Hi Adam!
I've spent night night postfix and sasl. I know now how to get it working, but it's a mess. I assume you un-chrooted postfix in /etc/postfix/master.cf. There you can say replace "smtp" in the last column with "smtp -vvv", then you will get incrdibly detailed log.
You don't tell us what you want to authenticate: Do you want a sasl-DB? Do you want passwd/shadow? LDAP??? pam?
I my case it was always passwd/shadow. If this is the case, these may help you:
# cat /etc/postfix/sasl/smtpd.conf pwcheck_method: saslauthd mech_list: PLAIN LOGIN DIGEST-MD5
# cat /etc/default/saslauthd START=yes MECHANISMS=shadow
Clear?? Of course you have to have those sasl-libs installed, check if /usr/lib/sasl2/* exists (postfix2 runs with sasl2) und check that you un-chrooted it!!!
To check, which sasl options postfix offers in main.cf, type "postconf |grep sasl".
I think these are the most important ones:
smtpd_sasl_auth_enable = yes
smtpd_sasl_local_domain =
smtpd_sasl_security_options = noanonymous
smtpd_recipient_restrictions = permit_mynetworks permit_sasl_authenticated ....
Since Postfix 2.? you can leave "smtpd_sasl_local_domain =" empty. This is imporant then postfix asks saslauthd to authenticate user blabla, because postfix would append the sasl local domain lile [EMAIL PROTECTED] saslauthd will most likely not know the latter one: You passwd/shadow only knows "blabla", but you could create a sasl-DB with the user "[EMAIL PROTECTED]". I took me some time to get behind this. I hope I remeber it correctly :-)
BTW: TLS is not your Problem yet! After SASL works, you may switch you customers "Outlook" to "Use Authentication but no encrpytion" (Check screenshots here: http://www.net-lab.net/e-trolley/page_198/index.html - only in German but should be clear by position of the buttoons ;))
Then you should take care about TLS and Creating your certs .... (Write a Mini-Howto on that?)
HTH
rgds, Andreas
Adam Dawes wrote:
I know this has come up a few times before, but I'm pulling my hair out trying to get my Postfix-tls installation working to do SMTP auth. I have followed the very helpful howto below to the letter.
http://lists.q-linux.com/pipermail/plug/2003-July/029503.html
When I restart my postfix and telnet to localhost 25, my postfix chokes. Here's what I see in my mail.log:
May 29 14:12:16 sawdois postfix/smtpd[9906]: starting TLS engine May 29 14:12:16 sawdois postfix/smtpd[9906]: fatal: no SASL authentication mechanisms May 29 14:12:17 sawdois postfix/master[9898]: warning: process /usr/lib/postfix/smtpd pid 9906 exit status 1 May 29 14:12:17 sawdois postfix/master[9898]: warning: /usr/lib/postfix/smtpd: bad command startup -- throttling
Here's background on my installation:
Debian Woody unstable Postfix 2.0.16-4 Postfix-tls 2.0.16-4 sasl2-bin 2.1.15-6
The above HOWTO is supposed to work with Postfix still running chroot. I've tried to unchroot Postfix to see if that would work but to no success.
One thought is that the Postfix packages don't seem to support PAM. But if this is I haven't found anyone on the net with a similar problem and I would assume it would have come up already if this were the key snafu.
Here are the links that I have:
sawdois:/# ldd /usr/lib/postfix/smtpd libpostfix-master.so.1 => /usr/lib/libpostfix-master.so.1 (0x40021000) libpostfix-global.so.1 => /usr/lib/libpostfix-global.so.1 (0x40027000) libpostfix-dns.so.1 => /usr/lib/libpostfix-dns.so.1 (0x40045000) libpostfix-util.so.1 => /usr/lib/libpostfix-util.so.1 (0x4004a000) libssl.so.0.9.7 => /usr/lib/i686/cmov/libssl.so.0.9.7 (0x40068000) libcrypto.so.0.9.7 => /usr/lib/i686/cmov/libcrypto.so.0.9.7 (0x40099000) libsasl2.so.2 => /usr/lib/libsasl2.so.2 (0x40196000) libdb-4.1.so => /usr/lib/libdb-4.1.so (0x401aa000) libnsl.so.1 => /lib/libnsl.so.1 (0x4026b000) libresolv.so.2 => /lib/libresolv.so.2 (0x40281000) libgdbm_compat.so.3 => /usr/lib/libgdbm_compat.so.3 (0x40293000) libc.so.6 => /lib/libc.so.6 (0x40296000) libdl.so.2 => /lib/libdl.so.2 (0x403c9000) libgdbm.so.3 => /usr/lib/libgdbm.so.3 (0x403cc000) /lib/ld-linux.so.2 => /lib/ld-linux.so.2 (0x40000000)
Any ideas about where I should go from here?
thanks, Adam
-- Andreas John net-lab GmbH Luisenstrasse 30b 63067 Offenbach Tel: +49 69 85700331
http://www.net-lab.net
