Go Back   HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials > Linux Forums > Installation/Configuration

Do you like HowtoForge? Please consider supporting us by becoming a subscriber.
Reply
 
Thread Tools Display Modes
  #1  
Old 16th April 2008, 03:47
james@thereidsonline.com james@thereidsonline.com is offline
Junior Member
 
Join Date: Nov 2006
Posts: 29
Thanks: 1
Thanked 0 Times in 0 Posts
Default Help with SASL TLS with Postfix using a database for user details

Hi,

I need some help getting SASL TLS working with Postfix on DBMail.

For those not familiar with DBMail, it is a database (MYSQL) email storage system that offers imap and pop access (ie all emails are stored completely in a database instead of in files) - see http://www.dbmail.org for more info.

It also stores usernames and passwords (plain text) in the database.

I've got postfix working with dbmail on my Fedora Core 8 box, and am now trying to get it to work with SASL TLS.

Relavent parts of my config are:

/etc/postfix/main.cf:
Code:
... 
smtpd_sasl_local_domain = 
smtpd_sasl_auth_enable = yes 
smtpd_sasl_security_options = noanonymous 
broken_sasl_auth_clients = yes 
smtpd_recipient_restrictions = permit_sasl_authenticated,permit_mynetworks,reject_unauth_destination 
smtpd_tls_auth_only = no 
smtp_use_tls = yes 
smtpd_use_tls = yes 
smtp_tls_note_starttls_offer = yes 
smtpd_tls_key_file = /etc/postfix/secure.reidware.net.key 
smtpd_tls_cert_file = /etc/postfix/secure.reidware.net.crt 
smtpd_tls_CAfile = /etc/postfix/imapd.pem 
smtpd_tls_loglevel = 1 
smtpd_tls_received_header = yes 
smtpd_tls_session_cache_timeout = 3600s
/etc/postfix/master.cf:
Code:
smtp      inet  n       -       n       -       -       smtpd 
pickup    fifo  n       -       n       60      1       pickup 
cleanup   unix  n       -       n       -       0       cleanup 
qmgr      fifo  n       -       n       300     1       qmgr 
tlsmgr    unix  -       -       n       1000?   1       tlsmgr 
rewrite   unix  -       -       n       -       -       trivial-rewrite 
bounce    unix  -       -       n       -       0       bounce 
defer     unix  -       -       n       -       0       bounce 
trace     unix  -       -       n       -       0       bounce 
verify    unix  -       -       n       -       1       verify 
flush     unix  n       -       n       1000?   0       flush 
proxymap  unix  -       -       n       -       -       proxymap 
smtp      unix  -       -       n       -       -       smtp 
relay     unix  -       -       n       -       -       smtp 
        -o fallback_relay= 
showq     unix  n       -       n       -       -       showq 
error     unix  -       -       n       -       -       error 
retry     unix  -       -       n       -       -       error 
discard   unix  -       -       n       -       -       discard 
local     unix  -       n       n       -       -       local 
virtual   unix  -       n       n       -       -       virtual 
lmtp      unix  -       -       n       -       -       lmtp 
anvil     unix  -       -       n       -       1       anvil 
scache  unix - - n - 1 scache 
dbmail-lmtp     unix    -       -       n       -       -       lmtp
/usr/lib/sasl2/smtpd.conf:
Code:
pwcheck_method: auxprop 
auxprop_plugin: sql 
sql_engine: mysql 
mech_list: PLAIN LOGIN 
sql_hostnames: localhost 
sql_user: dbmail 
sql_passwd: <password> 
sql_database: dbmail 
sql_verbose: yes 
sql_select: SELECT passwd FROM dbmail_users WHERE userid = '%u'
In theory, I think this should work in a similar way to how many other virtual postfix systems work that store user details in a database.

However, when I try to test my server from Outlook I keep getting asked for login details - it gives the perception that either my user name or password is not being accepted (I've made sure that password is stored as plain).

My maillog looks like:
Code:
Apr 15 21:47:12 fs02 dbmail/imap4d[3401]: Message:[serverchild] serverchild.c,PerformChildTask(+349): incoming connection from [10.1.100.196] by pid [3401] 
Apr 15 21:47:12 fs02 dbmail/imap4d[3401]: Message:[imapsession] dbmail-imapsession.c,dbmail_imap_session_handle_auth(+1623): user (id:7, name <user name>) tries login 
Apr 15 21:47:12 fs02 dbmail/imap4d[3401]: Message:[imapsession] dbmail-imapsession.c,dbmail_imap_session_handle_auth(+1644): user (id 7, name <user name>) login accepted 
Apr 15 21:47:12 fs02 dbmail/imap4d[3401]: Error:[imap] imap4.c,IMAPClientHandler(+303): command return with error [idle] 
Apr 15 21:47:12 fs02 dbmail/imap4d[3401]: Message:[imap] imap4.c,IMAPClientHandler(+323): Closing connection for client from IP [10.1.100.196] 
Apr 15 21:47:12 fs02 postfix/smtpd[3450]: connect from unknown[10.1.100.196] 
Apr 15 21:47:12 fs02 postfix/smtpd[3450]: setting up TLS connection from unknown[10.1.100.196] 
Apr 15 21:47:12 fs02 postfix/smtpd[3450]: TLS connection established from unknown[10.1.100.196]: TLSv1 with cipher AES128-SHA (128/128 bits) 
Apr 15 21:47:12 fs02 postfix/smtpd[3450]: warning: unknown[10.1.100.196]: SASL LOGIN authentication failed: authentication failure 
Apr 15 21:47:12 fs02 postfix/smtpd[3450]: lost connection after AUTH from unknown[10.1.100.196] 
Apr 15 21:47:12 fs02 postfix/smtpd[3450]: disconnect from unknown[10.1.100.196] 
Apr 15 21:47:32 fs02 dbmail/imap4d[3432]: Message:[imap] imapcommands.c,_ic_logout(+126): user (id:7) logging out @ [2008-04-15 21:47:32] 
Apr 15 21:47:32 fs02 dbmail/imap4d[3432]: Message:[imap] imap4.c,IMAPClientHandler(+323): Closing connection for client from IP [10.1.100.196] 
Apr 15 21:47:32 fs02 dbmail/imap4d[3399]: Message:[imap] imapcommands.c,_ic_logout(+126): user (id:7) logging out @ [2008-04-15 21:47:32] 
Apr 15 21:47:32 fs02 dbmail/imap4d[3399]: Message:[imap] imap4.c,IMAPClientHandler(+323): Closing connection for client from IP [10.1.100.196]
(Note: this also shows a successful test of imap)

Can someone give me some suggestions on what I've done wrong?

Thanks!
James.
Reply With Quote
Sponsored Links
  #2  
Old 16th April 2008, 22:58
falko falko is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 41,701
Thanks: 1,900
Thanked 2,727 Times in 2,565 Posts
Default

Are you sure that this is the correct query?
Code:
sql_select: SELECT passwd FROM dbmail_users WHERE userid = '%u'
Does the SQL password contain any special characters? That might be a problem.
__________________
Falko
--
Download the ISPConfig 3 Manual! | Check out the ISPConfig 3 Billing Module!

FB: http://www.facebook.com/howtoforge

nginx-Webhosting: Timme Hosting | Follow me on:
Reply With Quote
  #3  
Old 25th April 2008, 13:48
schickel schickel is offline
Junior Member
 
Join Date: Apr 2008
Posts: 11
Thanks: 3
Thanked 3 Times in 2 Posts
 
Default

My /usr/lib/sasl2/smtpd.conf looks like this:

log_level: 1
sql_verbose: no

pwcheck_method: auxprop
auxprop_plugin: sql
sql_engine: mysql
mech_list: DIGEST-MD5 CRAM-MD5 PLAIN LOGIN
sql_hostnames: localhost
sql_user: ******
sql_passwd: ******
sql_database: dbmail
sql_select: SELECT passwd FROM dbmail_users WHERE userid = '%u@%r'

With this setting it works for me with Fedora 7.
Reply With Quote
The Following User Says Thank You to schickel For This Useful Post:
falko (26th April 2008)
Reply

Bookmarks

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Mail server using Postfix, Dovecot, Mysql... Postfix virtual maps doesn't work?? tarasbuljba HOWTO-Related Questions 33 28th May 2010 14:33
Mail System Error - Returned Mail tristanlee85 General 16 16th March 2008 09:40
Centos 4.4 32bit Hangs, High Server load 3cwired_com Server Operation 11 16th November 2006 15:47
Verify email setup meekish Installation/Configuration 28 27th October 2006 15:36
SASL and TLS problems with Postfix on Ubuntu fish HOWTO-Related Questions 13 7th October 2006 13:47


All times are GMT +2. The time now is 18:48.


Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.