* Jeroen Geilman <jer...@adaptr.nl>: > On 03/06/2011 01:18 PM, David Touzeau wrote: > >dear > > > >i would like to use submission port for authenticate users from internet > >allowing them to the postfix smtpd server > > > >For testing purpose, i have set a network different from the LAN to be > >sure that postfix allow SASL connections > > > >but it seems that postfix did not want to test the authentication method > >and pass it's rules trough subnet rules to finally refuse the connection > >with a "Client host rejected: Access denied" > >We can see that there an request to saslauthd > >"xsasl_cyrus_server_create: SASL service=smtp, realm=(null)" but i did > >not really understand what is means.. > > > > > >I'm using saslauthd trough LDAP to perform credentials checking and > >postfix 2.8.0 > > > >Where i'm wrong ?? > > > >When using testssaslauthd > >---------------------------------------------------------------------- > >testsaslauthd -u david.touzeau -p secret -f /var/run/saslauthd/mux -s > >smtp > >0: OK "Success."
You are testing as user root, right? > >Content of /etc/postfix/sasl/smtpd.conf Postfix runs as user postfix. Blind guess: Your postfix user is not member of the sasl group. Check using "id postfix". If it doesn't list postfix, then add postfix to group sasl and restart postfix: % adduser postfix sasl % postfix reload Second blind guess: /etc/default/saslauthd places the saslauthd socket outside of Postfix chroot (you are running Postfix chrooted as your master.cf shows below). Enable/uncommend the line at the bottom of /etc/default/saslauthd: # OPTIONS="-c -m /var/spool/postfix/var/run/saslauthd" Then comment the OPTIONS line above and restart saslauthd. p@rick > >master.cf > >---------------------------------------------------------------------- > >smtp inet n - n - - smtpd > >submission inet n - n - - smtpd > > -o smtpd_etrn_restrictions=reject > > -o smtpd_enforce_tls=yes > > -o smtpd_sasl_auth_enable=yes > > -o smtpd_client_restrictions=permit_sasl_authenticated,reject > > -o smtp_generic_maps= > > -o sender_canonical_maps= > > > >Here it is a piece of debug logs : > >---------------------------------------------------------------------- > > Debug logs should not be required to solve SASL issues. > > Please include the output of postconf -n and the normal postfix logs > for the observed behaviour, as described in: > > http://www.postfix.org/DEBUG_README.html#mail > > > -- > J. > -- All technical questions asked privately will be automatically answered on the list and archived for public access unless privacy is explicitely required and justified. saslfinger (debugging SMTP AUTH): <http://postfix.state-of-mind.de/patrick.koetter/saslfinger/>
