During the move to our new server, I decided to switch the IMAP and POP3 server from Courier to Dovecot. SMTP is still handled by Postfix.
Since the server is responsible for multiple domains, we use a MySQL database to store the accounts and their hashed passwords, and postfixadmin as web interface to create new ones or change passwords.
I did the user database configuration for Dovecot and then configured Postfix to use Dovecot's SASL interface for authentication with smtpd_sasl_type = dovecot.
Now I had a strange error on my home server, which uses the Dragonfly Mail Agent dma to hand off e-mails to the internet server:
dma: trying delivery dma: using smarthost (mail.cweiske.de:587) dma: trying remote delivery to mail.cweiske.de [2a01:488:66:1000:53a9:2dde:0:1] pref 0 dma: SSL initialization successful dma: using SMTP authentication for user dojo.home.cweiske.de@cweiske.de dma: smarthost authentication: AUTH cram-md5 not available: 535 5.7.8 Error: authentication failed: Invalid authentication mechanism dma: remote delivery deferred: AUTH login not available: 535 5.7.8 Error: authentication failed: Invalid authentication mechanism dma: SMTP login not available. Trying without. dma: remote delivery to mail.cweiske.de [2a01:488:66:1000:53a9:2dde:0:1] failed after RCPT TO: 554 5.7.1 <blubb.dip0.t-ipconnect.de[2003:d9:ebc1:d200:d250:99ff:fe2c:f8c8]>: Client host rejected: Access denied dma: can not bounce a bounce message, discarding
And really, the claws mail network log showed that the server only offered PLAIN authentication:
EHLO boo.home.cweiske.de [12:27:24] ESMTP< 250-mail.cweiske.de [12:27:24] ESMTP< 250-PIPELINING [12:27:24] ESMTP< 250-SIZE 10240000 [12:27:24] ESMTP< 250-VRFY [12:27:24] ESMTP< 250-ETRN [12:27:24] ESMTP< 250-STARTTLS [12:27:24] ESMTP< 250-ENHANCEDSTATUSCODES [12:27:24] ESMTP< 250-8BITMIME [12:27:24] ESMTP< 250-DSN [12:27:25] ESMTP< 250 SMTPUTF8 [12:27:25] ESMTP> STARTTLS [12:27:25] ESMTP< 220 2.0.0 Ready to start TLS [12:27:25] ESMTP> EHLO boo.home.cweiske.de [12:27:25] ESMTP< 250-mail.cweiske.de [12:27:25] ESMTP< 250-PIPELINING [12:27:25] ESMTP< 250-SIZE 10240000 [12:27:25] ESMTP< 250-VRFY [12:27:25] ESMTP< 250-ETRN [12:27:25] ESMTP< 250-AUTH PLAIN [12:27:25] ESMTP< 250-ENHANCEDSTATUSCODES [12:27:25] ESMTP< 250-8BITMIME [12:27:25] ESMTP< 250-DSN [12:27:25] ESMTP< 250 SMTPUTF8]]>
This is a bit strange because it worked with the old server - which also used Postfix for SMTP.
It turns out that Postfix gets the list of supported authentication mechanisms from Dovecot's SASL interface, which means that dovecot's configuration needs to be changed:
auth_mechanisms = plain login
By default, only PLAIN is offered, which is not supported by dma 0.11-1.