OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
From: Alex Pita (newmail_at_softhome.net)
Date: Thu Oct 24 2002 - 06:22:36 CDT

  • Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

    Jussi Silvennoinen wrote:

    >On Thu, 24 Oct 2002, Alex Pita wrote:
    >
    >>Hello postfix experts,
    >>
    >>Can anybody gime me a little help to setup smtp-auth using
    >>cyrus-sasl2+mysql?
    >>I saw in cyrus docs that this job is done using auxprop method
    >>(saslauthd -a auxprop) and also small description about how to setup
    >>user, pass to connect to mysql database!
    >>The problem is that i can't undetstand where must me specified this options!
    >>
    >
    >/usr/lib/sasl2/smtpd.conf
    >
    >Or where ever you installed the auth-mechs.
    >
    Hey , ya....is not like it looks ( i mean simple):
    # cat /usr/lib/sasl2/smtpd.conf
    pwcheck_method: saslauthd

    # saslauthdb -a pam

    also is installed pam_mysql.so plugin in /lib/security

    So now, i tryed to send an email from mimitest.ro to alextest.ro (all
    may users and domains are virtuals, no real shell accounts, controled by
    mysql-database)

    [rootdinu root]# tail -f /var/log/messages
    Oct 24 12:23:37 dinu saslauthd[3332]: START: saslauthd 2.1.9
    Oct 24 12:23:37 dinu saslauthd[3343]: master PID is: 3343
    Oct 24 12:23:37 dinu saslauthd[3343]: daemon started, listening on
    /var/state/saslauthd/mux
    Oct 24 12:45:07 dinu postfix/smtpd[3586]: mysql plugin couldnt connect
    to any host
    ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

    [rootdinu root]# tail -f /var/log/maillog
    Oct 24 12:45:07 dinu postfix/smtpd[3586]: connect from
    ns1.test.ro[192.168.0.2]
    Oct 24 12:45:07 dinu postfix/smtpd[3586]: 3D5BE4BFF:
    client=ns1.test.ro[192.168.0.2], sasl_method=PLAIN, sasl_username=mimi.3323
    Oct 24 12:45:07 dinu postfix/cleanup[3590]: 3D5BE4BFF:
    message-id=<200210241245.06618.mimitest.ro>
    Oct 24 12:45:07 dinu postfix/smtpd[3586]: disconnect from
    ns1.test.ro[192.168.0.2]
    Oct 24 12:45:07 dinu postfix/qmgr[3489]: 3D5BE4BFF: from=<mimitest.ro>
    , size=465, nrcpt=1 (queue active)
    Oct 24 12:45:07 dinu postfix/virtual[3596]: 3D5BE4BFF: to=<alextest.ro>
    , relay=virtual, delay=0, status=sent (maildir)
    Oct 24 12:45:18 dinu pop3d: Connection, ip=[::ffff:192.168.0.2]
    Oct 24 12:45:19 dinu pop3d: LOGIN, user=alex, ip=[::ffff:192.168.0.2]
    Oct 24 12:45:19 dinu pop3d: LOGOUT, user=alex, ip=[::ffff:192.168.0.2],
    top=0, retr=1007

    So this email is delivered because is matching with my relay policy and
    not due to authentication with pam+mysql!!!!

    here are my /etc/pam.d/smtp file
    #%PAM-1.0
    auth sufficient /lib/security/pam_mysql.so user=postfix passwd=postfix
    host=localhost db=maildb table=users usercolumn=id passwdcolumn=crypt
    crypt=1
    account required /lib/security/pam_mysql.so user=postfix passwd=postfix
    host=localhost db=maildb table=users usercolumn=id passwdcolumn=crypt
    crypt=1

    The settings for my database are correct, (tested with smtp, pop3 and
    imap connections).
    Also , i want to mention that when i add one user to mysql database
    named maildb in table named users, i use:

    INSERT INTO users (id, address, clear, name, uid, gid, maildir) VALUES
    ('alex', ' alextest.ro ', 'yyy', 'Alex Ionescu', 12345, 12345,
    'test.ro/alex/Maildir/');

    and after that,
    UPDATE users SET crypt=encrypt('yyy') WHERE id='alex';
    In this case i think is correct to use in /etc/pam.d/smtp the crypt=1
    because the password is encrypted in mysql-database!

    In my opinion is somethig bad in pam plugin authentication (i suppose
    that can't connect to the localhost) !

    Below is my /etc/postfix/main.cf

    myhostname = ns1.test.ro
    mydomain = test.ro
    myorigin = $mydomain
    mydestination = localhost.localdomain, localhost.$mydomain, $mydomain,
    $myhostname, $transport_maps
    mynetworks = 192.168.0.0/24, 127.0.0.0/8

    #Smtp-auth support using cyrus-sasl2
    # Enable authentication on postfix smtp server #
    smtpd_sasl_auth_enable = yes
    smtpd_sasl_security_options = noanonymous
    smtpd_recipient_restrictions = permit_sasl_authenticated,
    permit_mynetworks,
    check_relay_domains
    broken_sasl_auth_clients = yes

    transport_maps = mysql:/etc/postfix/transport.cf
    virtual_mailbox_base = /home/mailusers
    virtual_uid_maps = mysql:/etc/postfix/uids.cf
    virtual_gid_maps = mysql:/etc/postfix/gids.cf
    virtual_mailbox_maps = mysql:/etc/postfix/mysql_virt.cf
    virtual_maps = mysql:/etc/postfix/virtual.cf

    Any help will be appreciated.

    Best regards,
    Alex

    -
    To unsubscribe, send mail to majordomopostfix.org with content
    (not subject): unsubscribe postfix-users