Re: postfix SMTP AUTH

William Holt Tue, 23 Oct 2012 05:54:07 -0700

Hello Patrick, I made some changes, specifically submission port in
master.cf. My question now is why is SMTP AUTH offered on port 25, but
not 587?


SASLFINGER OUTPUT=========================
saslfinger - postfix Cyrus sasl configuration Tue Oct 23 08:40:24 EDT 2012
version: 1.0.2
mode: server-side SMTP AUTH

-- basics --
Postfix: 2.9.4
System: Arch Linux \r (\l)

-- smtpd is linked to --
        libsasl2.so.2 => /usr/lib/libsasl2.so.2 (0xb77b5000)

-- active SMTP AUTH and TLS parameters for smtpd --
smtpd_sasl_auth_enable = yes
smtpd_sasl_local_domain = $mydomain
smtpd_sasl_path = smtpd
smtpd_sasl_security_options = noanonymous
smtpd_sasl_type = cyrus
smtpd_tls_CAfile = /etc/ssl/private/CA-Messenger-key.pem
smtpd_tls_cert_file = /etc/postfix/smtpd.crt
smtpd_tls_security_level = may


-- listing of /usr/lib/sasl2 --
total 604
drwxr-xr-x  2 root root  4096 Oct 19 14:21 .
drwxr-xr-x 52 root root 20480 Oct 19 14:14 ..
-rwxr-xr-x  1 root root 17956 Jan  9  2012 libanonymous.so
-rwxr-xr-x  1 root root 17956 Jan  9  2012 libanonymous.so.2
-rwxr-xr-x  1 root root 17956 Jan  9  2012 libanonymous.so.2.0.23
-rwxr-xr-x  1 root root 17956 Jan  9  2012 libcrammd5.so
-rwxr-xr-x  1 root root 17956 Jan  9  2012 libcrammd5.so.2
-rwxr-xr-x  1 root root 17956 Jan  9  2012 libcrammd5.so.2.0.23
-rwxr-xr-x  1 root root 51012 Jan  9  2012 libdigestmd5.so
-rwxr-xr-x  1 root root 51012 Jan  9  2012 libdigestmd5.so.2
-rwxr-xr-x  1 root root 51012 Jan  9  2012 libdigestmd5.so.2.0.23
-rwxr-xr-x  1 root root 17956 Jan  9  2012 liblogin.so
-rwxr-xr-x  1 root root 17956 Jan  9  2012 liblogin.so.2
-rwxr-xr-x  1 root root 17956 Jan  9  2012 liblogin.so.2.0.23
-rwxr-xr-x  1 root root 34436 Jan  9  2012 libntlm.so
-rwxr-xr-x  1 root root 34436 Jan  9  2012 libntlm.so.2
-rwxr-xr-x  1 root root 34436 Jan  9  2012 libntlm.so.2.0.23
-rwxr-xr-x  1 root root 17956 Jan  9  2012 libplain.so
-rwxr-xr-x  1 root root 17956 Jan  9  2012 libplain.so.2
-rwxr-xr-x  1 root root 17956 Jan  9  2012 libplain.so.2.0.23
-rwxr-xr-x  1 root root 21940 Jan  9  2012 libsasldb.so
-rwxr-xr-x  1 root root 21940 Jan  9  2012 libsasldb.so.2
-rwxr-xr-x  1 root root 21940 Jan  9  2012 libsasldb.so.2.0.23
-rw-r--r--  1 root root   119 Oct 23 08:00 smtpd.conf




-- content of /usr/lib/sasl2/smtpd.conf --
##sasl authentication methods###
pwcheck_method: auxprop
mech_list: plain login
auxprop_plugin: sasldb
log_level: 7



-- active services in /etc/postfix/master.cf --
# service type  private unpriv  chroot  wakeup  maxproc command + args
#               (yes)   (yes)   (yes)   (never) (100)
smtp      inet  n       -       n       -       -       smtpd -v
submission inet n       -       n       -       -       smtpd
        -o syslog_name=postfix/submission
        -o smtpd_tls_security_level=encrypt
        -o smtpd_sasl_auth_enable=yes
        -o smtpd_client_restrictions=permit_sasl_authenticated,reject
        -o milter_macro_daemon_name=ORIGINATING
pickup    fifo  n       -       n       60      1       pickup
cleanup   unix  n       -       n       -       0       cleanup
qmgr      fifo  n       -       n       300     1       qmgr
tlsmgr    unix  -       -       n       1000?   1       tlsmgr
rewrite   unix  -       -       n       -       -       trivial-rewrite
bounce    unix  -       -       n       -       0       bounce
defer     unix  -       -       n       -       0       bounce
trace     unix  -       -       n       -       0       bounce
verify    unix  -       -       n       -       1       verify
flush     unix  n       -       n       1000?   0       flush
proxymap  unix  -       -       n       -       -       proxymap
proxywrite unix -       -       n       -       1       proxymap
smtp      unix  -       -       n       -       -       smtp
relay     unix  -       -       n       -       -       smtp
showq     unix  n       -       n       -       -       showq
error     unix  -       -       n       -       -       error
retry     unix  -       -       n       -       -       error
discard   unix  -       -       n       -       -       discard
local     unix  -       n       n       -       -       local
virtual   unix  -       n       n       -       -       virtual
lmtp      unix  -       -       n       -       -       lmtp
anvil     unix  -       -       n       -       1       anvil
scache    unix  -       -       n       -       1       scache

-- mechanisms on localhost --
250-AUTH PLAIN LOGIN

-- end of saslfinger output --
ENDOFSASLFINGER=============================

On Mon, Oct 22, 2012 at 9:39 PM, William Holt
<holt.william.aa...@gmail.com> wrote:
> i guessed it was a realm issue so I changed smtpd_sasl_local_domain =
> $myhostname to smtpd_sasl_local_domain =  $mydomain
>
> and added a u...@my.org
> i believe auxprop is using sasldb (which I did change in smtpd.conf
> from sasldb2 to sasldb) handind it "user" + "realm") correct?
>
> and now I have thus new error:
> 535 5.7.8 Error: authentication failed: another step is needed in 
> authentication
>
> I commented out broken_clients
>
>
>
> On Mon, Oct 22, 2012 at 6:33 PM, Patrick Ben Koetter <p...@sys4.de> wrote:
>> See below ...
>>
>> * William Holt <holt.william.aa...@gmail.com>:
>>> Hi Rob, thanks. I use the reserved adresses because I'm testing the
>>> box via local net (my laptop), I have everything setup straight
>>> through GoDaddy to my router I just forward the ports when I'm ready.
>>>
>>> I'll check out the smtpd_sasl_local_domain = $myhostname problem. By
>>> the way, do you know of any docs which list and explain the sasl and
>>> tls options?
>>>
>>> this is the result of saslfinger...I'm looking at it now but I
>>> forwarded it to you...
>>>
>>> <code>
>>> postfix start
>>> postfix/postfix-script: starting the Postfix mail system
>>> [root@messenger saslfinger-1.0.3]# saslfinger -s
>>> saslfinger - postfix Cyrus sasl configuration Mon Oct 22 17:45:14 EDT 2012
>>> version: 1.0.2
>>> mode: server-side SMTP AUTH
>>>
>>> -- basics --
>>> Postfix: 2.9.4
>>> System: Arch Linux \r (\l)
>>>
>>> -- smtpd is linked to --
>>>       libsasl2.so.2 => /usr/lib/libsasl2.so.2 (0xb7712000)
>>>
>>> -- active SMTP AUTH and TLS parameters for smtpd --
>>> broken_sasl_auth_clients = yes
>>> smtpd_sasl_auth_enable = yes
>>> smtpd_sasl_local_domain = $myhostname
>>> smtpd_sasl_security_options = noanonymous
>>> smtpd_sasl_tls_security_options = $smtpd_sasl_security_options
>>> smtpd_sasl_type = cyrus
>>> smtpd_tls_CAfile = /etc/ssl/private/CA-Messenger-key.pem
>>> smtpd_tls_cert_file = /etc/postfix/smtpd.crt
>>> smtpd_tls_key_file = /etc/postfix/smtpdpub.key
>>> smtpd_tls_security_level = may
>>>
>>>
>>> -- listing of /usr/lib/sasl2 --
>>> total 604
>>> drwxr-xr-x  2 root root  4096 Oct 19 14:21 .
>>> drwxr-xr-x 52 root root 20480 Oct 19 14:14 ..
>>> -rwxr-xr-x  1 root root 17956 Jan  9  2012 libanonymous.so
>>> -rwxr-xr-x  1 root root 17956 Jan  9  2012 libanonymous.so.2
>>> -rwxr-xr-x  1 root root 17956 Jan  9  2012 libanonymous.so.2.0.23
>>> -rwxr-xr-x  1 root root 17956 Jan  9  2012 libcrammd5.so
>>> -rwxr-xr-x  1 root root 17956 Jan  9  2012 libcrammd5.so.2
>>> -rwxr-xr-x  1 root root 17956 Jan  9  2012 libcrammd5.so.2.0.23
>>> -rwxr-xr-x  1 root root 51012 Jan  9  2012 libdigestmd5.so
>>> -rwxr-xr-x  1 root root 51012 Jan  9  2012 libdigestmd5.so.2
>>> -rwxr-xr-x  1 root root 51012 Jan  9  2012 libdigestmd5.so.2.0.23
>>> -rwxr-xr-x  1 root root 17956 Jan  9  2012 liblogin.so
>>> -rwxr-xr-x  1 root root 17956 Jan  9  2012 liblogin.so.2
>>> -rwxr-xr-x  1 root root 17956 Jan  9  2012 liblogin.so.2.0.23
>>> -rwxr-xr-x  1 root root 34436 Jan  9  2012 libntlm.so
>>> -rwxr-xr-x  1 root root 34436 Jan  9  2012 libntlm.so.2
>>> -rwxr-xr-x  1 root root 34436 Jan  9  2012 libntlm.so.2.0.23
>>> -rwxr-xr-x  1 root root 17956 Jan  9  2012 libplain.so
>>> -rwxr-xr-x  1 root root 17956 Jan  9  2012 libplain.so.2
>>> -rwxr-xr-x  1 root root 17956 Jan  9  2012 libplain.so.2.0.23
>>> -rwxr-xr-x  1 root root 21940 Jan  9  2012 libsasldb.so
>>> -rwxr-xr-x  1 root root 21940 Jan  9  2012 libsasldb.so.2
>>> -rwxr-xr-x  1 root root 21940 Jan  9  2012 libsasldb.so.2.0.23
>>> -rw-r--r--  1 root root   160 Oct 21 12:42 smtpd.conf
>>>
>>>
>>>
>>>
>>> -- content of /usr/lib/sasl2/smtpd.conf --
>>> ##sasl authentication methods###
>>> pwcheck_method: auxprop
>>> #saslauthd_path: /var/run/saslauthd/mux
>>> mech_list: plain login
>>> auxprop_plugin: sasldb2
>>> log_level: 7
>>
>> Remove '2' at the end of "auxprop_plugin:" and write this:
>>
>> pwcheck_method: auxprop
>> mech_list: plain login
>> auxprop_plugin: sasldb
>> log_level: 7
>>
>> Make sure you have no trailing garbage at the end of the lines!
>>
>>
>>> -- active services in /etc/postfix/master.cf --
>>> # service type  private unpriv  chroot  wakeup  maxproc command + args
>>> #               (yes)   (yes)   (yes)   (never) (100)
>>> smtp      inet  n       -       n       -       -       smtpd -v
>>
>> ...
>>
>>> -- mechanisms on localhost --
>>> 250-AUTH PLAIN LOGIN
>>> 250-AUTH=PLAIN LOGIN
>>>
>>> -- end of saslfinger output --
>>
>> So far, so good.
>>
>> What do you get if you run 'sasldblistusers2'?
>> Do the accounts have a domainpart you use when you create the authentication
>> string? If not, use an account as given from sasldblistusers2 output and test
>> with that.
>>
>> p@rick
>>
>>
>> --
>> [*] sys4 AG
>>
>> http://sys4.de, +49 (89) 30 90 46 64
>> Franziskanerstraße 15, 81669 München
>>
>> Sitz der Gesellschaft: München, Amtsgericht München: HRB 199263
>> Vorstand: Patrick Ben Koetter, Axel von der Ohe, Marc Schiffbauer
>> Aufsichtsratsvorsitzender: Joerg Heidrich
>>

Re: postfix SMTP AUTH

Reply via email to