Go Back   HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials > Linux Forums > HOWTO-Related Questions

Do you like HowtoForge? Please consider supporting us by becoming a subscriber.
Reply
 
Thread Tools Display Modes
  #1  
Old 4th June 2010, 12:34
zeljko zeljko is offline
Junior Member
 
Join Date: Jun 2010
Posts: 13
Thanks: 0
Thanked 0 Times in 0 Posts
Default SASL not working ""Virtual Users And Domains With Postfix, Courier, MySQL And Squirr"

Hi all,

I have setup mail server using this tutorial "Virtual Users And Domains With Postfix, Courier, MySQL And SquirrelMail (Ubuntu 9.10)" but when I set SMTP server in e-mail client to use secure authentication I got "Login to server zm.gotdns.com failed." with those in /var/mail/mail.log :


Jun 4 10:44:32 zm postfix/smtpd[20951]: warning: SASL authentication failure: no secret in database
Jun 4 10:44:32 zm postfix/smtpd[20951]: warning: localhost.localdomain[127.0.0.1]: SASL CRAM-MD5 authentication failed: authentication failure
Jun 4 10:44:32 zm postfix/smtpd[20951]: warning: SASL authentication failure: no secret in database
Jun 4 10:44:32 zm postfix/smtpd[20951]: warning: localhost.localdomain[127.0.0.1]: SASL NTLM authentication failed: authentication failure
Jun 4 10:44:35 zm postfix/smtpd[20951]: disconnect from localhost.localdomain[127.0.0.1]

Please can you help me out with this ?

Zeljko
Reply With Quote
Sponsored Links
  #2  
Old 4th June 2010, 13:05
Mark_NL Mark_NL is offline
Senior Member
 
Join Date: Sep 2008
Location: The Netherlands
Posts: 912
Thanks: 12
Thanked 100 Times in 96 Posts
Default

is your smtpd running chrooted?

Code:
cat /etc/postfix/sasl/smtpd.conf
grep smtpd /etc/postfix/master.cf
cat /etc/postfix/main.cf
Reply With Quote
  #3  
Old 4th June 2010, 13:29
zeljko zeljko is offline
Junior Member
 
Join Date: Jun 2010
Posts: 13
Thanks: 0
Thanked 0 Times in 0 Posts
Default

Those are the outputs :


pwcheck_method: saslauthd
mech_list: plain login
allow_plaintext: true
auxprop_plugin: mysql
sql_hostnames: 127.0.0.1
sql_user: *******
sql_passwd: *******
sql_database: mail
sql_select: select password from users where email = '%u'
______----------------------------------------------------------------_______
smtp inet n - - - - smtpd
#submission inet n - - - - smtpd
# -o smtpd_tls_security_level=encrypt
# -o smtpd_sasl_auth_enable=yes
# -o smtpd_client_restrictions=permit_sasl_authenticate d,reject
#smtps inet n - - - - smtpd
# -o smtpd_tls_wrappermode=yes
# -o smtpd_sasl_auth_enable=yes
# -o smtpd_client_restrictions=permit_sasl_authenticate d,reject
127.0.0.1:10025 inet n - - - - smtpd
-o smtpd_restriction_classes=
-o smtpd_client_restrictions=
-o smtpd_helo_restrictions=
-o smtpd_sender_restrictions=
-o smtpd_recipient_restrictions=permit_mynetworks,rej ect
-o smtpd_bind_address=127.0.0.1
-----------------------------------------------------------------------------
# See /usr/share/postfix/main.cf.dist for a commented, more complete version


# Debian specific: Specifying a file name will cause the first
# line of that file to be used as the name. The Debian default
# is /etc/mailname.
#myorigin = /etc/mailname

smtpd_banner = $myhostname ESMTP $mail_name (Ubuntu)
biff = no

# appending .domain is the MUA's job.
append_dot_mydomain = no

# Uncomment the next line to generate "delayed mail" warnings
#delay_warning_time = 4h

readme_directory = /usr/share/doc/postfix

# TLS parameters
smtpd_tls_cert_file = /etc/postfix/smtpd.cert
smtpd_tls_key_file = /etc/postfix/smtpd.key
smtpd_use_tls = yes
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache

# See /usr/share/doc/postfix/TLS_README.gz in the postfix-doc package for
# information on enabling SSL in the smtp client.

myhostname = zm.gotdns.com
alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases
myorigin = /etc/mailname
mydestination = localhost, localhost.localdomain
relayhost =
mynetworks = 127.0.0.0/8
mailbox_size_limit = 0
recipient_delimiter = +
inet_interfaces = all
html_directory = /usr/share/doc/postfix/html
virtual_alias_domains =
virtual_alias_maps = proxy:mysql:/etc/postfix/mysql-virtual_forwardings.cf, mysql:/etc/postfix/mysql-virtual_email2email.cf
virtual_mailbox_domains = proxy:mysql:/etc/postfix/mysql-virtual_domains.cf
virtual_mailbox_maps = proxy:mysql:/etc/postfix/mysql-virtual_mailboxes.cf
virtual_mailbox_base = /home/vmail
virtual_uid_maps = static:5000
virtual_gid_maps = static:5000
smtpd_sasl_auth_enable = yes
smtpd_sasl_path = /etc/postfix/sasl
broken_sasl_auth_clients = yes
smtpd_sasl_authenticated_header = yes
smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination
transport_maps = proxy:mysql:/etc/postfix/mysql-virtual_transports.cf
virtual_create_maildirsize = yes
virtual_maildir_extended = yes
virtual_mailbox_limit_maps = proxy:mysql:/etc/postfix/mysql-virtual_mailbox_limit_maps.cf
virtual_mailbox_limit_override = yes
virtual_maildir_limit_message = "The user you are trying to reach is over quota."
virtual_overquota_bounce = yes
proxy_read_maps = $local_recipient_maps $mydestination $virtual_alias_maps $virtual_alias_domains $virtual_mailbox_maps $virtual_mailbox_domains $relay_recipient_maps $relay_domains $canonical_maps $sender_canonical_maps $recipient_canonical_maps $relocated_maps $transport_maps $mynetworks $virtual_mailbox_limit_maps
content_filter = amavis:[127.0.0.1]:10024
receive_override_options = no_address_mappings
---------------------------------------------------------------
Reply With Quote
  #4  
Old 4th June 2010, 14:17
Mark_NL Mark_NL is offline
Senior Member
 
Join Date: Sep 2008
Location: The Netherlands
Posts: 912
Thanks: 12
Thanked 100 Times in 96 Posts
Default

and how does your /etc/default/saslauthd look like?

Code:
cat /etc/default/saslauthd
Reply With Quote
  #5  
Old 4th June 2010, 14:20
zeljko zeljko is offline
Junior Member
 
Join Date: Jun 2010
Posts: 13
Thanks: 0
Thanked 0 Times in 0 Posts
Default

#
# Settings for saslauthd daemon
# Please read /usr/share/doc/sasl2-bin/README.Debian for details.
#

# Should saslauthd run automatically on startup? (default: no)
START=yes

# Description of this saslauthd instance. Recommended.
# (suggestion: SASL Authentication Daemon)
DESC="SASL Authentication Daemon"

# Short name of this saslauthd instance. Strongly recommended.
# (suggestion: saslauthd)
NAME="saslauthd"

# Which authentication mechanisms should saslauthd use? (default: pam)
#
# Available options in this Debian package:
# getpwent -- use the getpwent() library function
# kerberos5 -- use Kerberos 5
# pam -- use PAM
# rimap -- use a remote IMAP server
# shadow -- use the local shadow password file
# sasldb -- use the local sasldb database file
# ldap -- use LDAP (configuration is in /etc/saslauthd.conf)
#
# Only one option may be used at a time. See the saslauthd man page
# for more information.
#
# Example: MECHANISMS="pam"
MECHANISMS="pam"

# Additional options for this mechanism. (default: none)
# See the saslauthd man page for information about mech-specific options.
MECH_OPTIONS=""

# How many saslauthd processes should we run? (default: 5)
# A value of 0 will fork a new process for each connection.
THREADS=5

# Other options (default: -c -m /var/run/saslauthd)
# Note: You MUST specify the -m option or saslauthd won't run!
#
# WARNING: DO NOT SPECIFY THE -d OPTION.
# The -d option will cause saslauthd to run in the foreground instead of as
# a daemon. This will PREVENT YOUR SYSTEM FROM BOOTING PROPERLY. If you wish
# to run saslauthd in debug mode, please run it by hand to be safe.
#
# See /usr/share/doc/sasl2-bin/README.Debian for Debian-specific information.
# See the saslauthd man page and the output of 'saslauthd -h' for general
# information about these options.
#
# Example for postfix users: "-c -m /var/spool/postfix/var/run/saslauthd"
OPTIONS="-c -m /var/spool/postfix/var/run/saslauthd -r"
Reply With Quote
  #6  
Old 4th June 2010, 14:34
zeljko zeljko is offline
Junior Member
 
Join Date: Jun 2010
Posts: 13
Thanks: 0
Thanked 0 Times in 0 Posts
Default

Mark,

Just to be clear what I am trying to do ... I am trying to make mail users who uses my SMTP server to authenticate them selfs when sending mail while using e-mail clients in my local network ( even from my server ), but for some reason this doesn't work ... I'm not an expert but it seems like SASL is not using mysql ( where users and passwords are stored ) to do authentication ...
Reply With Quote
  #7  
Old 4th June 2010, 14:53
Mark_NL Mark_NL is offline
Senior Member
 
Join Date: Sep 2008
Location: The Netherlands
Posts: 912
Thanks: 12
Thanked 100 Times in 96 Posts
Default

have a close look at page 2 of the How-To
http://www.howtoforge.com/virtual-us...ubuntu-9.10-p2

The authentication with courier/sasl/pam/mysql is configurated there, if you missed a step there you can run into problems like you have now ;0

so double check them
Reply With Quote
  #8  
Old 4th June 2010, 15:03
zeljko zeljko is offline
Junior Member
 
Join Date: Jun 2010
Posts: 13
Thanks: 0
Thanked 0 Times in 0 Posts
Default

Mark,

I did it dozen of times, but just in case did it once again now and it all looks exactly the same like in the tutorial ... I've googled everything but with no result
Reply With Quote
  #9  
Old 4th June 2010, 15:21
Mark_NL Mark_NL is offline
Senior Member
 
Join Date: Sep 2008
Location: The Netherlands
Posts: 912
Thanks: 12
Thanked 100 Times in 96 Posts
Default

hehe, that sucks i know how you feel

Only thing i can say about these how-to's .. if you read them from top to bottom and do EXACTLY what they say you should, then the solution works, period. If it's not working, you must've made an error somewhere in the process, changed a value, forgot a step or something.

maybe some process is not running? maybe some persmissions aren't correct? maybe you missed a package that didn't got installed, i can go on and on like this
Reply With Quote
  #10  
Old 4th June 2010, 15:21
zeljko zeljko is offline
Junior Member
 
Join Date: Jun 2010
Posts: 13
Thanks: 0
Thanked 0 Times in 0 Posts
 
Default

Just find out that client side sasl authentication cannot work without smtp_sasl_password_maps parameter in main.cf. And really I don't have that parameter there. Does anybody know how this parameter should be set to work with mysql virtual users?
Reply With Quote
Reply

Bookmarks

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump


All times are GMT +2. The time now is 17:07.


Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.