From: Andreas Winkelmann (mlawinkelmann.de)
Date: Mon Sep 10 2007 - 14:56:20 CDT

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Monday 10 September 2007 19:03, Francois wrote:

> > > Is there anyone who can assist me in setting up SMTP
> >
> > authentication on
> >
> > > postfix, so that clients not on the local LAN can send mail
> >
> > through this
> >
> > > server using a username and password.
> > > I have been struggling with this for some time now.
> > > My setup is as follows:
> > > Mandriva 2007
> > > Postfix - POP3
> > > I have installed cyrus-SASL, but when I add
> > > smtpd_sasl_auth_enable = yes
> > > to main.cf, postfix seems to hang as I no longer can telnet
> >
> > to port 25.
> >
> > > Any help would be appreciated
> >
> > this suggests a problem with cyrus sasl. run saslfinger and post its
> > output here. also post relevant log lines.
> >
> > I find dovecot sasl a lot easier to setup. if using a recent postfix,
> > you may consider this.
>
> Sorry here is the output of saslfinger with smtpd_sasl_auth_enable = yes
> in main.cf
>
> saslfinger - postfix Cyrus sasl configuration Mon Sep 10 18:01:20 UTC
> 2007
> version: 1.0.2
> mode: server-side SMTP AUTH
>
> -- basics --
> Postfix: 2.3.3
> System: Mandriva Linux release 2007.0 (Official) for i586
>
> -- smtpd is linked to --
> libsasl2.so.2 => /usr/lib/libsasl2.so.2 (0xb7f46000)
>
> -- active SMTP AUTH and TLS parameters for smtpd --
> smtpd_sasl_auth_enable = yes
>
>
> -- listing of /usr/lib/sasl2 --
> total 9
> drwxr-xr-x 2 root root 1024 Aug 30 2006 .
> drwxr-xr-x 33 root root 8192 Aug 15 13:47 ..

Looks a little bit empty. Check if you have installed needed Cyrus-SASL
Packages for Mechanisms and maybe sasldb.

> -- listing of /var/lib/sasl2 --
> total 3
> drwxr-xr-x 2 root root 1024 Sep 1 03:01 .
> drwxr-xr-x 16 root root 1024 Sep 1 00:31 ..
> srwxrwxrwx 2 root root 0 Sep 1 03:01 mux
> -rw------- 1 root root 0 Sep 1 03:01 mux.accept
> -rw------- 1 root root 5 Sep 1 03:01 saslauthd.pid
>
> -- listing of /etc/sasl2 --
> total 6
> drwxr-xr-x 2 root root 1024 Sep 2 22:35 .
> drwxr-xr-x 54 root root 3072 Sep 10 17:50 ..
> -rw-r--r-- 1 root root 977 Aug 30 2006 service.conf.example
> -rw-r--r-- 1 root root 627 Sep 2 22:35 smtpd.conf
>
>
> -- content of /etc/sasl2/smtpd.conf --
> # SASL library configuration file for postfix
> # all parameters are documented into:
> # /usr/share/doc/cyrus-sasl-2.*/options.html
>
> # The mech_list parameters list the sasl mechanisms to use,
> # default being all mechs found.
> #mech_list: plain login
>
> # To authenticate using the separate saslauthd daemon, (e.g. for #
> system or ldap users). Also see /etc/sysconfig/saslauthd.
> #pwcheck_method: saslauthd
> pwcheck_method: pwcheck

This is invalid for sasl2. Use saslauthd instead. If you want to use
saslauthd, check the smtpd_sasl_security_options.

> #saslauthd_path: /var/lib/sasl2/mux
>
> # To authenticate against users stored in sasldb.
> #pwcheck_method: auxprop
> #auxprop_plugin: sasldb
> #sasldb_path: /var/lib/sasl2/sasl.db

> -- active services in /etc/postfix/master.cf --
> # service type private unpriv chroot wakeup maxproc command + args
> # (yes) (yes) (yes) (never) (100)
> smtp inet n - y - - smtpd

Keep in mind smtpd is in a chroot. So you have to move the Socket to saslauthd
to the chroot.

> pickup fifo n - y 60 1 pickup
> -o content_filter=
> -o receive_override_options=
> cleanup unix n - y - 0 cleanup
> qmgr fifo n - y 300 1 qmgr
> tlsmgr unix - - y 1000? 1 tlsmgr
> rewrite unix - - y - - trivial-rewrite
> bounce unix - - y - 0 bounce
> defer unix - - y - 0 bounce
> trace unix - - y - 0 bounce
> verify unix - - y - 1 verify
> flush unix n - y 1000? 0 flush
> proxymap unix - - n - - proxymap
> smtp unix - - y - - smtp
> relay unix - - y - - smtp
> -o fallback_relay=
> showq unix n - y - - showq
> error unix - - y - - error
> discard unix - - y - - discard
> local unix - n n - - local
> virtual unix - n n - - virtual
> lmtp unix - - y - - lmtp
> anvil unix - - y - 1 anvil
> scache unix - - y - 1 scache
> maildrop unix - n n - - pipe
> flags=DRhu user=nobody argv=/usr/bin/maildrop -d ${recipient}
> cyrus-deliver unix - n n - - pipe
> user=cyrus argv=/usr/lib/cyrus-imapd/deliver -e -r ${sender} -m
> ${extension} ${user}
> cyrus unix - n n - - lmtp
> -o lmtp_cache_connection=yes
> cyrus-chroot unix - - y - - lmtp
> -o lmtp_cache_connection=yes
> cyrus-inet unix - - y - - lmtp
> -o lmtp_cache_connection=yes
> -o lmtp_sasl_auth_enable=yes
> -o lmtp_sasl_password_maps=hash:/etc/postfix/cyrus_lmtp_sasl_pass
> -o lmtp_sasl_security_options=noanonymous
> uucp unix - n n - - pipe
> flags=Fqhu user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail
> ($recipient)
>
>
> 127.0.0.1:10026 inet n - y - - smtpd
> -o content_filter=
> -o smtpd_restriction_classes=
> -o smtpd_client_restrictions=permit_mynetworks,reject
> -o smtpd_helo_restrictions=
> -o smtpd_sender_restrictions=
> -o smtpd_delay_reject=no
> -o smtpd_recipient_restrictions=permit_mynetworks,reject
> -o mynetworks=127.0.0.0/8
> -o smtpd_authorized_xforward_hosts=127.0.0.0/8
> -o strict_rfc821_envelopes=yes
> -o smtpd_error_sleep_time=0
> -o smtpd_soft_error_limit=1001
> -o smtpd_hard_error_limit=1000
> -o
> receive_override_options=no_unknown_recipient_checks,no_header_body_chec
> ks
>
> lmtp-filter unix - - y - - lmtp
> -o lmtp_data_done_timeout=1200
> -o lmtp_send_xforward_command=yes
> -o lmtp_cache_connection=no
> -o max_use=20
>
> smtp-filter unix - - y - - smtp
> -o smtp_data_done_timeout=1200
> -o smtp_send_xforward_command=yes
> -o max_use=20
>
> -- mechanisms on localhost --
>
> -- end of saslfinger output --

--
        Andreas

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]