View Single Post
  #1  
Old 22nd November 2012, 10:49
wigglez wigglez is offline
Junior Member
 
Join Date: Nov 2012
Posts: 14
Thanks: 0
Thanked 1 Time in 1 Post
Default Having an issue with postfix and sasl

Hi,

I've been following this howto
http://www.howtoforge.com/virtual-us...untu-12.04-lts

I've searched quite extensively, but nothing seemed to be the right fix.


This is the error:
Code:
Nov 22 02:59:07 host postfix/master[28492]: daemon started -- version 2.5.1, configuration 

/etc/postfix
Nov 22 03:25:16 host postfix/smtpd[21507]: warning: SASL per-process initialization failed: 

generic failure
Nov 22 03:25:16 host postfix/smtpd[21507]: fatal: SASL per-process initialization failed
Nov 22 03:25:17 host postfix/master[28492]: warning: process /usr/lib/postfix/smtpd pid 21507 exit 

status 1
Nov 22 03:25:17 host postfix/master[28492]: warning: /usr/lib/postfix/smtpd: bad command startup 

-- throttling
Telnet would just hang. When I set smtpd_sasl_auth_enable to no, it worked, I could send mail and receive it.

I then noticed that I could only receive mail that was sent with telnet and not from google. From searching I found I needed to add this:

smtpd_tls_exclude_ciphers=RC4-MD5

I could then receive mail from outside. That seems more of a patch than a fix. Any comments on this one?


Here is my main.cf file
Code:
# See /usr/share/postfix/main.cf.dist for a commented, more complete version


# Debian specific:  Specifying a file name will cause the first
# line of that file to be used as the name.  The Debian default
# is /etc/mailname.
#myorigin = /etc/mailname

smtpd_banner = $myhostname ESMTP $mail_name (Ubuntu)
biff = no

# appending .domain is the MUA's job.
append_dot_mydomain = no

# Uncomment the next line to generate "delayed mail" warnings
#delay_warning_time = 4h

readme_directory = no

# TLS parameters
smtpd_tls_cert_file = /etc/postfix/smtpd.cert
smtpd_tls_key_file = /etc/postfix/smtpd.key
smtpd_use_tls = yes
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
smtpd_tls_exclude_ciphers=RC4-MD5

# See /usr/share/doc/postfix/TLS_README.gz in the postfix-doc package for
# information on enabling SSL in the smtp client.

myhostname =  domain.net
alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases
#myorigin = /etc/mailname
myorigin = domain.net
mydestination =
relayhost =
mynetworks = 127.0.0.0/8
mailbox_command = procmail -a "$EXTENSION"
mailbox_size_limit = 0
recipient_delimiter = +
inet_interfaces = all
virtual_alias_domains =
virtual_alias_maps = proxy:mysql:/etc/postfix/mysql-virtual_forwardings.cf, 

mysql:/etc/postfix/mysql-virtual_email2email.cf
virtual_mailbox_domains = proxy:mysql:/etc/postfix/mysql-virtual_domains.cf
virtual_mailbox_maps = proxy:mysql:/etc/postfix/mysql-virtual_mailboxes.cf
virtual_mailbox_base = /home/vmail
virtual_uid_maps = static:5000
virtual_gid_maps = static:5000

#SASL
smtpd_sasl_auth_enable = yes
broken_sasl_auth_clients = yes
smtpd_sasl_security_options = noanonymous
smtpd_sasl_local_domain=
smtpd_sasl_authenticated_header = yes

smtpd_sender_restrictions = permit_sasl_authenticated, permit_mynetworks, warn_if_reject, 

reject_non_fqdn_sender, reject_unknown_sender_domain, reject_unauth_pipelining, permit

smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, 

reject_unauth_destination


virtual_create_maildirsize = yes
virtual_maildir_extended = yes
virtual_mailbox_limit_maps = proxy:mysql:/etc/postfix/mysql-virtual_mailbox_limit_maps.cf
virtual_mailbox_limit_override = yes
virtual_maildir_limit_message = "The user you are trying to reach is over quota."
virtual_overquota_bounce = yes
proxy_read_maps = $local_recipient_maps $mydestination $virtual_alias_maps $virtual_alias_domains 

$virtual_mailbox_maps $virtual_mailbox_domains $relay_recipient_maps $relay_domains 

$canonical_maps $sender_canonical_maps $recipient_canonical_maps $relocated_maps $mynetworks 

$virtual_mailbox_limit_maps

/etc/default/saslauthd file
Code:
#
# Settings for saslauthd daemon
# Please read /usr/share/doc/sasl2-bin/README.Debian for details.
#

# Should saslauthd run automatically on startup? (default: no)
START=yes

# Description of this saslauthd instance. Recommended.
# (suggestion: SASL Authentication Daemon)
DESC="SASL Authentication Daemon"

# Short name of this saslauthd instance. Strongly recommended.
# (suggestion: saslauthd)
NAME="saslauthd"

# Which authentication mechanisms should saslauthd use? (default: pam)
#
# Available options in this Debian package:
# getpwent  -- use the getpwent() library function
# kerberos5 -- use Kerberos 5
# pam       -- use PAM
# rimap     -- use a remote IMAP server
# shadow    -- use the local shadow password file
# sasldb    -- use the local sasldb database file
# ldap      -- use LDAP (configuration is in /etc/saslauthd.conf)
#
# Only one option may be used at a time. See the saslauthd man page
# for more information.
#
# Example: MECHANISMS="pam"
MECHANISMS="pam"

# Additional options for this mechanism. (default: none)
# See the saslauthd man page for information about mech-specific options.
MECH_OPTIONS=""

# How many saslauthd processes should we run? (default: 5)
# A value of 0 will fork a new process for each connection.
THREADS=5

# Other options (default: -c -m /var/run/saslauthd)
# Note: You MUST specify the -m option or saslauthd won't run!
#
# See /usr/share/doc/sasl2-bin/README.Debian for Debian-specific information.
# See the saslauthd man page for general information about these options.
#
# Example for postfix users: "-c -m /var/spool/postfix/var/run/saslauthd"
OPTIONS="-c -m /var/spool/postfix/var/run/saslauthd -r"

/etc/postfix/sasl/smtpd.conf
Code:
/etc/postfix/sasl/smtpd.conf

pwcheck_method: saslauthd
mech_list: plain login cram-md5 digest-md5
log_level: 7
allow plaintext: true
auxprop_plugin: mysql
sql_engine: mysql
sql_hostnames: 127.0.0.1
sql_user: mail_admin
sql_passwd: mail_admin_pass
sql_database: mail
sql_select: select password from users where email = '%u@%r'

Thanks.
Reply With Quote
Sponsored Links