Hi listers,
I just can't make postfix change from sasl2 auxprop to sasl2 saslauthd
(with LDAP). postfix never reads /usr/lib/sasl/smtpd.conf.
postfix-2.5.6-3.fc11.i586
[r...@myhost ~]# postconf -n
alias_database = hash:/etc/postfix/aliases
alias_maps = hash:/etc/postfix/aliases
anvil_rate_time_unit = 60s
command_directory = /usr/sbin
config_directory = /etc/postfix
content_filter =
daemon_directory = /usr/libexec/postfix
data_directory = /data/postfix/cache
debug_peer_level = 2
defer_transports =
disable_dns_lookups = no
header_checks = pcre:/etc/postfix/discardthem,
pcre:/etc/postfix/header_checks
html_directory = no
inet_protocols = all
local_recipient_maps = proxy:ldap:/etc/postfix/ldap-alias.cf
mail_owner = postfix
mailbox_command =
mailbox_transport =
mailq_path = /usr/bin/mailq.postfix
manpage_directory = /usr/share/man
masquerade_classes = envelope_sender, header_sender, header_recipient
masquerade_domains =
masquerade_exceptions = root
mime_header_checks = pcre:/etc/postfix/mime_header_checks
mydestination = localhost.$mydomain
mydomain = $myhostname
myhostname = myhost.mydomain.com
mynetworks = 192.168.97.0/24, 1xx.1xx.243.160/27
myorigin = $mydomain
newaliases_path = /usr/bin/newaliases.postfix
queue_directory = /data/postfix/queues
readme_directory = /usr/share/doc/postfix-2.5.6/README_FILES
relay_domains = permit_sasl_authenticated, permit_mynetworks
relayhost =
sample_directory = /usr/share/doc/postfix-2.5.6/samples
sendmail_path = /usr/sbin/sendmail.postfix
setgid_group = postdrop
smtpd_client_connection_count_limit = 5
smtpd_client_connection_rate_limit = 22
smtpd_client_event_limit_exceptions = $mynetworks
smtpd_client_recipient_rate_limit = 100
smtpd_client_restrictions = permit_sasl_authenticated,
hash:/etc/postfix/whitelist, hash:/etc/postfix/access
smtpd_delay_reject = yes
smtpd_helo_required = yes
smtpd_helo_restrictions = permit_mynetworks, check_helo_access
hash:/etc/postfix/helo_checks, reject_invalid_hostname
smtpd_recipient_restrictions = permit_mynetworks,
permit_sasl_authenticated, reject_unauth_destination,
check_recipient_access hash:/etc/postfix/check_recipients,
check_recipient_access hash:/etc/postfix/access,
reject_rbl_client mail-abuse.org, reject_rbl_client
sbl-xbl.spamhaus.org, reject_rbl_client blackholes.easynet.nl,
reject_rbl_client cbl.abuseat.org, reject_rhsbl_client
mail-abuse.org, reject_rhsbl_client sbl-xbl.spamhaus.org,
reject_rhsbl_client blackholes.easynet.nl, reject_rhsbl_client
cbl.abuseat.org check_recipient_access
ldap:/etc/postfix/ldap-spamfilter.cf, permit
smtpd_sasl_auth_enable = yes
smtpd_sasl_local_domain = postfix
smtpd_sender_restrictions = permit_mynetworks,
permit_sasl_authenticated, reject_unknown_sender_domain,
hash:/etc/postfix/whitelist, check_sender_access
hash:/etc/postfix/access, reject_rhsbl_sender dsn.rfc-ignorant.org
strict_rfc821_envelopes = no
transport_maps = hash:/etc/postfix/transport
unknown_local_recipient_reject_code = 550
virtual_alias_maps = proxy:ldap:/etc/postfix/ldap-alias.cf
virtual_gid_maps = static:89
virtual_mailbox_base = /data/postfix/maildrop/
virtual_mailbox_domains = proxy:ldap:/etc/postfix/ldap-domain.cf
virtual_mailbox_maps = proxy:ldap:/etc/postfix/ldap-mailbox.cf
virtual_minimum_uid = 51
virtual_transport = virtual
virtual_uid_maps = static:89
[r...@myhost ~]#
The actual /usr/lib/sasl2/smtpd.conf reads like:
pwcheck_method: saslauthd
mech_list: plain login cram-md5 digest-md5
There is another similar file in /usr/lib/sasl/smtpd.conf, which reads like:
pwcheck_method: saslauthd
mech_list: plain login
saslauthd_version: 2
I also checked to see whether there is another smtpd.conf file in
/etc/postfix/sasl (there is a hint to that in
http://www.postfix.org/SASL_README.html): there is none.
It must have been about seven times that i restarted postfix from the
moment, when i changed /usr/lib/sasl2/smtpd.conf
But when I send a message from a client to this smtpd host, in the
/var/log/maillog I get
Sep 21 08:58:07 myhost postfix/smtpd[7240]: connect from
lunix.mydomain.com[1xx.1xx.243.162]
Sep 21 08:58:07 myhost postfix/smtpd[7240]: warning: SASL authentication
problem: unable to open Berkeley db /etc/sasldb2: No such file or directory
Sep 21 08:58:07 myhost postfix/smtpd[7240]: warning: SASL authentication
problem: unable to open Berkeley db /etc/sasldb2: No such file or directory
Sep 21 08:58:07 myhost postfix/smtpd[7240]: warning: SASL authentication
failure: no secret in database
Sep 21 08:58:07 myhost postfix/smtpd[7240]: warning:
lunix.mydomain.com[1xx.1xx.243.162]: SASL CRAM-MD5 authentication
failed: authentication failure
Sep 21 08:58:08 myhost postfix/smtpd[7240]: warning: SASL authentication
problem: unable to open Berkeley db /etc/sasldb2: No such file or directory
Sep 21 08:58:08 myhost postfix/smtpd[7240]: warning: SASL authentication
problem: unable to open Berkeley db /etc/sasldb2: No such file or directory
Sep 21 08:58:08 myhost postfix/smtpd[7240]: 4AA8015004B:
client=lunix.mydomain.com[1xx.1xx.243.162], sasl_method=PLAIN,
sasl_username=myu...@postfix
Sep 21 08:58:08 myhost postfix/cleanup[7243]: 4AA8015004B:
message-id=<4ab723ff.70...@mydomain.com>
This is because i moved away /etc/sasldb2 in order to prevent postfix to
read it.
That means, postfix doesn't care a damn to contact the saslauthd. It
continues to read /etc/sasldb2. It should have contacted the saslauthd
in any case, i.e. if it had read either smtpd.conf.
[r...@myhost /usr]# saslauthd -v
saslauthd 2.1.22
authentication mechanisms: getpwent kerberos4 kerberos5 pam rimap shadow
ldap
[r...@myhost /usr]#
[r...@myhost /usr]# ps xa |grep saslauthd
6935 ? Ss 0:00 /usr/sbin/saslauthd -m /var/run/saslauthd -a
ldap
6936 ? S 0:00 /usr/sbin/saslauthd -m /var/run/saslauthd -a
ldap
6938 ? S 0:00 /usr/sbin/saslauthd -m /var/run/saslauthd -a
ldap
6939 ? S 0:00 /usr/sbin/saslauthd -m /var/run/saslauthd -a
ldap
6940 ? S 0:00 /usr/sbin/saslauthd -m /var/run/saslauthd -a
ldap
7497 pts/0 R+ 0:00 grep saslauthd
[r...@myhost /usr]#
I did extensive tests to check proper functionning of saslauthd using
testsaslauthd
[r...@myhost /usr]# testsaslauthd -u myuser -p secret
0: OK "Success."
[r...@myhost /usr]#
What did i miss?
suomi
