NEOHAPSIS - Peace of Mind Through Integrity and Insight

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com

Neohapsis > Archives > Postfix Discussion> 2007-08

Re: No luck getting postfix to cooperate with cyrus-sasl/authprop/sasldb

From: Andreas Winkelmann (mlawinkelmann.de)
Date: Thu Aug 16 2007 - 14:07:55 CDT

Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Thursday 16 August 2007 17:34, Michiel Buddingh' wrote:

> I'm trying to setup a mailserver for an organisation, using virtual
> mailboxes managed by the cyrus imap server. Naturally, it is
> desirable to use the same password db for authentication.
>
> I've set postfix to using auxprop and the sasldb; This combination
> works rather nicely for the cyrus imap client on the same system.
> I've given smtpd permissions to read the sasl passwordfile
> /etc/sasldb2
>
> However, when I try to authenticate, postfix responds with a most
> unhelpful message:
>
> 250-STARTTLS
> 250-AUTH DIGEST-MD5 CRAM-MD5 LOGIN PLAIN
> 250-AUTH=DIGEST-MD5 CRAM-MD5 LOGIN PLAIN
> 250-ENHANCEDSTATUSCODES
> 250-8BITMIME
> 250 DSN
> AUTH LOGIN
> 334 VXNlcm5hbWU6
> dGVzdHVzZXI=
> 334 UGFzc3dvcmQ6
> dGVzdA==
> 535 5.7.0 Error: authentication failed: authentication failure
> QUIT
> 221 2.0.0 Bye
>
> Unfortunately, postfix is no more helpful in its logfiles:
>
> postfix/smtpd[26344]: < localhost[127.0.0.1]: AUTH LOGIN
> postfix/smtpd[26344]: xsasl_cyrus_server_first: sasl_method LOGIN
> postfix/smtpd[26344]: xsasl_cyrus_server_auth_response: uncoded server
> challenge: Username:
> postfix/smtpd[26344]: > localhost[127.0.0.1]: 334 VXNlcm5hbWU6
> postfix/smtpd[26344]: < localhost[127.0.0.1]: dGVzdHVzZXI=
> postfix/smtpd[26344]: xsasl_cyrus_server_next: decoded response: testuser
> postfix/smtpd[26344]: xsasl_cyrus_server_auth_response: uncoded server
> challenge: Password:
> postfix/smtpd[26344]: > localhost[127.0.0.1]: 334 UGFzc3dvcmQ6
> postfix/smtpd[26344]: < localhost[127.0.0.1]: dGVzdA==
> postfix/smtpd[26344]: xsasl_cyrus_server_next: decoded response: test
> postfix/smtpd[26344]: warning: localhost[127.0.0.1]: SASL LOGIN
> authentication failed: authentication failure
> postfix/smtpd[26344]: > localhost[127.0.0.1]: 535 5.7.0 Error:
> authentication failed: authentication failure
> postfix/smtpd[26344]: < localhost[127.0.0.1]: QUIT
> postfix/smtpd[26344]: > localhost[127.0.0.1]: 221 2.0.0 Bye
>
> Is there anyone here who can shed some light on this?
>
> Output of saslfinger -s:
>
> saslfinger - postfix Cyrus sasl configuration Thu Aug 16 17:33:38 CEST 2007
> version: 1.0.2
> mode: server-side SMTP AUTH
>
> -- basics --
> Postfix: 2.3.2
> System:
> Welcome to openSUSE 10.2 (i586) - Kernel \r (\l).
>
> -- smtpd is linked to --
> libsasl2.so.2 => /usr/lib/libsasl2.so.2 (0xb7e19000)
>
> -- active SMTP AUTH and TLS parameters for smtpd --
> broken_sasl_auth_clients = yes
> smtpd_sasl_auth_enable = yes
> smtpd_sasl_local_domain = $myhostname

Show the entry of "testuser" in the Output of "sasldblistusers2". Amd show the
content of $myhostname "postconf myhostname".

> smtpd_tls_CAfile = /home/mail/ssl/cacert.pem
> smtpd_tls_cert_file = /home/mail/ssl/smtpd.crt
> smtpd_tls_key_file = /home/mail/ssl/smtpd.key
> smtpd_tls_loglevel = 3
> smtpd_tls_received_header = yes
> smtpd_tls_session_cache_timeout = 3600s
> smtpd_use_tls = yes
>
>
> -- listing of /usr/lib/sasl2 --
> total 568
> drwxr-xr-x 2 root root 4096 2007-08-16 15:13 .
> drwxr-xr-x 101 root root 69632 2007-08-13 14:02 ..
> -rwxr-xr-x 1 root root 14136 2006-11-25 17:53 libanonymous.so
> -rwxr-xr-x 1 root root 14136 2006-11-25 17:53 libanonymous.so.2
> -rwxr-xr-x 1 root root 14136 2006-11-25 17:53 libanonymous.so.2.0.22
> -rwxr-xr-x 1 root root 18260 2006-11-25 17:53 libcrammd5.so
> -rwxr-xr-x 1 root root 18260 2006-11-25 17:53 libcrammd5.so.2
> -rwxr-xr-x 1 root root 18260 2006-11-25 17:53 libcrammd5.so.2.0.22
> -rwxr-xr-x 1 root root 43180 2006-11-25 17:53 libdigestmd5.so
> -rwxr-xr-x 1 root root 43180 2006-11-25 17:53 libdigestmd5.so.2
> -rwxr-xr-x 1 root root 43180 2006-11-25 17:53 libdigestmd5.so.2.0.22
> -rwxr-xr-x 1 root root 26568 2006-11-25 17:53 libgssapiv2.so
> -rwxr-xr-x 1 root root 26568 2006-11-25 17:53 libgssapiv2.so.2
> -rwxr-xr-x 1 root root 26568 2006-11-25 17:53 libgssapiv2.so.2.0.22
> -rwxr-xr-x 1 root root 14164 2006-11-25 17:53 liblogin.so
> -rwxr-xr-x 1 root root 14164 2006-11-25 17:53 liblogin.so.2
> -rwxr-xr-x 1 root root 14164 2006-11-25 17:53 liblogin.so.2.0.22
> -rwxr-xr-x 1 root root 14164 2006-11-25 17:53 libplain.so
> -rwxr-xr-x 1 root root 14164 2006-11-25 17:53 libplain.so.2
> -rwxr-xr-x 1 root root 14164 2006-11-25 17:53 libplain.so.2.0.22
> -rwxr-xr-x 1 root root 22348 2006-11-25 17:53 libsasldb.so
> -rwxr-xr-x 1 root root 22348 2006-11-25 17:53 libsasldb.so.2
> -rwxr-xr-x 1 root root 22348 2006-11-25 17:53 libsasldb.so.2.0.22
>
> -- listing of /etc/sasl2 --
> total 20
> drwxr-xr-x 2 root root 4096 2007-08-16 16:42 .
> drwxr-xr-x 80 root root 12288 2007-08-16 16:31 ..
> -rw------- 1 root root 116 2007-08-16 16:42 smtpd.conf
>
>
>
>
> -- content of /etc/sasl2/smtpd.conf --
> pwcheck_method: auxprop
> auxprop_plugin: sasldb
> mech_list: PLAIN LOGIN CRAM-MD5 DIGEST-MD5
> sasl_log_level: 9
>
>
> -- active services in /etc/postfix/master.cf --
> # service type private unpriv chroot wakeup maxproc command + args
> # (yes) (yes) (yes) (never) (100)
> smtp inet n - n - - smtpd -v
> pickup fifo n - n 60 1 pickup
> cleanup unix n - n - 0 cleanup
> qmgr fifo n - n 300 1 qmgr
> tlsmgr unix - - n 1000? 1 tlsmgr -v
> rewrite unix - - n - - trivial-rewrite
> bounce unix - - n - 0 bounce
> defer unix - - n - 0 bounce
> trace unix - - n - 0 bounce
> verify unix - - n - 1 verify
> flush unix n - n 1000? 0 flush
> proxymap unix - - n - - proxymap
> smtp unix - - n - - smtp
> relay unix - - n - - smtp
> -o fallback_relay=
> showq unix n - n - - showq
> error unix - - n - - error
> discard unix - - n - - discard
> local unix - n n - - local
> virtual unix - n n - - virtual
> lmtp unix - - n - - lmtp
> anvil unix - - n - 1 anvil
> scache unix - - n - 1 scache
> maildrop unix - n n - - pipe
> flags=DRhu user=vmail argv=/usr/local/bin/maildrop -d ${recipient}
> cyrus unix - n n - - pipe
> user=cyrus argv=/usr/lib/cyrus/bin/deliver -e -r ${sender} -m
> ${extension} ${user}
> uucp unix - n n - - pipe
> flags=Fqhu user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail
> ($recipient) ifmail unix - n n - - pipe
> flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient)
> bsmtp unix - n n - - pipe
> flags=Fq. user=foo argv=/usr/local/sbin/bsmtp -f $sender $nexthop
> $recipient procmail unix - n n - - pipe
> flags=R user=nobody argv=/usr/bin/procmail -t -m /etc/procmailrc
> ${sender} ${recipient}
>
> -- mechanisms on localhost --
> 250-AUTH DIGEST-MD5 CRAM-MD5 LOGIN PLAIN
> 250-AUTH=DIGEST-MD5 CRAM-MD5 LOGIN PLAIN
>
>
> -- end of saslfinger output --

--
Andreas

Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]