Am Freitag, 9. Januar 2004 14:00 schrieb Andreas Winkelmann:
Am Freitag, 9. Januar 2004 13:51 schrieb Markus Feilner:
has anybody got postfix working with cyrus-sasl under suse 9.0? I only got replies like "authenticaton failed"
my /usr/lib/sasl2/smtp.conf is:
smtpd.conf
pwcheck_method: auxprop mech_list: plain login
If you use sasldb, you can offer cram-md5 and digest-md5 too. If they are installed, of course.
auxprop_plugin: sasldb2
auxprop_plugin: sasldb
(the path to /usr/lib/sasl2 was added by ldconfig )
No need.
A user for sasldb was added: Mail-server:/usr/lib/sasl2 # saslpasswd2 -c user Password: user Again (for verification): user Mail-server:/usr/lib/sasl2 #
Better to specify a realm (-u). But if it is already there, show sasldblistusers2 look at the user-string. There is a domain-part add it to Postfix's configurations as "smtpd_sasl_local_domain".
And to /etc/postfix/main.cf I added:
smtpd_sasl_auth_enable = yes smtpd_sasl_security_options = noanonymous broken_sasl_auth_clients = yes smtpd_recipients_restrictions = permit_sasl_authenticated
OK, rcsaslauthd start, rcpostfix restart and test with telnet or a mailclient. I am told SASL with PLAIN or LOGIN should work.
If you want to use sasldb, there is no need to start saslauthd.
But if I try to send a message, I get the following in /var/log/mail:
it seems like access to database is not possible. Why is authentication failing?
Two other things, check if smtpd runs chrooted (master.cf) and copy the sasldb to the jail. And check if user postfix may access sasldb.
-- Andreas
Andreas, thanks a lot!! Two typos and the thing about the realm! One more question ... I want _only_ sasl-auth'd Users to be allowed to send. According to http://postfix.state-of-mind.de/patrick.koetter/smtpauth/ smtp_auth_mailclients.html I put in /etc/postfix/main.cf: mydomain = somewhere myorigin = Mailserver.somewhere mydestination = $myhostname, localhost.$mydomain relay_domains = somewhere smtpd_sender_restrictions = permit_mynetworks permit_sasl_authenticated reject mynetworks=127.0.0.0/8 smtpd_sasl_auth_enable = yes smtpd_sasl_security_options = noanonymous smtpd_sasl_local_domain = Mailserver broken_sasl_auth_clients = yes But: although a user is authenticated successfully (thanks again!) - relaying is denied. "postfix/smtpd[7504]: generic_checks: name=reject_unauth_destination status=2" If on the other hand i put mynetworks=192.168.0.0/24, everyone from that subnet may relay, without Authentication. Where am I wrong or what am i missing? Thanks! -- Mit freundlichen Grüßen Markus Feilner -- Linux Solutions, Training, Seminare und Workshops - auch Inhouse Feilner IT Linux & GIS Erlangerstr. 2 93059 Regensburg fon: +49 941 70 65 23 - mobil: +49 170 302 709 2 web: http://feilner-it.net mail: mfeilner@feilner-it.net