|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Re: Cyrus Sasl is not working with Postfix 2.2.10 on Centos4.4
From: Tony Earnshaw (tonni
hetnet.nl)
Date: Tue Jan 02 2007 - 04:49:10 CST
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
ankush grover wrote:
> I am trying to configure Postfix with Sasl Authentication but it is
> not working. I am using Postfix 2.2.10 on Centos 4.4 with Dovecot 1.0
> version and this is a testing machine.
>
> telnet localhost 25
> Trying 127.0.0.1...
> Connected to localhost.localdomain (127.0.0.1).
> Escape character is '^]'.
> 220 ankush.ankush.com ESMTP Postfix
> EHLO
> 501 Syntax: EHLO hostname
> EHLO localhost
> 250-ankush.ankush.com
> 250-PIPELINING
> 250-SIZE 51200000
> 250-VRFY
> 250-ETRN
> 250-STARTTLS
> 250 8BITMIME
> Output of postconf -n
>
> alias_database = hash:/etc/aliases
> alias_maps = hash:/etc/aliases
> broken_sasl_auth_clients = yes
> command_directory = /usr/sbin
> config_directory = /etc/postfix
> daemon_directory = /usr/libexec/postfix
> debug_peer_level = 2
> default_destination_concurrency_limit = 20
> fast_flush_domains = $relay_domains
> header_checks = regexp:/etc/postfix/header_checks
> home_mailbox = Maildir/
> html_directory = no
> in_flow_delay = 1s
> inet_interfaces = all
> local_destination_concurrency_limit = 2
> mail_owner = postfix
> mailq_path = /usr/bin/mailq.postfix
> manpage_directory = /usr/share/man
> masquerade_domains = ankush.com
> message_size_limit = 51200000
> mydestination = $myhostname, localhost.$mydomain, $mydomain
> myhostname = ankush.ankush.com
> mynetworks = 192.168.2.0/24, 127.0.0.0/8
> mynetworks_style = subnet
> myorigin = $mydomain
> newaliases_path = /usr/bin/newaliases.postfix
> queue_directory = /var/spool/postfix
> recipient_delimiter = +
> sendmail_path = /usr/sbin/sendmail.postfix
> setgid_group = postdrop
> smtp_sasl_auth_enable = yes
> smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd
> smtp_sasl_security_options = noanonymous
> smtp_tls_note_starttls_offer = yes
> smtp_use_tls = yes
From the above line: You have to do a "starttls" before you get to see
the AUTH modules available.
Use 'openssl s_client -starttls smtp -connect ankush.ankush.com:25' (or
465, depending on your smtpd setup) and then do an ehlo to test.
> smtpd_recipient_restrictions = permit_mynetworks,
> permit_sasl_authenticated, permit
> smtpd_sasl_local_domain =
> smtpd_sender_restrictions = permit_mynetworks,
> permit_sasl_authenticated, permit
> smtpd_tls_CAfile = /etc/postfix/cacert.pem
> smtpd_tls_auth_only = yes
> smtpd_tls_cert_file = /etc/postfix/newcert.pem
> smtpd_tls_key_file = /etc/postfix/newreq.pem
> smtpd_tls_loglevel = 1
> smtpd_tls_received_header = yes
> smtpd_tls_session_cache_timeout = 3600s
> smtpd_use_tls = yes
> tls_random_source = dev:/dev/urandom
> unknown_local_recipient_reject_code = 550
>
>
>
> /usr/lib/sasl2/smtpd.conf
> pwcheck_method: saslauthd
> mech_list: plain login
>
> testsaslauthd -u ankush -p ankush
> 0: OK "Success."
>
>
> Postfix is compiled with SASL 2.0 support, but I can't see any
> authentication mechanism when I telnet .
>
> Please guide me what wrong I am doing.
Not much, probably. If, after the above, you still don't see any AUTH
modules, do 'postconf -A' and see if dovecot is reported. If not, read
the SASL README - it'll tell you what do do to build Postfix for dovecot
- although if this is a Centos package, it probably is built for docecot
SASL.
--Tonni
--
Tony Earnshaw
Email: tonni at hetnet.nl
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]