HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials

HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials (http://www.howtoforge.com/forums/index.php)
-   Server Operation (http://www.howtoforge.com/forums/forumdisplay.php?f=5)
-   -   SASL Postfix MySQL issues (http://www.howtoforge.com/forums/showthread.php?t=28296)

Moten 31st October 2008 06:55

SASL Postfix MySQL issues
 
Having an issue trying to get SMTP SASL to work properly with mail clients. I have Postfix with Courier and Squirrelmail up and working properly with MySQL.

Authenticating users to be able to send mail however I can not seem to accomplish.

When I try to connect from a mail client it pops up for the password, but never takes it. Below is the pertinent data, but please let me know what else you need and I will provide.

I have been trying to resolve this forever now, so any help would be greatly appreciated.

Mail.log

Oct 31 00:50:59 AlbPostFix02 postfix/smtpd[5142]: connect from cpe-74-70-80-244.nycap.res.rr.com[74.70.80.244]
Oct 31 00:50:59 AlbPostFix02 postfix/smtpd[5142]: warning: cpe-74-70-80-244.nycap.res.rr.com[74.70.80.244]: SASL LOGIN authentication failed: authentication failure
Oct 31 00:50:59 AlbPostFix02 postfix/smtpd[5142]: lost connection after AUTH from cpe-74-70-80-244.nycap.res.rr.com[74.70.80.244]
Oct 31 00:50:59 AlbPostFix02 postfix/smtpd[5142]: disconnect from cpe-74-70-80-244.nycap.res.rr.com[74.70.80.244]
#


auth.log

Oct 31 00:50:51 AlbPostFix02 postfix/smtpd[5142]: sql_select option missing
Oct 31 00:50:51 AlbPostFix02 postfix/smtpd[5142]: auxpropfunc error no mechanism available
Oct 31 00:50:51 AlbPostFix02 postfix/smtpd[5142]: _sasl_plugin_load failed on sasl_auxprop_plug_init for plugin: sql
#


salsfinger

# saslfinger -s
saslfinger - postfix Cyrus sasl configuration Fri Oct 31 00:00:49 EDT 2008
version: 1.0.4
mode: server-side SMTP AUTH

-- basics --
Postfix: 2.5.1
System: Ubuntu 8.04.1 \n \l

-- smtpd is linked to --
libsasl2.so.2 => /usr/lib/libsasl2.so.2 (0xb7d8d000)

-- active SMTP AUTH and TLS parameters for smtpd --
broken_sasl_auth_clients = yes
smtpd_sasl_auth_enable = yes
smtpd_sasl_authenticated_header = yes
smtpd_sasl_local_domain =
smtpd_sasl_path = /etc/postfix/sasl:/usr/lib/sasl2
smtpd_sasl_security_options = noanonymous


-- listing of /usr/lib/sasl2 --
total 808
drwxr-xr-x 2 root root 4096 2008-10-29 11:57 .
drwxr-xr-x 58 root root 20480 2008-10-29 12:20 ..
-rw-r--r-- 1 root root 13568 2008-04-09 17:50 libanonymous.a
-rw-r--r-- 1 root root 862 2008-04-09 17:49 libanonymous.la
-rw-r--r-- 1 root root 12984 2008-04-09 17:50 libanonymous.so
-rw-r--r-- 1 root root 12984 2008-04-09 17:50 libanonymous.so.2
-rw-r--r-- 1 root root 12984 2008-04-09 17:50 libanonymous.so.2.0.22
-rw-r--r-- 1 root root 15834 2008-04-09 17:50 libcrammd5.a
-rw-r--r-- 1 root root 848 2008-04-09 17:49 libcrammd5.la
-rw-r--r-- 1 root root 15320 2008-04-09 17:50 libcrammd5.so
-rw-r--r-- 1 root root 15320 2008-04-09 17:50 libcrammd5.so.2
-rw-r--r-- 1 root root 15320 2008-04-09 17:50 libcrammd5.so.2.0.22
-rw-r--r-- 1 root root 46332 2008-04-09 17:50 libdigestmd5.a
-rw-r--r-- 1 root root 871 2008-04-09 17:49 libdigestmd5.la
-rw-r--r-- 1 root root 43020 2008-04-09 17:50 libdigestmd5.so
-rw-r--r-- 1 root root 43020 2008-04-09 17:50 libdigestmd5.so.2
-rw-r--r-- 1 root root 43020 2008-04-09 17:50 libdigestmd5.so.2.0.22
-rw-r--r-- 1 root root 13574 2008-04-09 17:50 liblogin.a
-rw-r--r-- 1 root root 842 2008-04-09 17:49 liblogin.la
-rw-r--r-- 1 root root 13268 2008-04-09 17:50 liblogin.so
-rw-r--r-- 1 root root 13268 2008-04-09 17:50 liblogin.so.2
-rw-r--r-- 1 root root 13268 2008-04-09 17:50 liblogin.so.2.0.22
-rw-r--r-- 1 root root 30016 2008-04-09 17:50 libntlm.a
-rw-r--r-- 1 root root 836 2008-04-09 17:49 libntlm.la
-rw-r--r-- 1 root root 29236 2008-04-09 17:50 libntlm.so
-rw-r--r-- 1 root root 29236 2008-04-09 17:50 libntlm.so.2
-rw-r--r-- 1 root root 29236 2008-04-09 17:50 libntlm.so.2.0.22
-rw-r--r-- 1 root root 13798 2008-04-09 17:50 libplain.a
-rw-r--r-- 1 root root 842 2008-04-09 17:49 libplain.la
-rw-r--r-- 1 root root 13396 2008-04-09 17:50 libplain.so
-rw-r--r-- 1 root root 13396 2008-04-09 17:50 libplain.so.2
-rw-r--r-- 1 root root 13396 2008-04-09 17:50 libplain.so.2.0.22
-rw-r--r-- 1 root root 22126 2008-04-09 17:50 libsasldb.a
-rw-r--r-- 1 root root 873 2008-04-09 17:49 libsasldb.la
-rw-r--r-- 1 root root 18080 2008-04-09 17:50 libsasldb.so
-rw-r--r-- 1 root root 18080 2008-04-09 17:50 libsasldb.so.2
-rw-r--r-- 1 root root 18080 2008-04-09 17:50 libsasldb.so.2.0.22
-rw-r--r-- 1 root root 23696 2008-04-09 17:50 libsql.a
-rw-r--r-- 1 root root 971 2008-04-09 17:49 libsql.la
-rw-r--r-- 1 root root 23140 2008-04-09 17:50 libsql.so
-rw-r--r-- 1 root root 23140 2008-04-09 17:50 libsql.so.2
-rw-r--r-- 1 root root 23140 2008-04-09 17:50 libsql.so.2.0.22
drwxr-xr-x 2 root root 4096 2008-10-29 11:51 sasl2
-rw-r--r-- 1 root root 250 2008-10-30 23:57 smtpd.conf

-- listing of /usr/local/lib/sasl2 --
total 12
drwxr-xr-x 2 root root 4096 2008-10-29 11:51 .
drwxr-xr-x 4 root root 4096 2008-10-29 11:50 ..
-rw-r--r-- 1 root root 231 2008-10-30 23:58 smtpd.conf

-- listing of /etc/postfix/sasl --
total 20
drwxr-xr-x 3 root root 4096 2008-10-30 18:37 .
drwxr-xr-x 3 root root 4096 2008-10-29 11:45 ..
drwxr-xr-x 2 root root 4096 2008-10-30 09:55 lala
-rw-r--r-- 1 root root 470 2008-10-30 23:56 smtpd.conf
-rw------- 1 root root 211 2008-10-30 18:37 smtpd.conf.save




-- content of /usr/lib/sasl2/smtpd.conf --
pwcheck_method: authprop
auxprop_plugin: mysql
mech_list: sql plain login
sql_engine: mysql
sql_hostnames: localhost
sql_user: --- replaced ---
sql_passwd: --- replaced ---
sql_database: maildb
sql_select: select clear from users where id='%u@%r' and enabled = 1


-- content of /usr/local/lib/sasl2/smtpd.conf --
pwcheck_method: auxprop
auxprop_plugin: mysql
sql_engine: mysql
mech_list: sql plain login
sql_hostnames: localhost
sql_user: --- replaced ---
sql_passwd: --- replaced ---
sql_database: maildb
sql_select: select clear from users where id='%u@%r'


-- content of /etc/postfix/sasl/smtpd.conf --
#pwcheck_method: auxprop
#auxprop_plugin: mysql
#sql_engine: mysql
#mech_list: sql plain login
#sql_hostnames: localhost
sql_user: --- replaced ---
sql_passwd: --- replaced ---
#sql_database: maildb
#sql_select: select crypt from users where id='%u@%r'

pwcheck_method: saslauthd
mech_list: plain login
allow_plaintext: true
auxprop_plugin: mysql
sql_hostnames: 127.0.0.1
sql_user: --- replaced ---
sql_passwd: --- replaced ---
sql_database: maildb
sql_select: select clear from users where id='%u@%r'


-- content of /etc/postfix/sasl/smtpd.conf --
#pwcheck_method: auxprop
#auxprop_plugin: mysql
#sql_engine: mysql
#mech_list: sql plain login
#sql_hostnames: localhost
sql_user: --- replaced ---
sql_passwd: --- replaced ---
#sql_database: maildb
#sql_select: select crypt from users where id='%u@%r'

pwcheck_method: saslauthd
mech_list: plain login
allow_plaintext: true
auxprop_plugin: mysql
sql_hostnames: 127.0.0.1
sql_user: --- replaced ---
sql_passwd: --- replaced ---
sql_database: maildb
sql_select: select clear from users where id='%u@%r'



-- active services in /etc/postfix/master.cf --
# service type private unpriv chroot wakeup maxproc command + args
# (yes) (yes) (yes) (never) (100)
smtp inet n - - - - smtpd
587 inet n - n - - smtpd
-o smtpd_enforce_tls=yes
-o smtpd_sasl_auth_enable=yes
pickup fifo n - - 60 1 pickup
cleanup unix n - - - 0 cleanup
qmgr fifo n - n 300 1 qmgr
tlsmgr unix - - n 300 1 tlsmgr
rewrite unix - - - - - trivial-rewrite
bounce unix - - - - 0 bounce
defer unix - - - - 0 bounce
trace unix - - - - 0 bounce
verify unix - - - - 1 verify
flush unix n - - 1000? 0 flush
proxymap unix - - n - - proxymap
proxywrite unix - - n - 1 proxymap
smtp unix - - - - - smtp
relay unix - - - - - smtp
-o smtp_fallback_relay=
showq unix n - - - - showq
error unix - - - - - error
retry unix - - - - - error
discard unix - - - - - discard
local unix - n n - - local
virtual unix - n n - - virtual
lmtp unix - - - - - lmtp
anvil unix - - - - 1 anvil
scache unix - - - - 1 scache
maildrop unix - n n - - pipe
flags=DRhu user=vmail argv=/usr/bin/maildrop -d ${recipient}
uucp unix - n n - - pipe
flags=Fqhu user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail ($recipient)
ifmail unix - n n - - pipe
flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient)
bsmtp unix - n n - - pipe
flags=Fq. user=bsmtp argv=/usr/lib/bsmtp/bsmtp -t$nexthop -f$sender $recipient
scalemail-backend unix - n n - 2 pipe
flags=R user=scalemail argv=/usr/lib/scalemail/bin/scalemail-store ${nexthop} ${user} ${extension}
mailman unix - n n - - pipe
flags=FR user=list argv=/usr/lib/mailman/bin/postfix-to-mailman.py
${nexthop} ${user}

-- mechanisms on localhost --
250-AUTH LOGIN PLAIN NTLM CRAM-MD5 DIGEST-MD5
250-AUTH=LOGIN PLAIN NTLM CRAM-MD5 DIGEST-MD5


-- end of saslfinger output --






postconf

# postconf -n

alias_database = hash:/etc/postfix/aliases
alias_maps = hash:/etc/postfix/aliases
append_dot_mydomain = no
biff = no
broken_sasl_auth_clients = yes
config_directory = /etc/postfix
delay_warning_time = 4h
disable_vrfy_command = yes
html_directory = /usr/share/doc/postfix/html
inet_interfaces = all
local_recipient_maps =
mailbox_size_limit = 0
maximal_backoff_time = 8000s
maximal_queue_lifetime = 7d
minimal_backoff_time = 1000s
mydestination =
myhostname = albpostfix02.domain.com
mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128
myorigin = domain.com
readme_directory = /usr/share/doc/postfix
recipient_delimiter = +
relayhost =
smtp_helo_timeout = 60s
smtpd_banner = $myhostname ESMTP $mail_name
smtpd_client_restrictions = reject_rbl_client sbl.spamhaus.org, reject_rbl_client blackholes.easynet.nl, reject_rbl_client dnsbl.njabl.org
smtpd_delay_reject = yes
smtpd_hard_error_limit = 12
smtpd_helo_required = yes
smtpd_helo_restrictions = permit_mynetworks, warn_if_reject, reject_invalid_hostname, permit
smtpd_recipient_limit = 16
smtpd_recipient_restrictions = reject_unauth_pipelining, permit_mynetworks, permit_sasl_authenticated, reject_non_fqdn_recipient, reject_unauth_destination, permit
smtpd_sasl_auth_enable = yes
smtpd_sasl_authenticated_header = yes
smtpd_sasl_local_domain =
smtpd_sasl_path = /etc/postfix/sasl:/usr/lib/sasl2
smtpd_sasl_security_options = noanonymous
smtpd_sender_restrictions = permit_mynetworks, reject_non_fqdn_sender, reject_unknown_sender_domain, reject_unauth_pipelining, permit
smtpd_soft_error_limit = 3
unknown_local_recipient_reject_code = 450
virtual_alias_maps = mysql:/etc/postfix/mysql_alias.cf
virtual_mailbox_domains = mysql:/etc/postfix/mysql_domains.cf
virtual_mailbox_maps = mysql:/etc/postfix/mysql_mailbox.cf
#

Moten 31st October 2008 16:30

RE:SASL Postfix MySQL issues
 
Still can not get this figured out. I have read through how-to's here as well as many other places. Have searched for the answer on Google for over a week now.

Anyone who can help, it would be greatly appreciated. SASL is making me want to jump off a cliff.

falko 31st October 2008 17:45

Did you follow a tutorial to set this up? If so, which one (URL)?

Moten 31st October 2008 18:08

Originally I followed the flurdy guide - http://flurdy.com/docs/postfix/

Then had issues with SASL authentication and have tried lots of stuff since. Most all of it has been removed, but there may still possibly be something hanging around I am not seeing.

Thanks

falko 1st November 2008 17:36

Which distribution are you using?

Moten 3rd November 2008 15:58

Ubuntu 8.04

falko 4th November 2008 14:55

Please try this guide: http://www.howtoforge.com/virtual-us...ail-ubuntu8.04

Moten 5th November 2008 02:02

Tried that guide on a fresh install and everything is working nicely.

Only thing I am having an issue with is connecting to mysql remotely.

I gave the user access, and they can login from phpmyadmin.

Commented out the bind-address in my.cnf also.

Using MySQL Admin I get

Host 'x.x.x.x' is not allowed to connect to this mysql server.

Host table in mysql looks like:

Code:

Host        Db        Select_priv        Insert_priv        Update_priv        Delete_priv        Create_priv        Drop_priv        Grant_priv        References_priv        Index_priv        Alter_priv        Create_tmp_table_priv        Lock_tables_priv        Create_view_priv        Show_view_priv        Create_routine_priv        Alter_routine_priv        Execute_priv
%        %        Y              Y                Y              Y              Y              Y              Y              Y                Y              Y              Y              Y              Y              Y                Y              Y                Y


falko 5th November 2008 20:09

Please make sure that the user table contains the correct hostname.

Moten 6th November 2008 01:00

user table did surely enough have a value messing it up. Everything else in the tutorial is working great, thanks for putting it together, and for the help.


All times are GMT +2. The time now is 09:30.

Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.