postfix sasl problem

[alte94]

Hello,

Virtual Users And Domains With Postfix, Courier, MySQL And SquirrelMail -Ubuntu 8.04
Great post but after reading tons of posts for 5 days, I'm stuck with postfix (and maybe mysql) authentication. Everything goes fine with courier.

If someone can tell me what happens ...

root@c6po:/srv# testsaslauthd -u root -p
0: OK "Success."
root@c6po:/srv# testsaslauthd -u test -p
0: NO "authentication failed"

Just tell me which config file you need and'll post it.

TIA

[alte94]

I post saslfinger results in order to help diag.
Curiously, when using squirrelmail, I'm able to send and receive mail to and from internal and external domains.

Code:

saslfinger - postfix Cyrus sasl configuration Fri Feb 20 18:44:10 CET 2009
version: 1.0.4
mode: server-side SMTP AUTH

-- basics --
Postfix: 2.5.5
System: Debian GNU/Linux 5.0 \n \l

-- smtpd is linked to --
        libsasl2.so.2 => /usr/lib/libsasl2.so.2 (0xb7cd8000)

-- active SMTP AUTH and TLS parameters for smtpd --
broken_sasl_auth_clients = yes
smtpd_sasl_auth_enable = yes
smtpd_sasl_authenticated_header = yes
smtpd_sasl_local_domain =
smtpd_sasl_path = /etc/postfix/sasl
smtpd_tls_auth_only = no
smtpd_tls_cert_file = /etc/postfix/smtpd.cert
smtpd_tls_key_file = /etc/postfix/smtpd.key
smtpd_tls_loglevel = 1
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
smtpd_use_tls = yes


-- listing of /usr/lib/sasl2 --
total 792
drwxr-xr-x  2 root root  4096 Feb 18 13:32 .
drwxr-xr-x 54 root root 20480 Feb 20 16:33 ..
-rw-r--r--  1 root root 13468 Sep  1 19:10 libanonymous.a
-rw-r--r--  1 root root   855 Sep  1 19:09 libanonymous.la
-rw-r--r--  1 root root 13016 Sep  1 19:10 libanonymous.so
-rw-r--r--  1 root root 13016 Sep  1 19:10 libanonymous.so.2
-rw-r--r--  1 root root 13016 Sep  1 19:10 libanonymous.so.2.0.22
-rw-r--r--  1 root root 15810 Sep  1 19:10 libcrammd5.a
-rw-r--r--  1 root root   841 Sep  1 19:09 libcrammd5.la
-rw-r--r--  1 root root 15352 Sep  1 19:10 libcrammd5.so
-rw-r--r--  1 root root 15352 Sep  1 19:10 libcrammd5.so.2
-rw-r--r--  1 root root 15352 Sep  1 19:10 libcrammd5.so.2.0.22
-rw-r--r--  1 root root 46412 Sep  1 19:10 libdigestmd5.a
-rw-r--r--  1 root root   864 Sep  1 19:09 libdigestmd5.la
-rw-r--r--  1 root root 43500 Sep  1 19:10 libdigestmd5.so
-rw-r--r--  1 root root 43500 Sep  1 19:10 libdigestmd5.so.2
-rw-r--r--  1 root root 43500 Sep  1 19:10 libdigestmd5.so.2.0.22
-rw-r--r--  1 root root 13646 Sep  1 19:10 liblogin.a
-rw-r--r--  1 root root   835 Sep  1 19:09 liblogin.la
-rw-r--r--  1 root root 13460 Sep  1 19:10 liblogin.so
-rw-r--r--  1 root root 13460 Sep  1 19:10 liblogin.so.2
-rw-r--r--  1 root root 13460 Sep  1 19:10 liblogin.so.2.0.22
-rw-r--r--  1 root root 29068 Sep  1 19:10 libntlm.a
-rw-r--r--  1 root root   829 Sep  1 19:09 libntlm.la
-rw-r--r--  1 root root 28436 Sep  1 19:10 libntlm.so
-rw-r--r--  1 root root 28436 Sep  1 19:10 libntlm.so.2
-rw-r--r--  1 root root 28436 Sep  1 19:10 libntlm.so.2.0.22
-rw-r--r--  1 root root 13966 Sep  1 19:10 libplain.a
-rw-r--r--  1 root root   835 Sep  1 19:09 libplain.la
-rw-r--r--  1 root root 14036 Sep  1 19:10 libplain.so
-rw-r--r--  1 root root 14036 Sep  1 19:10 libplain.so.2
-rw-r--r--  1 root root 14036 Sep  1 19:10 libplain.so.2.0.22
-rw-r--r--  1 root root 21702 Sep  1 19:10 libsasldb.a
-rw-r--r--  1 root root   866 Sep  1 19:09 libsasldb.la
-rw-r--r--  1 root root 18080 Sep  1 19:10 libsasldb.so
-rw-r--r--  1 root root 18080 Sep  1 19:10 libsasldb.so.2
-rw-r--r--  1 root root 18080 Sep  1 19:10 libsasldb.so.2.0.22
-rw-r--r--  1 root root 23796 Sep  1 19:10 libsql.a
-rw-r--r--  1 root root   964 Sep  1 19:09 libsql.la
-rw-r--r--  1 root root 23312 Sep  1 19:10 libsql.so
-rw-r--r--  1 root root 23312 Sep  1 19:10 libsql.so.2
-rw-r--r--  1 root root 23312 Sep  1 19:10 libsql.so.2.0.22
-rw-rw----  1 root root   236 Feb 18 13:32 smtpd.conf

-- listing of /etc/postfix/sasl --
total 12
drwxr-xr-x 2 root root 4096 Feb  3 16:52 .
drwxr-xr-x 3 root root 4096 Feb 20 16:45 ..
-rw-r----- 1 root root  236 Feb  3 16:52 smtpd.conf




-- content of /usr/lib/sasl2/smtpd.conf --
pwcheck_method: saslauthd
mech_list: plain login
allow_plaintext: true
auxprop_plugin: mysql
sql_hostnames: 127.0.0.1
sql_user: --- replaced ---
sql_passwd: --- replaced ---
sql_database: mail
sql_select: select password from users where email = '%u'


-- content of /etc/postfix/sasl/smtpd.conf --
pwcheck_method: saslauthd
mech_list: plain login
allow_plaintext: true
auxprop_plugin: mysql
sql_hostnames: 127.0.0.1
sql_user: --- replaced ---
sql_passwd: --- replaced ---
sql_database: mail
sql_select: select password from users where email = '%u'


-- content of /etc/postfix/sasl/smtpd.conf --
pwcheck_method: saslauthd
mech_list: plain login
allow_plaintext: true
auxprop_plugin: mysql
sql_hostnames: 127.0.0.1
sql_user: --- replaced ---
sql_passwd: --- replaced ---
sql_database: mail
sql_select: select password from users where email = '%u'



-- active services in /etc/postfix/master.cf --
# service type  private unpriv  chroot  wakeup  maxproc command + args
#               (yes)   (yes)   (yes)   (never) (100)
smtp      inet  n       -       -       -       -       smtpd
pickup    fifo  n       -       -       60      1       pickup
cleanup   unix  n       -       -       -       0       cleanup
qmgr      fifo  n       -       n       300     1       qmgr
tlsmgr    unix  -       -       -       1000?   1       tlsmgr
rewrite   unix  -       -       -       -       -       trivial-rewrite
bounce    unix  -       -       -       -       0       bounce
defer     unix  -       -       -       -       0       bounce
trace     unix  -       -       -       -       0       bounce
verify    unix  -       -       -       -       1       verify
flush     unix  n       -       -       1000?   0       flush
proxymap  unix  -       -       n       -       -       proxymap
smtp      unix  -       -       -       -       -       smtp
relay     unix  -       -       -       -       -       smtp
        -o smtp_fallback_relay=
showq     unix  n       -       -       -       -       showq
error     unix  -       -       -       -       -       error
retry     unix  -       -       -       -       -       error
discard   unix  -       -       -       -       -       discard
local     unix  -       n       n       -       -       local
virtual   unix  -       n       n       -       -       virtual
lmtp      unix  -       -       -       -       -       lmtp
anvil     unix  -       -       -       -       1       anvil
scache    unix  -       -       -       -       1       scache
maildrop  unix  -       n       n       -       -       pipe
  flags=DRhu user=vmail argv=/usr/bin/maildrop -d ${recipient}
uucp      unix  -       n       n       -       -       pipe
  flags=Fqhu user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail ($recipient)
ifmail    unix  -       n       n       -       -       pipe
  flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient)
bsmtp     unix  -       n       n       -       -       pipe
  flags=Fq. user=bsmtp argv=/usr/lib/bsmtp/bsmtp -t$nexthop -f$sender $recipient
scalemail-backend unix  -       n       n       -       2       pipe
  flags=R user=scalemail argv=/usr/lib/scalemail/bin/scalemail-store ${nexthop} ${user} ${extension}
mailman   unix  -       n       n       -       -       pipe
  flags=FR user=list argv=/usr/lib/mailman/bin/postfix-to-mailman.py
  ${nexthop} ${user}

amavis unix - - - - 2 smtp
        -o smtp_data_done_timeout=1200
        -o smtp_send_xforward_command=yes

127.0.0.1:10025 inet n - - - - smtpd
        -o content_filter=
        -o local_recipient_maps=
        -o relay_recipient_maps=
        -o smtpd_restriction_classes=
        -o smtpd_client_restrictions=
        -o smtpd_helo_restrictions=
        -o smtpd_sender_restrictions=
        -o smtpd_recipient_restrictions=permit_mynetworks,reject
        -o mynetworks=127.0.0.0/8
        -o strict_rfc821_envelopes=yes
        -o receive_override_options=no_unknown_recipient_checks,no_header_body_checks
        -o smtpd_bind_address=127.0.0.1

-- mechanisms on localhost --
250-AUTH NTLM CRAM-MD5 DIGEST-MD5 LOGIN PLAIN
250-AUTH=NTLM CRAM-MD5 DIGEST-MD5 LOGIN PLAIN


-- end of saslfinger output --

[falko]

What's the output of

Code:

uname -a

?

Did you compare all your configuration files with the ones from the tutorial?

[alte94]

Quote:

Originally Posted by falko

What's the output of uname -a ?

Code:

Linux c6po 2.6.18-xenU #4 SMP Mon Sep 22 17:59:36 CEST 2008 i686 GNU/Linux

Quote:

Originally Posted by falko

Did you compare all your configuration files with the ones from the tutorial?

If you're talking about the 6 /etc/postfix/mysql-virtual* files, the answer is yes. Chmoded as required as well.

I really don't understand how it can work like a charm when using squirrelmail and not working with Thunderbird (though pop works with no pb at all). Is it due to the fact that squirrel is being considered as sending from localhost ?

Thank you for your help

[falko]

Please also check the saslauthd configuration and /etc/postfix/main.cf.

[alte94]

Quote:

Originally Posted by falko

Please also check the saslauthd configuration and /etc/postfix/main.cf.

Code:

# Debian specific:  Specifying a file name will cause the first
# line of that file to be used as the name.  The Debian default
# is /etc/mailname.
#myorigin = /etc/mailname

smtpd_banner = $myhostname ESMTP $mail_name (Ubuntu)
biff = no

# appending .domain is the MUA's job.
append_dot_mydomain = no

# Uncomment the next line to generate "delayed mail" warnings
#delay_warning_time = 4h

# TLS parameters
smtpd_tls_cert_file = /etc/postfix/smtpd.cert
smtpd_tls_key_file = /etc/postfix/smtpd.key
smtpd_use_tls = yes
smtpd_tls_auth_only = no
smtp_tls_security_level = may
smtp_enforce_tls = no
smtpd_tls_loglevel = 1

# see https://bugs.launchpad.net/ubuntu/+source/postfix/+bug/223376/comments/4
data_directory = /var/lib/postfix
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
smtp_tls_session_cache_timeout = 3600s
tls_random_exchange_name = ${data_directory}/prng_exch

# See /usr/share/doc/postfix/TLS_README.gz in the postfix-doc package for
# information on enabling SSL in the smtp client.

myhostname = server.domain.tld
alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases
myorigin = /etc/mailname
mydestination = server.domain.tld, localhost, localhost.localdomain
relayhost =
mynetworks = 127.0.0.0/8
mailbox_size_limit = 31457280
recipient_delimiter = +
inet_interfaces = all
readme_directory = /usr/share/doc/postfix
html_directory = /usr/share/doc/postfix/html

# ## BOC ## http://www.howtoforge.com/forums/showthread.php?t=23644&page=9
local_recipient_maps = $alias_maps $virtual_mailbox_maps unix:passwd.byname
home_mailbox = Maildir/
# ## EOC ##

virtual_alias_domains =
virtual_alias_maps = proxy:mysql:/etc/postfix/mysql-virtual_forwardings.cf, mysql:/etc/postfix/mysql-virtual_email2email.cf
virtual_mailbox_domains = proxy:mysql:/etc/postfix/mysql-virtual_domains.cf
virtual_mailbox_maps = proxy:mysql:/etc/postfix/mysql-virtual_mailboxes.cf
virtual_mailbox_base = /home/vmail
virtual_uid_maps = static:5000
virtual_gid_maps = static:5000

smtpd_sasl_path = /etc/postfix/sasl
smtpd_sasl_auth_enable = yes
smtpd_sasl_local_domain =
broken_sasl_auth_clients = yes
smtpd_sasl_authenticated_header = yes
smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination
transport_maps = proxy:mysql:/etc/postfix/mysql-virtual_transports.cf

virtual_create_maildirsize = yes
virtual_mailbox_extended = yes
virtual_mailbox_limit_maps = proxy:mysql:/etc/postfix/mysql-virtual_mailbox_limit_maps.cf
virtual_mailbox_limit_override = yes
virtual_maildir_limit_message = "The user you are trying to reach is over quota."
virtual_overquota_bounce = yes
proxy_read_maps = $local_recipient_maps $mydestination $virtual_alias_maps $virtual_alias_domains $virtual_mailbox_maps $virtual_mailbox_domains $relay_recipient_maps $relay_domains $canonical_maps $sender_canonical_maps $recipient_canonical_maps $relocated_maps $transport_maps $mynetworks $virtual_mailbox_limit_maps
content_filter = amavis:[127.0.0.1]:10024
receive_override_options = no_address_mappings

[falko]

Did you check the saslauthd configuration?

[alte94]

Quote:

Originally Posted by falko

Did you check the saslauthd configuration?

I found something strange in the log, read dozens of posts but nothing solved the problem.
# cat /var/log/auth.log

Code:

Feb 27 17:22:18 c6po postfix/smtpd[17831]: sql_select option missing
Feb 27 17:22:18 c6po postfix/smtpd[17831]: auxpropfunc error no mechanism available
Feb 27 17:22:18 c6po postfix/smtpd[17831]: _sasl_plugin_load failed on sasl_auxprop_plug_init for plugin: sql

# cat /etc/default/saslauthd

Code:

#
# Settings for saslauthd daemon
# Please read /usr/share/doc/sasl2-bin/README.Debian for details.
#

# Should saslauthd run automatically on startup? (default: no)
START=yes

# PARAMS="-m /var/spool/postfix/var/run/saslauthd"

# Description of this saslauthd instance. Recommended.
# (suggestion: SASL Authentication Daemon)
DESC="SASL Authentication Daemon"

# Short name of this saslauthd instance. Strongly recommended.
# (suggestion: saslauthd)
NAME="saslauthd"

# Which authentication mechanisms should saslauthd use? (default: pam)
#
# Available options in this Debian package:
# getpwent  -- use the getpwent() library function
# kerberos5 -- use Kerberos 5
# pam       -- use PAM
# rimap     -- use a remote IMAP server
# shadow    -- use the local shadow password file
# sasldb    -- use the local sasldb database file
# ldap      -- use LDAP (configuration is in /etc/saslauthd.conf)
#
# Only one option may be used at a time. See the saslauthd man page
# for more information.
#
# Example: MECHANISMS="pam"
MECHANISMS="pam"

# Additional options for this mechanism. (default: none)
# See the saslauthd man page for information about mech-specific options.
MECH_OPTIONS=""

# How many saslauthd processes should we run? (default: 5)
# A value of 0 will fork a new process for each connection.
THREADS=5

# Other options (default: -c -m /var/run/saslauthd)
# Note: You MUST specify the -m option or saslauthd won't run!
#
# WARNING: DO NOT SPECIFY THE -d OPTION.
# The -d option will cause saslauthd to run in the foreground instead of as
# a daemon. This will PREVENT YOUR SYSTEM FROM BOOTING PROPERLY. If you wish
# to run saslauthd in debug mode, please run it by hand to be safe.
#
# See /usr/share/doc/sasl2-bin/README.Debian for Debian-specific information.
# See the saslauthd man page and the output of 'saslauthd -h' for general
# information about these options.
#
# Example for postfix users: "-c -m /var/spool/postfix/var/run/saslauthd"
# OPTIONS="-c -m /var/run/saslauthd"

OPTIONS="-c -m /var/spool/postfix/var/run/saslauthd -r"

# cat /etc/pam.d/smtp

Code:

auth    required   pam_mysql.so user=mailadmin passwd=password host=127.0.0.1 db=mail table=users usercolumn=email passwdcolumn=password crypt=1
account sufficient pam_mysql.so user=mailadmin passwd=password host=127.0.0.1 db=mail table=users usercolumn=email passwdcolumn=password crypt=1

# cat /etc/postfix/sasl/smtpd.conf

Code:

 
pwcheck_method: saslauthd
mech_list: login plain
allow_plaintext: true
auxprop_plugin: mysql
sql_hostnames: 127.0.0.1
sql_user: mailadmin
sql_passwd: password
sql_database: mail
sql_select: select password from users where email = '%u'

Another strange thing is I have 3 smtpd.conf !? Don't know if it's 'normal' ?

/etc/postfix/sasl/smtpd.conf
/usr/lib/sasl2/smtpd.conf
/var/spool/postfix/etc/postfix/sasl/smtpd.conf

[alte94]

Quote:

Originally Posted by alte94

Another strange thing is I have 3 smtpd.conf !? Don't know if it's 'normal' ?
/etc/postfix/sasl/smtpd.conf
/usr/lib/sasl2/smtpd.conf
/var/spool/postfix/etc/postfix/sasl/smtpd.conf

I notice that these 3 files are owned by root and 644. Shouldn't they be owned by postfix ?

Another point, saslfinger states :
-- smtpd is linked to --
libsasl2.so.2 => /usr/lib/libsasl2.so.2 (0xb7cd8000)

I read somewhere that it means 'smtpd.conf not read'. Is it correct, and if yes, how to solve the problem ?

[falko]

What's in /etc/postfix/master.cf and /var/spool/postfix/etc/postfix/sasl/smtpd.conf ?