No SMTP with postfix/dovecot on Rocky 9.2

Hello. My IMAPS works fine, but I have no SMTP submission port recognized at all in more than one client. There seems to be a PAM error. I am using a regular system account. Any help is appreciated.


❯ sudo cat /etc/pam.d/dovecot

   auth       required
   auth       include      password-auth
   account    include      password-auth
   session    include      password-auth

❯ sudo postconf -n
alias_database = hash:/etc/aliases
alias_maps = hash:/etc/aliases
command_directory = /usr/sbin
compatibility_level = 2
daemon_directory = /usr/libexec/postfix
data_directory = /var/lib/postfix
debug_peer_level = 2
debugger_command = PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin ddd $daemon_directory/$process_name $process_id & sleep 5
disable_vrfy_command = yes
header_checks = regexp:/etc/postfix/header_checks
html_directory = no
inet_interfaces = $myhostname, localhost
inet_protocols = all
mail_owner = postfix
mail_spool_directory = /var/spool/mail
mailq_path = /usr/bin/mailq.postfix
manpage_directory = /usr/share/man
meta_directory = /etc/postfix
mydestination = $myhostname, localhost.$mydomain, localhost, mail.$myhostname
mydomain =
myhostname =
mynetworks = [::1]/128
myorigin = $myhostname
newaliases_path = /usr/bin/newaliases.postfix
queue_directory = /var/spool/postfix
readme_directory = /usr/share/doc/postfix/README_FILES
sample_directory = /usr/share/doc/postfix/samples
sendmail_path = /usr/sbin/sendmail.postfix
setgid_group = postdrop
shlib_directory = /usr/lib64/postfix
smtp_tls_CAfile = /etc/pki/ca-trust/extracted/pem/email-ca-bundle.pem
smtp_tls_CApath = /etc/pki/ca-trust/extracted/pem/
smtp_tls_cert_file = /etc/letsencrypt/live/
smtpd_banner = $myhostname ESMTP $mail_name
smtpd_helo_required = yes
smtpd_sasl_auth_enable = yes
smtpd_sasl_local_domain =
smtpd_sasl_path = private/auth
smtpd_sasl_type = dovecot
smtpd_tls_CAfile = /etc/pki/ca-trust/extracted/pem/email-ca-bundle.pem
smtpd_tls_CApath = /etc/pki/ca-trust
smtpd_tls_cert_file = /etc/letsencrypt/live/
smtpd_tls_chain_files = /etc/letsencrypt/live/
smtpd_tls_key_file = /etc/letsencrypt/live/
smtpd_tls_security_level = encrypt
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
smtpd_tls_wrappermode = yes
smtpd_use_tls = yes
unknown_local_recipient_reject_code = 550

❯ sudo doveconf -n
# 2.3.16 (7e2e900c1a): /etc/dovecot/dovecot.conf
# OS: Linux 5.14.0-284.11.1.el9_2.x86_64 x86_64 Rocky Linux release 9.2 (Blue Onyx)
# Hostname:
auth_mechanisms = plain login
base_dir = /var/run/dovecot/
disable_plaintext_auth = no
first_valid_uid = 1000
mail_location = mbox:~/mail:INBOX=/var/spool/mail/%u
mbox_write_locks = fcntl
namespace inbox {
  hidden = no
  inbox = yes
  list = yes
  location =
  mailbox Drafts {
    special_use = \Drafts
  mailbox Junk {
    special_use = \Junk
  mailbox Sent {
    special_use = \Sent
  mailbox "Sent Messages" {
    special_use = \Sent
  mailbox Trash {
    special_use = \Trash
  prefix =
  separator = /
  type = private
passdb {
  args = failure_show_msg=yes dovecot
  driver = pam
protocols = imap pop3
service auth {
  unix_listener /var/spool/postfix/private/auth {
    group = postfix
    mode = 0660
    user = postfix
service imap-login {
  inet_listener imap {
    port = 0
  inet_listener imaps {
    port = 993
    ssl = yes
service lmtp {
  unix_listener lmtp {
    mode = 0666
service pop3-login {
  inet_listener pop3 {
    port = 110
  inet_listener pop3s {
    port = 995
    ssl = yes
ssl_ca = /etc/pki/dovecot/certs/ca.pem
ssl_cert = </etc/letsencrypt/live/
ssl_cipher_list = PROFILE=SYSTEM
ssl_client_ca_dir = /etc/pki/tls
ssl_key = # hidden, use -P to show it
ssl_verify_client_cert = yes
submission_client_workarounds = whitespace-before-path
userdb {
  driver = passwd

It will probably be useful if you shared the error you are getting. I’m running Postifx and Dovecot on my vps which is running Rocky 9.2 with with a virtual domain setup and have the transmission port enabled and I have no issues with it. Are you only have issues with the authentication part or is the nothing listening on the transmission port?

It was a generic pam authentication error. I switched to cyrus and saslauthdb which I like better than dovecot, and SASL is working and doesn’t seem to be the issue, I just can’t get SMTP to respond at all. I am not sure if cyrus needs my domain’s certificates as well or just postfix, but either way I can’t connect to 25, 587, etc. when they are listening. smtptest works locally.

It’s the oddest thing. Like the SMTP doesn’t exist when it’s right there. It happened with dovecot as well. While IMAP and SASL work fine. It’s a quite simple setup. I dropped it down to opportunistic TLS and I still can’t telnet to port 25.

I have never used Cyrus so I can’t comment on that. But as how dovecot works, you authenticate as a user defined in dovecot to the to be allowed to send mail using Postfix, so you would then be using Postfix’s certificate since dovecot is configured to be able to talk to postfix and Dovecot configured to talk to Postfix for sasl authentication. Keeping in mind it is possible to connect on different names on imap and smtp so it would be illogical if you had to use the same certificate on both and if that were the case it would be mentioned in the documentation.

What happens when you try connecting to 25 or 587 when not connecting to it locally but from remote, a time-out or something else?

I don’t know if it’s an internet facing mailserver or internal mailserver but “opportunistic” is still advised for an internet facing Postfix mailserver.

I feel like this must be a network or TLS problem since regardless of the backend I use I can’t find the SMTP server. Though if it were a certificate issue then you would think the IMAP would not work.

Ok, my apologies, my hosting company blocks SMTP and I have to contact them to get them open.Oops.

lol mate you should do yourself a favor and swap to a more reliable hosting company :slight_smile:

I think it’s for security reasons. Just means I have to use a nonstandard port until they open it for me.

I can see why the dovecot route is more popular than cyrus; I had to make my own systemd socket file just so cyrus could bind somewhere to get mail from postfix :slight_smile: still like it better than dovecot though, a lot more features.

This is your home ISP or a vps hosting company?