Go Back   HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials > Linux Forums > HOWTO-Related Questions

Do you like HowtoForge? Please consider supporting us by becoming a subscriber.
Reply
 
Thread Tools Display Modes
  #1  
Old 1st April 2007, 17:03
switchtower switchtower is offline
Junior Member
 
Join Date: Apr 2007
Posts: 4
Thanks: 0
Thanked 0 Times in 0 Posts
Default Debian Etch Postfix Sasl2 issues

I was curious is someone here could help me out with something. I've used howtoforge.net for some time and absolutely love all the information and howto's here, it's great. Usually when I work on something and have problems I'll check the logs and just Google my problem, but this time seems to be a little more difficult and I can't figure out what is wrong.

I followed the "Virtual Users And Domains With Postfix, Courier And MySQL" by falko but used Debian Etch instead. I can send and receive email without a problem through roundcube, but I can't send mail out from an email client such as Ice Dove or Outlook.

Here are some of my configuration files:

/etc/postfix/main.cf

Code:
myhostname = mail.switchtower.org
mydestination = mail.switchtower.org, localhost, localhost.localdomain
mynetworks = 127.0.0.0/8
virtual_alias_domains =
virtual_alias_maps = proxy:mysql:/etc/postfix/mysql-virtual_forwardings.cf, mysql:/etc/postfix/mysql-virtual_email2email.cf
virtual_mailbox_domains = proxy:mysql:/etc/postfix/mysql-virtual_domains.cf
virtual_mailbox_maps = proxy:mysql:/etc/postfix/mysql-virtual_mailboxes.cf
virtual_mailbox_base = /home/vmail
virtual_uid_maps = static:5000
virtual_gid_maps = static:5000
smtpd_sasl_auth_enable = yes
broken_sasl_auth_clients = yes
smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination
smtpd_use_tls = yes
smtpd_tls_cert_file = /etc/postfix/smtpd.cert
smtpd_tls_key_file = /etc/postfix/smtpd.key
transport_maps = proxy:mysql:/etc/postfix/mysql-virtual_transports.cf
virtual_create_maildirsize = yes
virtual_mailbox_extended = yes
virtual_mailbox_limit_maps = proxy:mysql:/etc/postfix/mysql-virtual_mailbox_limit_maps.cf
virtual_mailbox_limit_override = yes
virtual_maildir_limit_message = "The user you are trying to reach is over quota."
virtual_overquota_bounce = yes
proxy_read_maps = $local_recipient_maps $mydestination $virtual_alias_maps $virtual_alias_domains $virtual_mailbox_maps $virtual_mailbox_domains $relay_recipient_maps $relay_domains $canonical_maps $sender_canonical_maps $recipient_canonical_maps $relocated_maps $transport_maps $mynetworks $virtual_mailbox_limit_maps
inet_interfaces = all
/etc/default/saslauthd

Code:
#
# Settings for saslauthd daemon
#

# Should saslauthd run automatically on startup? (default: no)
START=yes

# Which authentication mechanisms should saslauthd use? (default: pam)
#
# Available options in this Debian package:
# getpwent  -- use the getpwent() library function
# kerberos5 -- use Kerberos 5
# pam       -- use PAM
# rimap     -- use a remote IMAP server
# shadow    -- use the local shadow password file
# sasldb    -- use the local sasldb database file
# ldap      -- use LDAP (configuration is in /etc/saslauthd.conf)
#
# Only one option may be used at a time. See the saslauthd man page
# for more information.
#
# Example: MECHANISMS="pam"

MECHANISMS="pam"
OPTIONS="-m /var/spool/postfix/var/run/saslauthd -r -c"


# Additional options for this mechanism. (default: none)
# See the saslauthd man page for information about mech-specific options.
MECH_OPTIONS=""

# How many saslauthd processes should we run? (default: 5)
# A value of 0 will fork a new process for each connection.
THREADS=5

# Other options (default: -c)
# See the saslauthd man page for information about these options.
#
# Example for postfix users: "-c -m /var/spool/postfix/var/run/saslauthd"
# Note: See /usr/share/doc/sasl2-bin/README.Debian
#OPTIONS="-c"
/etc/postfix/sasl/smtpd.conf

Code:
pwcheck_method: saslauthd
mech_list: plain login
allow_plaintext: true
auxprop_plugin: mysql
sql_hostnames: 127.0.0.1
sql_user: mail_admin
sql_passwd: (password)
sql_database: mail
sql_select: select password from users where email = '%u'
/etc/pam.d/smtp
Code:
auth    required   pam_mysql.so user=mail_admin passwd=password host=127.0.0.1 db=mail table=users usercolumn=email passwdcolumn=password crypt=1
account sufficient pam_mysql.so user=mail_admin passwd=password host=127.0.0.1 db=mail table=users usercolumn=email passwdcolumn=password crypt=1
tail -20 /var/log/mail.log
Code:
Apr  1 10:58:54 mail postfix/anvil[29009]: statistics: max connection count 1 for (smtp:24.11.146.57) at Apr  1 10:55:30
Apr  1 10:58:54 mail postfix/anvil[29009]: statistics: max cache size 1 at Apr  1 10:55:30
Apr  1 10:59:36 mail imapd: Connection, ip=[::ffff:127.0.0.1]
Apr  1 10:59:36 mail authdaemond: received auth request, service=imap, authtype=login
Apr  1 10:59:36 mail authdaemond: authmysql: trying this module
Apr  1 10:59:36 mail authdaemond: SQL query: SELECT email, password, "", 5000, 5000, "/home/vmail", CONCAT(SUBSTRING_INDEX(email,'@',-1),'/',SUBSTRING_INDEX(email,'@',1),'/'), quota, "", "" FROM users WHERE email = "nick@switchtower.org"
Apr  1 10:59:36 mail authdaemond: password matches successfully
Apr  1 10:59:36 mail authdaemond: authmysql: sysusername=<null>, sysuserid=5000, sysgroupid=5000, homedir=/home/vmail, address=nick@switchtower.org, fullname=<null>, maildir=switchtower.org/nick/, quota=2147483647, options=<null>
Apr  1 10:59:36 mail authdaemond: Authenticated: sysusername=<null>, sysuserid=5000, sysgroupid=5000, homedir=/home/vmail, address=nick@switchtower.org, fullname=<null>, maildir=switchtower.org/nick/, quota=2147483647, options=<null>
Apr  1 10:59:36 mail imapd: LOGIN, user=nick@switchtower.org, ip=[::ffff:127.0.0.1], protocol=IMAP
Apr  1 10:59:36 mail imapd: LOGOUT, user=nick@switchtower.org, ip=[::ffff:127.0.0.1], headers=0, body=0, rcvd=25, sent=180, time=0
Apr  1 11:00:36 mail imapd: Connection, ip=[::ffff:127.0.0.1]
Apr  1 11:00:36 mail authdaemond: received auth request, service=imap, authtype=login
Apr  1 11:00:36 mail authdaemond: authmysql: trying this module
Apr  1 11:00:36 mail authdaemond: SQL query: SELECT email, password, "", 5000, 5000, "/home/vmail", CONCAT(SUBSTRING_INDEX(email,'@',-1),'/',SUBSTRING_INDEX(email,'@',1),'/'), quota, "", "" FROM users WHERE email = "nick@switchtower.org"
Apr  1 11:00:36 mail authdaemond: password matches successfully
Apr  1 11:00:36 mail authdaemond: authmysql: sysusername=<null>, sysuserid=5000, sysgroupid=5000, homedir=/home/vmail, address=nick@switchtower.org, fullname=<null>, maildir=switchtower.org/nick/, quota=2147483647, options=<null>
Apr  1 11:00:36 mail authdaemond: Authenticated: sysusername=<null>, sysuserid=5000, sysgroupid=5000, homedir=/home/vmail, address=nick@switchtower.org, fullname=<null>, maildir=switchtower.org/nick/, quota=2147483647, options=<null>
Apr  1 11:00:36 mail imapd: LOGIN, user=nick@switchtower.org, ip=[::ffff:127.0.0.1], protocol=IMAP
Apr  1 11:00:36 mail imapd: LOGOUT, user=nick@switchtower.org, ip=[::ffff:127.0.0.1], headers=0, body=0, rcvd=25, sent=180, time=0
Please let me know if you can help and also if you need anything else from me. Any help would be GREATLY appreciated

Nick
Reply With Quote
Sponsored Links
  #2  
Old 2nd April 2007, 15:53
falko falko is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 41,701
Thanks: 1,900
Thanked 2,739 Times in 2,574 Posts
Default

You must enable "Server requires authentication." in your email clients.
__________________
Falko
--
Download the ISPConfig 3 Manual! | Check out the ISPConfig 3 Billing Module!

FB: http://www.facebook.com/howtoforge

nginx-Webhosting: Timme Hosting | Follow me on:
Reply With Quote
  #3  
Old 2nd April 2007, 19:06
switchtower switchtower is offline
Junior Member
 
Join Date: Apr 2007
Posts: 4
Thanks: 0
Thanked 0 Times in 0 Posts
Default

thank you falko for responding I tried enabling "Server requires authentication" in Ice Dove, but it just told me that the server didn't support it.

Here is some updated log files from the server, maybe this will help better understand the problem:

Code:
Apr  2 13:04:48 mail imapd: LOGIN, user=nick@switchtower.org, ip=[::ffff:127.0.0.1], protocol=IMAP
Apr  2 13:04:48 mail imapd: LOGOUT, user=nick@switchtower.org, ip=[::ffff:127.0.0.1], headers=0, body=0, rcvd=25, sent=180, time=0
Apr  2 13:05:20 mail postfix/smtpd[3140]: warning: dict_nis_init: NIS domain name not set - NIS lookups disabled
Apr  2 13:05:21 mail postfix/smtpd[3140]: warning: 69.16.222.227: address not listed for hostname switchtower.liquidweb.com
Apr  2 13:05:21 mail postfix/smtpd[3140]: connect from unknown[69.16.222.227]
Apr  2 13:05:26 mail postfix/smtpd[3140]: warning: SASL authentication failure: Password verification failed
Apr  2 13:05:26 mail postfix/smtpd[3140]: warning: unknown[69.16.222.227]: SASL PLAIN authentication failed: authentication failure
Apr  2 13:05:26 mail postfix/smtpd[3140]: warning: unknown[69.16.222.227]: SASL LOGIN authentication failed: authentication failure
Thanks again,

Nick
Reply With Quote
  #4  
Old 3rd April 2007, 19:06
falko falko is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 41,701
Thanks: 1,900
Thanked 2,739 Times in 2,574 Posts
Default

Did you use this tutorial? http://www.howtoforge.com/virtual_po...er_ubuntu_edgy

If so, you must change /etc/default/saslauthd. On Etch, PARAMS has been replaced with OPTIONS, so replace

Code:
PARAMS="-m /var/spool/postfix/var/run/saslauthd -r"
with

Code:
OPTIONS="-m /var/spool/postfix/var/run/saslauthd -r -c"
__________________
Falko
--
Download the ISPConfig 3 Manual! | Check out the ISPConfig 3 Billing Module!

FB: http://www.facebook.com/howtoforge

nginx-Webhosting: Timme Hosting | Follow me on:
Reply With Quote
  #5  
Old 3rd April 2007, 20:31
switchtower switchtower is offline
Junior Member
 
Join Date: Apr 2007
Posts: 4
Thanks: 0
Thanked 0 Times in 0 Posts
Default

thanks for you reply falko, I did use
Code:
OPTIONS="-m /var/spool/postfix/var/run/saslauthd -r -c"
I'll look through the Ubuntu howto see if I can see any differences in what I did.

Thanks again.
Reply With Quote
  #6  
Old 4th April 2007, 17:05
wad wad is offline
Junior Member
 
Join Date: Apr 2006
Posts: 3
Thanks: 0
Thanked 0 Times in 0 Posts
Default

I'm trying to do the exact same thing. I'd like my mail users to be able to send mail through my postfix, but it needs to be secure. I don't care if I just have a single username/password for all users trying to send email, actually.

Has anyone tried this using the rimap option in saskauthd for this purpose?
Reply With Quote
  #7  
Old 4th April 2007, 18:05
switchtower switchtower is offline
Junior Member
 
Join Date: Apr 2007
Posts: 4
Thanks: 0
Thanked 0 Times in 0 Posts
Default

All is fixed

Falko was right, i wasn't forcing my client to use TLS for SMTP connections. Thanks Falko, as usually, I've used your suggestion to fix my problem.

Nick
Reply With Quote
  #8  
Old 5th April 2007, 18:20
wad wad is offline
Junior Member
 
Join Date: Apr 2006
Posts: 3
Thanks: 0
Thanked 0 Times in 0 Posts
Default

Mine is working now too. Here's what I did, top to bottom, to get debian etch with postfix working to send SMTP mail securely with TLS:

1. apt-get install libsasl2-modules sasl2-bin
2. edited /etc/default/saslauthd like this:
START=yes
MECHANISMS="shadow"
MECH_OPTIONS=""
THREADS=5
OPTIONS="-c"
3. copied contents of /usr/share/postfix/main.cf.tls into /etc/postfix/main.cf, added these lines:
smtpd_sasl_auth_enable = yes
broken_sasl_auth_clients = yes
smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination
smtpd_tls_cert_file=/etc/ssl/certs/wadhome.org.pem
smtpd_tls_key_file=/etc/ssl/private/wadhome.org.pem
smtpd_use_tls=yes
smtpd_tls_session_cache_database = btree:${queue_directory}/smtpd_scache
smtp_tls_session_cache_database = btree:${queue_directory}/smtp_scache
4. put stuff into /etc/postfix/sasl/smtpd.conf:
pwcheck_method: saslauthd
mech_list: plain login
5. Fixed problems with postfix ownership of the pipe:
mkdir -p /var/spool/postfix/var/run/saslauthd
Added this to /etc/fstab: /var/run/saslauthd /var/spool/postfix/var/run/saslauthd none bind 0 0
mount /var/spool/postfix/var/run/saslauthd
chmod 755 /var/spool/postfix/var/run/saslauthd
6. /etc/init.d/saslauthd start
7. /etc/init.d/postfix restart
Reply With Quote
  #9  
Old 23rd May 2007, 21:11
Stoneborn Stoneborn is offline
Junior Member
 
Join Date: May 2007
Posts: 5
Thanks: 0
Thanked 0 Times in 0 Posts
Angry

I'm trying to setup SMTP authentication for my mail-server (DEBIAN ETCH) for the last 5 days but nothing i tried so far is really working. Perhaps anybody here can help me getting all running

I created /var/spool/postfix/var/run/saslauthd/ by running:
mkdir -p /var/spool/postfix/var/run/saslauthd/

I followed /usr/share/doc/sasl2-bin/README.Debian and made:
dpkg-statoverride --add root sasl 710 /var/spool/postfix/var/run/saslauthd

/etc/default/saslauthd
Code:
START=yes
MECHANISMS="pam"
MECH_OPTIONS=""
THREADS=5
OPTIONS="-c -m /var/spool/postfix/var/run/saslauthd"
/etc/pam.d/smtp
Code:
auth required pam_mysql.so user=mailuser passwd=mypasswd host=localhost db=mailusers table=mailbox usercolumn=user passwdcolumn=password crypt=1

account sufficient pam_mysql.so user=mailuser passwd=mypasswd host=localhost db=mailusers table=mailbox usercolumn=user passwdcolumn=password crypt=1
relevant information from /etc/postfix/main.cf
Code:
smtpd_sasl_auth_enable = yes
smtpd_sasl_security_options = noanonymous
smtpd_sasl_local_domain = $myhostname
broken_sasl_auth_clients = no

smtpd_helo_required = yes
smtpd_recipient_restrictions =
        permit_sasl_authenticated,
        permit_mynetworks,
        reject_unauth_destination

smtpd_sender_restrictions =
        permit_sasl_authenticated,
        permit_mynetworks,
        reject_unauth_destination

smtpd_helo_restrictions =
        permit_sasl_authenticated,
        permit_mynetworks,
        reject_unauth_destination

smtpd_use_tls = yes
smtpd_tls_auth_only = yes

smtpd_tls_key_file = /etc/postfix/smtpd.pem
smtpd_tls_cert_file = /etc/postfix/smtpd.pem
smtpd_tls_CAfile = /etc/postfix/smtpd.pem
If I use this
/etc/postfix/sasl/smtpd.conf
Code:
pwcheck_method: saslauthd
mech_ist: PLAIN LOGIN
then I'm getting the following error in /var/log/auth.log

Code:
May 23 20:56:41 servername postfix/smtpd[25836]: sql_select option missing
May 23 20:56:41 servername postfix/smtpd[25836]: auxpropfunc error no mechanism available
May 23 20:56:41 servername postfix/smtpd[25836]: _sasl_plugin_load failed on sasl_auxprop_plug_init for plugin: sql
If I use this version of /etc/postfix/sasl/smtpd.conf instead
Code:
pwcheck_method: saslauthd
mech_ist: PLAIN LOGIN

sasl_pwcheck_method: auxprop
sasl_auxprop_plugin: mysql
allow_plaintext: true
password_format: crypt
mech_list: plain login CRAM-MD5 DIGEST-MD5

sql_engine: mysql
sql_hostnames: 127.0.0.1
sql_database: mailusers
sql_user: mailuser
sql_passwd: mypasswd
sql_select: SELECT password FROM mailbox WHERE user='%u@%r
I receive the following error
Code:
May 23 21:01:21 servername postfix/smtpd[26465]: warning: SASL authentication failure: incorrect digest response
May 23 21:01:21 servername postfix/smtpd[26465]: warning: p54xxxxxx.dip.t-dialin.net[xx.xxx.xx.xxx]: SASL CRAM-MD5 authentication failed: authentication failure

Hope I didn't forget to post one of these config-files
If so please tell me I will give you the missing information.

Thanks for your help in advance...
Reply With Quote
  #10  
Old 24th May 2007, 18:24
falko falko is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 41,701
Thanks: 1,900
Thanked 2,739 Times in 2,574 Posts
 
Default

Try this in /etc/postfix/sasl/smtpd.conf (from http://www.howtoforge.com/virtual_po...ubuntu_edgy_p3 ):

Code:
pwcheck_method: saslauthd
mech_list: plain login
allow_plaintext: true
auxprop_plugin: mysql
sql_hostnames: 127.0.0.1
sql_user: mail_admin
sql_passwd: mail_admin_password
sql_database: mail
sql_select: select password from users where email = '%u'
__________________
Falko
--
Download the ISPConfig 3 Manual! | Check out the ISPConfig 3 Billing Module!

FB: http://www.facebook.com/howtoforge

nginx-Webhosting: Timme Hosting | Follow me on:
Reply With Quote
Reply

Bookmarks

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Virtual Users And Domains With Postfix, Courier And MySQL & debian etch Tortanick HOWTO-Related Questions 5 19th June 2007 12:29
Issues with Postfix using "Virtual Users And Domains With Postfix, Courier And MySQL" Kyse HOWTO-Related Questions 15 6th January 2007 15:35
Centos 4.4 32bit Hangs, High Server load 3cwired_com Server Operation 11 16th November 2006 15:47
Verify email setup meekish Installation/Configuration 28 27th October 2006 15:36
e-mail problem!!! Debian 3.1 maroonworks Installation/Configuration 18 6th December 2005 14:42


All times are GMT +2. The time now is 14:58.


Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.