Re: Postfix plain text authentication with SASL

Patrick Ben Koetter Wed, 08 Jun 2011 01:12:16 -0700

* Suresh Kumar Prajapati <er.sureshprajap...@gmail.com>:
> here is the output from saslfinger command.
> 
> saslfinger - postfix Cyrus sasl configuration Wed Jun  8 11:42:39 MSD 2011
> version: 1.0.2
> mode: server-side SMTP AUTH
> 
> -- basics --
> Postfix: 2.3.3
> System: CentOS release 5.6 (Final)
> 
> -- smtpd is linked to --
>     libsasl2.so.2 => /usr/lib/libsasl2.so.2 (0x00a25000)
> 
> -- active SMTP AUTH and TLS parameters for smtpd --
> smtpd_sasl_auth_enable = yes
> smtpd_sasl_local_domain = <domain.com>
> smtpd_sasl_path = smtpd
> smtpd_sasl_security_options = noanonymous
> smtpd_sasl_type = cyrus



smtpd_sasl_path, smtpd_sasl_security_options and smtpd_sasl_type are at their
defaults. No need to set them explicitly.

> -- listing of /usr/lib/sasl2 --
> total 3072
> drwxr-xr-x  2 root root   4096 Jun  7 15:00 .
> drwxr-xr-x 36 root root  20480 Jun  7 14:43 ..
> -rwxr-xr-x  1 root root    884 Mar 17  2010 libanonymous.la
> -rwxr-xr-x  1 root root  14372 Mar 17  2010 libanonymous.so
> -rwxr-xr-x  1 root root  14372 Mar 17  2010 libanonymous.so.2
> -rwxr-xr-x  1 root root  14372 Mar 17  2010 libanonymous.so.2.0.22
> -rwxr-xr-x  1 root root    870 Mar 17  2010 libcrammd5.la
> -rwxr-xr-x  1 root root  16832 Mar 17  2010 libcrammd5.so
> -rwxr-xr-x  1 root root  16832 Mar 17  2010 libcrammd5.so.2
> -rwxr-xr-x  1 root root  16832 Mar 17  2010 libcrammd5.so.2.0.22
> -rwxr-xr-x  1 root root    893 Mar 17  2010 libdigestmd5.la
> -rwxr-xr-x  1 root root  47172 Mar 17  2010 libdigestmd5.so
> -rwxr-xr-x  1 root root  47172 Mar 17  2010 libdigestmd5.so.2
> -rwxr-xr-x  1 root root  47172 Mar 17  2010 libdigestmd5.so.2.0.22
> -rwxr-xr-x  1 root root    856 Mar 17  2010 liblogin.la
> -rwxr-xr-x  1 root root  14752 Mar 17  2010 liblogin.so
> -rwxr-xr-x  1 root root  14752 Mar 17  2010 liblogin.so.2
> -rwxr-xr-x  1 root root  14752 Mar 17  2010 liblogin.so.2.0.22
> -rwxr-xr-x  1 root root    856 Mar 17  2010 libplain.la
> -rwxr-xr-x  1 root root  14848 Mar 17  2010 libplain.so
> -rwxr-xr-x  1 root root  14848 Mar 17  2010 libplain.so.2
> -rwxr-xr-x  1 root root  14848 Mar 17  2010 libplain.so.2.0.22
> -rwxr-xr-x  1 root root    930 Mar 17  2010 libsasldb.la
> -rwxr-xr-x  1 root root 905200 Mar 17  2010 libsasldb.so
> -rwxr-xr-x  1 root root 905200 Mar 17  2010 libsasldb.so.2
> -rwxr-xr-x  1 root root 905200 Mar 17  2010 libsasldb.so.2.0.22
> -rw-r--r--  1 root root     25 Mar 31  2010 Sendmail.conf
> -rw-r--r--  1 root root     50 Jun  7 15:00 smtpd.conf
> -rw-r--r--  1 root root     64 Jun  7 14:19 smtpd.conf.rpmsave

Remove /usr/lib/sasl2/smtpd.conf and /usr/lib/sasl2/smtpd.conf.rpmsave.

> -- listing of /var/lib/sasl2 --
> total 12
> drwxr-xr-x  2 root root 4096 Jun  7 13:32 .
> drwxr-xr-x 17 root root 4096 Jun  7 13:32 ..
> -rw-r--r--  1 root root  105 Jun  7 13:32 smtpd.conf

Remove /var/lib/sasl2/smtpd.conf


> -- listing of /etc/sasl2 --
> total 16
> drwxr-xr-x  2 root root    4096 Jun  7 15:19 .
> drwxr-xr-x 54 root postfix 4096 Jun  8 04:01 ..
> -rw-r--r--  1 root root      91 Jun  7 15:19 smtpd.conf
> -rw-r--r--  1 root root      99 Jun  7 10:10 smtpd.conf.bak

Keep (only) /etc/sasl2/smtpd.conf


> -- content of /etc/sasl2/smtpd.conf --
> saslauthd_path: /var/run/saslauthd/mux
>  pwcheck_method: saslauthd
>  mech_list: plain login

Reduce /etc/sasl2/smtpd.conf to this:

pwcheck_method: saslauthd
mech_list: plain login

Make sure there's neither beginning nor trailing whitespace.


> -- active services in /etc/postfix/master.cf --
> # service type  private unpriv  chroot  wakeup  maxproc command + args
> #               (yes)   (yes)   (yes)   (never) (100)
> 21      inet  n       -       n       -       -       smtpd -o
> smtpd_sasl_auth_enable=yes

The line above won't work if it is formatted like this in your master.cf.
Do you need a service called 21?

I miss a line that defines the Postfix smtp server instance. Please add this:

smtp      inet  n       -       n       -       -       smtpd


How do you run saslauthd? Can you post "ps axf | grep saslauthd"?

p@rick


> > All technical questions asked privately will be automatically answered on
> > the list and archived for public access unless privacy is explicitely
> > required and justified.
> >
> > saslfinger (debugging SMTP AUTH):
> > <http://postfix.state-of-mind.de/patrick.koetter/saslfinger/>
> >
> 
> 
> 
> -- 
> Best Regards,
> Suresh Kumar Prajapati
> Linux Security Admin
> E-mail: er.sureshprajap...@gmail.com
> ----------------------------------------------------------------------------------------
> Pencils could be made with erasers at both ends, but what would be the
> point?

-- 
state of mind ()
Digitale Kommunikation

http://www.state-of-mind.de

Franziskanerstraße 15      Telefon +49 89 3090 4664
81669 München              Telefax +49 89 3090 4666

Amtsgericht München        Partnerschaftsregister PR 563

Re: Postfix plain text authentication with SASL

Reply via email to