SASL does not work after changing mydestination from hash to mysql
This is a discussion on SASL does not work after changing mydestination from hash to mysql within the mailing.postfix.users forums, part of the Mail Servers and Related category; Hi I have got a mysterious problem here. I'm using my 2.2.10 postfix for a while now ...
|
|||||||
| FAQ | Members List | Calendar | Search | Today's Posts | Mark Forums Read |
11-05-2006
|
|||
|
|||
SASL does not work after changing mydestination from hash to mysql
Hi
I have got a mysterious problem here. I'm using my 2.2.10 postfix for a while now with sasl. The saslauthd is going to an openldap. And it works .. When i want to send a mail from inside to outside i have to authenticate. Now i want to put some of the hash files for my_domain and mydestination to a mysql database. This works for my_domain great. But not for mydestination. I changed: mydestination = $myhostname, localhost.$mydomain, localhost, hash:/etc/postfix/relay_domains to: mydestination = $myhostname, localhost.$mydomain, localhost, $mydomain, mysql:/etc/postfix/mysql/my_destination.cf I use the same my_destination.cf for the my_domain and it works. So i can exclude a mysql problem. But then my client gets this error: Recipient address rejected. User unknown in local recipient table. And in the log i can see these errors: Nov 5 13:41:12 mini postfix/smtpd[32078]: TLS connection established from marcus-pc.hausnetz.local[192.168.17.34]: TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits) Nov 5 13:41:12 mini postfix/smtpd[32078]: warning: SASL authentication failure: Could not open /etc/sasl2/sasldb2: gdbm_errno=3 Nov 5 13:41:12 mini postfix/smtpd[32078]: warning: SASL authentication failure: Could not open /etc/sasl2/sasldb2: gdbm_errno=3 Nov 5 13:41:12 mini postfix/smtpd[32078]: warning: SASL authentication failure: no secret in database Nov 5 13:41:12 mini postfix/smtpd[32078]: NOQUEUE: reject: RCPT from marcus-pc.hausnetz.local[192.168.17.34]: 550 <mail@strato.de.de>: Recipient address rejected: User unknown in local recipient table; from=<marcus@juettner.homelinux.com> to=<mail@strato.de.de> proto=ESMTP helo=<[192.168.17.34]> But my sasl is going to ldap. What does it want from the sasldb suddenly ?? in /etc/sasl2/smtpd.conf: pwcheck_method: saslauthd and the sasl daemen is working with -a ldap If i go back to hash in mydestination everything is working well again. I do not understand what the change of the database backand for mydestination ha to do whis the sasl auth. Here some configs: smtpd_sasl_auth_enable = yes smtpd_sasl_security_options = noanonymous smtpd_sasl_local_domain = broken_sasl_auth_clients = yes smtpd_sender_restrictions = permit_mynetworks permit_sasl_authenticated reject_unknown_sender_domain smtpd_recipient_restrictions = permit_mynetworks permit_sasl_authenticated reject_unknown_recipient_domain reject_unauth_destination Bye and thanx for the comeing help. 
|
|
11-05-2006
|
|||
|
|||
|
Re: SASL does not work after changing mydestination from hash tomysql
Marcus Jüttner wrote:
> failure: Could not open /etc/sasl2/sasldb2 > sasl is going to ldap. What does it want from the sasldb suddenly ?? When there is a configuration error in LDAP, saslauthd automatically fails over to trying a lookup in sasldb. > saslauthd is going to openldap > This works for my_domain > But not for mydestination. Interesting. In looking at the "man 5 postconf" manual page, it does not mention the valid use of a lookup table for $mydomain, however it does for $mydestination. > mydestination = $myhostname, localhost.$mydomain, localhost, $mydomain, > mysql:/etc/postfix/mysql/my_destination.cf I wonder if possibly the lookup for $mydestination is failing because it contains an embedded secondary table lookup for $mydomain. You might try testing that by changing the mydestination entry to contain replacement text data for $mydomain (instead of a lookup for $mydomain). -- Greg
|
|
11-05-2006
|
|||
|
|||
|
Re: SASL does not work after changing mydestination from hash tomysql
Greg Hackney schrieb:
> Marcus Jüttner wrote: > > >> failure: Could not open /etc/sasl2/sasldb2 >> sasl is going to ldap. What does it want from the sasldb suddenly ?? > > When there is a configuration error in LDAP, saslauthd automatically > fails over to trying a lookup in sasldb. > > >> saslauthd is going to openldap >> This works for my_domain >> But not for mydestination. > > Interesting. In looking at the "man 5 postconf" manual page, > it does not mention the valid use of a lookup table for $mydomain, > however it does for $mydestination. > > >> mydestination = $myhostname, localhost.$mydomain, localhost, >> $mydomain, mysql:/etc/postfix/mysql/my_destination.cf > > > I wonder if possibly the lookup for $mydestination is failing because it > contains an embedded secondary table lookup for $mydomain. You might try > testing that by changing the mydestination entry to contain replacement > text data for $mydomain (instead of a lookup for $mydomain). > > -- > Greg > > > Hi Greg I changed the line to: mydestination = $myhostname, localhost, marcus-juettner.de, mysql:/etc/postfix/mysql/my_destination.cf but the same error came again. It only works if i use a hash for the 3 domains or writing them direct into the mydestination variable. Bye
|
|
11-05-2006
|
|||
|
|||
|
Re: SASL does not work after changing mydestination from hash tomysql
Marcus Jüttner wrote:
> I changed the line to: > mydestination = $myhostname, localhost, marcus-juettner.de, > mysql:/etc/postfix/mysql/my_destination.cf > > but the same error came again. It only works if i use a hash for the 3 > domains or writing them direct into the mydestination variable. Here's a thought: > I use the same my_destination.cf for the my_domain and it works. > So i can exclude a mysql problem. Perhaps you can't exclude it being a query problem when using the same .cf file to fit both types of queries: $mydomain doesn't have a query key. It just needs to be filled with some static value. It's not trying to match some string value against a database. $mydestination on the other hand, does have a Postfix query key. It knows some string value for a domain name, and tries to match that in the database lookup. The result is success or failure, and does not use the RESULT value. I assume that the .cf file would need to be searching for a Postfix provided %s string. -- Greg
|
|
11-05-2006
|
|||
|
|||
|
Re: SASL does not work after changing mydestination from hash tomysql
Hi
I think i found it. My query file is for postfix > 2.2 -------------------- user = postfix password = xxx dbname = mailsystem query = SELECT domainname FROM postfix_relay_domains ------------------- i have to search for the older format ---------------- select_field = domainname table = postfix_relay_domains ----------------- does not work. Do i need a where_field. My table does only have one column (domainname). Bye
|
|
11-05-2006
|
|||
|
|||
|
Re: SASL does not work after changing mydestination from hash tomysql
Hi Greg
Thank you for your help. I changed the query file to: host = localhost user = postfix password = xxx dbname = mailsystem query = SELECT domainname FROM postfix_relay_domains where domainname = '%%' now it works !! The sasl error was very confusing in this case. Bye
|
Linear Mode
