On Tue, Jan 15, 2013 at 05:35:48PM +0000, carlos jorge wrote: > > Make sure you have Berkeley DB support on Solaris, (not just > > the obsolete DBM) and "hash" or "btree" instead.
> Sorry can you help on that?what do i need to install? No, I have not use Solaris for a while now, sorry. You'll need Berkeley DB, and a Postfix compiled to use it. Just adding Berkeley DB alone won't change your Postfix software to enable the new database type. The maintainer of the Postfix softwar for Solaris should provide a suitable package and explain where you get the right Berkeley DB libraries. You need Berkeley DB for the various caches, which may not work as well or at all with DBM. > > > in smtp_sasl_passwd: > > > exchange_IP user:pwd > > > > Why not "[exchange_IP]" (with the enclosing []) for the lookup key. > > I can put with that..tried with [] but like it didn't work i > putted like i have in linux, but if you think it is better i can > put [] again. http://www.postfix.org/SASL_README.html#client_sasl Important Keep the SASL client password file in /etc/postfix, and make the file read+write only for root to protect the username/password combinations against other users. The Postfix SMTP client will still be able to read the SASL client passwords. It opens the file as user root before it drops privileges, and before entering an optional chroot jail. Use the postmap command whenever you change the /etc/postfix/sasl_passwd file. If you specify the "[" and "]" in the relayhost destination, then you must use the same form in the smtp_sasl_password_maps file. If you specify a non-default TCP Port (such as ":submission" or ":587") in the relayhost destination, then you must use the same form in the smtp_sasl_password_maps file. > > Also is TLS configured? > > No, like i don't have in linux i didn't put any TLS configuration > is it needed? It is recommended when using plaintext authentication mechanisms. Whether you would benefit by protecting your traffic from eavesdropping and MITM attacks is up to you. > > Solaris may not ship the "LOGIN" mechanism by default, real MTAs offer > > "PLAIN". But Microsoft MTAs sometimes prefer "LOGIN" and you need your > > Cyrus to provide the corresponding module. > > > > Look in /usr/lib/sasl2 or whereever your SASL modules are kept. > > Can you help? i have these: > bash-3.00# pwd /usr/lib/sasl2 > bash-3.00# ls libanonymous.so libcrammd5.so libdigestmd5.so libgssapiv2.so libotp.so libplain.so libsasldb.so libscram.so > should it be a "liblogin" Yes, if your server only supports "LOGIN" and not "PLAIN". > In logs its normal not to see any kind of errors regarding the > authentication? Not if the Postfix server in question was not compiled with SASL support. Does it support SASL? Otherwise, one might expect error messages about not finding any common mechanisms. If you don't see these, and the password_maps table is set up as claimed, most likely this Postfix has no support for SASL (and perhaps Berkeley DB). postconf -d | grep _sasl_ When Postfix has no SASL support, there are a lot fewer SASL related parameters reported. To list the supported database backends, try postconf -m -- Viktor.
