Re: Issue integrating with Cyrus-SASL

Crazedfred Wed, 07 Sep 2011 10:02:10 -0700

Thank you for the reply p@rick. By your recommendation I did add the postfix 
user to sasl:
sudo adduser postfix sasl
Adding user `postfix' to group `sasl' ...
Adding user postfix to group sasl
Done.


I ran "saslfinger -c" and "saslfinger -s" and it does appear that many of the 
relevant services are chrooted.
I wasn't quite sure, however, so I attached the full output of both commands.

Of interest was the error message (not sure if it's relevant though):
Cannot find the smtp_sasl_password_maps parameter in main.cf.
Client-side SMTP AUTH cannot work without this parameter!

I then changed the OPTIONS of /etc/default/saslauthd to what you reccomended:
#OPTIONS="-c -m /var/run/saslauthd"
OPTIONS="-c -m /var/spool/postfix/var/run/saslauthd"

Restart went fine:
sudo service saslauthd restart
Stopping SASL Authentication Daemon: saslauthd.
Starting SASL Authentication Daemon: saslauthd.

And the socket does appear to be changed (auth.log):
Sep  7 11:50:25 saslauthd[8695]: detach_tty      : master pid is: 8695
Sep  7 11:50:25 saslauthd[8695]: ipc_init        : listening on socket: 
/var/spool/postfix/var/run/saslauthd/mux

However there are still curious errors (I don't think I've seen the auxpropfunc 
error before):
Sep  7 11:25:02 gpasswd[8432]: user postfix added by root to group sasl
Sep  7 11:26:18 postfix/smtpd[8489]: auxpropfunc error invalid parameter 
supplied
Sep  7 11:26:18 postfix/smtpd[8489]: _sasl_plugin_load failed on 
sasl_auxprop_plug_init for plugin: ldapdb

And an attempt at localhost telnet still fails:
telnet localhost 25
Trying 127.0.0.1...
Connected to localhost.localdomain.
Escape character is '^]'.
220 ComputerName ESMTP Postfix (Debian/GNU)
auth plain {my-hash-here}
535 5.7.8 Error: authentication failed: authentication failure

Further, postfix is still giving similar errors when authentication fails:
Sep  7 11:53:20 postfix/smtpd[8821]: connect from 
localhost.localdomain[127.0.0.1]
Sep  7 11:53:37 postfix/smtpd[8821]: warning: SASL authentication problem: 
unable to open Berkeley db /etc/sasldb2: No such file or directory
Sep  7 11:53:37 postfix/smtpd[8821]: warning: SASL authentication problem: 
unable to open Berkeley db /etc/sasldb2: No such file or directory
Sep  7 11:53:37 postfix/smtpd[8821]: warning: SASL authentication failure: 
Password verification failed
Sep  7 11:53:37 postfix/smtpd[8821]: warning: localhost.localdomain[127.0.0.1]: 
SASL plain authentication failed: authentication failure

Not entirely sure how to proceed from here; advice appreciated :)

saslfinger - postfix Cyrus sasl configuration Wed Sep  7 11:26:55 CDT 2011
version: 1.0.4
mode: client-side SMTP AUTH

-- basics --
Postfix: 2.7.1
System: Debian GNU/Linux 6.0 \n \l

-- smtp is linked to --
        libsasl2.so.2 => /usr/lib/libsasl2.so.2 (0xb75b7000)

-- active SMTP AUTH and TLS parameters for smtp --
relayhost = 
smtp_sasl_auth_enable = no
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache


-- listing of /usr/lib/sasl2 --
total 756
drwxr-xr-x  2 root root  4096 Jun 26 23:58 .
drwxr-xr-x 58 root root 16384 Sep  2 20:34 ..
-rw-r--r--  1 root root 13436 Dec 19  2010 libanonymous.a
-rw-r--r--  1 root root  1003 Dec 19  2010 libanonymous.la
-rw-r--r--  1 root root 13076 Dec 19  2010 libanonymous.so
-rw-r--r--  1 root root 13076 Dec 19  2010 libanonymous.so.2
-rw-r--r--  1 root root 13076 Dec 19  2010 libanonymous.so.2.0.23
-rw-r--r--  1 root root 15882 Dec 19  2010 libcrammd5.a
-rw-r--r--  1 root root   989 Dec 19  2010 libcrammd5.la
-rw-r--r--  1 root root 15444 Dec 19  2010 libcrammd5.so
-rw-r--r--  1 root root 15444 Dec 19  2010 libcrammd5.so.2
-rw-r--r--  1 root root 15444 Dec 19  2010 libcrammd5.so.2.0.23
-rw-r--r--  1 root root 45328 Dec 19  2010 libdigestmd5.a
-rw-r--r--  1 root root  1012 Dec 19  2010 libdigestmd5.la
-rw-r--r--  1 root root 43144 Dec 19  2010 libdigestmd5.so
-rw-r--r--  1 root root 43144 Dec 19  2010 libdigestmd5.so.2
-rw-r--r--  1 root root 43144 Dec 19  2010 libdigestmd5.so.2.0.23
-rw-r--r--  1 root root 13744 Dec 19  2010 libldapdb.a
-rw-r--r--  1 root root   996 Dec 19  2010 libldapdb.la
-rw-r--r--  1 root root 14540 Dec 19  2010 libldapdb.so
-rw-r--r--  1 root root 14540 Dec 19  2010 libldapdb.so.2
-rw-r--r--  1 root root 14540 Dec 19  2010 libldapdb.so.2.0.23
-rw-r--r--  1 root root 13586 Dec 19  2010 liblogin.a
-rw-r--r--  1 root root   983 Dec 19  2010 liblogin.la
-rw-r--r--  1 root root 13552 Dec 19  2010 liblogin.so
-rw-r--r--  1 root root 13552 Dec 19  2010 liblogin.so.2
-rw-r--r--  1 root root 13552 Dec 19  2010 liblogin.so.2.0.23
-rw-r--r--  1 root root 29140 Dec 19  2010 libntlm.a
-rw-r--r--  1 root root   977 Dec 19  2010 libntlm.la
-rw-r--r--  1 root root 28528 Dec 19  2010 libntlm.so
-rw-r--r--  1 root root 28528 Dec 19  2010 libntlm.so.2
-rw-r--r--  1 root root 28528 Dec 19  2010 libntlm.so.2.0.23
-rw-r--r--  1 root root 13786 Dec 19  2010 libplain.a
-rw-r--r--  1 root root   983 Dec 19  2010 libplain.la
-rw-r--r--  1 root root 14096 Dec 19  2010 libplain.so
-rw-r--r--  1 root root 14096 Dec 19  2010 libplain.so.2
-rw-r--r--  1 root root 14096 Dec 19  2010 libplain.so.2.0.23
-rw-r--r--  1 root root 21498 Dec 19  2010 libsasldb.a
-rw-r--r--  1 root root  1014 Dec 19  2010 libsasldb.la
-rw-r--r--  1 root root 18084 Dec 19  2010 libsasldb.so
-rw-r--r--  1 root root 18084 Dec 19  2010 libsasldb.so.2
-rw-r--r--  1 root root 18084 Dec 19  2010 libsasldb.so.2.0.23
-rw-r--r--  1 root root    49 Jun 26 23:58 smtpd.conf

-- listing of /etc/postfix/sasl --
total 8
drwxr-xr-x 2 root root 4096 May  4 16:30 .
drwxr-xr-x 3 root root 4096 Jun 26 03:12 ..


Cannot find the smtp_sasl_password_maps parameter in main.cf.
Client-side SMTP AUTH cannot work without this parameter!

saslfinger - postfix Cyrus sasl configuration Wed Sep  7 11:26:45 CDT 2011
version: 1.0.4
mode: server-side SMTP AUTH

-- basics --
Postfix: 2.7.1
System: Debian GNU/Linux 6.0 \n \l

-- smtpd is linked to --
        libsasl2.so.2 => /usr/lib/libsasl2.so.2 (0xb747a000)

-- active SMTP AUTH and TLS parameters for smtpd --
smtpd_sasl_auth_enable = yes
smtpd_sasl_local_domain = 
smtpd_sasl_security_options = noanonymous
smtpd_tls_cert_file = /etc/ssl/certs/ssl-cert-snakeoil.pem
smtpd_tls_key_file = /etc/ssl/private/ssl-cert-snakeoil.key
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
smtpd_use_tls = yes


-- listing of /usr/lib/sasl2 --
total 756
drwxr-xr-x  2 root root  4096 Jun 26 23:58 .
drwxr-xr-x 58 root root 16384 Sep  2 20:34 ..
-rw-r--r--  1 root root 13436 Dec 19  2010 libanonymous.a
-rw-r--r--  1 root root  1003 Dec 19  2010 libanonymous.la
-rw-r--r--  1 root root 13076 Dec 19  2010 libanonymous.so
-rw-r--r--  1 root root 13076 Dec 19  2010 libanonymous.so.2
-rw-r--r--  1 root root 13076 Dec 19  2010 libanonymous.so.2.0.23
-rw-r--r--  1 root root 15882 Dec 19  2010 libcrammd5.a
-rw-r--r--  1 root root   989 Dec 19  2010 libcrammd5.la
-rw-r--r--  1 root root 15444 Dec 19  2010 libcrammd5.so
-rw-r--r--  1 root root 15444 Dec 19  2010 libcrammd5.so.2
-rw-r--r--  1 root root 15444 Dec 19  2010 libcrammd5.so.2.0.23
-rw-r--r--  1 root root 45328 Dec 19  2010 libdigestmd5.a
-rw-r--r--  1 root root  1012 Dec 19  2010 libdigestmd5.la
-rw-r--r--  1 root root 43144 Dec 19  2010 libdigestmd5.so
-rw-r--r--  1 root root 43144 Dec 19  2010 libdigestmd5.so.2
-rw-r--r--  1 root root 43144 Dec 19  2010 libdigestmd5.so.2.0.23
-rw-r--r--  1 root root 13744 Dec 19  2010 libldapdb.a
-rw-r--r--  1 root root   996 Dec 19  2010 libldapdb.la
-rw-r--r--  1 root root 14540 Dec 19  2010 libldapdb.so
-rw-r--r--  1 root root 14540 Dec 19  2010 libldapdb.so.2
-rw-r--r--  1 root root 14540 Dec 19  2010 libldapdb.so.2.0.23
-rw-r--r--  1 root root 13586 Dec 19  2010 liblogin.a
-rw-r--r--  1 root root   983 Dec 19  2010 liblogin.la
-rw-r--r--  1 root root 13552 Dec 19  2010 liblogin.so
-rw-r--r--  1 root root 13552 Dec 19  2010 liblogin.so.2
-rw-r--r--  1 root root 13552 Dec 19  2010 liblogin.so.2.0.23
-rw-r--r--  1 root root 29140 Dec 19  2010 libntlm.a
-rw-r--r--  1 root root   977 Dec 19  2010 libntlm.la
-rw-r--r--  1 root root 28528 Dec 19  2010 libntlm.so
-rw-r--r--  1 root root 28528 Dec 19  2010 libntlm.so.2
-rw-r--r--  1 root root 28528 Dec 19  2010 libntlm.so.2.0.23
-rw-r--r--  1 root root 13786 Dec 19  2010 libplain.a
-rw-r--r--  1 root root   983 Dec 19  2010 libplain.la
-rw-r--r--  1 root root 14096 Dec 19  2010 libplain.so
-rw-r--r--  1 root root 14096 Dec 19  2010 libplain.so.2
-rw-r--r--  1 root root 14096 Dec 19  2010 libplain.so.2.0.23
-rw-r--r--  1 root root 21498 Dec 19  2010 libsasldb.a
-rw-r--r--  1 root root  1014 Dec 19  2010 libsasldb.la
-rw-r--r--  1 root root 18084 Dec 19  2010 libsasldb.so
-rw-r--r--  1 root root 18084 Dec 19  2010 libsasldb.so.2
-rw-r--r--  1 root root 18084 Dec 19  2010 libsasldb.so.2.0.23
-rw-r--r--  1 root root    49 Jun 26 23:58 smtpd.conf

-- listing of /etc/postfix/sasl --
total 8
drwxr-xr-x 2 root root 4096 May  4 16:30 .
drwxr-xr-x 3 root root 4096 Jun 26 03:12 ..




-- content of /usr/lib/sasl2/smtpd.conf --
pwcheck_method: saslauthd
mech_list: login plain


-- active services in /etc/postfix/master.cf --
# service type  private unpriv  chroot  wakeup  maxproc command + args
#               (yes)   (yes)   (yes)   (never) (100)
smtp      inet  n       -       -       -       -       smtpd
pickup    fifo  n       -       -       60      1       pickup
cleanup   unix  n       -       -       -       0       cleanup
qmgr      fifo  n       -       n       300     1       qmgr
tlsmgr    unix  -       -       -       1000?   1       tlsmgr
rewrite   unix  -       -       -       -       -       trivial-rewrite
bounce    unix  -       -       -       -       0       bounce
defer     unix  -       -       -       -       0       bounce
trace     unix  -       -       -       -       0       bounce
verify    unix  -       -       -       -       1       verify
flush     unix  n       -       -       1000?   0       flush
proxymap  unix  -       -       n       -       -       proxymap
proxywrite unix -       -       n       -       1       proxymap
smtp      unix  -       -       -       -       -       smtp
relay     unix  -       -       -       -       -       smtp
        -o smtp_fallback_relay=
showq     unix  n       -       -       -       -       showq
error     unix  -       -       -       -       -       error
retry     unix  -       -       -       -       -       error
discard   unix  -       -       -       -       -       discard
local     unix  -       n       n       -       -       local
virtual   unix  -       n       n       -       -       virtual
lmtp      unix  -       -       -       -       -       lmtp
anvil     unix  -       -       -       -       1       anvil
scache    unix  -       -       -       -       1       scache
maildrop  unix  -       n       n       -       -       pipe
  flags=DRhu user=vmail argv=/usr/bin/maildrop -d ${recipient}
uucp      unix  -       n       n       -       -       pipe
  flags=Fqhu user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail ($recipient)
ifmail    unix  -       n       n       -       -       pipe
  flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient)
bsmtp     unix  -       n       n       -       -       pipe
  flags=Fq. user=bsmtp argv=/usr/lib/bsmtp/bsmtp -t$nexthop -f$sender $recipient
scalemail-backend unix  -       n       n       -       2       pipe
  flags=R user=scalemail argv=/usr/lib/scalemail/bin/scalemail-store ${nexthop} 
${user} ${extension}
mailman   unix  -       n       n       -       -       pipe
  flags=FR user=list argv=/usr/lib/mailman/bin/postfix-to-mailman.py
  ${nexthop} ${user}

-- mechanisms on localhost --
250-AUTH CRAM-MD5 DIGEST-MD5 PLAIN NTLM LOGIN


-- end of saslfinger output --

Re: Issue integrating with Cyrus-SASL

Reply via email to