Hi, list... I'm the author of the Postfix/MySQL/SASL/Courier/virtual tutorial at workaround.org. As a preparation for the next Debian release (sarge) I'm preparing/testing the setup for the current versions of the appropriate packages in testing. So far everything works with one frustrating exception: SMTP AUTH.
To be a little more verbose: my virtual users (stored in a MySQL backend) can fetch their emails via POP3 (package "courier-pop" version) using the courier-authdaemon. This part works perfectly. However sending mail via the very same server as a mail relay fails. The users are supposed to use SMTP authentication using the same passwords stored in the MySQL database. Postfix should use SASL, SASL should use PAM and PAM should access the MySQL database. However somehow the SASL part is b0rked. These postfix-related packages are installed: - libsasl-digestmd5-plain (1.5.27-3.5) - libsasl-modules-plain (1.5.27-3.5) - libsasl7 (1.5.27-3.5) - libsasl2 (2.1.15-6) - libpam-mysql (0.5.0-3) - postfix (1.1.11.0-3) - postfix-mysql (1.1.11.0-3) - postfix-tls (1.1.11.0-3) As soon as I set "smtpd_sasl_auth_enable=yes" in the /etc/postfix/main.cf, do a "postfix reload" and a "telnet localhost 25" these lines are showing up in the /var/log/mail.warn: === postfix/smtpd[28248]: fatal: no SASL authentication mechanisms postfix/master[25454]: warning: process /usr/lib/postfix/smtpd pid 28248 exit status 1 postfix/master[25454]: warning: /usr/lib/postfix/smtpd: bad command startup -- throttling === Unfortunately this message is /very/ fatal as all SMTP connections are killed before any communication can happen. My /etc/postfix/sasl/smtpd.conf and /var/spool/postfix/etc/postfix/sasl/smtpd.conf read: === pwcheck_method: pam === These files are in /usr/lib/sasl/: libanonymous.so libdigestmd5.so.0 liblogin.so.0.0.6 libanonymous.so.1 libdigestmd5.so.0.0.19 libplain.so libanonymous.so.1.0.16 libgssapiv2.so libplain.so.1 libcrammd5.so libgssapiv2.so.1 libplain.so.1.0.15 libcrammd5.so.1 libgssapiv2.so.1.0.18 smtpd.conf libcrammd5.so.1.0.17 liblogin.so libdigestmd5.so liblogin.so.0 The /etc/pam.d/smtp file reads: === auth required pam_mysql.so user=dbuser passwd=secret host=gondor \ db=database table=users usercolumn=email passwdcolumn=password crypt=1 account sufficient pam_mysql.so user=dbuser passwd=secret host=gondor \ db=database table=users usercolumn=email passwdcolumn=password crypt=1 === These lines in the /etc/postfix/main.cf were meant to enable SASL: === smtpd_sasl_auth_enable = yes smtpd_sasl_local_domain = $myhostname smtpd_recipient_restrictions = permit_mynetworks permit_sasl_authenticated check_relay_domains smtpd_sasl_security_options = noanonymous broken_sasl_auth_clients = yes === As a test I disabled the chroot jail by setting the "n" option for the "smtp" in the /etc/postfix/master.cf. Unfortunately it did not seem to be simply a permissions problem. Has anyone heard of bugs regarding this setup? Or does anyone run a similar setup? Or does anyone have a deeper understanding of what libraries (sasl, sasl2, ...) are used when? Or does anyone have at least an idea how to better debug what Postfix does not like? (PAM and SASL always seem to hide their secrets from me.) Again: all this worked in Woody. Something must have changed. But after three days of IRCing and googling I'm desperate enough to bother this list. :) (This does not smell like a general Postfix problem. That's why I ask here and not on the postfix list.) I'd appreciate any hints and support. Thanks in advance. Regards Christoph -- ~ ~ ".signature" [Modified] 3 lines --100%-- 3,41 All -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
