|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
From: Patrick Ben Koetter (p
state-of-mind.de)
Date: Mon Sep 21 2009 - 03:14:11 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
* suomi <postfixayni.com>:
> Hi listers,
> I just can't make postfix change from sasl2 auxprop to sasl2 saslauthd
> (with LDAP). postfix never reads /usr/lib/sasl/smtpd.conf.
Postfix on Fedora will not look for smtpd.conf in /usr/lib/sasl/.
It will either search in /usr/lib/sasl2/ or in /etc/sasl2/. The latter is the
right way[tm] to do it.
prick
>
>
> postfix-2.5.6-3.fc11.i586
>
> [rootmyhost ~]# postconf -n
> alias_database = hash:/etc/postfix/aliases
> alias_maps = hash:/etc/postfix/aliases
> anvil_rate_time_unit = 60s
> command_directory = /usr/sbin
> config_directory = /etc/postfix
> content_filter =
> daemon_directory = /usr/libexec/postfix
> data_directory = /data/postfix/cache
> debug_peer_level = 2
> defer_transports =
> disable_dns_lookups = no
> header_checks = pcre:/etc/postfix/discardthem,
> pcre:/etc/postfix/header_checks
> html_directory = no
> inet_protocols = all
> local_recipient_maps = proxy:ldap:/etc/postfix/ldap-alias.cf
> mail_owner = postfix
> mailbox_command =
> mailbox_transport =
> mailq_path = /usr/bin/mailq.postfix
> manpage_directory = /usr/share/man
> masquerade_classes = envelope_sender, header_sender, header_recipient
> masquerade_domains =
> masquerade_exceptions = root
> mime_header_checks = pcre:/etc/postfix/mime_header_checks
> mydestination = localhost.$mydomain
> mydomain = $myhostname
> myhostname = myhost.mydomain.com
> mynetworks = 192.168.97.0/24, 1xx.1xx.243.160/27
> myorigin = $mydomain
> newaliases_path = /usr/bin/newaliases.postfix
> queue_directory = /data/postfix/queues
> readme_directory = /usr/share/doc/postfix-2.5.6/README_FILES
> relay_domains = permit_sasl_authenticated, permit_mynetworks
> relayhost =
> sample_directory = /usr/share/doc/postfix-2.5.6/samples
> sendmail_path = /usr/sbin/sendmail.postfix
> setgid_group = postdrop
> smtpd_client_connection_count_limit = 5
> smtpd_client_connection_rate_limit = 22
> smtpd_client_event_limit_exceptions = $mynetworks
> smtpd_client_recipient_rate_limit = 100
> smtpd_client_restrictions = permit_sasl_authenticated,
> hash:/etc/postfix/whitelist, hash:/etc/postfix/access
> smtpd_delay_reject = yes
> smtpd_helo_required = yes
> smtpd_helo_restrictions = permit_mynetworks, check_helo_access
> hash:/etc/postfix/helo_checks, reject_invalid_hostname
> smtpd_recipient_restrictions = permit_mynetworks,
> permit_sasl_authenticated, reject_unauth_destination,
> check_recipient_access hash:/etc/postfix/check_recipients,
> check_recipient_access hash:/etc/postfix/access, reject_rbl_client
> mail-abuse.org, reject_rbl_client sbl-xbl.spamhaus.org,
> reject_rbl_client blackholes.easynet.nl, reject_rbl_client
> cbl.abuseat.org, reject_rhsbl_client mail-abuse.org,
> reject_rhsbl_client sbl-xbl.spamhaus.org, reject_rhsbl_client
> blackholes.easynet.nl, reject_rhsbl_client cbl.abuseat.org
> check_recipient_access ldap:/etc/postfix/ldap-spamfilter.cf,
> permit
> smtpd_sasl_auth_enable = yes
> smtpd_sasl_local_domain = postfix
> smtpd_sender_restrictions = permit_mynetworks,
> permit_sasl_authenticated, reject_unknown_sender_domain,
> hash:/etc/postfix/whitelist, check_sender_access
> hash:/etc/postfix/access, reject_rhsbl_sender dsn.rfc-ignorant.org
> strict_rfc821_envelopes = no
> transport_maps = hash:/etc/postfix/transport
> unknown_local_recipient_reject_code = 550
> virtual_alias_maps = proxy:ldap:/etc/postfix/ldap-alias.cf
> virtual_gid_maps = static:89
> virtual_mailbox_base = /data/postfix/maildrop/
> virtual_mailbox_domains = proxy:ldap:/etc/postfix/ldap-domain.cf
> virtual_mailbox_maps = proxy:ldap:/etc/postfix/ldap-mailbox.cf
> virtual_minimum_uid = 51
> virtual_transport = virtual
> virtual_uid_maps = static:89
> [rootmyhost ~]#
>
>
> The actual /usr/lib/sasl2/smtpd.conf reads like:
> pwcheck_method: saslauthd
> mech_list: plain login cram-md5 digest-md5
>
> There is another similar file in /usr/lib/sasl/smtpd.conf, which reads like:
> pwcheck_method: saslauthd
> mech_list: plain login
> saslauthd_version: 2
>
> I also checked to see whether there is another smtpd.conf file in
> /etc/postfix/sasl (there is a hint to that in
> http://www.postfix.org/SASL_README.html): there is none.
>
> It must have been about seven times that i restarted postfix from the
> moment, when i changed /usr/lib/sasl2/smtpd.conf
>
> But when I send a message from a client to this smtpd host, in the
> /var/log/maillog I get
>
> Sep 21 08:58:07 myhost postfix/smtpd[7240]: connect from
> lunix.mydomain.com[1xx.1xx.243.162]
> Sep 21 08:58:07 myhost postfix/smtpd[7240]: warning: SASL authentication
> problem: unable to open Berkeley db /etc/sasldb2: No such file or
> directory
> Sep 21 08:58:07 myhost postfix/smtpd[7240]: warning: SASL authentication
> problem: unable to open Berkeley db /etc/sasldb2: No such file or
> directory
> Sep 21 08:58:07 myhost postfix/smtpd[7240]: warning: SASL authentication
> failure: no secret in database
> Sep 21 08:58:07 myhost postfix/smtpd[7240]: warning:
> lunix.mydomain.com[1xx.1xx.243.162]: SASL CRAM-MD5 authentication
> failed: authentication failure
> Sep 21 08:58:08 myhost postfix/smtpd[7240]: warning: SASL authentication
> problem: unable to open Berkeley db /etc/sasldb2: No such file or
> directory
> Sep 21 08:58:08 myhost postfix/smtpd[7240]: warning: SASL authentication
> problem: unable to open Berkeley db /etc/sasldb2: No such file or
> directory
> Sep 21 08:58:08 myhost postfix/smtpd[7240]: 4AA8015004B:
> client=lunix.mydomain.com[1xx.1xx.243.162], sasl_method=PLAIN,
> sasl_username=myuserpostfix
> Sep 21 08:58:08 myhost postfix/cleanup[7243]: 4AA8015004B:
> message-id=<4AB723FF.70808mydomain.com>
>
> This is because i moved away /etc/sasldb2 in order to prevent postfix to
> read it.
>
> That means, postfix doesn't care a damn to contact the saslauthd. It
> continues to read /etc/sasldb2. It should have contacted the saslauthd
> in any case, i.e. if it had read either smtpd.conf.
>
>
> [rootmyhost /usr]# saslauthd -v
> saslauthd 2.1.22
> authentication mechanisms: getpwent kerberos4 kerberos5 pam rimap shadow
> ldap
>
> [rootmyhost /usr]#
>
> [rootmyhost /usr]# ps xa |grep saslauthd
> 6935 ? Ss 0:00 /usr/sbin/saslauthd -m /var/run/saslauthd -a
> ldap
> 6936 ? S 0:00 /usr/sbin/saslauthd -m /var/run/saslauthd -a
> ldap
> 6938 ? S 0:00 /usr/sbin/saslauthd -m /var/run/saslauthd -a
> ldap
> 6939 ? S 0:00 /usr/sbin/saslauthd -m /var/run/saslauthd -a
> ldap
> 6940 ? S 0:00 /usr/sbin/saslauthd -m /var/run/saslauthd -a
> ldap
> 7497 pts/0 R+ 0:00 grep saslauthd
> [rootmyhost /usr]#
>
> I did extensive tests to check proper functionning of saslauthd using
> testsaslauthd
> [rootmyhost /usr]# testsaslauthd -u myuser -p secret
> 0: OK "Success."
> [rootmyhost /usr]#
>
> What did i miss?
>
> suomi
>
--
All technical questions asked privately will be automatically answered on the
list and archived for public access unless privacy is explicitely required and
justified.
saslfinger (debugging SMTP AUTH):
<http://postfix.state-of-mind.de/patrick.koetter/saslfinger/>
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]