Re: Postfix+SASL chrooted - out of ideas (SASL_README tweak)

Fri, 03 Jun 2022 02:09:43 -0700 

On 02.06.22 08:38, raf wrote:
>No. Perhaps in the past, but no longer. I grepped for
>/etc/postfix/sasl in every file on a debian11 system
>and it didn't appear in libsasl2 or anywhere
>interesting.



On Thu, Jun 02, 2022 at 03:45:01PM +0200, Matus UHLAR - fantomas wrote:

maybe it uses e.g. path like:

$config_directory/sasl/$smtpd_sasl_path


On 02.06.22 15:21, Viktor Dukhovni wrote:

That could happen in main.cf (or a master.cf override), via:

   cyrus_sasl_config_path = $config_directory/sasl/$smtpd_sasl_path

and is most unlikely otherwise.


250-AUTH DIGEST-MD5 NTLM CRAM-MD5 PLAIN LOGIN


I have tested it now on debian 11 according to:
https://wiki.debian.org/PostfixAndSASL#Implementation_using_Cyrus_SASL

version without changing postfix options
and I was able to set up sasl authentication.


Can you show evidence that:

   * No component of /etc/postfix/sasl/smtpd.conf is a symlink


% ls -ld /etc /etc/postfix /etc/postfix/sasl /etc/postfix/sasl/smtpd.conf
drwxr-xr-x 142 root root 12288 Jun  2 15:08 /etc/
drwxr-xr-x   5 root root  4096 Jun  2 15:00 /etc/postfix/
drwxr-xr-x   2 root root  4096 Jun  2 15:35 /etc/postfix/sasl/
-rw-r--r--   1 root root    26 Jun  2 15:35 /etc/postfix/sasl/smtpd.conf


   * There are no symlinks from /etc/sasl2 ors similar into /etc/postfix/sasl


% ls -ld /etc/sasl2
ls: cannot access '/etc/sasl2': No such file or directory


   * cyrus_sasl_config_path is not set


% postconf cyrus_sasl_config_path
cyrus_sasl_config_path =
% postconf -d cyrus_sasl_config_path
cyrus_sasl_config_path =


   * The /etc/postfix/sasl/smtpd.conf configuration is actually used,
     e.g. by tweaking the mechanism list to either include or exclude
     "LOGIN" and that this is reflected in the list of offered AUTH
     mechanisms in response to EHLO.



I tried this before, auth did not work without "pwcheck_method", did without 
"mech_list"



/etc/postfix/sasl/smtpd.conf

     pwcheck_method: saslauthd
     mech_list: PLAIN LOGIN


What happens when you remove "LOGIN" from this setting?



without mech_list line I get: 
250-AUTH DIGEST-MD5 NTLM CRAM-MD5 PLAIN LOGIN


with the above in mech_list I get:
250-AUTH PLAIN LOGIN

postfix restart affects what I see, saslauth restart does not.


Also can you "apt-get source postfix", and post a link to the tarball?


this will unpack the tarball in local directory.

I use standard debian packages, there's SASL related patch but it doesn't 
seem to affect this issue


https://sources.debian.org/patches/postfix/3.5.6-1/
https://sources.debian.org/patches/postfix/3.5.6-1/07_sasl_config.diff/

--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
10 GOTO 10 : REM (C) Bill Gates 1998, All Rights Reserved!























					Reply via email to