On Saturday, July 21, 2012 12:34:31 AM Rich Carreiro wrote:
...
Snipping heavily to make it easier to follow.
> However, I am trying to migrate this over to an
> Ubuntu 12.04LTS system running Postfix 2.9.3
> and I just cannot get it to work. I'm doing everything
> the same, but postfix gives authentication failures
> every time.
>
> It's not the /etc/sasldb2 file. I've tried bringing
> over the file from the old system and that doesn't work.
> I've created a new file using
>
> saslpasswd2 -c -u mail.mydomain.com authusername
>
> and that doesn't work, though it *WILL* work on the old system
> if I copy it to the old system, which is how I know there's
> nothing wrong with the file.
Sometimes Berkeley DB changes it's on disk format. Cyrus SASL in the
Debian/Ubuntu packages (I don't recall if it's upstream or a patch) has code
to upgrade from one format to another, so it's not guaranteed that you can
copy sasldb files between versions of cyrus-sasl2 that were built with
different
DB versions. I don't know of any incompatibilities, but it's something to be
careful of. You've excluded this by trying a new sasldb, but I thought it'd
be worth mentioning.
> Likewise, I know postfix is seeing the smtpd.conf file.
> If I add more mechanisms to the mech_list line of the file,
> I see those extra mechanisms being advertised when I connect
> to the smtpd daemon. And when I remove them they go away
> again. So /etc/postfix/sasl/smtpd.conf is clearly
> getting used.
This seems to conflict with what saslfinger shows.
> I am testing both by using an actual mail client and by
> manually talking to the server after generating a token with this:
>
> perl -MMIME::Base64 -e 'print
> encode_base64("\000authusername\000thePassword");'
>
> then:
>
> openssl s_client -quiet -starttls smtp -connect the.newsystem.com:587
>
> 250 DSN
> EHLO example.com
> 250-the.newsystem.com
> 250-PIPELINING
> 250-SIZE 20971520
> 250-ETRN
> 250-AUTH PLAIN
> 250-AUTH=PLAIN
> 250-ENHANCEDSTATUSCODES
> 250-8BITMIME
> 250 DSN
> AUTH PLAIN theBase64EncodedToken
> 535 5.7.8 Error: authentication failed: authentication failure
This exact process works on my Ubuntu 12.04 box. Did you copy the sasldb into
the chroot (/var/spool/postfix/etc/sasldb2)?
> But if I instead connect to the.oldsystem.com:587 and do the
> same thing, I get:
>
> 235 2.7.0 Authentication successful
>
> The output of saslfinger on the new machine is:
...
Mine is very similar. Differences:
> smtpd_sasl_path = smtpd
smtpd_sasl_path =
> -- content of /etc/postfix/sasl/smtpd.conf --
> pwcheck_method: auxprop
> auxprop_plugin: sasldb
> mech_list: PLAIN
-- content of /etc/postfix/sasl/smtpd.conf --
#Global parameters
log_level: 2
pwcheck_method: auxprop
#saslauthd parameters
mech_list: PLAIN LOGIN
#auxiliary plugin parameters:
auxprop_plugin: sasldb
> -- content of /etc/postfix/sasl/smtpd.conf --
> pwcheck_method: auxprop
> auxprop_plugin: sasldb
> mech_list: PLAIN
-- content of /etc/postfix/sasl/smtpd.conf --
#Global parameters
log_level: 2
pwcheck_method: auxprop
#saslauthd parameters
mech_list: PLAIN LOGIN
#auxiliary plugin parameters:
auxprop_plugin: sasldb
...
> -o smtpd_tls_security_level=encrypt
smtpd_tls_security_level =
(also no milter on submission)
> [snipping the rest of the services]
>
> -- mechanisms on localhost --
>
> -- end of saslfinger output --
-- mechanisms on localhost --
250-AUTH PLAIN LOGIN
250-AUTH=PLAIN LOGIN
Scott K
