Re: Postfix, TLS and SASL difficulties on OpenBSD
This is a discussion on Re: Postfix, TLS and SASL difficulties on OpenBSD within the mailing.postfix.users forums, part of the Mail Servers and Related category; * Ed Vazquez <ed.vazquez@dhha.org> [040510 22:51]: > > --On Monday, May 10, 2004 22:18 +...
|
|||||||
| FAQ | Members List | Calendar | Search | Today's Posts | Mark Forums Read |
05-10-2004
|
|||
|
|||
Re: Postfix, TLS and SASL difficulties on OpenBSD
* Ed Vazquez <ed.vazquez@dhha.org> [040510 22:51]:
> > --On Monday, May 10, 2004 22:18 +0200 Patrick Ben Koetter > <p@state-of-mind.de> wrote: > > [snip] > > > > OK, but make it: > > > > mech_list: PLAIN LOGIN > > OK, done > > > > [snip] > > > > Courier IMAP? > > That's a different issue, not (directly) related to Postfix > > or SASL. > > > > Understood, but I'm suspecting that the issues are related > somehow so I figured I'd better mention that it's installed now > as to later... > > [snip] > > > >> saslauthd_path = /var/sasl2/mux0 > > > > The "saslauthd_path" parameter is supposed to go to smtpd.conf > > > > OK, done. > > >> Too much data? Not enough data? I missed something > >> blindingly obvious? > > > > Not really, but you do what everybody tries when they test > > SMTP AUTH. They use Postfix to prove Cyrus-SASL.2.x to work. > > This complicates things a lot. > > > > 1. state dir (socket) > > What does saslauthd claim as state_dir when you start > > saslauthd this way: > > > > /usr/local/sbin/saslauthd -a getpwent -d > > > > # /usr/local/sbin/saslauthd -a getpwent -d > saslauthd[16215] :main : num_procs : 5 > saslauthd[16215] :main : mech_option: NULL > saslauthd[16215] :main : run_path : /var/sasl2 OK. saslauthd _really_ put's the socket to /var/sasl2. > > The state_dir is where saslauthd would want to create the > > socket. If it is /var/sasl2 then that's OK as long as Postfix > > can access that dir. > > > > For testing purposes you should verify that Postfix smtpd is > > _not_ running chrooted; this is a typical gotcha. > > > > If you want to run Postfix chrooted, then you will have to > > change a few things later, but let's get the basics up first > > ;) > > OK, I was originally echoing the old working config from the > OBSD v3.2 box, but I've made the changes as you suggested. > > I have re-configured master.cf to take Postfix out of chroot > mode for testing. > > > > > 1. Testing > > Test SASL without Postfix! Use "testsaslauthd", which you > > should have since you built Cyrus-SASL.2.x yourself e.g.: > > > > testsaslauthd -u username -p password > > > > will test sasl without any other application e.g. Postfix > > interfering. If you open it on another terminal you can watch > > what saslauthd reports when you run it in debug mode (see > > above) > > # ./testsaslauthd -u tester -p tester > 0: OK "Success." OK. So sasl in itself claims to work. > > > > Additionally: Did you configure syslogd to catch log messages > > from Cyrus-SASL.2.x? Cyrus-SASL.2.x logs to auth.*. > > Configure that and tail the auth log when you run > > testsaslauthd. > > > > Yes, here is what posted when I ran the test: > > May 10 14:44:07 alecto saslauthd[16215]: detach_tty : > master pid is: 0 > May 10 14:44:07 alecto saslauthd[16215]: ipc_init : > listening on socket: /var/sasl2/mux OK. So what happens, when you enable SMTP AUTH now in Postfix, but leave smtpd out of the jail? Will "AUTH foo bar" turn up in the SMTP dialogue? Can you AUTH in the SMTP dialogue using telnet? see: <http://postfix.state-of-mind.de/patrick.koetter/smtpauth/smtp_auth_mailclients.html>, section 12.4 Any errors in the mail log after reloading Postfix? -- Patrick Koetter <p@state-of-mind.de> http://postfix.state-of-mind.de/patrick.koetter/ "By the time you're thirty you have grown up, whether you acknowledge it or not." 
|
Linear Mode
