On Sat, May 19, 2012 at 05:38:43PM +0200, ml ml wrote: > i cant get postfix with smtpd saslauthd working and its driving me > crazy! > > warning: SASL authentication problem: unknown password verifier > warning: unknown[192.168.10.30]: SASL LOGIN authentication failed: > no mechanism available
When posting logs here, do not trim. That should have been preceded by a "$DATE postfix/smtpd[$PID]". If it was NOT smtpd, read no further. Also, the entire logging related to this connection might have been useful. Why are you using LOGIN authentication? PLAIN is the standard. > Basically i followed the howto from > http://wiki.debian.org/PostfixAndSASLb See also the Cyrus SASL portions of the Postfix SASL_README. To be precise, you should only view third party HOWTO documents as an addition to the Postfix documentation. You'll also need to see your distributor's documentation of their non-standard Cyrus SASL package. Specifically they use non-standard paths. > Saslauthd seems to work: > /usr/sbin/testsaslauthd -u admin -p xxxx > 0: OK "Success." I think you'll need to specify "-s smtpd" to ensure you're testing your smtpd.conf file. No manual entry for testsaslauthd here, unfortunately. > ~# postconf -n > mailbox_transport = lmtp:unix:/usr/local/foo-admin/cyrus/var/socket/lmtp It appears you are using Cyrus IMAP also. Consider Dovecot IMAP and SASL as a package deal. It's much easier to set up. > mydestination = But with no local(8) domains, mailbox_transport is not used. > relay_domains = ldap:/usr/local/foo-admin/postfix/etc/relaydomains.cf No relay_recipient_maps looks bad here. You could be a backscatter source. I don't know anything about this "foo-admin" thing, BTW; it will not be supported on this list (and might be related to your problem.) > smtpd_client_restrictions = permit_mynetworks permit_sasl_authenticated This line does nothing. Remove it. > smtpd_sasl_auth_enable = yes > smtpd_sasl_local_domain = $myhostname > smtpd_tls_cert_file = /etc/ssl/certs/ssl-cert-snakeoil.pem > smtpd_tls_key_file = /etc/ssl/private/ssl-cert-snakeoil.key > smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache > smtpd_use_tls = no The last line of that is a deprecated setting, but it probably makes the other smtpd_tls_* settings moot. > transport_maps = ldap:/usr/local/foo-admin/postfix/etc/transportmaps.cf Is this used for the relay_domains? > virtual_alias_maps = ldap:/usr/local/foo-admin/postfix/etc/virtusertable.cf Note: this also defines virtual_alias_domains by default. > virtual_mailbox_domains = > ldap:/usr/local/foo-admin/postfix/etc/mydestination.cf It's a bad idea to use misleading names. I would expect a file called "mydestination.cf" to define $mydestination. > virtual_mailbox_maps = ldap:/usr/local/foo-admin/postfix/etc/virtusertable.cf This looks very bad, to use the same query for virtual_alias_maps and virtual_mailbox_maps. Why did you do that? The data returned differs. This looks broken to me. > virtual_transport = lmtp:unix:/usr/local/foo-admin/cyrus/var/socket/lmtp > > cat /etc/postfix/sasl/smtpd.conf > pwcheck_method: saslauthd > mech_list: PLAIN LOGIN > > > ~# grep ^smtp /etc/postfix/master.cf > smtp inet n - - - - smtpd > smtp unix - - - - - smt Take it out of the chroot if you do not know how to maintain the chroot. This is an ongoing issue with Debian. You probably do not need chroot anyway. > What does "unknown password verifier" mean and who creates the > error and why? It was created by the daemon process whose name you snipped from the log line above. It looks like your Cyrus SASL does not support LOGIN mechanism. The answer to that might be found in the distributor's Cyrus SASL documentation. > How can i verify if postfix smtpd and sasl are set up with the > correct permissions, links and chroot? If by "links" you mean symbolic links, those don't work in a chroot environment unless they are relative to the chroot (links pointing within the chroot.) The Postfix DEBUG_README covers how to take it out of chroot, and chroot examples are provided with the source code package. -- http://rob0.nodns4.us/ -- system administration and consulting Offlist GMX mail is seen only if "/dev/rob0" is in the Subject:
