sasl with postfix on aix

Ole Heiberg Michaelsen Tue, 26 Aug 2014 11:34:47 -0700

Hi

I need some help getting cyrus-sasl-2.1.26 working on postfix-2.10.3 on AIX
6.1.


I want to use it only for upstream authentication, that is I am not running it
as a daemon on the machine, I only want postfix to use authentication when it
contacts it upstream mailrelay.

It appears that it does not even try to authenticate.

SASL is compiled into postfix, or at least that's what 'nm 
/usr/libexec/postfix/smtp' shows, fx

# nm /usr/libexec/postfix/smtp|grep ^smtp_sasl
smtp_sasl_activate:F-1 -        2548
smtp_sasl_auth_cache d   536891376           4
smtp_sasl_auth_cache.c -     2763092
smtp_sasl_auth_cache.c -     2763104
smtp_sasl_auth_cache.c -     2763134
smtp_sasl_auth_cache.c -     2763206
smtp_sasl_auth_cache.c -     2763254
smtp_sasl_auth_cache.c -     2763254
smtp_sasl_auth_cache.c -     2763290
smtp_sasl_auth_cache.c -     2763302
smtp_sasl_auth_cache.c -     2763320
smtp_sasl_auth_cache.c -     2763350
smtp_sasl_auth_cache.c f           -
smtp_sasl_auth_cache:S1748=*1742 -           0
smtp_sasl_auth_cache_find:F-1 -         540
smtp_sasl_auth_cache_init:F1713=*1710 -         180
smtp_sasl_auth_cache_make_pass:f74 -           0
smtp_sasl_auth_cache_store:F-11 -        1216
smtp_sasl_authenticate:F-1 -        1252
smtp_sasl_cleanup:F-11 -        2212
smtp_sasl_connect:F-11 -         932
smtp_sasl_glue.c     f           -
smtp_sasl_helo_auth:F-11 -           0
smtp_sasl_helo_login:F-1 -         724
smtp_sasl_impl       d   536890756           4
smtp_sasl_impl:S1747=*649 -           4
smtp_sasl_initialize:F-11 -         600
smtp_sasl_mechs      B   536924364           4
smtp_sasl_mechs      d   536891348           4
smtp_sasl_mechs:G1749=*557 -        3616
smtp_sasl_passivate:F-11 -        2492
smtp_sasl_passwd_lookup:F-1 -           0
smtp_sasl_passwd_map d   536890644           4
smtp_sasl_passwd_map:S734 -           8
smtp_sasl_proto.c    -     2761304
smtp_sasl_proto.c    -     2761406
smtp_sasl_proto.c    f           -
smtp_sasl_start:F-11 -        1008
# 

ldd shows:

# ldd /usr/libexec/postfix/smtp 
/usr/libexec/postfix/smtp needs:
         /usr/lib/libc.a(shr.o)
         /usr/lib/libdb.a(libdb.so)
         /usr/lib/libcrypto.a(libcrypto.so.1.0.0)
         /usr/lib/libssl.a(libssl.so.1.0.0)
         /unix
         /usr/lib/libcrypt.a(shr.o)
         /usr/lib/libpthread.a(shr_xpg5.o)
         /usr/lib/libpthreads.a(shr_xpg5.o)
         /usr/lib/libpthreads.a(shr_comm.o)
# 

# postconf -A
cyrus
# postconf -a
cyrus
dovecot
# 

# postconf -n|grep sasl
smtp_sasl_auth_enable = yes
smtp_sasl_password_maps = btree:/etc/postfix/sasl/sasl_pw
smtp_sasl_security_options = noanonymous, noplaintext
smtp_sasl_tls_security_options = noanonymous
smtpd_sasl_auth_enable = no
# 

# cat sasl_pw
[upstreamrelay]:25 user01:xxxxxxxxxxx

/etc/postfix/sasl
# ls -al
total 40
drwx------    2 root     system          256 Aug 20 13:38 .
drwxr-xr-x    4 root     system         4096 Aug 21 14:54 ..
-rw-------    1 root     system          120 Aug 20 14:03 sasl_pw
-rw-------    1 root     system         8192 Aug 21 14:56 sasl_pw.db



Aug 26 13:46:49 xxxxxxxxxxxx mail:info postfix/smtpd[20250712]: connect from 
loopback[127.0.0.1]
Aug 26 13:47:10 xxxxxxxxxxxx mail:info postfix/smtpd[20250712]: 76B8B1002F: 
client=loopback[127.0.0.1]
Aug 26 13:47:12 xxxxxxxxxxxx mail:info postfix/cleanup[10682504]: 76B8B1002F: 
message-id=<20140826114710.76B8B1002F@xxxxxxxxxxx.localdomain>
Aug 26 13:47:12 xxxxxxxxxxxx mail:info postfix/qmgr[23396402]: 76B8B1002F: 
from=<username@xxxxxxx>, size=325, nrcpt=1 (queue active)
Aug 26 13:47:12 xxxxxxxxxxxx mail:info postfix/smtp[10813452]: Verified TLS 
connection established to upstreamrelay[xx.xx.xx.xx]:25: TLSv1 with cipher 
DHE-RSA-AES256-SHA (256/256 bits)
Aug 26 13:47:13 xxxxxxxxxxxx mail:info postfix/smtpd[20250712]: disconnect from 
loopback[127.0.0.1]
Aug 26 13:47:24 xxxxxxxxxxxx mail:info postfix/smtp[10813452]: 76B8B1002F: 
to=<m...@xxxx.xxx>, relay=upstreamrelay[xx.xx.xx.xx]:25, delay=19, 
delays=6.8/0.02/0.34/12, dsn=5.7 .1, status=bounced (host 
xxxxxxxxxxxxxxxx[xxx.xxx.xxx.xx] said: 554 5.7.1 <m...@xxxx.xxxx>: Relay access 
denied (in reply to RCPT TO command))
Aug 26 13:47:24 xxxxxxxxxxxxx mail:info postfix/cleanup[10682504]: D8CEA10036: 
message-id=<20140826114724.D8CEA10036@xxxxxxxxxxx.localdomain>
Aug 26 13:47:24 xxxxxxxxxxxxx mail:info postfix/bounce[25362678]: 76B8B1002F: 
sender non-delivery notification: D8CEA10036
Aug 26 13:47:24 xxxxxxxxxxxxx mail:info postfix/qmgr[23396402]: D8CEA10036: 
from=<>, size=2362, nrcpt=1 (queue active)
Aug 26 13:47:24 xxxxxxxxxx mail:info postfix/qmgr[23396402]: 76B8B1002F: removed

It does not say the password in sasl_pw is wrong, it just says I am not
allowed to relay. 

In the logfile on the upstream relay it says "client dropped", again like 
I am not even attempting to authenticate.

Can I get postfix to show more about what it actually happening?

Thanks in advance,

Ole M
Denmark

sasl with postfix on aix

Reply via email to