* Vince LaMonica <[EMAIL PROTECTED]>: > [i wrote:] > } > /etc/default/saslauthd: > } > > } > START=yes > } > DESC="SASL Authentication Daemon" > } > NAME="saslauthd" > } > MECHANISMS="shadow" > } > MECH_OPTIONS="" > } > THREADS=5 > } > OPTIONS="-c -m /var/spool/postfix/var/run/saslauthd" > > } You are not running postfix chrooted, but your saslauthd settings ($OPTIONS) > } reflect a chroot setup. Remove "-m /var/spool/postfix/var/run/saslauthd" > from > } OPTIONS, restart saslauthd and try again. > > Thanks, Patrick. I forgot that I had listed saslauthd in chroot; my > original setting [which does not work either] was: > > OPTIONS="-c -m /var/run/saslauthd" > > Note that in my older server, I did not have an OPTIONS entry. But > apparently it is required: > > # Other options (default: -c -m /var/run/saslauthd) > # Note: You MUST specify the -m option or saslauthd won't run! > # > # See /usr/share/doc/sasl2-bin/README.Debian for Debian-specific > information. > # See the saslauthd man page for general information about these options. > # > # Example for postfix users: "-c -m /var/spool/postfix/var/run/saslauthd" > > Sadly, there is no README.Debian for me to look at. :(
The Debian Cyrus SASL is working on it. It's a long way to go ... > When using: > > OPTIONS="-c -m /var/run/saslauthd" > > the error I am seeing in the logs is: > > Oct 27 12:57:41 aeryn postfix/smtpd[19668]: setting up TLS connection from > remotemachine.example.com[1.2.3.4] > Oct 27 12:57:41 aeryn postfix/smtpd[19668]: Anonymous TLS connection > established from remotemachine.example.com[1.2.3.4]: > TLSv1 with cipher AES128-SHA (128/128 bits) > Oct 27 12:57:41 aeryn postfix/smtpd[19668]: warning: SASL authentication > failure: no secret in database > Oct 27 12:57:41 aeryn postfix/smtpd[19668]: warning: > remotemachine.example.com[1.2.3.4]: SASL NTLM > authentication failed: authentication failure > Oct 27 12:57:41 aeryn postfix/smtpd[19668]: disconnect from > remotemachine.example.com[1.2.3.4] Yes. That's because you have too limit the list of available mechanisms in /etc/postfix/sasl/smtpd.conf to list plain and login only: pwcheck_method: saslauthd mech_list: PLAIN LOGIN Test this using the testsaslauthd binary and proceed to SMTP sessions once it works using testsaslauthd. > > Removing OPTIONS all together or just keeping -c gives me a complain that > saslauthd can not be started. Should I really be running it with no > options? I can adjust my /etc/init.d/saslauthd script, though it is the > same as it was on my older Ubuntu server. Set it and leave it empty? [EMAIL PROTECTED] -- The Book of Postfix <http://www.postfix-book.com> saslfinger (debugging SMTP AUTH): <http://postfix.state-of-mind.de/patrick.koetter/saslfinger/>
