SuSE 9.0: postfix sasl authentikation fails
Hello List, has anybody got postfix working with cyrus-sasl under suse 9.0? I only got replies like "authenticaton failed" my /usr/lib/sasl2/smtp.conf is: pwcheck_method: auxprop mech_list: plain login auxprop_plugin: sasldb2 (the path to /usr/lib/sasl2 was added by ldconfig ) A user for sasldb was added: Mail-server:/usr/lib/sasl2 # saslpasswd2 -c user Password: user Again (for verification): user Mail-server:/usr/lib/sasl2 # And to /etc/postfix/main.cf I added: smtpd_sasl_auth_enable = yes smtpd_sasl_security_options = noanonymous broken_sasl_auth_clients = yes smtpd_recipients_restrictions = permit_sasl_authenticated OK, rcsaslauthd start, rcpostfix restart and test with telnet or a mailclient. I am told SASL with PLAIN or LOGIN should work. But if I try to send a message, I get the following in /var/log/mail: Jan 9 13:39:38 Mail-server postfix/smtpd[4540]: < Mail-sender[192.168.0.150]: AUTH LOGIN Jan 9 13:39:38 Mail-server postfix/smtpd[4540]: smtpd_sasl_authenticate: sasl_method LOGIN Jan 9 13:39:38 Mail-server postfix/smtpd[4540]: smtpd_sasl_authenticate: uncoded challenge: Username: Jan 9 13:39:38 Mail-server postfix/smtpd[4540]: > Mail-sender[192.168.0.150]: 334 VXNlcm5hbWU6 Jan 9 13:39:38 Mail-server postfix/smtpd[4540]: < Mail-sender[192.168.0.150]: dXNlcg== Jan 9 13:39:38 Mail-server postfix/smtpd[4540]: smtpd_sasl_authenticate: decoded response: user Jan 9 13:39:38 Mail-server postfix/smtpd[4540]: smtpd_sasl_authenticate: uncoded challenge: Password: Jan 9 13:39:38 Mail-server postfix/smtpd[4540]: > Mail-sender[192.168.0.150]: 334 UGFzc3dvcmQ6 Jan 9 13:39:38 Mail-server postfix/smtpd[4540]: < Mail-sender[192.168.0.150]: dXNlcg== Jan 9 13:39:38 Mail-server postfix/smtpd[4540]: smtpd_sasl_authenticate: decoded response: user Jan 9 13:39:38 Mail-server postfix/smtpd[4540]: warning: Mail-sender[192.168.0.150]: SASL LOGIN authentication failed Jan 9 13:39:38 Mail-server postfix/smtpd[4540]: > Mail-sender[192.168.0.150]: 535 Error: authentication failed Communication works, Username and Password are decrypted correctly, but it seems like access to database is not possible. Why is authentication failing? Thanks for every hint! -- Mit freundlichen Grüßen Markus Feilner -- Linux Solutions, Training, Seminare und Workshops - auch Inhouse Feilner IT Linux & GIS Erlangerstr. 2 93059 Regensburg fon: +49 941 70 65 23 - mobil: +49 170 302 709 2 web: http://feilner-it.net mail: mfeilner@feilner-it.net
Am Freitag, 9. Januar 2004 13:51 schrieb Markus Feilner:
has anybody got postfix working with cyrus-sasl under suse 9.0? I only got replies like "authenticaton failed"
my /usr/lib/sasl2/smtp.conf is: smtpd.conf
pwcheck_method: auxprop mech_list: plain login If you use sasldb, you can offer cram-md5 and digest-md5 too. If they are installed, of course.
auxprop_plugin: sasldb2 auxprop_plugin: sasldb
(the path to /usr/lib/sasl2 was added by ldconfig ) No need.
A user for sasldb was added: Mail-server:/usr/lib/sasl2 # saslpasswd2 -c user Password: user Again (for verification): user Mail-server:/usr/lib/sasl2 #
Better to specify a realm (-u). But if it is already there, show sasldblistusers2 look at the user-string. There is a domain-part add it to Postfix's configurations as "smtpd_sasl_local_domain".
And to /etc/postfix/main.cf I added:
smtpd_sasl_auth_enable = yes smtpd_sasl_security_options = noanonymous broken_sasl_auth_clients = yes smtpd_recipients_restrictions = permit_sasl_authenticated
OK, rcsaslauthd start, rcpostfix restart and test with telnet or a mailclient. I am told SASL with PLAIN or LOGIN should work.
If you want to use sasldb, there is no need to start saslauthd.
But if I try to send a message, I get the following in /var/log/mail:
it seems like access to database is not possible. Why is authentication failing?
Two other things, check if smtpd runs chrooted (master.cf) and copy the sasldb to the jail. And check if user postfix may access sasldb. -- Andreas
Am Freitag, 9. Januar 2004 14:00 schrieb Andreas Winkelmann:
Am Freitag, 9. Januar 2004 13:51 schrieb Markus Feilner:
has anybody got postfix working with cyrus-sasl under suse 9.0? I only got replies like "authenticaton failed"
my /usr/lib/sasl2/smtp.conf is:
smtpd.conf
pwcheck_method: auxprop mech_list: plain login
If you use sasldb, you can offer cram-md5 and digest-md5 too. If they are installed, of course.
auxprop_plugin: sasldb2
auxprop_plugin: sasldb
(the path to /usr/lib/sasl2 was added by ldconfig )
No need.
A user for sasldb was added: Mail-server:/usr/lib/sasl2 # saslpasswd2 -c user Password: user Again (for verification): user Mail-server:/usr/lib/sasl2 #
Better to specify a realm (-u). But if it is already there, show sasldblistusers2 look at the user-string. There is a domain-part add it to Postfix's configurations as "smtpd_sasl_local_domain".
And to /etc/postfix/main.cf I added:
smtpd_sasl_auth_enable = yes smtpd_sasl_security_options = noanonymous broken_sasl_auth_clients = yes smtpd_recipients_restrictions = permit_sasl_authenticated
OK, rcsaslauthd start, rcpostfix restart and test with telnet or a mailclient. I am told SASL with PLAIN or LOGIN should work.
If you want to use sasldb, there is no need to start saslauthd.
But if I try to send a message, I get the following in /var/log/mail:
it seems like access to database is not possible. Why is authentication failing?
Two other things, check if smtpd runs chrooted (master.cf) and copy the sasldb to the jail. And check if user postfix may access sasldb.
-- Andreas
Andreas, thanks a lot!! Two typos and the thing about the realm! One more question ... I want _only_ sasl-auth'd Users to be allowed to send. According to http://postfix.state-of-mind.de/patrick.koetter/smtpauth/ smtp_auth_mailclients.html I put in /etc/postfix/main.cf: mydomain = somewhere myorigin = Mailserver.somewhere mydestination = $myhostname, localhost.$mydomain relay_domains = somewhere smtpd_sender_restrictions = permit_mynetworks permit_sasl_authenticated reject mynetworks=127.0.0.0/8 smtpd_sasl_auth_enable = yes smtpd_sasl_security_options = noanonymous smtpd_sasl_local_domain = Mailserver broken_sasl_auth_clients = yes But: although a user is authenticated successfully (thanks again!) - relaying is denied. "postfix/smtpd[7504]: generic_checks: name=reject_unauth_destination status=2" If on the other hand i put mynetworks=192.168.0.0/24, everyone from that subnet may relay, without Authentication. Where am I wrong or what am i missing? Thanks! -- Mit freundlichen Grüßen Markus Feilner -- Linux Solutions, Training, Seminare und Workshops - auch Inhouse Feilner IT Linux & GIS Erlangerstr. 2 93059 Regensburg fon: +49 941 70 65 23 - mobil: +49 170 302 709 2 web: http://feilner-it.net mail: mfeilner@feilner-it.net
Am Freitag, 9. Januar 2004 14:53 schrieb Markus Feilner:
I want _only_ sasl-auth'd Users to be allowed to send. According to http://postfix.state-of-mind.de/patrick.koetter/smtpauth/ smtp_auth_mailclients.html I put in /etc/postfix/main.cf:
Please show us the Output of "postconf -n". There are some other restrictions, like recipient or helo.
But: although a user is authenticated successfully (thanks again!) - relaying is denied. "postfix/smtpd[7504]: generic_checks: name=reject_unauth_destination status=2"
Hmm, i think your smtpd_recipient_restrictions contains the reject. -- Andreas
participants (2)
-
Andreas Winkelmann
-
Markus Feilner