HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials

HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials (http://www.howtoforge.com/forums/index.php)
-   Server Operation (http://www.howtoforge.com/forums/forumdisplay.php?f=5)
-   -   SASL AUTH with postfix on Sarge (http://www.howtoforge.com/forums/showthread.php?t=2199)

keulu 23rd January 2006 11:03

SASL AUTH with postfix on Sarge
 
Hi,

I'm desperately trying to authenticate via sasl2 through postfix installed on a Debian Sarge.
I wanted to use sasldb authentication, so I created a test account : login:test password:test with no realm info.
TLS support in postfix is not activated at the moment.

Here's the output for a local telnet test:

Code:

# telnet localhost 25
Trying 127.0.0.1...
Connected to localhost.localdomain.
Escape character is '^]'.
220 mysmtp.mydomain.tld ESMTP (Debian/GNU)
ehlo localhost
250-mysmtp.mydomain.tld
250-PIPELINING PLAIN
250-SIZE 10240000
250-VRFY
250-ETRN
250-AUTH LOGIN PLAIN
250-AUTH=LOGIN PLAIN
250 8BITMIME
AUTH PLAIN dGVzdAB0ZXN0AHRlc3Q=
535 Error: authentication failed

mail.log says :

Code:

warning: SASL authentication failure: Password verification failed
warning: localhost.localdomain[127.0.0.1]: SASL PLAIN authentication failed

The account has been tested OK as far as saslauthd is concerned:

Code:

# testsaslauthd -u test -p test -f /var/spool/postfix/var/run/saslauthd/mux
0: OK "Success."

Everything works fine in the chrooted postscript when configured to ask for shadow passwords (MECHANISMS="shadow" in /etc/default/saslauthd and pwcheck_method: saslauthd in /etc/postfix/sasl/smtpd.conf) but no way to make it work with MECHANISMS="sasldb" and pwcheck_method: auxprop.

Thanks for any assistance to solve this problem.;)
I already spent a couple of days tearing my hair off on this issue, but I could not find neither any valuable info on the internet nor any workaround on my own.:mad:
Sorry for all the code provided...

Here is my main.cf:

Code:

smtpd_banner = $myhostname ESMTP (Debian/GNU)
biff = no

# appending .domain is the MUA's job.
append_dot_mydomain = no

# Uncomment the next line to generate "delayed mail" warnings
#delay_warning_time = 4h

myhostname = mysmtp.mydomain.tld
mydomain = mydomain.tld

alias_maps = hash:/etc/postfix/aliases
alias_database = hash:/etc/postfix/aliases

myorigin = $mydomain
mydestination = $myhostname, $mydomain, localhost

relayhost =
mynetworks = 127.0.0.0/8
home_mailbox = Maildir/
mailbox_command = procmail -a "$EXTENSION"
mailbox_size_limit = 51200000
recipient_delimiter = +
inet_interfaces = $myhostname, localhost

smtpd_helo_required = yes
smtpd_helo_restrictions =
        permit_mynetworks,
        reject_invalid_hostname,
smtpd_recipient_restrictions =
        permit_sasl_authenticated,
        permit_mynetworks,
        reject_unauth_destination
smtpd_sender_restrictions =
        reject_unknown_sender_domain,
        reject_non_fqdn_sender

# Use amavis filtering
content_filter=smtp-amavis:[127.0.0.1]:10024

# Reject exe attachement files
header_checks = regexp:/etc/postfix/header_checks

# SASL support (SMPTP AUTH)
smtpd_sasl_local_domain =
smtpd_sasl_auth_enable = yes
smtpd_sasl_security_options = noanonymous
# smtpd_sasl_application_name = smtpd
broken_sasl_auth_clients = yes

# SSL / TLS identification key files
# smtpd_tls_key_file = /etc/postfix/ssl/smtpd.key
# smtpd_tls_cert_file = /etc/postfix/ssl/smtpd.crt
# smtpd_tls_CAfile = /etc/postfix/ssl/cacert.pem

# SSL / TLS support parameters
# smtpd_tls_auth_only = no
# smtpd_use_tls = yes
# smtpd_tls_loglevel = 1
# smtpd_tls_ask_ccert = yes
# smtpd_tls_received_header = yes
# smtpd_tls_session_cache_timeout = 3600s
# tls_random_source = dev:/dev/urandom

and my master.cf:

Code:

smtp                    inet  n      -      -      -      -      smtpd
#submission            inet  n      -      -      -      -      smtpd
#      -o      smtpd_etrn_restrictions=reject
#628                    inet  n      -      -      -      -      qmqpd
pickup                  fifo  n      -      -      60      1      pickup
cleanup                unix  n      -      -      -      0      cleanup
qmgr                    fifo  n      -      -      300    1      qmgr
#qmgr                  fifo  n      -      -      300    1      oqmgr
rewrite                unix  -      -      -      -      -      trivial-rewrite
bounce                  unix  -      -      -      -      0      bounce
defer                  unix  -      -      -      -      0      bounce
trace                  unix  -      -      -      -      0      bounce
verify                  unix  -      -      -      -      1      verify
flush                  unix  n      -      -      1000?  0      flush
proxymap                unix  -      -      n      -      -      proxymap
smtp                    unix  -      -      -      -      -      smtp
relay                  unix  -      -      -      -      -      smtp
#      -o      smtp_helo_timeout=5
#      -o      smtp_connect_timeout=5
showq                  unix  n      -      -      -      -      showq
error                  unix  -      -      -      -      -      error
local                  unix  -      n      n      -      -      local
virtual                unix  -      n      n      -      -      virtual
lmtp                    unix  -      -      n      -      -      lmtp
anvil                  unix  -      -      n      -      1      anvil
#
# Interfaces to non-Postfix software. Be sure to examine the manual
# pages of the non-Postfix software to find out what options it wants.
#
# maildrop. See the Postfix MAILDROP_README file for details.
#
maildrop                unix  -      n      n      -      -      pipe
  flags=DRhu user=vmail argv=/usr/local/bin/maildrop -d ${recipient}
uucp                    unix  -      n      n      -      -      pipe
  flags=Fqhu user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail ($recipient)
ifmail                  unix  -      n      n      -      -      pipe
  flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient)
bsmtp                  unix  -      n      n      -      -      pipe
  flags=Fq. user=bsmtp argv=/usr/lib/bsmtp/bsmtp -d -t$nexthop -f$sender $recipient
scalemail-backend      unix    -      n      n      -      2      pipe
  flags=R user=scalemail argv=/usr/lib/scalemail/bin/scalemail-store ${nexthop} ${user} ${extension}

# only used by postfix-tls
tlsmgr                  fifo    -      -      n      300    1      tlsmgr
smtps                  inet    n      -      y      -      -      smtpd -v
        -o      smtpd_tls_wrappermode=yes
        -o      smtpd_sasl_auth_enable=yes
587                    inet    n      -      n      -      -      smtpd
        -o      smtpd_enforce_tls=yes
        -o      smtpd_sasl_auth_enable=yes

smtp-amavis            unix    -      -      n      -      2      smtp
        -o      smtp_data_done_timeout=1200
        -o      smtp_send_xforward_command=yes
        -o      disable_dns_lookup=yes

127.0.0.1:10025        inet    n      -      n      -      -      smtpd
        -o      content_filter=
        -o      local_recipient_maps=
        -o      relay_recipient_maps=
        -o      smtpd_restriction_classes=
        -o      smtpd_client_restrictions=
        -o      smtpd_helo_restrictions=
        -o      smtpd_sender_restrictions=
        -o      smtpd_recipient_restrictions=permit_mynetworks,reject
        -o      mynetworks=127.0.0.1/8
        -o      strict_rfc821_envelopes=yes
        -o      smtpd_error_sleep_time=0
        -o      smtpd_soft_error_limit=1001
        -o      smtpd_hard_error_limit=1000

and finally my /etc/postfix/sasl/smtpd.conf:

Code:

pwcheck_method: auxprop
mech_list: plain login
auxprop_plugin: sasldb2


falko 23rd January 2006 18:05

Did you create the user's password with saslpasswd2? See
Code:

man saslpasswd2

keulu 23rd January 2006 20:08

yes, exactly what I did...:)

nibman 28th August 2006 13:27

Same problem as Keulu
 
Hello!

I have the same problem as Keulu here and I can't find any solution to the problem.

I had a completely new installation of Debian 3.1 when starting to install according to the "Perfect Setup" for the correct version of Debian. I followed every step by copying and pasting, but still the SMTP AUTH functionality doesn't work. Everytime I try to connect with the client (Microsoft Outlook Express & others) the password isn't accepted.

In the logfile I get the following error everytime I try to authenticate a user:

Aug 28 09:57:10 postfix/smtpd[12365]: warning: SASL authentication failure: cannot connect to saslauthd server: No such file or directory

I have checked with testsaslauthd and it responds OK.

I have set password with saslpasswd2 to no awail.

What else can I try? Can I do other checks to see if everything is working? Since the logfile is referring to that smtpd is unable to connect to saslauthd is there anything I can do to make sure it is connecting? How does it connect? Is it using a pipe or a socket? If the pipe is known perhaps one can try that, manually?

I am out of options right now. I have checked every place on Internet I can find that discuss this problem. It was so easy for version 3.0 of Debian. Everything worked directly.

Please help!

falko 29th August 2006 20:37

Quote:

Originally Posted by nibman
Aug 28 09:57:10 postfix/smtpd[12365]: warning: SASL authentication failure: cannot connect to saslauthd server: No such file or directory

Please make sure saslauthd is started. What's the output of
Code:

ps aux | grep saslauthd
? Also make sure saslauthd is chrooted correctly (as Postfix is running chrooted), as described in the tutorial. Compare your /etc/default/saslauthd and /etc/init.d/saslauthd with the ones from the tutorial.

nibman 30th August 2006 09:13

Hello, thanks for the reply!

I just got it working... I changed in my client from port 465 tcp to use port 25 tcp. In the earlier version I had to use port 465 and not 25 to get it working. Why is it different now??

falko 31st August 2006 22:49

I guess the process on port 465 isn't running chrooted, as is the process on port 25. You can check in /etc/postfix/master.cf.


All times are GMT +2. The time now is 12:08.

Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.