On Feb 15, 2012, at 8:09 PM, jeffrey j donovan wrote: > > On Feb 15, 2012, at 10:47 AM, Bill Cole wrote: > >> On 15 Feb 2012, at 7:57, jeffrey j donovan wrote: >> >>> On Feb 14, 2012, at 10:57 PM, Bill Cole wrote: >>> >>>> On 14 Feb 2012, at 17:35, Bradley Giesbrecht wrote: >>>> >>>>> On Feb 14, 2012, at 6:45 AM, jeffrey j donovan wrote: >>>>> >>>>>> greetings >>>>>> >>>>>> I have a couple of PPC 10.5 machines running as authenticated smtp >>>>>> relays. I upgraded postfix to 2.9.0 using macports. >>>>>> >>>>>> I am running into a warning when I run postfix check. >>>>>> >>>>>> /opt/local/sbin/postconf: warning: /opt/local/etc/postfix/main.cf: >>>>>> unused parameter: smtpd_use_pw_server=yes >>>>>> /opt/local/sbin/postconf: warning: /opt/local/etc/postfix/main.cf: >>>>>> unused parameter: smtpd_pw_server_security_options=login,cram-md5 >>>>>> /opt/local/sbin/postconf: warning: /opt/local/etc/postfix/main.cf: >>>>>> unused parameter: enable_server_options=yes >>>>>> >>>>>> >>>>>> these options were to access my local password server for >>>>>> authentication. Is there an alternate command ? >>>>>> how do I get my users to authenticated without creating another password >>>>>> database ? >>>>>> >>>>>> thanks for any insight >>>>>> -j >>>>> >>>>> To see what Apple is doing look here at postfix-174.2: >>>>> http://opensource.apple.com/release/mac-os-x-1058/ >>>> >>>> Also useful if anyone wants to try building a more current >>>> Apple-customized version of postfix on older MacOS versions: >>> >>> Hi Bill, >>> do you have any instructions on how to do that ? I have a bunch of 10.5.8 >>> machines running postfix 2.4 and I need to update them. >> >> I have not done so myself, as I long ago switched my older Macs running >> MTA's to standard Postfix (i.e. roughly what MacPorts provides) and use >> Dovecot SASL's PAM support to work with real system users. Building from >> Apple's source may be something of a challenge since they don't really >> document the build environment required, specific dependencies for the >> various projects like Postfix, or OS version compatibilities. It could be >> that all of the newer versions on that site are only compatible with the >> MacOS versions they were released with, and making them build and function >> on a Leopard machine may require a serious backporting effort or be >> essentially impossible without re-implementing their changes for Lion in >> Leopard-compatible ways. On the other hand, getting up to the latest Apple >> version of Postfix as shipped on Lion may be as simple as a couple of 'make' >> commands. If you are not already comfortable doing build debugging, I would >> recommend not putting much effort into this beyond seeing if it "Just Works". >> >> The tarballs include a Makefile that appears to include a normal set of >> targets that patch the source, build with Mac-aware options, and install in >> Mac-specific places with auxiliary stuff like launchd files and default >> configs. So a first try (on a Mac with the developer tools installed and >> which you have a good backup for, of course) would be: >> >> 1. Download and unpack the tarball for the version you want to try (the >> latest is 229.3, based on Postfix 2.8.3) >> 2. Open a Terminal winow and either launch a root shell or preface >> everything below with 'sudo' (which will ask you for your password the first >> time... I expect you know that routine) >> 3. Use cd to switch into the directory that was unpacked from the tarball >> (i.e. 'postfix-229.3' if you got 229.3) >> 4. Run 'make build' which will patch the source and attempt to build >> postfix. This may well fail the first time. >> 5. This is the point of decision: if 'make build' fails the first time, you >> can either give up or dive into the build debugging/backporting process. I >> can't walk you through that (particularly on this list) and I don't advise >> doing it at all if you are not already somewhat familiar with software >> porting. The risk of trying that is that you can waste a lot of time trying >> to fix whatever does not work and get nowhere. In my experience, the >> critical skill in this sort of hacking has been recognizing when I'm out of >> my depth or putting in more time than the real value of the solution. >> 6. If (4) Just Works, run 'make install' to install the fresh Postfix under >> /usr/local or edit the Makefile to change DSTROOT to '/' if you want to >> clobber the existing Postfix. If you install in /usr/local you will need to >> manually replace the existing Postfix launchd file in >> /System/Library/LaunchDaemons with a link to the new one into >> /usr/local/System/Library/LaunchDaemons >> >> > > whoa, thanks bill, when Im done chewing through mac ports i am going to try > the apple build. I want to try to run this system with upgradable options. > > section 5. is usually where i get stuck. So I have to go library hunting. -- > something im not very good at. So i tried mac ports. > > your right,.. at this point I have a working basic postfix install from mac > ports. I've done some reading and some comparisons. I will follow your advise > and build from apples source and then look at the differences. > the patched sasl from apple is whats clearly throwing me. Something I never > had to contend with. Now I just need to see how my port is using saslauthd, > and where it expects it's files to be. > I suspect apple did some ldap magic . > > i'm looking to do this; > ../saslauthd -a ldap -d -O /usr/local/etc/saslauthd.conf -H 127.0.0.1
Thanks to all who slapped/sent me hunting in the right direction. The postfix docs with a plethora of information. And a few good tools. postfix 2.9 installed just fine on ppc with mac ports osx 10.5.8. It was my lack of understanding how apple actually did it's authentication. I was unable to use ldap module with the saslauthd, the port I used does not have the module as a variant. i will probably build my own version. /opt/local/sbin/saslauthd -v saslauthd 2.1.23 authentication mechanisms: getpwent kerberos5 rimap So i was forced to use rimap for the time being. Started imap and then started /opt/local/sbin/saslauthd -a rimap -d -O 127.0.0.1 -m /opt/local/var/spool/postfix/saslauthd -V ./testsaslauthd -u joeuser -p coolpasswd -f /opt/local/var/spool/postfix/saslauthd/mux 0: OK "Success." then I configured postfix to require tls broken_sasl_auth_clients = yes smtpd_enforce_tls = yes smtpd_recipient_restrictions = permit_sasl_authenticated,permit_mynetworks,reject_unauth_destination,permit smtpd_sasl_auth_enable = yes smtpd_sasl_security_options = noanonymous smtpd_tls_auth_only = yes smtpd_tls_cert_file = /etc/certificates/some.crt smtpd_tls_key_file = /etc/certificates/some.key smtpd_use_tls = yes tls_random_source = dev:/dev/urandom started postfix user logged in accepted cert provided Auth credentials and was able to send mail. postfix/smtpd[87346]: connect from bragg.mydomain.org[10.10.10.1] postfix/smtpd[87346]: 98BA5D9323: client=smtps.mydomain.org[10.10.10.1], sasl_method=PLAIN, sasl_username=lukeskywalker postfix/cleanup[87352]: 98BA5D9323: message-id=<[email protected]> postfix/qmgr[83756]: 98BA5D9323: from=<[email protected]>, size=616, nrcpt=1 (queue active) postfix/smtp[87353]: 98BA5D9323: to=<[email protected]>, relay=mx1.mydomain.org[10.10.1.6]:25, delay=1.2, delays=0.03/0.05/1.1/0.05, dsn=2.0.0, status=sent (250 2.0.0 Ok: queued as BC98CA08134) postfix/qmgr[83756]: 98BA5D9323: removed hope this info may be useful to someone down the road. -j **ps:; yes i know plain text is not optimal but it's working well. There are other methods that may allow MD5 or kerberos. I am going to explore those options next.
