Re: SMTP AUTH with Postfix and SASL

[Harley Peters]

Jan Tammen wrote:
Bonjour.

I am trying to setup SMTP AUTH with Postfix and SASL on Debian
unstable. 

So far I got these packages installed:

postfix          2.0.13-1
postfix-tls      2.0.13-1
libsasl2         2.1.12-1
libsasl2-dev     2.1.12-1
libsasl2-modules 2.1.12-1 
sasl2-bin        2.1.12-1

I want to authenticate users against the system's password-database.

/etc/postfix/main.cf:
[...]
smtpd_sasl_auth_enable = yes
smtpd_sasl_security_options = noanonymous
smtpd_sasl_local_domain = $myhostname
broken_sasl_auth_clients = yes
smtpd_recipient_restrictions = permit_sasl_authenticated, 
                               permit_mynetworks, 
                               check_relay_domains
[...]

/etc/postfix/sasl/smtpd.conf:
pwcheck_method: pwcheck
Connecting to the server via telnet shows up that authentication is enabled:

250-AUTH NTLM LOGIN PLAIN DIGEST-MD5 CRAM-MD5
250-AUTH=NTLM LOGIN PLAIN DIGEST-MD5 CRAM-MD5
I got a user 'test' with passwd 'test'; trying to authenticate via telnet:

AUTH PLAIN dGVzdAB0ZXN0AHRlc3Q=
535 Error: authentication failed
In mail.log:
postfix/smtpd[15000]: warning: SASL authentication problem: unknown password verifier 
postfix/smtpd[15000]: warning: SASL authentication failure: Password verification failed
postfix/smtpd[15000]: warning: localhost[127.0.0.1]: SASL PLAIN authentication failed

Seems as SASL does not know shadow-method. When I use 'pwcheck_method:
saslauthd' in /etc/postfix/sasl/smtpd.conf and start saslauthd, I get this error:
postfix/smtpd[15135]: warning: SASL authentication failure: cannot connect to 
saslauthd server: No such file or directory
postfix/smtpd[15135]: warning: SASL authentication failure: Password verification 
failed
postfix/smtpd[15135]: warning: localhost[127.0.0.1]: SASL PLAIN authentication failed
This error seems to be related to the fact, that smtpd runs chrooted.
But even when I let smtpd run 'normally', I get an error:
postfix/smtpd[15269]: warning: SASL authentication failure: Password verification 
failed
postfix/smtpd[15269]: warning: localhost[127.0.0.1]: SASL PLAIN authentication failed
And in auth.log:

saslauthd[14098]: AUTHFAIL: [EMAIL PROTECTED] service=smtp realm=domain.de

But saslausthd seems to be able to authenticate that user; from localhost:

$ testsaslauthd -u test -p test -r domain.de -s smtp
$ 0: OK "Success."
Sorry for that long post ... any hints for me?

Thanks.


Leave smtpd_sasl_local_domain = empty. This doesn't seem to work with sasl2.

	Harley Peters



--
To UNSUBSCRIBE, email to [EMAIL PROTECTED] 
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]