* suomi <post...@ayni.com>: > Hi listers, > I just can't make postfix change from sasl2 auxprop to sasl2 saslauthd > (with LDAP). postfix never reads /usr/lib/sasl/smtpd.conf.
Postfix on Fedora will not look for smtpd.conf in /usr/lib/sasl/. It will either search in /usr/lib/sasl2/ or in /etc/sasl2/. The latter is the right way[tm] to do it. p...@rick > > > postfix-2.5.6-3.fc11.i586 > > [r...@myhost ~]# postconf -n > alias_database = hash:/etc/postfix/aliases > alias_maps = hash:/etc/postfix/aliases > anvil_rate_time_unit = 60s > command_directory = /usr/sbin > config_directory = /etc/postfix > content_filter = > daemon_directory = /usr/libexec/postfix > data_directory = /data/postfix/cache > debug_peer_level = 2 > defer_transports = > disable_dns_lookups = no > header_checks = pcre:/etc/postfix/discardthem, > pcre:/etc/postfix/header_checks > html_directory = no > inet_protocols = all > local_recipient_maps = proxy:ldap:/etc/postfix/ldap-alias.cf > mail_owner = postfix > mailbox_command = > mailbox_transport = > mailq_path = /usr/bin/mailq.postfix > manpage_directory = /usr/share/man > masquerade_classes = envelope_sender, header_sender, header_recipient > masquerade_domains = > masquerade_exceptions = root > mime_header_checks = pcre:/etc/postfix/mime_header_checks > mydestination = localhost.$mydomain > mydomain = $myhostname > myhostname = myhost.mydomain.com > mynetworks = 192.168.97.0/24, 1xx.1xx.243.160/27 > myorigin = $mydomain > newaliases_path = /usr/bin/newaliases.postfix > queue_directory = /data/postfix/queues > readme_directory = /usr/share/doc/postfix-2.5.6/README_FILES > relay_domains = permit_sasl_authenticated, permit_mynetworks > relayhost = > sample_directory = /usr/share/doc/postfix-2.5.6/samples > sendmail_path = /usr/sbin/sendmail.postfix > setgid_group = postdrop > smtpd_client_connection_count_limit = 5 > smtpd_client_connection_rate_limit = 22 > smtpd_client_event_limit_exceptions = $mynetworks > smtpd_client_recipient_rate_limit = 100 > smtpd_client_restrictions = permit_sasl_authenticated, > hash:/etc/postfix/whitelist, hash:/etc/postfix/access > smtpd_delay_reject = yes > smtpd_helo_required = yes > smtpd_helo_restrictions = permit_mynetworks, check_helo_access > hash:/etc/postfix/helo_checks, reject_invalid_hostname > smtpd_recipient_restrictions = permit_mynetworks, > permit_sasl_authenticated, reject_unauth_destination, > check_recipient_access hash:/etc/postfix/check_recipients, > check_recipient_access hash:/etc/postfix/access, reject_rbl_client > mail-abuse.org, reject_rbl_client sbl-xbl.spamhaus.org, > reject_rbl_client blackholes.easynet.nl, reject_rbl_client > cbl.abuseat.org, reject_rhsbl_client mail-abuse.org, > reject_rhsbl_client sbl-xbl.spamhaus.org, reject_rhsbl_client > blackholes.easynet.nl, reject_rhsbl_client cbl.abuseat.org > check_recipient_access ldap:/etc/postfix/ldap-spamfilter.cf, > permit > smtpd_sasl_auth_enable = yes > smtpd_sasl_local_domain = postfix > smtpd_sender_restrictions = permit_mynetworks, > permit_sasl_authenticated, reject_unknown_sender_domain, > hash:/etc/postfix/whitelist, check_sender_access > hash:/etc/postfix/access, reject_rhsbl_sender dsn.rfc-ignorant.org > strict_rfc821_envelopes = no > transport_maps = hash:/etc/postfix/transport > unknown_local_recipient_reject_code = 550 > virtual_alias_maps = proxy:ldap:/etc/postfix/ldap-alias.cf > virtual_gid_maps = static:89 > virtual_mailbox_base = /data/postfix/maildrop/ > virtual_mailbox_domains = proxy:ldap:/etc/postfix/ldap-domain.cf > virtual_mailbox_maps = proxy:ldap:/etc/postfix/ldap-mailbox.cf > virtual_minimum_uid = 51 > virtual_transport = virtual > virtual_uid_maps = static:89 > [r...@myhost ~]# > > > The actual /usr/lib/sasl2/smtpd.conf reads like: > pwcheck_method: saslauthd > mech_list: plain login cram-md5 digest-md5 > > There is another similar file in /usr/lib/sasl/smtpd.conf, which reads like: > pwcheck_method: saslauthd > mech_list: plain login > saslauthd_version: 2 > > I also checked to see whether there is another smtpd.conf file in > /etc/postfix/sasl (there is a hint to that in > http://www.postfix.org/SASL_README.html): there is none. > > It must have been about seven times that i restarted postfix from the > moment, when i changed /usr/lib/sasl2/smtpd.conf > > But when I send a message from a client to this smtpd host, in the > /var/log/maillog I get > > Sep 21 08:58:07 myhost postfix/smtpd[7240]: connect from > lunix.mydomain.com[1xx.1xx.243.162] > Sep 21 08:58:07 myhost postfix/smtpd[7240]: warning: SASL authentication > problem: unable to open Berkeley db /etc/sasldb2: No such file or > directory > Sep 21 08:58:07 myhost postfix/smtpd[7240]: warning: SASL authentication > problem: unable to open Berkeley db /etc/sasldb2: No such file or > directory > Sep 21 08:58:07 myhost postfix/smtpd[7240]: warning: SASL authentication > failure: no secret in database > Sep 21 08:58:07 myhost postfix/smtpd[7240]: warning: > lunix.mydomain.com[1xx.1xx.243.162]: SASL CRAM-MD5 authentication > failed: authentication failure > Sep 21 08:58:08 myhost postfix/smtpd[7240]: warning: SASL authentication > problem: unable to open Berkeley db /etc/sasldb2: No such file or > directory > Sep 21 08:58:08 myhost postfix/smtpd[7240]: warning: SASL authentication > problem: unable to open Berkeley db /etc/sasldb2: No such file or > directory > Sep 21 08:58:08 myhost postfix/smtpd[7240]: 4AA8015004B: > client=lunix.mydomain.com[1xx.1xx.243.162], sasl_method=PLAIN, > sasl_username=myu...@postfix > Sep 21 08:58:08 myhost postfix/cleanup[7243]: 4AA8015004B: > message-id=<4ab723ff.70...@mydomain.com> > > This is because i moved away /etc/sasldb2 in order to prevent postfix to > read it. > > That means, postfix doesn't care a damn to contact the saslauthd. It > continues to read /etc/sasldb2. It should have contacted the saslauthd > in any case, i.e. if it had read either smtpd.conf. > > > [r...@myhost /usr]# saslauthd -v > saslauthd 2.1.22 > authentication mechanisms: getpwent kerberos4 kerberos5 pam rimap shadow > ldap > > [r...@myhost /usr]# > > [r...@myhost /usr]# ps xa |grep saslauthd > 6935 ? Ss 0:00 /usr/sbin/saslauthd -m /var/run/saslauthd -a > ldap > 6936 ? S 0:00 /usr/sbin/saslauthd -m /var/run/saslauthd -a > ldap > 6938 ? S 0:00 /usr/sbin/saslauthd -m /var/run/saslauthd -a > ldap > 6939 ? S 0:00 /usr/sbin/saslauthd -m /var/run/saslauthd -a > ldap > 6940 ? S 0:00 /usr/sbin/saslauthd -m /var/run/saslauthd -a > ldap > 7497 pts/0 R+ 0:00 grep saslauthd > [r...@myhost /usr]# > > I did extensive tests to check proper functionning of saslauthd using > testsaslauthd > [r...@myhost /usr]# testsaslauthd -u myuser -p secret > 0: OK "Success." > [r...@myhost /usr]# > > What did i miss? > > suomi > -- All technical questions asked privately will be automatically answered on the list and archived for public access unless privacy is explicitely required and justified. saslfinger (debugging SMTP AUTH): <http://postfix.state-of-mind.de/patrick.koetter/saslfinger/>
