Go Back   HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials > Linux Forums > Installation/Configuration

Do you like HowtoForge? Please consider supporting us by becoming a subscriber.
Reply
 
Thread Tools Display Modes
  #41  
Old 2nd May 2008, 14:39
falko falko is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 41,701
Thanks: 1,900
Thanked 2,743 Times in 2,577 Posts
Default

Please follow chapter 14 from http://www.howtoforge.com/perfect_server_ubuntu7.10_p5

This link might be interesting if you want to set up mail accounts on the command line: http://www.howtoforge.com/forums/showthread.php?t=2
__________________
Falko
--
Download the ISPConfig 3 Manual! | Check out the ISPConfig 3 Billing Module!

FB: http://www.facebook.com/howtoforge

nginx-Webhosting: Timme Hosting | Follow me on:
Reply With Quote
The Following User Says Thank You to falko For This Useful Post:
Challenger (10th May 2008)
Sponsored Links
  #42  
Old 10th May 2008, 19:33
Challenger Challenger is offline
Junior Member
 
Join Date: Apr 2008
Posts: 19
Thanks: 5
Thanked 1 Time in 1 Post
Default

Hi Falko, and thanks for the pointer to the tutorial. I did as it suggested (but without the complete reinstall of postfix and procmail).

My /etc/postfix/main.cf and /etc/default/saslauthd are now the same as in the tutorial.

However I'm still having problems. My mail log file offers:

May 10 18:20:16 pooh postfix/smtpd[8139]: setting up TLS connection from unknown[xx.xx.xx.xx (real values removed)]
May 10 18:20:16 pooh postfix/smtpd[8139]: TLS connection established from unknown[xx.xx.xx.xx]: SSLv3 with cipher RC4-MD5 (128/128 bits)
May 10 18:20:16 pooh postfix/smtpd[8139]: warning: SASL authentication problem: unable to open Berkeley db /etc/sasldb2: No such file or directory
May 10 18:20:16 pooh postfix/smtpd[8139]: warning: SASL authentication problem: unable to open Berkeley db /etc/sasldb2: No such file or directory
May 10 18:20:16 pooh postfix/smtpd[8139]: warning: unknown[xx.xx.xx.xx]: SASL LOGIN authentication failed: authentication failure
May 10 18:20:17 pooh postfix/smtpd[8139]: warning: unknown[xx.xx.xx.xx]: SASL NTLM authentication failed: bad protocol / cancel
May 10 18:20:17 pooh postfix/smtpd[8139]: disconnect from unknown[xx.xx.xx.xx]

and of course my mail client reports that it is unable to send the message.

Any ideas? How / where should I have created the sasldb2 files / entries? Previously I have listed permitted users in an access file in the postfix directory (converted to .db format of course)...?

Andy
Reply With Quote
  #43  
Old 11th May 2008, 23:07
falko falko is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 41,701
Thanks: 1,900
Thanked 2,743 Times in 2,577 Posts
Default

What's in /etc/postfix/sasl/smtpd.conf, /etc/default/saslauthd, and /etc/postfix/main.cf?
__________________
Falko
--
Download the ISPConfig 3 Manual! | Check out the ISPConfig 3 Billing Module!

FB: http://www.facebook.com/howtoforge

nginx-Webhosting: Timme Hosting | Follow me on:
Reply With Quote
  #44  
Old 13th May 2008, 17:33
Challenger Challenger is offline
Junior Member
 
Join Date: Apr 2008
Posts: 19
Thanks: 5
Thanked 1 Time in 1 Post
Default

Hi Falko, and thanks again.

/etc/postfix/sasl/smtpd.conf contains:

--------------------------------------
pwcheck_method: saslauthd
mech_list: plain login
-----------------------------------------

/etc/default/saslauthd contains:

-------------------------------------
# This needs to be uncommented before saslauthd will be run automatically
# START=yes

# You must specify the authentication mechanisms you wish to use.
# This defaults to "pam" for PAM support, but may also include
# "shadow" or "sasldb", like this:
# MECHANISMS="pam shadow"

# MECHANISMS="pam"
# PARAMS="-m /var/spool/postfix/var/run/saslauthd -r"

# Falko's settings below
#
# Settings for saslauthd daemon
#

# Should saslauthd run automatically on startup? (default: no)

START=yes

# Which authentication mechanisms should saslauthd use? (default: pam)
#
# Available options in this Debian package:
# getpwent -- use the getpwent() library function
# kerberos5 -- use Kerberos 5
# pam -- use PAM
# rimap -- use a remote IMAP server
# shadow -- use the local shadow password file
# sasldb -- use the local sasldb database file
# ldap -- use LDAP (configuration is in /etc/saslauthd.conf)
#
# Only one option may be used at a time. See the saslauthd man page
# for more information.
#
# Example: MECHANISMS="pam"
MECHANISMS="pam"

# Additional options for this mechanism. (default: none)
# See the saslauthd man page for information about mech-specific options.
MECH_OPTIONS=""

# How many saslauthd processes should we run? (default: 5)
# A value of 0 will fork a new process for each connection.
THREADS=5

# Other options (default: -c)
# See the saslauthd man page for information about these options.
#
# Example for postfix users: "-c -m /var/spool/postfix/var/run/saslauthd"
# Note: See /usr/share/doc/sasl2-bin/README.Debian
OPTIONS="-c -m /var/spool/postfix/var/run/saslauthd -r"
------------------------------------------------------------------


/etc/postfix/main.cf contrains:

-------------------------------------------------------------------------
# See /usr/share/postfix/main.cf.dist for a commented, more complete version


# Debian specific: Specifying a file name will cause the first
# line of that file to be used as the name. The Debian default
# is /etc/mailname.
#myorigin = /etc/mailname

smtpd_banner = $myhostname ESMTP $mail_name (Ubuntu)
biff = no

# appending .domain is the MUA's job.

# Uncomment the next line to generate "delayed mail" warnings
#delay_warning_time = 4h

# TLS parameters [Falko: these just happen to be where my (self-generated) certs are. TLS has worked before]
smtpd_tls_cert_file = /etc/apache2/ssl.crt
# Following line added by Andy
smtpd_tls_key_file = /etc/apache2/ssl.key
# Following line added by Andy
# smtpd_tls_key_file=/etc/ssl/certs/smtpd.key
smtpd_use_tls = yes
smtpd_tls_session_cache_database = btree:${queue_directory}/smtpd_scache
smtp_tls_session_cache_database = btree:${queue_directory}/smtp_scache

# See /usr/share/doc/postfix/TLS_README.gz in the postfix-doc package for
# information on enabling SSL in the smtp client.

myhostname = pooh.boul.net
alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases
myorigin = /etc/mailname
home_mailbox = Maildir/
mydestination = pooh.boul.net, localhost.pooh.boul.net, localhost.boul.net, localhost
relayhost =
mynetworks = 127.0.0.0/8, 192.168.1.0/24
mailbox_command = procmail -a "$EXTENSION"
mailbox_size_limit = 0
recipient_delimiter = +
inet_interfaces = all
inet_protocols = all
smtpd_sasl_local_domain =
smtpd_sasl_auth_enable = yes
smtpd_sasl_security_options = noanonymous
broken_sasl_auth_clients = yes
smtpd_recipient_restrictions = permit_sasl_authenticated, permit_mynetworks, reject_unauth_destination
smtpd_tls_auth_only = no
smtp_use_tls = yes
smtp_tls_note_starttls_offer = yes
smtpd_tls_CAfile = /etc/ssl/certs/ca.pem
smtpd_tls_loglevel = 1
smtpd_tls_received_header = yes
smtpd_tls_session_cache_timeout = 3600s
tls_random_source = dev:/dev/urandom
maximal_queue_lifetime = 1d
relayhost = outbound.mailhop.org:2525
smtpd_helo_required = yes
delay_warning_time = 1

# Following lines to end added by Andy
# smtp_sasl_password_maps=hash:/etc/postfix/sasl_passwd


# force authentication
# smtp_sasl_security_options = noanonymous
# be courteous ! (optional)
# smtp_helo_name = pooh.boul.net
# identify yourself (optional)
# smtpd_banner = Pooh Boul Mail

# maximal_queue_lifetime = 1d
# mydomain = pooh.boul.net
# myorigin = pooh.boul.net
# mydestination = pooh.boul.net, localhost.pooh.boul.net, localhost.boul.net, localhost
# home_mailbox = Maildir/

# relayhost = outbound.mailhop.org:2525
# smtpd_delay_reject = no
# smtpd_sender_restrictions = hash:/etc/postfix/access, reject_unknown_sender_domain
# smtpd_recipient_restrictions = permit_mynetworks, check_client_access hash:/etc/postfix/access, reject_unauth_destination
# smtpd_helo_required = yes
# relay_domains = permit_sasl_authenticated, permit_mynetworks, reject_unauth_destination, permit_inet_interfaces
# hash_queue_depth = 3
# delay_warning_time = 1
---------------------------------------------------------------------

You can see there is a lot I have tried in main.cf, but I have commented out everything not in the tutorial.

Thanks again for your help,

Andy
Reply With Quote
  #45  
Old 14th May 2008, 16:51
falko falko is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 41,701
Thanks: 1,900
Thanked 2,743 Times in 2,577 Posts
Default

Looks ok. Can you restart saslauthd and Postfix?

IF that doesn't help, what's in /etc/postfix/master.cf?
__________________
Falko
--
Download the ISPConfig 3 Manual! | Check out the ISPConfig 3 Billing Module!

FB: http://www.facebook.com/howtoforge

nginx-Webhosting: Timme Hosting | Follow me on:
Reply With Quote
  #46  
Old 14th May 2008, 19:41
Challenger Challenger is offline
Junior Member
 
Join Date: Apr 2008
Posts: 19
Thanks: 5
Thanked 1 Time in 1 Post
Default

I've restarted Postfix, and entered the following to restart saslauthd:

> /etc/init.d/saslauthd restart
* To enable saslauthd, edit /etc/default/saslauthd and set START=yes

However, when checking the running processes, saslauthd doesn't appear. I don't think it's running. What have I done wrong!?

In case it's useful, master.cf is:
------------------------------------------------------------------
#
# Postfix master process configuration file. For details on the format
# of the file, see the master(5) manual page (command: "man 5 master").
#
# ================================================== ========================
# service type private unpriv chroot wakeup maxproc command + args
# (yes) (yes) (yes) (never) (100)
# ================================================== ========================
smtp inet n - - - - smtpd
#submission inet n - - - - smtpd
# -o smtpd_enforce_tls=yes
# -o smtpd_sasl_auth_enable=yes
# -o smtpd_client_restrictions=permit_sasl_authenticate d,reject
#smtps inet n - - - - smtpd
# -o smtpd_tls_wrappermode=yes
# -o smtpd_sasl_auth_enable=yes
# -o smtpd_client_restrictions=permit_sasl_authenticate d,reject
#628 inet n - - - - qmqpd
pickup fifo n - - 60 1 pickup
cleanup unix n - - - 0 cleanup
qmgr fifo n - n 300 1 qmgr
#qmgr fifo n - - 300 1 oqmgr
tlsmgr unix - - - 1000? 1 tlsmgr
rewrite unix - - - - - trivial-rewrite
bounce unix - - - - 0 bounce
defer unix - - - - 0 bounce
trace unix - - - - 0 bounce
verify unix - - - - 1 verify
flush unix n - - 1000? 0 flush
proxymap unix - - n - - proxymap
smtp unix - - - - - smtp
# When relaying mail as backup MX, disable fallback_relay to avoid MX loops
relay unix - - - - - smtp
-o fallback_relay=
# -o smtp_helo_timeout=5 -o smtp_connect_timeout=5
showq unix n - - - - showq
error unix - - - - - error
discard unix - - - - - discard
local unix - n n - - local
virtual unix - n n - - virtual
lmtp unix - - - - - lmtp
anvil unix - - - - 1 anvil
scache unix - - - - 1 scache
#
# ================================================== ==================
# Interfaces to non-Postfix software. Be sure to examine the manual
# pages of the non-Postfix software to find out what options it wants.
#
# Many of the following services use the Postfix pipe(8) delivery
# agent. See the pipe(8) man page for information about ${recipient}
# and other message envelope options.
# ================================================== ==================
#
# maildrop. See the Postfix MAILDROP_README file for details.
# Also specify in main.cf: maildrop_destination_recipient_limit=1
#
maildrop unix - n n - - pipe
flags=DRhu user=vmail argv=/usr/bin/maildrop -d ${recipient}
#
# See the Postfix UUCP_README file for configuration details.
#
uucp unix - n n - - pipe
flags=Fqhu user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail ($recipient)
#
# Other external delivery methods.
#
ifmail unix - n n - - pipe
flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient)
bsmtp unix - n n - - pipe
flags=Fq. user=bsmtp argv=/usr/lib/bsmtp/bsmtp -t$nexthop -f$sender $recipient
scalemail-backend unix - n n - 2 pipe
flags=R user=scalemail argv=/usr/lib/scalemail/bin/scalemail-store ${nexthop} ${user} ${extension}
mailman unix - n n - - pipe
flags=FR user=list argv=/usr/lib/mailman/bin/postfix-to-mailman.py
${nexthop} ${user}
--------------------------------------------------------------------


Thanks,

Andy
Reply With Quote
  #47  
Old 15th May 2008, 19:43
falko falko is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 41,701
Thanks: 1,900
Thanked 2,743 Times in 2,577 Posts
Default

Please make /etc/default/saslauthd look exactly as shown on http://www.howtoforge.com/perfect_server_ubuntu7.10_p5
__________________
Falko
--
Download the ISPConfig 3 Manual! | Check out the ISPConfig 3 Billing Module!

FB: http://www.facebook.com/howtoforge

nginx-Webhosting: Timme Hosting | Follow me on:
Reply With Quote
  #48  
Old 16th May 2008, 18:36
Challenger Challenger is offline
Junior Member
 
Join Date: Apr 2008
Posts: 19
Thanks: 5
Thanked 1 Time in 1 Post
Default

Hi again,

I have made it exactly the same as you suggested (I cut and pasted, and checked). I then restarted saslauthd and Postfix, but I have the same symptoms.

My Postfix log file gives:
-----------------------------------------------------------------
May 16 17:28:24 pooh postfix/smtpd[26512]: connect from unknown[xx.xx.xx.xx (hidden as this is my public ip address)]
May 16 17:28:25 pooh postfix/smtpd[26512]: warning: SASL authentication failure: cannot connect to saslauthd server: No such file or directory
May 16 17:28:25 pooh postfix/smtpd[26512]: warning: unknown[xx.xx.xx.xx]: SASL LOGIN authentication failed: generic failure
May 16 17:28:25 pooh postfix/smtpd[26512]: warning: SASL authentication failure: cannot connect to saslauthd server: No such file or directory
May 16 17:28:25 pooh postfix/smtpd[26512]: warning: unknown[xx.xx.xx.xx]: SASL LOGIN authentication failed: generic failure
May 16 17:28:25 pooh postfix/smtpd[26512]: disconnect from unknown[xx.xx.xx.xx]
----------------------------------------------------------------

Also, as I said before, checking running processes does not show that saslauthd is actually runnning anywhere (I checked all process owners, including root, myself, postfix and saslauthd).

And when I do a restart of saslauthd, using:

/etc/init.d/saslauthd restart

The command line returns:

* To enable saslauthd, edit /etc/default/saslauthd and set START=yes

(which of course I have done by making /etc/default/saslauthd exactly as you say)

I don't think the deamon is running at all, for some reason...?

Andy
Reply With Quote
  #49  
Old 17th May 2008, 15:39
falko falko is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 41,701
Thanks: 1,900
Thanked 2,743 Times in 2,577 Posts
Default

Did you do all changes as root or as a normal user?

What's in /etc/default/saslauthd now?
__________________
Falko
--
Download the ISPConfig 3 Manual! | Check out the ISPConfig 3 Billing Module!

FB: http://www.facebook.com/howtoforge

nginx-Webhosting: Timme Hosting | Follow me on:
Reply With Quote
  #50  
Old 18th May 2008, 11:32
Challenger Challenger is offline
Junior Member
 
Join Date: Apr 2008
Posts: 19
Thanks: 5
Thanked 1 Time in 1 Post
 
Default

Hi Falko,

Yes, all changes done as root. Permissions are as follows:

main.cf:
User: root
Group: root
Octal: 0644

smtpd.conf:
User: root
Group: root
Octal: 0644

saslauthd:
User: root
Group: root
Octal: 0744

saslauthd now contains:
------------------------------------------
#
# Settings for saslauthd daemon
#

# Should saslauthd run automatically on startup? (default: no)
START=yes

# Which authentication mechanisms should saslauthd use? (default: pam)
#
# Available options in this Debian package:
# getpwent -- use the getpwent() library function
# kerberos5 -- use Kerberos 5
# pam -- use PAM
# rimap -- use a remote IMAP server
# shadow -- use the local shadow password file
# sasldb -- use the local sasldb database file
# ldap -- use LDAP (configuration is in /etc/saslauthd.conf)
#
# Only one option may be used at a time. See the saslauthd man page
# for more information.
#
# Example: MECHANISMS="pam"
MECHANISMS="pam"

# Additional options for this mechanism. (default: none)
# See the saslauthd man page for information about mech-specific options.
MECH_OPTIONS=""

# How many saslauthd processes should we run? (default: 5)
# A value of 0 will fork a new process for each connection.
THREADS=5

# Other options (default: -c)
# See the saslauthd man page for information about these options.
#
# Example for postfix users: "-c -m /var/spool/postfix/var/run/saslauthd"
# Note: See /usr/share/doc/sasl2-bin/README.Debian
OPTIONS="-c -m /var/spool/postfix/var/run/saslauthd -r"
-----------------------------------------------------------------

Thanks again,

Andy
Reply With Quote
Reply

Bookmarks

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Relay access denied maxx Installation/Configuration 17 4th April 2011 12:34
Access denied in phpMyAdmin linuxfast General 1 21st September 2005 16:08
Access Denied on Port: 81 nandhu Installation/Configuration 2 10th August 2005 14:05


All times are GMT +2. The time now is 08:59.


Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.