Re: Trouble setting up SASL authentication with postfix

Lists Thu, 02 Oct 2008 15:43:55 -0700

Thanks for the suggestions, sounds like a good idea.
Which method is the simplest to implement and get up and running?
I am running MailScanner, Postfix, Spamassassin.




Patrick Ben Koetter wrote:

* Lists <[EMAIL PROTECTED]>:

Hi Patrick,
I want a single username and password to be used for all people sendingthrough this install.
Which method would be best for this?


Any method as long as you only create one user and use that for all mail
clients, but I totally agree with Victor: You don't want to do that.

If you want to simplify things, consider using the main mail address as
username. That makes one thing less your users will have to think about.

They will have to provide their credentials to the mail client anyway, if they
want to be able to pick up mail (POP/IMAP). Almost all clients support an
optional switch that will let the client reuse these credentials for SMTP
Authentication.

Use the same password backend for SMTP/POP/IMAP.

[EMAIL PROTECTED]

Kate

Patrick Ben Koetter wrote:

* Lists <[EMAIL PROTECTED]>:

Not sure if this is the right place to post, apologies if it is not.

This is my first MailScanner / Postfix install - on CentOS 5.2

I have attempted to setup the smtp authentication using SASLfollowing various tutorials.

When I attempted to authenticate I am getting the following error
pam_succeed_if(smtp:auth):error retrieving information about user test

You are using the saslauthd daemon to connect via PAM to a password backend.
If the backend is the local shadow file, reconfigure saslauthd to use "shadow"
as method and not "pam".
If you need to use PAM to access credentials in e.g. a MySQL database, then
you need to fix your PAM setup /etc/pam.d/smtp.
Use the "testsaslauthd" command to test saslauthd SASL authentication. Proceed
to Postfix and mail clients only if testsaslauthd succeeds. A typical
testsaslauthd call using PAM looks like this:

$ testsaslauthd -s smtp -r /path/to/saslauthd/socket -u test -p password

[EMAIL PROTECTED]

I have been searching the net for a couple of hours but havn'tbeen able to get it to work.

Start here:

http://www.postfix.org/DEBUG_README.html#mail
http://postfix.state-of-mind.de/patrick.koetter/saslfinger/
http://www.postfix.org/SASL_README.html

Give more information; at least the output of 'postconf -n' and
saslfinger.

saslfinger - postfix Cyrus sasl configuration Wed Oct  1 14:42:58 NZDT 2008
version: 1.0.2
mode: server-side SMTP AUTH

-- basics --
Postfix: 2.3.3
System: CentOS release 5.2 (Final)

-- smtpd is linked to --
        libsasl2.so.2 => /usr/lib/libsasl2.so.2 (0x001f8000)

-- active SMTP AUTH and TLS parameters for smtpd --
smtpd_sasl_auth_enable = yes
smtpd_sasl_local_domain = $myhostname


-- listing of /usr/lib/sasl --
total 56
drwxr-xr-x  2 root root  4096 Oct  1 09:07 .
drwxr-xr-x 68 root root 36864 Oct  1 10:02 ..
-rw-r--r--  1 root root    47 Aug 15 09:06 smtpd.conf

-- listing of /usr/lib/sasl2 --
total 3468
drwxr-xr-x  2 root root   4096 Oct  1 12:52 .
drwxr-xr-x 68 root root  36864 Oct  1 10:02 ..
-rwxr-xr-x  1 root root    884 Jan  8  2007 libanonymous.la
-rwxr-xr-x  1 root root  14372 Jan  8  2007 libanonymous.so
-rwxr-xr-x  1 root root  14372 Jan  8  2007 libanonymous.so.2
-rwxr-xr-x  1 root root  14372 Jan  8  2007 libanonymous.so.2.0.22
-rwxr-xr-x  1 root root    870 Jan  8  2007 libcrammd5.la
-rwxr-xr-x  1 root root  16832 Jan  8  2007 libcrammd5.so
-rwxr-xr-x  1 root root  16832 Jan  8  2007 libcrammd5.so.2
-rwxr-xr-x  1 root root  16832 Jan  8  2007 libcrammd5.so.2.0.22
-rwxr-xr-x  1 root root    893 Jan  8  2007 libdigestmd5.la
-rwxr-xr-x  1 root root  47204 Jan  8  2007 libdigestmd5.so
-rwxr-xr-x  1 root root  47204 Jan  8  2007 libdigestmd5.so.2
-rwxr-xr-x  1 root root  47204 Jan  8  2007 libdigestmd5.so.2.0.22
-rwxr-xr-x  1 root root    933 Jan  8  2007 libgssapiv2.la
-rwxr-xr-x  1 root root  26528 Jan  8  2007 libgssapiv2.so
-rwxr-xr-x  1 root root  26528 Jan  8  2007 libgssapiv2.so.2
-rwxr-xr-x  1 root root  26528 Jan  8  2007 libgssapiv2.so.2.0.22
-rwxr-xr-x  1 root root    877 Jan  8  2007 libldapdb.la
-rwxr-xr-x  1 root root  15472 Jan  8  2007 libldapdb.so
-rwxr-xr-x  1 root root  15472 Jan  8  2007 libldapdb.so.2
-rwxr-xr-x  1 root root  15472 Jan  8  2007 libldapdb.so.2.0.22
-rwxr-xr-x  1 root root    856 Jan  8  2007 liblogin.la
-rwxr-xr-x  1 root root  14752 Jan  8  2007 liblogin.so
-rwxr-xr-x  1 root root  14752 Jan  8  2007 liblogin.so.2
-rwxr-xr-x  1 root root  14752 Jan  8  2007 liblogin.so.2.0.22
-rwxr-xr-x  1 root root    858 Jan  8  2007 libntlm.la
-rwxr-xr-x  1 root root  31516 Jan  8  2007 libntlm.so
-rwxr-xr-x  1 root root  31516 Jan  8  2007 libntlm.so.2
-rwxr-xr-x  1 root root  31516 Jan  8  2007 libntlm.so.2.0.22
-rwxr-xr-x  1 root root    856 Jan  8  2007 libplain.la
-rwxr-xr-x  1 root root  14848 Jan  8  2007 libplain.so
-rwxr-xr-x  1 root root  14848 Jan  8  2007 libplain.so.2
-rwxr-xr-x  1 root root  14848 Jan  8  2007 libplain.so.2.0.22
-rwxr-xr-x  1 root root    930 Jan  8  2007 libsasldb.la
-rwxr-xr-x  1 root root 905200 Jan  8  2007 libsasldb.so
-rwxr-xr-x  1 root root 905200 Jan  8  2007 libsasldb.so.2
-rwxr-xr-x  1 root root 905200 Jan  8  2007 libsasldb.so.2.0.22
-rwxr-xr-x  1 root root    878 Jan  8  2007 libsql.la
-rwxr-xr-x  1 root root  23084 Jan  8  2007 libsql.so
-rwxr-xr-x  1 root root  23084 Jan  8  2007 libsql.so.2
-rwxr-xr-x  1 root root  23084 Jan  8  2007 libsql.so.2.0.22
-rw-r--r--  1 root root     49 Oct  1 09:21 smtpd.conf

-- listing of /etc/sasl2 --
total 24
drwxr-xr-x  2 root root  4096 Jan  8  2007 .
drwxr-xr-x 86 root root 12288 Oct  1 11:45 ..




-- content of /usr/lib/sasl/smtpd.conf --
pwcheck_method: saslauthd
saslauthd_version: 2

-- content of /usr/lib/sasl2/smtpd.conf --
pwcheck_method: saslauthd
mech_list: plain login


-- active services in /etc/postfix/master.cf --
# service type  private unpriv  chroot  wakeup  maxproc command + args
#               (yes)   (yes)   (yes)   (never) (100)
smtp      inet  n       -       n       -       -       smtpd
pickup    fifo  n       -       n       60      1       pickup
cleanup   unix  n       -       n       -       0       cleanup
qmgr      fifo  n       -       n       300     1       qmgr
tlsmgr    unix  -       -       n       1000?   1       tlsmgr
rewrite   unix  -       -       n       -       -       trivial-rewrite
bounce    unix  -       -       n       -       0       bounce
defer     unix  -       -       n       -       0       bounce
trace     unix  -       -       n       -       0       bounce
verify    unix  -       -       n       -       1       verify
flush     unix  n       -       n       1000?   0       flush
proxymap  unix  -       -       n       -       -       proxymap
smtp      unix  -       -       n       -       -       smtp
relay     unix  -       -       n       -       -       smtp
        -o fallback_relay=
showq     unix  n       -       n       -       -       showq
error     unix  -       -       n       -       -       error
discard   unix  -       -       n       -       -       discard
local     unix  -       n       n       -       -       local
virtual   unix  -       n       n       -       -       virtual
lmtp      unix  -       -       n       -       -       lmtp
anvil     unix  -       -       n       -       1       anvil
scache    unix  -       -       n       -       1       scache
maildrop  unix  -       n       n       -       -       pipe
  flags=DRhu user=vmail argv=/usr/local/bin/maildrop -d ${recipient}
old-cyrus unix  -       n       n       -       -       pipe
  flags=R user=cyrus argv=/usr/lib/cyrus-imapd/deliver -e -m ${extension} 
${user}
cyrus     unix  -       n       n       -       -       pipe
  user=cyrus argv=/usr/lib/cyrus-imapd/deliver -e -r ${sender} -m ${extension} 
${user}
uucp      unix  -       n       n       -       -       pipe
  flags=Fqhu user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail ($recipient)
ifmail    unix  -       n       n       -       -       pipe
  flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient)
bsmtp     unix  -       n       n       -       -       pipe
  flags=Fq. user=foo argv=/usr/local/sbin/bsmtp -f $sender $nexthop $recipient

-- mechanisms on localhost --
250-AUTH LOGIN PLAIN


-- end of saslfinger output --

Re: Trouble setting up SASL authentication with postfix

Reply via email to