* Lists <[EMAIL PROTECTED]>: > Thanks for the suggestions, sounds like a good idea. > Which method is the simplest to implement and get up and running?
Depends on the POP/IMAP you want to use. If you use Cyrus IMAP, then sasldb will probably be the simpliest thing you can do. If you want to use Courier IMAP you can use authdaemond as SASL password verification service along with any backend Courier IMAP uses. If you choose Dovecot, you may want to drop Cyrus SASL in favor of Dovecot SASL support in Postfix. It will use any backend Dovecot uses. In any case - if you want login names in [EMAIL PROTECTED] style - you need a backend that allows such notation. Such a backend would be a MySQL, PostgreSQL, SQLlite database, the sasldb database or an LDAP server, which you could contact either using saslauthd or the ldapdb plugin. Out of all of those sasldb is the simpliest in combination with Cyrus IMAP. For all the others it is probably MySQL (depending on how much you know about that product). Be aware, that if you use any SQL or LDAP backend in combination with Cyrus SASL that passwords need to be stored in cleartext or authentication will not work. This is due to the mechanisms that are used in combination with those backends and what these mechanisms require. [EMAIL PROTECTED] > I am running MailScanner, Postfix, Spamassassin. > > > > Patrick Ben Koetter wrote: >> * Lists <[EMAIL PROTECTED]>: >> >>> Hi Patrick, >>> >>> I want a single username and password to be used for all people >>> sending through this install. >>> Which method would be best for this? >>> >> >> Any method as long as you only create one user and use that for all mail >> clients, but I totally agree with Victor: You don't want to do that. >> >> If you want to simplify things, consider using the main mail address as >> username. That makes one thing less your users will have to think about. >> >> They will have to provide their credentials to the mail client anyway, if >> they >> want to be able to pick up mail (POP/IMAP). Almost all clients support an >> optional switch that will let the client reuse these credentials for SMTP >> Authentication. >> >> Use the same password backend for SMTP/POP/IMAP. >> >> [EMAIL PROTECTED] >> >> >> >> >>> Kate >>> >>> Patrick Ben Koetter wrote: >>> >>>> * Lists <[EMAIL PROTECTED]>: >>>> >>>>>>> Not sure if this is the right place to post, apologies if it is not. >>>>>>> >>>>>>> This is my first MailScanner / Postfix install - on CentOS 5.2 >>>>>>> >>>>>>> I have attempted to setup the smtp authentication using SASL >>>>>>> following various tutorials. >>>>>>> When I attempted to authenticate I am getting the following error >>>>>>> pam_succeed_if(smtp:auth):error retrieving information about user test >>>>>>> >>>> You are using the saslauthd daemon to connect via PAM to a password >>>> backend. >>>> If the backend is the local shadow file, reconfigure saslauthd to use >>>> "shadow" >>>> as method and not "pam". >>>> If you need to use PAM to access credentials in e.g. a MySQL database, then >>>> you need to fix your PAM setup /etc/pam.d/smtp. >>>> Use the "testsaslauthd" command to test saslauthd SASL authentication. >>>> Proceed >>>> to Postfix and mail clients only if testsaslauthd succeeds. A typical >>>> testsaslauthd call using PAM looks like this: >>>> >>>> $ testsaslauthd -s smtp -r /path/to/saslauthd/socket -u test -p password >>>> >>>> [EMAIL PROTECTED] >>>> >>>> >>>> >>>> >>>> >>>>>>> I have been searching the net for a couple of hours but >>>>>>> havn't been able to get it to work. >>>>>>> >>>>>> Start here: >>>>>> >>>>>> http://www.postfix.org/DEBUG_README.html#mail >>>>>> http://postfix.state-of-mind.de/patrick.koetter/saslfinger/ >>>>>> http://www.postfix.org/SASL_README.html >>>>>> >>>>>> Give more information; at least the output of 'postconf -n' and >>>>>> saslfinger. >>>>>> >>>>>> >>>>> >>>> >>>>> saslfinger - postfix Cyrus sasl configuration Wed Oct 1 14:42:58 NZDT >>>>> 2008 >>>>> version: 1.0.2 >>>>> mode: server-side SMTP AUTH >>>>> >>>>> -- basics -- >>>>> Postfix: 2.3.3 >>>>> System: CentOS release 5.2 (Final) >>>>> >>>>> -- smtpd is linked to -- >>>>> libsasl2.so.2 => /usr/lib/libsasl2.so.2 (0x001f8000) >>>>> >>>>> -- active SMTP AUTH and TLS parameters for smtpd -- >>>>> smtpd_sasl_auth_enable = yes >>>>> smtpd_sasl_local_domain = $myhostname >>>>> >>>>> >>>>> -- listing of /usr/lib/sasl -- >>>>> total 56 >>>>> drwxr-xr-x 2 root root 4096 Oct 1 09:07 . >>>>> drwxr-xr-x 68 root root 36864 Oct 1 10:02 .. >>>>> -rw-r--r-- 1 root root 47 Aug 15 09:06 smtpd.conf >>>>> >>>>> -- listing of /usr/lib/sasl2 -- >>>>> total 3468 >>>>> drwxr-xr-x 2 root root 4096 Oct 1 12:52 . >>>>> drwxr-xr-x 68 root root 36864 Oct 1 10:02 .. >>>>> -rwxr-xr-x 1 root root 884 Jan 8 2007 libanonymous.la >>>>> -rwxr-xr-x 1 root root 14372 Jan 8 2007 libanonymous.so >>>>> -rwxr-xr-x 1 root root 14372 Jan 8 2007 libanonymous.so.2 >>>>> -rwxr-xr-x 1 root root 14372 Jan 8 2007 libanonymous.so.2.0.22 >>>>> -rwxr-xr-x 1 root root 870 Jan 8 2007 libcrammd5.la >>>>> -rwxr-xr-x 1 root root 16832 Jan 8 2007 libcrammd5.so >>>>> -rwxr-xr-x 1 root root 16832 Jan 8 2007 libcrammd5.so.2 >>>>> -rwxr-xr-x 1 root root 16832 Jan 8 2007 libcrammd5.so.2.0.22 >>>>> -rwxr-xr-x 1 root root 893 Jan 8 2007 libdigestmd5.la >>>>> -rwxr-xr-x 1 root root 47204 Jan 8 2007 libdigestmd5.so >>>>> -rwxr-xr-x 1 root root 47204 Jan 8 2007 libdigestmd5.so.2 >>>>> -rwxr-xr-x 1 root root 47204 Jan 8 2007 libdigestmd5.so.2.0.22 >>>>> -rwxr-xr-x 1 root root 933 Jan 8 2007 libgssapiv2.la >>>>> -rwxr-xr-x 1 root root 26528 Jan 8 2007 libgssapiv2.so >>>>> -rwxr-xr-x 1 root root 26528 Jan 8 2007 libgssapiv2.so.2 >>>>> -rwxr-xr-x 1 root root 26528 Jan 8 2007 libgssapiv2.so.2.0.22 >>>>> -rwxr-xr-x 1 root root 877 Jan 8 2007 libldapdb.la >>>>> -rwxr-xr-x 1 root root 15472 Jan 8 2007 libldapdb.so >>>>> -rwxr-xr-x 1 root root 15472 Jan 8 2007 libldapdb.so.2 >>>>> -rwxr-xr-x 1 root root 15472 Jan 8 2007 libldapdb.so.2.0.22 >>>>> -rwxr-xr-x 1 root root 856 Jan 8 2007 liblogin.la >>>>> -rwxr-xr-x 1 root root 14752 Jan 8 2007 liblogin.so >>>>> -rwxr-xr-x 1 root root 14752 Jan 8 2007 liblogin.so.2 >>>>> -rwxr-xr-x 1 root root 14752 Jan 8 2007 liblogin.so.2.0.22 >>>>> -rwxr-xr-x 1 root root 858 Jan 8 2007 libntlm.la >>>>> -rwxr-xr-x 1 root root 31516 Jan 8 2007 libntlm.so >>>>> -rwxr-xr-x 1 root root 31516 Jan 8 2007 libntlm.so.2 >>>>> -rwxr-xr-x 1 root root 31516 Jan 8 2007 libntlm.so.2.0.22 >>>>> -rwxr-xr-x 1 root root 856 Jan 8 2007 libplain.la >>>>> -rwxr-xr-x 1 root root 14848 Jan 8 2007 libplain.so >>>>> -rwxr-xr-x 1 root root 14848 Jan 8 2007 libplain.so.2 >>>>> -rwxr-xr-x 1 root root 14848 Jan 8 2007 libplain.so.2.0.22 >>>>> -rwxr-xr-x 1 root root 930 Jan 8 2007 libsasldb.la >>>>> -rwxr-xr-x 1 root root 905200 Jan 8 2007 libsasldb.so >>>>> -rwxr-xr-x 1 root root 905200 Jan 8 2007 libsasldb.so.2 >>>>> -rwxr-xr-x 1 root root 905200 Jan 8 2007 libsasldb.so.2.0.22 >>>>> -rwxr-xr-x 1 root root 878 Jan 8 2007 libsql.la >>>>> -rwxr-xr-x 1 root root 23084 Jan 8 2007 libsql.so >>>>> -rwxr-xr-x 1 root root 23084 Jan 8 2007 libsql.so.2 >>>>> -rwxr-xr-x 1 root root 23084 Jan 8 2007 libsql.so.2.0.22 >>>>> -rw-r--r-- 1 root root 49 Oct 1 09:21 smtpd.conf >>>>> >>>>> -- listing of /etc/sasl2 -- >>>>> total 24 >>>>> drwxr-xr-x 2 root root 4096 Jan 8 2007 . >>>>> drwxr-xr-x 86 root root 12288 Oct 1 11:45 .. >>>>> >>>>> >>>>> >>>>> >>>>> -- content of /usr/lib/sasl/smtpd.conf -- >>>>> pwcheck_method: saslauthd >>>>> saslauthd_version: 2 >>>>> >>>>> -- content of /usr/lib/sasl2/smtpd.conf -- >>>>> pwcheck_method: saslauthd >>>>> mech_list: plain login >>>>> >>>>> >>>>> -- active services in /etc/postfix/master.cf -- >>>>> # service type private unpriv chroot wakeup maxproc command + args >>>>> # (yes) (yes) (yes) (never) (100) >>>>> smtp inet n - n - - smtpd >>>>> pickup fifo n - n 60 1 pickup >>>>> cleanup unix n - n - 0 cleanup >>>>> qmgr fifo n - n 300 1 qmgr >>>>> tlsmgr unix - - n 1000? 1 tlsmgr >>>>> rewrite unix - - n - - trivial-rewrite >>>>> bounce unix - - n - 0 bounce >>>>> defer unix - - n - 0 bounce >>>>> trace unix - - n - 0 bounce >>>>> verify unix - - n - 1 verify >>>>> flush unix n - n 1000? 0 flush >>>>> proxymap unix - - n - - proxymap >>>>> smtp unix - - n - - smtp >>>>> relay unix - - n - - smtp >>>>> -o fallback_relay= >>>>> showq unix n - n - - showq >>>>> error unix - - n - - error >>>>> discard unix - - n - - discard >>>>> local unix - n n - - local >>>>> virtual unix - n n - - virtual >>>>> lmtp unix - - n - - lmtp >>>>> anvil unix - - n - 1 anvil >>>>> scache unix - - n - 1 scache >>>>> maildrop unix - n n - - pipe >>>>> flags=DRhu user=vmail argv=/usr/local/bin/maildrop -d ${recipient} >>>>> old-cyrus unix - n n - - pipe >>>>> flags=R user=cyrus argv=/usr/lib/cyrus-imapd/deliver -e -m ${extension} >>>>> ${user} >>>>> cyrus unix - n n - - pipe >>>>> user=cyrus argv=/usr/lib/cyrus-imapd/deliver -e -r ${sender} -m >>>>> ${extension} ${user} >>>>> uucp unix - n n - - pipe >>>>> flags=Fqhu user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail >>>>> ($recipient) >>>>> ifmail unix - n n - - pipe >>>>> flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient) >>>>> bsmtp unix - n n - - pipe >>>>> flags=Fq. user=foo argv=/usr/local/sbin/bsmtp -f $sender $nexthop >>>>> $recipient >>>>> >>>>> -- mechanisms on localhost -- >>>>> 250-AUTH LOGIN PLAIN >>>>> >>>>> >>>>> -- end of saslfinger output -- >>>>> >>>>> >>>> > -- All technical answers asked privately will be automatically answered on the list and archived for public access unless privacy is explicitely required and justified. saslfinger (debugging SMTP AUTH): <http://postfix.state-of-mind.de/patrick.koetter/saslfinger/>
