NEOHAPSIS - Peace of Mind Through Integrity and Insight

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com

Neohapsis > Archives > Postfix Discussion> 2007-09

postfix + sasl problem

From: Benjamin Zwittnig (benjamin.zwittnigarnes.si)
Date: Tue Sep 04 2007 - 07:49:45 CDT

Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hello.

I have a problem setting up smtpd authentication.

# uname -a
Linux mail 2.6.9-55.0.2.ELsmp #1 SMP Tue Jun 26 14:30:58 EDT 2007 i686
athlon i386 GNU/Linux

# ~/saslfinger-1.0.2/saslfinger -s
saslfinger - postfix Cyrus sasl configuration Tue Sep 4 14:42:42 CEST 2007
version: 1.0.2
mode: server-side SMTP AUTH

-- basics --
Postfix: 2.4.5
System: CentOS release 4.5 (Final)

-- smtpd is linked to --
libsasl2.so.2 => /usr/lib/libsasl2.so.2 (0x004f6000)

-- active SMTP AUTH and TLS parameters for smtpd --
broken_sasl_auth_clients = yes
smtpd_sasl_auth_enable = no
smtpd_sasl_authenticated_header = yes
smtpd_sasl_local_domain = $myhostname
smtpd_sasl_path = smtpd
smtpd_sasl_security_options = noanonymous

-- listing of /usr/lib/sasl --
total 620
drwxr-xr-x 2 root root 4096 Sep 4 14:42 .
drwxr-xr-x 158 root root 131072 Aug 23 04:48 ..
-rw-r--r-- 1 root root 4634 Feb 21 2005 libanonymous.a
-rwxr-xr-x 1 root root 871 Feb 21 2005 libanonymous.la
-rwxr-xr-x 1 root root 5748 Feb 21 2005 libanonymous.so
-rwxr-xr-x 1 root root 5748 Feb 21 2005 libanonymous.so.1
-rwxr-xr-x 1 root root 5748 Feb 21 2005 libanonymous.so.1.0.17
-rw-r--r-- 1 root root 9758 Feb 21 2005 libcrammd5.a
-rwxr-xr-x 1 root root 857 Feb 21 2005 libcrammd5.la
-rwxr-xr-x 1 root root 9884 Feb 21 2005 libcrammd5.so
-rwxr-xr-x 1 root root 9884 Feb 21 2005 libcrammd5.so.1
-rwxr-xr-x 1 root root 9884 Feb 21 2005 libcrammd5.so.1.0.19
-rw-r--r-- 1 root root 34264 Feb 21 2005 libdigestmd5.a
-rwxr-xr-x 1 root root 880 Feb 21 2005 libdigestmd5.la
-rwxr-xr-x 1 root root 30804 Feb 21 2005 libdigestmd5.so
-rwxr-xr-x 1 root root 30804 Feb 21 2005 libdigestmd5.so.0
-rwxr-xr-x 1 root root 30804 Feb 21 2005 libdigestmd5.so.0.0.20
-rw-r--r-- 1 root root 11322 Feb 21 2005 libgssapiv2.a
-rwxr-xr-x 1 root root 906 Feb 21 2005 libgssapiv2.la
-rwxr-xr-x 1 root root 11952 Feb 21 2005 libgssapiv2.so
-rwxr-xr-x 1 root root 11952 Feb 21 2005 libgssapiv2.so.1
-rwxr-xr-x 1 root root 11952 Feb 21 2005 libgssapiv2.so.1.0.19
-rw-r--r-- 1 root root 6598 Feb 21 2005 liblogin.a
-rwxr-xr-x 1 root root 847 Feb 21 2005 liblogin.la
-rwxr-xr-x 1 root root 7248 Feb 21 2005 liblogin.so
-rwxr-xr-x 1 root root 7248 Feb 21 2005 liblogin.so.0
-rwxr-xr-x 1 root root 7248 Feb 21 2005 liblogin.so.0.0.7
-rw-r--r-- 1 root root 6150 Feb 21 2005 libplain.a
-rwxr-xr-x 1 root root 849 Feb 21 2005 libplain.la
-rwxr-xr-x 1 root root 7000 Feb 21 2005 libplain.so
-rwxr-xr-x 1 root root 7000 Feb 21 2005 libplain.so.1
-rwxr-xr-x 1 root root 7000 Feb 21 2005 libplain.so.1.0.16
-rw-r--r-- 1 root root 51 Sep 4 14:42 smtpd.conf

-- listing of /usr/lib/sasl2 --
total 3128
drwxr-xr-x 2 root root 4096 Sep 4 13:25 .
drwxr-xr-x 158 root root 131072 Aug 23 04:48 ..
-rwxr-xr-x 1 root root 875 Feb 21 2005 libanonymous.la
-rwxr-xr-x 1 root root 12820 Feb 21 2005 libanonymous.so
-rwxr-xr-x 1 root root 12820 Feb 21 2005 libanonymous.so.2
-rwxr-xr-x 1 root root 12820 Feb 21 2005 libanonymous.so.2.0.19
-rwxr-xr-x 1 root root 863 Feb 21 2005 libcrammd5.la
-rwxr-xr-x 1 root root 15216 Feb 21 2005 libcrammd5.so
-rwxr-xr-x 1 root root 15216 Feb 21 2005 libcrammd5.so.2
-rwxr-xr-x 1 root root 15216 Feb 21 2005 libcrammd5.so.2.0.19
-rwxr-xr-x 1 root root 884 Feb 21 2005 libdigestmd5.la
-rwxr-xr-x 1 root root 42964 Feb 21 2005 libdigestmd5.so
-rwxr-xr-x 1 root root 42964 Feb 21 2005 libdigestmd5.so.2
-rwxr-xr-x 1 root root 42964 Feb 21 2005 libdigestmd5.so.2.0.19
-rwxr-xr-x 1 root root 911 Feb 21 2005 libgssapiv2.la
-rwxr-xr-x 1 root root 22292 Feb 21 2005 libgssapiv2.so
-rwxr-xr-x 1 root root 22292 Feb 21 2005 libgssapiv2.so.2
-rwxr-xr-x 1 root root 22292 Feb 21 2005 libgssapiv2.so.2.0.19
-rwxr-xr-x 1 root root 851 Feb 21 2005 liblogin.la
-rwxr-xr-x 1 root root 13296 Feb 21 2005 liblogin.so
-rwxr-xr-x 1 root root 13296 Feb 21 2005 liblogin.so.2
-rwxr-xr-x 1 root root 13296 Feb 21 2005 liblogin.so.2.0.19
-rwxr-xr-x 1 root root 854 Feb 21 2005 libntlm.la
-rwxr-xr-x 1 root root 29104 Feb 21 2005 libntlm.so
-rwxr-xr-x 1 root root 29104 Feb 21 2005 libntlm.so.2
-rwxr-xr-x 1 root root 29104 Feb 21 2005 libntlm.so.2.0.19
-rwxr-xr-x 1 root root 851 Feb 21 2005 libplain.la
-rwxr-xr-x 1 root root 13360 Feb 21 2005 libplain.so
-rwxr-xr-x 1 root root 13360 Feb 21 2005 libplain.so.2
-rwxr-xr-x 1 root root 13360 Feb 21 2005 libplain.so.2.0.19
-rwxr-xr-x 1 root root 931 Feb 21 2005 libsasldb.la
-rwxr-xr-x 1 root root 783456 Feb 21 2005 libsasldb.so
-rwxr-xr-x 1 root root 783456 Feb 21 2005 libsasldb.so.2
-rwxr-xr-x 1 root root 783456 Feb 21 2005 libsasldb.so.2.0.19
-rw-r--r-- 1 root root 25 May 3 02:35 Sendmail.conf
-rw-r--r-- 1 root root 51 Sep 4 13:25 smtpd.conf

-- content of /usr/lib/sasl/smtpd.conf --
pwcheck_method:saslauthd
mech_list: plain cram-md5

-- content of /usr/lib/sasl2/smtpd.conf --
pwcheck_method:saslauthd
mech_list: plain cram-md5

-- active services in /etc/postfix/master.cf --
# service type private unpriv chroot wakeup maxproc command + args
# (yes) (yes) (yes) (never) (50)
smtp inet n - y - - smtpd
submission inet n - n - - smtpd
-o smtpd_sasl_auth_enable=yes
pickup fifo n - y 60 1 pickup
cleanup unix n - y - 0 cleanup
qmgr fifo n - n 300 1 qmgr
rewrite unix - - y - - trivial-rewrite
bounce unix - - y - 0 bounce
defer unix - - y - 0 bounce
flush unix n - y 1000? 0 flush
smtp unix - - y - - smtp
showq unix n - y - - showq
error unix - - y - - error
local unix - n n - - local
virtual unix - n y - - virtual
lmtp unix - - y - - lmtp
anvil unix - - n - 1 anvil

cyrus unix - n n - - pipe
  flags=R user=cyrus argv=/cyrus/bin/deliver -e -m ${extension} ${user}
uucp unix - n n - - pipe
  flags=Fqhu user=uucp argv=uux -r -n -z -a$sender -
$nexthop!rmail.postfix ($recipient)
ifmail unix - n n - - pipe
  flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient)
bsmtp unix - n n - - pipe
  flags=Fq. user=foo argv=/usr/local/sbin/bsmtp -f $sender $nexthop
$recipient
relay unix - - n - - smtp
proxymap unix - - n - - proxymap
smtp-amavis unix - - y - 55 smtp
    -o smtp_data_done_timeout=1200
    -o disable_dns_lookups=yes

x.x.x.x:10025 inet n - y - - smtpd
    -o content_filter=
    -o local_recipient_maps=
    -o relay_recipient_maps=
    -o smtpd_restriction_classes=
    -o smtpd_client_restrictions=
    -o smtpd_helo_restrictions=
    -o smtpd_sender_restrictions=
    -o smtpd_recipient_restrictions=permit_mynetworks,reject
    -o mynetworks=x.x.x.0/24
    -o strict_rfc821_envelopes=yes

policy unix - n n - - spawn
user=nobody argv=/usr/bin/perl /etc/postfix/reject-unknown-local-sender.pl
trace unix - - n - 0 bounce
verify unix - - n - 1 verify
scache unix - - n - 1 scache
discard unix - - n - - discard
tlsmgr unix - - n 1000? 1 tlsmgr
retry unix - - n - - error

-- mechanisms on localhost --

-- end of saslfinger output --
# saslauthd -v
saslauthd 2.1.19
authentication mechanisms: getpwent kerberos5 pam rimap shadow ldap

saslauthd is running but it doesn't receive any request from postfix.
When I connect to port 587 on the machine I get:

# telnet localhost 587
Trying 127.0.0.1...
Connected to localhost.localdomain (127.0.0.1).
Escape character is '^]'.
Connection closed by foreign host.

In the postfix log there are only two lines indicating
the problem:

Sep 4 13:55:01 mail postfix/smtpd[6149]: warning: SASL per-connection
security setup; invalid parameter supplied
Sep 4 13:55:01 mail postfix/smtpd[6149]: fatal: SASL per-connection
initialization failed

What could be wrong with the configuration?

Best regards,

Benjamin

Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]