setting up postfix -smtpd

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi,

Sorry for this question that I probably should have been able to solve
from reading the documentation, but I have been trying for several weeks
now without success.

The scenario:

I have a PC with fixed IP address and FQDN (www.runnwerth.net). That
machine is used nearly ecusively by me. Currently I use this machine to
send out email directly but collect email from an smtp-server, using
fetchmail. Those are emails send to the above address
(tg@shelx.uni-ac.gwdg.de).

Mostly for the sake of learning I would like to set up an smtp-server for
the domain runnwerth.net which I can use from home to collect and send
emails. At home I do not have a fixed IP-address. I would like the two
users that have accounts on this machine to be able to authenticate with
their system passwords. That is not compulsory, but it appears the
simplest solution to me.

The system runs debian sarge with postfix, postfix-tls v. 2.1.5-5
installed, as well as the dovecot-imapd.

So far I managed to allow users from home to login with fetchmail and
collect mail with the following main.cf:

- ----8< zstart /etc/postfix/main.cf
biff = no

append_dot_mydomain = no
myhostname = www.runnwerth.net
mydomain = runnwerth.net
myorigin = /etc/mailname
alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases
mydestination = $myhostname, localhost, $mydomain, atoemchen
mynetworks = 127.0.0.0/8

mailbox_command = procmail -a "$EXTENSION"
mailbox_size_limit = 0
recipient_delimiter = +

smtpd_banner = $myhostname ESMTP $mail_name (Debian/GNU)
smtpd_helo_restrictions = reject_invalid_hostname
smtpd_client_restrictions = permit_sasl_authenticated,
permit_tls_clientcerts
smtpd_helo_required = yes
smtpd_tls_auth_only = yes

smtp_tls_CAfile = /etc/postfix/cacert.pem
smtp_tls_cert_file = /etc/postfix/nachtigaller-cert.pem
smtp_tls_key_file = /etc/postfix/nachtigaller-key.pem
smtp_tls_session_cache_database = btree:/var/run/smtp_tls_session_cache
smtp_use_tls = yes

smtpd_tls_CAfile = /etc/postfix/cacert.pem
smtpd_tls_cert_file = /etc/postfix/nachtigaller-cert.pem
smtpd_tls_key_file = /etc/postfix/nachtigaller-key.pem
smtpd_tls_received_header = yes
smtpd_tls_session_cache_database = btree:/var/run/smtpd_tls_session_cache
smtpd_use_tls = yes
tls_random_source = dev:/dev/urandom
smtpd_enforce_tls = yes

smtpd_sasl_auth_enable = yes
smtpd_sasl_security_options = noanonymous
- ---->8 end /etc/postfix/main.cf
- -----8< excerpt from /var/log/mail.info
However, trying to send email with pine fails with the error messages
Feb 17 10:45:31 www postfix/smtpd[11725]: <
dsl-082-082-168-142.arcor-ip.net[82.82.168.142]: AHRnADQyLkxpbng=
Feb 17 10:45:31 www postfix/smtpd[11725]: smtpd_sasl_authenticate: decoded
response:
Feb 17 10:45:31 www postfix/smtpd[11725]: warning: SASL authentication
failure: cannot connect to saslauthd server: No such file or directory
Feb 17 10:45:31 www postfix/smtpd[11725]: warning: SASL authentication
failure: Password verification failed
Feb 17 10:45:31 www postfix/smtpd[11725]: warning:
dsl-082-082-168-142.arcor-ip.net[82.82.168.142]: SASL PLAIN authentication
failed
Feb 17 10:45:31 www postfix/smtpd[11725]: >
dsl-082-082-168-142.arcor-ip.net[82.82.168.142]: 535 Error: authentication
failed
Feb 17 10:45:31 www postfix/smtpd[11725]: watchdog_pat: 0x8089190
Feb 17 10:45:31 www postfix/smtpd[11725]: <
dsl-082-082-168-142.arcor-ip.net[82.82.168.142]: AUTH PLAIN
Feb 17 10:45:31 www postfix/smtpd[11725]: smtpd_sasl_authenticate:
sasl_method PLAIN
Feb 17 10:45:31 www postfix/smtpd[11725]: smtpd_sasl_authenticate: uncoded
challenge:
Feb 17 10:45:31 www postfix/smtpd[11725]: >
dsl-082-082-168-142.arcor-ip.net[82.82.168.142]: 334
- ----->8

Why can postfix not connect to the saslauthd? It is running with
root 7690 0.0 1.0 6476 1380 ? Ss Feb16 0:00 \
/usr/sbin/saslauthd -m /var/run/saslauthd -a shadow
(five instances in total).

Do I need saslauthd at all if I want authentication against the unix
password?

My /etc/postfix/sasl/smtpd.conf reads
pwcheck_method: saslauthd
mech_list: plain login

I am sorry for this long mail, but I am apparently not familiar with
mailing systems and I do not know which information bits are the important
ones (otherwise I could have solved it myself).

Can somebody help me please?

Cheers,
Tim


--
Tim Gruene
Institut fuer anorganische Chemie
Tammannstr. 4
D-37077 Goettingen

GPG Key ID = A46BEE1A

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.5 (GNU/Linux)

iD8DBQFCFIwIUxlJ7aRr7hoRAlVvAKCBJkKhw+L8JvEIIev6PN lnAtzE7ACfQBhG
ngZvQGkVBVkv1OtJQtACZ1A=
=Y0L/
-----END PGP SIGNATURE-----