Hi, Can anyone help me...
On Thu, Jun 9, 2011 at 2:45 PM, Suresh Kumar Prajapati < er.sureshprajap...@gmail.com> wrote: > Hi, > > Followed your steps and this is output > > warning: SASL authentication failure: Password verification failed > Jun 9 13:12:26 domain.com postfix/smtpd[1391]: warning: > fdsakjfhbdskj.fdsakjfhbdskj.com[ip_address]: SASL plain authentication > failed: authentication failure > > > > testsaslauthd -s pam -u tom -p redhat > 0: NO "authentication failed" > > > testsaslauthd -s pam -u tom -p redhat > 0: NO "authentication failed" > > > > On Thu, Jun 9, 2011 at 2:36 PM, Patrick Ben Koetter > <p...@state-of-mind.de>wrote: > >> * Suresh Kumar Prajapati <er.sureshprajap...@gmail.com>: >> > For the time being I just want to go with system accounts,once this is >> set , >> > I can catch up with second option. >> >> Fine. >> >> Run saslauthd with "-a shadow". >> Run testsaslauthd and verify you have a user for whom authenication works. >> Drop "smtpd_sasl_local_domain" in main.cf. >> Reload postfix. >> Download http://jetmore.org/john/code/gen-auth, make it executable and >> run it >> like this: >> >> % ./gen-auth plain username password >> Auth String: AGZvbwBiYXI= >> >> Use the Auth String: (here: AGZvbwBiYXI=) in a telnet session. Do not use >> "LOGIN" as in your previous test. Send PLAIN like this: >> >> AUTH PLAIN AGZvbwBiYXI= >> >> It *should* work... >> >> p@rick >> >> >> >> >> > >> > >> > >> > On Thu, Jun 9, 2011 at 2:23 PM, Patrick Ben Koetter <p...@state-of-mind.de >> >wrote: >> > >> > > * Suresh Kumar Prajapati <er.sureshprajap...@gmail.com>: >> > > > Both are system users and I've assigned password to them using >> > > > passwd user_name >> > > > command as well >> > > > saslpasswd2 user_name >> > > >> > > So we have two ways to go: system accounts or separate mail user >> database. >> > > >> > > I recommend using the separate database, because compromised accounts >> would >> > > only affect your mail service but not the system (if you use different >> > > usernames and passwords...). >> > > >> > > Which way do you want to go? >> > > >> > > p@rick >> > > >> > > >> > > >> > > > >> > > > >> > > > >> > > > On Thu, Jun 9, 2011 at 2:12 PM, Patrick Ben Koetter < >> p...@state-of-mind.de >> > > >wrote: >> > > > >> > > > > * Suresh Kumar Prajapati <er.sureshprajap...@gmail.com>: >> > > > > > Hi >> > > > > > following is the output from the command you have >> > > > > > [root@<domain.com> ~]# testsaslauthd -s pam -u tom -p redhat >> > > > > > 0: NO "authentication failed" >> > > > > > >> > > > > > and then i change /etc/sysconfig/saslauthd >> > > > > > fiel MECH=shadow >> > > > > > and then run the following command >> > > > > > >> > > > > > [root@<domain.com> ~]# testsaslauthd -s shadow -u tom -p redhat >> > > > > > 0: OK "Success." >> > > > > >> > > > > Great. We're one step further. >> > > > > >> > > > > Where do you store the identities mail senders should use to >> > > authenticate? >> > > > > Are >> > > > > all your senders system accounts? Are they in a database? >> > > > > >> > > > > p@rick >> > > > > >> > > > > >> > > > > -- >> > > > > All technical questions asked privately will be automatically >> answered >> > > on >> > > > > the >> > > > > list and archived for public access unless privacy is explicitely >> > > required >> > > > > and >> > > > > justified. >> > > > > >> > > > > saslfinger (debugging SMTP AUTH): >> > > > > <http://postfix.state-of-mind.de/patrick.koetter/saslfinger/> >> > > > > >> > > > >> > > > >> > > > >> > > > -- >> > > > Best Regards, >> > > > Suresh Kumar Prajapati >> > > > Linux Security Admin >> > > > E-mail: er.sureshprajap...@gmail.com >> > > > >> > > >> ---------------------------------------------------------------------------------------- >> > > > Pencils could be made with erasers at both ends, but what would be >> the >> > > > point? >> > > >> > > -- >> > > state of mind () >> > > Digitale Kommunikation >> > > >> > > http://www.state-of-mind.de >> > > >> > > Franziskanerstraße 15 Telefon +49 89 3090 4664 >> > > 81669 München Telefax +49 89 3090 4666 >> > > >> > > Amtsgericht München Partnerschaftsregister PR 563 >> > > >> > > >> > >> > >> > -- >> > Best Regards, >> > Suresh Kumar Prajapati >> > Linux Security Admin >> > E-mail: er.sureshprajap...@gmail.com >> > >> ---------------------------------------------------------------------------------------- >> > Pencils could be made with erasers at both ends, but what would be the >> > point? >> >> -- >> All technical questions asked privately will be automatically answered on >> the >> list and archived for public access unless privacy is explicitely required >> and >> justified. >> >> saslfinger (debugging SMTP AUTH): >> <http://postfix.state-of-mind.de/patrick.koetter/saslfinger/> >> > > > > -- > Best Regards, > Suresh Kumar Prajapati > Linux Security Admin > E-mail: er.sureshprajap...@gmail.com > > ---------------------------------------------------------------------------------------- > Pencils could be made with erasers at both ends, but what would be the > point? > -- Best Regards, Suresh Kumar Prajapati Linux Security Admin E-mail: er.sureshprajap...@gmail.com ---------------------------------------------------------------------------------------- Pencils could be made with erasers at both ends, but what would be the point?
