Dear List:
Note: This is more for reference in the event that someone is
searching for info on this stuff.
I haven't had to touch my Postfix setup in quite a while, since it
has been running lovely. However, last time I configured it, I had a
lot of issues... that I hoped would be resolved this time.
Unfortunately I had the same problems today as I tried to configure
Postfix/saslauthd. It may very well be ME that is the problem, but I
thought I would seek some other opinions.
System: Debian Sarge
postfix 2.1.5-9
sasl2-bin 2.1.19-1.5
libsasl2 2.1.19-1.5
libsasl2-modules 2.1.19-1.5
PROBLEM 1:
The first problem is is that Postfix can't connect to the saslauthd
socket. The reason appears to be because it is running in a chroot
environment (by default) and the socket is outside of the jail by
default.
These what the vars in the "/etc/init.d/saslauthd" script looks like:
NAME=saslauthd
DAEMON="/usr/sbin/${NAME}"
DESC="SASL Authentication Daemon"
DEFAULTS=/etc/default/saslauthd
PWDIR=/var/run/saslauthd
PIDFILE="/var/run/${NAME}/saslauthd.pid"
The saslauthd socket is created as "$PWDIR/mux". However, Postfix
looks for it as "/var/spool/postfix/var/run/saslauthd/mux".
Errors without /var/spool/postfix/var/run/saslauthd/mux (/var/log/
mail.log):
postfix/smtpd[7663]: warning: SASL authentication failure: cannot
connect to saslauthd server: No such file or directory
postfix/smtpd[7663]: warning: SASL authentication failure: Password
verification failed
postfix/smtpd[7663]: warning: SASL PLAIN authentication failed
To fix it I removed "/var/run/saslauthd", and then recreated it as a
soft link to "/var/spool/postfix/var/run/saslauthd" (make sure that
postfix or whatever the postfix user is, is a part of the sasl group).
This fixes the problem for me, but Is there anything I'm missing? I
really didn't find anything in the documentation for saslauthd that
led to this. Just want to make sure I didn't waste hours of my life
for no reason. ;)
PROBLEM 2:
When installing "saslauthd", the following directory is created: "/
etc/postfix/sasl". However, out of the box i can't seem to
authenticate with saslauthd unless I manually create the file
"smtpd.conf".
Errors without /etc/postfix/sasl/smtpd.conf:
/var/log/mail.log:
postfix/smtpd[7501]: warning: SASL authentication problem: unable to
open Berkeley db /etc/sasldb2: No such file or directory
postfix/smtpd[7501]: warning: SASL authentication problem: unable to
open Berkeley db /etc/sasldb2: No such file or directory
postfix/smtpd[7501]: warning: SASL authentication failure: Password
verification failed
postfix/smtpd[7501]: warning: SASL PLAIN authentication failed
/var/log/auth.log:
postfix/smtpd[7501]: OTP unavailable because can't read/write key
database /etc/opiekeys: No such file or directory
Logs obviously show that its not finding an AUTH mechanism. I
thought that "/etc/defaults/saslauthd" or something else held the
info for authentication mechanisms. however, unless I create
"smtpd.conf" with the following in it:
pwcheck_method: saslauthd
mech_list: plain login
is there any reason that this file isn't create when apt-get
installing postfix/saslauthd? I've found info on the net that
mentions this file in "/usr/lib/sasl/smtpd.conf" or "/usr/lib/sasl2/
smtpd.conf" but never in "/etc/postfix/sasl/smtpd.conf". Maybe its
just me.
Regardless, its working. Maybe this info can help someone else, or
maybe someone out there has a bit more knowledge to help me
understand why this seemed so difficult.
Thanks
p.s. - my postfix config -
-----------------------------------------------------------------------
mail:/# cat /etc/postfix/main.cf
smtpd_banner = $myhostname ESMTP $mail_name (Debian/GNU)
biff = no
myhostname = mail.mydomain.com
alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases
myorigin = /etc/mailname
mydestination =
localhost,
mail.mydomain.com,
mydomain.com
relayhost =
mynetworks = 127.0.0.0/8
home_mailbox = Maildir/
mailbox_size_limit = 0
recipient_delimiter = +
smtpd_recipient_restrictions =
permit_mynetworks,
permit_sasl_authenticated,
reject_unauth_destination,
permit
# SASL AUTH
smtpd_sasl_auth_enable = yes
broken_sasl_auth_clients = yes
smtpd_sasl_security_options = noanonymous
-----------------------------------------------------------------------
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
