Re: Get Postfix w/ Cyrus SASL to work

Fri, 12 Jun 2015 17:28:16 -0700 

On 6/12/2015 6:19 PM, Forrest wrote:
> I just realized my config doesn't appear to be using SASL, though I
> compiled it with the correct libs and flags (from makedefs.out):
> 
> SYSLIBS = -lssl -lcrypto -L/usr/lib/sasl -lsasl2 -lpcre -ldb -lnsl
> -lresolv -ldl
> CC      = gcc -I. -I../../include -DUSE_SASL_AUTH -DUSE_CYRUS_SASL
> -DUSE_TLS -I/usr/include/sasl -DNO_EAI -DHAS_PCRE -UUSE_DYNAMIC_LIBS
> -DDEF_SHLIB_DIR=\"no\" -UUSE_DYNAMIC_MAPS $(
> WARN)
> OPT     = -O
> DEBUG   = -g
> AWK     = awk
> STRCASE =
> EXPORT  = CCARGS='-I. -I../../include -DUSE_SASL_AUTH
> -DUSE_CYRUS_SASL -DUSE_TLS -I/usr/include/sasl -DNO_EAI -DHAS_PCRE
> -UUSE_DYNAMIC_LIBS -DDEF_SHLIB_DIR=\"no\" -UUSE_DYNAMIC_MAP
> S' OPT='-O' DEBUG='-g'
> 
> EHLO shows this:
> 
> 250-PIPELINING
> 250-SIZE [ omitted ]
> 250-ETRN
> 250-STARTTLS
> 250-ENHANCEDSTATUSCODES
> 250 8BITMIME
> 
> My main.cf:

Please always use "postconf -n" output rather than random main.cf
snippings.


> 
> smtpd_use_tls = yes
> smtpd_tls_security_level = may
> smtpd_tls_ask_ccert = yes
> smtpd_tls_security_level = may
> smtp_tls_session_cache_database =
> btree:/var/lib/postfix/smtp_tls_session_cache
> smtpd_tls_CAfile = /etc/postfix/certs/cacert.pem
> smtpd_tls_cert_file = /etc/postfix/certs/my.domain.com.pem
> smtpd_tls_key_file = /etc/postfix/certs/my.domain.com.key
> smtp_tls_loglevel = 1
> smtpd_tls_received_header = yes
> tls_random_source = dev:/dev/urandom
> smtpd_tls_auth_only = yes


The above setting, as documented, requires an encrypted connection
before AUTH is offered.

Other than that, none of the settings you show have anything to do
with SASL.  "postconf -n" and main.cf contents would be helpful.

> smtpd_client_new_tls_session_rate_limit = 4
> 
> Prior to this, I was getting errors in the logs, indicating that
> SASL was configured, but not compiled in.  I'm no longer getting
> those errors.

Either you now have it compiled in, or you don't have it configured
anymore.  Hard to tell from here.

Test procedure here:
http://www.postfix.org/SASL_README.html#server_test

For more help, see:
http://www.postfix.org/DEBUG_README.html#mail




  -- Noel Jones

Reply via email to