SMTP Issue - Virtual Users And Domains ... Ubuntu

Discussion in 'HOWTO-Related Questions' started by knight_killer, Jul 31, 2007.

  1. knight_killer

    knight_killer New Member

    Hi,

    I have a working Insallation of this howto: http://www.howtoforge.com/virtual_postfix_mysql_quota_courier_ubuntu_edgy

    Well, I thougt it is working... I get this error when I want to send a Mail:
    I googled a bit, with no success... I seams that the SASL-Part don't work.
    Code:
    <host>:~# testsaslauthd -u test -p testpass
    connect() : No such file or directory
    The saslauth-deamon is running:
    Code:
    <host>:~# ps aux|grep sasl
    root     23925  0.0  0.0   7224   736 ?        Ss   15:01   0:00 /usr/sbin/saslauthd -a pam -c -n 5
    root     23926  0.0  0.0   7224   468 ?        S    15:01   0:00 /usr/sbin/saslauthd -a pam -c -n 5
    root     23930  0.0  0.0   7224   356 ?        S    15:01   0:00 /usr/sbin/saslauthd -a pam -c -n 5
    root     23931  0.0  0.0   7224   356 ?        S    15:01   0:00 /usr/sbin/saslauthd -a pam -c -n 5
    root     23932  0.0  0.0   7224   356 ?        S    15:01   0:00 /usr/sbin/saslauthd -a pam -c -n 5
    root     23937  0.0  0.0   1552   500 pts/0    R+   15:01   0:00 grep sasl
    
    And chroot is enabled: (/etc/postfix/master.cf)
    Code:
    # service type  private unpriv  chroot  wakeup  maxproc command + args
    #               (yes)   (yes)   (yes)   (never) (100)
    # ==========================================================================
    smtp      inet  n       -       -       -       -       smtpd
    
    And the rights/owner of "/var/run/saslauthd" should be ok:
    Code:
    <host>:~# ls -al /var/run/saslauthd
    total 936
    drwx--x---  2 root sasl    140 Jul 31 15:01 .
    drwxr-xr-x 12 root root    400 Jul 31 14:18 ..
    -rw-------  1 root root      0 Jul 31 15:01 cache.flock
    -rw-------  1 root root 945152 Jul 31 15:01 cache.mmap
    srwxrwxrwx  1 root root      0 Jul 31 15:01 mux
    -rw-------  1 root root      0 Jul 31 15:01 mux.accept
    -rw-------  1 root root      6 Jul 31 15:01 saslauthd.pid
    
    Can someone help me please? I have no ideas anymore...

    Thanks
    Roman
     
  2. falko

    falko Super Moderator ISPConfig Developer

  3. knight_killer

    knight_killer New Member

    Ubuntu 7.04 Feisty Fawn

    I just double-checked it... For me it seems ok. Here are my files described on Page 3 of the howto:

    Code:
    <host>:~# cat /etc/default/saslauthd
    #
    # Settings for saslauthd daemon
    #
    
    # Should saslauthd run automatically on startup? (default: no)
    START=yes
    
    PARAMS="-m /var/spool/postfix/var/run/saslauthd -r"
    PIDFILE="/var/spool/postfix/var/run/${NAME}/saslauthd.pid"
    
    # Which authentication mechanisms should saslauthd use? (default: pam)
    #
    # Available options in this Debian package:
    # getpwent  -- use the getpwent() library function
    # kerberos5 -- use Kerberos 5
    # pam       -- use PAM
    # rimap     -- use a remote IMAP server
    # shadow    -- use the local shadow password file
    # sasldb    -- use the local sasldb database file
    # ldap      -- use LDAP (configuration is in /etc/saslauthd.conf)
    #
    # Only one option may be used at a time. See the saslauthd man page
    # for more information.
    #
    # Example: MECHANISMS="pam"
    MECHANISMS="pam"
    
    # Additional options for this mechanism. (default: none)
    # See the saslauthd man page for information about mech-specific options.
    MECH_OPTIONS=""
    
    # How many saslauthd processes should we run? (default: 5)
    # A value of 0 will fork a new process for each connection.
    THREADS=5
    
    # Other options (default: -c)
    # See the saslauthd man page for information about these options.
    #
    # Example for postfix users: "-c -m /var/spool/postfix/var/run/saslauthd"
    # Note: See /usr/share/doc/sasl2-bin/README.Debian
    OPTIONS="-c"
    Code:
    <host>:~# cat /etc/pam.d/smtp
    auth    required   pam_mysql.so user=mail_admin passwd=mail_admin_password host=127.0.0.1 db=mail table=users usercolumn=email passwdcolumn=password crypt=1
    
    account sufficient pam_mysql.so user=mail_admin passwd=mail_admin_password host=127.0.0.1 db=mail table=users usercolumn=email passwdcolumn=password crypt=1
    Code:
    <host>:~# cat /etc/postfix/sasl/smtpd.conf
    pwcheck_method: saslauthd
    mech_list: plain login
    allow_plaintext: true
    auxprop_plugin: mysql
    sql_hostnames: 127.0.0.1
    sql_user: mail_admin
    sql_passwd: mail_admin_password
    sql_database: mail
    sql_select: select password from users where email = '%u'
    Code:
    <host>:~# cat /etc/courier/authdaemonrc
    ##VERSION: $Id: authdaemonrc.in,v 1.13 2005/10/05 00:07:32 mrsam Exp $
    #
    # Copyright 2000-2005 Double Precision, Inc.  See COPYING for
    # distribution information.
    #
    # authdaemonrc created from authdaemonrc.dist by sysconftool
    #
    # Do not alter lines that begin with ##, they are used when upgrading
    # this configuration.
    #
    # This file configures authdaemond, the resident authentication daemon.
    #
    # Comments in this file are ignored.  Although this file is intended to
    # be sourced as a shell script, authdaemond parses it manually, so
    # the acceptable syntax is a bit limited.  Multiline variable contents,
    # with the \ continuation character, are not allowed.  Everything must
    # fit on one line.  Do not use any additional whitespace for indentation,
    # or anything else.
    
    ##NAME: authmodulelist:2
    #
    # The authentication modules that are linked into authdaemond.  The
    # default list is installed.  You may selectively disable modules simply
    # by removing them from the following list.  The available modules you
    # can use are: authuserdb authpam authpgsql authldap authmysql authcustom authpipe
    
    authmodulelist="authmysql"
    
    ##NAME: authmodulelistorig:3
    #
    # This setting is used by Courier's webadmin module, and should be left
    # alone
    
    authmodulelistorig="authuserdb authpam authpgsql authldap authmysql authcustom authpipe"
    
    ##NAME: daemons:0
    #
    # The number of daemon processes that are started.  authdaemon is typically
    # installed where authentication modules are relatively expensive: such
    # as authldap, or authmysql, so it's better to have a number of them running.
    # PLEASE NOTE:  Some platforms may experience a problem if there's more than
    # one daemon.  Specifically, SystemV derived platforms that use TLI with
    # socket emulation.  I'm suspicious of TLI's ability to handle multiple
    # processes accepting connections on the same filesystem domain socket.
    #
    # You may need to increase daemons if as your system load increases.  Symptoms
    # include sporadic authentication failures.  If you start getting
    # authentication failures, increase daemons.  However, the default of 5
    # SHOULD be sufficient.  Bumping up daemon count is only a short-term
    # solution.  The permanent solution is to add more resources: RAM, faster
    # disks, faster CPUs...
    
    daemons=5
    
    ##NAME: authdaemonvar:2
    #
    # authdaemonvar is here, but is not used directly by authdaemond.  It's
    # used by various configuration and build scripts, so don't touch it!
    
    authdaemonvar=/var/run/courier/authdaemon
    
    ##NAME: DEBUG_LOGIN:0
    #
    # Dump additional diagnostics to syslog
    #
    # DEBUG_LOGIN=0   - turn off debugging
    # DEBUG_LOGIN=1   - turn on debugging
    # DEBUG_LOGIN=2   - turn on debugging + log passwords too
    #
    # ** YES ** - DEBUG_LOGIN=2 places passwords into syslog.
    #
    # Note that most information is sent to syslog at level 'debug', so
    # you may need to modify your /etc/syslog.conf to be able to see it.
    
    DEBUG_LOGIN=0
    
    ##NAME: DEFAULTOPTIONS:0
    #
    # A comma-separated list of option=value pairs. Each option is applied
    # to an account if the account does not have its own specific value for
    # that option. So for example, you can set
    #   DEFAULTOPTIONS="disablewebmail=1,disableimap=1"
    # and then enable webmail and/or imap on individual accounts by setting
    # disablewebmail=0 and/or disableimap=0 on the account.
    
    DEFAULTOPTIONS=""
    
    ##NAME: LOGGEROPTS:0
    #
    # courierlogger(1) options, e.g. to set syslog facility
    #
    
    LOGGEROPTS=""
    
    ##NAME: LDAP_TLS_OPTIONS:0
    #
    # Options documented in ldap.conf(5) can be set here, prefixed with 'LDAP'.
    # Examples:
    #
    #LDAPTLS_CACERT=/path/to/cacert.pem
    #LDAPTLS_REQCERT=demand
    #LDAPTLS_CERT=/path/to/clientcert.pem
    #LDAPTLS_KEY=/path/to/clientkey.pem
    Code:
    <host>:~# cat /etc/courier/authmysqlrc
    MYSQL_SERVER localhost
    
    MYSQL_USERNAME mail_admin
    
    MYSQL_PASSWORD mail_admin_password
    
    MYSQL_PORT 0
    
    MYSQL_DATABASE mail
    
    MYSQL_USER_TABLE users
    
    MYSQL_CRYPT_PWFIELD password
    
    #MYSQL_CLEAR_PWFIELD password
    
    MYSQL_UID_FIELD 5000
    
    MYSQL_GID_FIELD 5000
    
    MYSQL_LOGIN_FIELD email
    
    MYSQL_HOME_FIELD "/home/vmail"
    
    MYSQL_MAILDIR_FIELD CONCAT(SUBSTRING_INDEX(email,'@',-1),'/',SUBSTRING_INDEX(email,'@',1),'/')
    
    #MYSQL_NAME_FIELD
    
    MYSQL_QUOTA_FIELD quota
    Code:
    <host>:~# telnet localhost pop3
    Trying 127.0.0.1...
    Connected to <host>
    Escape character is '^]'.
    +OK Hello there.
    quit
    +OK Better luck next time.
    Connection closed by foreign host.
    Code:
    <host>:~# cat /etc/aliases
    # /etc/aliases
    mailer-daemon: postmaster
    postmaster: root
    nobody: root
    hostmaster: root
    usenet: root
    news: root
    webmaster: root
    www: root
    ftp: root
    abuse: root
    noc: root
    security: root
    
    root: <my email adress>
    thanks for your help!

    greets Roman
     
  4. falko

    falko Super Moderator ISPConfig Developer

    On Feisty Fawn, /etc/default/saslauthd must look like this:

    Code:
    #
    # Settings for saslauthd daemon
    #
    
    # Should saslauthd run automatically on startup? (default: no)
    START=yes
    
    # Which authentication mechanisms should saslauthd use? (default: pam)
    #
    # Available options in this Debian package:
    # getpwent  -- use the getpwent() library function
    # kerberos5 -- use Kerberos 5
    # pam       -- use PAM
    # rimap     -- use a remote IMAP server
    # shadow    -- use the local shadow password file
    # sasldb    -- use the local sasldb database file
    # ldap      -- use LDAP (configuration is in /etc/saslauthd.conf)
    #
    # Only one option may be used at a time. See the saslauthd man page
    # for more information.
    #
    # Example: MECHANISMS="pam"
    MECHANISMS="pam"
    
    # Additional options for this mechanism. (default: none)
    # See the saslauthd man page for information about mech-specific options.
    MECH_OPTIONS=""
    
    # How many saslauthd processes should we run? (default: 5)
    # A value of 0 will fork a new process for each connection.
    THREADS=5
    
    # Other options (default: -c)
    # See the saslauthd man page for information about these options.
    #
    # Example for postfix users: "-c -m /var/spool/postfix/var/run/saslauthd"
    # Note: See /usr/share/doc/sasl2-bin/README.Debian
    OPTIONS="-c -m /var/spool/postfix/var/run/saslauthd -r"
     
  5. knight_killer

    knight_killer New Member

    Thanks falko! That solved the "cannot connect to saslauthd server" error. It seams I have an other one...

    Code:
    postfix/smtpd[13408]: connect from <current IP>
    postfix/smtpd[13408]: warning: SASL authentication failure: Password verification failed
    postfix/smtpd[13408]: warning: <current IP>: SASL PLAIN authentication failed: authentication failure
    postfix/smtpd[13408]: warning: <current IP>: SASL LOGIN authentication failed: authentication failure
    postfix/smtpd[13408]: disconnect from <current IP>
    And yes, I typed the right password (tried it several times)...
     
  6. falko

    falko Super Moderator ISPConfig Developer

  7. knight_killer

    knight_killer New Member

    I have no idea why, but now it works! :D Maybe it was a wrong setting on my computer at work...
     

Share This Page