SASL: Dovecot versus Cyrus

KitchM · October 3, 2018, 7:41pm

Does anyone know why Webmin/Virtualmin uses Cyrus instead of Dovecot for SASL. If Dovecot is already installed, why add another application?

Also, what happens in the system if one wishes to change?

atleast · October 3, 2018, 8:01pm

I see dovecot as default and want to switch to CYRUS

KitchM · October 3, 2018, 9:11pm

My platform is CentOS 7 and Webmin version 1.890/ Virtualmin version 6.03. What is yours?

atleast · October 3, 2018, 11:57pm

Centos 7.5 and virtualmin 6.02. But can you kindly advise which instructions or configuration steps you took for dovecot / Postfix?

KitchM · October 4, 2018, 1:09am

That’s the point of my question; I have not yet done so. You see, there is a difference between what is done in Webmin/Virtualmin with what is normally done without a control panel. What you might do outside the control panel might totally mess things up when working inside a control panel. Therein lies the problem.

Unless someone has personal experience, is a programmer who has the time and ability to go over and understand the code or Jamie wishes to divulge the inner workings, there is no way to know without trial and error which might damage things.

atleast · October 4, 2018, 1:22am

I think default install of dovecot on webmin is dovecot SASL and not cyrus. Now I think simply if we choose cyrus by simply installing it one can modify the config on mail server to use cyrus instead of dovecot. I am going to try do that to see if it works. I dont think there is much difference between dovecot and cyrus SASL.
I am going to search for a step by step instruction to config TLS mail server.

KitchM · October 4, 2018, 2:58pm

The consensus appears, in a cursory overview, that Dovecot is simpler and uses less resources. However, you can check yours by running the following command as root:
postconf -d
This will display all the settings for Postfix and e-mail on your server.

Look for the line that states:
smtpd_sasl_type =
It may state cyrus or dovecot. That will tell you which you have.

KitchM · October 4, 2018, 5:31pm

Forgot to mention that you could use postconf -a to list all of the available SASL plug-in types. It turns out that mine can use both cyrus and dovecot. Go figure.

KitchM · October 10, 2018, 9:38pm

Nobody? Really?

atleast · October 11, 2018, 12:42am

Hello friend I apologize for not being able to reply so far as I have been under some stress and bad luck.
I will try to do some testing on a new setup n see how it works. I hope some other experienced users can respond you soon as I am not really very experienced.
In fact you seem to know a lot.

atleast · October 11, 2018, 12:50am

On my existing install i found that on postfix main.cf it clearly says smtp sasl type = dovecot.
On a new default install where i have not configured it manually it shows that it is cyrus but enable = no, yet there I see it is default configured by default:
smtp_rset_timeout = 20s smtp_sasl_auth_cache_name = smtp_sasl_auth_cache_time = 90d smtp_sasl_auth_enable = no smtp_sasl_auth_soft_bounce = yes smtp_sasl_mechanism_filter = smtp_sasl_password_maps = smtp_sasl_path = smtp_sasl_security_options = noplaintext, noanonymous smtp_sasl_tls_security_options = $smtp_sasl_security_options smtp_sasl_tls_verified_security_options = $smtp_sasl_tls_security_options smtp_sasl_type = cyrus

Hope it helps you. I think you opt for cyrus or dovecot by simply opting. Pl let me know

atleast · October 11, 2018, 1:03am

Now I give you output of postconf -d on a working postfox/dovecot install: and it looks identical to default new install.
PL know that on main.cf i do have specifically mentioned as dovecot which is below: SO now i m confused. I copied the configuration of postfix from a few sites.


smtpd_sasl_auth_enable = yes
smtpd_tls_auth_only = yes
broken_sasl_auth_clients = yes
smtpd_relay_restrictions = permit_mynetworks permit_sasl_authenticated defer_unauth_destination reject_unauth_destination
smtpd_sasl_type = dovecot
smtpd_sasl_path = private/auth

THE output of postconf -d shows cyrus
smtp_sasl_auth_cache_name = smtp_sasl_auth_cache_time = 90d smtp_sasl_auth_enable = no smtp_sasl_auth_soft_bounce = yes smtp_sasl_mechanism_filter = smtp_sasl_password_maps = smtp_sasl_path = smtp_sasl_security_options = noplaintext, noanonymous smtp_sasl_tls_security_options = $smtp_sasl_security_options smtp_sasl_tls_verified_security_options = $smtp_sasl_tls_security_options smtp_sasl_type = cyrus

atleast · October 11, 2018, 1:04am

Kindly check all above and suggest me and i hope you get guided

atleast · October 12, 2018, 5:52pm

I guess the underlying default system is surely Cyrus. BUT as i did write dovecot on main.cf you can try that which may then be the real active one.
You can try both and see how it impacts. I hope it is clear.

KitchM · October 18, 2018, 3:31pm

Many thanks for the response. I believe you are finding the conflict in Webmin/Virtualmin. It is not a standard the most admins understand. There are things going on within the code that is confusing.

Thanks again.

Jfro · October 19, 2018, 9:35am

Here output FYI:
lmtp_sasl_auth_cache_name = lmtp_sasl_auth_cache_time = 90d lmtp_sasl_auth_enable = no lmtp_sasl_auth_soft_bounce = yes lmtp_sasl_mechanism_filter = lmtp_sasl_password_maps = lmtp_sasl_path = lmtp_sasl_security_options = noplaintext, noanonymous lmtp_sasl_tls_security_options = $lmtp_sasl_security_options lmtp_sasl_tls_verified_security_options = $lmtp_sasl_tls_security_options lmtp_sasl_type = cyrus
Sorry:
smtp_sasl_auth_cache_name = smtp_sasl_auth_cache_time = 90d smtp_sasl_auth_enable = no smtp_sasl_auth_soft_bounce = yes smtp_sasl_mechanism_filter = smtp_sasl_password_maps = smtp_sasl_path = smtp_sasl_security_options = noplaintext, noanonymous smtp_sasl_tls_security_options = $smtp_sasl_security_options smtp_sasl_tls_verified_security_options = $smtp_sasl_tls_security_options smtp_sasl_type = cyrus

I’m not writing which settings it should but only which are in our box this moment and active we are using dovecot for the mail.
So something wrong or ?

CENTOS 7.5 and VM6.03-2 ( installed sept 2017 then ofcourse with one of the first VM6.x versions)

KitchM · October 22, 2018, 5:54pm

Thanks, Jfro. So why do you think that Cyrus is the default when you are using Dovecot server already?

Jfro · October 23, 2018, 7:45am

This are the settings even after installed dovecot.

( EDIT:::: ) Is output of postfix conf-d but these settings aren’t in the master.cf ! ( so something default of virtualmin?)

Wrong?
( at the time of install september 2017 sasl wasn’t setup by the virtualmin script and a command from virtualmin to do that afterwards is here on forum somewhere that i used)
You may be able to fix this by running the following:

virtualmin system-config --include Postfix

systemctl restart postfix

But there it should be virtualmin config-system --include

Uh sorry this one:
So, report problems you find, when you find them and I’ll fix them and tell you what you need to do to apply the fix(es) to your server. Usually it’s a matter of updating the virtualmin-config package and running a single command. For example, one can fix the broken saslauthd configuration that prevented SMTP authentication by running: virtualmin config-system --include SASL

Jfro · October 23, 2018, 11:11am

FOUND THIS ALSO.
HTTP/1.0 500 Perl execution failed Server: MiniServ/1.890 Date: Tue, 23 Oct 2018 09:10:01 GMT Content-type: text/html; Charset=iso-8859-1 Connection: close

Error - Perl execution failed

can't open /usr/share/doc/dovecot-2.2.10/wiki/usr/share/doc/dovecot-2.2.10/wiki/Migration.Cyrus.txt: No such file or directory at /usr/libexec/webmin/filemin/download.cgi line 27.

cyrus-sasl-2.1.26 This installed with yum that time after the errors from virtualmin in log files for missing cyrus-sasl Some info not virtualmin related https://stackoverflow.com/questions/33781551/implementations-of-sasl-cyrus-sasl-vs-gnu-sasl-vs-dovecot-sasl

and
https://wiki.dovecot.org/HowTo/PostfixAndDovecotSASL

These are on our VM BOX installed with Yum while error virtualmin in log files and no mail… and yup in config settings it was needed somehow but not installed by virtualmin installscript
cyrus-sasl 2.1.26-23.el7 The Cyrus SASL library cyrus-sasl-gssapi 2.1.26-23.el7 GSSAPI authentication support for Cyrus SASL cyrus-sasl-lib 2.1.26-23.el7 Shared libraries needed by applications which use Cyrus SASL cyrus-sasl-plain 2.1.26-23.el7 PLAIN and LOGIN authentication support for Cyrus SASL

I am posting here outputs and settings of our BOX.
Not saying that they are correct, also only to help out the confussion these parts are giving some as Topic starter and so on.

So please correct me if doing wrong here or posting offtopic stuff!

p.s. if i added the type dovecot then no mails receiving anymore but think therefore i did something wrong don’t know, confused to!

KitchM · October 24, 2018, 8:13pm

Yeah, you and me both.

And don’t forget that if something needs special handling, then Virtualmin is not offering the automation it is implied to offer. Further, if one needs to ask about something, then how are sysadmins that are trained to do things in industry-standard ways expected to do their jobs?

At this point in time, admins must hire a programmer to look into the Virtualmin code to figure things out. It is bizarre.