[pfx] Re: Still no luck with Cyrus SASL

Tue, 02 Jul 2024 16:03:16 -0700 

On Tue, 2024-07-02 at 17:15 -0400, John R. Levine via Postfix-users
wrote:
> In main.cf it has the debian default config, and I added this:
> 
> smtp_sasl_type = cyrus
> smtpd_sasl_path = smtpd

Those are the defaults in Debian. Do you find 'cyrus' when you run
'postconf -A'?

> cyrus_sasl_config_path = /usr/lib/sasl2

The Debian default is empty (which is what I use), but I do find files
from sasl2-bin located there.

> smtpd_sasl_auth_enable = yes
> smtpd_tls_auth_only = yes

I have both of those set to "no" on my Debian system.

> smtpd_sasl_mechanism_filter = login, plain

I use the Debian default of:
      smtpd_sasl_mechanism_filter = !external, static:rest

> Per the instructions in the postfix SASL page and the Cyrus SASL doc
> page I put this both in /etc/sasl2/smtpd.conf and in
> /usr/lib/sasl2/smtpd.conf since it's not clear which postfix prefers:
> 
>      pwcheck_method: saslauthd
>      mech_list: PLAIN LOGIN

On my Debian systems that file is located at
/etc/postfix/sasl/smtpd.conf and contains:

        pwcheck_method: saslauthd
        auxprop_plugin: sasldb
        mech_list: digest cram-md5


> The default location for the saslauthd socket is /var/run/saslauthd
> but postfix is chrooted so I've tried having the daemon listen there
> or at /var/spool/postfix/var/run/saslauthd.  The daemon works fine
> either way, per the test above, but postfix doesn't talk to it.

Debian uses /etc/default/saslauthd for saslauthd startup options, 
Here are the options I use in that file:
        START=yes
        DESC="SASL Authentication Daemon"
        NAME="saslauthd"
        MECHANISMS="sasldb"
        MECH_OPTIONS=""
        THREADS=5
        OPTIONS="-c -m /var/spool/postfix/saslauthd"


File ownership/perms:

        ~$ ls -dl /var/spool/postfix/saslauthd
        drwx--x--- 2 root sasl 4096 Jun 29 13:46 /var/spool/postfix/saslauthd

Postfix is a member of sasl group:

        ~$ grep sasl /etc/group
        sasl:x:45:postfix

On Debian based systems you will need to edit
        /usr/lib/postfix/configure-instance.sh
  and append 'etc/sasldb' to the list of FILES
  that postfix copies to the chroot when it starts:

        ~$ ls -al /var/spool/postfix/etc/sasldb2 
        -rw-r--r-- 1 root root 12288 Jun 22 23:36 /var/spool/postfix/etc/sasldb2

After all that is in place, I use the following
  to add/list/delete accounts: 
        saslpasswd2 -c me@desktop
        saslpasswd2 -c me@oldPC
        sasldblistusers2

hth,

-Jim P.

_______________________________________________
Postfix-users mailing list -- [email protected]
To unsubscribe send an email to [email protected]

Reply via email to