________________________________
From: Robert Schetterer <rob...@schetterer.org>
To: postfix-users@postfix.org
Sent: Saturday, October 22, 2011 4:32 PM
Subject: Re: Postfix, Sasl & Pam

First up, my bad. The conf file is:
/etc/postfix/sasl/smtp.conf

> is this debian/ubuntu ?

No. CentOS

> this is sometimes little problematic at defaults ,chroot etc, any logs,
> please show ?

Defaults? Snippet from main.cf further down.
Chroot? As in a chroot jail? No.
Logs:

Oct 22 14:32:16 example spamd[5847]: spamd: processing message 
<4oz1cemc4camruebaadufq0a4m.mc.1319319132...@oms09.hw-media.com> for 
spamfilter:516
Oct 22 14:32:16 example postfix/smtpd[8093]: disconnect from 
hw-media.com[205.162.42.27]
Oct 22 14:32:18 example spamd[8127]: util: failed to spawn a process 
"/usr/local/bin/dccproc, -H, -x, 0, -a, 205.162.42.27": error closing STDERR: 
Inappropriate ioctl for device at 
/usr/lib/perl5/vendor_perl/5.8.8/Mail/SpamAssassin/Util.pm line 1517, <GEN154> 
line 277. at /usr/lib/perl5/vendor_perl/5.8.8/Mail/SpamAssassin/Util.pm line 
1438, <GEN154> line 277.
Oct 22 14:32:18 example spamd[5847]: dcc: [8127] finished: exit 6
Oct 22 14:32:18 example spamd[5847]: dcc: check failed: failed to read header
Oct 22 14:32:18 example spamd[5847]: razor2: razor2 check failed: Permission 
denied razor2: Can't read conf file: /var/spool/amavisd/razor-agent.conf at 
/usr/lib/perl5/vendor_perl/5.8.8/Mail/SpamAssassin/Plugin/Razor2.pm line 330, 
<GEN154> line 277.
Oct 22 14:32:18 example spamd[8128]: util: failed to spawn a process 
"/usr/bin/pyzor, check": error closing STDERR: Inappropriate ioctl for device 
at /usr/lib/perl5/vendor_perl/5.8.8/Mail/SpamAssassin/Util.pm line 1517, 
<GEN154> line 277. at 
/usr/lib/perl5/vendor_perl/5.8.8/Mail/SpamAssassin/Util.pm line 1438, <GEN154> 
line 277.
Oct 22 14:32:18 example spamd[5847]: pyzor: [8128] error: exit 6
Oct 22 14:32:18 example spamd[5847]: spamd: clean message (0.6/5.0) for 
spamfilter:516 in 1.9 seconds, 21590 bytes.
Oct 22 14:32:18 example spamd[5847]: spamd: result: . 0 - 
HTML_MESSAGE,MIME_HTML_ONLY,RCVD_IN_DNSWL_NONE,RP_MATCHES_RCVD,SPF_HELO_PASS,SPF_PASS,T_DKIM_INVALID
 
scantime=1.9,size=21590,user=spamfilter,uid=516,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=47128,mid=<4oz1cemc4camruebaadufq0a4m.mc.1319319132...@oms09.hw-media.com>,autolearn=no
Oct 22 14:32:18 example postfix/pipe[8122]: ABA23579012F: 
to=<ddejo...@dejonghgroup.com>, relay=spamfilter, delay=5.4, 
delays=3.3/0.01/0/2.2, dsn=2.0.0, status=sent (delivered via spamfilter service)
Oct 22 14:32:18 example postfix/qmgr[8098]: ABA23579012F: removed
Oct 22 14:32:18 example postfix/pickup[8109]: 815F35790152: uid=516 
from=<h...@hw-media.com>
Oct 22 14:32:18 example spamd[5505]: prefork: child states: II
Oct 22 14:32:18 example postfix/cleanup[8121]: 815F35790152: 
message-id=<4oz1cemc4camruebaadufq0a4m.mc.1319319132...@oms09.hw-media.com>
Oct 22 14:32:18 example postfix/qmgr[8098]: 815F35790152: 
from=<h...@hw-media.com>, size=22279, nrcpt=1 (queue active)
Oct 22 14:32:18 example postfix/qmgr[8098]: warning: connect to transport 
private/spamassassin: No such file or directory
Oct 22 14:32:18 example postfix/error[8129]: 815F35790152: 
to=<ddejo...@dejonghgroup.com>, relay=none, delay=2.4, delays=2.3/0.03/0/0.04, 
dsn=4.3.0, status=deferred (mail transport unavailable)
Oct 22 14:32:20 example dovecot: pop3-login: Disconnected (tried to use 
disabled plaintext auth): rip=209.85.212.34, lip=209.216.9.56
Oct 22 14:32:51 example postfix/smtpd[8094]: connect from unknown[66.248.165.32]
Oct 22 14:32:51 example postfix/smtpd[8094]: lost connection after EHLO from 
unknown[66.248.165.32]
Oct 22 14:32:51 example postfix/smtpd[8094]: disconnect from 
unknown[66.248.165.32]
Oct 22 14:33:06 example postfix/smtp[8134]: fatal: specify a password table via 
the `smtp_sasl_password_maps' configuration parameter
Oct 22 14:33:07 example postfix/master[30192]: warning: process 
/usr/libexec/postfix/smtp pid 8134 exit status 1
Oct 22 14:33:07 example postfix/master[30192]: warning: 
/usr/libexec/postfix/smtp: bad command startup -- throttling
Oct 22 14:34:07 example postfix/smtp[8138]: fatal: specify a password table via 
the `smtp_sasl_password_maps' configuration parameter
Oct 22 14:34:08 example postfix/master[30192]: warning: process 
/usr/libexec/postfix/smtp pid 8138 exit status 1
Oct 22 14:34:08 example postfix/master[30192]: warning: 
/usr/libexec/postfix/smtp: bad command startup -- throttling
Oct 22 14:34:11 example postfix/smtpd[8094]: connect from unknown[66.248.165.32]
Oct 22 14:34:11 example postfix/smtpd[8094]: lost connection after EHLO from 
unknown[66.248.165.32]
Oct 22 14:34:11 example postfix/smtpd[8094]: disconnect from 
unknown[66.248.165.32]
Oct 22 14:34:14 example postfix/smtpd[8094]: connect from 
vip.inhe.net[61.55.136.27]
Oct 22 14:34:15 example postfix/smtpd[8094]: NOQUEUE: reject_warning: RCPT from 
vip.inhe.net[61.55.136.27]: 450 4.7.1 Service unavailable; Sender address 
[zhan...@vip.inhe.net] blocked using abuse.rfc-ignorant.org; Not supporting 
abuse@domain; from=<zhan...@vip.inhe.net> 
to=<ykbu0961_kulx_8...@dejonghgroup.com> proto=ESMTP helo=<vip.inhe.net>
Oct 22 14:34:15 example postfix/smtpd[8094]: NOQUEUE: reject: RCPT from 
vip.inhe.net[61.55.136.27]: 550 5.1.1 <ykbu0961_kulx_8...@dejonghgroup.com>: 
Recipient address rejected: User unknown; from=<zhan...@vip.inhe.net> 
to=<ykbu0961_kulx_8...@dejonghgroup.com> proto=ESMTP helo=<vip.inhe.net>
Oct 22 14:34:19 example postfix/smtpd[8094]: disconnect from 
vip.inhe.net[61.55.136.27]


> there are help files online , try search google
> sorry few are current off
> perhaps look
> http://www.howtoforge.com/ubuntu-postfix-saslauthd-sasl-authentication-failure-cannot-connect-to-saslauthd-server-permission-denied

Been through a bunch of them before emailing the list.

> Add the postfix user to the sasl group (this makes sure that Postfix has
> the permission to access saslauthd):

[root@example jack]# ls -al /usr/sbin/saslauthd 
-rwxr-xr-x 1 root root 83848 Mar 17  2010 /usr/sbin/saslauthd
[root@example jack]# ls -al /etc/rc.d/init.d/saslauthd 
-rwxr-xr-x 1 root root 1676 Mar 17  2010 /etc/rc.d/init.d/saslauthd

So I'm presuming root access is necessary. I discovered while googling earlier 
that postfix gets authorization to run saslauthd through /etc/shadow, but where 
is this? How to set it up?

Here's a snippet from my main.cf file:

smtpd_sasl_auth_enable          = yes
smtpd_sasl_local_domain        = $myhostname
smtpd_sasl_exceptions_networks  = $mynetworks
smtpd_recipient_restrictions = permit_mynetworks,
  permit_sasl_authenticated, check_relay_domains
smtpd_sasl_security_options     = noanonymous, nodictionary
#smtpd_sasl_security_options     = noanonymous, nodictionary, forward_secrecy, 
mutual_auth
smtpd_sasl_tls_security_options = noanonymous
smtpd_tls_auth_only             = yes
broken_sasl_auth_clients        = yes
smtpd_sasl_type                 = dovecot
smtp_sasl_auth_enable           = yes
smtpd_sasl_path = /var/spool/postfix/private/auth
smtpd_recipient_restrictions = permit_sasl_authenticated, 
reject_unauth_destination

/etc/postfix/mynetworks is a blank file.

TIA,
Jack

Reply via email to