HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials

HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials (http://www.howtoforge.com/forums/index.php)
-   Server Operation (http://www.howtoforge.com/forums/forumdisplay.php?f=5)
-   -   Having an issue with postfix and sasl (http://www.howtoforge.com/forums/showthread.php?t=59665)

wigglez 22nd November 2012 09:49

Having an issue with postfix and sasl
 
Hi,

I've been following this howto
http://www.howtoforge.com/virtual-us...untu-12.04-lts

I've searched quite extensively, but nothing seemed to be the right fix.


This is the error:
Code:

Nov 22 02:59:07 host postfix/master[28492]: daemon started -- version 2.5.1, configuration

/etc/postfix
Nov 22 03:25:16 host postfix/smtpd[21507]: warning: SASL per-process initialization failed:

generic failure
Nov 22 03:25:16 host postfix/smtpd[21507]: fatal: SASL per-process initialization failed
Nov 22 03:25:17 host postfix/master[28492]: warning: process /usr/lib/postfix/smtpd pid 21507 exit

status 1
Nov 22 03:25:17 host postfix/master[28492]: warning: /usr/lib/postfix/smtpd: bad command startup

-- throttling

Telnet would just hang. When I set smtpd_sasl_auth_enable to no, it worked, I could send mail and receive it.

I then noticed that I could only receive mail that was sent with telnet and not from google. From searching I found I needed to add this:

smtpd_tls_exclude_ciphers=RC4-MD5

I could then receive mail from outside. That seems more of a patch than a fix. Any comments on this one?


Here is my main.cf file
Code:

# See /usr/share/postfix/main.cf.dist for a commented, more complete version


# Debian specific:  Specifying a file name will cause the first
# line of that file to be used as the name.  The Debian default
# is /etc/mailname.
#myorigin = /etc/mailname

smtpd_banner = $myhostname ESMTP $mail_name (Ubuntu)
biff = no

# appending .domain is the MUA's job.
append_dot_mydomain = no

# Uncomment the next line to generate "delayed mail" warnings
#delay_warning_time = 4h

readme_directory = no

# TLS parameters
smtpd_tls_cert_file = /etc/postfix/smtpd.cert
smtpd_tls_key_file = /etc/postfix/smtpd.key
smtpd_use_tls = yes
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
smtpd_tls_exclude_ciphers=RC4-MD5

# See /usr/share/doc/postfix/TLS_README.gz in the postfix-doc package for
# information on enabling SSL in the smtp client.

myhostname =  domain.net
alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases
#myorigin = /etc/mailname
myorigin = domain.net
mydestination =
relayhost =
mynetworks = 127.0.0.0/8
mailbox_command = procmail -a "$EXTENSION"
mailbox_size_limit = 0
recipient_delimiter = +
inet_interfaces = all
virtual_alias_domains =
virtual_alias_maps = proxy:mysql:/etc/postfix/mysql-virtual_forwardings.cf,

mysql:/etc/postfix/mysql-virtual_email2email.cf
virtual_mailbox_domains = proxy:mysql:/etc/postfix/mysql-virtual_domains.cf
virtual_mailbox_maps = proxy:mysql:/etc/postfix/mysql-virtual_mailboxes.cf
virtual_mailbox_base = /home/vmail
virtual_uid_maps = static:5000
virtual_gid_maps = static:5000

#SASL
smtpd_sasl_auth_enable = yes
broken_sasl_auth_clients = yes
smtpd_sasl_security_options = noanonymous
smtpd_sasl_local_domain=
smtpd_sasl_authenticated_header = yes

smtpd_sender_restrictions = permit_sasl_authenticated, permit_mynetworks, warn_if_reject,

reject_non_fqdn_sender, reject_unknown_sender_domain, reject_unauth_pipelining, permit

smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated,

reject_unauth_destination


virtual_create_maildirsize = yes
virtual_maildir_extended = yes
virtual_mailbox_limit_maps = proxy:mysql:/etc/postfix/mysql-virtual_mailbox_limit_maps.cf
virtual_mailbox_limit_override = yes
virtual_maildir_limit_message = "The user you are trying to reach is over quota."
virtual_overquota_bounce = yes
proxy_read_maps = $local_recipient_maps $mydestination $virtual_alias_maps $virtual_alias_domains

$virtual_mailbox_maps $virtual_mailbox_domains $relay_recipient_maps $relay_domains

$canonical_maps $sender_canonical_maps $recipient_canonical_maps $relocated_maps $mynetworks

$virtual_mailbox_limit_maps


/etc/default/saslauthd file
Code:

#
# Settings for saslauthd daemon
# Please read /usr/share/doc/sasl2-bin/README.Debian for details.
#

# Should saslauthd run automatically on startup? (default: no)
START=yes

# Description of this saslauthd instance. Recommended.
# (suggestion: SASL Authentication Daemon)
DESC="SASL Authentication Daemon"

# Short name of this saslauthd instance. Strongly recommended.
# (suggestion: saslauthd)
NAME="saslauthd"

# Which authentication mechanisms should saslauthd use? (default: pam)
#
# Available options in this Debian package:
# getpwent  -- use the getpwent() library function
# kerberos5 -- use Kerberos 5
# pam      -- use PAM
# rimap    -- use a remote IMAP server
# shadow    -- use the local shadow password file
# sasldb    -- use the local sasldb database file
# ldap      -- use LDAP (configuration is in /etc/saslauthd.conf)
#
# Only one option may be used at a time. See the saslauthd man page
# for more information.
#
# Example: MECHANISMS="pam"
MECHANISMS="pam"

# Additional options for this mechanism. (default: none)
# See the saslauthd man page for information about mech-specific options.
MECH_OPTIONS=""

# How many saslauthd processes should we run? (default: 5)
# A value of 0 will fork a new process for each connection.
THREADS=5

# Other options (default: -c -m /var/run/saslauthd)
# Note: You MUST specify the -m option or saslauthd won't run!
#
# See /usr/share/doc/sasl2-bin/README.Debian for Debian-specific information.
# See the saslauthd man page for general information about these options.
#
# Example for postfix users: "-c -m /var/spool/postfix/var/run/saslauthd"
OPTIONS="-c -m /var/spool/postfix/var/run/saslauthd -r"


/etc/postfix/sasl/smtpd.conf
Code:

/etc/postfix/sasl/smtpd.conf

pwcheck_method: saslauthd
mech_list: plain login cram-md5 digest-md5
log_level: 7
allow plaintext: true
auxprop_plugin: mysql
sql_engine: mysql
sql_hostnames: 127.0.0.1
sql_user: mail_admin
sql_passwd: mail_admin_pass
sql_database: mail
sql_select: select password from users where email = '%u@%r'


Thanks.

wigglez 23rd November 2012 02:42

I figure this isn't part of it because it has to do with courier, but I'll just throw this out there to.

When trying to add one of the email addresses to thunderbird. It pops up a warning that says
"This site attempts to identify itself with invalid information."

falko 24th November 2012 11:57

Can you put these three directives in one line each instead of multiple lines?

Code:

virtual_alias_maps = proxy:mysql:/etc/postfix/mysql-virtual_forwardings.cf,

mysql:/etc/postfix/mysql-virtual_email2email.cf

Code:

smtpd_sender_restrictions = permit_sasl_authenticated, permit_mynetworks, warn_if_reject,

reject_non_fqdn_sender, reject_unknown_sender_domain, reject_unauth_pipelining, permit

smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated,

reject_unauth_destination

Code:

proxy_read_maps = $local_recipient_maps $mydestination $virtual_alias_maps $virtual_alias_domains

$virtual_mailbox_maps $virtual_mailbox_domains $relay_recipient_maps $relay_domains

$canonical_maps $sender_canonical_maps $recipient_canonical_maps $relocated_maps $mynetworks

$virtual_mailbox_limit_maps


wigglez 24th November 2012 17:24

Sorry, probably because I didn't have terminal maximized when I copied them.

Code:

virtual_alias_maps = proxy:mysql:/etc/postfix/mysql-virtual_forwardings.cf, mysql:/etc/postfix/mysql-virtual_email2email.cf
Code:

smtpd_sender_restrictions = permit_sasl_authenticated, permit_mynetworks, warn_if_reject, reject_non_fqdn_sender, reject_unknown_sender_domain, reject_unauth_pipelining, permit
Code:

proxy_read_maps = $local_recipient_maps $mydestination $virtual_alias_maps $virtual_alias_domains $virtual_mailbox_maps $virtual_mailbox_domains $relay_recipient_maps $relay_domains $canonical_maps $sender_canonical_maps $recipient_canonical_maps $relocated_maps $mynetworks $virtual_mailbox_limit_maps

wigglez 28th November 2012 06:39

results from testsaslauthd

sudo testsaslauthd -u test -p test
connect() : No such file or directory

sudo testsaslauthd -u test -p test -f /var/spool/postfix/var/run/saslauthd/mux
0: NO "authentication failed"

wigglez 30th November 2012 07:47

I seem to have finally stumbled on to a similar issue.

The fix was to tell postfix directly the path to sasl in the main.cf file

smtpd_sasl_path = /var/spool/postfix/var/run/saslauthd

By doing that I was also able to remove the
smtpd_tls_exclude_ciphers=RC4-MD5
for google.


All times are GMT +2. The time now is 19:14.

Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.