Go Back   HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials > Linux Forums > Server Operation

Do you like HowtoForge? Please consider supporting us by becoming a subscriber.
Reply
 
Thread Tools Display Modes
  #1  
Old 23rd January 2006, 11:03
keulu keulu is offline
Junior Member
 
Join Date: Jan 2006
Posts: 2
Thanks: 0
Thanked 0 Times in 0 Posts
Default SASL AUTH with postfix on Sarge

Hi,

I'm desperately trying to authenticate via sasl2 through postfix installed on a Debian Sarge.
I wanted to use sasldb authentication, so I created a test account : login:test password:test with no realm info.
TLS support in postfix is not activated at the moment.

Here's the output for a local telnet test:

Code:
# telnet localhost 25
Trying 127.0.0.1...
Connected to localhost.localdomain.
Escape character is '^]'.
220 mysmtp.mydomain.tld ESMTP (Debian/GNU)
ehlo localhost
250-mysmtp.mydomain.tld
250-PIPELINING PLAIN
250-SIZE 10240000
250-VRFY
250-ETRN
250-AUTH LOGIN PLAIN
250-AUTH=LOGIN PLAIN
250 8BITMIME
AUTH PLAIN dGVzdAB0ZXN0AHRlc3Q=
535 Error: authentication failed
mail.log says :

Code:
warning: SASL authentication failure: Password verification failed
warning: localhost.localdomain[127.0.0.1]: SASL PLAIN authentication failed
The account has been tested OK as far as saslauthd is concerned:

Code:
# testsaslauthd -u test -p test -f /var/spool/postfix/var/run/saslauthd/mux
0: OK "Success."
Everything works fine in the chrooted postscript when configured to ask for shadow passwords (MECHANISMS="shadow" in /etc/default/saslauthd and pwcheck_method: saslauthd in /etc/postfix/sasl/smtpd.conf) but no way to make it work with MECHANISMS="sasldb" and pwcheck_method: auxprop.

Thanks for any assistance to solve this problem.
I already spent a couple of days tearing my hair off on this issue, but I could not find neither any valuable info on the internet nor any workaround on my own.
Sorry for all the code provided...

Here is my main.cf:

Code:
smtpd_banner = $myhostname ESMTP (Debian/GNU)
biff = no

# appending .domain is the MUA's job.
append_dot_mydomain = no

# Uncomment the next line to generate "delayed mail" warnings
#delay_warning_time = 4h

myhostname = mysmtp.mydomain.tld
mydomain = mydomain.tld

alias_maps = hash:/etc/postfix/aliases
alias_database = hash:/etc/postfix/aliases

myorigin = $mydomain
mydestination = $myhostname, $mydomain, localhost

relayhost =
mynetworks = 127.0.0.0/8
home_mailbox = Maildir/
mailbox_command = procmail -a "$EXTENSION"
mailbox_size_limit = 51200000
recipient_delimiter = +
inet_interfaces = $myhostname, localhost

smtpd_helo_required = yes
smtpd_helo_restrictions =
        permit_mynetworks,
        reject_invalid_hostname,
smtpd_recipient_restrictions =
        permit_sasl_authenticated,
        permit_mynetworks,
        reject_unauth_destination
smtpd_sender_restrictions =
        reject_unknown_sender_domain,
        reject_non_fqdn_sender

# Use amavis filtering
content_filter=smtp-amavis:[127.0.0.1]:10024

# Reject exe attachement files
header_checks = regexp:/etc/postfix/header_checks

# SASL support (SMPTP AUTH)
smtpd_sasl_local_domain =
smtpd_sasl_auth_enable = yes
smtpd_sasl_security_options = noanonymous
# smtpd_sasl_application_name = smtpd
broken_sasl_auth_clients = yes

# SSL / TLS identification key files
# smtpd_tls_key_file = /etc/postfix/ssl/smtpd.key
# smtpd_tls_cert_file = /etc/postfix/ssl/smtpd.crt
# smtpd_tls_CAfile = /etc/postfix/ssl/cacert.pem

# SSL / TLS support parameters
# smtpd_tls_auth_only = no
# smtpd_use_tls = yes
# smtpd_tls_loglevel = 1
# smtpd_tls_ask_ccert = yes
# smtpd_tls_received_header = yes
# smtpd_tls_session_cache_timeout = 3600s
# tls_random_source = dev:/dev/urandom
and my master.cf:

Code:
smtp                    inet  n       -       -       -       -       smtpd
#submission             inet  n       -       -       -       -       smtpd
#       -o      smtpd_etrn_restrictions=reject
#628                    inet  n       -       -       -       -       qmqpd
pickup                  fifo  n       -       -       60      1       pickup
cleanup                 unix  n       -       -       -       0       cleanup
qmgr                    fifo  n       -       -       300     1       qmgr
#qmgr                   fifo  n       -       -       300     1       oqmgr
rewrite                 unix  -       -       -       -       -       trivial-rewrite
bounce                  unix  -       -       -       -       0       bounce
defer                   unix  -       -       -       -       0       bounce
trace                   unix  -       -       -       -       0       bounce
verify                  unix  -       -       -       -       1       verify
flush                   unix  n       -       -       1000?   0       flush
proxymap                unix  -       -       n       -       -       proxymap
smtp                    unix  -       -       -       -       -       smtp
relay                   unix  -       -       -       -       -       smtp
#       -o      smtp_helo_timeout=5
#       -o      smtp_connect_timeout=5
showq                   unix  n       -       -       -       -       showq
error                   unix  -       -       -       -       -       error
local                   unix  -       n       n       -       -       local
virtual                 unix  -       n       n       -       -       virtual
lmtp                    unix  -       -       n       -       -       lmtp
anvil                   unix  -       -       n       -       1       anvil
#
# Interfaces to non-Postfix software. Be sure to examine the manual
# pages of the non-Postfix software to find out what options it wants.
#
# maildrop. See the Postfix MAILDROP_README file for details.
#
maildrop                unix  -       n       n       -       -       pipe
  flags=DRhu user=vmail argv=/usr/local/bin/maildrop -d ${recipient}
uucp                    unix  -       n       n       -       -       pipe
  flags=Fqhu user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail ($recipient)
ifmail                  unix  -       n       n       -       -       pipe
  flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient)
bsmtp                   unix  -       n       n       -       -       pipe
  flags=Fq. user=bsmtp argv=/usr/lib/bsmtp/bsmtp -d -t$nexthop -f$sender $recipient
scalemail-backend       unix    -       n       n       -       2       pipe
  flags=R user=scalemail argv=/usr/lib/scalemail/bin/scalemail-store ${nexthop} ${user} ${extension}

# only used by postfix-tls
tlsmgr                  fifo    -       -       n       300     1       tlsmgr
smtps                   inet    n       -       y       -       -       smtpd -v
        -o      smtpd_tls_wrappermode=yes
        -o      smtpd_sasl_auth_enable=yes
587                     inet    n       -       n       -       -       smtpd
        -o      smtpd_enforce_tls=yes
        -o      smtpd_sasl_auth_enable=yes

smtp-amavis             unix    -       -       n       -       2       smtp
        -o      smtp_data_done_timeout=1200
        -o      smtp_send_xforward_command=yes
        -o      disable_dns_lookup=yes

127.0.0.1:10025         inet    n       -       n       -       -       smtpd
        -o      content_filter=
        -o      local_recipient_maps=
        -o      relay_recipient_maps=
        -o      smtpd_restriction_classes=
        -o      smtpd_client_restrictions=
        -o      smtpd_helo_restrictions=
        -o      smtpd_sender_restrictions=
        -o      smtpd_recipient_restrictions=permit_mynetworks,reject
        -o      mynetworks=127.0.0.1/8
        -o      strict_rfc821_envelopes=yes
        -o      smtpd_error_sleep_time=0
        -o      smtpd_soft_error_limit=1001
        -o      smtpd_hard_error_limit=1000
and finally my /etc/postfix/sasl/smtpd.conf:

Code:
pwcheck_method: auxprop
mech_list: plain login
auxprop_plugin: sasldb2
Reply With Quote
Sponsored Links
  #2  
Old 23rd January 2006, 18:05
falko falko is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 41,701
Thanks: 1,900
Thanked 2,740 Times in 2,575 Posts
Default

Did you create the user's password with saslpasswd2? See
Code:
man saslpasswd2
__________________
Falko
--
Download the ISPConfig 3 Manual! | Check out the ISPConfig 3 Billing Module!

FB: http://www.facebook.com/howtoforge

nginx-Webhosting: Timme Hosting | Follow me on:
Reply With Quote
  #3  
Old 23rd January 2006, 20:08
keulu keulu is offline
Junior Member
 
Join Date: Jan 2006
Posts: 2
Thanks: 0
Thanked 0 Times in 0 Posts
Default

yes, exactly what I did...
Reply With Quote
  #4  
Old 28th August 2006, 13:27
nibman nibman is offline
Junior Member
 
Join Date: Aug 2006
Posts: 2
Thanks: 0
Thanked 0 Times in 0 Posts
Default Same problem as Keulu

Hello!

I have the same problem as Keulu here and I can't find any solution to the problem.

I had a completely new installation of Debian 3.1 when starting to install according to the "Perfect Setup" for the correct version of Debian. I followed every step by copying and pasting, but still the SMTP AUTH functionality doesn't work. Everytime I try to connect with the client (Microsoft Outlook Express & others) the password isn't accepted.

In the logfile I get the following error everytime I try to authenticate a user:

Aug 28 09:57:10 postfix/smtpd[12365]: warning: SASL authentication failure: cannot connect to saslauthd server: No such file or directory

I have checked with testsaslauthd and it responds OK.

I have set password with saslpasswd2 to no awail.

What else can I try? Can I do other checks to see if everything is working? Since the logfile is referring to that smtpd is unable to connect to saslauthd is there anything I can do to make sure it is connecting? How does it connect? Is it using a pipe or a socket? If the pipe is known perhaps one can try that, manually?

I am out of options right now. I have checked every place on Internet I can find that discuss this problem. It was so easy for version 3.0 of Debian. Everything worked directly.

Please help!
Reply With Quote
  #5  
Old 29th August 2006, 20:37
falko falko is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 41,701
Thanks: 1,900
Thanked 2,740 Times in 2,575 Posts
Default

Quote:
Originally Posted by nibman
Aug 28 09:57:10 postfix/smtpd[12365]: warning: SASL authentication failure: cannot connect to saslauthd server: No such file or directory
Please make sure saslauthd is started. What's the output of
Code:
ps aux | grep saslauthd
? Also make sure saslauthd is chrooted correctly (as Postfix is running chrooted), as described in the tutorial. Compare your /etc/default/saslauthd and /etc/init.d/saslauthd with the ones from the tutorial.
__________________
Falko
--
Download the ISPConfig 3 Manual! | Check out the ISPConfig 3 Billing Module!

FB: http://www.facebook.com/howtoforge

nginx-Webhosting: Timme Hosting | Follow me on:
Reply With Quote
  #6  
Old 30th August 2006, 09:13
nibman nibman is offline
Junior Member
 
Join Date: Aug 2006
Posts: 2
Thanks: 0
Thanked 0 Times in 0 Posts
Default

Hello, thanks for the reply!

I just got it working... I changed in my client from port 465 tcp to use port 25 tcp. In the earlier version I had to use port 465 and not 25 to get it working. Why is it different now??
Reply With Quote
Reply

Bookmarks

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Postfix mail is held in queue indefinitely... squallbsr Server Operation 9 15th January 2006 19:13
Suse Postfix + Dovecot + ISP Config + smtp Auth; recieving problem! fatum112 HOWTO-Related Questions 2 15th January 2006 19:03
Postfix on Debian Sarge Perfect Setup daniel_rodriguez HOWTO-Related Questions 1 12th January 2006 22:07
postfix starts and stops why lhatle Installation/Configuration 2 21st December 2005 15:20
Postfix SMTP Auth Configuration kisong Installation/Configuration 6 20th October 2005 01:06


All times are GMT +2. The time now is 17:35.


Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.