i guessed it was a realm issue so I changed smtpd_sasl_local_domain = $myhostname to smtpd_sasl_local_domain = $mydomain
and added a u...@my.org i believe auxprop is using sasldb (which I did change in smtpd.conf from sasldb2 to sasldb) handind it "user" + "realm") correct? and now I have thus new error: 535 5.7.8 Error: authentication failed: another step is needed in authentication I commented out broken_clients On Mon, Oct 22, 2012 at 6:33 PM, Patrick Ben Koetter <p...@sys4.de> wrote: > See below ... > > * William Holt <holt.william.aa...@gmail.com>: >> Hi Rob, thanks. I use the reserved adresses because I'm testing the >> box via local net (my laptop), I have everything setup straight >> through GoDaddy to my router I just forward the ports when I'm ready. >> >> I'll check out the smtpd_sasl_local_domain = $myhostname problem. By >> the way, do you know of any docs which list and explain the sasl and >> tls options? >> >> this is the result of saslfinger...I'm looking at it now but I >> forwarded it to you... >> >> <code> >> postfix start >> postfix/postfix-script: starting the Postfix mail system >> [root@messenger saslfinger-1.0.3]# saslfinger -s >> saslfinger - postfix Cyrus sasl configuration Mon Oct 22 17:45:14 EDT 2012 >> version: 1.0.2 >> mode: server-side SMTP AUTH >> >> -- basics -- >> Postfix: 2.9.4 >> System: Arch Linux \r (\l) >> >> -- smtpd is linked to -- >> libsasl2.so.2 => /usr/lib/libsasl2.so.2 (0xb7712000) >> >> -- active SMTP AUTH and TLS parameters for smtpd -- >> broken_sasl_auth_clients = yes >> smtpd_sasl_auth_enable = yes >> smtpd_sasl_local_domain = $myhostname >> smtpd_sasl_security_options = noanonymous >> smtpd_sasl_tls_security_options = $smtpd_sasl_security_options >> smtpd_sasl_type = cyrus >> smtpd_tls_CAfile = /etc/ssl/private/CA-Messenger-key.pem >> smtpd_tls_cert_file = /etc/postfix/smtpd.crt >> smtpd_tls_key_file = /etc/postfix/smtpdpub.key >> smtpd_tls_security_level = may >> >> >> -- listing of /usr/lib/sasl2 -- >> total 604 >> drwxr-xr-x 2 root root 4096 Oct 19 14:21 . >> drwxr-xr-x 52 root root 20480 Oct 19 14:14 .. >> -rwxr-xr-x 1 root root 17956 Jan 9 2012 libanonymous.so >> -rwxr-xr-x 1 root root 17956 Jan 9 2012 libanonymous.so.2 >> -rwxr-xr-x 1 root root 17956 Jan 9 2012 libanonymous.so.2.0.23 >> -rwxr-xr-x 1 root root 17956 Jan 9 2012 libcrammd5.so >> -rwxr-xr-x 1 root root 17956 Jan 9 2012 libcrammd5.so.2 >> -rwxr-xr-x 1 root root 17956 Jan 9 2012 libcrammd5.so.2.0.23 >> -rwxr-xr-x 1 root root 51012 Jan 9 2012 libdigestmd5.so >> -rwxr-xr-x 1 root root 51012 Jan 9 2012 libdigestmd5.so.2 >> -rwxr-xr-x 1 root root 51012 Jan 9 2012 libdigestmd5.so.2.0.23 >> -rwxr-xr-x 1 root root 17956 Jan 9 2012 liblogin.so >> -rwxr-xr-x 1 root root 17956 Jan 9 2012 liblogin.so.2 >> -rwxr-xr-x 1 root root 17956 Jan 9 2012 liblogin.so.2.0.23 >> -rwxr-xr-x 1 root root 34436 Jan 9 2012 libntlm.so >> -rwxr-xr-x 1 root root 34436 Jan 9 2012 libntlm.so.2 >> -rwxr-xr-x 1 root root 34436 Jan 9 2012 libntlm.so.2.0.23 >> -rwxr-xr-x 1 root root 17956 Jan 9 2012 libplain.so >> -rwxr-xr-x 1 root root 17956 Jan 9 2012 libplain.so.2 >> -rwxr-xr-x 1 root root 17956 Jan 9 2012 libplain.so.2.0.23 >> -rwxr-xr-x 1 root root 21940 Jan 9 2012 libsasldb.so >> -rwxr-xr-x 1 root root 21940 Jan 9 2012 libsasldb.so.2 >> -rwxr-xr-x 1 root root 21940 Jan 9 2012 libsasldb.so.2.0.23 >> -rw-r--r-- 1 root root 160 Oct 21 12:42 smtpd.conf >> >> >> >> >> -- content of /usr/lib/sasl2/smtpd.conf -- >> ##sasl authentication methods### >> pwcheck_method: auxprop >> #saslauthd_path: /var/run/saslauthd/mux >> mech_list: plain login >> auxprop_plugin: sasldb2 >> log_level: 7 > > Remove '2' at the end of "auxprop_plugin:" and write this: > > pwcheck_method: auxprop > mech_list: plain login > auxprop_plugin: sasldb > log_level: 7 > > Make sure you have no trailing garbage at the end of the lines! > > >> -- active services in /etc/postfix/master.cf -- >> # service type private unpriv chroot wakeup maxproc command + args >> # (yes) (yes) (yes) (never) (100) >> smtp inet n - n - - smtpd -v > > ... > >> -- mechanisms on localhost -- >> 250-AUTH PLAIN LOGIN >> 250-AUTH=PLAIN LOGIN >> >> -- end of saslfinger output -- > > So far, so good. > > What do you get if you run 'sasldblistusers2'? > Do the accounts have a domainpart you use when you create the authentication > string? If not, use an account as given from sasldblistusers2 output and test > with that. > > p@rick > > > -- > [*] sys4 AG > > http://sys4.de, +49 (89) 30 90 46 64 > Franziskanerstraße 15, 81669 München > > Sitz der Gesellschaft: München, Amtsgericht München: HRB 199263 > Vorstand: Patrick Ben Koetter, Axel von der Ohe, Marc Schiffbauer > Aufsichtsratsvorsitzender: Joerg Heidrich >
