Join Log in
Score:1
avatar Server

How to log in to a postfix+dovecot mail account

jp flag
Giuseppe Colucci

After roughly 6 hours of searching i decided to ask help here

I've tryied setting up postfix, everything worked great

Then I've decided to use my emails on thunderbolt, which didn't work

So i figured out that i had to setup a SASL auth, so I did (Or at least, i think I've set it up as telnet replies with "AUTH PLAIN")

Okay, now that you have a general idea, there are my configs:

/etc/postfix/main.cf

smtpd_banner = $myhostname ESMTP $mail_name
biff = no

# appending .domain is the MUA's job.
append_dot_mydomain = no

# Uncomment the next line to generate "delayed mail" warnings
#delay_warning_time = 4h

readme_directory = no

# See http://www.postfix.org/COMPATIBILITY_README.html -- default to 2 on
# fresh installs.
compatibility_level = 2



# TLS parameters
smtpd_tls_cert_file = /etc/letsencrypt/live/randomdevs.org/fullchain.pem
smtpd_tls_key_file = /etc/letsencrypt/live/randomdevs.org/privkey.pem
smtpd_tls_security_level = may

smtp_tls_CApath=/etc/ssl/certs
smtp_tls_security_level = may
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache


smtpd_relay_restrictions = permit_mynetworks permit_sasl_authenticated reject_unauth_destination
myhostname = randomdevs.org
alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases
myorigin = /etc/mailname
mydestination = $mydomain, $myhostname, localhost.$myhostname, , localhost
relayhost =
mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128
mailbox_size_limit = 0
recipient_delimiter = +
inet_interfaces = all
inet_protocols = all
home_mailbox = Maildir/
mydomain = randomdevs.org
smtpd_sasl_type = dovecot
smtpd_sasl_path = private/auth
smtpd_sasl_local_domain =
smtpd_sasl_security_options = noanonymous
smtpd_sasl_tls_security_options = noanonymous
broken_sasl_auth_clients = yes
smtpd_sasl_auth_enable = yes
smtpd_recipient_restrictions = permit_sasl_authenticated,permit_mynetworks,reject_unauth_destination
smtp_tls_note_starttls_offer = yes
smtpd_tls_loglevel = 1
smtpd_tls_received_header = yes
smtpd_sasl_authenticated_header = yes
virtual_alias_domains = $mydomain
virtual_alias_maps = hash:/etc/postfix/virtual

/etc/postfix/master.cf

# service type  private unpriv  chroot  wakeup  maxproc command + args
#               (yes)   (yes)   (no)    (never) (100)
# ==========================================================================
smtp      inet  n       -       y       -       -       smtpd -v

pickup    unix  n       -       y       60      1       pickup
cleanup   unix  n       -       y       -       0       cleanup
qmgr      unix  n       -       n       300     1       qmgr
#qmgr     unix  n       -       n       300     1       oqmgr
tlsmgr    unix  -       -       y       1000?   1       tlsmgr
rewrite   unix  -       -       y       -       -       trivial-rewrite
bounce    unix  -       -       y       -       0       bounce
defer     unix  -       -       y       -       0       bounce
trace     unix  -       -       y       -       0       bounce
verify    unix  -       -       y       -       1       verify
flush     unix  n       -       y       1000?   0       flush
proxymap  unix  -       -       n       -       -       proxymap
proxywrite unix -       -       n       -       1       proxymap
smtp      unix  -       -       y       -       -       smtp -v
relay     unix  -       -       y       -       -       smtp
        -o syslog_name=postfix/$service_name
        
showq     unix  n       -       y       -       -       showq
error     unix  -       -       y       -       -       error
retry     unix  -       -       y       -       -       error
discard   unix  -       -       y       -       -       discard
local     unix  -       n       n       -       -       local
virtual   unix  -       n       n       -       -       virtual
lmtp      unix  -       -       y       -       -       lmtp
anvil     unix  -       -       y       -       1       anvil
scache    unix  -       -       y       -       1       scache
postlog   unix-dgram n  -       n       -       1       postlogd

maildrop  unix  -       n       n       -       -       pipe
  flags=DRXhu user=vmail argv=/usr/bin/maildrop -d ${recipient}
  
uucp      unix  -       n       n       -       -       pipe
  flags=Fqhu user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail ($recipient)
  
ifmail    unix  -       n       n       -       -       pipe
  flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient)
bsmtp     unix  -       n       n       -       -       pipe
  flags=Fq. user=bsmtp argv=/usr/lib/bsmtp/bsmtp -t$nexthop -f$sender $recipient
scalemail-backend unix -       n       n       -       2       pipe
  flags=R user=scalemail argv=/usr/lib/scalemail/bin/scalemail-store ${nexthop} ${user} ${extension}
mailman   unix  -       n       n       -       -       pipe
  flags=FRX user=list argv=/usr/lib/mailman/bin/postfix-to-mailman.py ${nexthop} ${user}

/etc/dovecot/conf.d/10-auth.conf

disable_plaintext_auth = yes
auth_mechanisms = plain login
!include auth-system.conf.ext

/etc/dovecot/conf.d/10-master.conf

service imap-login {
  inet_listener imap {
    port = 143
  }
}
service pop3-login {
  inet_listener pop3 {
    port = 110
  }
}

service auth {
  unix_listener /var/spool/postfix/private/auth {
    mode = 0660
    user = postfix
    group = postfix
  }
}

Telnet output

Trying 207.180.254.22...
Connected to randomdevs.org.
Escape character is '^]'.
220 randomdevs.org ESMTP Postfix
EHLO $hostname
250-randomdevs.org
250-PIPELINING
250-SIZE 10240000
250-VRFY
250-ETRN
250-STARTTLS
250-AUTH PLAIN LOGIN
250-AUTH=PLAIN LOGIN
250-ENHANCEDSTATUSCODES
250-8BITMIME
250-DSN
250-SMTPUTF8
250 CHUNKING
AUTH PLAIN
334
xxxxxxxx **HERE, I'VE USED A BASE64 STRING ENCODED LIKE SO: echo -ne "\000username\000password" | openssl base64
535 5.7.8 Error: authentication failed:
AUTH LOGIN
334 VXNlcm5hbWU6
root **IM NOT SURE HERE IF IT IS THE RIGHT THING TO WRITE, IN FACT, I DON'T KNOW**

As you can see, I'm unable to login.

How is this possible? Could someone help me or anything?

Thanks in advance, and have a nice day!

EDIT: I've edited the Telnet output to explain better what i did, and when I'm talking about thunderbird, "Didn't work" means this: [Thunderbird settings][1] [Used user][2]

P.S: Please don't downvote this question, I've really searched everything that I could, and after 6/7 hours I gave up and tryied to ask here. Be nice please, this is the first time I've ever used postfix

With those settings, thunderbird still says that it can't find the settings for my email account. [1]: https://i.stack.imgur.com/Ra92L.png [2]: https://i.stack.imgur.com/uM4kX.png

56
0 + 0
anx avatar
fr flag
anx
Dovecot [ships a command specifically to test your dovecot authentication](https://doc.dovecot.org/admin_manual/debugging/debugging_authentication/#debugging-authentication): `doveadm auth test user` - have you tried that? What does it say?
1
Reply
jp flag
Giuseppe Colucci
Hello @anx, thanks for your answer, this helped a bit with the understanding of the problem, doveadm auth test test 1234 DOES work. passdb: info auth succeeded and also, i'm editing the question
0
Reply
Score:1
Nikita Kipriyanov avatar Server
za flag
Nikita Kipriyanov

On wire LOGIN credentials are presented not in the raw form, but base64-encoded, just like it presented words "Username" and "Password" to you. So, for example, username root will be sent as cm9vdA==.

The PLAIN auth uses both username and password serialized into a single string, which is again base64-encoded: base64('\0' | login | '\0' | password), where | denotes concatenation and '\0' is a literal zero octet (an ASCII NUL character). The string encoded this way is replied after 334 message, or put directly into auth command. There could be additional thing before first NUL, but don't care about that yet, if you do, read RFC4616.

Read for example, here for details.

A word of caution: never enable LOGIN or PLAIN mechanism without SSL/TLS layer, because anybody who can capture traffic can observe these base64 strings on the wire, decode them and extract credentials.

0 + 0
jp flag
Giuseppe Colucci
Hello Nikita, thanks! This is probably the problem. But how should I encode the string? I've edited the question (See telnet output) and as you can see, I've did this, what i'm doing wrong?
0
Reply
ธงชาติไทย
Elon Musk
I sit in a Tesla and translated this thread with Ai:

mangohost

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.