Re: Problema com postfix + mysql + sasl no debian Lenny
Christiano,
Para mim o dovecot tem funcionado para autenticar SMTP. Eu integrei
ele com o Postfix e autenticação tem funcionado sem problemas. No meu
caso, o Dovecot serve como servidor POP e IMAP e autenticador do SMTP.
Eu uso ele no lugar do SASL.
[ ]'s
Júlio
2010/1/18 Christiano Rogerio Liberato <cristianoliberato@hotmail.com>:
> Julio,
>
> pois é, isso que tinha comentado abaixo com você. Até onde li o dovecot não
> funciona autenticando smtp.
> Voce tem smtp funcionando ai?
>
> Att,
> Christiano.
>
>> Date: Sun, 17 Jan 2010 18:37:20 -0200
>> Subject: Re: Problema com postfix + mysql + sasl no debian Lenny
>> From: julioh1203@gmail.com
>> To: cristianoliberato@hotmail.com
>>
>> Olá Christiano,
>>
>> Eu acredito que não, mas faça um teste comentando a linha "protocols =
>> imap imaps pop3 pop3s" do dovecot.conf.
>>
>> Segue o meu dovecot sem comentários:
>>
>> ## Dovecot configuration file
>>
>> protocols = imap imaps pop3 pop3s
>>
>> disable_plaintext_auth = no
>>
>> ## Logging
>>
>> log_timestamp = "%Y-%m-%d %H:%M:%S "
>>
>> ##
>> ## Mailbox locations and namespaces
>> ##
>>
>> mail_location = maildir:/home/vmail/%d/%n
>>
>> mail_privileged_group = mail
>>
>> ## IMAP specific settings
>> protocol imap {
>> }
>>
>> ## POP3 specific settings
>> protocol pop3 {
>> pop3_uidl_format = %08Xu%08Xv
>> }
>>
>> ## MANAGESIEVE specific settings
>> protocol managesieve {
>> sieve=~/.dovecot.sieve
>> sieve_storage=~/sieve
>> }
>>
>> ## LDA specific settings
>> protocol lda {
>> auth_socket_path = /var/run/dovecot/auth-master
>> mail_plugins = cmusieve
>> }
>>
>> ## Authentication processes
>>
>> auth default {
>> mechanisms = plain login
>>
>> # SQL database <doc/wiki/AuthDatabase.SQL.txt>
>> passdb sql {
>> # Path for SQL configuration file
>> args = /etc/dovecot/dovecot-sql.conf
>> }
>>
>> userdb static {
>> args = uid=5000 gid=5000 home=/home/vmail/%d/%n allow_all_users=yes
>> }
>>
>> user = root
>>
>> socket listen {
>> master {
>> path = /var/run/dovecot/auth-master
>> mode = 0600
>> # Default user/group is the one who started dovecot-auth (root)
>> user = vmail
>> #group =
>> }
>> client {
>> path = /var/spool/postfix/private/auth
>> mode = 0660
>> user = postfix
>> group = postfix
>> }
>> }
>> }
>>
>> ## Dictionary server settings
>> dict {
>> #quota = mysql:/etc/dovecot-dict-quota.conf
>> }
>>
>> ## Plugin settings
>>
>> plugin {
>> }
>>
>> Segue o Dovecot.sql:
>>
>> Database driver: mysql, pgsql, sqlite
>> driver = mysql
>>
>> # Database connection string. This is driver-specific setting.
>> connect = host=localhost dbname=mail user=usuario password=senha
>>
>> # Default password scheme.
>> default_pass_scheme = CRYPT
>>
>> # Query to retrieve the password.
>> password_query = SELECT password FROM users WHERE email = '%u'
>>
>>
>> Abs.,
>>
>> Júlio
>>
>>
>>
>> 2010/1/16 Christiano Rogerio Liberato <cristianoliberato@hotmail.com>:
>> > Opa julio, acho que me equivoquei entao.
>> >
>> > No meu ambiente ja tenho pop3 e imap funcionando com maildrop
>> > consultando no
>> > mysql. Posso instalar o dovecot-common somente para o smtp?
>> > O dovecot.conf ficara do mesmo jeito que vc anexou abaixo?
>> > Outra coisa, pra facilitar pra mim, me mande seu dovecot.conf sem ser
>> > colado
>> > no email porque ele veio todo quebrado e como o arquivo tem muitas
>> > linhas é
>> > ruim pra formatar.
>> >
>> > Att,
>> > Christiano.
>> >
>> >
>> >> Date: Thu, 14 Jan 2010 20:01:58 -0200
>> >> Subject: Re: Problema com postfix + mysql + sasl no debian Lenny
>> >> From: julioh1203@gmail.com
>> >> To: cristianoliberato@hotmail.com
>> >>
>> >> Olá Christiano,
>> >>
>> >> Não entendi? Como assim não funciona com smtp? Eu usei o meu com
>> >> postfix e ficou ok.
>> >>
>> >> [ ]'s
>> >>
>> >> Júlio
>> >>
>> >>
>> >> 2010/1/14 Christiano Rogerio Liberato <cristianoliberato@hotmail.com>:
>> >> > Julio,
>> >> >
>> >> > obrigado ai pela força mas o dovecot nao funciona com smtp.
>> >> >
>> >> > Att,
>> >> > Christiano.
>> >> >
>> >> >
>> >> >> Date: Thu, 14 Jan 2010 16:09:02 -0200
>> >> >> Subject: Re: Problema com postfix + mysql + sasl no debian Lenny
>> >> >> From: julioh1203@gmail.com
>> >> >> To: cristianoliberato@hotmail.com
>> >> >> CC: debian-user-portuguese@lists.debian.org
>> >> >>
>> >> >> Vou te passar abaixo um tutorial que uso, eu ainda vou publicar ele
>> >> >> no
>> >> >> Viva o Linux, mas preciso formatar ele direitinho.
>> >> >>
>> >> >> Eu instalo o dovecot-common, imapd e pop3d.
>> >> >>
>> >> >> Segue um pedaço do tutorial referente ao dovecot:
>> >> >>
>> >> >> DOVECOT
>> >> >> # Editar /etc/dovecot.conf e alterar as seguintes linhas:
>> >> >>
>> >> >> protocols = pop3 pop3s imap imaps
>> >> >> disable_plaintext_auth = no
>> >> >> log_timestamp = "%Y-%m-%d %H:%M:%S "
>> >> >> mail_location = maildir:/home/vmail/%d/%n
>> >> >> # Hierarchy separator to use. You should use the same separator for
>> >> >> all
>> >> >> # namespaces or some clients get confused. '/' is usually a good
>> >> >> one.
>> >> >> # The default however depends on the underlying mail storage format.
>> >> >> #separator =
>> >> >> # Prefix required to access this namespace. This needs to be
>> >> >> different
>> >> >> for
>> >> >> # all namespaces. For example "Public/".
>> >> >> #prefix =
>> >> >> # Physical location of the mailbox. This is in same format as
>> >> >> # mail_location, which is also the default for it.
>> >> >> #location =
>> >> >> # There can be only one INBOX, and this setting defines which
>> >> >> namespace
>> >> >> # has it.
>> >> >> #inbox = yes
>> >> >> # If namespace is hidden, it's not advertised to clients via
>> >> >> NAMESPACE
>> >> >> # extension or shown in LIST replies. This is mostly useful when
>> >> >> converting
>> >> >> # from another server with different namespaces which you want to
>> >> >> depricate
>> >> >> # but still keep working. For example you can create hidden
>> >> >> namespaces
>> >> >> with
>> >> >> # prefixes "~/mail/", "~%u/mail/" and "mail/".
>> >> >> #hidden = yes
>> >> >> mail_privileged_group = mail
>> >> >> protocol imap {
>> >> >> # Login executable location.
>> >> >> #login_executable = /usr/lib/dovecot/imap-login
>> >> >> # IMAP executable location. Changing this allows you to execute
>> >> >> other
>> >> >> # binaries before the imap process is executed.
>> >> >> #
>> >> >> # This would write rawlogs into ~/dovecot.rawlog/ directory:
>> >> >> # mail_executable = /usr/lib/dovecot/rawlog /usr/lib/dovecot/imap
>> >> >> #
>> >> >> # This would attach gdb into the imap process and write backtraces
>> >> >> into
>> >> >> # /tmp/gdbhelper.* files:
>> >> >> # mail_executable = /usr/libexec/dovecot/gdbhelper
>> >> >> /usr/libexec/dovecot/imap
>> >> >> #
>> >> >> #mail_executable = /usr/lib/dovecot/imap
>> >> >> # Maximum IMAP command line length in bytes. Some clients generate
>> >> >> very
>> >> >> long
>> >> >> # command lines with huge mailboxes, so you may need to raise this
>> >> >> if
>> >> >> you
>> >> >> get
>> >> >> # "Too long argument" or "IMAP command line too large" errors often.
>> >> >> #imap_max_line_length = 65536
>> >> >> # Support for dynamically loadable plugins. mail_plugins is a space
>> >> >> separated
>> >> >> # list of plugins to load.
>> >> >> #mail_plugins =
>> >> >> #mail_plugin_dir = /usr/lib/dovecot/modules/imap
>> >> >> # Send IMAP capabilities in greeting message. This makes it
>> >> >> unnecessary
>> >> >> for
>> >> >> # clients to request it with CAPABILITY command, so it saves one
>> >> >> round-trip.
>> >> >> # Many clients however don't understand it and ask the CAPABILITY
>> >> >> anyway.
>> >> >> #login_greeting_capability = no
>> >> >> # Override the IMAP CAPABILITY response.
>> >> >> #imap_capability =
>> >> >> # Workarounds for various client bugs:
>> >> >> # delay-newmail:
>> >> >> # Send EXISTS/RECENT new mail notifications only when replying to
>> >> >> NOOP
>> >> >> # and CHECK commands. Some clients ignore them otherwise, for
>> >> >> example
>> >> >> OSX
>> >> >> # Mail (<v2.1). Outlook Express breaks more badly though, without
>> >> >> this
>> >> >> it
>> >> >> # may show user "Message no longer in server" errors. Note that OE6
>> >> >> still
>> >> >> # breaks even with this workaround if synchronization is set to
>> >> >> # "Headers Only".
>> >> >> # outlook-idle:
>> >> >> # Outlook and Outlook Express never abort IDLE command, so if no
>> >> >> mail
>> >> >> # arrives in half a hour, Dovecot closes the connection. This is
>> >> >> still
>> >> >> # fine, except Outlook doesn't connect back so you don't see if new
>> >> >> mail
>> >> >> # arrives.
>> >> >> # netscape-eoh:
>> >> >> # Netscape 4.x breaks if message headers don't end with the empty
>> >> >> "end
>> >> >> of
>> >> >> # headers" line. Normally all messages have this, but setting this
>> >> >> # workaround makes sure that Netscape never breaks by adding the
>> >> >> line
>> >> >> if
>> >> >> # it doesn't exist. This is done only for FETCH
>> >> >> BODY[HEADER.FIELDS..]
>> >> >> # commands. Note that RFC says this shouldn't be done.
>> >> >> # tb-extra-mailbox-sep:
>> >> >> # With mbox storage a mailbox can contain either mails or
>> >> >> submailboxes,
>> >> >> # but not both. Thunderbird separates these two by forcing server to
>> >> >> # accept '/' suffix in mailbox names in subscriptions list.
>> >> >> # The list is space-separated.
>> >> >> #imap_client_workarounds = outlook-idle
>> >> >> }
>> >> >>
>> >> >> protocol pop3 {
>> >> >> # Login executable location.
>> >> >> #login_executable = /usr/lib/dovecot/pop3-login
>> >> >> # POP3 executable location. See IMAP's mail_executable above for
>> >> >> examples
>> >> >> # how this could be changed.
>> >> >> #mail_executable = /usr/lib/dovecot/pop3
>> >> >> # Don't try to set mails non-recent or seen with POP3 sessions. This
>> >> >> is
>> >> >> # mostly intended to reduce disk I/O. With maildir it doesn't move
>> >> >> files
>> >> >> # from new/ to cur/, with mbox it doesn't write Status-header.
>> >> >> #pop3_no_flag_updates = no
>> >> >> # Support LAST command which exists in old POP3 specs, but has been
>> >> >> removed
>> >> >> # from new ones. Some clients still wish to use this though.
>> >> >> Enabling
>> >> >> this
>> >> >> # makes RSET command clear all \Seen flags from messages.
>> >> >> #pop3_enable_last = no
>> >> >> # If mail has X-UIDL header, use it as the mail's UIDL.
>> >> >> #pop3_reuse_xuidl = no
>> >> >> # Keep the mailbox locked for the entire POP3 session.
>> >> >> #pop3_lock_session = no
>> >> >> # POP3 UIDL (unique mail identifier) format to use. You can use
>> >> >> following
>> >> >> # variables:
>> >> >> #
>> >> >> # %v - Mailbox's IMAP UIDVALIDITY
>> >> >> # %u - Mail's IMAP UID
>> >> >> # %m - MD5 sum of the mailbox headers in hex (mbox only)
>> >> >> # %f - filename (maildir only)
>> >> >> #
>> >> >> # If you want UIDL compatibility with other POP3 servers, use:
>> >> >> # UW's ipop3d : %08Xv%08Xu
>> >> >> # Courier version 0 : %f
>> >> >> # Courier version 1 : %u
>> >> >> # Courier version 2 : %v-%u
>> >> >> # Cyrus (<= 2.1.3) : %u
>> >> >> # Cyrus (>= 2.1.4) : %v.%u
>> >> >> # Older Dovecots : %v.%u
>> >> >> # tpop3d : %Mf
>> >> >> #
>> >> >> # Note that Outlook 2003 seems to have problems with %v.%u format
>> >> >> which
>> >> >> was
>> >> >> # Dovecot's default, so if you're building a new server it would be
>> >> >> a
>> >> >> good
>> >> >> # idea to change this. %08Xu%08Xv should be pretty fail-safe.
>> >> >> #
>> >> >> # NOTE: Nowadays this is required to be set explicitly, since the
>> >> >> old
>> >> >> # default was bad but it couldn't be changed without breaking
>> >> >> existing
>> >> >> # installations. %08Xu%08Xv will be the new default, so use it for
>> >> >> new
>> >> >> # installations.
>> >> >> #
>> >> >> pop3_uidl_format = %08Xu%08Xv
>> >> >> # POP3 logout format string:
>> >> >> # %t - number of TOP commands
>> >> >> # %p - number of bytes sent to client as a result of TOP command
>> >> >> # %r - number of RETR commands
>> >> >> # %b - number of bytes sent to client as a result of RETR command
>> >> >> # %d - number of deleted messages
>> >> >> # %m - number of messages (before deletion)
>> >> >> # %s - mailbox size in bytes (before deletion)
>> >> >> #pop3_logout_format = top=%t/%p, retr=%r/%b, del=%d/%m, size=%s
>> >> >> # Support for dynamically loadable plugins. mail_plugins is a space
>> >> >> separated
>> >> >> # list of plugins to load.
>> >> >> #mail_plugins =
>> >> >> #mail_plugin_dir = /usr/lib/dovecot/modules/pop3
>> >> >> # Workarounds for various client bugs:
>> >> >> # outlook-no-nuls:
>> >> >> # Outlook and Outlook Express hang if mails contain NUL characters.
>> >> >> # This setting replaces them with 0x80 character.
>> >> >> # oe-ns-eoh:
>> >> >> # Outlook Express and Netscape Mail breaks if end of headers-line is
>> >> >> # missing. This option simply sends it if it's missing.
>> >> >> # The list is space-separated.
>> >> >> #pop3_client_workarounds =
>> >> >> }
>> >> >> protocol managesieve {
>> >> >> # Login executable location.
>> >> >> #login_executable = /usr/libexec/dovecot/managesieve-login
>> >> >> # MANAGESIEVE executable location. See IMAP's mail_executable above
>> >> >> for
>> >> >> # examples how this could be changed.
>> >> >> #mail_executable = /usr/libexec/dovecot/managesieve
>> >> >> # Maximum MANAGESIEVE command line length in bytes. This setting is
>> >> >> # directly borrowed from IMAP. But, since long command lines are
>> >> >> very
>> >> >> # unlikely with MANAGESIEVE, changing this will not be very useful.
>> >> >> #managesieve_max_line_length = 65536
>> >> >> # Specifies the location of the symlink pointing to the active
>> >> >> script
>> >> >> in
>> >> >> # the sieve storage directory. This must match the SIEVE setting
>> >> >> used
>> >> >> by
>> >> >> # deliver (refer to http://wiki.dovecot.org/LDA/Sieve#location for
>> >> >> more
>> >> >> # info). Variable substitution with % is recognized.
>> >> >> sieve=~/.dovecot.sieve
>> >> >> # This specifies the path to the directory where the uploaded
>> >> >> scripts
>> >> >> must
>> >> >> # be stored. In terms of '%' variable substitution it is identical
>> >> >> to
>> >> >> # dovecot's mail_location setting used by the mail protocol daemons.
>> >> >> sieve_storage=~/sieve
>> >> >> # If, for some inobvious reason, the sieve_storage remains unset,
>> >> >> the
>> >> >> # managesieve daemon uses the specification of the mail_location to
>> >> >> find
>> >> >> out
>> >> >> # where to store the sieve files (see explaination in
>> >> >> README.managesieve).
>> >> >> # The example below, when uncommented, overrides any global
>> >> >> mail_location
>> >> >> # specification and stores all the scripts in '~/mail/sieve' if
>> >> >> sieve_storage
>> >> >> # is unset. However, you should always use the sieve_storage
>> >> >> setting.
>> >> >> # mail_location = mbox:~/mail
>> >> >> # To fool managesieve clients that are focused on timesieved you can
>> >> >> # specify the IMPLEMENTATION capability that the dovecot reports to
>> >> >> clients
>> >> >> # (default: dovecot).
>> >> >> #managesieve_implementation_string = Cyrus timsieved v2.2.13
>> >> >> }
>> >> >> protocol lda {
>> >> >> # Address to use when sending rejection mails.
>> >> >> # postmaster_address = postmaster@example.com
>> >> >> # Hostname to use in various parts of sent mails, eg. in Message-Id.
>> >> >> # Default is the system's real hostname.
>> >> >> #hostname =
>> >> >> # Support for dynamically loadable plugins. mail_plugins is a space
>> >> >> separated
>> >> >> # list of plugins to load.
>> >> >> #mail_plugins =
>> >> >> #mail_plugin_dir = /usr/lib/dovecot/modules/lda
>> >> >> # Binary to use for sending mails.
>> >> >> #sendmail_path = /usr/lib/sendmail
>> >> >> # UNIX socket path to master authentication server to find users.
>> >> >> auth_socket_path = /var/run/dovecot/auth-master
>> >> >> # Enabling Sieve plugin for server-side mail filtering
>> >> >> mail_plugins = cmusieve
>> >> >> }
>> >> >> auth default {
>> >> >> # Space separated list of wanted authentication mechanisms:
>> >> >> # plain login digest-md5 cram-md5 ntlm rpa apop anonymous gssapi
>> >> >> # NOTE: See also disable_plaintext_auth setting.
>> >> >> mechanisms = plain login
>> >> >> #
>> >> >> # Password database is used to verify user's password (and nothing
>> >> >> more).
>> >> >> # You can have multiple passdbs and userdbs. This is useful if you
>> >> >> want
>> >> >> to
>> >> >> # allow both system users (/etc/passwd) and virtual users to login
>> >> >> without
>> >> >> # duplicating the system users into virtual database.
>> >> >> #
>> >> >> # <doc/wiki/PasswordDatabase.txt>
>> >> >> #
>> >> >> # By adding master=yes setting inside a passdb you make the passdb a
>> >> >> list
>> >> >> # of "master users", who can log in as anyone else. Unless you're
>> >> >> using
>> >> >> PAM,
>> >> >> # you probably still want the destination user to be looked up from
>> >> >> passdb
>> >> >> # that it really exists. This can be done by adding pass=yes setting
>> >> >> to
>> >> >> the
>> >> >> # master passdb. <doc/wiki/Authentication.MasterUsers.txt>
>> >> >> # Users can be temporarily disabled by adding a passdb with
>> >> >> deny=yes.
>> >> >> # If the user is found from that database, authentication will fail.
>> >> >> # The deny passdb should always be specified before others, so it
>> >> >> gets
>> >> >> # checked first. Here's an example:
>> >> >> #passdb passwd-file {
>> >> >> # File contains a list of usernames, one per line
>> >> >> #args = /etc/dovecot.deny
>> >> >> #deny = yes
>> >> >> #}
>> >> >> # PAM authentication. Preferred nowadays by most systems.
>> >> >> # Note that PAM can only be used to verify if user's password is
>> >> >> correct,
>> >> >> # so it can't be used as userdb. If you don't want to use a separate
>> >> >> user
>> >> >> # database (passwd usually), you can use static userdb.
>> >> >> # REMEMBER: You'll need /etc/pam.d/dovecot file created for PAM
>> >> >> # authentication to actually work.
>> >> >> <doc/wiki/PasswordDatabase.PAM.txt>
>> >> >> #passdb pam {
>> >> >> # [blocking=yes] [session=yes] [setcred=yes]
>> >> >> # [cache_key=<key>] [<service name>]
>> >> >> #
>> >> >> # By default a new process is forked from dovecot-auth for each PAM
>> >> >> lookup.
>> >> >> # Setting blocking=yes uses the alternative way: dovecot-auth worker
>> >> >> # processes do the PAM lookups.
>> >> >> #
>> >> >> # session=yes makes Dovecot open and immediately close PAM session.
>> >> >> Some
>> >> >> # PAM plugins need this to work, such as pam_mkhomedir.
>> >> >> #
>> >> >> # setcred=yes makes Dovecot establish PAM credentials if some PAM
>> >> >> plugins
>> >> >> # need that. They aren't ever deleted though, so this isn't enabled
>> >> >> by
>> >> >> # default.
>> >> >> #
>> >> >> # cache_key can be used to enable authentication caching for PAM
>> >> >> # (auth_cache_size also needs to be set). It isn't enabled by
>> >> >> default
>> >> >> # because PAM modules can do all kinds of checks besides checking
>> >> >> password,
>> >> >> # such as checking IP address. Dovecot can't know about these checks
>> >> >> # without some help. cache_key is simply a list of variables (see
>> >> >> # /usr/share/doc/dovecot-common/wiki/Variables.txt) which must match
>> >> >> for
>> >> >> # the cached data to be used. Here are some examples:
>> >> >> # %u - Username must match. Probably sufficient for most uses.
>> >> >> # %u%r - Username and remote IP address must match.
>> >> >> # %u%s - Username and service (ie. IMAP, POP3) must match.
>> >> >> #
>> >> >> # If service name is "*", it means the authenticating service name
>> >> >> # is used, eg. pop3 or imap (/etc/pam.d/pop3, /etc/pam.d/imap).
>> >> >> #
>> >> >> # Some examples:
>> >> >> # args = session=yes *
>> >> >> # args = cache_key=%u dovecot
>> >> >> #args = dovecot
>> >> >> #}
>> >> >> # System users (NSS, /etc/passwd, or similiar)
>> >> >> # In many systems nowadays this uses Name Service Switch, which is
>> >> >> # configured in /etc/nsswitch.conf.
>> >> >> <doc/wiki/AuthDatabase.Passwd.txt>
>> >> >> #passdb passwd {
>> >> >> # [blocking=yes] - See userdb passwd for explanation
>> >> >> #args =
>> >> >> #}
>> >> >> # Shadow passwords for system users (NSS, /etc/shadow or similiar).
>> >> >> # Deprecated by PAM nowadays.
>> >> >> # <doc/wiki/PasswordDatabase.Shadow.txt>
>> >> >> #passdb shadow {
>> >> >> # [blocking=yes] - See userdb passwd for explanation
>> >> >> #args =
>> >> >> #}
>> >> >> # PAM-like authentication for OpenBSD.
>> >> >> # <doc/wiki/PasswordDatabase.BSDAuth.txt>
>> >> >> #passdb bsdauth {
>> >> >> # [cache_key=<key>] - See cache_key in PAM for explanation.
>> >> >> #args =
>> >> >> #}
>> >> >> # passwd-like file with specified location
>> >> >> # <doc/wiki/AuthDatabase.PasswdFile.txt>
>> >> >> #passdb passwd-file {
>> >> >> # Path for passwd-file
>> >> >> #args =
>> >> >> #}
>> >> >> # checkpassword executable authentication
>> >> >> # NOTE: You will probably want to use "userdb prefetch" with this.
>> >> >> # <doc/wiki/PasswordDatabase.CheckPassword.txt>
>> >> >> #passdb checkpassword {
>> >> >> # Path for checkpassword binary
>> >> >> #args =
>> >> >> #}
>> >> >> # SQL database <doc/wiki/AuthDatabase.SQL.txt>
>> >> >> passdb sql {
>> >> >> # Path for SQL configuration file
>> >> >> args = /etc/dovecot/dovecot-sql.conf
>> >> >> }
>> >> >> # LDAP database <doc/wiki/AuthDatabase.LDAP.txt>
>> >> >> #passdb ldap {
>> >> >> # Path for LDAP configuration file
>> >> >> #args = /etc/dovecot/dovecot-ldap.conf
>> >> >> #}
>> >> >> # vpopmail authentication <doc/wiki/AuthDatabase.VPopMail.txt>
>> >> >> #passdb vpopmail {
>> >> >> # [cache_key=<key>] - See cache_key in PAM for explanation.
>> >> >> #args =
>> >> >> #}
>> >> >> #
>> >> >> # User database specifies where mails are located and what
>> >> >> user/group
>> >> >> IDs
>> >> >> # own them. For single-UID configuration use "static".
>> >> >> #
>> >> >> # <doc/wiki/UserDatabase.txt>
>> >> >> #
>> >> >> # System users (NSS, /etc/passwd, or similiar). In many systems
>> >> >> nowadays
>> >> >> this
>> >> >> # uses Name Service Switch, which is configured in
>> >> >> /etc/nsswitch.conf.
>> >> >> # <doc/wiki/AuthDatabase.Passwd.txt>
>> >> >> #userdb passwd {
>> >> >> # [blocking=yes] - By default the lookups are done in the main
>> >> >> dovecot-auth
>> >> >> # process. This setting causes the lookups to be done in auth worker
>> >> >> # proceses. Useful with remote NSS lookups that may block.
>> >> >> # NOTE: Be sure to use this setting with nss_ldap or users might get
>> >> >> # logged in as each others!
>> >> >> #args =
>> >> >> #}
>> >> >> # passwd-like file with specified location
>> >> >> # <doc/wiki/AuthDatabase.PasswdFile.txt>
>> >> >> #userdb passwd-file {
>> >> >> # Path for passwd-file
>> >> >> #args =
>> >> >> #}
>> >> >> # static settings generated from template
>> >> >> <doc/wiki/UserDatabase.Static.txt>
>> >> >> userdb static {
>> >> >> # Template for the fields. Can return anything a userdb could
>> >> >> normally
>> >> >> # return. For example:
>> >> >> #
>> >> >> # args = uid=500 gid=500 home=/var/mail/%u
>> >> >> #
>> >> >> # If you use deliver, it needs to look up users only from the
>> >> >> userdb.
>> >> >> This
>> >> >> # of course doesn't work with static because there is no list of
>> >> >> users.
>> >> >> # Normally static userdb handles this by doing a passdb lookup. This
>> >> >> works
>> >> >> # with most passdbs, with PAM being the most notable exception. If
>> >> >> you
>> >> >> do
>> >> >> # the user verification another way, you can add allow_all_users=yes
>> >> >> to
>> >> >> # the args in which case the passdb lookup is skipped.
>> >> >> #
>> >> >> args = uid=5000 gid=5000 home=/home/vmail/%d/%n allow_all_users=yes
>> >> >> }
>> >> >> # SQL database <doc/wiki/AuthDatabase.SQL.txt>
>> >> >> #userdb sql {
>> >> >> # Path for SQL configuration file
>> >> >> #args = /etc/dovecot/dovecot-sql.conf
>> >> >> #}
>> >> >> # LDAP database <doc/wiki/AuthDatabase.LDAP.txt>
>> >> >> #userdb ldap {
>> >> >> # Path for LDAP configuration file
>> >> >> #args = /etc/dovecot/dovecot-ldap.conf
>> >> >> #}
>> >> >> # vpopmail <doc/wiki/AuthDatabase.VPopMail.txt>
>> >> >> #userdb vpopmail {
>> >> >> #}
>> >> >> # "prefetch" user database means that the passdb already provided
>> >> >> the
>> >> >> # needed information and there's no need to do a separate userdb
>> >> >> lookup.
>> >> >> # This can be made to work with SQL and LDAP databases, see their
>> >> >> example
>> >> >> # configuration files for more information how to do it.
>> >> >> # <doc/wiki/UserDatabase.Prefetch.txt>
>> >> >> #userdb prefetch {
>> >> >> #}
>> >> >> # User to use for the process. This user needs access to only user
>> >> >> and
>> >> >> # password databases, nothing else. Only shadow and pam
>> >> >> authentication
>> >> >> # requires roots, so use something else if possible. Note that
>> >> >> passwd
>> >> >> # authentication with BSDs internally accesses shadow files, which
>> >> >> also
>> >> >> # requires roots. Note that this user is NOT used to access mails.
>> >> >> # That user is specified by userdb above.
>> >> >> user = root
>> >> >> # Directory where to chroot the process. Most authentication
>> >> >> backends
>> >> >> don't
>> >> >> # work if this is set, and there's no point chrooting if auth_user
>> >> >> is
>> >> >> root.
>> >> >> # Note that valid_chroot_dirs isn't needed to use this setting.
>> >> >> #chroot =
>> >> >> # Number of authentication processes to create
>> >> >> #count = 1
>> >> >> # Require a valid SSL client certificate or the authentication
>> >> >> fails.
>> >> >> #ssl_require_client_cert = no
>> >> >> # Take the username from client's SSL certificate, using
>> >> >> # X509_NAME_get_text_by_NID() which returns the subject's DN's
>> >> >> # CommonName.
>> >> >> #ssl_username_from_cert = no
>> >> >> # It's possible to export the authentication interface to other
>> >> >> programs:
>> >> >> socket listen {
>> >> >> master {
>> >> >> # Master socket provides access to userdb information. It's
>> >> >> typically
>> >> >> # used to give Dovecot's local delivery agent access to userdb so it
>> >> >> # can find mailbox locations.
>> >> >> path = /var/run/dovecot/auth-master
>> >> >> mode = 0600
>> >> >> # Default user/group is the one who started dovecot-auth (root)
>> >> >> user = vmail
>> >> >> #group =
>> >> >> }
>> >> >> client {
>> >> >> # The client socket is generally safe to export to everyone. Typical
>> >> >> use
>> >> >> # is to export it to your SMTP server so it can do SMTP AUTH lookups
>> >> >> # using it.
>> >> >> path = /var/spool/postfix/private/auth
>> >> >> mode = 0660
>> >> >> user = postfix
>> >> >> group = postfix
>> >> >> }
>> >> >> }
>> >> >> ## dovecot-lda specific settings
>> >> >> ##
>> >> >> # socket listen {
>> >> >> # master {
>> >> >> # path = /var/run/dovecot/auth-master
>> >> >> # mode = 0600
>> >> >> # user = mail # User running Dovecot LDA
>> >> >> # #group = mail # Or alternatively mode 0660 + LDA user in this
>> >> >> group
>> >> >> # }
>> >> >> # }
>> >> >> }
>> >> >> dict {
>> >> >> #quota = mysql:/etc/dovecot-dict-quota.conf
>> >> >> }
>> >> >> plugin {
>> >> >> # Here you can give some extra environment variables to mail
>> >> >> processes.
>> >> >> # This is mostly meant for passing parameters to plugins. %variable
>> >> >> # expansion is done for all values.
>> >> >> # Quota plugin. Multiple backends are supported:
>> >> >> # dirsize: Find and sum all the files found from mail directory.
>> >> >> # Extremely SLOW with Maildir. It'll eat your CPU and disk I/O.
>> >> >> # dict: Keep quota stored in dictionary (eg. SQL)
>> >> >> # maildir: Maildir++ quota
>> >> >> # fs: Read-only support for filesystem quota
>> >> >> #quota = maildir
>> >> >> # ACL plugin. vfile backend reads ACLs from "dovecot-acl" file from
>> >> >> maildir
>> >> >> # directory. You can also optionally give a global ACL directory
>> >> >> path
>> >> >> where
>> >> >> # ACLs are applied to all users' mailboxes. The global ACL directory
>> >> >> contains
>> >> >> # one file for each mailbox, eg. INBOX or sub.mailbox.
>> >> >> #acl = vfile:/etc/dovecot-acls
>> >> >> # Convert plugin. If set, specifies the source storage path which is
>> >> >> # converted to destination storage (mail_location) when the user
>> >> >> logs
>> >> >> in.
>> >> >> # The existing mail directory is renamed to <dir>-converted.
>> >> >> #convert_mail = mbox:%h/mail
>> >> >> # Skip mailboxes which we can't open successfully instead of
>> >> >> aborting.
>> >> >> #convert_skip_broken_mailboxes = no
>> >> >> # Trash plugin. When saving a message would make user go over quota,
>> >> >> this
>> >> >> # plugin automatically deletes the oldest mails from configured
>> >> >> mailboxes
>> >> >> # until the message can be saved within quota limits. The
>> >> >> configuration
>> >> >> file
>> >> >> # is a text file where each line is in format: <priority> <mailbox
>> >> >> name>
>> >> >> # Mails are first deleted in lowest -> highest priority number order
>> >> >> #trash = /etc/dovecot-trash.conf
>> >> >> # Lazy expunge plugin. Currently works only with maildirs. When a
>> >> >> user
>> >> >> # expunges mails, the mails are moved to a mailbox in another
>> >> >> namespace
>> >> >> # (1st). When a mailbox is deleted, the mailbox is moved to another
>> >> >> namespace
>> >> >> # (2nd) as well. Also if the deleted mailbox had any expunged
>> >> >> messages,
>> >> >> # they're moved to a 3rd namespace. The mails won't be counted in
>> >> >> quota,
>> >> >> # and they're not deleted automatically (use a cronjob or
>> >> >> something).
>> >> >> #lazy_expunge = .EXPUNGED/ .DELETED/ .DELETED/.EXPUNGED/
>> >> >> }
>> >> >>
>> >> >> Alterar o dovecot-sql.conf:
>> >> >>
>> >> >> driver = mysql
>> >> >> connect = host=localhost dbname=mail user=mailadmin password=<senha
>> >> >> do
>> >> >> mailadmin>
>> >> >> default_pass_scheme = CRYPT
>> >> >> password_query = SELECT password FROM users WHERE email = '%u'
>> >> >>
>> >> >>
>> >> >> No main.cf do Postfix:
>> >> >>
>> >> >> # =============== SASL ================
>> >> >> smtpd_sasl_auth_enable = yes
>> >> >> smtpd_sasl_type = dovecot
>> >> >> smtpd_sasl_path = private/auth
>> >> >> broken_sasl_auth_clients = yes
>> >> >> smtpd_sasl_security_options = noanonymous
>> >> >> smtpd_sasl_local_domain = $myhostname
>> >> >> smtpd_sasl_authenticated_header = yes
>> >> >> # ========================================
>> >> >>
>> >> >>
>> >> >> [ ]'s
>> >> >>
>> >> >> Júlio Henriqe
>> >> >>
>> >> >>
>> >> >>
>> >> >> 2010/1/14 Christiano Rogerio Liberato
>> >> >> <cristianoliberato@hotmail.com>:
>> >> >> > Julio,
>> >> >> >
>> >> >> > vc tem algum link ai para eu seguir como howto? Vc esta
>> >> >> > autenticando
>> >> >> > pop
>> >> >> > ou
>> >> >> > smtp?
>> >> >> > Porque de acordo com o apt-cache search no lenny
>> >> >> >
>> >> >> > debian:~# apt-cache search dovecot
>> >> >> > dovecot-common - secure mail server that supports mbox and maildir
>> >> >> > mailboxes
>> >> >> > dovecot-dev - header files for the dovecot mail server
>> >> >> > dovecot-imapd - secure IMAP server that supports mbox and maildir
>> >> >> > mailboxes
>> >> >> > dovecot-pop3d - secure POP3 server that supports mbox and maildir
>> >> >> > mailboxes
>> >> >> >
>> >> >> > o dovecot nao funciona com smtp.
>> >> >> >
>> >> >> > Att,
>> >> >> > Christiano Liberato.
>> >> >> >
>> >> >> >
>> >> >> >> Date: Thu, 14 Jan 2010 14:25:12 -0200
>> >> >> >> Subject: Re: Problema com postfix + mysql + sasl no debian Lenny
>> >> >> >> From: julioh1203@gmail.com
>> >> >> >> To: cristianoliberato@hotmail.com
>> >> >> >> CC: debian-user-portuguese@lists.debian.org
>> >> >> >>
>> >> >> >> Boa tarde,
>> >> >> >>
>> >> >> >> Veja uma solução com dovecot para autenticação eu tenho usado ela
>> >> >> >> e
>> >> >> >> resolveu as dificuldades que tinha com sasl.
>> >> >> >>
>> >> >> >> [ ]'s
>> >> >> >>
>> >> >> >> Júlio Henrique
>> >> >> >>
>> >> >> >>
>> >> >> >>
>> >> >> >> 2010/1/13 Christiano Rogerio Liberato
>> >> >> >> <cristianoliberato@hotmail.com>:
>> >> >> >> > Olá lista, estou com sérios problemas para fazer funcionar o
>> >> >> >> > postfix
>> >> >> >> > +
>> >> >> >> > mysql
>> >> >> >> > + sasl no lenny.
>> >> >> >> >
>> >> >> >> > Já tenho funcionando pop + imap + maildrop + mysql
>> >> >> >> > perfeitamente.
>> >> >> >> > Vou postar minhs confs para ajudar:
>> >> >> >> >
>> >> >> >> > /etc/pam.d/smtp
>> >> >> >> > auth required pam_mysql.so user=postfix passwd=nga
>> >> >> >> > host=localhost
>> >> >> >> > db=postfix
>> >> >> >> > table=mailbox usercolumn=username passwdcolumn=password crypt=1
>> >> >> >> > account required pam_mysql.so user=postfix passwd=nga
>> >> >> >> > host=localhost
>> >> >> >> > db=postfix table=mailbox usercolumn=username
>> >> >> >> > passwdcolumn=password
>> >> >> >> > crypt=1
>> >> >> >> >
>> >> >> >> > /etc/postfix/sasl/smtpd.conf
>> >> >> >> > mech_list: plain login
>> >> >> >> > allow_plaintext: true
>> >> >> >> > auxprop_plugin: mysql
>> >> >> >> > sql_hostnames: localhost
>> >> >> >> > sql_user: postfix
>> >> >> >> > sql_passwd: nga
>> >> >> >> > sql_database: postfix
>> >> >> >> > sql_select: select password from mailbox where username='%u@%r'
>> >> >> >> >
>> >> >> >> > cat /etc/group |grep sasl
>> >> >> >> > sasl:x:45:postfix
>> >> >> >> >
>> >> >> >> > /etc/default/saslauthd
>> >> >> >> > START=yes
>> >> >> >> > DESC="SASL Authentication Daemon"
>> >> >> >> > NAME="saslauthd"
>> >> >> >> > MECHANISMS="pam"
>> >> >> >> > MECH_OPTIONS=""
>> >> >> >> > THREADS=5
>> >> >> >> > OPTIONS="-c -m /var/run/saslauthd -r"
>> >> >> >> >
>> >> >> >> > debian:~# tail -f /var/log/auth.log (ao tentar enviar uma
>> >> >> >> > mensagem
>> >> >> >> > pelo
>> >> >> >> > outlook express)
>> >> >> >> > Jan 13 19:12:07 debian postfix/smtpd[8183]: sql auxprop plugin
>> >> >> >> > using
>> >> >> >> > mysql
>> >> >> >> > engine
>> >> >> >> >
>> >> >> >> > debian:~# tail -f /var/log/syslog
>> >> >> >> > Jan 13 19:13:03 debian postfix/smtpd[8183]: connect from
>> >> >> >> > unknown[192.168.1.100]
>> >> >> >> > Jan 13 19:13:03 debian postfix/smtpd[8183]: warning:
>> >> >> >> > unknown[192.168.1.100]:
>> >> >> >> > SASL LOGIN authentication failed: authentication failure
>> >> >> >> > Jan 13 19:13:03 debian postfix/smtpd[8183]: lost connection
>> >> >> >> > after
>> >> >> >> > AUTH
>> >> >> >> > from
>> >> >> >> > unknown[192.168.1.100]
>> >> >> >> > Jan 13 19:13:03 debian postfix/smtpd[8183]: disconnect from
>> >> >> >> > unknown[192.168.1.100]
>> >> >> >> >
>> >> >> >> > -------------------------------------
>> >> >> >> > Se no /etc/postfix/sasl/smtpd.conf troco a opção
>> >> >> >> > auxprop_plugin: mysql
>> >> >> >> > por
>> >> >> >> > auxprop_plugin: sql
>> >> >> >> >
>> >> >> >> > o auth.log fica assim:
>> >> >> >> > debian:~# tail -f /var/log/auth.log
>> >> >> >> > Jan 13 19:18:50 debian postfix/smtpd[8426]: sql auxprop plugin
>> >> >> >> > using
>> >> >> >> > mysql
>> >> >> >> > engine
>> >> >> >> > Jan 13 19:18:50 debian postfix/smtpd[8426]: sql plugin Parse
>> >> >> >> > the
>> >> >> >> > username
>> >> >> >> > christiano.liberato@dominio1.com.br
>> >> >> >> > Jan 13 19:18:50 debian postfix/smtpd[8426]: sql plugin try and
>> >> >> >> > connect
>> >> >> >> > to a
>> >> >> >> > host
>> >> >> >> > Jan 13 19:18:50 debian postfix/smtpd[8426]: sql plugin trying
>> >> >> >> > to
>> >> >> >> > open
>> >> >> >> > db
>> >> >> >> > 'postfix' on host 'localhost'
>> >> >> >> > Jan 13 19:18:50 debian postfix/smtpd[8426]: sql plugin Parse
>> >> >> >> > the
>> >> >> >> > username
>> >> >> >> > christiano.liberato@dominio1.com.br
>> >> >> >> > Jan 13 19:18:50 debian postfix/smtpd[8426]: sql plugin try and
>> >> >> >> > connect
>> >> >> >> > to a
>> >> >> >> > host
>> >> >> >> > Jan 13 19:18:50 debian postfix/smtpd[8426]: sql plugin trying
>> >> >> >> > to
>> >> >> >> > open
>> >> >> >> > db
>> >> >> >> > 'postfix' on host 'localhost'
>> >> >> >> > Jan 13 19:18:50 debian postfix/smtpd[8426]: sql plugin Parse
>> >> >> >> > the
>> >> >> >> > username
>> >> >> >> > christiano.liberato@dominio1.com.br
>> >> >> >> > Jan 13 19:18:50 debian postfix/smtpd[8426]: sql plugin try and
>> >> >> >> > connect
>> >> >> >> > to a
>> >> >> >> > host
>> >> >> >> > Jan 13 19:18:50 debian postfix/smtpd[8426]: sql plugin trying
>> >> >> >> > to
>> >> >> >> > open
>> >> >> >> > db
>> >> >> >> > 'postfix' on host 'localhost'
>> >> >> >> > Jan 13 19:18:50 debian postfix/smtpd[8426]: begin transaction
>> >> >> >> > Jan 13 19:18:50 debian postfix/smtpd[8426]: sql plugin create
>> >> >> >> > statement
>> >> >> >> > from
>> >> >> >> > userPassword christiano.liberato dominio1.com.br
>> >> >> >> > Jan 13 19:18:50 debian postfix/smtpd[8426]: sql plugin doing
>> >> >> >> > query
>> >> >> >> > select
>> >> >> >> > password from mailbox where
>> >> >> >> > username='christiano.liberato@dominio1.com.br';
>> >> >> >> > Jan 13 19:18:50 debian postfix/smtpd[8426]: sql plugin create
>> >> >> >> > statement
>> >> >> >> > from
>> >> >> >> > cmusaslsecretPLAIN christiano.liberato dominio1.com.br
>> >> >> >> > Jan 13 19:18:50 debian postfix/smtpd[8426]: sql plugin doing
>> >> >> >> > query
>> >> >> >> > select
>> >> >> >> > password from mailbox where
>> >> >> >> > username='christiano.liberato@dominio1.com.br';
>> >> >> >> > Jan 13 19:18:50 debian postfix/smtpd[8426]: commit transaction
>> >> >> >> > Jan 13 19:18:50 debian postfix/smtpd[8426]: sql plugin Parse
>> >> >> >> > the
>> >> >> >> > username
>> >> >> >> > christiano.liberato@dominio1.com.br
>> >> >> >> > Jan 13 19:18:50 debian postfix/smtpd[8426]: sql plugin try and
>> >> >> >> > connect
>> >> >> >> > to a
>> >> >> >> > host
>> >> >> >> > Jan 13 19:18:50 debian postfix/smtpd[8426]: sql plugin trying
>> >> >> >> > to
>> >> >> >> > open
>> >> >> >> > db
>> >> >> >> > 'postfix' on host 'localhost'
>> >> >> >> >
>> >> >> >> > e o syslog continua igual acima.
>> >> >> >> >
>> >> >> >> > O que quero dizer é o seguinte: o sasl não consegue falar com o
>> >> >> >> > mysql
>> >> >> >> > para
>> >> >> >> > autenticar e assim meu outlook express fica sempre pedindo user
>> >> >> >> > e
>> >> >> >> > senha.
>> >> >> >> > Não seria um bug?
>> >> >> >> >
>> >> >> >> > Tudo de sasl instalado na minha maquina:
>> >> >> >> > debian:~# dpkg -l |grep -i sasl
>> >> >> >> > ri libsasl2-2
>> >> >> >> > 2.1.22.dfsg1-23+lenny1
>> >> >> >> > Cyrus SASL - authentication abstraction library
>> >> >> >> > ii libsasl2-dev
>> >> >> >> > 2.1.22.dfsg1-23+lenny1
>> >> >> >> > Cyrus
>> >> >> >> > SASL - development files for authentication abstraction
>> >> >> >> > ii libsasl2-modules
>> >> >> >> > 2.1.22.dfsg1-23+lenny1
>> >> >> >> > Cyrus
>> >> >> >> > SASL - pluggable authentication modules
>> >> >> >> > ii libsasl2-modules-gssapi-heimdal 2.1.22.dfsg1-23+lenny1
>> >> >> >> > Pluggable
>> >> >> >> > Authentication Modules for SASL (GSSAPI)
>> >> >> >> > ii libsasl2-modules-sql
>> >> >> >> > 2.1.22.dfsg1-23+lenny1
>> >> >> >> > Cyrus
>> >> >> >> > SASL - pluggable authentication modules (SQL)
>> >> >> >> > ii sasl2-bin
>> >> >> >> > 2.1.22.dfsg1-23+lenny1
>> >> >> >> > Cyrus SASL - administration programs for SASL users database
>> >> >> >> >
>> >> >> >> > Agradeço pelos esclarecimentos.
>> >> >> >> >
>> >> >> >> > Att,
>> >> >> >> > Christiano Liberato.
>> >> >> >> >
>> >> >> >> > ________________________________
>> >> >> >> > Quer 25 GB de armazenamento gratuito na web? Conheça o Skydrive
>> >> >> >> > clicando
>> >> >> >> > aqui.
>> >> >> >>
>> >> >> >>
>> >> >> >> --
>> >> >> >> To UNSUBSCRIBE, email to
>> >> >> >> debian-user-portuguese-REQUEST@lists.debian.org
>> >> >> >> with a subject of "unsubscribe". Trouble? Contact
>> >> >> >> listmaster@lists.debian.org
>> >> >> >>
>> >> >> >
>> >> >> > ________________________________
>> >> >> > Quer 25 GB de armazenamento gratuito na web? Conheça o Skydrive
>> >> >> > clicando
>> >> >> > aqui.
>> >> >
>> >> > ________________________________
>> >> > Quer fazer um álbum íncrivel? Conheça o Windows Live Fotos clicando
>> >> > aqui.
>> >
>> > ________________________________
>> > O Pedro tem 25 Gb grátis de armazenamento na web. Quer também? Clique
>> > aqui.
>
> ________________________________
> Quer 25 GB de armazenamento gratuito na web? Conheça o Skydrive clicando
> aqui.
Reply to: