NEOHAPSIS - Peace of Mind Through Integrity and Insight

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com

Neohapsis > Archives > Postfix Discussion> 2003-04

SUMMARY: Getting SMTP AUTH to work with SASL2 (was: Re: Getting SMTP AUTH to work with SASL2)

From: Alexander Skwar (lists.ASkwaremail-server.info)
Date: Sat Apr 05 2003 - 08:50:31 CST

Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hello.

Here's a little summary about what I had to do to get SMTP AUTH to work
in addition to the Postfix-Cyrus-Web-cyradm-HOWTO
(http://kuerzer.de/Idoh69Bcg):

# Stop MySQL and SASLAUTHD services

# Create directory for runtime files
mkdir -p /var/spool/postfix/var/run
# Move sockets into chroot
mv /var/run/{mysqld,saslauthd} /var/spool/postfix/var/run/
# Create symlinks, so that the old setup with the default
# locations is still intact
ln -s /var/spool/postfix/var/run/{mysql,saslauth}d /var/run

# Edit the socket statements in /etc/mysql/my.cnf to
# point to /var/spool/postfix/var/run/mysqld/.

# Make sure the postfix user (postconf mail_owner) has
# access to the directory /var/spool/postfix/var/run/saslauthd
# For me, I needed to add the user "postfix" to the group "mail".

# Restart MySQL and SASLAUTHD

Notes:
The file /usr/lib/sasl2/smtpd.conf is *NOT* needed. smtpd.conf has to
be in /etc/postfix/sasl/. It seems that other locations are not
checked.
The chroot /var/spool/postfix does NOT need to contain these directories
and files:
etc/pam.d/
etc/sasl2/
etc/sasldb2
lib/security
usr/lib/sasl2

Contents of my chroot:

rootemail-server:/var/spool/postfix# LC_ALL=C LANG=C ls -laR etc lib usr var
etc:
total 44
drwxr-xr-x 2 root root 4096 Apr 5 16:05 .
drwxr-xr-x 19 root root 4096 Apr 3 16:46 ..
-rw-r--r-- 1 root root 309 Apr 5 16:15 hosts
-rw-r--r-- 1 root root 837 Apr 5 16:15 localtime
-rw-r--r-- 1 root root 456 Apr 5 16:15 nsswitch.conf
-rw-r--r-- 1 root root 98 Apr 5 16:15 resolv.conf
-rw-r--r-- 1 root root 16651 Apr 5 16:15 services

lib:
total 192
drwxr-xr-x 2 root root 4096 Apr 5 16:15 .
drwxr-xr-x 19 root root 4096 Apr 3 16:46 ..
-rw-r--r-- 1 root root 38892 Mar 21 17:19 libnss_compat-2.3.1.so
lrwxrwxrwx 1 root root 22 Apr 5 16:15 libnss_compat.so.2 -> libnss_compat-2.3.1.so
-rw-r--r-- 1 root root 12828 Mar 21 17:19 libnss_dns-2.3.1.so
lrwxrwxrwx 1 root root 19 Apr 5 16:15 libnss_dns.so.2 -> libnss_dns-2.3.1.so
-rw-r--r-- 1 root root 32204 Mar 21 17:19 libnss_files-2.3.1.so
lrwxrwxrwx 1 root root 21 Apr 5 16:15 libnss_files.so.2 -> libnss_files-2.3.1.so
-rw-r--r-- 1 root root 13340 Mar 21 17:19 libnss_hesiod-2.3.1.so
lrwxrwxrwx 1 root root 22 Apr 5 16:15 libnss_hesiod.so.2 -> libnss_hesiod-2.3.1.so
lrwxrwxrwx 1 root root 21 Apr 5 16:15 libnss_lwres.so -> libnss_lwres.so.2.0.0
lrwxrwxrwx 1 root root 21 Apr 5 16:15 libnss_lwres.so.2 -> libnss_lwres.so.2.0.0
-rw-r--r-- 1 root root 4568 Apr 14 2002 libnss_lwres.so.2.0.0
-rw-r--r-- 1 root root 30888 Mar 21 17:19 libnss_nis-2.3.1.so
lrwxrwxrwx 1 root root 19 Apr 5 16:15 libnss_nis.so.2 -> libnss_nis-2.3.1.so
-rw-r--r-- 1 root root 36912 Mar 21 17:19 libnss_nisplus-2.3.1.so
lrwxrwxrwx 1 root root 23 Apr 5 16:15 libnss_nisplus.so.2 -> libnss_nisplus-2.3.1.so

usr:
total 12
drwxr-xr-x 3 root root 4096 Apr 1 12:24 .
drwxr-xr-x 19 root root 4096 Apr 3 16:46 ..
drwxr-xr-x 3 root root 4096 Apr 5 15:51 lib

usr/lib:
total 12
drwxr-xr-x 3 root root 4096 Apr 5 15:51 .
drwxr-xr-x 3 root root 4096 Apr 1 12:24 ..
drwxr-xr-x 2 root root 4096 Apr 5 16:15 zoneinfo

usr/lib/zoneinfo:
total 8
drwxr-xr-x 2 root root 4096 Apr 5 16:15 .
drwxr-xr-x 3 root root 4096 Apr 5 15:51 ..
lrwxrwxrwx 1 root root 14 Apr 5 16:15 localtime -> /etc/localtime

var:
total 12
drwxr-xr-x 3 root root 4096 Apr 3 16:46 .
drwxr-xr-x 19 root root 4096 Apr 3 16:46 ..
drwxr-xr-x 4 root root 4096 Apr 5 15:59 run

var/run:
total 16
drwxr-xr-x 4 root root 4096 Apr 5 15:59 .
drwxr-xr-x 3 root root 4096 Apr 3 16:46 ..
drwxr-xr-x 2 mysql root 4096 Apr 5 15:56 mysqld
drwx--x--- 2 cyrus mail 4096 Apr 5 15:59 saslauthd

var/run/mysqld:
total 12
drwxr-xr-x 2 mysql root 4096 Apr 5 15:56 .
drwxr-xr-x 4 root root 4096 Apr 5 15:59 ..
-rw-rw---- 1 mysql mysql 4 Apr 5 15:56 mysqld.pid
srwxrwxrwx 1 mysql mysql 0 Apr 5 15:56 mysqld.sock

var/run/saslauthd:
total 12
drwx--x--- 2 cyrus mail 4096 Apr 5 15:59 .
drwxr-xr-x 4 root root 4096 Apr 5 15:59 ..
srwxrwxrwx 1 root root 0 Apr 5 15:59 mux
-rw------- 1 root root 0 Apr 2 23:27 mux.accept
-rw------- 1 root root 6 Apr 5 15:59 mux.pid

---------------------------------------- postconf -n:

alias_database = hash:/etc/aliases
alias_maps = hash:/etc/aliases
append_dot_mydomain = no
biff = no
broken_sasl_auth_clients = yes
command_directory = /usr/sbin
config_directory = /etc/postfix
daemon_directory = /usr/lib/postfix
mailbox_command = procmail -a "$EXTENSION"
mailbox_size_limit = 0
mailbox_transport = cyrus
mydestination = email-server.info, localhost.localdomain, localhost, message-center.info, info.gotdns.com, info.dyndns.tv
mydomain = email-server.info
myhostname = email-server.info
mynetworks = 127.0.0.0/8
myorigin = /etc/mailname
program_directory = /usr/lib/postfix
recipient_delimiter = +
sender_canonical_maps = mysql:/etc/postfix/mysql-canonical.cf
setgid_group = postdrop
smtpd_banner = $myhostname ESMTP $mail_name (Debian/GNU)
smtpd_recipient_restrictions = permit_sasl_authenticated, permit_mynetworks, reject_unauth_destination
smtpd_sasl_auth_enable = yes
smtpd_sasl_local_domain =
smtpd_sasl_security_options = noanonymous

---------------------------------------- /etc/postfix/master.cf:

smtp inet n - - - - smtpd
pickup fifo n - - 60 1 pickup
cleanup unix n - - - 0 cleanup
qmgr fifo n - - 300 1 qmgr
rewrite unix - - - - - trivial-rewrite
bounce unix - - - - 0 bounce
defer unix - - - - 0 bounce
flush unix n - - 1000? 0 flush
proxymap unix - - n - - proxymap
smtp unix - - - - - smtp
relay unix - - - - - smtp
showq unix n - - - - showq
error unix - - - - - error
local unix - n n - - local
virtual unix - n n - - virtual
lmtp unix - - n - - lmtp

maildrop unix - n n - - pipe
  flags=DRhu user=vmail argv=/usr/local/bin/maildrop -d ${recipient}
cyrus unix - n n - - pipe
  flags= user=cyrus argv=/usr/sbin/cyrdeliver -r ${sender} -m ${extension} ${user}
uucp unix - n n - - pipe
  flags=Fqhu user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail ($recipient)
ifmail unix - n n - - pipe
  flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient)
bsmtp unix - n n - - pipe
  flags=Fq. user=bsmtp argv=/usr/lib/bsmtp/bsmtp -d -t$nexthop -f$sender $recipient
scalemail-backend unix - n n - 2 pipe
  flags=R user=scalemail argv=/usr/lib/scalemail/bin/scalemail-store ${nexthop} ${user} ${extension}

smtps inet n - n - - smtpd -o smtpd_tls_wrappermode=yes -o smtpd_sasl_auth_enable=yes
587 inet n - n - - smtpd -o smtpd_enforce_tls=yes -o smtpd_sasl_auth_enable=yes

--------------------------------------------------------------------------------

This works for me on Debian Woody 3.0r1 with some updates from Testing.
postfix 2.0.3 linked against SASL2 - I can provide .deb files, if
needed.
MySQL 3.23.54a (mysql 3.23.54a-0.woody.5)
libpam-mysql_0.4.7-1
SASL2 (libsasl2_2.1.10-0.woody.1)

Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]