Dear
I use SASL connected to ldap server trough saslauthd daemon
I don't understand why postfix try to query sasldb2 instead query
saslauthd daemon in order to authenticate remote clients.
clients authenticate SMTP session has u...@domain.tld user account
if they send mail trought Postfix there is an error
warning: SASL authentication failure: no secret in database
warning: SASL authentication failure: Password verification failed
warning: ns203243.ovh.net[91.121.178.84]: SASL PLAIN authentication
failed: authentication failure
but if i add the user in sasldb2 :
saslpasswd2 -f /etc/sasldb2 -u domain.tld user
Postfix answer OK
May 17 15:26:11 lagaffe postfix/smtpd[26276]: 376C4A43BB:
client=ns203243.ovh.net[91.121.178.84], sasl_method=CRAM-MD5,
sasl_username=u...@domain.tld
How to specify postfxi to query only the saslauthd daemon instead
salsdb2 database ?
here it is output of saslfinger
mode: server-side SMTP AUTH
-- basics --
Postfix: 2.5.5
System: Debian GNU/Linux 5.0 \n \l
-- smtpd is linked to --
libsasl2.so.2 => /usr/lib/libsasl2.so.2 (0xb7c87000)
-- active SMTP AUTH and TLS parameters for smtpd --
broken_sasl_auth_clients = yes
smtpd_sasl_auth_enable = yes
smtpd_sasl_authenticated_header = yes
smtpd_sasl_local_domain = cheramy.name
smtpd_sasl_path = /etc/postfix/sasl/smtpd.conf
smtpd_sasl_security_options = noanonymous
smtpd_tls_CAfile = /etc/postfix/certificates/cacert.pem
smtpd_tls_ask_ccert = no
smtpd_tls_auth_only = yes
smtpd_tls_cert_file = /etc/ssl/certs/ssl-cert-snakeoil.pem
smtpd_tls_key_file = /etc/ssl/private/ssl-cert-snakeoil.key
smtpd_tls_received_header = yes
smtpd_tls_req_ccert = no
smtpd_tls_security_level = may
smtpd_tls_session_cache_database = btree:
$queue_directory/smtpd_tls_cache
smtpd_tls_session_cache_timeout = 3600s
smtpd_use_tls = no
-- listing of /etc/postfix/sasl --
total 12
drwxr-xr-x 2 root root 4096 mai 17 14:40 .
drwxr-xr-x 5 root root 4096 mai 17 14:41 ..
-rw-r--r-- 1 root root 99 mai 17 14:50 smtpd.conf
-- content of /usr/lib/sasl2/smtpd.conf --
pwcheck_method: saslauthd
mech_list: PLAIN LOGIN CRAM-MD5 DIGEST-MD5
minimum_layer: 0
log_level: 5
-- content of /etc/postfix/sasl/smtpd.conf --
pwcheck_method: saslauthd
mech_list: PLAIN LOGIN CRAM-MD5 DIGEST-MD5
minimum_layer: 0
log_level: 5
-- content of /etc/postfix/sasl/smtpd.conf --
pwcheck_method: saslauthd
mech_list: PLAIN LOGIN CRAM-MD5 DIGEST-MD5
minimum_layer: 0
log_level: 5
-- active services in /etc/postfix/master.cf --
# service type private unpriv chroot wakeup maxproc command + args
# (yes) (yes) (yes) (never) (100)
smtp inet n - n - - smtpd
pickup fifo n - n 60 1 pickup
cleanup unix n - n - 0 cleanup
qmgr fifo n - n 300 1 qmgr
tlsmgr unix - - n 1000? 1 tlsmgr
rewrite unix - - n - - trivial-rewrite
bounce unix - - n - 0 bounce
defer unix - - n - 0 bounce
trace unix - - n - 0 bounce
verify unix - - n - 1 verify
flush unix n - n 1000? 0 flush
proxymap unix - - n - - proxymap
proxywrite unix - - n - 1 proxymap
smtp unix - - n - - smtp
relay unix - - n - - smtp
-o fallback_relay=
showq unix n - n - - showq
error unix - - n - - error
discard unix - - n - - discard
local unix - n n - - local
virtual unix - n n - - virtual
lmtp unix - - n - - lmtp
anvil unix - - n - 1 anvil
scache unix - - n - 1 scache
scan unix - - n - 10 smtp
maildrop unix - n n - - pipe
retry unix - - n - - error
uucp unix - n n - - pipe
flags=Fqhu user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail
($recipient)
ifmail unix - n n - - pipe
flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient)
bsmtp unix - n n - - pipe
flags=Fq. user=bsmtp argv=/usr/lib/bsmtp/bsmtp -t$nexthop -f$sender
$recipient
scalemail-backend unix - n n - 2 pipe
flags=R user=scalemail argv=/usr/lib/scalemail/bin/scalemail-store
${nexthop} ${user} ${extension}
mailman unix - n n - - pipe
flags=FR user=mail:mail argv=/etc/mailman/postfix-to-mailman.py
${nexthop} ${mailbox}
smtps inet n - n - - smtpd
-o smtpd_tls_wrappermode=yes
-o smtpd_sasl_auth_enable=yes
-o
smtpd_client_restrictions=permit_mynetworks,permit_sasl_authenticated,reject
-- mechanisms on localhost --
