Re: Postfix SASL Authentication
On 8/8/2006 9:20 AM, Gerard Seibert wrote: FreeBSD 6.1 STABLE I have SASL and Postfix installed and for the most part they seem to work all right together. However, there is one small problem. When attempting to send a message from one of the PC's on the network, actually any PC on the network except for the one with Postfix installed on it, this error message is inserted into the maillog file. Aug 8 10:11:32 scorpio postfix/smtpd[1310]: connect from boss.seibercom.net[192.168.0.4] Aug 8 10:11:32 scorpio postfix/smtpd[1310]: warning: SASL authentication failure: no user in db Aug 8 10:11:32 scorpio postfix/smtpd[1310]: 859B9BD6C: client=boss.seibercom.net[192.168.0.4], sasl_method=LOGIN, [EMAIL PROTECTED] All of the users are authenticated. Exactly what is it referring to and how do I correct it? The mail does get relayed however, so it is not a fatal warning. Which version of SASL? v1 or v2? The following is based on ym experience with v2, and I don't know if it applies to v1 or not. As far as the message in you log file, it's attempting to authenticate, but it's not connecting to the user database to verify the user. More than likely it's allowing you to send mail from the local server because you have Postfix configured to allow it to relay mail from localhost, and that this is allowing you to send the email even though authentication is failing. To determine which authentication methods Postfix will accept, telnet to localhost on port 25 and issue a EHLO: mail# telnet localhost 25 Trying ::1... Connected to localhost.domain.com. Escape character is '^]'. 220 mail.domain.com ESMTP Postfix EHLO localhost 250-mail.domain.com 250-PIPELINING 250-SIZE 1024 250-VRFY 250-ETRN 250-AUTH NTLM LOGIN PLAIN GSSAPI DIGEST-MD5 CRAM-MD5 250-AUTH=NTLM LOGIN PLAIN GSSAPI DIGEST-MD5 CRAM-MD5 250-ENHANCEDSTATUSCODES 250-8BITMIME 250 DSN In this instance, the AUTH line dictates which authentication mechanisms Postfix will accept. In this case: NTLM LOGIN PLAIN GSSAPI DIGEST-MD5 CRAM-MD5 Check your /usr/local/lib/sasl2/smtpd.conf file and make sure that you have the correct auth mechanism listed. For plain text login that's verified against your existing users, your smtpd.conf file would read as follows: pwcheck_method: saslauthd This will verify against your existing user accounts. There are other methods, such as pwcheck_method: sasldb, that will verify against SASL's own password database, which I've never used. Make sure that you have saslauthd running (which it appears you do). Issue the following: # /usr/local/sbin/testsaslauthd -u username -p password 0: OK Success. If saslauthd is operating correctly, you'll recieve the OK Success. If not, your problem is with saslauthd. If your AUTH line does not list the right AUTH mechanism, the problem is with Postfix. For instance, if you're trying to use SMTP-AUTH from a client on your network, and have pwcheck_method: saslauthd defined in your smtpd.conf file, you have to have PLAIN LOGIN appear in the AUTH line when telnetting. Best regards, Greg Groth ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Postfix SASL Authentication
Gerard Seibert wrote: FreeBSD 6.1 STABLE I have SASL and Postfix installed and for the most part they seem to work all right together. However, there is one small problem. When attempting to send a message from one of the PC's on the network, actually any PC on the network except for the one with Postfix installed on it, this error message is inserted into the maillog file. Aug 8 10:11:32 scorpio postfix/smtpd[1310]: connect from boss.seibercom.net[192.168.0.4] Aug 8 10:11:32 scorpio postfix/smtpd[1310]: warning: SASL authentication failure: no user in db Aug 8 10:11:32 scorpio postfix/smtpd[1310]: 859B9BD6C: client=boss.seibercom.net[192.168.0.4], sasl_method=LOGIN, [EMAIL PROTECTED] All of the users are authenticated. Exactly what is it referring to and how do I correct it? The mail does get relayed however, so it is not a fatal warning. Sasl is attempting to use sasldb2 *before* it uses /etc/passwd (or pam, as the case may be.) It's harmless in any case. What do you have in the smtpd.conf file? (/usr/local/lib/sasl2/smtpd.conf) -- Paul Schmehl ([EMAIL PROTECTED]) Adjunct Information Security Officer The University of Texas at Dallas http://www.utdallas.edu/ir/security/ smime.p7s Description: S/MIME Cryptographic Signature
Re: Postfix SASL Authentication
Paul Schmehl wrote: Sasl is attempting to use sasldb2 *before* it uses /etc/passwd (or pam, as the case may be.) It's harmless in any case. What do you have in the smtpd.conf file? (/usr/local/lib/sasl2/smtpd.conf) This is the contents: ## Global Values pwcheck_method: auxprop auxprop_plugin: sasldb log_level: 7 mech_list: PLAIN LOGIN -- Gerard Seibert [EMAIL PROTECTED] ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Postfix SASL Authentication
Greg Groth wrote: On 8/8/2006 9:20 AM, Gerard Seibert wrote: FreeBSD 6.1 STABLE I have SASL and Postfix installed and for the most part they seem to work all right together. However, there is one small problem. When attempting to send a message from one of the PC's on the network, actually any PC on the network except for the one with Postfix installed on it, this error message is inserted into the maillog file. Aug 8 10:11:32 scorpio postfix/smtpd[1310]: connect from boss.seibercom.net[192.168.0.4] Aug 8 10:11:32 scorpio postfix/smtpd[1310]: warning: SASL authentication failure: no user in db Aug 8 10:11:32 scorpio postfix/smtpd[1310]: 859B9BD6C: client=boss.seibercom.net[192.168.0.4], sasl_method=LOGIN, [EMAIL PROTECTED] All of the users are authenticated. Exactly what is it referring to and how do I correct it? The mail does get relayed however, so it is not a fatal warning. Which version of SASL? v1 or v2? The following is based on ym experience with v2, and I don't know if it applies to v1 or not. As far as the message in you log file, it's attempting to authenticate, but it's not connecting to the user database to verify the user. More than likely it's allowing you to send mail from the local server because you have Postfix configured to allow it to relay mail from localhost, and that this is allowing you to send the email even though authentication is failing. To determine which authentication methods Postfix will accept, telnet to localhost on port 25 and issue a EHLO: mail# telnet localhost 25 Trying ::1... Connected to localhost.domain.com. Escape character is '^]'. 220 mail.domain.com ESMTP Postfix EHLO localhost 250-mail.domain.com 250-PIPELINING 250-SIZE 1024 250-VRFY 250-ETRN 250-AUTH NTLM LOGIN PLAIN GSSAPI DIGEST-MD5 CRAM-MD5 250-AUTH=NTLM LOGIN PLAIN GSSAPI DIGEST-MD5 CRAM-MD5 250-ENHANCEDSTATUSCODES 250-8BITMIME 250 DSN In this instance, the AUTH line dictates which authentication mechanisms Postfix will accept. In this case: NTLM LOGIN PLAIN GSSAPI DIGEST-MD5 CRAM-MD5 This is the output of mine: $ telnet localhost 25 Trying ::1... telnet: connect to address ::1: Connection refused Trying 127.0.0.1... Connected to localhost. Escape character is '^]'. 220 scorpio.seibercom.net ESMTP Postfix (2.4-20060727) ehlo localhost 250-scorpio.seibercom.net 250-PIPELINING 250-SIZE 1024 250-VRFY 250-ETRN 250-AUTH LOGIN PLAIN 250-AUTH=LOGIN PLAIN 250-ENHANCEDSTATUSCODES 250-8BITMIME 250 DSN I noticed that the first attempt is refused. Why I wonder. Check your /usr/local/lib/sasl2/smtpd.conf file and make sure that you have the correct auth mechanism listed. For plain text login that's verified against your existing users, your smtpd.conf file would read as follows: pwcheck_method: saslauthd This will verify against your existing user accounts. There are other methods, such as pwcheck_method: sasldb, that will verify against SASL's own password database, which I've never used. Make sure that you have saslauthd running (which it appears you do). Issue the following: # /usr/local/sbin/testsaslauthd -u username -p password 0: OK Success. If saslauthd is operating correctly, you'll recieve the OK Success. If not, your problem is with saslauthd. If your AUTH line does not list the right AUTH mechanism, the problem is with Postfix. For instance, if you're trying to use SMTP-AUTH from a client on your network, and have pwcheck_method: saslauthd defined in your smtpd.conf file, you have to have PLAIN LOGIN appear in the AUTH line when telnetting. This is the contents of the smtpd.conf file: ## Global Values pwcheck_method: auxprop auxprop_plugin: sasldb log_level: 7 mech_list: PLAIN LOGIN -- Gerard Seibert [EMAIL PROTECTED] ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Postfix SASL Authentication
This is the contents of the smtpd.conf file: ## Global Values pwcheck_method: auxprop auxprop_plugin: sasldb log_level: 7 mech_list: PLAIN LOGIN From postfix.org: This will use the Cyrus SASL password file (default: /etc/sasldb in version 1.5.5, or /etc/sasldb2 in version 2.1.1), which is maintained with the saslpasswd or saslpasswd2 command (part of the Cyrus SASL software). On some poorly-supported systems the saslpasswd command needs to be run multiple times before it stops complaining. The Postfix SMTP server needs read access to the sasldb file - you may have to play games with group access permissions. With the OTP authentication mechanism, the SMTP server also needs WRITE access to /etc/sasldb2 or /etc/sasldb (or the back end SQL database, if used). Have you set up the SASL password file? If not, that's why you're getting the error. If you have, what happens when you test saslauthd on it's own? # /usr/local/sbin/testsaslauthd -u username -p password It should return: status 0: OK Success. If you'd rather authenticate against the exisiting system usernames passwords, change your smtpd.conf file to the following: pwcheck_method: saslauthd and delete the rest. You might have to restart both services if you update the smtpd.conf file: # /usr/local/etc/rc.d/saslauthd restart # postfix reload Best regards, Greg Groth ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Postfix SASL Authentication
Gerard Seibert wrote: Paul Schmehl wrote: Sasl is attempting to use sasldb2 *before* it uses /etc/passwd (or pam, as the case may be.) It's harmless in any case. What do you have in the smtpd.conf file? (/usr/local/lib/sasl2/smtpd.conf) This is the contents: ## Global Values pwcheck_method: auxprop auxprop_plugin: sasldb log_level: 7 mech_list: PLAIN LOGIN Apparently you're using the sasldb2 database for logins? If so, the sasldb2 database needs to be readable by postfix, and it has to be populated with the [EMAIL PROTECTED] that you need. Have you populated the db? You would probably be better off using saslauthd as your pwcheck_method. Then start saslauthd with the -a sasldb flag. (See man 8 saslauthd.) Auxprop is an older method that wasn't very dependable. -- Paul Schmehl ([EMAIL PROTECTED]) Adjunct Information Security Officer The University of Texas at Dallas http://www.utdallas.edu/ir/security/ smime.p7s Description: S/MIME Cryptographic Signature
Re: Postfix SASL Authentication
Paul Schmehl wrote: Apparently you're using the sasldb2 database for logins? If so, the sasldb2 database needs to be readable by postfix, and it has to be populated with the [EMAIL PROTECTED] that you need. Have you populated the db? You would probably be better off using saslauthd as your pwcheck_method. Then start saslauthd with the -a sasldb flag. (See man 8 saslauthd.) Auxprop is an older method that wasn't very dependable. Thanks, that is what I did. I had to modify the /usr/local/lib/smtpd.conf file, but that was about it. I do have one question though. The rc.d file has 'pam' listed rather than sasldb for the '-a ' flag. I changed it there although the directions said not too. Is there any reason that changing it in the rc.d file is a bad thing? I could not figure out what it meant to do otherwise. Was I suppose to create another file that would override that one? If so, what was the syntax of the file suppose to be? Anyway, it works, so that is all I am really interested in at the moment. Ciao! -- Gerard Seibert [EMAIL PROTECTED] ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Postfix SASL Authentication
On 8/9/06, Gerard Seibert [EMAIL PROTECTED] wrote: Paul Schmehl wrote: Apparently you're using the sasldb2 database for logins? If so, the sasldb2 database needs to be readable by postfix, and it has to be populated with the [EMAIL PROTECTED] that you need. Have you populated the db? You would probably be better off using saslauthd as your pwcheck_method. Then start saslauthd with the -a sasldb flag. (See man 8 saslauthd.) Auxprop is an older method that wasn't very dependable. Thanks, that is what I did. I had to modify the /usr/local/lib/smtpd.conf file, but that was about it. I do have one question though. The rc.d file has 'pam' listed rather than sasldb for the '-a ' flag. I changed it there although the directions said not too. Is there any reason that changing it in the rc.d file is a bad thing? I could not figure out what it meant to do otherwise. Was I suppose to create another file that would override that one? If so, what was the syntax of the file suppose to be? Anyway, it works, so that is all I am really interested in at the moment. try putting this in your rc.conf: saslauthd_enable=YES saslauthd_flags=-a getpwent HTH ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Postfix SASL Authentication
--On August 8, 2006 7:40:20 PM -0400 Gerard Seibert [EMAIL PROTECTED] wrote: Paul Schmehl wrote: Apparently you're using the sasldb2 database for logins? If so, the sasldb2 database needs to be readable by postfix, and it has to be populated with the [EMAIL PROTECTED] that you need. Have you populated the db? You would probably be better off using saslauthd as your pwcheck_method. Then start saslauthd with the -a sasldb flag. (See man 8 saslauthd.) Auxprop is an older method that wasn't very dependable. Thanks, that is what I did. I had to modify the /usr/local/lib/smtpd.conf file, but that was about it. Glad to hear it. I do have one question though. The rc.d file has 'pam' listed rather than sasldb for the '-a ' flag. I changed it there although the directions said not too. Is there any reason that changing it in the rc.d file is a bad thing? Not a bad thing, but when the port gets updated, your changes will be overwritten. Instead, use /etc/rc.conf: saslauthd_enable=YES saslauthd_flags=-a sasldb I could not figure out what it meant to do otherwise. Was I suppose to create another file that would override that one? If so, what was the syntax of the file suppose to be? Anyway, it works, so that is all I am really interested in at the moment. In general, you want to put variables for startup scripts in /etc/rc.conf, rather than editing the individual startup files. The startup scripts will source the /etc/rc.conf file and get the values of those variables and use them when they run. Paul Schmehl ([EMAIL PROTECTED]) Adjunct Information Security Officer The University of Texas at Dallas http://www.utdallas.edu/ir/security/
Re: Postfix + SASL issue
Might want to send an email to the postfix list on this one... ;) -Jordan artware wrote: Hello, I seem to be having some issue with saslauthd and postfix on 5.3-R... When I try to send mail out, it fails, and puts this in /var/log/maillog: Jan 4 05:56:17 n00330 postfix/smtpd[8103]: warning: SASL authentication failure: cannot connect to saslauthd server: No such file or directory Jan 4 05:56:17 n00330 postfix/smtpd[8103]: warning: SASL authentication failure: Password verification failed It's weird, because it was working before, and then I tweaked something, and it broke. I've recompiled postfix and cyrus-sasl2-saslauthd, to no avail. Make a make deinstall broke something along the way? I don't even know what to suspect. I think it might be a permissions issue, since saslauthd is running -- but I can't be sure. Does this sound familiar to anyone? - ben -- Warm regards, Jordan Michaels Vivio Technologies http://www.viviotech.net/ [EMAIL PROTECTED] ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Postfix + SASL issue
On 01/03/05 04:13 PM, artware sat at the `puter and typed: Hello, I seem to be having some issue with saslauthd and postfix on 5.3-R... When I try to send mail out, it fails, and puts this in /var/log/maillog: Jan 4 05:56:17 n00330 postfix/smtpd[8103]: warning: SASL authentication failure: cannot connect to saslauthd server: No such file or directory Jan 4 05:56:17 n00330 postfix/smtpd[8103]: warning: SASL authentication failure: Password verification failed It's weird, because it was working before, and then I tweaked something, and it broke. I've recompiled postfix and cyrus-sasl2-saslauthd, to no avail. Make a make deinstall broke something along the way? What did you tweak? I do this ALL THE TIME, and it almost always comes back to my tweak. Ok, not almost; always. I don't even know what to suspect. I think it might be a permissions issue, since saslauthd is running -- but I can't be sure. Does this sound familiar to anyone? I'd probably start with the tweak you made. I could be wrong, but the errors you provided may also indicate that your saslauthd daemon wasn't even running, possibly because of an upgrade or config change that made it fail to (re)start. Silly mistake, I know, but I've done it more than once. Finally, check the following configs in main.cf: smtp_sasl_auth_enable = yes smtp_sasl_security_options = noanonymous smtp_sasl_tls_security_options = $var_smtp_sasl_opts smtp_sasl_tls_verified_security_options = $var_smtp_sasl_tls_opts smtpd_sasl_application_name = smtpd smtp_sasl_password_maps = hash:/usr/local/etc/postfix/sasl_passwd BTW, the values there are what I have configured; these values may or may not be valid for your setup. HTH Lou -- Louis LeBlanc [EMAIL PROTECTED] Fully Funded Hobbyist, KeySlapper Extrordinaire :) http://www.keyslapper.org ԿԬ QOTD: I've just learned about his illness. Let's hope it's nothing trivial. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Postfix - Sasl - mysql
On Wednesday 10 November 2004 07:07 am, Svein Gullby wrote: Hi ! I'm sending you this mail because you've fixed a postfix problem at the same stage that I have problems now. What ./configure parameters did you use to get Cyrus SASL2 to work with MySQL ? Mvh Svein Gullby ICT Teamleader - Technology Astrup Fearnley AS The link below will lead you to many how-to's regarding various combinations of postfix and related applications: http://www.postfix.org/docs.html Best regards, Andrew Gould ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Postfix - Sasl - mysql
Brent Wiese wrote: I (tried) following the instructions at: http://high5.net/howto/ I have postfix virtual users working in MySQL. I have courier imap/pop3 working w/ virtual users. I wanted to add SMTP auth. I added the cyrus-sasl2 port (also chose support for it in postfix port) WITH_MYSQL. No go. I added the following lines to /usr/local/lib/sasl2/smtpd.conf (found this in another faq/tutorial, so it may be incorrect) sasl_pwcheck_method: auxprop sasl_auxprop_plugin: sql sql_engine: mysql mech_list: login plain crammd6 digestmd5 sql_user: postfix-user sql_passwd: thepassword sql_database: postfix sql_statement: SELECT password FROM mailbox WHERE username = '%u' sql_verbose: yes That works for me.. -- Kind regards, Remko Lodder Elvandar.org/DSINet.org www.mostly-harmless.nl A Dutch community for helping newcomers on the hackerscene ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
RE: Postfix - Sasl - mysql
Brent Wiese wrote: I (tried) following the instructions at: http://high5.net/howto/ I have postfix virtual users working in MySQL. I have courier imap/pop3 working w/ virtual users. I wanted to add SMTP auth. I added the cyrus-sasl2 port (also chose support for it in postfix port) WITH_MYSQL. No go. I added the following lines to /usr/local/lib/sasl2/smtpd.conf (found this in another faq/tutorial, so it may be incorrect) sasl_pwcheck_method: auxprop sasl_auxprop_plugin: sql sql_engine: mysql mech_list: login plain crammd6 digestmd5 sql_user: postfix-user sql_passwd: thepassword sql_database: postfix sql_statement: SELECT password FROM mailbox WHERE username = '%u' sql_verbose: yes That works for me.. No go. Still getting no user in db in /var/log/maillog. I get: postfix/smtpd[23761]: sql_select option missing postfix/smtpd[23761]: auxpropfunc error no mechanism available In /var/log/messages I turned on logging in mysql and it didn't log any queries. Any other suggestions? ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Postfix - Sasl - mysql
Hi Brent, No go. Still getting no user in db in /var/log/maillog. I get: postfix/smtpd[23761]: sql_select option missing postfix/smtpd[23761]: auxpropfunc error no mechanism available In /var/log/messages Oh typo :( SQL_Statement = SQL_Select) Is SQL (MySQL) Support included within your installation? What Mechlist did you enable? Are those included in your installation as well? Cheers I turned on logging in mysql and it didn't log any queries. Any other suggestions? ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] -- Kind regards, Remko Lodder Elvandar.org/DSINet.org www.mostly-harmless.nl A Dutch community for helping newcomers on the hackerscene ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
RE: Postfix - Sasl - mysql
I added the cyrus-sasl2 port (also chose support for it in postfix port) WITH_MYSQL. No go. I added the following lines to /usr/local/lib/sasl2/smtpd.conf (found this in another faq/tutorial, so it may be incorrect) sasl_pwcheck_method: auxprop sasl_auxprop_plugin: sql sql_engine: mysql mech_list: login plain crammd6 digestmd5 sql_user: postfix-user sql_passwd: thepassword sql_database: postfix sql_statement: SELECT password FROM mailbox WHERE username = '%u' sql_verbose: yes I used those instructions, although I modified some for my specific configuration. the username field in my database is [EMAIL PROTECTED] however. I had to create a plain-text password field that i modified the php scripts to create as part of the normal process of things because the auxprop plugin alone didn't understand anything but plain text. you can use the PAM sasl plugin from what I understand, and configure pam to use mysql with it's native plugin in order to use encrypted passwords in the mysql database. I haven't looked at this stuff in a while, so my memory isn't so clear and things may have changed... Here's my working smtpd.conf: # smtpd.conf pwcheck_method: auxprop auxprop_plugin: sql mech_list: plain login sql_engine: mysql sql_hostnames: localhost sql_user: postfix-user sql_passwd: thepassword sql_database: postfix sql_select: select pass_plain from mailbox where username='[EMAIL PROTECTED]' ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Postfix - Sasl - mysql
On 4/7/2004 12:32 PM Brent Wiese wrote: Brent Wiese wrote: I (tried) following the instructions at: http://high5.net/howto/ I have postfix virtual users working in MySQL. I have courier imap/pop3 working w/ virtual users. I wanted to add SMTP auth. I added the cyrus-sasl2 port (also chose support for it in postfix port) WITH_MYSQL. No go. I added the following lines to /usr/local/lib/sasl2/smtpd.conf (found this in another faq/tutorial, so it may be incorrect) sasl_pwcheck_method: auxprop sasl_auxprop_plugin: sql sql_engine: mysql mech_list: login plain crammd6 digestmd5 sql_user: postfix-user sql_passwd: thepassword sql_database: postfix sql_statement: SELECT password FROM mailbox WHERE username = '%u' sql_verbose: yes That works for me.. No go. Still getting no user in db in /var/log/maillog. I get: postfix/smtpd[23761]: sql_select option missing postfix/smtpd[23761]: auxpropfunc error no mechanism available In /var/log/messages I turned on logging in mysql and it didn't log any queries. Any other suggestions? Have you verified that smtpd_sasl_local_domain = and not smtpd_sasl_local_domain =$myhostname as shown in the how-to? Although I wasn't using MySQL, I still got the no user in db and no secret in database messages you were getting. It stumped me for weeks until I stumbled across the Postfix bug tidbit on the web. I'd be real curious to know if that solves your problems. Cheers, Drew ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
RE: Postfix - Sasl - mysql
I used those instructions, although I modified some for my specific configuration. the username field in my database is [EMAIL PROTECTED] however. Yes, that is how mine is. I had to create a plain-text password This is what I want to avoid. I think this is what the patch listed on the howto.net page is supposed to fix, but it doesn't apply right for me. Here's my working smtpd.conf: # smtpd.conf pwcheck_method: auxprop auxprop_plugin: sql mech_list: plain login sql_engine: mysql sql_hostnames: localhost sql_user: postfix-user sql_passwd: thepassword sql_database: postfix sql_select: select pass_plain from mailbox where username='[EMAIL PROTECTED]' Once I cleaned up my syntax (per another post, thanks!) while comparing to this, I'm now able to check the DB correctly (I turned on MySQL logging to make sure), except for the whole encrypted vs plaintext thing. If I use PAM, is that going to break courier-IMAP? Anyone succesfully patched a recent ( = .17) cyrus-sasl2 to use encrypted passwords in MySQL? Thanks for all the help, I think I'm nearly there. :) Brent ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Postfix - Sasl - mysql
Brent Wiese told a big fish story including the following on 04/06/2004 5:40 PM: I (tried) following the instructions at: http://high5.net/howto/ I have postfix virtual users working in MySQL. I have courier imap/pop3 working w/ virtual users. I wanted to add SMTP auth. I added the cyrus-sasl2 port (also chose support for it in postfix port) WITH_MYSQL. No go. I added the following lines to /usr/local/lib/sasl2/smtpd.conf (found this in another faq/tutorial, so it may be incorrect) sasl_pwcheck_method: auxprop sasl_auxprop_plugin: mysql login plain crammd6 digestmd5 mysql_user: postfix-user mysql_passwd: thepassword mysql_database: postfix mysql_statement: SELECT password FROM mailbox WHERE username = '%u' mysql_verbose: yes (I also tried sasl_ in front of all the lines). When I try to use SMTP Auth from Outlook Express, I get this in the logs: Apr 6 20:35:01 server01 postfix/smtpd[22279]: warning: SASL authentication failure: no user in db Apr 6 20:35:01 server01 postfix/smtpd[22279]: warning: SASL authentication failure: no secret in database Apr 6 20:35:01 server01 postfix/smtpd[22279]: warning: swing.bjwcs.com[208.185.25.11]: SASL NTLM authentication failed I'm using cyrus-sasl-2.1.18 and postfix 2.0.19. I also tried compiling w/ the patch listed in that tutorial link above, but it breaks. I read somewhere that mysql stuff changed in cyrus-sasl-2.1.17. Any help? I think I'm really close... I'm just so frustrated at this point, I'm probably no longer thinking clearly. I wasn't using mysql but had similar problems setting up SASL with Postfix. After lots of searching, I finally found the answer and posted it to the list. You can find my post here: http://lists.freebsd.org/pipermail/freebsd-security/2003-July/000517.html Maybe this will help you as my errors were similar. Good Luck, Drew ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: postfix + sasl
synrat wrote: can someone give me a few pointers on setting up this combination on free bsd 4.7 ? I'm using the latest ports and already have postfix running. http://www.postfix.org/docs.html lists a number of Postfix+SASL docs. -- Dean C. Strik Eindhoven University of Technology [EMAIL PROTECTED] | [EMAIL PROTECTED] | http://www.ipnet6.org/ This isn't right. This isn't even wrong. -- Wolfgang Pauli To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-questions in the body of the message