I have some more details now: postfix/smtpd[11997]: warning: (outside host): SASL PLAIN authentication failed: authentication failure postfix/smtpd[11997]: > (outside host): 535 5.7.8 Error: authentication failed: authentication failure postfix/smtpd[11997]: watchdog_pat: 0x9ab5680 postfix/smtpd[11997]: < (outside host): AUTH LOGIN postfix/smtpd[11997]: xsasl_cyrus_server_first: sasl_method LOGIN postfix/smtpd[11997]: xsasl_cyrus_server_auth_response: uncoded server challenge: Username: postfix/smtpd[11997]: > (outside host): 334 [[SOME ENCRYPTEDVAL]] postfix/smtpd[11997]: < (outside host): [[OTHER ENCRYPTED VAL]] postfix/smtpd[11997]: xsasl_cyrus_server_next: decoded response: ( [EMAIL PROTECTED]) postfix/smtpd[11997]: xsasl_cyrus_server_auth_response: uncoded server challenge: Password: postfix/smtpd[11997]: > (outside host): 334 [[encrypted val]] postfix/smtpd[11997]: < (outside host): [[encrypted val]] postfix/smtpd[11997]: xsasl_cyrus_server_next: decoded response: [[plain text password]] postfix/smtpd[11997]: warning: SASL authentication problem: unable to open Berkeley db /etc/sasldb2: No such file or directory
It's the last line that confuses me, it shouldn't be looking in /etc/sasldb2 at all, it should be looking in the database here is my /etc/postfix/sasl/smtpd.conf pwcheck_method: auxprop auxprop_plugin: sql mech_list: login cram-md5 digest-md5 sql_engine: mysql sql_hostnames: localhost sql_user: [[mail username]] sql_passwd: [[sql passwd]] sql_database: maildb sql_select: select clear from users where id='[EMAIL PROTECTED]' and enabled = 1 So, SASL and TLS are still not working, either of them. I don't have a real idea what's going on. On Mon, Oct 13, 2008 at 10:22 AM, Issac Kelly <[EMAIL PROTECTED]> wrote: > Thanks for the reply! I'm going crazy here.' > > I did change the setup between the set of logs in the previous e-mail. To > keep things simple, I won't this time. > > # postconf -n > # shortened for relavent iformation > biff = no > broken_sasl_auth_clients = yes > config_directory = /etc/postfix > inet_interfaces = all > local_recipient_maps = > mydestination = > mydomain = domain.com > myhostname = real.domain.com > mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128 > mynetworks_style = host > myorigin = $mydomain > readme_directory = no > recipient_delimiter = + > smtp_helo_timeout = 60s > smtp_tls_note_starttls_offer = yes > smtpd_banner = Servee SMTP ESMTP > smtpd_client_restrictions = reject_rbl_client sbl.spamhaus.org, > reject_rbl_client blackholes.easynet.nl, reject_rbl_client dnsbl.njabl.org > smtpd_data_restrictions = reject_unauth_pipelining > smtpd_delay_reject = yes > smtpd_hard_error_limit = 12 > smtpd_helo_required = yes > smtpd_helo_restrictions = warn_if_reject reject_non_fqdn_hostname, > reject_invalid_hostname, permit > smtpd_recipient_limit = 16 > smtpd_recipient_restrictions = reject_unauth_pipelining, permit_mynetworks, > permit_sasl_authenticated, reject_non_fqdn_recipient, > reject_unknown_recipient_domain, reject_unauth_destination, > check_policy_service inet:127.0.0.1:60000, permit > smtpd_sasl_auth_enable = yes > smtpd_sasl_authenticated_header = yes > smtpd_sasl_local_domain = > smtpd_sasl_path = /etc/postfix/sasl:/usr/lib/sasl2 > smtpd_sasl_security_options = noanonymous > smtpd_sender_restrictions = permit_sasl_authenticated, permit_mynetworks, > warn_if_reject reject_non_fqdn_sender, reject_unknown_sender_domain, > reject_unauth_pipelining, permit > smtpd_soft_error_limit = 3 > smtpd_tls_auth_only = no > smtpd_tls_cert_file = /etc/postfix/postfix.cert > smtpd_tls_key_file = /etc/postfix/postfix.key > smtpd_tls_loglevel = 3 > smtpd_tls_received_header = yes > smtpd_tls_security_level = may > smtpd_tls_session_cache_timeout = 3600s > smtpd_use_tls = no > tls_random_source = dev:/dev/urandom > unknown_local_recipient_reject_code = 450 > virtual_alias_maps = mysql:/etc/postfix/mysql_alias.cf > virtual_gid_maps = mysql:/etc/postfix/mysql_gid.cf > virtual_mailbox_base = /mnt/spool/mail/virtual > virtual_mailbox_domains = mysql:/etc/postfix/mysql_domains.cf > virtual_mailbox_maps = mysql:/etc/postfix/mysql_mailbox.cf > virtual_uid_maps = mysql:/etc/postfix/mysql_uid.cf > > Here is the saslfinger output. > > # saslfinger -c > saslfinger - postfix Cyrus sasl configuration Mon Oct 13 07:08:29 PDT 2008 > version: 1.0.2 > mode: client-side SMTP AUTH > > -- basics -- > Postfix: 2.5.1 > System: Ubuntu 8.04 \n \l > > -- smtp is linked to -- > libsasl2.so.2 => /usr/lib/libsasl2.so.2 (0x00d68000) > > -- active SMTP AUTH and TLS parameters for smtp -- > smtp_tls_note_starttls_offer = yes > > > -- listing of /usr/lib/sasl2 -- > total 792 > drwxr-xr-x 2 root root 4096 2008-05-02 15:10 . > drwxr-xr-x 55 root root 12288 2008-05-04 09:48 .. > ... omitted ... > > *Cannot find the smtp_sasl_password_maps parameter in main.cf.* > Client-side SMTP AUTH cannot work without this parameter! > > I'm using mysql, so I've included the > > #/etc/postfix/sasl/smtpd.conf > > pwcheck_method: auxprop > auxprop_plugin: sql > mech_list: login cram-md5 digest-md5 > sql_engine: mysql > sql_hostnames: localhost > sql_user: mail > sql_passwd: (password) > sql_database: maildb > sql_select: select clear from users where id='[EMAIL PROTECTED]' and enabled > = 1 > > > The above was also taken from the guide > > Master.cf > smtp inet n - - - - smtpd > submission inet n - - - - smtpd > -o smtpd_sasl_auth_enable=yes > # if you do not want to allow encryption only, comment out next line > -o smtpd_tls_auth_only=yes > -o smtpd_tls_security_level=encrypt > # -o header_checks= > # -o body_checks= > -o > smtpd_client_restrictions=permit_sasl_authenticated,reject_unauth_destination,reject > -o smtpd_sasl_security_options=noanonymous,noplaintext > -o smtpd_sasl_tls_security_options=noanonymous > # -o milter_macro_daemon_name=ORIGINATING > smtps inet n - - - - smtpd > -o smtpd_tls_wrappermode=yes > -o smtpd_sasl_auth_enable=yes > -o smtpd_tls_auth_only=yes > -o smtpd_client_restrictions=permit_sasl_authenticated,reject > -o smtpd_sasl_security_options=noanonymous,noplaintext > -o smtpd_sasl_tls_security_options=noanonymous > # -o milter_macro_daemon_name=ORIGINATING > > > Wit this setup, I'm getting in the log > Oct 13 07:19:16 ec2-75-101-148-70 postfix/smtpd[9929]: connect from > (outside host) > Oct 13 07:19:16 ec2-75-101-148-70 postfix/smtpd[9929]: setting up TLS > connection from (outside host) > Oct 13 07:19:16 postfix/smtpd[9929]: SSL_accept error from (outside host): > -1 > Oct 13 07:19:16 postfix/smtpd[9929]: lost connection after STARTTLS from > (outside host) > -- ------- Issac Kelly servee.com issackelly.com --------------------------
