Hello,

Virtual Users And Domains With Postfix, Courier, MySQL And SquirrelMail -Ubuntu 8.04
Great post but after reading tons of posts for 5 days, I'm stuck with postfix (and maybe mysql) authentication. Everything goes fine with courier.

If someone can tell me what happens ...

root@c6po:/srv# testsaslauthd -u root -p
0: OK "Success."
root@c6po:/srv# testsaslauthd -u test -p
0: NO "authentication failed"

Just tell me which config file you need and'll post it.

TIA

I post saslfinger results in order to help diag.
Curiously, when using squirrelmail, I'm able to send and receive mail to and from internal and external domains.


saslfinger - postfix Cyrus sasl configuration Fri Feb 20 18:44:10 CET 2009
version: 1.0.4
mode: server-side SMTP AUTH

-- basics --
Postfix: 2.5.5
System: Debian GNU/Linux 5.0 \n \l

-- smtpd is linked to --
libsasl2.so.2 => /usr/lib/libsasl2.so.2 (0xb7cd8000)

-- active SMTP AUTH and TLS parameters for smtpd --
broken_sasl_auth_clients = yes
smtpd_sasl_auth_enable = yes
smtpd_sasl_authenticated_header = yes
smtpd_sasl_local_domain =
smtpd_sasl_path = /etc/postfix/sasl
smtpd_tls_auth_only = no
smtpd_tls_cert_file = /etc/postfix/smtpd.cert
smtpd_tls_key_file = /etc/postfix/smtpd.key
smtpd_tls_loglevel = 1
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
smtpd_use_tls = yes


-- listing of /usr/lib/sasl2 --
total 792
drwxr-xr-x 2 root root 4096 Feb 18 13:32 .
drwxr-xr-x 54 root root 20480 Feb 20 16:33 ..
-rw-r--r-- 1 root root 13468 Sep 1 19:10 libanonymous.a
-rw-r--r-- 1 root root 855 Sep 1 19:09 libanonymous.la
-rw-r--r-- 1 root root 13016 Sep 1 19:10 libanonymous.so
-rw-r--r-- 1 root root 13016 Sep 1 19:10 libanonymous.so.2
-rw-r--r-- 1 root root 13016 Sep 1 19:10 libanonymous.so.2.0.22
-rw-r--r-- 1 root root 15810 Sep 1 19:10 libcrammd5.a
-rw-r--r-- 1 root root 841 Sep 1 19:09 libcrammd5.la
-rw-r--r-- 1 root root 15352 Sep 1 19:10 libcrammd5.so
-rw-r--r-- 1 root root 15352 Sep 1 19:10 libcrammd5.so.2
-rw-r--r-- 1 root root 15352 Sep 1 19:10 libcrammd5.so.2.0.22
-rw-r--r-- 1 root root 46412 Sep 1 19:10 libdigestmd5.a
-rw-r--r-- 1 root root 864 Sep 1 19:09 libdigestmd5.la
-rw-r--r-- 1 root root 43500 Sep 1 19:10 libdigestmd5.so
-rw-r--r-- 1 root root 43500 Sep 1 19:10 libdigestmd5.so.2
-rw-r--r-- 1 root root 43500 Sep 1 19:10 libdigestmd5.so.2.0.22
-rw-r--r-- 1 root root 13646 Sep 1 19:10 liblogin.a
-rw-r--r-- 1 root root 835 Sep 1 19:09 liblogin.la
-rw-r--r-- 1 root root 13460 Sep 1 19:10 liblogin.so
-rw-r--r-- 1 root root 13460 Sep 1 19:10 liblogin.so.2
-rw-r--r-- 1 root root 13460 Sep 1 19:10 liblogin.so.2.0.22
-rw-r--r-- 1 root root 29068 Sep 1 19:10 libntlm.a
-rw-r--r-- 1 root root 829 Sep 1 19:09 libntlm.la
-rw-r--r-- 1 root root 28436 Sep 1 19:10 libntlm.so
-rw-r--r-- 1 root root 28436 Sep 1 19:10 libntlm.so.2
-rw-r--r-- 1 root root 28436 Sep 1 19:10 libntlm.so.2.0.22
-rw-r--r-- 1 root root 13966 Sep 1 19:10 libplain.a
-rw-r--r-- 1 root root 835 Sep 1 19:09 libplain.la
-rw-r--r-- 1 root root 14036 Sep 1 19:10 libplain.so
-rw-r--r-- 1 root root 14036 Sep 1 19:10 libplain.so.2
-rw-r--r-- 1 root root 14036 Sep 1 19:10 libplain.so.2.0.22
-rw-r--r-- 1 root root 21702 Sep 1 19:10 libsasldb.a
-rw-r--r-- 1 root root 866 Sep 1 19:09 libsasldb.la
-rw-r--r-- 1 root root 18080 Sep 1 19:10 libsasldb.so
-rw-r--r-- 1 root root 18080 Sep 1 19:10 libsasldb.so.2
-rw-r--r-- 1 root root 18080 Sep 1 19:10 libsasldb.so.2.0.22
-rw-r--r-- 1 root root 23796 Sep 1 19:10 libsql.a
-rw-r--r-- 1 root root 964 Sep 1 19:09 libsql.la
-rw-r--r-- 1 root root 23312 Sep 1 19:10 libsql.so
-rw-r--r-- 1 root root 23312 Sep 1 19:10 libsql.so.2
-rw-r--r-- 1 root root 23312 Sep 1 19:10 libsql.so.2.0.22
-rw-rw---- 1 root root 236 Feb 18 13:32 smtpd.conf

-- listing of /etc/postfix/sasl --
total 12
drwxr-xr-x 2 root root 4096 Feb 3 16:52 .
drwxr-xr-x 3 root root 4096 Feb 20 16:45 ..
-rw-r----- 1 root root 236 Feb 3 16:52 smtpd.conf




-- content of /usr/lib/sasl2/smtpd.conf --
pwcheck_method: saslauthd
mech_list: plain login
allow_plaintext: true
auxprop_plugin: mysql
sql_hostnames: 127.0.0.1
sql_user: --- replaced ---
sql_passwd: --- replaced ---
sql_database: mail
sql_select: select password from users where email = '%u'


-- content of /etc/postfix/sasl/smtpd.conf --
pwcheck_method: saslauthd
mech_list: plain login
allow_plaintext: true
auxprop_plugin: mysql
sql_hostnames: 127.0.0.1
sql_user: --- replaced ---
sql_passwd: --- replaced ---
sql_database: mail
sql_select: select password from users where email = '%u'


-- content of /etc/postfix/sasl/smtpd.conf --
pwcheck_method: saslauthd
mech_list: plain login
allow_plaintext: true
auxprop_plugin: mysql
sql_hostnames: 127.0.0.1
sql_user: --- replaced ---
sql_passwd: --- replaced ---
sql_database: mail
sql_select: select password from users where email = '%u'



-- active services in /etc/postfix/master.cf --
# service type private unpriv chroot wakeup maxproc command + args
# (yes) (yes) (yes) (never) (100)
smtp inet n - - - - smtpd
pickup fifo n - - 60 1 pickup
cleanup unix n - - - 0 cleanup
qmgr fifo n - n 300 1 qmgr
tlsmgr unix - - - 1000? 1 tlsmgr
rewrite unix - - - - - trivial-rewrite
bounce unix - - - - 0 bounce
defer unix - - - - 0 bounce
trace unix - - - - 0 bounce
verify unix - - - - 1 verify
flush unix n - - 1000? 0 flush
proxymap unix - - n - - proxymap
smtp unix - - - - - smtp
relay unix - - - - - smtp
-o smtp_fallback_relay=
showq unix n - - - - showq
error unix - - - - - error
retry unix - - - - - error
discard unix - - - - - discard
local unix - n n - - local
virtual unix - n n - - virtual
lmtp unix - - - - - lmtp
anvil unix - - - - 1 anvil
scache unix - - - - 1 scache
maildrop unix - n n - - pipe
flags=DRhu user=vmail argv=/usr/bin/maildrop -d ${recipient}
uucp unix - n n - - pipe
flags=Fqhu user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail ($recipient)
ifmail unix - n n - - pipe
flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient)
bsmtp unix - n n - - pipe
flags=Fq. user=bsmtp argv=/usr/lib/bsmtp/bsmtp -t$nexthop -f$sender $recipient
scalemail-backend unix - n n - 2 pipe
flags=R user=scalemail argv=/usr/lib/scalemail/bin/scalemail-store ${nexthop} ${user} ${extension}
mailman unix - n n - - pipe
flags=FR user=list argv=/usr/lib/mailman/bin/postfix-to-mailman.py
${nexthop} ${user}

amavis unix - - - - 2 smtp
-o smtp_data_done_timeout=1200
-o smtp_send_xforward_command=yes

127.0.0.1:10025 inet n - - - - smtpd
-o content_filter=
-o local_recipient_maps=
-o relay_recipient_maps=
-o smtpd_restriction_classes=
-o smtpd_client_restrictions=
-o smtpd_helo_restrictions=
-o smtpd_sender_restrictions=
-o smtpd_recipient_restrictions=permit_mynetworks,rej ect
-o mynetworks=127.0.0.0/8
-o strict_rfc821_envelopes=yes
-o receive_override_options=no_unknown_recipient_chec ks,no_header_body_checks
-o smtpd_bind_address=127.0.0.1

-- mechanisms on localhost --
250-AUTH NTLM CRAM-MD5 DIGEST-MD5 LOGIN PLAIN
250-AUTH=NTLM CRAM-MD5 DIGEST-MD5 LOGIN PLAIN


-- end of saslfinger output --

What's the output of uname -a?

Did you compare all your configuration files with the ones from the tutorial?

What's the output of uname -a ?

Linux c6po 2.6.18-xenU #4 SMP Mon Sep 22 17:59:36 CEST 2008 i686 GNU/Linux

Did you compare all your configuration files with the ones from the tutorial?

If you're talking about the 6 /etc/postfix/mysql-virtual* files, the answer is yes. Chmoded as required as well.

I really don't understand how it can work like a charm when using squirrelmail and not working with Thunderbird (though pop works with no pb at all). Is it due to the fact that squirrel is being considered as sending from localhost ?

Thank you for your help

Please also check the saslauthd configuration and /etc/postfix/main.cf.

Please also check the saslauthd configuration and /etc/postfix/main.cf.


# Debian specific: Specifying a file name will cause the first
# line of that file to be used as the name. The Debian default
# is /etc/mailname.
#myorigin = /etc/mailname

smtpd_banner = $myhostname ESMTP $mail_name (Ubuntu)
biff = no

# appending .domain is the MUA's job.
append_dot_mydomain = no

# Uncomment the next line to generate "delayed mail" warnings
#delay_warning_time = 4h

# TLS parameters
smtpd_tls_cert_file = /etc/postfix/smtpd.cert
smtpd_tls_key_file = /etc/postfix/smtpd.key
smtpd_use_tls = yes
smtpd_tls_auth_only = no
smtp_tls_security_level = may
smtp_enforce_tls = no
smtpd_tls_loglevel = 1

# see https://bugs.launchpad.net/ubuntu/+source/postfix/+bug/223376/comments/4
data_directory = /var/lib/postfix
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
smtp_tls_session_cache_timeout = 3600s
tls_random_exchange_name = ${data_directory}/prng_exch

# See /usr/share/doc/postfix/TLS_README.gz in the postfix-doc package for
# information on enabling SSL in the smtp client.

myhostname = server.domain.tld
alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases
myorigin = /etc/mailname
mydestination = server.domain.tld, localhost, localhost.localdomain
relayhost =
mynetworks = 127.0.0.0/8
mailbox_size_limit = 31457280
recipient_delimiter = +
inet_interfaces = all
readme_directory = /usr/share/doc/postfix
html_directory = /usr/share/doc/postfix/html

# ## BOC ## http://www.howtoforge.com/forums/showthread.php?t=23644&page=9
local_recipient_maps = $alias_maps $virtual_mailbox_maps unix:passwd.byname
home_mailbox = Maildir/
# ## EOC ##

virtual_alias_domains =
virtual_alias_maps = proxy:mysql:/etc/postfix/mysql-virtual_forwardings.cf, mysql:/etc/postfix/mysql-virtual_email2email.cf
virtual_mailbox_domains = proxy:mysql:/etc/postfix/mysql-virtual_domains.cf
virtual_mailbox_maps = proxy:mysql:/etc/postfix/mysql-virtual_mailboxes.cf
virtual_mailbox_base = /home/vmail
virtual_uid_maps = static:5000
virtual_gid_maps = static:5000

smtpd_sasl_path = /etc/postfix/sasl
smtpd_sasl_auth_enable = yes
smtpd_sasl_local_domain =
broken_sasl_auth_clients = yes
smtpd_sasl_authenticated_header = yes
smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination
transport_maps = proxy:mysql:/etc/postfix/mysql-virtual_transports.cf

virtual_create_maildirsize = yes
virtual_mailbox_extended = yes
virtual_mailbox_limit_maps = proxy:mysql:/etc/postfix/mysql-virtual_mailbox_limit_maps.cf
virtual_mailbox_limit_override = yes
virtual_maildir_limit_message = "The user you are trying to reach is over quota."
virtual_overquota_bounce = yes
proxy_read_maps = $local_recipient_maps $mydestination $virtual_alias_maps $virtual_alias_domains $virtual_mailbox_maps $virtual_mailbox_domains $relay_recipient_maps $relay_domains $canonical_maps $sender_canonical_maps $recipient_canonical_maps $relocated_maps $transport_maps $mynetworks $virtual_mailbox_limit_maps
content_filter = amavis:[127.0.0.1]:10024
receive_override_options = no_address_mappings

Did you check the saslauthd configuration?

Did you check the saslauthd configuration?

I found something strange in the log, read dozens of posts but nothing solved the problem.
# cat /var/log/auth.log

Feb 27 17:22:18 c6po postfix/smtpd[17831]: sql_select option missing
Feb 27 17:22:18 c6po postfix/smtpd[17831]: auxpropfunc error no mechanism available
Feb 27 17:22:18 c6po postfix/smtpd[17831]: _sasl_plugin_load failed on sasl_auxprop_plug_init for plugin: sql

# cat /etc/default/saslauthd

#
# Settings for saslauthd daemon
# Please read /usr/share/doc/sasl2-bin/README.Debian for details.
#

# Should saslauthd run automatically on startup? (default: no)
START=yes

# PARAMS="-m /var/spool/postfix/var/run/saslauthd"

# Description of this saslauthd instance. Recommended.
# (suggestion: SASL Authentication Daemon)
DESC="SASL Authentication Daemon"

# Short name of this saslauthd instance. Strongly recommended.
# (suggestion: saslauthd)
NAME="saslauthd"

# Which authentication mechanisms should saslauthd use? (default: pam)
#
# Available options in this Debian package:
# getpwent -- use the getpwent() library function
# kerberos5 -- use Kerberos 5
# pam -- use PAM
# rimap -- use a remote IMAP server
# shadow -- use the local shadow password file
# sasldb -- use the local sasldb database file
# ldap -- use LDAP (configuration is in /etc/saslauthd.conf)
#
# Only one option may be used at a time. See the saslauthd man page
# for more information.
#
# Example: MECHANISMS="pam"
MECHANISMS="pam"

# Additional options for this mechanism. (default: none)
# See the saslauthd man page for information about mech-specific options.
MECH_OPTIONS=""

# How many saslauthd processes should we run? (default: 5)
# A value of 0 will fork a new process for each connection.
THREADS=5

# Other options (default: -c -m /var/run/saslauthd)
# Note: You MUST specify the -m option or saslauthd won't run!
#
# WARNING: DO NOT SPECIFY THE -d OPTION.
# The -d option will cause saslauthd to run in the foreground instead of as
# a daemon. This will PREVENT YOUR SYSTEM FROM BOOTING PROPERLY. If you wish
# to run saslauthd in debug mode, please run it by hand to be safe.
#
# See /usr/share/doc/sasl2-bin/README.Debian for Debian-specific information.
# See the saslauthd man page and the output of 'saslauthd -h' for general
# information about these options.
#
# Example for postfix users: "-c -m /var/spool/postfix/var/run/saslauthd"
# OPTIONS="-c -m /var/run/saslauthd"

OPTIONS="-c -m /var/spool/postfix/var/run/saslauthd -r"

# cat /etc/pam.d/smtp

auth required pam_mysql.so user=mailadmin passwd=password host=127.0.0.1 db=mail table=users usercolumn=email passwdcolumn=password crypt=1
account sufficient pam_mysql.so user=mailadmin passwd=password host=127.0.0.1 db=mail table=users usercolumn=email passwdcolumn=password crypt=1

# cat /etc/postfix/sasl/smtpd.conf

pwcheck_method: saslauthd
mech_list: login plain
allow_plaintext: true
auxprop_plugin: mysql
sql_hostnames: 127.0.0.1
sql_user: mailadmin
sql_passwd: password
sql_database: mail
sql_select: select password from users where email = '%u'


Another strange thing is I have 3 smtpd.conf !? Don't know if it's 'normal' ?

/etc/postfix/sasl/smtpd.conf
/usr/lib/sasl2/smtpd.conf
/var/spool/postfix/etc/postfix/sasl/smtpd.conf

Another strange thing is I have 3 smtpd.conf !? Don't know if it's 'normal' ?
/etc/postfix/sasl/smtpd.conf
/usr/lib/sasl2/smtpd.conf
/var/spool/postfix/etc/postfix/sasl/smtpd.conf

I notice that these 3 files are owned by root and 644. Shouldn't they be owned by postfix ?

Another point, saslfinger states :
-- smtpd is linked to --
libsasl2.so.2 => /usr/lib/libsasl2.so.2 (0xb7cd8000)

I read somewhere that it means 'smtpd.conf not read'. Is it correct, and if yes, how to solve the problem ?

What's in /etc/postfix/master.cf and /var/spool/postfix/etc/postfix/sasl/smtpd.conf ?

What's in /etc/postfix/master.cf
#
# Postfix master process configuration file. For details on the format
# of the file, see the master(5) manual page (command: "man 5 master").
#
# ================================================== ========================
# service type private unpriv chroot wakeup maxproc command + args
# (yes) (yes) (yes) (never) (100)
# ================================================== ========================
smtp inet n - - - - smtpd
#submission inet n - - - - smtpd
# -o smtpd_enforce_tls=yes
# -o smtpd_sasl_auth_enable=yes
# -o smtpd_client_restrictions=permit_sasl_authenticate d,reject
#smtps inet n - - - - smtpd
# -o smtpd_tls_wrappermode=yes
# -o smtpd_sasl_auth_enable=yes
# -o smtpd_client_restrictions=permit_sasl_authenticate d,reject
#628 inet n - - - - qmqpd
pickup fifo n - - 60 1 pickup
cleanup unix n - - - 0 cleanup
qmgr fifo n - n 300 1 qmgr
#qmgr fifo n - - 300 1 oqmgr
tlsmgr unix - - - 1000? 1 tlsmgr
rewrite unix - - - - - trivial-rewrite
bounce unix - - - - 0 bounce
defer unix - - - - 0 bounce
trace unix - - - - 0 bounce
verify unix - - - - 1 verify
flush unix n - - 1000? 0 flush
proxymap unix - - n - - proxymap
smtp unix - - - - - smtp
# When relaying mail as backup MX, disable fallback_relay to avoid MX loops
relay unix - - - - - smtp
-o smtp_fallback_relay=
# -o smtp_helo_timeout=5 -o smtp_connect_timeout=5
showq unix n - - - - showq
error unix - - - - - error
retry unix - - - - - error
discard unix - - - - - discard
local unix - n n - - local
virtual unix - n n - - virtual
lmtp unix - - - - - lmtp
anvil unix - - - - 1 anvil
scache unix - - - - 1 scache
#
# ================================================== ==================
# Interfaces to non-Postfix software. Be sure to examine the manual
# pages of the non-Postfix software to find out what options it wants.
#
# Many of the following services use the Postfix pipe(8) delivery
# agent. See the pipe(8) man page for information about ${recipient}
# and other message envelope options.
# ================================================== ==================
#
# maildrop. See the Postfix MAILDROP_README file for details.
# Also specify in main.cf: maildrop_destination_recipient_limit=1
#
maildrop unix - n n - - pipe
flags=DRhu user=vmail argv=/usr/bin/maildrop -d ${recipient}
#
# See the Postfix UUCP_README file for configuration details.
#
uucp unix - n n - - pipe
flags=Fqhu user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail ($recipient)
#
# Other external delivery methods.
#
ifmail unix - n n - - pipe
flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient)
bsmtp unix - n n - - pipe
flags=Fq. user=bsmtp argv=/usr/lib/bsmtp/bsmtp -t$nexthop -f$sender $recipient
scalemail-backend unix - n n - 2 pipe
flags=R user=scalemail argv=/usr/lib/scalemail/bin/scalemail-store ${nexthop} ${user} ${extension}
mailman unix - n n - - pipe
flags=FR user=list argv=/usr/lib/mailman/bin/postfix-to-mailman.py
${nexthop} ${user}

amavis unix - - - - 2 smtp
-o smtp_data_done_timeout=1200
-o smtp_send_xforward_command=yes

127.0.0.1:10025 inet n - - - - smtpd
-o content_filter=
-o local_recipient_maps=
-o relay_recipient_maps=
-o smtpd_restriction_classes=
-o smtpd_client_restrictions=
-o smtpd_helo_restrictions=
-o smtpd_sender_restrictions=
-o smtpd_recipient_restrictions=permit_mynetworks,rej ect
-o mynetworks=127.0.0.0/8
-o strict_rfc821_envelopes=yes
-o receive_override_options=no_unknown_recipient_chec ks,no_header_body_checks
-o smtpd_bind_address=127.0.0.1

/var/spool/postfix/etc/postfix/sasl/smtpd.conf ?
pwcheck_method: saslauthd
mech_list: login plain
allow_plaintext: true
auxprop_plugin: mysql
sql_hostnames: 127.0.0.1
sql_user: mailadmin
sql_passwd: -- replaced --
sql_database: mail
sql_select: select password from users where email = '%u'

Hm, looks ok. Not sure what it is. Are you sure you followed the tutorial to the letter?

Hm, looks ok. Not sure what it is. Are you sure you followed the tutorial to the letter?

Not absolutely to the letter but very close to.
Basically, I installed all the stuff twice. One to see and discover what could go wrong, and another one to get it really working.

I'm willing to start from scratch once again, but it sucks.

Anyway Falko, I would thank you very much for your help and your patience.