No SMTP with postfix/dovecot on Rocky 9.2

theorionarm · May 26, 2023, 10:30am

Hello. My IMAPS works fine, but I have no SMTP submission port recognized at all in more than one client. There seems to be a PAM error. I am using a regular system account. Any help is appreciated.

Configuration


❯ sudo cat /etc/pam.d/dovecot

   #%PAM-1.0
   auth       required     pam_nologin.so
   auth       include      password-auth
   account    include      password-auth
   session    include      password-auth

❯ sudo postconf -n
alias_database = hash:/etc/aliases
alias_maps = hash:/etc/aliases
command_directory = /usr/sbin
compatibility_level = 2
daemon_directory = /usr/libexec/postfix
data_directory = /var/lib/postfix
debug_peer_level = 2
debugger_command = PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin ddd $daemon_directory/$process_name $process_id & sleep 5
disable_vrfy_command = yes
header_checks = regexp:/etc/postfix/header_checks
html_directory = no
inet_interfaces = $myhostname, localhost
inet_protocols = all
mail_owner = postfix
mail_spool_directory = /var/spool/mail
mailq_path = /usr/bin/mailq.postfix
manpage_directory = /usr/share/man
meta_directory = /etc/postfix
mydestination = $myhostname, localhost.$mydomain, localhost, mail.$myhostname
mydomain = theorionarm.net
myhostname = theorionarm.net
mynetworks = 127.0.0.0/8 [::1]/128
myorigin = $myhostname
newaliases_path = /usr/bin/newaliases.postfix
queue_directory = /var/spool/postfix
readme_directory = /usr/share/doc/postfix/README_FILES
sample_directory = /usr/share/doc/postfix/samples
sendmail_path = /usr/sbin/sendmail.postfix
setgid_group = postdrop
shlib_directory = /usr/lib64/postfix
smtp_tls_CAfile = /etc/pki/ca-trust/extracted/pem/email-ca-bundle.pem
smtp_tls_CApath = /etc/pki/ca-trust/extracted/pem/
smtp_tls_cert_file = /etc/letsencrypt/live/theorionarm.net/privkey.pem
smtpd_banner = $myhostname ESMTP $mail_name
smtpd_helo_required = yes
smtpd_sasl_auth_enable = yes
smtpd_sasl_local_domain = theorionarm.net
smtpd_sasl_path = private/auth
smtpd_sasl_type = dovecot
smtpd_tls_CAfile = /etc/pki/ca-trust/extracted/pem/email-ca-bundle.pem
smtpd_tls_CApath = /etc/pki/ca-trust
smtpd_tls_cert_file = /etc/letsencrypt/live/theorionarm.net/cert.pem
smtpd_tls_chain_files = /etc/letsencrypt/live/theorionarm.net/fullchain.pem
smtpd_tls_key_file = /etc/letsencrypt/live/theorionarm.net/privkey.pem
smtpd_tls_security_level = encrypt
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
smtpd_tls_wrappermode = yes
smtpd_use_tls = yes
unknown_local_recipient_reject_code = 550

❯ sudo doveconf -n
# 2.3.16 (7e2e900c1a): /etc/dovecot/dovecot.conf
# OS: Linux 5.14.0-284.11.1.el9_2.x86_64 x86_64 Rocky Linux release 9.2 (Blue Onyx)
# Hostname: theorionarm.net
auth_mechanisms = plain login
base_dir = /var/run/dovecot/
disable_plaintext_auth = no
first_valid_uid = 1000
mail_location = mbox:~/mail:INBOX=/var/spool/mail/%u
mbox_write_locks = fcntl
namespace inbox {
  hidden = no
  inbox = yes
  list = yes
  location =
  mailbox Drafts {
    special_use = \Drafts
  }
  mailbox Junk {
    special_use = \Junk
  }
  mailbox Sent {
    special_use = \Sent
  }
  mailbox "Sent Messages" {
    special_use = \Sent
  }
  mailbox Trash {
    special_use = \Trash
  }
  prefix =
  separator = /
  type = private
}
passdb {
  args = failure_show_msg=yes dovecot
  driver = pam
}
protocols = imap pop3
service auth {
  unix_listener /var/spool/postfix/private/auth {
    group = postfix
    mode = 0660
    user = postfix
  }
}
service imap-login {
  inet_listener imap {
    port = 0
  }
  inet_listener imaps {
    port = 993
    ssl = yes
  }
}
service lmtp {
  unix_listener lmtp {
    mode = 0666
  }
}
service pop3-login {
  inet_listener pop3 {
    port = 110
  }
  inet_listener pop3s {
    port = 995
    ssl = yes
  }
}
ssl_ca = /etc/pki/dovecot/certs/ca.pem
ssl_cert = </etc/letsencrypt/live/theorionarm.net/fullchain.pem
ssl_cipher_list = PROFILE=SYSTEM
ssl_client_ca_dir = /etc/pki/tls
ssl_key = # hidden, use -P to show it
ssl_verify_client_cert = yes
submission_client_workarounds = whitespace-before-path
userdb {
  driver = passwd
}

Cphusion · May 26, 2023, 8:20pm

It will probably be useful if you shared the error you are getting. I’m running Postifx and Dovecot on my vps which is running Rocky 9.2 with with a virtual domain setup and have the transmission port enabled and I have no issues with it. Are you only have issues with the authentication part or is the nothing listening on the transmission port?

theorionarm · May 28, 2023, 12:12am

It was a generic pam authentication error. I switched to cyrus and saslauthdb which I like better than dovecot, and SASL is working and doesn’t seem to be the issue, I just can’t get SMTP to respond at all. I am not sure if cyrus needs my domain’s certificates as well or just postfix, but either way I can’t connect to 25, 587, etc. when they are listening. smtptest works locally.

theorionarm · May 28, 2023, 1:39am

It’s the oddest thing. Like the SMTP doesn’t exist when it’s right there. It happened with dovecot as well. While IMAP and SASL work fine. It’s a quite simple setup. I dropped it down to opportunistic TLS and I still can’t telnet to port 25.

Cphusion · May 28, 2023, 8:55am

I have never used Cyrus so I can’t comment on that. But as how dovecot works, you authenticate as a user defined in dovecot to the to be allowed to send mail using Postfix, so you would then be using Postfix’s certificate since dovecot is configured to be able to talk to postfix and Dovecot configured to talk to Postfix for sasl authentication. Keeping in mind it is possible to connect on different names on imap and smtp so it would be illogical if you had to use the same certificate on both and if that were the case it would be mentioned in the documentation.

What happens when you try connecting to 25 or 587 when not connecting to it locally but from remote, a time-out or something else?

I don’t know if it’s an internet facing mailserver or internal mailserver but “opportunistic” is still advised for an internet facing Postfix mailserver.

theorionarm · May 28, 2023, 8:53pm

I feel like this must be a network or TLS problem since regardless of the backend I use I can’t find the SMTP server. Though if it were a certificate issue then you would think the IMAP would not work.

theorionarm · May 28, 2023, 9:53pm

Ok, my apologies, my hosting company blocks SMTP and I have to contact them to get them open.Oops.

smart · May 28, 2023, 10:40pm

lol mate you should do yourself a favor and swap to a more reliable hosting company

theorionarm · May 29, 2023, 2:15am

I think it’s for security reasons. Just means I have to use a nonstandard port until they open it for me.

theorionarm · May 29, 2023, 2:19am

I can see why the dovecot route is more popular than cyrus; I had to make my own systemd socket file just so cyrus could bind somewhere to get mail from postfix still like it better than dovecot though, a lot more features.

Cphusion · May 29, 2023, 7:12am

This is your home ISP or a vps hosting company?

Topic		Replies	Views
Dovecot authentication process broken, where is the misconfiguration? Rocky Linux General	10	2601	August 25, 2023
Dovecot/postfix mkhomedir issue Rocky Linux General	2	789	August 25, 2023
Where the mail in rocky 9.3 Rocky Linux General rocky-linux-9	6	584	February 13, 2024
Dovecot - 10-ssl.conf - Letsencrypt Certificates Rocky Linux General	1	241	August 25, 2023
Migrate Dovecot mailboxes from one server to another? Rocky Linux General	2	119	March 18, 2024

No SMTP with postfix/dovecot on Rocky 9.2

Related Topics