[opensuse] Setting up Posftix/Cyrus/imap on oS 11.2
Hi all, I'm in the process of setting up my new email server on oS 11.2. Clean default install. Basic setup is Postfix/Cyrus/Saslauth/Pam I followed my previous setup closely, but setting up Thunderbird for one user gives an error "You cannot log in to localhost because the server doesn't allow plain text authentication without STARTTLS or SSL/TLS. Try enabling connection security or secure authentication in the account settings. But I believe I have everything set up to allow plain text authentication. I would like to make sure all is working right before I set up the certs for SSL/TLS. Sure would appreciate any help on this. Below is what I've done and tested so far.......... Running telnet shows the following: user@linux-8hun:~> telnet localhost 25 Trying ::1... Connected to localhost. Escape character is '^]'. 220 jimmee.local ESMTP Postfix ehlo clientname 250-jimmee.local 250-PIPELINING 250-SIZE 10240000 250-VRFY 250-ETRN 250-AUTH LOGIN PLAIN 250-ENHANCEDSTATUSCODES 250-8BITMIME 250 DSN Note the above includes AUTH LOGIN PLAIN, but not AUTH=LOGIN PLAIN. Not sure how or where to adjust this, if it is pertinent. I'm just trying to auth with local users, using one domain. Running testsaslauuthd reports success for both smtp and imap: user@linux-8hun:~> testsaslauthd -u user -p password -s smtp 0: OK "Success." user@linux-8hun:~> testsaslauthd -u user -p password -s imap 0: OK "Success." Other settings I checked and set as follows: /etc/sysconfig/saslauthd: SASLAUTHD_AUTHMECH=pam /etc/sasl2/smtpd.conf: pwcheck_method: saslauthd mech_list: plain login /etc/cyrus.conf: imap cmd="imapd" listen="imap" prefork=0 imaps cmd="imapd -s" listen="imaps" prefork=0 pop3 cmd="pop3d" listen="pop3" prefork=0 pop3s cmd="pop3d -s" listen="pop3s" prefork=0 sieve cmd="timsieved" listen="sieve" prefork=0 /etc/imapd.conf: configdirectory: /var/lib/imap partition-default: /var/spool/imap sievedir: /var/lib/sieve admins: cyrus allowanonymouslogin: no autocreatequota: 10000 reject8bit: no quotawarn: 90 timeout: 30 poptimeout: 10 dracinterval: 0 drachost: localhost sasl_pwcheck_method: saslauthd sasl_mech_list: plain login lmtp_overquota_perm_failure: no lmtp_downcase_rcpt: yes And last but not least, postconf -n : alias_maps = hash:/etc/aliases biff = no canonical_maps = hash:/etc/postfix/canonical command_directory = /usr/sbin config_directory = /etc/postfix content_filter = daemon_directory = /usr/lib/postfix data_directory = /var/lib/postfix debug_peer_level = 2 defer_transports = delay_warning_time = 1h disable_dns_lookups = no disable_mime_output_conversion = no home_mailbox = Maildir/ html_directory = /usr/share/doc/packages/postfix-doc/html inet_interfaces = all inet_protocols = all mail_owner = postfix mail_spool_directory = /var/mail mailbox_command = mailbox_size_limit = 0 mailbox_transport = lmtp:unix:/var/lib/imap/socket/lmtp mailq_path = /usr/bin/mailq manpage_directory = /usr/share/man masquerade_classes = envelope_sender, header_sender, header_recipient masquerade_domains = jjfiii.com masquerade_exceptions = root message_size_limit = 10240000 message_strip_characters = \0 mydestination = $myhostname,localhost.$mydomain,$mydomain myhostname = jimmee.local mynetworks_style = subnet newaliases_path = /usr/bin/newaliases queue_directory = /var/spool/postfix readme_directory = /usr/share/doc/packages/postfix-doc/README_FILES relay_domains = $mydestination, hash:/etc/postfix/relay relayhost = relocated_maps = hash:/etc/postfix/relocated sample_directory = /usr/share/doc/packages/postfix-doc/samples sender_canonical_maps = hash:/etc/postfix/sender_canonical sendmail_path = /usr/sbin/sendmail setgid_group = maildrop smtp_sasl_auth_enable = yes smtp_use_tls = no smtpd_client_restrictions = smtpd_helo_required = no smtpd_helo_restrictions = smtpd_recipient_restrictions = permit_sasl_authenticated, permit_mynetworks, reject_unauth_destination smtpd_sasl_auth_enable = yes smtpd_sasl_local_domain = smtpd_sasl_security_options = noanonymous smtpd_sender_restrictions = hash:/etc/postfix/access smtpd_use_tls = no strict_8bitmime = yes strict_rfc821_envelopes = no transport_maps = hash:/etc/postfix/transport unknown_local_recipient_reject_code = 550 virtual_alias_domains = hash:/etc/postfix/virtual virtual_alias_maps = hash:/etc/postfix/virtual -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
Jim Flanagan wrote:
Hi all,
I'm in the process of setting up my new email server on oS 11.2. Clean default install.
Basic setup is Postfix/Cyrus/Saslauth/Pam
I followed my previous setup closely, but setting up Thunderbird for one user gives an error "You cannot log in to localhost because the server doesn't allow plain text authentication without STARTTLS or SSL/TLS. Try enabling connection security or secure authentication in the account settings.
But I believe I have everything set up to allow plain text authentication. I would like to make sure all is working right before I set up the certs for SSL/TLS.
Sure would appreciate any help on this. Below is what I've done and tested so far..........
Greetings all. This post took a REALLY long time to get posted to the list, and in the meantime I resolved it. Apparently now in cyrus imap you have to explicitly allow plain text. Found the issue in the Docs. I do have a few more questions about my postfix server, but will start a new thread on those. Thanks, Jim -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
On Sat, 2009-11-21 at 19:37 -0600, Jim Flanagan wrote:
Hi all, I'm in the process of setting up my new email server on oS 11.2. Clean default install. Basic setup is Postfix/Cyrus/Saslauth/Pam
Excellent choice. Cyrus IMAPd, accept no substitutes.
I followed my previous setup closely, but setting up Thunderbird for one user gives an error "You cannot log in to localhost because the server doesn't allow plain text authentication without STARTTLS or SSL/TLS. Try
Is this error for sending or receiving (SMTP or IMAP)?
enabling connection security or secure authentication in the account settings. But I believe I have everything set up to allow plain text authentication. I would like to make sure all is working right before I set up the certs for SSL/TLS. Sure would appreciate any help on this. Below is what I've done and tested so far.......... Running telnet shows the following: user@linux-8hun:~> telnet localhost 25 Trying ::1... Connected to localhost. Escape character is '^]'. 220 jimmee.local ESMTP Postfix ehlo clientname 250-jimmee.local 250-PIPELINING 250-SIZE 10240000 250-VRFY 250-ETRN 250-AUTH LOGIN PLAIN 250-ENHANCEDSTATUSCODES 250-8BITMIME 250 DSN Note the above includes AUTH LOGIN PLAIN, but not AUTH=LOGIN PLAIN. Not sure how or where to adjust this, if it is pertinent.
Looks OK.
I'm just trying to auth with local users, using one domain. Running testsaslauuthd reports success for both smtp and imap: user@linux-8hun:~> testsaslauthd -u user -p password -s smtp 0: OK "Success." user@linux-8hun:~> testsaslauthd -u user -p password -s imap 0: OK "Success."
Excellent, always a good thing to check.
/etc/imapd.conf: configdirectory: /var/lib/imap partition-default: /var/spool/imap ... think you should have .. allowplaintext: 1 ... as that defaults to 0 (false)
sievedir: /var/lib/sieve admins: cyrus allowanonymouslogin: no autocreatequota: 10000 reject8bit: no quotawarn: 90 timeout: 30 poptimeout: 10 dracinterval: 0 drachost: localhost sasl_pwcheck_method: saslauthd sasl_mech_list: plain login lmtp_overquota_perm_failure: no lmtp_downcase_rcpt: yes
And last but not least, postconf -n : alias_maps = hash:/etc/aliases biff = no ... smtp_sasl_auth_enable = yes smtp_use_tls = no smtpd_client_restrictions = smtpd_helo_required = no smtpd_helo_restrictions = smtpd_recipient_restrictions = permit_sasl_authenticated, permit_mynetworks, reject_unauth_destination smtpd_sasl_auth_enable = yes smtpd_sasl_local_domain = smtpd_sasl_security_options = noanonymous smtpd_sender_restrictions = hash:/etc/postfix/access smtpd_use_tls = no
At a glance this looks OK. -- OpenGroupware developer: awilliam@whitemice.org <http://whitemiceconsulting.blogspot.com/> OpenGroupare & Cyrus IMAPd documenation @ <http://docs.opengroupware.org/Members/whitemice/wmogag/file_view> -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
Am Sonntag 22 November 2009 02:37:15 schrieb Jim Flanagan:
Hi all,
I'm in the process of setting up my new email server on oS 11.2. Clean default install.
Basic setup is Postfix/Cyrus/Saslauth/Pam
I followed my previous setup closely, but setting up Thunderbird for one user gives an error "You cannot log in to localhost because the server doesn't allow plain text authentication without STARTTLS or SSL/TLS. Try enabling connection security or secure authentication in the account settings.
But I believe I have everything set up to allow plain text authentication. I would like to make sure all is working right before I set up the certs for SSL/TLS. You didn't mention when you get the error (while trying to access the IMAP Server? Or while trying to send mail) and from which of the daemons it came. Assuming that it came from cyrus-imapd it might be because cyrus-imapd by default does not allow plain text authentication on uncrypted channels (i.e. without TLS/SSL encryption in place). If you really want to override that (which is generally a bad idea IMO) you need to add "allowplaintext: 1" to your imapd.conf. (And restart cyrus of course)
Sure would appreciate any help on this. Below is what I've done and tested so far.......... [..]
/etc/imapd.conf: configdirectory: /var/lib/imap partition-default: /var/spool/imap sievedir: /var/lib/sieve admins: cyrus allowanonymouslogin: no autocreatequota: 10000 reject8bit: no quotawarn: 90 timeout: 30 poptimeout: 10 dracinterval: 0 drachost: localhost sasl_pwcheck_method: saslauthd sasl_mech_list: plain login lmtp_overquota_perm_failure: no lmtp_downcase_rcpt: yes
[..] -- Ralf -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
Ralf Haferkamp wrote:
Am Sonntag 22 November 2009 02:37:15 schrieb Jim Flanagan:
Hi all,
I'm in the process of setting up my new email server on oS 11.2. Clean default install.
Basic setup is Postfix/Cyrus/Saslauth/Pam
I followed my previous setup closely, but setting up Thunderbird for one user gives an error "You cannot log in to localhost because the server doesn't allow plain text authentication without STARTTLS or SSL/TLS. Try enabling connection security or secure authentication in the account settings.
But I believe I have everything set up to allow plain text authentication. I would like to make sure all is working right before I set up the certs for SSL/TLS.
You didn't mention when you get the error (while trying to access the IMAP Server? Or while trying to send mail) and from which of the daemons it came. Assuming that it came from cyrus-imapd it might be because cyrus-imapd by default does not allow plain text authentication on uncrypted channels (i.e. without TLS/SSL encryption in place). If you really want to override that (which is generally a bad idea IMO) you need to add "allowplaintext: 1" to your imapd.conf. (And restart cyrus of course)
That's what I did, "allowplaintext: 1". That resolved that issue. Now I'm working on my certs. Many thanks Jim -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
participants (3)
-
Adam Tauno Williams -
Jim Flanagan -
Ralf Haferkamp