From Notes Wiki
Jump to: navigation, search
Home > CentOS > CentOS 6.x > Postfix server configuration > Postfix SMTP authentication using dovecot

Postfix SMTP authentication using dovecot

Postfix SMTP authentication can work using both dovecot and cyrus. To use dovecot for SMTP authentication use following steps:

  1. In /etc/dovecot/conf.d/10-master.conf as part of "service auth" there should be a unix_listener at /var/spool/postfix/private/auth using following configuration:
    service auth {
    unix_listener auth-userdb {
    # Postfix smtp-auth
    unix_listener /var/spool/postfix/private/auth {
    mode = 0660
    user = postfix
    group = postfix
  2. In /etc/dovecot/conf.d/10-auth.conf set auth_mechanisms to both plain and login using:
    auth_mechanisms = plain login
  3. service dovecot restart
  4. Configure postfix to use socket created by dovecot for authentication using following lines appended in /etc/postfix/ file:
    #Indicates use dovecot auth
    smtpd_sasl_type = dovecot
    #Specified location of authentication socket supplied by dovecot
    #wrt /var/spool/postfix
    smtpd_sasl_path = private/auth
    #Enable SASL authentication
    smtpd_sasl_auth_enable = yes
    #Also advertize "AUTH PLAIN=" along with "AUTH PLAIN " to support broken clients esp outlook
    broken_sasl_auth_clients = yes
    #Do not allow anonymous access for SASL. Very important
    #If SSL or TLS is configured then perhaps noplaintext over
    #non-encryption channel can also be configured
    smtpd_sasl_security_options = noanonymous
    #smtpd_sasl_security_options = noanonymous, noplaintext
    #Do not allow anonymous access for SASL over TLS/SSL. Here
    #plaintext auth should not be a problem
    smtpd_sasl_tls_security_options = noanonymous
    #Allow relay for anybody sending to mydomain and allow relay from trusted networks.
    #Further allow relay to any destination from anywhere for authenticated clients
    smtpd_relay_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination
    #Append username of user who authentication in email headers
    smtpd_sasl_authenticated_header = yes
  5. service postfix restart
  6. Test authentication using
    1. telnet <mail-server> 25
    2. EHLO test
    3. AUTH PLAIN <auth-string>
      where auth-string can be obtained using "echo -ne '\000username\000password' | openssl base64" by replacing username and password appropriately

Steps learned from

Troubleshooting Relay access denied after successful authentication

If "Relay access is denied" even after successful authentication then try appending this to /etc/postfix/

smtpd_recipient_restrictions =

and do "service postfix restart"

Steps learned from

Home > CentOS > CentOS 6.x > Postfix server configuration > Postfix SMTP authentication using dovecot