________________________________ From: Robert Schetterer <rob...@schetterer.org> To: postfix-users@postfix.org Sent: Saturday, October 22, 2011 4:32 PM Subject: Re: Postfix, Sasl & Pam
First up, my bad. The conf file is: /etc/postfix/sasl/smtp.conf > is this debian/ubuntu ? No. CentOS > this is sometimes little problematic at defaults ,chroot etc, any logs, > please show ? Defaults? Snippet from main.cf further down. Chroot? As in a chroot jail? No. Logs: Oct 22 14:32:16 example spamd[5847]: spamd: processing message <4oz1cemc4camruebaadufq0a4m.mc.1319319132...@oms09.hw-media.com> for spamfilter:516 Oct 22 14:32:16 example postfix/smtpd[8093]: disconnect from hw-media.com[205.162.42.27] Oct 22 14:32:18 example spamd[8127]: util: failed to spawn a process "/usr/local/bin/dccproc, -H, -x, 0, -a, 205.162.42.27": error closing STDERR: Inappropriate ioctl for device at /usr/lib/perl5/vendor_perl/5.8.8/Mail/SpamAssassin/Util.pm line 1517, <GEN154> line 277. at /usr/lib/perl5/vendor_perl/5.8.8/Mail/SpamAssassin/Util.pm line 1438, <GEN154> line 277. Oct 22 14:32:18 example spamd[5847]: dcc: [8127] finished: exit 6 Oct 22 14:32:18 example spamd[5847]: dcc: check failed: failed to read header Oct 22 14:32:18 example spamd[5847]: razor2: razor2 check failed: Permission denied razor2: Can't read conf file: /var/spool/amavisd/razor-agent.conf at /usr/lib/perl5/vendor_perl/5.8.8/Mail/SpamAssassin/Plugin/Razor2.pm line 330, <GEN154> line 277. Oct 22 14:32:18 example spamd[8128]: util: failed to spawn a process "/usr/bin/pyzor, check": error closing STDERR: Inappropriate ioctl for device at /usr/lib/perl5/vendor_perl/5.8.8/Mail/SpamAssassin/Util.pm line 1517, <GEN154> line 277. at /usr/lib/perl5/vendor_perl/5.8.8/Mail/SpamAssassin/Util.pm line 1438, <GEN154> line 277. Oct 22 14:32:18 example spamd[5847]: pyzor: [8128] error: exit 6 Oct 22 14:32:18 example spamd[5847]: spamd: clean message (0.6/5.0) for spamfilter:516 in 1.9 seconds, 21590 bytes. Oct 22 14:32:18 example spamd[5847]: spamd: result: . 0 - HTML_MESSAGE,MIME_HTML_ONLY,RCVD_IN_DNSWL_NONE,RP_MATCHES_RCVD,SPF_HELO_PASS,SPF_PASS,T_DKIM_INVALID scantime=1.9,size=21590,user=spamfilter,uid=516,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=47128,mid=<4oz1cemc4camruebaadufq0a4m.mc.1319319132...@oms09.hw-media.com>,autolearn=no Oct 22 14:32:18 example postfix/pipe[8122]: ABA23579012F: to=<ddejo...@dejonghgroup.com>, relay=spamfilter, delay=5.4, delays=3.3/0.01/0/2.2, dsn=2.0.0, status=sent (delivered via spamfilter service) Oct 22 14:32:18 example postfix/qmgr[8098]: ABA23579012F: removed Oct 22 14:32:18 example postfix/pickup[8109]: 815F35790152: uid=516 from=<h...@hw-media.com> Oct 22 14:32:18 example spamd[5505]: prefork: child states: II Oct 22 14:32:18 example postfix/cleanup[8121]: 815F35790152: message-id=<4oz1cemc4camruebaadufq0a4m.mc.1319319132...@oms09.hw-media.com> Oct 22 14:32:18 example postfix/qmgr[8098]: 815F35790152: from=<h...@hw-media.com>, size=22279, nrcpt=1 (queue active) Oct 22 14:32:18 example postfix/qmgr[8098]: warning: connect to transport private/spamassassin: No such file or directory Oct 22 14:32:18 example postfix/error[8129]: 815F35790152: to=<ddejo...@dejonghgroup.com>, relay=none, delay=2.4, delays=2.3/0.03/0/0.04, dsn=4.3.0, status=deferred (mail transport unavailable) Oct 22 14:32:20 example dovecot: pop3-login: Disconnected (tried to use disabled plaintext auth): rip=209.85.212.34, lip=209.216.9.56 Oct 22 14:32:51 example postfix/smtpd[8094]: connect from unknown[66.248.165.32] Oct 22 14:32:51 example postfix/smtpd[8094]: lost connection after EHLO from unknown[66.248.165.32] Oct 22 14:32:51 example postfix/smtpd[8094]: disconnect from unknown[66.248.165.32] Oct 22 14:33:06 example postfix/smtp[8134]: fatal: specify a password table via the `smtp_sasl_password_maps' configuration parameter Oct 22 14:33:07 example postfix/master[30192]: warning: process /usr/libexec/postfix/smtp pid 8134 exit status 1 Oct 22 14:33:07 example postfix/master[30192]: warning: /usr/libexec/postfix/smtp: bad command startup -- throttling Oct 22 14:34:07 example postfix/smtp[8138]: fatal: specify a password table via the `smtp_sasl_password_maps' configuration parameter Oct 22 14:34:08 example postfix/master[30192]: warning: process /usr/libexec/postfix/smtp pid 8138 exit status 1 Oct 22 14:34:08 example postfix/master[30192]: warning: /usr/libexec/postfix/smtp: bad command startup -- throttling Oct 22 14:34:11 example postfix/smtpd[8094]: connect from unknown[66.248.165.32] Oct 22 14:34:11 example postfix/smtpd[8094]: lost connection after EHLO from unknown[66.248.165.32] Oct 22 14:34:11 example postfix/smtpd[8094]: disconnect from unknown[66.248.165.32] Oct 22 14:34:14 example postfix/smtpd[8094]: connect from vip.inhe.net[61.55.136.27] Oct 22 14:34:15 example postfix/smtpd[8094]: NOQUEUE: reject_warning: RCPT from vip.inhe.net[61.55.136.27]: 450 4.7.1 Service unavailable; Sender address [zhan...@vip.inhe.net] blocked using abuse.rfc-ignorant.org; Not supporting abuse@domain; from=<zhan...@vip.inhe.net> to=<ykbu0961_kulx_8...@dejonghgroup.com> proto=ESMTP helo=<vip.inhe.net> Oct 22 14:34:15 example postfix/smtpd[8094]: NOQUEUE: reject: RCPT from vip.inhe.net[61.55.136.27]: 550 5.1.1 <ykbu0961_kulx_8...@dejonghgroup.com>: Recipient address rejected: User unknown; from=<zhan...@vip.inhe.net> to=<ykbu0961_kulx_8...@dejonghgroup.com> proto=ESMTP helo=<vip.inhe.net> Oct 22 14:34:19 example postfix/smtpd[8094]: disconnect from vip.inhe.net[61.55.136.27] > there are help files online , try search google > sorry few are current off > perhaps look > http://www.howtoforge.com/ubuntu-postfix-saslauthd-sasl-authentication-failure-cannot-connect-to-saslauthd-server-permission-denied Been through a bunch of them before emailing the list. > Add the postfix user to the sasl group (this makes sure that Postfix has > the permission to access saslauthd): [root@example jack]# ls -al /usr/sbin/saslauthd -rwxr-xr-x 1 root root 83848 Mar 17 2010 /usr/sbin/saslauthd [root@example jack]# ls -al /etc/rc.d/init.d/saslauthd -rwxr-xr-x 1 root root 1676 Mar 17 2010 /etc/rc.d/init.d/saslauthd So I'm presuming root access is necessary. I discovered while googling earlier that postfix gets authorization to run saslauthd through /etc/shadow, but where is this? How to set it up? Here's a snippet from my main.cf file: smtpd_sasl_auth_enable = yes smtpd_sasl_local_domain = $myhostname smtpd_sasl_exceptions_networks = $mynetworks smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, check_relay_domains smtpd_sasl_security_options = noanonymous, nodictionary #smtpd_sasl_security_options = noanonymous, nodictionary, forward_secrecy, mutual_auth smtpd_sasl_tls_security_options = noanonymous smtpd_tls_auth_only = yes broken_sasl_auth_clients = yes smtpd_sasl_type = dovecot smtp_sasl_auth_enable = yes smtpd_sasl_path = /var/spool/postfix/private/auth smtpd_recipient_restrictions = permit_sasl_authenticated, reject_unauth_destination /etc/postfix/mynetworks is a blank file. TIA, Jack