NEOHAPSIS - Peace of Mind Through Integrity and Insight

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com

Neohapsis > Archives > Postfix Discussion> 2003-11

Re: saslauthd + postfix not talking

From: Andreas Winkelmann (mlawinkelmann.de)
Date: Sun Nov 23 2003 - 02:49:43 CST

Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Am Sonntag, 23. November 2003 04:03 schrieb Brendon Baumgartner:

> The ultimate goal is to get ldap + sasl + postfix. Everything works except
> for smtpd -> saslauthd.
>
> I read readmes, howtos, list archives, and manpages. I have all the
> processes in debug mode, everything looks great, except postfix won't do
> SMTP AUTH with saslauthd. Postfix is looking for a DB file instead of
> talking to saslauthd.
>
> I'm using debian.
>
> evplus:/etc/postfix/sasl# dpkg -l|grep postfix
> ii postfix 2.0.16-2 A high-performance mail transport agent
> ii postfix-ldap 2.0.16-2 LDAP map support for Postfix
> ii postfix-tls 2.0.16-2 TLS and SASL support for Postfix
>
> evplus:/etc/postfix# dpkg -l|grep sasl
> ii libsasl2 2.1.15-6 Authentication abstraction library
> ii libsasl2-modul 2.1.15-6 Pluggable Authentication Modules for SASL
> ii libsasl7 1.5.27-3.5 Authentication abstraction library.
> ii sasl2-bin 2.1.15-6 Programs for manipulating the SASL users

There are both versions of sasl on your disk. Which is used by Postfix?

# ldd `postconf -h daemon_directory`/smtpd | grep sasl

???

> evplus:/etc/postfix/sasl# cat smtpd.conf
> pwcheck_method: saslauthd
>
> (I've also tried adding "mech_list: PLAIN LOGIN ANONYMOUS" to smtpd.conf
> also)

Hmm, two possible reasons. One you are using sasl-v1, which doesn't understand
mech_list: and the second is, this is the wrong path for your smtpd.conf.

In the above output, you should see the path to your sasl-lib. Show this
output, too:

# strings /path/to/libsasl.so | grep ^/

> evplus:/etc/postfix/sasl# tail /var/log/mail.log
> Nov 22 21:49:43 evplus postfix/smtpd[27317]: warning: SASL authentication
> problem: unable to open Berkeley db /etc/sasldb2: No such file or directory
> Nov 22 21:49:43 evplus postfix/smtpd[27317]: warning: SASL authentication
> problem: unable to open Berkeley db /etc/sasldb2: No such file or directory
> Nov 22 21:49:43 evplus postfix/smtpd[27317]: warning: SASL authentication
> failure: no secret in database
> Nov 22 21:49:43 evplus postfix/smtpd[27317]: warning:
> adsl-68-120-200-178.dsl.pltn13.pacbell.net[68.120.200.178]: SASL CRAM-MD5
> authentication failed
>
> From main.cf:
> smtpd_sasl_auth_enable = yes
> smtpd_sasl_local_domain = $myhostname

This should be:

smtpd_sasl_local_domain =

with saslauthd.

> check_relay_domains = yes
> smtpd_recipient_restrictions = permit_mynetworks,
> permit_sasl_authenticated, reject_unauth_destination

And check out for chroot'ing your smtpd. Switch it off, until sasl with
saslauthd works.

--
Andreas

Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]