> From: Simon Brereton > Probably not the best place for this, but hopefully someone will tell > me what I'm doing wrong anyway.. > > I've gotten the TLS up and working. And SASL auth seemed to be > working. I installed saslfinger and everything was fine there. But > when trying to locally inject mail on the submission port, I get: > > Apr 11 20:31:10 jonty postfix/smtpd[28787]: setting up TLS connection > from localhost[127.0.0.1] Apr 11 20:31:10 jonty postfix/smtpd[28787]: > Anonymous TLS connection established from localhost[127.0.0.1]: TLSv1 > with cipher DHE-RSA-AES256-SHA (256/256 bits) Apr 11 20:31:10 jonty > postfix/smtpd[28787]: warning: localhost[127.0.0.1]: SASL LOGIN > authentication failed: authentication failure Apr 11 20:31:10 jonty > postfix/smtpd[28787]: disconnect from localhost[127.0.0.1] > > I turned the verbosity up in smtpd.conf to try and diagnose this, and > it does nothing (which I guess is my biggest issue). > > 1 # Global Parameters > 2 log_level: 7
I've done some more investigating on this - I still can't get more lines into the log, so it's a bit like working blindfolded. This is a new set-up based off my old configuration and I figured out that actually SASL auth isn't working on port 25 either. After staring at http://www.postfix.org/SASL_README.html for an hour.. ... The value sent by Postfix is the name of the server component that will use Cyrus SASL. It defaults to smtpd and is configured with one of the following variables: /etc/postfix/main.cf: # Postfix 2.3 and later smtpd_sasl_path = smtpd ... Okay. Check. I have this file in /etc/postfix/sasl/smtpd.conf in both configurations (and in fact it's the same file - and the one where I tried to increase the verbosity and failed). ... Cyrus SASL configuration file location The location where Cyrus SASL searches for the named file depends on the Cyrus SASL version and the OS/distribution used. You can read more about the following topics: Cyrus SASL version 2.x searches for the configuration file in /usr/lib/sasl2/. Cyrus SASL version 2.1.22 and newer additionally search in /etc/sasl2/. Some Postfix distributions are modified and look for the Cyrus SASL configuration file in /etc/postfix/sasl/, /var/lib/sasl2/ etc. See the distribution-specific documentation to determine the expected location. Note Cyrus SASL searches /usr/lib/sasl2/ first. If it finds the specified configuration file there, it will not examine other locations. ... How can I find where Cyrus or Postfix are expecting to find this file? I'm starting to suspect that I don't have it in the right location for the new installation. Also from the SASL_README.. ... saslauthd - Cyrus SASL password verification service Communication between the Postfix SMTP server (read: Cyrus SASL's libsasl) and the saslauthd server takes place over a UNIX-domain socket. saslauthd usually establishes the UNIX domain socket in /var/run/saslauthd/ and waits for authentication requests. The Postfix SMTP server must have read+execute permission to this directory or authentication attempts will fail. ... Whilst my /etc/default/saslauth has been modified to include OPTIONS="-c -m /var/spool/postfix/var/run/saslauthd" /var/run/saslauth exists on the new server, but not on the old. However, /var/spool/postfix/var/run/saslauthd, also exists. On neither server though does postfix have read+execute permissions (both are owned by root). Changing this so that postfix does have read+execute to the mux doesn't change anything. What am I doing wrong?
