OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
From: Alex Pita (newmail_at_softhome.net)
Date: Wed Oct 23 2002 - 14:20:23 CDT

  • Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

    Hello postfix experts,

    I have the latest postfix-experimental (20021015) compilled with
    mysql+courierimap (pop3 and imap) + sqwebmail +TLS support. All working
    fine.

    Few days ago i said to add smt-auth feature to postfix-smtp. I installed
    cyrus-sasl2 and recompilled postfix with sasl2 support (./configure
    --prefix=/usr/local/ --with-openssl=/usr --with-mysql=/usr --without-des
    --disable-krb4 --disable-gssapi --disable-anon --with-pam
    --with-saslauthd --enable-plain --enable-shared)

    Acording to cyrus-sasl doc, postfix+mysql+sasl2 can handle smtp-auth
    (using auuxprop), but to little documentation how to do it.
    I received from cyrus-mailing list a solution with pam+cyrus-sasl2+mysql
    which was posted for the first time here.
    I said to try it. See below the errors:

    [rootdinu root]# tail -f /var/log/messages
    Oct 23 21:33:55 dinu postfix/smtpd[2438]: mysql plugin couldnt connect
    to any host
    Oct 23 21:35:26 dinu postfix/smtpd[2438]: mysql plugin couldnt connect
    to any host

    [rootdinu root]# tail -f /var/log/maillog
    Oct 23 21:35:26 dinu postfix/smtpd[2438]: SSL_accept:SSLv3 flush data
    Oct 23 21:35:26 dinu postfix/smtpd[2438]: TLS connection established
    from ns1.test.ro[192.168.0.2]: TLSv1 with cipher RC4-MD5 (128/128 bits)
    Oct 23 21:35:26 dinu postfix/smtpd[2438]: warning: SASL authentication
    failure: cannot connect to saslauthd server: Connection refused
    Oct 23 21:35:26 dinu postfix/smtpd[2438]: warning: SASL authentication
    failure: Password verification failed
    Oct 23 21:35:26 dinu postfix/smtpd[2438]: warning:
    ns1.test.ro[192.168.0.2]: SASL PLAIN authentication failed
    Oct 23 21:35:27 dinu postfix/smtpd[2438]: disconnect from
    ns1.test.ro[192.168.0.2]

    And now, see below the postfix config file:

    cat /etc/postfix/main.cf
    myhostname = ns1.test.ro
    mydomain = test.ro
    myorigin = $mydomain
    mydestination = localhost.localdomain, localhost.$mydomain, $mydomain,
    $myhostname, $transport_maps
    mynetworks = 192.168.0.0/24, 127.0.0.0/8
    #relayhost = mail1.test.ro

    #Smtp-auth support using cyrus-sasl2
    # Enable authentication on postfix smtp server #
    smtpd_sasl_auth_enable = yes
    smtpd_sasl_security_options = noanonymous
    smtpd_recipient_restrictions = permit_sasl_authenticated,
                    permit_mynetworks,
                    check_relay_domains
    broken_sasl_auth_clients = yes
    # Enable authentication on postfix smtp client. I don't know if is
    necessary!?! #
    smtp_sasl_auth_enable = yes
    smtp_sasl_security_options = noanonymous

    #TLS (Transport Layer Security)
    smtpd_use_tls = yes
    #smtpd_tls_auth_only = yes
    smtpd_tls_key_file = /etc/postfix/newreq.pem
    smtpd_tls_cert_file = /etc/postfix/newcert.pem
    smtpd_tls_CAfile = /etc/postfix/cacert.pem
    smtpd_tls_loglevel = 3
    smtpd_tls_received_header = yes
    smtpd_tls_session_cache_timeout = 3600s
    tls_random_source = dev:/dev/urandom

    transport_maps = mysql:/etc/postfix/transport.cf
    virtual_mailbox_base = /home/mailusers
    virtual_uid_maps = mysql:/etc/postfix/uids.cf
    virtual_gid_maps = mysql:/etc/postfix/gids.cf
    virtual_mailbox_maps = mysql:/etc/postfix/mysql_virt.cf
    virtual_maps = mysql:/etc/postfix/virtual.cf

    readme_directory = no
    sample_directory = /etc/postfix
    sendmail_path = /usr/sbin/sendmail
    setgid_group = postdrop
    command_directory = /usr/sbin
    manpage_directory = /usr/local/man
    daemon_directory = /usr/libexec/postfix
    newaliases_path = /usr/bin/newaliases
    mailq_path = /usr/bin/mailq
    queue_directory = /var/spool/postfix
    mail_owner = postfix

    cat /etc/pam.d/smtp
    auth sufficient pam_mysql.so user=postfix passwd=postfix host=localhost
    db=maildb table=users usercolumn=id passwdcolumn=crypt crypt=1
    account required pam_mysql.so user=postfix passwd=postfix host=localhost
    db=maildb table=users usercolumn=id passwdcolumn=crypt crypt=1

    Also , i want to mention that when i add one user to mysql database
    named maildb in table named users, i use:

    INSERT INTO users (id, address, clear, name, uid, gid, maildir) VALUES
    ('alex', 'alextest.ro', 'yyy', 'Mita Fainita', 12345, 12345,
    'test.ro/mimi/Maildir/');

    UPDATE users SET crypt=encrypt('yyy') WHERE id='alex';

    So, in mysql database, i have 2 fiels where i keep the password (crypt :
    where is the crypted pass and clear: were is the plain pass)
    I suppose that in this case is correct to set crypt=1 in /etc/pam.d/smtp

    I use kmail to check this and is configured as following:
    encrypt-method= TLS
    authentication-method = plain

    Also kmail detect correct the supported features of my postfix-smtp server.

    Any suggestions?

    Best regards,
    Alex

    -
    To unsubscribe, send mail to majordomopostfix.org with content
    (not subject): unsubscribe postfix-users