|
Hi to all:
I’ve got a trouble configuring a postfix mail server using SASL
authentication. I followed the HOW-TO’s
founded at tldp.org and in other sites and everything goes fine until I try to
add the SASL authentication. I don’t want to use
TLS nor SSL encryption in the SMTP server, just SASL v2 authentication but I
can get it to work: SASL must authenticate using the “saslauthd”
daemon and search for users in a LDAP server My Linux distribution is
Debian 3.1 (Sarge) and I installed every package with “apt-get”,
nothing has been compiled, so my configuration folders are the default for a
Debian Linux. This is the output of the
“postconf –n” command: alias_database = hash:/etc/aliases alias_maps = hash:/etc/aliases append_dot_mydomain = no biff = no broken_sasl_auth_clients =
yes config_directory =
/etc/postfix content_filter =
smtp-amavis:[localhost]:10024 inet_interfaces =
loopback-only local_recipient_maps =
unix:passwd.byname $alias_maps local_transport = local mailbox_command = procmail
-a "$EXTENSION" mailbox_size_limit = 0 mydestination =
$myhostname,$mydomain,$localhost.$mydomain,/etc/postfix/mydestination mydomain = interlogical.com myhostname =
desarrollo.interlogical.com mynetworks = 127.0.0.0/8 myorigin = $mydomain recipient_delimiter = + relayhost = smtpd_banner = $myhostname
ESMTP $mail_name (Debian/GNU) smtpd_recipient_restrictions
= permit_sasl_authenticated,permit_mynetworks,reject_unauth_destination smtpd_sasl_application_name
= smtpd smtpd_sasl_auth_enable = yes smtpd_sasl_local_domain =
$mydomain smtpd_sasl_security_options =
noanonymous virtual_gid_maps = static:108 virtual_uid_maps = static:105 I’ve included as an attachment the
“saslfinger –s”
output when I start it outside the postfix chroot and other when I start it
inside the postfix chroot. I now my problem
is related with that postfix in Debian runs inside a chroot and it can’t
connect with the saslauthd daemon, but if I start saslauthd inside the postfix
chroot with this defaults: # This needs to be
uncommented before saslauthd will be run automatically START=yes # You must specify
the authentication mechanisms you wish to use. # This defaults to
"pam" for PAM support, but may also include #
"shadow" or "sasldb", like this: #
MECHANISMS="pam shadow" MECHANISMS="ldap" CHROOTDIR="/var/spool/postfix" PWDIR="${CHROOTDIR}/var/run/saslauthd" PIDFILE="${PWDIR}/saslauthd.pid" PARAMS="-m ${PWDIR} -O
${CHROOTDIR}/etc/saslauthd.conf" I get the “Connection
refused” result when I use the testsaslauthd utility. I would like to
known how to do to start that daemon properly inside the postfix chroot, I hope
any of you can help with that. Regards, Alonso |
saslfinger - postfix Cyrus sasl configuration mar jul 19 09:55:34 CEST 2005 version: 0.9.9.1 mode: server-side SMTP AUTH
-- basics --
Postfix: 2.1.5
System: Debian GNU/Linux 3.1 \n \l
-- smtpd is linked to --
libsasl2.so.2 => /usr/lib/libsasl2.so.2 (0x4019f000)
-- active SMTP AUTH and TLS parameters for smtpd --
broken_sasl_auth_clients = yes
smtpd_sasl_auth_enable = yes
smtpd_sasl_security_options = noanonymous
-- listing of /usr/lib/sasl2 --
total 844
drwxr-xr-x 2 root root 4096 2005-07-18 19:15 .
drwxr-xr-x 40 root root 8192 2005-07-18 09:39 ..
-rw-r--r-- 1 root root 13488 2004-10-16 23:02 libanonymous.a
-rw-r--r-- 1 root root 851 2004-10-16 23:02 libanonymous.la
-rw-r--r-- 1 root root 13824 2004-10-16 23:02 libanonymous.so
-rw-r--r-- 1 root root 13824 2004-10-16 23:02 libanonymous.so.2
-rw-r--r-- 1 root root 13824 2004-10-16 23:02 libanonymous.so.2.0.19
-rw-r--r-- 1 root root 16298 2004-10-16 23:02 libcrammd5.a
-rw-r--r-- 1 root root 837 2004-10-16 23:02 libcrammd5.la
-rw-r--r-- 1 root root 16180 2004-10-16 23:02 libcrammd5.so
-rw-r--r-- 1 root root 16180 2004-10-16 23:02 libcrammd5.so.2
-rw-r--r-- 1 root root 16180 2004-10-16 23:02 libcrammd5.so.2.0.19
-rw-r--r-- 1 root root 47516 2004-10-16 23:02 libdigestmd5.a
-rw-r--r-- 1 root root 860 2004-10-16 23:02 libdigestmd5.la
-rw-r--r-- 1 root root 43944 2004-10-16 23:02 libdigestmd5.so
-rw-r--r-- 1 root root 43944 2004-10-16 23:02 libdigestmd5.so.2
-rw-r--r-- 1 root root 43944 2004-10-16 23:02 libdigestmd5.so.2.0.19
-rw-r--r-- 1 root root 13726 2004-10-16 23:02 liblogin.a
-rw-r--r-- 1 root root 831 2004-10-16 23:02 liblogin.la
-rw-r--r-- 1 root root 14028 2004-10-16 23:02 liblogin.so
-rw-r--r-- 1 root root 14028 2004-10-16 23:02 liblogin.so.2
-rw-r--r-- 1 root root 14028 2004-10-16 23:02 liblogin.so.2.0.19
-rw-r--r-- 1 root root 31248 2004-10-16 23:02 libntlm.a
-rw-r--r-- 1 root root 825 2004-10-16 23:02 libntlm.la
-rw-r--r-- 1 root root 30660 2004-10-16 23:02 libntlm.so
-rw-r--r-- 1 root root 30660 2004-10-16 23:02 libntlm.so.2
-rw-r--r-- 1 root root 30660 2004-10-16 23:02 libntlm.so.2.0.19
-rw-r--r-- 1 root root 20142 2004-10-16 23:02 libotp.a
-rw-r--r-- 1 root root 825 2004-10-16 23:02 libotp.la
-rw-r--r-- 1 root root 43184 2004-10-16 23:02 libotp.so
-rw-r--r-- 1 root root 43184 2004-10-16 23:02 libotp.so.2
-rw-r--r-- 1 root root 43184 2004-10-16 23:02 libotp.so.2.0.19
-rw-r--r-- 1 root root 13886 2004-10-16 23:02 libplain.a
-rw-r--r-- 1 root root 831 2004-10-16 23:02 libplain.la
-rw-r--r-- 1 root root 14096 2004-10-16 23:02 libplain.so
-rw-r--r-- 1 root root 14096 2004-10-16 23:02 libplain.so.2
-rw-r--r-- 1 root root 14096 2004-10-16 23:02 libplain.so.2.0.19
-rw-r--r-- 1 root root 21798 2004-10-16 23:02 libsasldb.a
-rw-r--r-- 1 root root 852 2004-10-16 23:02 libsasldb.la
-rw-r--r-- 1 root root 18692 2004-10-16 23:02 libsasldb.so
-rw-r--r-- 1 root root 18692 2004-10-16 23:02 libsasldb.so.2
-rw-r--r-- 1 root root 18692 2004-10-16 23:02 libsasldb.so.2.0.19
-- content of /etc/postfix/sasl/smtpd.conf --
pwcheck_method: saslauthd
mech_list: PLAIN LOGIN
-- active services in /etc/postfix/master.cf --
# service type private unpriv chroot wakeup maxproc command + args
# (yes) (yes) (yes) (never) (100)
smtp inet n - n - - smtpd
pickup fifo n - - 60 1 pickup
cleanup unix n - - - 0 cleanup
qmgr fifo n - - 300 1 qmgr
rewrite unix - - - - - trivial-rewrite
bounce unix - - - - 0 bounce
defer unix - - - - 0 bounce
trace unix - - - - 0 bounce
verify unix - - - - 1 verify
flush unix n - - 1000? 0 flush
proxymap unix - - n - - proxymap
smtp unix - - - - - smtp
relay unix - - - - - smtp
showq unix n - - - - showq
error unix - - - - - error
local unix - n n - - local
virtual unix - n n - - virtual
lmtp unix - - n - - lmtp
anvil unix - - n - 1 anvil
maildrop unix - n n - - pipe
flags=DRhu user=vmail argv=/usr/local/bin/maildrop -d ${recipient}
uucp unix - n n - - pipe
flags=Fqhu user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail ($recipient)
ifmail unix - n n - - pipe
flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient)
bsmtp unix - n n - - pipe
flags=Fq. user=bsmtp argv=/usr/lib/bsmtp/bsmtp -d -t$nexthop -f$sender
$recipient
scalemail-backend unix - n n - 2 pipe
flags=R user=scalemail argv=/usr/lib/scalemail/bin/scalemail-store ${nexthop}
${user} ${extension}
smtp-amavis unix - - y - 2 smtp
-o smtp_data_done_timeout=1200 -o disable_dns_lookups=yes
127.0.0.1:10025 inet n - y - - smtpd
-o content_filter= -o local_recipient_maps= -o relay_recipient_maps= -o
smtpd_restriction_classes= -o smtpd_client_restrictions=
-o smtpd_helo_restrictions= -o smtpd_sender_restrictions= -o
smtpd_recipient_restrictions=permit_mynetworks,reject -o mynetworks=127.0.0.0/8
-o strict_rfc821_envelopes=yes
-- mechanisms on localhost --
250-AUTH LOGIN PLAIN
250-AUTH=LOGIN PLAIN
-- end of saslfinger output --
saslfinger - postfix Cyrus sasl configuration mar jul 19 10:15:13 CEST 2005
version: 0.9.9.1
mode: server-side SMTP AUTH
-- basics --
Postfix: 2.1.5
System: Debian GNU/Linux 3.1 \n \l
-- smtpd is linked to --
libsasl2.so.2 => /usr/lib/libsasl2.so.2 (0x4019f000)
-- active SMTP AUTH and TLS parameters for smtpd --
broken_sasl_auth_clients = yes
smtpd_sasl_auth_enable = yes
smtpd_sasl_security_options = noanonymous
-- listing of /usr/lib/sasl2 --
total 844
drwxr-xr-x 2 root root 4096 2005-07-18 19:15 .
drwxr-xr-x 40 root root 8192 2005-07-18 09:39 ..
-rw-r--r-- 1 root root 13488 2004-10-16 23:02 libanonymous.a
-rw-r--r-- 1 root root 851 2004-10-16 23:02 libanonymous.la
-rw-r--r-- 1 root root 13824 2004-10-16 23:02 libanonymous.so
-rw-r--r-- 1 root root 13824 2004-10-16 23:02 libanonymous.so.2
-rw-r--r-- 1 root root 13824 2004-10-16 23:02 libanonymous.so.2.0.19
-rw-r--r-- 1 root root 16298 2004-10-16 23:02 libcrammd5.a
-rw-r--r-- 1 root root 837 2004-10-16 23:02 libcrammd5.la
-rw-r--r-- 1 root root 16180 2004-10-16 23:02 libcrammd5.so
-rw-r--r-- 1 root root 16180 2004-10-16 23:02 libcrammd5.so.2
-rw-r--r-- 1 root root 16180 2004-10-16 23:02 libcrammd5.so.2.0.19
-rw-r--r-- 1 root root 47516 2004-10-16 23:02 libdigestmd5.a
-rw-r--r-- 1 root root 860 2004-10-16 23:02 libdigestmd5.la
-rw-r--r-- 1 root root 43944 2004-10-16 23:02 libdigestmd5.so
-rw-r--r-- 1 root root 43944 2004-10-16 23:02 libdigestmd5.so.2
-rw-r--r-- 1 root root 43944 2004-10-16 23:02 libdigestmd5.so.2.0.19
-rw-r--r-- 1 root root 13726 2004-10-16 23:02 liblogin.a
-rw-r--r-- 1 root root 831 2004-10-16 23:02 liblogin.la
-rw-r--r-- 1 root root 14028 2004-10-16 23:02 liblogin.so
-rw-r--r-- 1 root root 14028 2004-10-16 23:02 liblogin.so.2
-rw-r--r-- 1 root root 14028 2004-10-16 23:02 liblogin.so.2.0.19
-rw-r--r-- 1 root root 31248 2004-10-16 23:02 libntlm.a
-rw-r--r-- 1 root root 825 2004-10-16 23:02 libntlm.la
-rw-r--r-- 1 root root 30660 2004-10-16 23:02 libntlm.so
-rw-r--r-- 1 root root 30660 2004-10-16 23:02 libntlm.so.2
-rw-r--r-- 1 root root 30660 2004-10-16 23:02 libntlm.so.2.0.19
-rw-r--r-- 1 root root 20142 2004-10-16 23:02 libotp.a
-rw-r--r-- 1 root root 825 2004-10-16 23:02 libotp.la
-rw-r--r-- 1 root root 43184 2004-10-16 23:02 libotp.so
-rw-r--r-- 1 root root 43184 2004-10-16 23:02 libotp.so.2
-rw-r--r-- 1 root root 43184 2004-10-16 23:02 libotp.so.2.0.19
-rw-r--r-- 1 root root 13886 2004-10-16 23:02 libplain.a
-rw-r--r-- 1 root root 831 2004-10-16 23:02 libplain.la
-rw-r--r-- 1 root root 14096 2004-10-16 23:02 libplain.so
-rw-r--r-- 1 root root 14096 2004-10-16 23:02 libplain.so.2
-rw-r--r-- 1 root root 14096 2004-10-16 23:02 libplain.so.2.0.19
-rw-r--r-- 1 root root 21798 2004-10-16 23:02 libsasldb.a
-rw-r--r-- 1 root root 852 2004-10-16 23:02 libsasldb.la
-rw-r--r-- 1 root root 18692 2004-10-16 23:02 libsasldb.so
-rw-r--r-- 1 root root 18692 2004-10-16 23:02 libsasldb.so.2
-rw-r--r-- 1 root root 18692 2004-10-16 23:02 libsasldb.so.2.0.19
-- content of /etc/postfix/sasl/smtpd.conf --
pwcheck_method: saslauthd
mech_list: PLAIN LOGIN
-- active services in /etc/postfix/master.cf --
# service type private unpriv chroot wakeup maxproc command + args
# (yes) (yes) (yes) (never) (100)
smtp inet n - - - - smtpd
pickup fifo n - - 60 1 pickup
cleanup unix n - - - 0 cleanup
qmgr fifo n - - 300 1 qmgr
rewrite unix - - - - - trivial-rewrite
bounce unix - - - - 0 bounce
defer unix - - - - 0 bounce
trace unix - - - - 0 bounce
verify unix - - - - 1 verify
flush unix n - - 1000? 0 flush
proxymap unix - - n - - proxymap
smtp unix - - - - - smtp
relay unix - - - - - smtp
showq unix n - - - - showq
error unix - - - - - error
local unix - n n - - local
virtual unix - n n - - virtual
lmtp unix - - n - - lmtp
anvil unix - - n - 1 anvil
maildrop unix - n n - - pipe
flags=DRhu user=vmail argv=/usr/local/bin/maildrop -d ${recipient}
uucp unix - n n - - pipe
flags=Fqhu user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail ($recipient)
ifmail unix - n n - - pipe
flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient)
bsmtp unix - n n - - pipe
flags=Fq. user=bsmtp argv=/usr/lib/bsmtp/bsmtp -d -t$nexthop -f$sender
$recipient
scalemail-backend unix - n n - 2 pipe
flags=R user=scalemail argv=/usr/lib/scalemail/bin/scalemail-store ${nexthop}
${user} ${extension}
smtp-amavis unix - - y - 2 smtp
-o smtp_data_done_timeout=1200 -o disable_dns_lookups=yes
127.0.0.1:10025 inet n - y - - smtpd
-o content_filter= -o local_recipient_maps= -o relay_recipient_maps= -o
smtpd_restriction_classes= -o smtpd_client_restrictions=
-o smtpd_helo_restrictions= -o smtpd_sender_restrictions= -o
smtpd_recipient_restrictions=permit_mynetworks,reject -o mynetworks=127.0.0.0/8
-o strict_rfc821_envelopes=yes
-- mechanisms on localhost --
250-AUTH LOGIN PLAIN
250-AUTH=LOGIN PLAIN
-- end of saslfinger output --
