From: Aaron Gallagher (habnabitgmail.com)
Date: Mon Nov 28 2005 - 14:24:13 CST

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

saslfinger - postfix Cyrus sasl configuration Mon Nov 28 12:21:25 PST
2005
version: 0.9.9.1
mode: server-side SMTP AUTH

-- basics --
Postfix: 2.1.5
System:
This is \n.\O (\s \m \r) \t

-- smtpd is linked to --
         libsasl2.so.2 => /usr/local/lib/libsasl2.so.2 (0x0fada000)

-- active SMTP AUTH and TLS parameters for smtpd --
broken_sasl_auth_clients = yes
smtpd_sasl_auth_enable = yes
smtpd_sasl_local_domain =
smtpd_sasl_security_options = noanonymous
smtpd_tls_CAfile = /etc/postfix/cacert.pem
smtpd_tls_auth_only = yes
smtpd_tls_cert_file = /etc/postfix/newcert.pem
smtpd_tls_key_file = /etc/postfix/newreq.pem
smtpd_tls_loglevel = 3
smtpd_tls_received_header = yes
smtpd_tls_session_cache_timeout = 3600s
smtpd_use_tls = yes

-- listing of /usr/lib/sasl2 --
total 908
drwxr-xr-x 2 root root 4096 Oct 23 21:26 .
drwxr-xr-x 46 root root 28672 Nov 23 14:41 ..
-rwxr-xr-x 1 root root 695 Oct 23 21:26 libanonymous.la
-rwxr-xr-x 1 root root 20028 Oct 23 21:26 libanonymous.so
-rwxr-xr-x 1 root root 20028 Oct 23 21:26 libanonymous.so.2
-rwxr-xr-x 1 root root 20028 Oct 23 21:26 libanonymous.so.2.0.20
-rwxr-xr-x 1 root root 683 Oct 23 21:26 libcrammd5.la
-rwxr-xr-x 1 root root 22696 Oct 23 21:26 libcrammd5.so
-rwxr-xr-x 1 root root 22696 Oct 23 21:26 libcrammd5.so.2
-rwxr-xr-x 1 root root 22696 Oct 23 21:26 libcrammd5.so.2.0.20
-rwxr-xr-x 1 root root 713 Oct 23 21:26 libdigestmd5.la
-rwxr-xr-x 1 root root 56080 Oct 23 21:26 libdigestmd5.so
-rwxr-xr-x 1 root root 56080 Oct 23 21:26 libdigestmd5.so.2
-rwxr-xr-x 1 root root 56080 Oct 23 21:26 libdigestmd5.so.2.0.20
-rwxr-xr-x 1 root root 749 Oct 23 21:26 libgssapiv2.la
-rwxr-xr-x 1 root root 32240 Oct 23 21:26 libgssapiv2.so
-rwxr-xr-x 1 root root 32240 Oct 23 21:26 libgssapiv2.so.2
-rwxr-xr-x 1 root root 32240 Oct 23 21:26 libgssapiv2.so.2.0.20
-rwxr-xr-x 1 root root 679 Oct 23 21:26 liblogin.la
-rwxr-xr-x 1 root root 20776 Oct 23 21:26 liblogin.so
-rwxr-xr-x 1 root root 20776 Oct 23 21:26 liblogin.so.2
-rwxr-xr-x 1 root root 20776 Oct 23 21:26 liblogin.so.2.0.20
-rwxr-xr-x 1 root root 674 Oct 23 21:26 libntlm.la
-rwxr-xr-x 1 root root 39312 Oct 23 21:26 libntlm.so
-rwxr-xr-x 1 root root 39312 Oct 23 21:26 libntlm.so.2
-rwxr-xr-x 1 root root 39312 Oct 23 21:26 libntlm.so.2.0.20
-rwxr-xr-x 1 root root 679 Oct 23 21:26 libplain.la
-rwxr-xr-x 1 root root 20904 Oct 23 21:26 libplain.so
-rwxr-xr-x 1 root root 20904 Oct 23 21:26 libplain.so.2
-rwxr-xr-x 1 root root 20904 Oct 23 21:26 libplain.so.2.0.20
-rwxr-xr-x 1 root root 702 Oct 23 21:26 libsasldb.la
-rwxr-xr-x 1 root root 26848 Oct 23 21:26 libsasldb.so
-rwxr-xr-x 1 root root 26848 Oct 23 21:26 libsasldb.so.2
-rwxr-xr-x 1 root root 26848 Oct 23 21:26 libsasldb.so.2.0.20
-rwxr-xr-x 1 root root 690 Oct 23 21:26 libsql.la
-rwxr-xr-x 1 root root 26916 Oct 23 21:26 libsql.so
-rwxr-xr-x 1 root root 26916 Oct 23 21:26 libsql.so.2
-rwxr-xr-x 1 root root 26916 Oct 23 21:26 libsql.so.2.0.20

-- listing of /var/lib/sasl2 --
total 16
drwxr-xr-x 2 root root 4096 Nov 28 12:21 .
drwxr-xr-x 19 root root 4096 Nov 18 10:31 ..
-rw-r--r-- 1 root root 0 Oct 23 21:26 .keep
srwxrwxrwx 1 root root 0 Nov 23 15:07 mux
-rw------- 1 root root 0 Nov 23 15:07 mux.accept
-rw------- 1 root root 5 Nov 23 15:07 saslauthd.pid
-rw-r--r-- 1 root root 48 Nov 28 12:21 smtpd.conf

-- content of /var/lib/sasl2/smtpd.conf --
mech_list: PLAIN LOGIN
pwcheck_method: saslauthd

-- active services in /etc/postfix/master.cf --
# service type private unpriv chroot wakeup maxproc command + args
# (yes) (yes) (yes) (never) (100)
smtp inet n - n - - smtpd
smtps inet n - n - - smtpd
   -o smtpd_tls_wrappermode=yes -o smtpd_sasl_auth_enable=yes
pickup fifo n - n 60 1 pickup
cleanup unix n - n - 0 cleanup
qmgr fifo n - n 300 1 qmgr
rewrite unix - - n - - trivial-rewrite
bounce unix - - n - 0 bounce
defer unix - - n - 0 bounce
trace unix - - n - 0 bounce
verify unix - - n - 1 verify
flush unix n - n 1000? 0 flush
proxymap unix - - n - - proxymap
smtp unix - - n - - smtp
relay unix - - n - - smtp
showq unix n - n - - showq
error unix - - n - - error
local unix - n n - - local
virtual unix - n n - - virtual
lmtp unix - - n - - lmtp
anvil unix - - n - 1 anvil
maildrop unix - n n - - pipe
   flags=DRhu user=vmail argv=/usr/local/bin/maildrop -d ${recipient}
old-cyrus unix - n n - - pipe
   flags=R user=cyrus argv=/cyrus/bin/deliver -e -m ${extension} ${user}
cyrus unix - n n - - pipe
   user=cyrus argv=/cyrus/bin/deliver -e -r ${sender} -m ${extension}
${user}
uucp unix - n n - - pipe
   flags=Fqhu user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail
($recipient)
ifmail unix - n n - - pipe
   flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient)
bsmtp unix - n n - - pipe
   flags=Fq. user=foo argv=/usr/local/sbin/bsmtp -f $sender $nexthop
$recipient

-- mechanisms on localhost --

And yes, my passwords are crypted.

Aaron Gallagher
<habnabitgmail.com>

On Nov 28, 2005, at 12:17 PM, Patrick Ben Koetter wrote:

> * Aaron Gallagher <habnabitgmail.com>:
>
>> Postfix won't accept any usernames or passwords from my mysql auth
>> database. These same usernames and passwords work with courier-imap.
>>
>> Here's my logfile:
>> Nov 28 11:37:08 mazer postfix/smtpd[29565]: connect from
>> adsl-67-124-1-26.dsl.scrm01.pacbell.net[67.124.1.26]
>> Nov 28 11:37:08 mazer postfix/smtpd[29565]: setting up TLS connection
>> from adsl-67-124-1-26.dsl.scrm01.pacbell.net[67.124.1.26]
>> Nov 28 11:37:08 mazer postfix/smtpd[29565]: TLS connection
>> established from adsl-67-124-1-26.dsl.scrm01.pacbell.net
>> [67.124.1.26]: TLSv1 with cipher RC4-SHA (128/128 bits)
>> Nov 28 11:37:08 mazer postfix/smtpd[29565]: warning: SASL
>> authentication failure: Could not open /etc/sasl2/sasldb2:
>> gdbm_errno=3
>>
>
> SASL tries to access sasldb. That's what it does, when it falls
> back to
> default settings, because the configuration given doesn't work.
>
> Get saslfinger (see my signature) and run it: "saslfinger -s"
> Then send the output to the list.
> Also tell, if the passwords in your database are crypted or not.
>
> prick
>
> --
> The Book of Postfix
> <http://www.postfix-book.com>
> saslfinger (debugging SMTP AUTH):
> <http://postfix.state-of-mind.de/patrick.koetter/saslfinger/>

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]