On Tue, Jul 02, 2024 at 11:24:53PM -0400, John Levine via Postfix-users wrote:
> >Have you posted "postconf -nf" and "postconf -Mf" output (with as-is
> >whitespace, including line-breaks)?
>
> I will, see below.
Thanks, generally best to do that early when delving into configuration
conundrums.
> >What's the evidence that "saslauthd" is not used?
>
> I have saslauthd in debug mode so it reports when anything talks to
> it. As I said, the sasl test client works fine and it reports that, so
> I know that works.
That is, saslauthd(8) is listening on the socket you specified in your
testsaslauthd(8) command-line:
$ testsaslauthd -f /var/spool/postfix/var/run/saslauthd/mux ...
which you correctly specify inside the Postfix chroot jail, but, is
"/var/run/saslauthd" the actual directory compiled into the Debian SASL
library? If not, or, in any case, you might specify
saslauthd_path: /var/run/saslauthd/mux
in the "smtpd.conf" file, once it is in the correct (for Debian)
directory. Note that this setting does include the "/mux" suffix.
> >> 535 5.7.8 Error: authentication failed: authentication failure
> >
> >I gather you generated the "auth plain ..." yourself. ...
>
> If I could get it to talk to saslauthd at all then we might worry
> about the details of what it's passing to it. Per a previous message
> I'll try the socket locations he suggests.
Did you get a chance to check the ancestor directories and socket
ownership and permissions?
> smtp_sasl_type = cyrus
I don't see a corresponding setting of "smtpd_sasl_type".
> smtpd_sasl_auth_enable = yes
I would set this to "no".
> smtpd_sasl_mechanism_filter = login, plain
> smtpd_sasl_path = smtpd
> smtpd_tls_auth_only = yes
This looks fine.
> submissions inet n - y - - smtpd
> -o syslog_name=postfix/submissions
> -o smtpd_tls_wrappermode=yes
> -o smtpd_sasl_auth_enable=yes
> -o smtpd_reject_unlisted_recipient=no
> -o smtpd_recipient_restrictions=permit_sasl_authenticated,reject
Indeed chrooted.
In summary:
- main.cf: smtpd_sasl_type = cyrus
- Ensure correct (for Debian) location of smtpd.conf
- smtpd.conf: saslauthd_path: /var/run/saslauthd/mux
- Check directory and socket permissions, the postfix
user or its *primary* group should be able to open
the socket for read/write.
--
Viktor.
_______________________________________________
Postfix-users mailing list -- postfix-users@postfix.org
To unsubscribe send an email to postfix-users-le...@postfix.org
