Postfix & SASL

Discussion in 'HOWTO-Related Questions' started by GreXXL, Sep 15, 2007.

  1. GreXXL

    GreXXL New Member

    Hey,

    I have managed to solve quite some issues I had. For now I an receive mails and send mails from the server, webmail. What I can't do is sending Emails from my Mail program.

    This is what the logs tell me:
    Code:
    Sep 15 19:03:08 localhost postfix/smtpd[32273]: warning: SASL authentication failure: Password verification failed
    Sep 15 19:03:08 localhost postfix/smtpd[32273]: warning: *****: SASL PLAIN authentication failed: authentication failure
    What's strange for me is that it works on the shell:
    Code:
    debian3164m:/etc# testsaslauthd -u web2p1 -p *******
    0: OK "Success."
    I'm quite stuck with this problem by now.
    Here are the important config files:

    main.cf
    Code:
    # See /usr/share/postfix/main.cf.dist for a commented, more complete version
    
    smtpd_banner = $myhostname ESMTP $mail_name (Debian/GNU)
    biff = no
    
    # appending .domain is the MUA's job.
    append_dot_mydomain = no
    
    # Uncomment the next line to generate "delayed mail" warnings
    #delay_warning_time = 4h
    
    myhostname = ******
    alias_maps = hash:/etc/aliases
    alias_database = hash:/etc/aliases
    myorigin = /etc/mailname
    mydestination = ******
    # relayhost = 
    mynetworks = 127.0.0.0/8
    mailbox_command = procmail -a "$EXTENSION"
    mailbox_size_limit = 0
    recipient_delimiter = +
    inet_interfaces = all
    
    
    ### CONFIXX POSTFIX ENTRY ###
    
    virtual_maps = hash:/etc/postfix/confixx_virtualUsers, hash:/etc/postfix/confixx_localDomains
    
    ### /CONFIXX POSTFIX ENTRY ###
    
    smtpd_sasl_path = /etc/postfix/sasl:/usr/lib/sasl2:/etc/sasl:/var/run/saslauthd:/etc/sasldb2
    smtpd_sasl_local_domain = $myhostname
    smtpd_sasl_auth_enable = yes
    smtpd_sasl_security_options = noanonymous
    broken_sasl_auth_clients = yes
    smtpd_recipient_restrictions = permit_sasl_authenticated, permit_mynetworks, check_relay_domains
    smtpd_client_restrictions = permit_sasl_authenticated, reject_rbl_client opm.blitzed.org, reject_rbl_client list.dsbl.org, reject_rbl_client bl.spamcop.net, reject_rbl_client sbl-xbl.spamhaus.org, reject_rbl_client psbl.surriel.com
    hopcount_limit = 40000
    
    smtpd.cf
    Code:
    pwcheck_method: saslauthd
    mech_list: PLAIN LOGIN
    saslauthd_path: /var/run/saslauthd/mux/mux
    autotransition:true
    default/saslauthd
    Code:
    #
    # Settings for saslauthd daemon
    #
    
    # Should saslauthd run automatically on startup? (default: no)
    START=yes
    
    # Which authentication mechanisms should saslauthd use? (default: pam)
    #
    # Available options in this Debian package:
    # getpwent  -- use the getpwent() library function
    # kerberos5 -- use Kerberos 5
    # pam       -- use PAM
    # rimap     -- use a remote IMAP server
    # shadow    -- use the local shadow password file
    # sasldb    -- use the local sasldb database file
    # ldap      -- use LDAP (configuration is in /etc/saslauthd.conf)
    #
    # Only one option may be used at a time. See the saslauthd man page
    # for more information.
    #
    # Example: MECHANISMS="pam"
    MECHANISMS="pam"
    
    # Additional options for this mechanism. (default: none)
    # See the saslauthd man page for information about mech-specific options.
    MECH_OPTIONS=""
    
    # How many saslauthd processes should we run? (default: 5)
    # A value of 0 will fork a new process for each connection.
    THREADS=5
    
    # Other options (default: -c)
    # See the saslauthd man page for information about these options.
    #
    # Example for postfix users: "-c -m /var/spool/postfix/var/run/saslauthd"
    # Note: See /usr/share/doc/sasl2-bin/README.Debian
    OPTIONS="-c /var/spool/postfix/var/run/saslauthd"
    
    # For Postfix-Chroot:
    PARAMS="-m /var/spool/postfix/var/run/saslauthd"
    PIDFILE="/var/spool/postfix/var/run/saslauthd/saslauthd.pid"
    pam.d/smtp
    Code:
    auth required /lib/security/pam_unix_auth.so 
    account required /lib/security/pam_unix_acct.so 
    password required /lib/security/pam_unix_passwd.so 
    session required /lib/security/pam_unix_session.so
    Help is really apreciated.
    Thank you very much in advance.

    greets
     
  2. falko

    falko Super Moderator ISPConfig Developer

  3. GreXXL

    GreXXL New Member

    Hi,

    Well I checked the tutorial more then once by now, still searching the error I can't get hold off.

    A interesting thing is on saslfinger -c:
    Code:
    Cannot find the smtp_sasl_password_maps parameter in main.cf.
    Client-side SMTP AUTH cannot work without this parameter!
    Adding this with hash:/etc/postfix/confixx_localDomains or hash:/etc/postfix/confixx_virtualUsers sasfinger -c tells me everything is ok now but still no result on the client.

    I guess this is my problem, because connecting to sasl locally on the shell does work? Still I don't get what / how to set this variable using confixx cause users are added automatically.

    Thanks for you help!
    greets Gregor
     
  4. sjau

    sjau Local Meanie Moderator

    Huhu GreXXL ;)
     

Share This Page