Re: postfix and SASL
This is a discussion on Re: postfix and SASL within the mailing.postfix.users forums, part of the Mail Servers and Related category; * pascal@linuxorable.net <pascal@linuxorable.net>: > >Yep. send better debug output. Download saslfinger (see below) and=...
|
|||||||
| FAQ | Members List | Calendar | Search | Today's Posts | Mark Forums Read |
05-05-2005
|
|||
|
|||
Re: postfix and SASL
* pascal@linuxorable.net <pascal@linuxorable.net>:
> >Yep. send better debug output. Download saslfinger (see below) and=20 > >send output from "saslfinger -s". >=20 > The output is in the attached file > saslfinger - postfix Cyrus sasl configuration jeu mai 5 11:56:00 CEST = 2005 > version: 0.9.9.1 > mode: server-side SMTP AUTH >=20 > -- basics -- > Postfix: 2.2.2 > System: Debian GNU/Linux 3.1 \n \l Did you build Postfix yourself? If not, smtpd.conf must go into /etc/postfix/sasl/smtpd.conf. > -- smtpd is linked to -- > libsasl2.so.2 =3D> /usr/lib/libsasl2.so.2 (0x401c0000) >=20 > -- active SMTP AUTH and TLS parameters for smtpd -- > broken_sasl_auth_clients =3D no > smtpd_sasl_application_name =3D smtpd > smtpd_sasl_auth_enable =3D yes > smtpd_sasl_local_domain =3D $myhostname Which format do the usernames have you send during authentication? If they are just "username", then you must watch out that whatever you se= t for $smtpd_sasl_local_domain matches the REALM in your sasldb, because Postfi= x will append $smtpd_sasl_local_domain to all short usernames. If they are "username@domain" everything is okay. > smtpd_sasl_security_options =3D noanonymous, noplaintext > smtpd_tls_CAfile =3D /usr/lib/ssl/mon_AC/private/mon_AC.crt > smtpd_tls_cert_file =3D /usr/lib/ssl/mon_AC/certs/server_signed.pem > smtpd_tls_key_file =3D /usr/lib/ssl/mon_AC/private/server_tls.pem > smtpd_tls_loglevel =3D 0 > smtpd_use_tls =3D yes Do yourself a favor and turn TLS off while you try to configure SMTP AUTH= .. It adds extra complexity at the moment. > -- listing of /usr/lib/sasl2 -- > total 896 > drwxr-xr-x 2 root root 4096 2005-01-26 13:34 . > drwxr-xr-x 125 root root 53248 2005-04-19 23:21 .. > -rw-r--r-- 1 root root 13488 2004-10-16 23:02 libanonymous.a > -rw-r--r-- 1 root root 851 2004-10-16 23:02 libanonymous.la > -rw-r--r-- 1 root root 13824 2004-10-16 23:02 libanonymous.so > -rw-r--r-- 1 root root 13824 2004-10-16 23:02 libanonymous.so.2 > -rw-r--r-- 1 root root 13824 2004-10-16 23:02 libanonymous.so.2.0.19 > -rw-r--r-- 1 root root 16298 2004-10-16 23:02 libcrammd5.a > -rw-r--r-- 1 root root 837 2004-10-16 23:02 libcrammd5.la > -rw-r--r-- 1 root root 16180 2004-10-16 23:02 libcrammd5.so > -rw-r--r-- 1 root root 16180 2004-10-16 23:02 libcrammd5.so.2 > -rw-r--r-- 1 root root 16180 2004-10-16 23:02 libcrammd5.so.2.0.19 > -rw-r--r-- 1 root root 47516 2004-10-16 23:02 libdigestmd5.a > -rw-r--r-- 1 root root 860 2004-10-16 23:02 libdigestmd5.la > -rw-r--r-- 1 root root 43944 2004-10-16 23:02 libdigestmd5.so > -rw-r--r-- 1 root root 43944 2004-10-16 23:02 libdigestmd5.so.2 > -rw-r--r-- 1 root root 43944 2004-10-16 23:02 libdigestmd5.so.2.0.19 > -rw-r--r-- 1 root root 13726 2004-10-16 23:02 liblogin.a > -rw-r--r-- 1 root root 831 2004-10-16 23:02 liblogin.la > -rw-r--r-- 1 root root 14028 2004-10-16 23:02 liblogin.so > -rw-r--r-- 1 root root 14028 2004-10-16 23:02 liblogin.so.2 > -rw-r--r-- 1 root root 14028 2004-10-16 23:02 liblogin.so.2.0.19 > -rw-r--r-- 1 root root 31248 2004-10-16 23:02 libntlm.a > -rw-r--r-- 1 root root 825 2004-10-16 23:02 libntlm.la > -rw-r--r-- 1 root root 30660 2004-10-16 23:02 libntlm.so > -rw-r--r-- 1 root root 30660 2004-10-16 23:02 libntlm.so.2 > -rw-r--r-- 1 root root 30660 2004-10-16 23:02 libntlm.so.2.0.19 > -rw-r--r-- 1 root root 20142 2004-10-16 23:02 libotp.a > -rw-r--r-- 1 root root 825 2004-10-16 23:02 libotp.la > -rw-r--r-- 1 root root 43184 2004-10-16 23:02 libotp.so > -rw-r--r-- 1 root root 43184 2004-10-16 23:02 libotp.so.2 > -rw-r--r-- 1 root root 43184 2004-10-16 23:02 libotp.so.2.0.19 > -rw-r--r-- 1 root root 13886 2004-10-16 23:02 libplain.a > -rw-r--r-- 1 root root 831 2004-10-16 23:02 libplain.la > -rw-r--r-- 1 root root 14096 2004-10-16 23:02 libplain.so > -rw-r--r-- 1 root root 14096 2004-10-16 23:02 libplain.so.2 > -rw-r--r-- 1 root root 14096 2004-10-16 23:02 libplain.so.2.0.19 > -rw-r--r-- 1 root root 21798 2004-10-16 23:02 libsasldb.a > -rw-r--r-- 1 root root 852 2004-10-16 23:02 libsasldb.la > -rw-r--r-- 1 root root 18692 2004-10-16 23:02 libsasldb.so > -rw-r--r-- 1 root root 18692 2004-10-16 23:02 libsasldb.so.2 > -rw-r--r-- 1 root root 18692 2004-10-16 23:02 libsasldb.so.2.0.19 > -rw-r--r-- 1 root root 176 2005-01-26 13:34 smtpd.conf >=20 >=20 >=20 >=20 > -- content of /usr/lib/sasl2/smtpd.conf -- > # Pour une authentification avec le m=E9canisme sasldb: > #pwcheck_method: auxprop >=20 > # Pour une authentifiaction avec le m=E9canisme ldap: > pwcheck_method: saslauthd > #mech_list: plain If you want to use sasldb, use this configuration: pwcheck_method: auxprop auxprop_plugin: sasldb mech_list: CRAM-MD5 DIGEST-MD5 If you want plaintext mechanisms as well add PLAIN LOGIN to the mech_list list. > -- active services in /etc/postfix/master.cf -- > # service type private unpriv chroot wakeup maxproc command + args > # (yes) (yes) (yes) (never) (100) > smtp inet n - n - - smtpd no chroot. good. > -- mechanisms on localhost -- > 250-AUTH NTLM DIGEST-MD5 CRAM-MD5 Can the user postfix read /etc/sasldb2 ? p@rick --=20 The Book of Postfix <http://www.postfix-book.com> SMTP AUTH debug utility: <http://postfix.state-of-mind.de/patrick.koetter/saslfinger/> 
|
 |
«
Previous Thread
|
Next Thread
»
| Thread Tools | |
| Display Modes | |
Linear Mode
|
|
All times are GMT +1. The time now is 04:51 PM.
