After a long storry, finally my smtp-auth is working. I said this because
i recompilled the pam_mysql.so module with verbose mode (logg all querys
send to mysql in mysql.log file)! In this way i was abble to see what's
happend when i try to use smtp-auth....

Remain just one question: how can i instruct pam_mysql.so module when try to
connect to mysql-server to try ONLY the next statement (complete
verification)
mysql -u postfix -h localhost -ppostfix

I ask this because i saw that first time and second time it try
something like:
myqsl -u postfix
mysql -u postfix -h localhost
Thinking the pass is empty.

In one of my last emails i asked why appears in my syslog this message:
   mysql plugin couldnt connect to any host
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
So, this message is caused by first two failed querys sent to mysql socket!

See below my pam config:
[alexdinu alex]$ cat /etc/pam.d/smtp
#%PAM-1.0
auth optional /lib/security/pam_mysql.so user=postfix passwd=postfix
host=localhost db=maildb table=users usercolumn=id passwdcolumn=crypt
crypt=1
account required /lib/security/pam_mysql.so user=postfix passwd=postfix
host=localhost db=maildb table=users usercolumn=id passwdcolumn=crypt
crypt=1
[alexdinu alex]$

A little demo: lets try to send a mail from mimitest.ro to alextest.ro

tail -f /var/lib/mysql/dinu.log
021025 15:07:53 64 Connect Access denied for user:
'postfixlocalhost' (Using password: YES)
                     65 Connect Access denied for user: 'postfixlocalhost' (Using
password: YES)
                     66 Connect postfixlocalhost on maildb
                     66 Init DB maildb
                     66 Query select id from users where id='mimi.3323' and
crypt=ENCRYPT('xxx',LEFT(crypt,2))
                     66 Quit
021025 15:07:54 67 Connect postfixlocalhost on maildb
                     67 Query select transport from transport where domain = '*'
                     67 Query select transport from transport where domain =
'alextest.ro'
                     67 Query select transport from transport where domain =
'test.ro'
                     68 Connect postfixlocalhost on maildb
                     68 Query select goto from virtual where address = 'test.ro'
                     69 Connect postfixlocalhost on maildb
                     69 Query select maildir from users where address = 'test.ro'
                     70 Connect postfixlocalhost on maildb
                     70 Query select goto from virtual where address =
'alextest.ro'
                     70 Query select goto from virtual where address = 'alex'
                     70 Query select goto from virtual where address = 'test.ro'
                     71 Connect postfixlocalhost on maildb
                     71 Query select maildir from users where address =
'alextest.ro'
                     72 Connect postfixlocalhost on maildb
                     72 Query select uid from users where address = 'alextest.ro'
                     73 Connect postfixlocalhost on maildb
                     73 Query select gid from users where address = 'alextest.ro'

tail -f /var/log/maillog
Oct 25 15:07:53 dinu postfix/smtpd[11053]: connect from
ns1.test.ro[192.168.0.2]
Oct 25 15:07:54 dinu postfix/smtpd[11053]: E46EB4C05:
client=ns1.test.ro[192.168.0.2], sasl_method=LOGIN, sasl_username=mimi.3323
Oct 25 15:07:54 dinu postfix/cleanup[11057]: E46EB4C05:
message-id=<200210251507.43992.mimitest.ro>
Oct 25 15:07:54 dinu postfix/smtpd[11053]: disconnect from
ns1.test.ro[192.168.0.2]
Oct 25 15:07:54 dinu postfix/qmgr[10794]: E46EB4C05:
from=<mimitest.ro>, size=471, nrcpt=1 (queue active)
Oct 25 15:07:54 dinu postfix/virtual[11063]: E46EB4C05:
to=<alextest.ro>, relay=virtual, delay=0, status=sent (maildir)

tail -f /var/log/messages
Oct 25 15:07:53 dinu postfix/smtpd[11053]: mysql plugin couldnt connect
to any host

........and mail has gone...
If i try again, changing the pass used for authentication for
mimitest.ro in
my kamail client, the mail will not be delivered (normal)!
So it works!

I want to escape to this message in my syslog: mysql plugin couldnt
connect to any host

How can i do that?

Regards,
Alex

Douglas Blood wrote:

>Sorry it took so long.. But since mydestination contains the end
destination
>it isn't relaying an does not require that the sender is authed.
>----- Original Message -----
>From: "Alex Pita" <newmailsofthome.net>
>To: "Douglas Blood" <dbloodmatraex.com>
>Sent: Thursday, October 24, 2002 11:46 AM
>Subject: Re: Mysql+Cyrus-sasl2 sample for smtp-auth!
>
>
>
>
>>I dont know if my relay rule are wrong, but in all config file i can
>>read the same as in mine:
>>Take a look below
>>
>>myhostname = ns1.test.ro
>>mydomain = test.ro
>>myorigin = $mydomain
>>mydestination = localhost.localdomain, localhost.$mydomain, $mydomain,
>>$myhostname, $transport_maps
>>mynetworks = 192.168.0.0/24, 127.0.0.0/8
>>
>>#Smtp-auth support using cyrus-sasl2
>># Enable authentication on postfix smtp server #
>>smtpd_sasl_auth_enable = yes
>>smtpd_sasl_security_options = noanonymous
>>smtpd_recipient_restrictions = permit_sasl_authenticated,
>> check_relay_domains
>>broken_sasl_auth_clients = yes
>>
>>transport_maps = mysql:/etc/postfix/transport.cf
>>virtual_mailbox_base = /home/mailusers
>>virtual_uid_maps = mysql:/etc/postfix/uids.cf
>>virtual_gid_maps = mysql:/etc/postfix/gids.cf
>>virtual_mailbox_maps = mysql:/etc/postfix/mysql_virt.cf
>>virtual_maps = mysql:/etc/postfix/virtual.cf
>>
>>So if i use smtpd_recipient_restrictions = permit_sasl_authenticated,
>>check_relay_domains first time is verufied the user and pass anf if
>>fail, is verified my relay.
>>
>>I asked WHAT I CAN READ in logs: mysql plugin couldnt connect to any
host
>>
>>WHAT HAS IN COMMON THIS MESSAGE WITH MY RELAY POLICY!!!!!
>>IT SOUNDS WERY CLEAR :MYSQL-PLUGIN....
>>
>>so i ask again , how it can be athenticated an user via sasl2+mysql. (
>>i prefer to use method with auxprop).
>>
>>As i writed in one my last email:
>># cat /usr/local/lib/sasl2/smtpd.conf
>>pwcheck_method: auxprop
>>mysql_user: postfix
>>mysql_passwd: postfix
>>mysql_hostnames: localhost
>>mysql_database: maildb
>>mysql_statement: select clear from users where id = '%u'
>>mysql_verbose:
>>
>>Can confirm or infirm someone this config file?
>>
>>
>>Douglas Blood wrote:
>>
>>
>>
>>>You are connecting from localhost. Most servers are configured to relay
>>>
>>>
>for
>
>
>>>localhost reguardless of what the auth returns. Can you try to connect
>>>
>>>
>and
>
>
>>>send a message not using auth. If that works.. then your relay
rules are
>>>wrong and that is why the email was sent.
>>>
>>>can you enable the LOGIN auth method? I think that is what i use and
mine
>>>works.
>>>----- Original Message -----
>>>From: "Alex Pita" <newmailsofthome.net>
>>>To: "Douglas Blood" <dbloodmatraex.com>
>>>Sent: Thursday, October 24, 2002 10:11 AM
>>>Subject: Re: Mysql+Cyrus-sasl2 sample for smtp-auth!
>>>
>>>
>>>
>>>
>>>>Im afraid that dont understand. what to prove.
>>>>
>>>>Can you prove that relaying only works when SMTP AUTH is used?
>>>>
>>>>This is what i want to ask. ....
>>>>
>>>>how can im sure that this mail was not sent using relay policy?
>>>>
>>>>Douglas Blood wrote:
>>>>
>>>>
>>>>
>>>>>I agree with this.. i also noticed that when i had it working
with pam
>>>>>
>>>>>
>i
>
>
>>>had
>>>
>>>
>>>
>>>>>PLAIN and LOGIN as my auth types. I noticed that LOGIN wasnt' one of
>>>>>
>>>>>
>>>>>
>>>yours.
>>>
>>>
>>>
>>>>>Is there a resaon why you don't have that?
>>>>>---- Original Message -----
>>>>>From: "Patrick Koetter" <pstate-of-mind.de>
>>>>>To: <postfix-userspostfix.org>
>>>>>Sent: Thursday, October 24, 2002 9:47 AM
>>>>>Subject: Re: Mysql+Cyrus-sasl2 sample for smtp-auth!
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>>Alex,
>>>>>>
>>>>>>
>>>>>>
>>>>>>>Some news , i dont know if good but...
>>>>>>>
>>>>>>>I changed in /usr/local/lib/sasl2/smtpd.conf from
>>>>>>>pwcheck_method: pam
>>>>>>>now in
>>>>>>>pwcheck_method: saslauthd
>>>>>>>
>>>>>>>I tryed to send a message using smtp-auth and the mai was sent! I
>>>>>>>afraid that not using auth.
>>>>>>>I can read in logs: mysql plugin couldnt connect to any host
>>>>>>>
>>>>>>>Does it mean that pam_mysql plugin is not authorized the
>>>>>>>
>>>>>>>
>connection????
>
>
>>>>>>it's time to simplify your setup.
>>>>>>Can you prove that SASL works with /etc/passwd?
>>>>>>Can you prove that relaying only works when SMTP AUTH is used?
>>>>>>
>>>>>>You are juggling far too many things that should be set and proven
>>>>>>
>>>>>>
>when
>
>
>>>>>you
>>>>>
>>>>>
>>>>>
>>>>>>take the step to configure SASL 2 to use MySQL.
>>>>>>
>>>>>>prick
>>>>>>
>>>>>>
>>>>>>-
>>>>>>To unsubscribe, send mail to majordomopostfix.org with content
>>>>>>(not subject): unsubscribe postfix-users
>>>>>>
>>>>>>
>>>>>>
>>>>>-
>>>>>To unsubscribe, send mail to majordomopostfix.org with content
>>>>>(not subject): unsubscribe postfix-users
>>>>>
>>>>>
>>>>>
>>>>
>>>>
>>>>
>>>
>>>
>>
>>
>>
>>
>
>
>
>

-
To unsubscribe, send mail to majordomopostfix.org with content
(not subject): unsubscribe postfix-users

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]