Re: Postfix, SASL2 and MySQL

* Andreas Rother <a.rother@gmx.de> [041006 23:00]:
> # bash saslfinger -s
> saslfinger - postfix Cyrus sasl configuration Wed Oct 6 16:45:49 CEST 2004
> version: 0.9.4
> mode: server-side SMTP AUTH
>
> -- basics --
> Postfix: 2.1.5
>
> -- smtpd is linked to --
> -lsasl2.2 => /usr/pkg/lib/libsasl2.so.2
>
> -- active SMTP AUTH parameters for smtpd --
> broken_sasl_auth_clients = yes
> smtpd_sasl_application_name = smtpd
> smtpd_sasl_auth_enable = yes
> smtpd_sasl_local_domain =
> smtpd_sasl_security_options = noanonymous

OK.

> -- listing of /usr/pkg/lib/sasl2 --
> total 218
> drwxr-xr-x 2 root wheel 512 Oct 5 19:45 .
> drwxr-xr-x 8 root wheel 2560 Oct 6 16:31 ..
> -rw-r--r-- 1 root wheel 11 Sep 24 09:59 .pkgsrc
> -rwxr-xr-x 1 root wheel 867 Sep 24 09:59 libsasldb.la
> -rwxr-xr-x 1 root wheel 44741 Sep 24 09:59 libsasldb.so
> -rwxr-xr-x 1 root wheel 44741 Sep 24 09:59 libsasldb.so.2
> -rwxr-xr-x 1 root wheel 44741 Sep 24 09:59 libsasldb.so.2.19
> -r-xr-xr-x 1 root wheel 915 Sep 24 16:27 libsql.la
> -r-xr-xr-x 1 root wheel 26364 Sep 24 16:27 libsql.so
> -r-xr-xr-x 1 root wheel 26364 Sep 24 16:27 libsql.so.2
> -r-xr-xr-x 1 root wheel 26364 Sep 24 16:27 libsql.so.2.19
> -rw-r--r-- 1 root wheel 294 Oct 6 16:38 smtpd.conf


smtpd is correct when it terminates and logs "no authentication
mechanisms". There are none. If there were there would be something
like this in the output above:

-rwxr-xr-x 1 root root 706 Jul 16 20:43 libanonymous.la
-rwxr-xr-x 1 root root 89912 Jul 16 20:43 libanonymous.so
-rwxr-xr-x 1 root root 89912 Jul 16 20:43 libanonymous.so.2
-rwxr-xr-x 1 root root 12592 Mar 16 2004 libanonymous.so.2.0.18
-rwxr-xr-x 1 root root 89912 Jul 16 20:43 libanonymous.so.2.0.19
-rwxr-xr-x 1 root root 694 Jul 16 20:43 libcrammd5.la
-rwxr-xr-x 1 root root 94948 Jul 16 20:43 libcrammd5.so
-rwxr-xr-x 1 root root 94948 Jul 16 20:43 libcrammd5.so.2
-rwxr-xr-x 1 root root 15116 Mar 16 2004 libcrammd5.so.2.0.18
-rwxr-xr-x 1 root root 94948 Jul 16 20:43 libcrammd5.so.2.0.19
-rwxr-xr-x 1 root root 724 Jul 16 20:43 libdigestmd5.la
-rwxr-xr-x 1 root root 140728 Jul 16 20:43 libdigestmd5.so
-rwxr-xr-x 1 root root 140728 Jul 16 20:43 libdigestmd5.so.2
-rwxr-xr-x 1 root root 41328 Mar 16 2004 libdigestmd5.so.2.0.18
-rwxr-xr-x 1 root root 140728 Jul 16 20:43 libdigestmd5.so.2.0.19
-rwxr-xr-x 1 root root 760 Jul 16 20:43 libgssapiv2.la
-rwxr-xr-x 1 root root 104043 Jul 16 20:43 libgssapiv2.so
-rwxr-xr-x 1 root root 104043 Jul 16 20:43 libgssapiv2.so.2
-rwxr-xr-x 1 root root 104043 Jul 16 20:43 libgssapiv2.so.2.0.19
-rwxr-xr-x 1 root root 690 Jul 16 20:43 liblogin.la
-rwxr-xr-x 1 root root 90660 Jul 16 20:43 liblogin.so
-rwxr-xr-x 1 root root 90660 Jul 16 20:43 liblogin.so.2
-rwxr-xr-x 1 root root 13036 Mar 16 2004 liblogin.so.2.0.18
-rwxr-xr-x 1 root root 90660 Jul 16 20:43 liblogin.so.2.0.19
-rwxr-xr-x 1 root root 690 Jul 16 20:43 libplain.la
-rwxr-xr-x 1 root root 90438 Jul 16 20:43 libplain.so
-rwxr-xr-x 1 root root 90438 Jul 16 20:43 libplain.so.2
-rwxr-xr-x 1 root root 13036 Mar 16 2004 libplain.so.2.0.18
-rwxr-xr-x 1 root root 90438 Jul 16 20:43 libplain.so.2.0.19


So the big question is where your mechanisms are or have gone. If you
solve this, SMTP AUTH will probably work immediately.

> -- content of /usr/pkg/lib/sasl2/smtpd.conf --
> pwcheck_method: auxprop
> mech_list: PLAIN LOGIN
> log_level: 2
> auxprop_plugin: sql
> sql_engine: mysql
> sql_hostnames: localhost
> sql_database: maildb
> sql_user: --- replaced ---
> sql_passwd: --- replaced ---
> sql_select: SELECT clear FROM users WHERE email = '%u@%r' AND postfix = 'y'
> sql_verbose: yes

Looks good.

> -- active services in /usr/pkg/etc/postfix/master.cf --
> # service type private unpriv chroot wakeup maxproc command + args
> # (yes) (yes) (yes) (never) (100)
> smtp inet n - n - - smtpd -vvv
> pickup fifo n - n 60 1 pickup
> cleanup unix n - n - 0 cleanup
> qmgr fifo n - n 300 1 qmgr
> rewrite unix - - n - - trivial-rewrite
> bounce unix - - n - 0 bounce
> defer unix - - n - 0 bounce
> trace unix - - n - 0 bounce
> verify unix - - n - 1 verify
> flush unix n - n 1000? 0 flush
> proxymap unix - - n - - proxymap
> smtp unix - - n - - smtp
> relay unix - - n - - smtp
> showq unix n - n - - showq
> error unix - - n - - error
> local unix - n n - - local
> virtual unix - n n - - virtual
> lmtp unix - - n - - lmtp
> anvil unix - - n - 1 anvil
> maildrop unix - n n - - pipe
> flags=DRhu user=vmail argv=/usr/local/bin/maildrop -d ${recipient}
> old-cyrus unix - n n - - pipe
> flags=R user=cyrus argv=/cyrus/bin/deliver -e -m ${extension} ${user}
> cyrus unix - n n - - pipe
> user=cyrus argv=/cyrus/bin/deliver -e -r ${sender} -m ${extension} ${user}
> uucp unix - n n - - pipe
> flags=Fqhu user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail
> ($recipient)
> ifmail unix - n n - - pipe
> flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient)
> bsmtp unix - n n - - pipe
> flags=Fq. user=foo argv=/usr/local/sbin/bsmtp -f $sender $nexthop
> $recipient

Same here...


>
> -- end of saslfinger output --
>
>
> I tweaked the script to search at the NetBSD specific places and skipped the
> smtp dialogue test because the script exits there. I cannot see any errors.

OK. I've added the NetBSD path to the script, which I will upload
shortly.

p@rick


--
I take the freedom to ignore offlist messages. Open Source software
requires open access to information that tells all of us how to run it.
Don't deprive the community of that!

SMTP AUTH howto & debug utility (saslfinger):
<http://postfix.state-of-mind.de/patrick.koetter/>