NEOHAPSIS - Peace of Mind Through Integrity and Insight

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com

Neohapsis > Archives > Postfix Discussion> 2003-04

Getting SMTP AUTH to work with SASL2

From: Alexander Skwar (lists.ASkwaremail-server.info)
Date: Sat Apr 05 2003 - 05:09:50 CST

Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hello.

I'm trying to setup postfix 2.0.3 on a Debian Woody server with
pam_mysql and SASL2, following the Postfix-Cyrus-Web-cyradm-HOWTO
(http://tinyurl.com/8vji).

I assume that the pam_mysql and SASL2 parts are working, because I'm
able to login with Cyrus IMAP.

However, when I try to login with SMTP AUTH, I get the following error
message in /var/log/mail.warn:

Apr 5 13:05:32 debian postfix/smtpd[31679]: connect from
port-212-202-188-167.reverse.qdsl-home.de[212.202.188.167]
Apr 5 13:05:32 debian postfix/smtpd[31679]: warning: SASL
authentication failure: cannot connect to saslauthd server: Permission
denied
Apr 5 13:05:32 debian postfix/smtpd[31679]: warning: SASL
authentication failure: Password verification failed
Apr 5 13:05:32 debian postfix/smtpd[31679]: warning:
port-212-202-188-167.reverse.qdsl-home.de[212.202.188.167]: SASL PLAIN
authentication failed

The part that is causing me headaches, is:

SASL authentication failure: cannot connect to saslauthd server:
Permission denied

Which file does postfix try to access?

Versions:

postfix 2.0.3 linked against SASL2
cyrus-sasl 2.1.10
pam_mysql 0.4.7
MySQL 3.23.54a
Debian Woody 3.0r1 plus some updates from testing

-------------------------------------------------- /etc/pam.d/smtp:

auth sufficient pam_mysql.so user=mail passwd=XXX host=localhost db=mail
table=accountuser usercolumn=username passwdcolumn=password crypt=1

account required pam_mysql.so user=mail passwd=XXX host=localhost
db=mail table=accountuser usercolumn=username passwdcolumn=password
crypt=1

-------------------------------------------------- /etc/smtpd.conf:

pwcheck_method: saslauthd

-------------------------------------------------- posfconf -n:

alias_database = hash:/etc/aliases
alias_maps = hash:/etc/aliases
append_dot_mydomain = no
biff = no
broken_sasl_auth_clients = yes
command_directory = /usr/sbin
config_directory = /etc/postfix
daemon_directory = /usr/lib/postfix
debug_peer_level = 9
debug_peer_list = 212.202.190.206
mailbox_command = procmail -a "$EXTENSION"
mailbox_size_limit = 0
mailbox_transport = cyrus
mydestination = email-server.info, localhost.localdomain, localhost,
message-center.info, info.gotdns.com, info.dyndns.tv
mydomain = email-server.info
myhostname = email-server.info
mynetworks = 127.0.0.0/8
myorigin = /etc/mailname
program_directory = /usr/lib/postfix
recipient_delimiter = +
sender_canonical_maps = mysql:/etc/postfix/mysql-canonical.cf
setgid_group = postdrop
smtpd_banner = $myhostname ESMTP $mail_name (Debian/GNU)
smtpd_recipient_restrictions = permit_sasl_authenticated,
permit_mynetworks, reject_unauth_destination
smtpd_sasl_auth_enable = yes
smtpd_sasl_local_domain =
smtpd_sasl_security_options = noanonymous

-------------------------------- Dateien in /var/spool/postfix/:

rootemail-server:/etc/pam.d# cd /var/spool/postfix/
rootemail-server:/var/spool/postfix# find . -type f -exec ls -lar {} \;
-rw-rw---- 1 mysql mysql 5 ./var/run/mysqld/mysqld.pid
-rw------- 1 root root 6 ./var/run/saslauthd/mux.pid
-rw------- 1 root root 0 ./var/run/saslauthd/mux.accept
-rw-r--r-- 1 root root 837 ./etc/localtime
-rw-r--r-- 1 root root 16651 ./etc/services
-rw-r--r-- 1 root root 98 ./etc/resolv.conf
-rw-r--r-- 1 root root 309 ./etc/hosts
-rw-r--r-- 1 root root 456 ./etc/nsswitch.conf
-rw-rw-rw- 1 cyrus root 12288 ./etc/sasldb2
-rw-r--r-- 1 root root 646 ./etc/pam.d/other
-rw-r--r-- 1 root root 1014 ./etc/pam.d/smtp
-rw-r--r-- 1 root root 38892 ./lib/libnss_compat-2.3.1.so
-rw-r--r-- 1 root root 12828 ./lib/libnss_dns-2.3.1.so
-rw-r--r-- 1 root root 32204 ./lib/libnss_files-2.3.1.so
-rw-r--r-- 1 root root 13340 ./lib/libnss_hesiod-2.3.1.so
-rw-r--r-- 1 root root 4568 ./lib/libnss_lwres.so.2.0.0
-rw-r--r-- 1 root root 30888 ./lib/libnss_nis-2.3.1.so
-rw-r--r-- 1 root root 36912 ./lib/libnss_nisplus-2.3.1.so
-rw-r--r-- 1 root root 7940 ./lib/security/pam_access.so
-rw-r--r-- 1 root root 12388 ./lib/security/pam_cracklib.so
-rw-r--r-- 1 root root 5608 ./lib/security/pam_debug.so
-rw-r--r-- 1 root root 3364 ./lib/security/pam_deny.so
-rw-r--r-- 1 root root 9976 ./lib/security/pam_env.so
-rw-r--r-- 1 root root 10636 ./lib/security/pam_filter.so
-rw-r--r-- 1 root root 5820 ./lib/security/pam_ftp.so
-rw-r--r-- 1 root root 10240 ./lib/security/pam_group.so
-rw-r--r-- 1 root root 7344 ./lib/security/pam_issue.so
-rw-r--r-- 1 root root 7436 ./lib/security/pam_lastlog.so
-rw-r--r-- 1 root root 11884 ./lib/security/pam_limits.so
-rw-r--r-- 1 root root 8608 ./lib/security/pam_listfile.so
-rw-r--r-- 1 root root 8292 ./lib/security/pam_mail.so
-rw-r--r-- 1 root root 15676 ./lib/security/pam_mkhomedir.so
-rw-r--r-- 1 root root 4184 ./lib/security/pam_motd.so
-rw-r--r-- 1 root root 9772 ./lib/security/pam_mysql.so
-rw-r--r-- 1 root root 5048 ./lib/security/pam_nologin.so
-rw-r--r-- 1 root root 3632 ./lib/security/pam_permit.so
-rw-r--r-- 1 root root 10320
./lib/security/pam_rhosts_auth.so
-rw-r--r-- 1 root root 3828 ./lib/security/pam_rootok.so
-rw-r--r-- 1 root root 5416 ./lib/security/pam_securetty.so
-rw-r--r-- 1 root root 4516 ./lib/security/pam_shells.so
-rw-r--r-- 1 root root 10252 ./lib/security/pam_stress.so
-rw-r--r-- 1 root root 8752 ./lib/security/pam_tally.so
-rw-r--r-- 1 root root 8936 ./lib/security/pam_time.so
-rw-r--r-- 1 root root 5416 ./lib/security/pam_tmpdir.so
-rw-r--r-- 1 root root 41412 ./lib/security/pam_unix.so
-rw-r--r-- 1 root root 7224 ./lib/security/pam_userdb.so
-rw-r--r-- 1 root root 4448 ./lib/security/pam_warn.so
-rw-r--r-- 1 root root 5424 ./lib/security/pam_wheel.so
-rw-r--r-- 1 root root 752 ./usr/lib/sasl2/libanonymous.la
-rw-r--r-- 1 root root 10668
./usr/lib/sasl2/libanonymous.so.2.0.10
-rw-r--r-- 1 root root 738 ./usr/lib/sasl2/libcrammd5.la
-rw-r--r-- 1 root root 13240
./usr/lib/sasl2/libcrammd5.so.2.0.10
-rw-r--r-- 1 root root 761 ./usr/lib/sasl2/libdigestmd5.la
-rw-r--r-- 1 root root 38920
./usr/lib/sasl2/libdigestmd5.so.2.0.10
-rw-r--r-- 1 root root 732 ./usr/lib/sasl2/liblogin.la
-rw-r--r-- 1 root root 11384
./usr/lib/sasl2/liblogin.so.2.0.10
-rw-r--r-- 1 root root 784 ./usr/lib/sasl2/libmysql.la
-rw-r--r-- 1 root root 12580
./usr/lib/sasl2/libmysql.so.2.0.10
-rw-r--r-- 1 root root 726 ./usr/lib/sasl2/libntlm.la
-rw-r--r-- 1 root root 16044
./usr/lib/sasl2/libntlm.so.2.0.10
-rw-r--r-- 1 root root 726 ./usr/lib/sasl2/libotp.la
-rw-r--r-- 1 root root 38976 ./usr/lib/sasl2/libotp.so.2.0.10
-rw-r--r-- 1 root root 732 ./usr/lib/sasl2/libplain.la
-rw-r--r-- 1 root root 11196
./usr/lib/sasl2/libplain.so.2.0.10
-rw-r--r-- 1 root root 738 ./usr/lib/sasl2/libsasldb.la
-rw-r--r-- 1 root root 13812
./usr/lib/sasl2/libsasldb.so.2.0.10
-rw------- 1 root root 17 ./pid/master.pid
-rw------- 1 root root 0 ./pid/unix.cleanup
-rw------- 1 root root 0 ./pid/unix.local
-rw------- 1 root root 0 ./pid/inet.smtp
-rw------- 1 root root 0 ./pid/unix.showq
-rw------- 1 root root 0 ./pid/unix.smtp
-rw------- 1 root root 0 ./pid/unix.cyrus
-rw------- 1 root root 0 ./pid/unix.bounce
-rw------- 1 root root 0 ./pid/unix.relay
-rw------- 1 root root 0 ./pid/inet.smtps

-----------------------------------------------------------------------------

Which additional information are needed, so that someone might be able
to help me?

Thanks a lot,

Alexander Skwar
--
/* So there I am, in the middle of my `netfilter-is-wonderful'
   talk in Sydney, and someone asks `What happens if you try
   to enlarge a 64k packet here?'. I think I said something
   eloquent like `fuck'. */
        2.4.3 linux/net/ipv4/netfilter/ip_nat_ftp.c

Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]