* Suresh Kumar Prajapati <er.sureshprajap...@gmail.com>: > For the time being I just want to go with system accounts,once this is set , > I can catch up with second option.
Fine. Run saslauthd with "-a shadow". Run testsaslauthd and verify you have a user for whom authenication works. Drop "smtpd_sasl_local_domain" in main.cf. Reload postfix. Download http://jetmore.org/john/code/gen-auth, make it executable and run it like this: % ./gen-auth plain username password Auth String: AGZvbwBiYXI= Use the Auth String: (here: AGZvbwBiYXI=) in a telnet session. Do not use "LOGIN" as in your previous test. Send PLAIN like this: AUTH PLAIN AGZvbwBiYXI= It *should* work... p@rick > > > > On Thu, Jun 9, 2011 at 2:23 PM, Patrick Ben Koetter > <p...@state-of-mind.de>wrote: > > > * Suresh Kumar Prajapati <er.sureshprajap...@gmail.com>: > > > Both are system users and I've assigned password to them using > > > passwd user_name > > > command as well > > > saslpasswd2 user_name > > > > So we have two ways to go: system accounts or separate mail user database. > > > > I recommend using the separate database, because compromised accounts would > > only affect your mail service but not the system (if you use different > > usernames and passwords...). > > > > Which way do you want to go? > > > > p@rick > > > > > > > > > > > > > > > > > > On Thu, Jun 9, 2011 at 2:12 PM, Patrick Ben Koetter <p...@state-of-mind.de > > >wrote: > > > > > > > * Suresh Kumar Prajapati <er.sureshprajap...@gmail.com>: > > > > > Hi > > > > > following is the output from the command you have > > > > > [root@<domain.com> ~]# testsaslauthd -s pam -u tom -p redhat > > > > > 0: NO "authentication failed" > > > > > > > > > > and then i change /etc/sysconfig/saslauthd > > > > > fiel MECH=shadow > > > > > and then run the following command > > > > > > > > > > [root@<domain.com> ~]# testsaslauthd -s shadow -u tom -p redhat > > > > > 0: OK "Success." > > > > > > > > Great. We're one step further. > > > > > > > > Where do you store the identities mail senders should use to > > authenticate? > > > > Are > > > > all your senders system accounts? Are they in a database? > > > > > > > > p@rick > > > > > > > > > > > > -- > > > > All technical questions asked privately will be automatically answered > > on > > > > the > > > > list and archived for public access unless privacy is explicitely > > required > > > > and > > > > justified. > > > > > > > > saslfinger (debugging SMTP AUTH): > > > > <http://postfix.state-of-mind.de/patrick.koetter/saslfinger/> > > > > > > > > > > > > > > > > -- > > > Best Regards, > > > Suresh Kumar Prajapati > > > Linux Security Admin > > > E-mail: er.sureshprajap...@gmail.com > > > > > ---------------------------------------------------------------------------------------- > > > Pencils could be made with erasers at both ends, but what would be the > > > point? > > > > -- > > state of mind () > > Digitale Kommunikation > > > > http://www.state-of-mind.de > > > > Franziskanerstraße 15 Telefon +49 89 3090 4664 > > 81669 München Telefax +49 89 3090 4666 > > > > Amtsgericht München Partnerschaftsregister PR 563 > > > > > > > -- > Best Regards, > Suresh Kumar Prajapati > Linux Security Admin > E-mail: er.sureshprajap...@gmail.com > ---------------------------------------------------------------------------------------- > Pencils could be made with erasers at both ends, but what would be the > point? -- All technical questions asked privately will be automatically answered on the list and archived for public access unless privacy is explicitely required and justified. saslfinger (debugging SMTP AUTH): <http://postfix.state-of-mind.de/patrick.koetter/saslfinger/>
