Hello, I've been attempting to create a Virtual Mail Server using Postfix, MySQL, and Courier, however I've hit a slight brick wall when dealing with the S.M.T.P.\ authentication. As advised at [1], is is generally preferable to use the unified Courier-Authlib interface when interacting with the database, as opposed to having Courier-Authlib *and* cyrus-sasl attaining direct access.
I've been at this for a while, and I'm almost annoyed, and somewhat desperate. Although every other element of my mail server works spotlessly, including 'STARTTLS', S.M.T.P.\ authentication through cyrus-sasl and courier-authlib confuses me endlessly, especially due to the lack of information dumped to the logs, despite the maximum levels of logging enabled in the respective configuration files. courier-authlib seems to be working fine, as 'authtest' is capable of retrieving user accounts specified in the MySQL database, which leads me to believe that the problem lies with cyrus-sasl. I also know that Postfix is probably loading cyrus-sasl correctly, as an error in the /etc/sasl2/smtpd.conf file leads to an error when starting Postfix. Fixing the syntax error leads to no errors, but also invokes no mention of a successful load in the syslog. [2] is a list of the Postfix capabilities, as reported via telnet 'EHLO', [3] is the /etc/sasl2/smtpd.conf file, and [4] is the relevant parts of Postfix main.cf. I'm unsure if the erroneous behaviour seen here is a result of a personal fundamental misunderstanding of the virtual mail server stack, or just a silly typo or omission in one of configuration files. Thank you in advance for your assistance. -- [1] S.M.T.P. Authentication, Gentoo Wiki https://wiki.gentoo.org/wiki/Complete_Virtual_Mail_Server/SMTP_Authentication/en [2] Postfix capabilities; notice the upsetting lack of an AUTH response. Issuing an AUTH LOGIN command results in "503 5.5.1 Error: authentication not enabled" being returned. 250-PIPELINING 250-SIZE 20971520 250-ETRN 250-STARTTLS 250-ENHANCEDSTATUSCODES 250-8BITMIME 250-DSN 250-SMTPUTF8 250 CHUNKING [3] smtpd.conf; the courier-authlib socket should have the correct ownership, such that it is owned by root:mail. 'postfix' belongs to the 'mail' group. pwcheck_method: authdaemond mech_list: LOGIN PLAIN sql_select: dummy authdaemond_path: /var/lib/courier/authdaemon/socket log_level: 7 [4] S.A.S.L.-relevant sections of the Postfix main.cf file. (line break on recipient_restrictions added for this e-mail) smtpd_sasl_path = smtpd broken_sasl_auth_clients = yes smtpd_sasl_auth_enable = yes smtpd_sasl_security_options = noanonymous smtpd_sasl_local_domain = smtpd_sasl_authenticated_header = yes smtpd_recipient_restrictions = permit_sasl_authenticated, permit_mynetworks \ reject_unauth_destination -- Ashley Dixon suugaku.co.uk
