View Single Post
  #1  
Old 23rd January 2006, 12:03
keulu keulu is offline
Junior Member
 
Join Date: Jan 2006
Posts: 2
Thanks: 0
Thanked 0 Times in 0 Posts
Default SASL AUTH with postfix on Sarge

Hi,

I'm desperately trying to authenticate via sasl2 through postfix installed on a Debian Sarge.
I wanted to use sasldb authentication, so I created a test account : login:test password:test with no realm info.
TLS support in postfix is not activated at the moment.

Here's the output for a local telnet test:

Code:
# telnet localhost 25
Trying 127.0.0.1...
Connected to localhost.localdomain.
Escape character is '^]'.
220 mysmtp.mydomain.tld ESMTP (Debian/GNU)
ehlo localhost
250-mysmtp.mydomain.tld
250-PIPELINING PLAIN
250-SIZE 10240000
250-VRFY
250-ETRN
250-AUTH LOGIN PLAIN
250-AUTH=LOGIN PLAIN
250 8BITMIME
AUTH PLAIN dGVzdAB0ZXN0AHRlc3Q=
535 Error: authentication failed
mail.log says :

Code:
warning: SASL authentication failure: Password verification failed
warning: localhost.localdomain[127.0.0.1]: SASL PLAIN authentication failed
The account has been tested OK as far as saslauthd is concerned:

Code:
# testsaslauthd -u test -p test -f /var/spool/postfix/var/run/saslauthd/mux
0: OK "Success."
Everything works fine in the chrooted postscript when configured to ask for shadow passwords (MECHANISMS="shadow" in /etc/default/saslauthd and pwcheck_method: saslauthd in /etc/postfix/sasl/smtpd.conf) but no way to make it work with MECHANISMS="sasldb" and pwcheck_method: auxprop.

Thanks for any assistance to solve this problem.
I already spent a couple of days tearing my hair off on this issue, but I could not find neither any valuable info on the internet nor any workaround on my own.
Sorry for all the code provided...

Here is my main.cf:

Code:
smtpd_banner = $myhostname ESMTP (Debian/GNU)
biff = no

# appending .domain is the MUA's job.
append_dot_mydomain = no

# Uncomment the next line to generate "delayed mail" warnings
#delay_warning_time = 4h

myhostname = mysmtp.mydomain.tld
mydomain = mydomain.tld

alias_maps = hash:/etc/postfix/aliases
alias_database = hash:/etc/postfix/aliases

myorigin = $mydomain
mydestination = $myhostname, $mydomain, localhost

relayhost =
mynetworks = 127.0.0.0/8
home_mailbox = Maildir/
mailbox_command = procmail -a "$EXTENSION"
mailbox_size_limit = 51200000
recipient_delimiter = +
inet_interfaces = $myhostname, localhost

smtpd_helo_required = yes
smtpd_helo_restrictions =
        permit_mynetworks,
        reject_invalid_hostname,
smtpd_recipient_restrictions =
        permit_sasl_authenticated,
        permit_mynetworks,
        reject_unauth_destination
smtpd_sender_restrictions =
        reject_unknown_sender_domain,
        reject_non_fqdn_sender

# Use amavis filtering
content_filter=smtp-amavis:[127.0.0.1]:10024

# Reject exe attachement files
header_checks = regexp:/etc/postfix/header_checks

# SASL support (SMPTP AUTH)
smtpd_sasl_local_domain =
smtpd_sasl_auth_enable = yes
smtpd_sasl_security_options = noanonymous
# smtpd_sasl_application_name = smtpd
broken_sasl_auth_clients = yes

# SSL / TLS identification key files
# smtpd_tls_key_file = /etc/postfix/ssl/smtpd.key
# smtpd_tls_cert_file = /etc/postfix/ssl/smtpd.crt
# smtpd_tls_CAfile = /etc/postfix/ssl/cacert.pem

# SSL / TLS support parameters
# smtpd_tls_auth_only = no
# smtpd_use_tls = yes
# smtpd_tls_loglevel = 1
# smtpd_tls_ask_ccert = yes
# smtpd_tls_received_header = yes
# smtpd_tls_session_cache_timeout = 3600s
# tls_random_source = dev:/dev/urandom
and my master.cf:

Code:
smtp                    inet  n       -       -       -       -       smtpd
#submission             inet  n       -       -       -       -       smtpd
#       -o      smtpd_etrn_restrictions=reject
#628                    inet  n       -       -       -       -       qmqpd
pickup                  fifo  n       -       -       60      1       pickup
cleanup                 unix  n       -       -       -       0       cleanup
qmgr                    fifo  n       -       -       300     1       qmgr
#qmgr                   fifo  n       -       -       300     1       oqmgr
rewrite                 unix  -       -       -       -       -       trivial-rewrite
bounce                  unix  -       -       -       -       0       bounce
defer                   unix  -       -       -       -       0       bounce
trace                   unix  -       -       -       -       0       bounce
verify                  unix  -       -       -       -       1       verify
flush                   unix  n       -       -       1000?   0       flush
proxymap                unix  -       -       n       -       -       proxymap
smtp                    unix  -       -       -       -       -       smtp
relay                   unix  -       -       -       -       -       smtp
#       -o      smtp_helo_timeout=5
#       -o      smtp_connect_timeout=5
showq                   unix  n       -       -       -       -       showq
error                   unix  -       -       -       -       -       error
local                   unix  -       n       n       -       -       local
virtual                 unix  -       n       n       -       -       virtual
lmtp                    unix  -       -       n       -       -       lmtp
anvil                   unix  -       -       n       -       1       anvil
#
# Interfaces to non-Postfix software. Be sure to examine the manual
# pages of the non-Postfix software to find out what options it wants.
#
# maildrop. See the Postfix MAILDROP_README file for details.
#
maildrop                unix  -       n       n       -       -       pipe
  flags=DRhu user=vmail argv=/usr/local/bin/maildrop -d ${recipient}
uucp                    unix  -       n       n       -       -       pipe
  flags=Fqhu user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail ($recipient)
ifmail                  unix  -       n       n       -       -       pipe
  flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient)
bsmtp                   unix  -       n       n       -       -       pipe
  flags=Fq. user=bsmtp argv=/usr/lib/bsmtp/bsmtp -d -t$nexthop -f$sender $recipient
scalemail-backend       unix    -       n       n       -       2       pipe
  flags=R user=scalemail argv=/usr/lib/scalemail/bin/scalemail-store ${nexthop} ${user} ${extension}

# only used by postfix-tls
tlsmgr                  fifo    -       -       n       300     1       tlsmgr
smtps                   inet    n       -       y       -       -       smtpd -v
        -o      smtpd_tls_wrappermode=yes
        -o      smtpd_sasl_auth_enable=yes
587                     inet    n       -       n       -       -       smtpd
        -o      smtpd_enforce_tls=yes
        -o      smtpd_sasl_auth_enable=yes

smtp-amavis             unix    -       -       n       -       2       smtp
        -o      smtp_data_done_timeout=1200
        -o      smtp_send_xforward_command=yes
        -o      disable_dns_lookup=yes

127.0.0.1:10025         inet    n       -       n       -       -       smtpd
        -o      content_filter=
        -o      local_recipient_maps=
        -o      relay_recipient_maps=
        -o      smtpd_restriction_classes=
        -o      smtpd_client_restrictions=
        -o      smtpd_helo_restrictions=
        -o      smtpd_sender_restrictions=
        -o      smtpd_recipient_restrictions=permit_mynetworks,reject
        -o      mynetworks=127.0.0.1/8
        -o      strict_rfc821_envelopes=yes
        -o      smtpd_error_sleep_time=0
        -o      smtpd_soft_error_limit=1001
        -o      smtpd_hard_error_limit=1000
and finally my /etc/postfix/sasl/smtpd.conf:

Code:
pwcheck_method: auxprop
mech_list: plain login
auxprop_plugin: sasldb2
Reply With Quote
Sponsored Links