SASL-authentication
While using iDS 5.1 and a test user "uid=jdoe,ou=xxx,o=xxx" we've been getting same results over and over again: Authentication failed. Passwords are being set to CLEARTEXT, user being created using default user template so it contains the userpassword-attribute, and in the Java-code we've been using MD5 Digest authentication 'cause that's the method it supports. This is what is being done in the code:
1. Client connects server using ldapHost and ldapPort.
2. Hashtable "env" is being constructed.
3. Environment properties INITIAL_CONTEXT_FACTORY, PROVIDER_URL, SECURITY_PRINCIPAL and SECURITY_CREDENTIALS of context are being specified.
4. if ldapconnection.isauthenticated() is TRUE, print "success", else print "failed".
All environment properties are of course used via env.put(context.property_name, "value");
Is this it? What else should it do? All values match the ones being set in DS. Still authentication fails.
Some update, i got it working with SSL disabled.
Similar Messages
-
Cannot use SASL Authentication Through GSSAPI on DS 6.3
I try to kerberized DS 6.3. I do step by step instruction from "Sun Java System Directory Server Enterprise Edition 6.3" and it doesn't work.
When I try to configure the Directory Server to Enable GSSAPI I get an error:
modifying entry cn=SASL,cn=security,cn=config
ldap_modify: DSA is unwilling to perform
ldap_modify: additional info: Modification not allowed on attribute dsSaslPluginsPath
After all when I try to authenticate to the Directory Server i get response:
ldap_sasl_interactive_bind_s: Authentication method not supported
ldap_sasl_interactive_bind_s: additional info: sasl mechanism not supported
Logs file:
+[22/Sep/2008:10:28:11 +0200] conn=2 op=-1 msgId=-1 - fd=22 slot=22 LDAP connection from 10.3.233.4:33054 to 10.3.233.4+
+[22/Sep/2008:10:28:11 +0200] conn=2 op=0 msgId=1 - BIND dn="" method=sasl version=3 mech=GSSAPI+
+[22/Sep/2008:10:28:11 +0200] conn=2 op=0 msgId=1 - RESULT err=7 tag=97 nentries=0 etime=0, sasl mechanism not supported+
+[22/Sep/2008:10:28:11 +0200] conn=2 op=1 msgId=2 - UNBIND+
+[22/Sep/2008:10:28:11 +0200] conn=2 op=1 msgId=-1 - closing from 10.3.233.4:33054 - U1 - Connection closed by unbind client -+
+[22/Sep/2008:10:28:12 +0200] conn=2 op=-1 msgId=-1 - closed.+
system specyfication:
Solaris 10 x86 64-bit
DS 6.3 B2008.0311.0212 NATSee http://forums.sun.com/thread.jspa?forumID=761&threadID=5202246 for a description of the problem and a workaround.
If you have a Sun support contract, you can request an escalation of CR 6637404.
Also, note that it looks like part of the documentation went missing. In DS5.2 the docs included an additional step
Chapter 11 Implementing Security
Configuring Client Authentication
SASL Authentication Through GSSAPI (Solaris Only)
http://docs.sun.com/source/816-6698-10/ssl.html#18500
ldapmodify -D 'cn=directory manager'
dn: cn=SASL,cn=security,cn=config
changetype: modify
add: dsSaslPluginsEnable
dsSaslPluginsEnable: GSSAPI
replace: dsSaslPluginsPath
dsSaslPluginsPath: /usr/lib/mps/sasl2/libsasl.so
modifying entry cn=SASL,cn=security,cn=config
ldap_modify: DSA is unwilling to perform
ldap_modify: additional info: Adding attributes is not allowed
------------------------------------------------------------- -
SASL Authentication...again...
Last time i posted this question:
While using iDS 5.1 and a test user "uid=jdoe,ou=xxx,o=xxx" we've been getting same results over and over again: Authentication failed. Passwords are being set to CLEARTEXT, user being created using default user template so it contains the userpassword-attribute, and in the Java-code we've been using MD5 Digest authentication 'cause that's the method it supports. This is what is being done in the code:
1. Client connects server using ldapHost and ldapPort.
2. Hashtable "env" is being constructed.
3. Environment properties INITIAL_CONTEXT_FACTORY, PROVIDER_URL, SECURITY_PRINCIPAL and SECURITY_CREDENTIALS of context are being specified.
4. if ldapconnection.isauthenticated() is TRUE, print "success", else print "failed".
All environment properties are of course used via env.put(context.property_name, "value");
Is this it? What else should it do? All values match the ones being set in DS. Still authentication fails. "
We still have this problem but the thing that has come up is the supportedSASLMechanisms gives "no attributes" if asked with database name, but gives correct values when asked just with IP-address of server. To make long story short, this works:
Attributes attrs = ctx.getAttributes("ldap://<ip-address>"new String[]{"supportedSASLMechanisms"});
System.out.println(attrs);
This doesn't work:
Attributes attrs = ctx.getAttributes("ldap://<ip-address>/o=<organization>"new String[]{"supportedSASLMechanisms"});
System.out.println(attrs);
Is there a access control in NetscapeRoot that differs from our database controls that makes this happen?I think I have get little bit closer to get SASL authentication work, but now my program throws this kind of exception:
javax.naming.AuthenticationException: SASL authentication failed. Root exception is java.lang.NoSuchMethodError
at com.sun.jndi.ldap.sasl.LdapSasl.saslBind(LdapSasl.java:116)
at java.lang.reflect.Method.invoke(Native Method)
at com.sun.jndi.ldap.LdapClient.saslBind(LdapClient.java:369)
at com.sun.jndi.ldap.LdapClient.authenticate(LdapClient.java:185)
at com.sun.jndi.ldap.LdapCtx.connect(LdapCtx.java:2386)
at com.sun.jndi.ldap.LdapCtx.<init>(LdapCtx.java:239)
at com.sun.jndi.ldap.LdapCtxFactory.getInitialContext(LdapCtxFactory.java:74)
at javax.naming.spi.NamingManager.getInitialContext(NamingManager.java:660)
at javax.naming.InitialContext.getDefaultInitCtx(InitialContext.java:241)
at javax.naming.InitialContext.init(InitialContext.java:217)
at javax.naming.InitialContext.<init>(InitialContext.java:193)
at javax.naming.directory.InitialDirContext.<init>(InitialDirContext.java:78)
My code (I'm using jdk1.3.1):
import javax.naming.*;
import javax.naming.directory.*;
import java.util.Hashtable;
class DigestTesti {
public static void main(String[] args) {
Hashtable env = new Hashtable();
env.put(Context.INITIAL_CONTEXT_FACTORY, "com.sun.jndi.ldap.LdapCtxFactory");
env.put(Context.PROVIDER_URL, "ldap://000.000.000.000:000");
env.put(Context.SECURITY_AUTHENTICATION, "DIGEST-MD5");
env.put(Context.SECURITY_PRINCIPAL, "dn:uid=JDoe,ou=...,o=...,dc=..., dc=...");
env.put(Context.SECURITY_CREDENTIALS, "...");
env.put("java.naming.security.sasl.realm", "...");
try {
DirContext ctx = new InitialDirContext(env);
System.out.println(ctx);
} catch (NamingException e) {
e.printStackTrace();
What could been wrong with my code?
Regards,
Janne -
Jdk1.3 vs jdk1.4 and SASL authentication
I'm trying to get SASL authentication work with jdk1.3 and iPlanet Directory Server. Everytime I get same exception:
SASL authentication failed. Root exception is java.lang.NoSuchMethodError
When I try with jdk1.4 everything works fine. Now I'm just wondering that is there other things that I should take care when I try get authentication work with jdk1.3. I know that all the extension packages are integrated to the jdk1.4 and I have set same packages to the CLASSPATH when I'm trying to do same with jdk1.3, but same exception occurs than above.
Does anyone know what's the problem?
Thanks,
JanneHi ,
Jsse 1.0.3 (strictly this version only) is needed along with jdk1.3 for the SASL or SSL authentication to be done fine.
Hope this helps,
Regards,
Sathya -
Jdk1.3 vs jdk1.4 SASL authentication
I'm trying to get SASL authentication work with jdk1.3 and iPlanet Directory Server. Everytime I get same exception:
SASL authentication failed. Root exception is java.lang.NoSuchMethodError
When I try with jdk1.4 everything works fine. Now I'm just wondering that is there other things that I should take care when I try get authentication work with jdk1.3. I know that all the extension packages are integrated to the jdk1.4 and I have set same packages to the CLASSPATH when I'm trying to do same with jdk1.3, but same exception occurs than above.
Does anyone know what's the problem?
Thanks,
JanneHi ,
Jsse 1.0.3 (strictly this version only) is needed along with jdk1.3 for the SASL or SSL authentication to be done fine.
Hope this helps,
Regards,
Sathya -
Mail SASL authentication problem - solved
My outgoing mail stopped working. I had been relaying mail through my ISP's smtp server and at some point i started getting SASL authentication errors ("no worthy mechs found").
I searched and found a thread that contained a fix: http://discussions.apple.com/thread.jspa?threadID=2207959
The fix was rather mysterious (to me at least) in that it involved adding one line to my /etc/postcript/main.cf file. The line was: "smtpsasl_securityoptions =".
I was going to post a reply to the thread, but the thread is "archived".
Why do threads get archived? Too old?
Well, anyway, I don't like having to open a separate thread for this, but I hope this helps someone solve the same problem I was having.
Also, if anyone has any kind of real explanation for why this fix works and/or whether it is likely to survive future software changes made by apple (or has a better way to fix that will), I would love to hear about it.
Thanks.Try installing ldap1.2.4 and putting ldap.jar and providerutil.jar in your bootclasspath.
-
I am developing support for the DIGEST-MD5 sasl mechnism on a c-ldap client. I am using the evaluation version of the iPlanet Directory Server 5.0 which lists DIGEST-MD5 as a supported SASL mechanism. The server is running on NT 4.0 After installing the Directory Server with the test database, a changed the passwordStorageScheme from the default of SSHA to clear text. I then added my test user. When I run my test I always get back a resultCode of 49 (invalidCredentials). The digest-challenge I receive from the server and my digest-response are shown below. I have satisfied myself that the calculation of the response directive in the digest response is correct. Does anyone see any problems in the digest response or have any other suggestions? Is there a known problem with the iPlanet Directory Server 5.0?
digest-challenge:
realm="BGB2.ndp.provo.novell.com",nonce="Ed8UPLXsWaC6CN",qop="auth",algorithm=md5-sess,charset=utf-8
digest-response:
username="uid=bgbrown,ou=people,dc=siroe,dc=com",realm="BGB2.ndp.provo.novell.com",cnonce="A9IuPJKr30RiwL",nc=00000001,qop=auth,digest-uri="ldap/BGB2.ndp.provo.novell.com",response=97061205298e5ebaf206c8ac3598fdce,charset=utf-8,nonce="Ed8UPLXsWaC6CN"Found the answer. When the username is an LDAP DN it needs to be proceeded by "dn:".
example: username="dn:uid=bgbrown,ou=people,dc=siroe,dc=com"
The server also accepts a simple uid value.
example: username="bgbrown" -
I want to authenticate using GSS-API for SMTP.
Can anyone please guide me?
Is there any doc or sample code available?Wow, this is an obscure solution, but it works. According to this thread, the problem is that:
Although Comcast advertises "AUTH LOGIN PLAIN", the Postfix SASL library won't do plain text auth by default. It needs to be told it's okay with:
smtp_sasl_security_options = noanonymous
Solution:
$ su -
$ cd /etc/postfix
$ cp main.cf main.cf.no_smtp_sasl_security_options
$ echo 'smtp_sasl_security_options = noanonymous' >> ./main.cf
$ serveradmin stop mail
$ serveradmin start mail
I'm not sure how often /etc/postfix/main.cf is overwritten, but presumably this happens every time you change and save Mail settings in Server Admin, so you must redo these steps every time you change the Mail server if you want to use smtp.comcast.net as your mail relay.
AAPL, would you please add a toggle to handle this in Server Admin? -
SMTP Authentication (SASL on Postfix)
I am migrating my personal mail server from Tiger Server to Snow Leopard Server.
I have had Postfix on the Tiger Server working for years. I am having trouble configuring Snow Leopard to do the same. My set up for SMTP is to relay email from my respective Postfix server to my ISP, mail.speakeasy.net, and then authenticate with my speakeasy name/password. As I use SSL, I come in on port 995.
From Postfix's perspective, this involves configuring SASL.
Here are the relevant SASL configuration lines from postfix.conf
smtpsasl_authenable = yes
smtpsasl_passwordmaps = hash:/etc/postfix/sasl/passwd
smtpdclientrestrictions = permit_mynetworks permitsaslauthenticated rejectrblclient zen.spamhaus.org rejectrblclient bl.spamcop.net permit
smtpdrecipientrestrictions = permitsaslauthenticated permit_mynetworks rejectunauthdestination checkpolicyservice unix:private/policy permit
smtpdsasl_authenable = yes
When I attempt to relay through mail.speakeasy.net, here are the log file entries in my Snow Leopard SMTP Log files:
Oct 22 17:26:38 tin postfix/smtp[98906]: warning: SASL authentication failure: No worthy mechs found
Oct 22 17:26:38 tin postfix/smtp[98906]: D6EC5500F2: to=<[email protected]>, relay=mail.speakeasy.net[69.12.123.12]:25, delay=0.29, delays=0/0/0.28/0, dsn=4.7.0, status=deferred (SASL authentication failed; cannot authenticate to server mail.speakeasy.net[69.12.123.12]: no mechanism available)
Any advice would be appreciated.
Thanks,combining prarie-guy and kevin mck posts, heres what worked on my snow leopard 10.6.2 box:
error was:
Jan 6 17:05:10 cavell postfix/smtp[36921]: warning: SASL authentication failure: No worthy mechs found
Jan 6 17:05:10 cavell postfix/smtp[36921]: 08A7856920: to=<[email protected]>, relay=mail.telushosting.com[216.251.32.97]:25, delay=1.2, delays=0/0.01/1.2/0, dsn=4.7.0, status=deferred (SASL authentication failed; cannot authenticate to server mail.telushosting.com[216.251.32.97]: no mechanism available)
to fix:
stop mail using server admin or cmd line
in terminal window, sudo -s -H
cd /etc/postfix
cp -p main.cf main.cf.orig
vi main.cf
check the following lines are set up as follows:
smtpsasl_authenable = yes
smtpsasl_securityoptions =
smtpsasl_passwordmaps = hash:/etc/postfix/sasl/passwd
smtpdclientrestrictions = permit_mynetworks permitsaslauthenticated permit
smtpdrecipientrestrictions = permitsaslauthenticated permit_mynetworks rejectunauthdestination checkpolicyservice unix:private/policy permit
smtpdsasl_authenable = yes
restart mail. -
Hello,
I recently installed POSTFIX which uses SASL authentication, I have found javadocs for javax.security.sasl but am unsure how to implement these, does anyone have any experience of doing this?
Can I leave the rest of my smtp code and just alter the authentication bit, or will more need to change?
Any pointers appreciatedI think I have get little bit closer to get SASL authentication work, but now my program throws this kind of exception:
javax.naming.AuthenticationException: SASL authentication failed. Root exception is java.lang.NoSuchMethodError
at com.sun.jndi.ldap.sasl.LdapSasl.saslBind(LdapSasl.java:116)
at java.lang.reflect.Method.invoke(Native Method)
at com.sun.jndi.ldap.LdapClient.saslBind(LdapClient.java:369)
at com.sun.jndi.ldap.LdapClient.authenticate(LdapClient.java:185)
at com.sun.jndi.ldap.LdapCtx.connect(LdapCtx.java:2386)
at com.sun.jndi.ldap.LdapCtx.<init>(LdapCtx.java:239)
at com.sun.jndi.ldap.LdapCtxFactory.getInitialContext(LdapCtxFactory.java:74)
at javax.naming.spi.NamingManager.getInitialContext(NamingManager.java:660)
at javax.naming.InitialContext.getDefaultInitCtx(InitialContext.java:241)
at javax.naming.InitialContext.init(InitialContext.java:217)
at javax.naming.InitialContext.<init>(InitialContext.java:193)
at javax.naming.directory.InitialDirContext.<init>(InitialDirContext.java:78)
My code (I'm using jdk1.3.1):
import javax.naming.*;
import javax.naming.directory.*;
import java.util.Hashtable;
class DigestTesti {
public static void main(String[] args) {
Hashtable env = new Hashtable();
env.put(Context.INITIAL_CONTEXT_FACTORY, "com.sun.jndi.ldap.LdapCtxFactory");
env.put(Context.PROVIDER_URL, "ldap://000.000.000.000:000");
env.put(Context.SECURITY_AUTHENTICATION, "DIGEST-MD5");
env.put(Context.SECURITY_PRINCIPAL, "dn:uid=JDoe,ou=...,o=...,dc=..., dc=...");
env.put(Context.SECURITY_CREDENTIALS, "...");
env.put("java.naming.security.sasl.realm", "...");
try {
DirContext ctx = new InitialDirContext(env);
System.out.println(ctx);
} catch (NamingException e) {
e.printStackTrace();
What could been wrong with my code?
Regards,
Janne -
SASL's DIGEST-MD5 is causing the smtp authentication failure
Hello,
I've asked this question in JavaMail forums [at this link|http://kenai.com/projects/javamail/forums/forum/topics/2944-DIGEST-MD5-sasl-authentication-failing-after-verifying-rspauth] and was forwarded here.
Basically, I'm trying to authenticate to the email server using JavaMail(latest source) via sasl's Digest-MD5.
Problem: Looks like sasl's DigestMD5 implementation (com.sun.security.sasl.digest.DigestMD5Client) is returning a null after a successful authentication in evaluateChallenge(). The SMTPTransport thinks this is wrong and sends a "*" to server and the server responds with "Authentication aborted".
The java doc for SaslClient's evaluateChallenge() says this..
Returns: The possibly null reponse to send to the server. It is null if the challenge accompanied a "SUCCESS" status and the challenge only contains data for the client to update its state and no response needs to be sent to the server. The response is a zero-length byte array if the client is to send a response with no data.
In this case, client do need to send a response with no data. I don't know if Digest-md5 implementation is generic and if it's behavior is correct.
I appreciate any suggestions to solve this problem.
ThanksNot an expert. Maybe you can read or debug into the exact place when the names are compared. Anyway, Java is open sourced now.
-
Mail Server Relay Authentication Failure in Server Admin
I need to set up Mail Server to relay through my ISP. I know that I can authenticate to smtp.comcast.net:587 using my account and TLS usnig a mail client.
However, when I use Server Admin to configure my server's SMTP to send all outgoing email through this relay (Server Admin>Mail>Settings>General>
Rely outgoing mail through host: smtp.comcast.net:587
Authenticate to rely with user name: user
I get the SMTP error:
SASL authentication failed: cannot authenticate to server smtp.comcast.net[76.96.62.117]: no mechanism available
There are no toggles on Server Admin to specify TLS or SSL or anything for authentication.
Does anyone know how to tell Server Admin how to authenticate an SMTP relay to smtp.comcast.net using TLS, which is apparently what comcast expects?Wow, this is an obscure solution, but it works. According to this thread, the problem is that:
Although Comcast advertises "AUTH LOGIN PLAIN", the Postfix SASL library won't do plain text auth by default. It needs to be told it's okay with:
smtp_sasl_security_options = noanonymous
Solution:
$ su -
$ cd /etc/postfix
$ cp main.cf main.cf.no_smtp_sasl_security_options
$ echo 'smtp_sasl_security_options = noanonymous' >> ./main.cf
$ serveradmin stop mail
$ serveradmin start mail
I'm not sure how often /etc/postfix/main.cf is overwritten, but presumably this happens every time you change and save Mail settings in Server Admin, so you must redo these steps every time you change the Mail server if you want to use smtp.comcast.net as your mail relay.
AAPL, would you please add a toggle to handle this in Server Admin? -
[SOLVED] Postfix smtpd exits when using dovecot SASL auth
I've been trying to configure my mail server with dovecot SASL authentication. I've been following the guide here to set this up. However, when I telnet to the server on port 25, I get this in the postfix logs:
Aug 4 21:51:00 localhost postfix/smtpd[2316]: connect from unknown[192.168.1.27]
Aug 4 21:51:00 localhost postfix/smtpd[2316]: fatal: no SASL authentication mechanisms
Aug 4 21:51:01 localhost postfix/master[2312]: warning: process /usr/lib/postfix/smtpd pid 2316 exit status 1
Aug 4 21:51:01 localhost postfix/master[2312]: warning: /usr/lib/postfix/smtpd: bad command startup -- throttling
After enabling debug logging in dovecot, I get this at the same time in the dovecot logs:
Aug 04 21:51:00 auth: Debug: Loading modules from directory: /usr/lib/dovecot/modules/auth
Aug 04 21:51:00 auth: Debug: auth client connected (pid=0)
System info:
Linux matrix 3.4.7-1-ARCH #1 SMP PREEMPT Sun Jul 29 22:02:56 CEST 2012 x86_64 GNU/Linux
Output from postconf:
2bounce_notice_recipient = postmaster
access_map_defer_code = 450
access_map_reject_code = 554
address_verify_cache_cleanup_interval = 12h
address_verify_default_transport = $default_transport
address_verify_local_transport = $local_transport
address_verify_map = btree:$data_directory/verify_cache
address_verify_negative_cache = yes
address_verify_negative_expire_time = 3d
address_verify_negative_refresh_time = 3h
address_verify_poll_count = ${stress?1}${stress:3}
address_verify_poll_delay = 3s
address_verify_positive_expire_time = 31d
address_verify_positive_refresh_time = 7d
address_verify_relay_transport = $relay_transport
address_verify_relayhost = $relayhost
address_verify_sender = $double_bounce_sender
address_verify_sender_dependent_default_transport_maps = $sender_dependent_default_transport_maps
address_verify_sender_dependent_relayhost_maps = $sender_dependent_relayhost_maps
address_verify_sender_ttl = 0s
address_verify_service_name = verify
address_verify_transport_maps = $transport_maps
address_verify_virtual_transport = $virtual_transport
alias_database = $alias_maps
alias_maps = hash:/etc/postfix/aliases
allow_mail_to_commands = alias, forward
allow_mail_to_files = alias, forward
allow_min_user = no
allow_percent_hack = yes
allow_untrusted_routing = no
alternate_config_directories =
always_add_missing_headers = no
always_bcc =
anvil_rate_time_unit = 60s
anvil_status_update_time = 600s
append_at_myorigin = yes
append_dot_mydomain = yes
application_event_drain_time = 100s
authorized_flush_users = static:anyone
authorized_mailq_users = static:anyone
authorized_submit_users = static:anyone
backwards_bounce_logfile_compatibility = yes
berkeley_db_create_buffer_size = 16777216
berkeley_db_read_buffer_size = 131072
best_mx_transport =
biff = yes
body_checks =
body_checks_size_limit = 51200
bounce_notice_recipient = postmaster
bounce_queue_lifetime = 5d
bounce_service_name = bounce
bounce_size_limit = 50000
bounce_template_file =
broken_sasl_auth_clients = no
canonical_classes = envelope_sender, envelope_recipient, header_sender, header_recipient
canonical_maps =
cleanup_service_name = cleanup
command_directory = /usr/sbin
command_execution_directory =
command_expansion_filter = 1234567890!@%-_=+:,./abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ
command_time_limit = 1000s
config_directory = /etc/postfix
connection_cache_protocol_timeout = 5s
connection_cache_service_name = scache
connection_cache_status_update_time = 600s
connection_cache_ttl_limit = 2s
content_filter =
cyrus_sasl_config_path =
daemon_directory = /usr/lib/postfix
daemon_table_open_error_is_fatal = no
daemon_timeout = 18000s
data_directory = /var/lib/postfix
debug_peer_level = 2
debug_peer_list = 127.0.0.1
debugger_command = PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin ddd $daemon_directory/$process_name $process_id & sleep 5
default_database_type = hash
default_delivery_slot_cost = 5
default_delivery_slot_discount = 50
default_delivery_slot_loan = 3
default_destination_concurrency_failed_cohort_limit = 1
default_destination_concurrency_limit = 20
default_destination_concurrency_negative_feedback = 1
default_destination_concurrency_positive_feedback = 1
default_destination_rate_delay = 0s
default_destination_recipient_limit = 50
default_extra_recipient_limit = 1000
default_filter_nexthop =
default_minimum_delivery_slots = 3
default_privs = nobody
default_process_limit = 100
default_rbl_reply = $rbl_code Service unavailable; $rbl_class [$rbl_what] blocked using $rbl_domain${rbl_reason?; $rbl_reason}
default_recipient_limit = 20000
default_recipient_refill_delay = 5s
default_recipient_refill_limit = 100
default_transport = smtp
default_verp_delimiters = +=
defer_code = 450
defer_service_name = defer
defer_transports =
delay_logging_resolution_limit = 2
delay_notice_recipient = postmaster
delay_warning_time = 0h
deliver_lock_attempts = 20
deliver_lock_delay = 1s
destination_concurrency_feedback_debug = no
detect_8bit_encoding_header = yes
disable_dns_lookups = no
disable_mime_input_processing = no
disable_mime_output_conversion = no
disable_verp_bounces = no
disable_vrfy_command = no
dnsblog_reply_delay = 0s
dnsblog_service_name = dnsblog
dont_remove = 0
double_bounce_sender = double-bounce
duplicate_filter_limit = 1000
empty_address_default_transport_maps_lookup_key = <>
empty_address_recipient = MAILER-DAEMON
empty_address_relayhost_maps_lookup_key = <>
enable_long_queue_ids = no
enable_original_recipient = yes
error_delivery_slot_cost = $default_delivery_slot_cost
error_delivery_slot_discount = $default_delivery_slot_discount
error_delivery_slot_loan = $default_delivery_slot_loan
error_destination_concurrency_failed_cohort_limit = $default_destination_concurrency_failed_cohort_limit
error_destination_concurrency_limit = $default_destination_concurrency_limit
error_destination_concurrency_negative_feedback = $default_destination_concurrency_negative_feedback
error_destination_concurrency_positive_feedback = $default_destination_concurrency_positive_feedback
error_destination_rate_delay = $default_destination_rate_delay
error_destination_recipient_limit = $default_destination_recipient_limit
error_extra_recipient_limit = $default_extra_recipient_limit
error_initial_destination_concurrency = $initial_destination_concurrency
error_minimum_delivery_slots = $default_minimum_delivery_slots
error_notice_recipient = postmaster
error_recipient_limit = $default_recipient_limit
error_recipient_refill_delay = $default_recipient_refill_delay
error_recipient_refill_limit = $default_recipient_refill_limit
error_service_name = error
execution_directory_expansion_filter = 1234567890!@%-_=+:,./abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ
expand_owner_alias = no
export_environment = TZ MAIL_CONFIG LANG
fallback_transport =
fallback_transport_maps =
fast_flush_domains = $relay_domains
fast_flush_purge_time = 7d
fast_flush_refresh_time = 12h
fault_injection_code = 0
flush_service_name = flush
fork_attempts = 5
fork_delay = 1s
forward_expansion_filter = 1234567890!@%-_=+:,./abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ
forward_path = $home/.forward${recipient_delimiter}${extension}, $home/.forward
frozen_delivered_to = yes
hash_queue_depth = 1
hash_queue_names = deferred, defer
header_address_token_limit = 10240
header_checks =
header_size_limit = 102400
helpful_warnings = yes
home_mailbox = Maildir/
hopcount_limit = 50
html_directory = no
ignore_mx_lookup_error = no
import_environment = MAIL_CONFIG MAIL_DEBUG MAIL_LOGTAG TZ XAUTHORITY DISPLAY LANG=C
in_flow_delay = 1s
inet_interfaces = all
inet_protocols = ipv4
initial_destination_concurrency = 5
internal_mail_filter_classes =
invalid_hostname_reject_code = 501
ipc_idle = 5s
ipc_timeout = 3600s
ipc_ttl = 1000s
line_length_limit = 2048
lmtp_address_preference = any
lmtp_assume_final = no
lmtp_bind_address =
lmtp_bind_address6 =
lmtp_body_checks =
lmtp_cname_overrides_servername = no
lmtp_connect_timeout = 0s
lmtp_connection_cache_destinations =
lmtp_connection_cache_on_demand = yes
lmtp_connection_cache_time_limit = 2s
lmtp_connection_reuse_time_limit = 300s
lmtp_data_done_timeout = 600s
lmtp_data_init_timeout = 120s
lmtp_data_xfer_timeout = 180s
lmtp_defer_if_no_mx_address_found = no
lmtp_delivery_slot_cost = $default_delivery_slot_cost
lmtp_delivery_slot_discount = $default_delivery_slot_discount
lmtp_delivery_slot_loan = $default_delivery_slot_loan
lmtp_destination_concurrency_failed_cohort_limit = $default_destination_concurrency_failed_cohort_limit
lmtp_destination_concurrency_limit = $default_destination_concurrency_limit
lmtp_destination_concurrency_negative_feedback = $default_destination_concurrency_negative_feedback
lmtp_destination_concurrency_positive_feedback = $default_destination_concurrency_positive_feedback
lmtp_destination_rate_delay = $default_destination_rate_delay
lmtp_destination_recipient_limit = $default_destination_recipient_limit
lmtp_discard_lhlo_keyword_address_maps =
lmtp_discard_lhlo_keywords =
lmtp_dns_resolver_options =
lmtp_enforce_tls = no
lmtp_extra_recipient_limit = $default_extra_recipient_limit
lmtp_generic_maps =
lmtp_header_checks =
lmtp_host_lookup = dns
lmtp_initial_destination_concurrency = $initial_destination_concurrency
lmtp_lhlo_name = $myhostname
lmtp_lhlo_timeout = 300s
lmtp_line_length_limit = 998
lmtp_mail_timeout = 300s
lmtp_mime_header_checks =
lmtp_minimum_delivery_slots = $default_minimum_delivery_slots
lmtp_mx_address_limit = 5
lmtp_mx_session_limit = 2
lmtp_nested_header_checks =
lmtp_per_record_deadline = no
lmtp_pix_workaround_delay_time = 10s
lmtp_pix_workaround_maps =
lmtp_pix_workaround_threshold_time = 500s
lmtp_pix_workarounds = disable_esmtp,delay_dotcrlf
lmtp_quit_timeout = 300s
lmtp_quote_rfc821_envelope = yes
lmtp_randomize_addresses = yes
lmtp_rcpt_timeout = 300s
lmtp_recipient_limit = $default_recipient_limit
lmtp_recipient_refill_delay = $default_recipient_refill_delay
lmtp_recipient_refill_limit = $default_recipient_refill_limit
lmtp_reply_filter =
lmtp_rset_timeout = 20s
lmtp_sasl_auth_cache_name =
lmtp_sasl_auth_cache_time = 90d
lmtp_sasl_auth_enable = no
lmtp_sasl_auth_soft_bounce = yes
lmtp_sasl_mechanism_filter =
lmtp_sasl_password_maps =
lmtp_sasl_path =
lmtp_sasl_security_options = noplaintext, noanonymous
lmtp_sasl_tls_security_options = $lmtp_sasl_security_options
lmtp_sasl_tls_verified_security_options = $lmtp_sasl_tls_security_options
lmtp_sasl_type = cyrus
lmtp_send_dummy_mail_auth = no
lmtp_send_xforward_command = no
lmtp_sender_dependent_authentication = no
lmtp_skip_5xx_greeting = yes
lmtp_skip_quit_response = no
lmtp_starttls_timeout = 300s
lmtp_tcp_port = 24
lmtp_tls_CAfile =
lmtp_tls_CApath =
lmtp_tls_block_early_mail_reply = no
lmtp_tls_cert_file =
lmtp_tls_ciphers = export
lmtp_tls_dcert_file =
lmtp_tls_dkey_file = $lmtp_tls_dcert_file
lmtp_tls_eccert_file =
lmtp_tls_eckey_file = $lmtp_tls_eccert_file
lmtp_tls_enforce_peername = yes
lmtp_tls_exclude_ciphers =
lmtp_tls_fingerprint_cert_match =
lmtp_tls_fingerprint_digest = md5
lmtp_tls_key_file = $lmtp_tls_cert_file
lmtp_tls_loglevel = 0
lmtp_tls_mandatory_ciphers = medium
lmtp_tls_mandatory_exclude_ciphers =
lmtp_tls_mandatory_protocols = !SSLv2
lmtp_tls_note_starttls_offer = no
lmtp_tls_per_site =
lmtp_tls_policy_maps =
lmtp_tls_protocols = !SSLv2
lmtp_tls_scert_verifydepth = 9
lmtp_tls_secure_cert_match = nexthop
lmtp_tls_security_level =
lmtp_tls_session_cache_database =
lmtp_tls_session_cache_timeout = 3600s
lmtp_tls_verify_cert_match = hostname
lmtp_use_tls = no
lmtp_xforward_timeout = 300s
local_command_shell =
local_delivery_slot_cost = $default_delivery_slot_cost
local_delivery_slot_discount = $default_delivery_slot_discount
local_delivery_slot_loan = $default_delivery_slot_loan
local_destination_concurrency_failed_cohort_limit = $default_destination_concurrency_failed_cohort_limit
local_destination_concurrency_limit = 2
local_destination_concurrency_negative_feedback = $default_destination_concurrency_negative_feedback
local_destination_concurrency_positive_feedback = $default_destination_concurrency_positive_feedback
local_destination_rate_delay = $default_destination_rate_delay
local_destination_recipient_limit = 1
local_extra_recipient_limit = $default_extra_recipient_limit
local_header_rewrite_clients = permit_inet_interfaces
local_initial_destination_concurrency = $initial_destination_concurrency
local_minimum_delivery_slots = $default_minimum_delivery_slots
local_recipient_limit = $default_recipient_limit
local_recipient_maps = proxy:unix:passwd.byname $alias_maps
local_recipient_refill_delay = $default_recipient_refill_delay
local_recipient_refill_limit = $default_recipient_refill_limit
local_transport = local:$myhostname
luser_relay =
mail_name = Postfix
mail_owner = postfix
mail_release_date = 20120801
mail_spool_directory = /var/mail
mail_version = 2.9.4
mailbox_command =
mailbox_command_maps =
mailbox_delivery_lock = fcntl, dotlock
mailbox_size_limit = 51200000
mailbox_transport =
mailbox_transport_maps =
mailq_path = /usr/bin/mailq
manpage_directory = /usr/share/man
maps_rbl_domains =
maps_rbl_reject_code = 554
masquerade_classes = envelope_sender, header_sender, header_recipient
masquerade_domains =
masquerade_exceptions =
master_service_disable =
max_idle = 100s
max_use = 100
maximal_backoff_time = 4000s
maximal_queue_lifetime = 5d
message_reject_characters =
message_size_limit = 10240000
message_strip_characters =
milter_command_timeout = 30s
milter_connect_macros = j {daemon_name} v
milter_connect_timeout = 30s
milter_content_timeout = 300s
milter_data_macros = i
milter_default_action = tempfail
milter_end_of_data_macros = i
milter_end_of_header_macros = i
milter_header_checks =
milter_helo_macros = {tls_version} {cipher} {cipher_bits} {cert_subject} {cert_issuer}
milter_macro_daemon_name = $myhostname
milter_macro_v = $mail_name $mail_version
milter_mail_macros = i {auth_type} {auth_authen} {auth_author} {mail_addr} {mail_host} {mail_mailer}
milter_protocol = 6
milter_rcpt_macros = i {rcpt_addr} {rcpt_host} {rcpt_mailer}
milter_unknown_command_macros =
mime_boundary_length_limit = 2048
mime_header_checks = $header_checks
mime_nesting_limit = 100
minimal_backoff_time = 300s
multi_instance_directories =
multi_instance_enable = no
multi_instance_group =
multi_instance_name =
multi_instance_wrapper =
multi_recipient_bounce_reject_code = 550
mydestination = $myhostname, localhost.$mydomain, localhost
mydomain = (hidden)
myhostname = (hidden)
mynetworks = 127.0.0.1/32 192.168.1.32/32
mynetworks_style = host
myorigin = $mydomain
nested_header_checks = $header_checks
newaliases_path = /usr/bin/newaliases
non_fqdn_reject_code = 504
non_smtpd_milters =
notify_classes = resource, software
owner_request_special = yes
parent_domain_matches_subdomains = debug_peer_list,fast_flush_domains,mynetworks,permit_mx_backup_networks,qmqpd_authorized_clients,relay_domains,smtpd_access_maps
permit_mx_backup_networks =
pickup_service_name = pickup
plaintext_reject_code = 450
postmulti_control_commands = reload flush
postmulti_start_commands = start
postmulti_stop_commands = stop abort drain quick-stop
postscreen_access_list = permit_mynetworks
postscreen_bare_newline_action = ignore
postscreen_bare_newline_enable = no
postscreen_bare_newline_ttl = 30d
postscreen_blacklist_action = ignore
postscreen_cache_cleanup_interval = 12h
postscreen_cache_map = btree:$data_directory/postscreen_cache
postscreen_cache_retention_time = 7d
postscreen_client_connection_count_limit = $smtpd_client_connection_count_limit
postscreen_command_count_limit = 20
postscreen_command_filter =
postscreen_command_time_limit = ${stress?10}${stress:300}s
postscreen_disable_vrfy_command = $disable_vrfy_command
postscreen_discard_ehlo_keyword_address_maps = $smtpd_discard_ehlo_keyword_address_maps
postscreen_discard_ehlo_keywords = $smtpd_discard_ehlo_keywords
postscreen_dnsbl_action = ignore
postscreen_dnsbl_reply_map =
postscreen_dnsbl_sites =
postscreen_dnsbl_threshold = 1
postscreen_dnsbl_ttl = 1h
postscreen_enforce_tls = $smtpd_enforce_tls
postscreen_expansion_filter = $smtpd_expansion_filter
postscreen_forbidden_commands = $smtpd_forbidden_commands
postscreen_greet_action = ignore
postscreen_greet_banner = $smtpd_banner
postscreen_greet_ttl = 1d
postscreen_greet_wait = ${stress?2}${stress:6}s
postscreen_helo_required = $smtpd_helo_required
postscreen_non_smtp_command_action = drop
postscreen_non_smtp_command_enable = no
postscreen_non_smtp_command_ttl = 30d
postscreen_pipelining_action = enforce
postscreen_pipelining_enable = no
postscreen_pipelining_ttl = 30d
postscreen_post_queue_limit = $default_process_limit
postscreen_pre_queue_limit = $default_process_limit
postscreen_reject_footer = $smtpd_reject_footer
postscreen_tls_security_level = $smtpd_tls_security_level
postscreen_use_tls = $smtpd_use_tls
postscreen_watchdog_timeout = 10s
postscreen_whitelist_interfaces = static:all
prepend_delivered_header = command, file, forward
process_id_directory = pid
propagate_unmatched_extensions = canonical, virtual
proxy_interfaces =
proxy_read_maps = $local_recipient_maps $mydestination $virtual_alias_maps $virtual_alias_domains $virtual_mailbox_maps $virtual_mailbox_domains $relay_recipient_maps $relay_domains $canonical_maps $sender_canonical_maps $recipient_canonical_maps $relocated_maps $transport_maps $mynetworks $sender_bcc_maps $recipient_bcc_maps $smtp_generic_maps $lmtp_generic_maps $alias_maps
proxy_write_maps = $smtp_sasl_auth_cache_name $lmtp_sasl_auth_cache_name $address_verify_map $postscreen_cache_map
proxymap_service_name = proxymap
proxywrite_service_name = proxywrite
qmgr_clog_warn_time = 300s
qmgr_daemon_timeout = 1000s
qmgr_fudge_factor = 100
qmgr_ipc_timeout = 60s
qmgr_message_active_limit = 20000
qmgr_message_recipient_limit = 20000
qmgr_message_recipient_minimum = 10
qmqpd_authorized_clients =
qmqpd_client_port_logging = no
qmqpd_error_delay = 1s
qmqpd_timeout = 300s
queue_directory = /var/spool/postfix
queue_file_attribute_count_limit = 100
queue_minfree = 0
queue_run_delay = 300s
queue_service_name = qmgr
rbl_reply_maps =
readme_directory = no
receive_override_options =
recipient_bcc_maps =
recipient_canonical_classes = envelope_recipient, header_recipient
recipient_canonical_maps =
recipient_delimiter =
reject_code = 554
reject_tempfail_action = defer_if_permit
relay_clientcerts =
relay_delivery_slot_cost = $default_delivery_slot_cost
relay_delivery_slot_discount = $default_delivery_slot_discount
relay_delivery_slot_loan = $default_delivery_slot_loan
relay_destination_concurrency_failed_cohort_limit = $default_destination_concurrency_failed_cohort_limit
relay_destination_concurrency_limit = $default_destination_concurrency_limit
relay_destination_concurrency_negative_feedback = $default_destination_concurrency_negative_feedback
relay_destination_concurrency_positive_feedback = $default_destination_concurrency_positive_feedback
relay_destination_rate_delay = $default_destination_rate_delay
relay_destination_recipient_limit = $default_destination_recipient_limit
relay_domains = $mydestination
relay_domains_reject_code = 554
relay_extra_recipient_limit = $default_extra_recipient_limit
relay_initial_destination_concurrency = $initial_destination_concurrency
relay_minimum_delivery_slots = $default_minimum_delivery_slots
relay_recipient_limit = $default_recipient_limit
relay_recipient_maps =
relay_recipient_refill_delay = $default_recipient_refill_delay
relay_recipient_refill_limit = $default_recipient_refill_limit
relay_transport = relay
relayhost =
relocated_maps =
remote_header_rewrite_domain =
require_home_directory = no
reset_owner_alias = no
resolve_dequoted_address = yes
resolve_null_domain = no
resolve_numeric_domain = no
retry_delivery_slot_cost = $default_delivery_slot_cost
retry_delivery_slot_discount = $default_delivery_slot_discount
retry_delivery_slot_loan = $default_delivery_slot_loan
retry_destination_concurrency_failed_cohort_limit = $default_destination_concurrency_failed_cohort_limit
retry_destination_concurrency_limit = $default_destination_concurrency_limit
retry_destination_concurrency_negative_feedback = $default_destination_concurrency_negative_feedback
retry_destination_concurrency_positive_feedback = $default_destination_concurrency_positive_feedback
retry_destination_rate_delay = $default_destination_rate_delay
retry_destination_recipient_limit = $default_destination_recipient_limit
retry_extra_recipient_limit = $default_extra_recipient_limit
retry_initial_destination_concurrency = $initial_destination_concurrency
retry_minimum_delivery_slots = $default_minimum_delivery_slots
retry_recipient_limit = $default_recipient_limit
retry_recipient_refill_delay = $default_recipient_refill_delay
retry_recipient_refill_limit = $default_recipient_refill_limit
rewrite_service_name = rewrite
sample_directory = /etc/postfix/sample
send_cyrus_sasl_authzid = no
sender_bcc_maps =
sender_canonical_classes = envelope_sender, header_sender
sender_canonical_maps =
sender_dependent_default_transport_maps =
sender_dependent_relayhost_maps =
sendmail_fix_line_endings = always
sendmail_path = /usr/sbin/sendmail
service_throttle_time = 60s
setgid_group = postdrop
show_user_unknown_table_name = yes
showq_service_name = showq
smtp_address_preference = any
smtp_always_send_ehlo = yes
smtp_bind_address =
smtp_bind_address6 =
smtp_body_checks =
smtp_cname_overrides_servername = no
smtp_connect_timeout = 30s
smtp_connection_cache_destinations =
smtp_connection_cache_on_demand = yes
smtp_connection_cache_time_limit = 2s
smtp_connection_reuse_time_limit = 300s
smtp_data_done_timeout = 600s
smtp_data_init_timeout = 120s
smtp_data_xfer_timeout = 180s
smtp_defer_if_no_mx_address_found = no
smtp_delivery_slot_cost = $default_delivery_slot_cost
smtp_delivery_slot_discount = $default_delivery_slot_discount
smtp_delivery_slot_loan = $default_delivery_slot_loan
smtp_destination_concurrency_failed_cohort_limit = $default_destination_concurrency_failed_cohort_limit
smtp_destination_concurrency_limit = $default_destination_concurrency_limit
smtp_destination_concurrency_negative_feedback = $default_destination_concurrency_negative_feedback
smtp_destination_concurrency_positive_feedback = $default_destination_concurrency_positive_feedback
smtp_destination_rate_delay = $default_destination_rate_delay
smtp_destination_recipient_limit = $default_destination_recipient_limit
smtp_discard_ehlo_keyword_address_maps =
smtp_discard_ehlo_keywords =
smtp_dns_resolver_options =
smtp_enforce_tls = no
smtp_extra_recipient_limit = $default_extra_recipient_limit
smtp_fallback_relay = $fallback_relay
smtp_generic_maps =
smtp_header_checks =
smtp_helo_name = $myhostname
smtp_helo_timeout = 300s
smtp_host_lookup = dns
smtp_initial_destination_concurrency = $initial_destination_concurrency
smtp_line_length_limit = 998
smtp_mail_timeout = 300s
smtp_mime_header_checks =
smtp_minimum_delivery_slots = $default_minimum_delivery_slots
smtp_mx_address_limit = 5
smtp_mx_session_limit = 2
smtp_nested_header_checks =
smtp_never_send_ehlo = no
smtp_per_record_deadline = no
smtp_pix_workaround_delay_time = 10s
smtp_pix_workaround_maps =
smtp_pix_workaround_threshold_time = 500s
smtp_pix_workarounds = disable_esmtp,delay_dotcrlf
smtp_quit_timeout = 300s
smtp_quote_rfc821_envelope = yes
smtp_randomize_addresses = yes
smtp_rcpt_timeout = 300s
smtp_recipient_limit = $default_recipient_limit
smtp_recipient_refill_delay = $default_recipient_refill_delay
smtp_recipient_refill_limit = $default_recipient_refill_limit
smtp_reply_filter =
smtp_rset_timeout = 20s
smtp_sasl_auth_cache_name =
smtp_sasl_auth_cache_time = 90d
smtp_sasl_auth_enable = no
smtp_sasl_auth_soft_bounce = yes
smtp_sasl_mechanism_filter =
smtp_sasl_password_maps =
smtp_sasl_path =
smtp_sasl_security_options = noplaintext, noanonymous
smtp_sasl_tls_security_options = $smtp_sasl_security_options
smtp_sasl_tls_verified_security_options = $smtp_sasl_tls_security_options
smtp_sasl_type = cyrus
smtp_send_dummy_mail_auth = no
smtp_send_xforward_command = no
smtp_sender_dependent_authentication = no
smtp_skip_5xx_greeting = yes
smtp_skip_quit_response = yes
smtp_starttls_timeout = 300s
smtp_tls_CAfile =
smtp_tls_CApath =
smtp_tls_block_early_mail_reply = no
smtp_tls_cert_file =
smtp_tls_ciphers = export
smtp_tls_dcert_file =
smtp_tls_dkey_file = $smtp_tls_dcert_file
smtp_tls_eccert_file =
smtp_tls_eckey_file = $smtp_tls_eccert_file
smtp_tls_enforce_peername = yes
smtp_tls_exclude_ciphers =
smtp_tls_fingerprint_cert_match =
smtp_tls_fingerprint_digest = md5
smtp_tls_key_file = $smtp_tls_cert_file
smtp_tls_loglevel = 0
smtp_tls_mandatory_ciphers = medium
smtp_tls_mandatory_exclude_ciphers =
smtp_tls_mandatory_protocols = !SSLv2
smtp_tls_note_starttls_offer = no
smtp_tls_per_site =
smtp_tls_policy_maps =
smtp_tls_protocols = !SSLv2
smtp_tls_scert_verifydepth = 9
smtp_tls_secure_cert_match = nexthop, dot-nexthop
smtp_tls_security_level =
smtp_tls_session_cache_database =
smtp_tls_session_cache_timeout = 3600s
smtp_tls_verify_cert_match = hostname
smtp_use_tls = no
smtp_xforward_timeout = 300s
smtpd_authorized_verp_clients = $authorized_verp_clients
smtpd_authorized_xclient_hosts =
smtpd_authorized_xforward_hosts =
smtpd_banner = $myhostname ESMTP $mail_name
smtpd_client_connection_count_limit = 50
smtpd_client_connection_rate_limit = 0
smtpd_client_event_limit_exceptions = ${smtpd_client_connection_limit_exceptions:$mynetworks}
smtpd_client_message_rate_limit = 0
smtpd_client_new_tls_session_rate_limit = 0
smtpd_client_port_logging = no
smtpd_client_recipient_rate_limit = 0
smtpd_client_restrictions =
smtpd_command_filter =
smtpd_data_restrictions =
smtpd_delay_open_until_valid_rcpt = yes
smtpd_delay_reject = yes
smtpd_discard_ehlo_keyword_address_maps =
smtpd_discard_ehlo_keywords =
smtpd_end_of_data_restrictions =
smtpd_enforce_tls = no
smtpd_error_sleep_time = 1s
smtpd_etrn_restrictions =
smtpd_expansion_filter = \t\40!"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~
smtpd_forbidden_commands = CONNECT GET POST
smtpd_hard_error_limit = ${stress?1}${stress:20}
smtpd_helo_required = no
smtpd_helo_restrictions =
smtpd_history_flush_threshold = 100
smtpd_junk_command_limit = ${stress?1}${stress:100}
smtpd_milters =
smtpd_noop_commands =
smtpd_null_access_lookup_key = <>
smtpd_peername_lookup = yes
smtpd_per_record_deadline = ${stress?yes}${stress:no}
smtpd_policy_service_max_idle = 300s
smtpd_policy_service_max_ttl = 1000s
smtpd_policy_service_timeout = 100s
smtpd_proxy_ehlo = $myhostname
smtpd_proxy_filter =
smtpd_proxy_options =
smtpd_proxy_timeout = 100s
smtpd_recipient_limit = 1000
smtpd_recipient_overshoot_limit = 1000
smtpd_recipient_restrictions = permit_mynetworks, reject_unauth_destination
smtpd_reject_footer =
smtpd_reject_unlisted_recipient = yes
smtpd_reject_unlisted_sender = no
smtpd_restriction_classes =
smtpd_sasl_auth_enable = yes
smtpd_sasl_authenticated_header = no
smtpd_sasl_exceptions_networks =
smtpd_sasl_local_domain =
smtpd_sasl_path = private/auth
smtpd_sasl_security_options = noanonymous, noplaintext
smtpd_sasl_tls_security_options = $smtpd_sasl_security_options
smtpd_sasl_type = dovecot
smtpd_sender_login_maps =
smtpd_sender_restrictions =
smtpd_service_name = smtpd
smtpd_soft_error_limit = 10
smtpd_starttls_timeout = ${stress?10}${stress:300}s
smtpd_timeout = ${stress?10}${stress:300}s
smtpd_tls_CAfile =
smtpd_tls_CApath =
smtpd_tls_always_issue_session_ids = yes
smtpd_tls_ask_ccert = no
smtpd_tls_auth_only = no
smtpd_tls_ccert_verifydepth = 9
smtpd_tls_cert_file =
smtpd_tls_ciphers = export
smtpd_tls_dcert_file =
smtpd_tls_dh1024_param_file =
smtpd_tls_dh512_param_file =
smtpd_tls_dkey_file = $smtpd_tls_dcert_file
smtpd_tls_eccert_file =
smtpd_tls_eckey_file = $smtpd_tls_eccert_file
smtpd_tls_eecdh_grade = strong
smtpd_tls_exclude_ciphers =
smtpd_tls_fingerprint_digest = md5
smtpd_tls_key_file = $smtpd_tls_cert_file
smtpd_tls_loglevel = 0
smtpd_tls_mandatory_ciphers = medium
smtpd_tls_mandatory_exclude_ciphers =
smtpd_tls_mandatory_protocols = !SSLv2
smtpd_tls_protocols =
smtpd_tls_received_header = no
smtpd_tls_req_ccert = no
smtpd_tls_security_level =
smtpd_tls_session_cache_database =
smtpd_tls_session_cache_timeout = 3600s
smtpd_tls_wrappermode = no
smtpd_use_tls = no
soft_bounce = no
stale_lock_time = 500s
stress =
strict_7bit_headers = no
strict_8bitmime = no
strict_8bitmime_body = no
strict_mailbox_ownership = yes
strict_mime_encoding_domain = no
strict_rfc821_envelopes = no
sun_mailtool_compatibility = no
swap_bangpath = yes
syslog_facility = mail
syslog_name = ${multi_instance_name:postfix}${multi_instance_name?$multi_instance_name}
tcp_windowsize = 0
tls_append_default_CA = no
tls_daemon_random_bytes = 32
tls_disable_workarounds =
tls_eecdh_strong_curve = prime256v1
tls_eecdh_ultra_curve = secp384r1
tls_export_cipherlist = aNULL:-aNULL:ALL:+RC4:@STRENGTH
tls_high_cipherlist = aNULL:-aNULL:ALL:!EXPORT:!LOW:!MEDIUM:+RC4:@STRENGTH
tls_low_cipherlist = aNULL:-aNULL:ALL:!EXPORT:+RC4:@STRENGTH
tls_medium_cipherlist = aNULL:-aNULL:ALL:!EXPORT:!LOW:+RC4:@STRENGTH
tls_null_cipherlist = eNULL:!aNULL
tls_preempt_cipherlist = no
tls_random_bytes = 32
tls_random_exchange_name = ${data_directory}/prng_exch
tls_random_prng_update_period = 3600s
tls_random_reseed_period = 3600s
tls_random_source = dev:/dev/urandom
tlsproxy_enforce_tls = $smtpd_enforce_tls
tlsproxy_service_name = tlsproxy
tlsproxy_tls_CAfile = $smtpd_tls_CAfile
tlsproxy_tls_CApath = $smtpd_tls_CApath
tlsproxy_tls_always_issue_session_ids = $smtpd_tls_always_issue_session_ids
tlsproxy_tls_ask_ccert = $smtpd_tls_ask_ccert
tlsproxy_tls_ccert_verifydepth = $smtpd_tls_ccert_verifydepth
tlsproxy_tls_cert_file = $smtpd_tls_cert_file
tlsproxy_tls_ciphers = $smtpd_tls_ciphers
tlsproxy_tls_dcert_file = $smtpd_tls_dcert_file
tlsproxy_tls_dh1024_param_file = $smtpd_tls_dh1024_param_file
tlsproxy_tls_dh512_param_file = $smtpd_tls_dh512_param_file
tlsproxy_tls_dkey_file = $smtpd_tls_dkey_file
tlsproxy_tls_eccert_file = $smtpd_tls_eccert_file
tlsproxy_tls_eckey_file = $smtpd_tls_eckey_file
tlsproxy_tls_eecdh_grade = $smtpd_tls_eecdh_grade
tlsproxy_tls_exclude_ciphers = $smtpd_tls_exclude_ciphers
tlsproxy_tls_fingerprint_digest = $smtpd_tls_fingerprint_digest
tlsproxy_tls_key_file = $smtpd_tls_key_file
tlsproxy_tls_loglevel = $smtpd_tls_loglevel
tlsproxy_tls_mandatory_ciphers = $smtpd_tls_mandatory_ciphers
tlsproxy_tls_mandatory_exclude_ciphers = $smtpd_tls_mandatory_exclude_ciphers
tlsproxy_tls_mandatory_protocols = $smtpd_tls_mandatory_protocols
tlsproxy_tls_protocols = $smtpd_tls_protocols
tlsproxy_tls_req_ccert = $smtpd_tls_req_ccert
tlsproxy_tls_security_level = $smtpd_tls_security_level
tlsproxy_tls_session_cache_timeout = $smtpd_tls_session_cache_timeout
tlsproxy_use_tls = $smtpd_use_tls
tlsproxy_watchdog_timeout = 10s
trace_service_name = trace
transport_maps =
transport_retry_time = 60s
trigger_timeout = 10s
undisclosed_recipients_header =
unknown_address_reject_code = 450
unknown_address_tempfail_action = $reject_tempfail_action
unknown_client_reject_code = 450
unknown_helo_hostname_tempfail_action = $reject_tempfail_action
unknown_hostname_reject_code = 450
unknown_local_recipient_reject_code = 550
unknown_relay_recipient_reject_code = 550
unknown_virtual_alias_reject_code = 550
unknown_virtual_mailbox_reject_code = 550
unverified_recipient_defer_code = 450
unverified_recipient_reject_code = 450
unverified_recipient_reject_reason =
unverified_recipient_tempfail_action = $reject_tempfail_action
unverified_sender_defer_code = 450
unverified_sender_reject_code = 450
unverified_sender_reject_reason =
unverified_sender_tempfail_action = $reject_tempfail_action
verp_delimiter_filter = -=+
virtual_alias_domains = $virtual_alias_maps
virtual_alias_expansion_limit = 1000
virtual_alias_maps = $virtual_maps
virtual_alias_recursion_limit = 1000
virtual_delivery_slot_cost = $default_delivery_slot_cost
virtual_delivery_slot_discount = $default_delivery_slot_discount
virtual_delivery_slot_loan = $default_delivery_slot_loan
virtual_destination_concurrency_failed_cohort_limit = $default_destination_concurrency_failed_cohort_limit
virtual_destination_concurrency_limit = $default_destination_concurrency_limit
virtual_destination_concurrency_negative_feedback = $default_destination_concurrency_negative_feedback
virtual_destination_concurrency_positive_feedback = $default_destination_concurrency_positive_feedback
virtual_destination_rate_delay = $default_destination_rate_delay
virtual_destination_recipient_limit = $default_destination_recipient_limit
virtual_extra_recipient_limit = $default_extra_recipient_limit
virtual_gid_maps =
virtual_initial_destination_concurrency = $initial_destination_concurrency
virtual_mailbox_base =
virtual_mailbox_domains = $virtual_mailbox_maps
virtual_mailbox_limit = 51200000
virtual_mailbox_lock = fcntl, dotlock
virtual_mailbox_maps =
virtual_minimum_delivery_slots = $default_minimum_delivery_slots
virtual_minimum_uid = 100
virtual_recipient_limit = $default_recipient_limit
virtual_recipient_refill_delay = $default_recipient_refill_delay
virtual_recipient_refill_limit = $default_recipient_refill_limit
virtual_transport = virtual
virtual_uid_maps =
postconf: warning: /etc/postfix/main.cf: unused parameter: smtpd_sasl_auth_only=yes
Output from doveconf:
# 2.1.9: /etc/dovecot/dovecot.conf
# OS: Linux 3.4.7-1-ARCH x86_64 Arch Linux
auth_anonymous_username = anonymous
auth_cache_negative_ttl = 1 hours
auth_cache_size = 0
auth_cache_ttl = 1 hours
auth_debug = yes
auth_debug_passwords = no
auth_default_realm =
auth_failure_delay = 2 secs
auth_first_valid_uid = 500
auth_gssapi_hostname =
auth_krb5_keytab =
auth_last_valid_uid = 0
auth_master_user_separator =
auth_mechanisms = plain login
auth_proxy_self =
auth_realms =
auth_socket_path = auth-userdb
auth_ssl_require_client_cert = no
auth_ssl_username_from_cert = no
auth_use_winbind = no
auth_username_chars = abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ01234567890.-_@
auth_username_format = %Lu
auth_username_translation =
auth_verbose = no
auth_verbose_passwords = no
auth_winbind_helper_path = /usr/bin/ntlm_auth
auth_worker_max_count = 30
base_dir = /var/run/dovecot
config_cache_size = 1 M
debug_log_path =
default_client_limit = 1000
default_idle_kill = 1 mins
default_internal_user = dovecot
default_login_user = dovenull
default_process_limit = 100
default_vsz_limit = 256 M
deliver_log_format = msgid=%m: %$
dict_db_config =
director_doveadm_port = 0
director_mail_servers =
director_servers =
director_user_expire = 15 mins
director_username_hash = %Lu
disable_plaintext_auth = yes
dotlock_use_excl = yes
doveadm_allowed_commands =
doveadm_password =
doveadm_proxy_port = 0
doveadm_socket_path = doveadm-server
doveadm_worker_count = 0
dsync_alt_char = _
dsync_remote_cmd = ssh -l%{login} %{host} doveadm dsync-server -u%u -l%{lock_timeout} -n%{namespace}
first_valid_gid = 1
first_valid_uid = 500
hostname =
imap_capability =
imap_client_workarounds =
imap_id_log =
imap_id_send =
imap_idle_notify_interval = 2 mins
imap_logout_format = in=%i out=%o
imap_max_line_length = 64 k
imapc_features =
imapc_host =
imapc_list_prefix =
imapc_master_user =
imapc_password =
imapc_port = 143
imapc_rawlog_dir =
imapc_ssl = no
imapc_ssl_ca_dir =
imapc_ssl_verify = yes
imapc_user = %u
import_environment = TZ LISTEN_PID LISTEN_FDS
info_log_path =
instance_name = dovecot
last_valid_gid = 0
last_valid_uid = 0
lda_mailbox_autocreate = no
lda_mailbox_autosubscribe = no
lda_original_recipient_header =
libexec_dir = /usr/lib/dovecot
listen = *, ::
lmtp_address_translate =
lmtp_proxy = no
lmtp_save_to_detail_mailbox = no
lock_method = fcntl
log_path = /var/log/dovecot.log
log_timestamp = "%b %d %H:%M:%S "
login_access_sockets =
login_greeting = Dovecot ready.
login_log_format = %$: %s
login_log_format_elements = user=<%u> method=%m rip=%r lip=%l mpid=%e %c session=<%{session}>
login_trusted_networks =
mail_access_groups = mail
mail_attachment_dir =
mail_attachment_fs = sis posix
mail_attachment_hash = %{sha1}
mail_attachment_min_size = 128 k
mail_cache_fields = flags
mail_cache_min_mail_count = 0
mail_chroot =
mail_debug = no
mail_fsync = optimized
mail_full_filesystem_access = no
mail_gid =
mail_home =
mail_location = maildir:~/Maildir
mail_log_prefix = "%s(%u): "
mail_max_keyword_length = 50
mail_max_lock_timeout = 0
mail_max_userip_connections = 10
mail_never_cache_fields = imap.envelope
mail_nfs_index = no
mail_nfs_storage = no
mail_plugin_dir = /usr/lib/dovecot/modules
mail_plugins =
mail_prefetch_count = 0
mail_privileged_group =
mail_save_crlf = no
mail_shared_explicit_inbox = yes
mail_temp_dir = /tmp
mail_temp_scan_interval = 1 weeks
mail_uid =
mailbox_idle_check_interval = 30 secs
mailbox_list_index = no
maildir_broken_filename_sizes = no
maildir_copy_with_hardlinks = yes
maildir_stat_dirs = no
maildir_very_dirty_syncs = no
master_user_separator =
mbox_dirty_syncs = yes
mbox_dotlock_change_timeout = 2 mins
mbox_lazy_writes = yes
mbox_lock_timeout = 5 mins
mbox_md5 = apop3d
mbox_min_index_size = 0
mbox_read_locks = fcntl
mbox_very_dirty_syncs = no
mbox_write_locks = dotlock fcntl
mdbox_preallocate_space = no
mdbox_rotate_interval = 0
mdbox_rotate_size = 2 M
mmap_disable = no
passdb {
args =
default_fields =
deny = no
driver = pam
master = no
override_fields =
pass = no
pop3_client_workarounds =
pop3_enable_last = no
pop3_fast_size_lookups = no
pop3_lock_session = no
pop3_logout_format = top=%t/%p, retr=%r/%b, del=%d/%m, size=%s
pop3_no_flag_updates = no
pop3_reuse_xuidl = no
pop3_save_uidl = no
pop3_uidl_duplicates = allow
pop3_uidl_format = %08Xu%08Xv
pop3c_host =
pop3c_master_user =
pop3c_password =
pop3c_port = 110
pop3c_rawlog_dir =
pop3c_ssl = no
pop3c_ssl_ca_dir =
pop3c_ssl_verify = yes
pop3c_user = %u
postmaster_address =
protocols = imap
quota_full_tempfail = no
recipient_delimiter = +
rejection_reason = Your message to <%t> was automatically rejected:%n%r
rejection_subject = Rejected: %s
replication_full_sync_interval = 12 hours
replication_max_conns = 10
replicator_host = replicator
replicator_port = 0
sendmail_path = /usr/sbin/sendmail
service aggregator {
chroot = .
client_limit = 0
drop_priv_before_exec = no
executable = aggregator
extra_groups =
fifo_listener replication-notify-fifo {
group =
mode = 0600
user =
group =
idle_kill = 0
privileged_group =
process_limit = 0
process_min_avail = 0
protocol =
service_count = 0
type =
unix_listener replication-notify {
group =
mode = 0600
user =
user = $default_internal_user
vsz_limit = 18446744073709551615 B
service anvil {
chroot = empty
client_limit = 0
drop_priv_before_exec = no
executable = anvil
extra_groups =
group =
idle_kill = 4294967295 secs
privileged_group =
process_limit = 1
process_min_avail = 1
protocol =
service_count = 0
type = anvil
unix_listener anvil-auth-penalty {
group =
mode = 0600
user =
unix_listener anvil {
group =
mode = 0600
user =
user = $default_internal_user
vsz_limit = 18446744073709551615 B
service auth-worker {
chroot =
client_limit = 1
drop_priv_before_exec = no
executable = auth -w
extra_groups =
group =
idle_kill = 0
privileged_group =
process_limit = 0
process_min_avail = 0
protocol =
service_count = 1
type =
unix_listener auth-worker {
group =
mode = 0600
user = $default_internal_user
user =
vsz_limit = 18446744073709551615 B
service auth {
chroot =
client_limit = 0
drop_priv_before_exec = no
executable = auth
extra_groups =
group =
idle_kill = 0
inet_listener {
address =
port = 12345
ssl = no
privileged_group =
process_limit = 1
process_min_avail = 0
protocol =
service_count = 0
type =
unix_listener /var/spool/postfix/private/auth {
group = postfix
mode = 0666
user = postfix
unix_listener auth-client {
group = postfix
mode = 0660
user = postfix
unix_listener auth-login {
group =
mode = 0600
user = $default_internal_user
unix_listener auth-master {
group =
mode = 0600
user =
unix_listener auth-userdb {
group =
mode = 0666
user = $default_internal_user
unix_listener login/login {
group =
mode = 0666
user =
user = root
vsz_limit = 18446744073709551615 B
service config {
chroot =
client_limit = 0
drop_priv_before_exec = no
executable = config
extra_groups =
group =
idle_kill = 0
privileged_group =
process_limit = 0
process_min_avail = 0
protocol =
service_count = 0
type = config
unix_listener config {
group =
mode = 0600
user =
user =
vsz_limit = 18446744073709551615 B
service dict {
chroot =
client_limit = 1
drop_priv_before_exec = no
executable = dict
extra_groups =
group =
idle_kill = 0
privileged_group =
process_limit = 0
process_min_avail = 0
protocol =
service_count = 0
type =
unix_listener dict {
group =
mode = 0600
user =
user = $default_internal_user
vsz_limit = 18446744073709551615 B
service director {
chroot = .
client_limit = 0
drop_priv_before_exec = no
executable = director
extra_groups =
fifo_listener login/proxy-notify {
group =
mode = 00
user =
group =
idle_kill = 4294967295 secs
privileged_group =
process_limit = 1
process_min_avail = 0
protocol =
service_count = 0
type =
unix_listener director-admin {
group =
mode = 0600
user =
unix_listener login/director {
group =
mode = 00
user =
user = $default_internal_user
vsz_limit = 18446744073709551615 B
service dns_client {
chroot =
client_limit = 1
drop_priv_before_exec = no
executable = dns-client
extra_groups =
group =
idle_kill = 0
privileged_group =
process_limit = 0
process_min_avail = 0
protocol =
service_count = 0
type =
unix_listener dns-client {
group =
mode = 0666
user =
unix_listener login/dns-client {
group =
mode = 0666
user =
user = $default_internal_user
vsz_limit = 18446744073709551615 B
service doveadm {
chroot =
client_limit = 1
drop_priv_before_exec = no
executable = doveadm-server
extra_groups =
group =
idle_kill = 0
privileged_group =
process_limit = 0
process_min_avail = 0
protocol =
service_count = 1
type =
unix_listener doveadm-server {
group =
mode = 0600
user =
user =
vsz_limit = 18446744073709551615 B
service imap-login {
chroot = login
client_limit = 0
drop_priv_before_exec = no
executable = imap-login
extra_groups =
group =
idle_kill = 0
inet_listener imap {
address =
port = 143
ssl = no
inet_listener imaps {
address =
port = 993
ssl = yes
privileged_group =
process_limit = 0
process_min_avail = 0
protocol = imap
service_count = 1
type = login
user = $default_login_user
vsz_limit = 18446744073709551615 B
service imap {
chroot =
client_limit = 1
drop_priv_before_exec = no
executable = imap
extra_groups =
group =
idle_kill = 0
privileged_group =
process_limit = 1024
process_min_avail = 0
protocol = imap
service_count = 1
type =
unix_listener login/imap {
group =
mode = 0666
user =
user =
vsz_limit = 18446744073709551615 B
service indexer-worker {
chroot =
client_limit = 1
drop_priv_before_exec = no
executable = indexer-worker
extra_groups =
group =
idle_kill = 0
privileged_group =
process_limit = 10
process_min_avail = 0
protocol =
service_count = 0
type =
unix_listener indexer-worker {
group =
mode = 0600
user = $default_internal_user
user =
vsz_limit = 18446744073709551615 B
service indexer {
chroot =
client_limit = 0
drop_priv_before_exec = no
executable = indexer
extra_groups =
group =
idle_kill = 0
privileged_group =
process_limit = 1
process_min_avail = 0
protocol =
service_count = 0
type =
unix_listener indexer {
group =
mode = 0666
user =
user = $default_internal_user
vsz_limit = 18446744073709551615 B
service ipc {
chroot = empty
client_limit = 0
drop_priv_before_exec = no
executable = ipc
extra_groups =
group =
idle_kill = 0
privileged_group =
process_limit = 1
process_min_avail = 0
protocol =
service_count = 0
type =
unix_listener ipc {
group =
mode = 0600
user =
unix_listener login/ipc-proxy {
group =
mode = 0600
user = $default_login_user
user = $default_internal_user
vsz_limit = 18446744073709551615 B
service lmtp {
chroot =
client_limit = 1
drop_priv_before_exec = no
executable = lmtp
extra_groups =
group =
idle_kill = 0
privileged_group =
process_limit = 0
process_min_avail = 0
protocol = lmtp
service_count = 0
type =
unix_listener lmtp {
group =
mode = 0666
user =
user =
vsz_limit = 18446744073709551615 B
service log {
chroot =
client_limit = 0
drop_priv_before_exec = no
executable = log
extra_groups =
group =
idle_kill = 4294967295 secs
privileged_group =
process_limit = 1
process_min_avail = 0
protocol =
service_count = 0
type = log
unix_listener log-errors {
group =
mode = 0600
user =
user =
vsz_limit = 18446744073709551615 B
service pop3-login {
chroot = login
client_limit = 0
drop_priv_before_exec = no
executable = pop3-login
extra_groups =
group =
idle_kill = 0
inet_listener pop3 {
address =
port = 110
ssl = no
inet_listener pop3s {
address =
port = 995
ssl = yes
privileged_group =
process_limit = 0
process_min_avail = 0
protocol = pop3
service_count = 1
type = login
user = $default_login_user
vsz_limit = 18446744073709551615 B
service pop3 {
chroot =
client_limit = 1
drop_priv_before_exec = no
executable = pop3
extra_groups =
group =
idle_kill = 0
privileged_group =
process_limit = 1024
process_min_avail = 0
protocol = pop3
service_count = 1
type =
unix_listener login/pop3 {
group =
mode = 0666
user =
user =
vsz_limit = 18446744073709551615 B
service replicator {
chroot =
client_limit = 0
drop_priv_before_exec = no
executable = replicator
extra_groups =
group =
idle_kill = 4294967295 secs
privileged_group =
process_limit = 1
process_min_avail = 0
protocol =
service_count = 0
type =
unix_listener replicator {
group =
mode = 0600
user = $default_internal_user
user =
vsz_limit = 18446744073709551615 B
service ssl-params {
chroot =
client_limit = 0
drop_priv_before_exec = no
executable = ssl-params
extra_groups =
group =
idle_kill = 0
privileged_group =
process_limit = 0
process_min_avail = 0
protocol =
service_count = 0
type = startup
unix_listener login/ssl-params {
group =
mode = 0666
user =
user =
vsz_limit = 18446744073709551615 B
service stats {
chroot = empty
client_limit = 0
drop_priv_before_exec = no
executable = stats
extra_groups =
fifo_listener stats-mail {
group =
mode = 0600
user =
group =
idle_kill = 4294967295 secs
privileged_group =
process_limit = 1
process_min_avail = 0
protocol =
service_count = 0
type =
unix_listener stats {
group =
mode = 0600
user =
user = $default_internal_user
vsz_limit = 18446744073709551615 B
shutdown_clients = yes
ssl = yes
ssl_ca =
ssl_cert = /etc/ssl/certs/mail.crt
ssl_cert_username_field = commonName
ssl_cipher_list = ALL:!LOW:!SSLv2:!EXP:!aNULL
ssl_client_cert =
ssl_client_key =
ssl_crypto_device =
ssl_key = /etc/ssl/private/mail.key
ssl_key_password =
ssl_parameters_regenerate = 1 weeks
ssl_protocols = !SSLv2
ssl_require_crl = yes
ssl_verify_client_cert = no
stats_command_min_time = 1 mins
stats_domain_min_time = 12 hours
stats_ip_min_time = 12 hours
stats_memory_limit = 16 M
stats_session_min_time = 15 mins
stats_user_min_time = 1 hours
submission_host =
syslog_facility = mail
userdb {
args =
default_fields =
driver = passwd
override_fields =
valid_chroot_dirs =
verbose_proctitle = no
verbose_ssl = yes
version_ignore = no
protocol imap {
imap_client_workarounds = delay-newmail tb-extra-mailbox-sep
Last edited by ryukafalz (2012-08-08 15:10:31)Oh, my apologies, I'd forgotten about the -n flag. In any case, the lines you quoted from my config are for smtp client auth, which I'm not using. The three lines you provided are for smtp server auth, and they're already in my config. My fault, it's easy to miss that when wading through that huge output I provided.
postconf -n output:
alias_database = $alias_maps
alias_maps = hash:/etc/postfix/aliases
command_directory = /usr/sbin
config_directory = /etc/postfix
daemon_directory = /usr/lib/postfix
data_directory = /var/lib/postfix
debug_peer_level = 2
debug_peer_list = 127.0.0.1
debugger_command = PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin ddd $daemon_directory/$process_name $process_id & sleep 5
home_mailbox = Maildir/
html_directory = no
inet_interfaces = all
inet_protocols = ipv4
mail_owner = postfix
mailq_path = /usr/bin/mailq
manpage_directory = /usr/share/man
mydestination = $myhostname, localhost.$mydomain, localhost
mydomain = (hidden)
myhostname = (hidden)
mynetworks_style = host
myorigin = $mydomain
newaliases_path = /usr/bin/newaliases
queue_directory = /var/spool/postfix
readme_directory = no
sample_directory = /etc/postfix/sample
sendmail_path = /usr/sbin/sendmail
setgid_group = postdrop
smtpd_sasl_auth_enable = yes
smtpd_sasl_path = private/auth
smtpd_sasl_security_options = noanonymous, noplaintext
smtpd_sasl_type = dovecot
unknown_local_recipient_reject_code = 550
postconf: warning: /etc/postfix/main.cf: unused parameter: smtpd_sasl_auth_only=yes
doveconf -n output (in case you need it):
# 2.1.9: /etc/dovecot/dovecot.conf
# OS: Linux 3.4.7-1-ARCH x86_64 Arch Linux
auth_debug = yes
auth_mechanisms = plain login
log_path = /var/log/dovecot.log
mail_access_groups = mail
mail_location = maildir:~/Maildir
passdb {
driver = pam
protocols = imap
service auth {
inet_listener {
port = 12345
unix_listener /var/spool/postfix/private/auth {
group = postfix
mode = 0666
user = postfix
unix_listener auth-client {
group = postfix
mode = 0660
user = postfix
user = root
ssl_cert = /etc/ssl/certs/mail.crt
ssl_key = /etc/ssl/private/mail.key
userdb {
driver = passwd
verbose_ssl = yes
protocol imap {
imap_client_workarounds = delay-newmail tb-extra-mailbox-sep -
Hello,
I recently changed from exim to postfix and now cannot get my simpleAuthenticator to work.
Are there any differences with postfix in terms of the authentication required, also how do I need to enter the username, i.e.
username or
username@myDomain
Thankscombining prarie-guy and kevin mck posts, heres what worked on my snow leopard 10.6.2 box:
error was:
Jan 6 17:05:10 cavell postfix/smtp[36921]: warning: SASL authentication failure: No worthy mechs found
Jan 6 17:05:10 cavell postfix/smtp[36921]: 08A7856920: to=<[email protected]>, relay=mail.telushosting.com[216.251.32.97]:25, delay=1.2, delays=0/0.01/1.2/0, dsn=4.7.0, status=deferred (SASL authentication failed; cannot authenticate to server mail.telushosting.com[216.251.32.97]: no mechanism available)
to fix:
stop mail using server admin or cmd line
in terminal window, sudo -s -H
cd /etc/postfix
cp -p main.cf main.cf.orig
vi main.cf
check the following lines are set up as follows:
smtpsasl_authenable = yes
smtpsasl_securityoptions =
smtpsasl_passwordmaps = hash:/etc/postfix/sasl/passwd
smtpdclientrestrictions = permit_mynetworks permitsaslauthenticated permit
smtpdrecipientrestrictions = permitsaslauthenticated permit_mynetworks rejectunauthdestination checkpolicyservice unix:private/policy permit
smtpdsasl_authenable = yes
restart mail. -
hello everyone, can't find help for this on the forums or on the net, so resorting to a new post. I've got arch up and running with a minimalist setup, trying to use mutt with gmail via imap. All works fine, except on sending mail it says "sasl authentication failed." I tried cyrus-sasl, postfix and something else as well, but it seems that was unnecessary, since sasl is compiled in mutt....so perhaps its a mutt problem, but I thought I'd try here first, since the setup works on ubuntu
speaking of which, I'd like to say a quick thank you to all those who put in effort on the documentation for arch. Truly amazing - best written I've come across. I've learnt a huge amount over the last couple of days just following the beginners guide.I'm an idiot....sorry...after an entire evening researching, I just happened to check the config file and found I'd made a typo
terribly sorry, feel free to delete the post
Maybe you are looking for
-
Two phones with the same icloud how to use storage only one the one
My daughter has a Iphone 4, I have a Iphone 5. Because she is to young to have a credit card that allows her to shop online, she uses mine to buy apps. The phone stands in my name and we share the same Iclud. She needs more storage on her phone, so I
-
Nexus, command authorization using TACACS.
Hello. Can someone provide a sample configuration to use Cisco Secure ACS 4.2 to enable command authorization using TACACS. Thanks. Regards. Andrea
-
Hello World, recently my macbook pro has encountered a serious problem! Well not to long ago, my mac started acting very strange. I turned it on and it was really slow and lagged for no reason and the fans constantly ran as well. I looked at the cpu
-
Is there a way to find all the locked files my computer?
I am having trouble importing some files into Aperture and I discovered that one of the reasons might be that some of the files are locked. I know how to unlock them but I'd like to find the locked files and unlock them all at once. Is there a way to
-
I have a 20 min program for a client - audio is fine in the final sequence, that sequence nested and on the QT file of that sequence - no issues. However when I go to tape, I have a few dropouts and distortions. I am on a Mac Pro 8 core, the media is