the table with password mechanism as cram sha5 but by far i am guessing you have placed your password in table as plain so just change the password lookup mechanism in the dovecot /etc/dovecot/dovecot-sql-conf.ext(you dovecot sql lookup query) and change the table viewing mechnism to plain from sha... it will do the work i guess

THANKS ;-)