John wrote:
Thanks, Sandy.
John wrote:
Help!
[snip]
Please show output of "postconf -n". This will show best how your config is working. General:/etc/postfix # postconf -n alias_database = hash:/etc/aliases alias_maps = hash:/etc/aliases biff = no broken_sasl_auth_clients = yes canonical_maps = hash:/etc/postfix/canonical command_directory = /usr/sbin config_directory = /etc/postfix daemon_directory = /usr/lib/postfix debug_peer_level = 2 defer_transports = disable_dns_lookups = no disable_mime_output_conversion = no home_mailbox = Maildir/
Sandy Drobic wrote: html_directory = /usr/share/doc/packages/postfix/html inet_interfaces = all inet_protocols = all mail_owner = postfix mail_spool_directory = /var/mail mailbox_command = /usr/bin/procmail mailbox_size_limit = 0 mailbox_transport = mailq_path = /usr/bin/mailq manpage_directory = /usr/share/man masquerade_classes = envelope_sender, header_sender, header_recipient masquerade_domains = masquerade_exceptions = root message_size_limit = 10240000 mydestination = $myhostname, localhost.$mydomain, DMJ-Consultancy.co.uk, DMJ-Consultancy.me.uk, DMJ-Consultancy.org.uk myhostname = General.DMJ-Consultancy.local mynetworks = 127.0.0.0/8, 192.168.74.0/24, 192.168.80.0/24, 10.0.0.0/24 myorigin = DMJ-Consultancy.me.uk newaliases_path = /usr/bin/newaliases queue_directory = /var/spool/postfix readme_directory = /usr/share/doc/packages/postfix/README_FILES relayhost = relocated_maps = hash:/etc/postfix/relocated sample_directory = /usr/share/doc/packages/postfix/samples sender_canonical_maps = hash:/etc/postfix/sender_canonical sendmail_path = /usr/sbin/sendmail setgid_group = maildrop smtp_use_tls = no smtpd_client_restrictions = smtpd_helo_required = no smtpd_helo_restrictions = smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination, reject_sender_login_mismatch smtpd_sasl_application_name = smtpd smtpd_sasl_auth_enable = yes smtpd_sasl_local_domain = $myhostname smtpd_sasl_security_options = noanonymous smtpd_sender_restrictions = hash:/etc/postfix/access smtpd_use_tls = no strict_8bitmime = no strict_rfc821_envelopes = no transport_maps = hash:/etc/postfix/transport unknown_local_recipient_reject_code = 550
Try setting smtpd_sasl_local_domain = (empty). Verify that the setting is shown empty in output of "postconf -n".
In /etc/syslog.conf, I've added: auth.* /var/log/auth
but I get no log file from this
Postfix logs to mail facility mail.*, not auth, so it's not surprising.
I had the impression that sasl would log here, not postfix.
In /usr/lib/sasl2/smtpd.conf, I have: pwcheck_method: saslauthd log_level: 3 mech_list: PLAIN LOGIN
Okay, looks good, though log_level is not evaluated.
I hope in /usr/lib/sasl2 the neccessary libraries are installed?
What does "ls -l /usr/lib/sasl2" say about the installed libs?
and in /etc/sysconfig/saslauthd, I have SASLAUTHD_AUTHMECH=getpwent
I have set it to PAM, you can also use SHADOW.
Now, what does the following command say: testsaslauthd -s smtp -u user -p password
0: NO "authentication failed"
I assume that you have set correct values for "user" and "password"? Until that is running, authentication in Postfix is unlikely to work. What happens if you set the service (-s) to imap, the default? testsaslauthd -u user -p password
If that command is successful, then authentication from within Postfix should work.
[snip]
That looks a bit strange. the plain string should have an equal sign as the last character. This is the result of binhex64 encoding user "testuser" and password "testpass":
dGVzdHVzZXIAdGVzdHVzZXIAdGVzdHBhc3M=
Are you sure you have encoded the string correctly?
Without putting username and full text password in the email, all I can say is I've typed the line several times and gotten the same result each time (am9obgBqb2huAENyaWNrZXQ4MzM0)
Uhm, you just have put your username and password here. PLAIN isn't called plaintext mechanism in vain. Please change this password. (^-^) Though at least I could verify that you don't have a "@" in your username or password, so the encoding is working fine.
from perl -MMIME::Base64 -e 'print encode_base64("uuuuu\0uuuuu\0pppppppp");'
So I conclude that SASL is up and hooked into postfix but each time I try to telnet, or even access through Thunderbird, I find authentication failed and in /var/log/mail.warn, I find Sep 19 18:34:15 General postfix/smtpd[6684]: warning: SASL authentication failure: Password verification failed Sep 19 18:34:15 General postfix/smtpd[6684]: warning: unknown[192.168.74.180]: SASL PLAIN authentication failed Sep 19 18:34:15 General postfix/smtpd[6684]: warning: unknown[192.168.74.180]: SASL LOGIN authentication failed
This definitely looks as if you have the wrong password. Puzzling since, in Thunderbird, I type it in at the keyboard exactly as if logging in to SuSE. Could it be that it's not looking at the passwd file?
This could be. Why did you choose getpwent as the auth mech in saslauthd? Though I have the feeling that the smtpd_sasl_local_domain is the culprit.
but I can log on to the server using the same user name and password that I am trying for Thunderbird and telnet.
Where have I gone wrong? I am convinced that I've missed something simple - clearly so simple that each time I go through one of the above references again, I miss it again!
BTW I've tried Patrick Koetter's saslfinger; this gives me runtime errors of its own so I haven't any output from it.
What kind of error? saslfinger is a simple bash script, it should run without any problem on suse 10.
I'll have to get back on that since I'll have to re-download it and try again
BTW, I believe that postfix is not CHROOTed, either.
It shouldn't be the problem. Suse doesn't chroot by default unlike debian, and the authentication is actually tried. It must either be the smtpd_sasl_local_domain or a missing plain library. Sandy -- List replies only please! Please address PMs to: news-reply2 (@) japantest (.) homelinux (.) com