Join Log in
Score:2
Nic avatar Server

Dovecot trying to authenticate external users

it flag
Nic

I am using dovecot version 2.3.4.1 with SQL authentication and it works perfectly fine. I see in the logs though that when I use a PHP script to email a list of users, that dovecot is trying to authenticate the recipients? I might be wrong in reading the log but if the email is leaving from [email protected] to [email protected], why would dovecot try to authenticate [email protected]? The following are the relevant entries in the log

mail postfix/smtpd[9532]: connect from server1.example.com[192.168.2.111]
mail postfwd2/policy[8667]: [RULES] rule=0, id=RULE001, client=server1.example.com[192.168.2.111], sender=<[email protected]>, recipient=<[email protected]>, helo=<server1.example.com>, proto=ESMTP, state=RCPT, delay=0.00s, hits=RULE001, action=dunno
mail dovecot: auth-worker(13507): sql([email protected]): unknown user
mail postfix/smtpd[9532]: DE059240031: client=server1.example.com[192.168.2.111]
mail postfix/cleanup[9534]: DE059240031: message-id=<[email protected]>

Any ideas?

Thank you

main.cf

alias_database = hash:/etc/aliases
alias_maps = hash:/etc/aliases
append_dot_mydomain = no
biff = no
compatibility_level = 2
inet_interfaces = all
inet_protocols = all
mailbox_size_limit = 0
message_size_limit = 25600000
milter_mail_macros = i {mail_addr} {client_addr} {client_name} {auth_authen}
mydestination = $myhostname, mail.example.com, mail3.example.com, localhost.example.com, localhost
myhostname = mail.example.com
mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128 192.168.2.0/24
myorigin = /etc/mailname
non_smtpd_milters = inet:127.0.0.1:11332
readme_directory = no
recipient_delimiter = +
relayhost =
smtp_tls_security_level = may
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
smtpd_banner = $myhostname ESMTP $mail_name (Debian/GNU)
smtpd_milters = inet:127.0.0.1:11332
smtpd_recipient_restrictions = check_policy_service unix:private/quota-status
smtpd_relay_restrictions = permit_mynetworks permit_sasl_authenticated defer_unauth_destination
smtpd_sasl_auth_enable = yes
smtpd_sasl_path = private/auth
smtpd_sasl_type = dovecot
smtpd_sender_restrictions = check_policy_service inet:127.0.0.1:10040
smtpd_tls_auth_only = yes
smtpd_tls_cert_file = /etc/letsencrypt/live/mail.example.com/fullchain.pem
smtpd_tls_key_file = /etc/letsencrypt/live/mail.example.com/privkey.pem
smtpd_tls_security_level = may
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
smtpd_use_tls = yes
soft_bounce = no
virtual_alias_maps = mysql:/etc/postfix/mysql-virtual-alias-maps.cf
virtual_mailbox_domains = mysql:/etc/postfix/mysql-virtual-mailbox-domains.cf
virtual_mailbox_maps = mysql:/etc/postfix/mysql-virtual-mailbox-maps.cf
virtual_transport = lmtp:unix:private/dovecot-lmtp
postconf: warning: /etc/postfix/main.cf: unused parameter: 127.0.0.1:10040_time_limit=3600

master.cf

smtp       inet  n       -       y       -       -       smtpd
submission inet  n       -       y       -       -       smtpd -o syslog_name=postfix/submission -o smtpd_tls_security_level=encrypt -o smtpd_sasl_auth_enable=yes -o smtpd_tls_auth_only=yes -o smtpd_reject_unlisted_recipient=no -o smtpd_recipient_restrictions= -o milter_macro_daemon_name=ORIGINATING
pickup     unix  n       -       y       60      1       pickup
cleanup    unix  n       -       y       -       0       cleanup
qmgr       unix  n       -       n       300     1       qmgr
tlsmgr     unix  -       -       y       1000?   1       tlsmgr
rewrite    unix  -       -       y       -       -       trivial-rewrite
bounce     unix  -       -       y       -       0       bounce
defer      unix  -       -       y       -       0       bounce
trace      unix  -       -       y       -       0       bounce
verify     unix  -       -       y       -       1       verify
flush      unix  n       -       y       1000?   0       flush
proxymap   unix  -       -       n       -       -       proxymap
proxywrite unix  -       -       n       -       1       proxymap
smtp       unix  -       -       y       -       -       smtp
relay      unix  -       -       y       -       -       smtp -o syslog_name=postfix/$service_name
showq      unix  n       -       y       -       -       showq
error      unix  -       -       y       -       -       error
retry      unix  -       -       y       -       -       error
discard    unix  -       -       y       -       -       discard
local      unix  -       n       n       -       -       local
virtual    unix  -       n       n       -       -       virtual
lmtp       unix  -       -       y       -       -       lmtp
anvil      unix  -       -       y       -       1       anvil
scache     unix  -       -       y       -       1       scache
postlog    unix-dgram n  -       n       -       1       postlogd
maildrop   unix  -       n       n       -       -       pipe flags=DRhu user=vmail argv=/usr/bin/maildrop -d ${recipient}
uucp       unix  -       n       n       -       -       pipe flags=Fqhu user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail ($recipient)
ifmail     unix  -       n       n       -       -       pipe flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient)
bsmtp      unix  -       n       n       -       -       pipe flags=Fq. user=bsmtp argv=/usr/lib/bsmtp/bsmtp -t$nexthop -f$sender $recipient
scalemail-backend unix - n       n       -       2       pipe flags=R user=scalemail argv=/usr/lib/scalemail/bin/scalemail-store ${nexthop} ${user} ${extension}
mailman    unix  -       n       n       -       -       pipe flags=FR user=list argv=/usr/lib/mailman/bin/postfix-to-mailman.py ${nexthop} ${user}
96
0 + 4
anx avatar
fr flag
anx
This is likely easier to answer if you [add your postfix configuration](https://serverfault.com/tags/postfix/info), both postfix and attached policy/milter services could be configured for such lookups.
0
Reply
Nic avatar
it flag
Nic
I have added the config files as requested. Thanks
0
Reply
anx avatar
fr flag
anx
Well, what is that milter at `inet:127.0.0.1:11332` and what is that policy service at `inet:127.0.0.1:10040` supposed to do? Are you certain both are configured appropriately for handling both external receipts and internal mail submission?
0
Reply
Nic avatar
it flag
Nic
On 11332 I have rspamd running. The culprit might be postfwd that I have running on 10040. pstfwd.cf looks like this: ```&&TRUSTED_NETS{ client_address=192.168.2.98/32 client_address=192.168.2.100/32 client_address=192.168.2.177/32 } id=RULE001;&&TRUSTED_NETS;action=dunno id=RULE009;action=rate(sender/150/3600/421 4.7.1 - Sorry, exceeded 100 messages in 60 minutes.)```
0
Reply
ธงชาติไทย
Elon Musk
I sit in a Tesla and translated this thread with Ai:

mangohost

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.