> > > > in smtp_sasl_passwd:
> > > > exchange_IP user:pwd
> > >
> > > Why not "[exchange_IP]" (with the enclosing []) for the lookup key.
> >
> > I can put with that..tried with [] but like it didn't work i
> > putted like i have in linux, but if you think it is better i can
> > put [] again.
>
> http://www.postfix.org/SASL_README.html#client_sasl
>
> Important
>
> Keep the SASL client password file in /etc/postfix, and make
> the file read+write only for root to protect the username/password
> combinations against other users. The Postfix SMTP client will
> still be able to read the SASL client passwords. It opens the
> file as user root before it drops privileges, and before entering
> an optional chroot jail.
>
> Use the postmap command whenever you change the
> /etc/postfix/sasl_passwd file.
>
> If you specify the "[" and "]" in the relayhost destination,
> then you must use the same form in the smtp_sasl_password_maps
> file.
>
> If you specify a non-default TCP Port (such as ":submission"
> or ":587") in the relayhost destination, then you must use the
> same form in the smtp_sasl_password_maps file.
>
will set.
>
> > > Also is TLS configured?
> >
> > No, like i don't have in linux i didn't put any TLS configuration
> > is it needed?
>
>
> It is recommended when using plaintext authentication mechanisms.
> Whether you would benefit by protecting your traffic from eavesdropping
> and MITM attacks is up to you.
i will not use plaintext (thanks for the warning).
>
>
> > > Solaris may not ship the "LOGIN" mechanism by default, real MTAs offer
> > > "PLAIN". But Microsoft MTAs sometimes prefer "LOGIN" and you need your
> > > Cyrus to provide the corresponding module.
> > >
> > > Look in /usr/lib/sasl2 or whereever your SASL modules are kept.
> >
> > Can you help? i have these:
> > bash-3.00# pwd /usr/lib/sasl2
> > bash-3.00# ls
>
> libanonymous.so
> libcrammd5.so
> libdigestmd5.so
> libgssapiv2.so
> libotp.so
> libplain.so
> libsasldb.so
> libscram.so
>
> > should it be a "liblogin"
>
> Yes, if your server only supports "LOGIN" and not "PLAIN".
>
> > In logs its normal not to see any kind of errors regarding the
> > authentication?
>
> Not if the Postfix server in question was not compiled with SASL
> support. Does it support SASL? Otherwise, one might expect error
> messages about not finding any common mechanisms. If you don't
> see these, and the password_maps table is set up as claimed, most
> likely this Postfix has no support for SASL (and perhaps Berkeley
> DB).
>
> postconf -d | grep _sasl_
>
> When Postfix has no SASL support, there are a lot fewer SASL related
> parameters reported. To list the supported database backends, try
>
postconf -d | grep _sasl_ | wc -l 34
well i think the list is big enough (same number on a working server), but i
found a difference:
man postconf-A List the available SASL client plug-in types...
on the working server:postconf -Acyrus
on the solaris...bash-3.00#postconf -Abash-3.00#
how about that?it seems that postfix supports sasl (at least he as the options
for that), but he can't find the cyrus framework...m i correct?
> postconf -m
postconf -mcidrdbm
environfailinternalldapmemcachenisnisplusproxyregexpstatictcptexthashunix
dbm is there, as per my config shouldn't be the problem..right?
>
> --
> Viktor.
