Cyrus SASL Auth
Hi! I'm trying to setup an SMTP Gateway, with Postfix authenticating in Cyrus SASL. # postconf mail_version mail_version = 2.8.2 # postconf -a cyrus dovecot # /usr/local/cyrus-sasl/sbin/saslauthd -l -n 10 -a rimap -O imap_server # /usr/local/cyrus-sasl/sbin/testsaslauthd -u rodrigo.monteiro@mydmoain -p password 0: OK Success. ### main.cf ### smtpd_sasl_auth_enable = yes smtpd_sasl_security_options = noanonymous smtpd_sasl_local_domain = broken_sasl_auth_clients = yes smtpd_sasl_path = smtpd cyrus_sasl_config_path = /usr/lib/sasl2/smtpd.conf smtp_sasl_path = /usr/lib/sasl2/smtpd.conf # # cat /usr/lib/sasl2/smtpd.conf pwcheck_method: saslauthd mech_list: PLAIN LOGIN saslauthd_path: /usr/local/cyrus-sasl/var/mux ### maillog ### May 29 18:42:01 sec56 postfix/smtpd[22830]: warning: SASL authentication problem: unable to open Berkeley db /etc/sasldb2: No such file or directory May 29 18:42:01 sec56 postfix/smtpd[22830]: warning: SASL authentication problem: unable to open Berkeley db /etc/sasldb2: No such file or directory May 29 18:42:01 sec56 postfix/smtpd[22830]: warning: SASL authentication failure: Password verification failed ## What am I missing? Why Postfix is trying to use /etc/sasldb2 instead of saslauthd? Regards, Rodrigo. -- M. Rodrigo Monteiro Free as in Freedom, not free as in free beer As we are liberated from our own fear, our presence automatically liberates others Linux User # 403730
Re: Cyrus SASL Auth
Am 30.05.2011 13:49, schrieb M. Rodrigo Monteiro: Hi! I'm trying to setup an SMTP Gateway, with Postfix authenticating in Cyrus SASL. # postconf mail_version mail_version = 2.8.2 # postconf -a cyrus dovecot # /usr/local/cyrus-sasl/sbin/saslauthd -l -n 10 -a rimap -O imap_server # /usr/local/cyrus-sasl/sbin/testsaslauthd -u rodrigo.monteiro@mydmoain -p password 0: OK Success. ### main.cf ### smtpd_sasl_auth_enable = yes smtpd_sasl_security_options = noanonymous smtpd_sasl_local_domain = broken_sasl_auth_clients = yes smtpd_sasl_path = smtpd cyrus_sasl_config_path = /usr/lib/sasl2/smtpd.conf smtp_sasl_path = /usr/lib/sasl2/smtpd.conf # # cat /usr/lib/sasl2/smtpd.conf pwcheck_method: saslauthd mech_list: PLAIN LOGIN saslauthd_path: /usr/local/cyrus-sasl/var/mux ### maillog ### May 29 18:42:01 sec56 postfix/smtpd[22830]: warning: SASL authentication problem: unable to open Berkeley db /etc/sasldb2: No such file or directory May 29 18:42:01 sec56 postfix/smtpd[22830]: warning: SASL authentication problem: unable to open Berkeley db /etc/sasldb2: No such file or directory May 29 18:42:01 sec56 postfix/smtpd[22830]: warning: SASL authentication failure: Password verification failed ## What am I missing? Why Postfix is trying to use /etc/sasldb2 instead of saslauthd? The cyrus_sasl_config_path expects a directory, you've specified a file. Check and correct that. Note that a particular Cyrus version is required for this to work, check man 5 postconf (or man -s 5 postconf). Is Postfix reading the configuration the way you mean it? Check the output of postconf -n. Is smtpd run in a chroot? Check master.cf. After all that: does your Cyrus installation really read its configuration from /usr/lib/sasl2, or rather from /usr/local/lib/sasl2? You haven't quoted relevant configuration to that extent. Try setting a relative symlink: ln -s ../../lib/sasl2 /usr/local/lib (be sure to update the chroot if you use one!)
Re: Cyrus SASL Auth
Hi Matthias! On Mon, May 30, 2011 at 09:12, Matthias Andree matthias.and...@gmx.de wrote: The cyrus_sasl_config_path expects a directory, you've specified a file. Check and correct that. Thanks, now it's: cyrus_sasl_config_path = /usr/lib/sasl2 smtp_sasl_path = /usr/lib/sasl2 Note that a particular Cyrus version is required for this to work, check man 5 postconf (or man -s 5 postconf). Cyrus SASL 2.1.22 or later. I'm using cyrus-sasl-2.1.23 Is Postfix reading the configuration the way you mean it? Check the output of postconf -n. Yes Is smtpd run in a chroot? Check master.cf. No: smtp inet n - n - - smtpd After all that: does your Cyrus installation really read its configuration from /usr/lib/sasl2, or rather from /usr/local/lib/sasl2? You haven't quoted relevant configuration to that extent. Try setting a relative symlink: ln -s ../../lib/sasl2 /usr/local/lib (be sure to update the chroot if you use one!) It's alredy a symbolic link. # ls -la /usr/lib/ | grep sasl2 lrwxrwxrwx 1 root root 31 May 27 17:21 sasl2 - /usr/local/cyrus-sasl/lib/sasl2 # ls -la /usr/local/cyrus-sasl/lib/sasl2/ -rw-r--r-- 1 root root 96 May 29 18:12 smtpd.conf So, now it appears to be trying to connect to saslauthd, after I correct the path os smtpd.conf ### maillog ### May 30 09:28:27 sec56 postfix/smtpd[23554]: warning: unknown[200.194.105.195]: SASL PLAIN authentication failed: authentication failure May 30 09:28:33 sec56 postfix/smtpd[23554]: warning: unknown[200.194.105.195]: SASL LOGIN authentication failed: authentication failure # Why am I getting wrong password now? # /usr/local/cyrus-sasl/sbin/testsaslauthd -u rodrigo.monteiro@mydomain -p password 0: OK Success. Regards, Rodrigo. -- M. Rodrigo Monteiro Free as in Freedom, not free as in free beer As we are liberated from our own fear, our presence automatically liberates others Linux User # 403730
Re: Cyrus SASL Auth
M. Rodrigo Monteiro: ### maillog ### May 30 09:28:27 sec56 postfix/smtpd[23554]: warning: unknown[200.194.105.195]: SASL PLAIN authentication failed: authentication failure May 30 09:28:33 sec56 postfix/smtpd[23554]: warning: unknown[200.194.105.195]: SASL LOGIN authentication failed: authentication failure # Why am I getting wrong password now? # /usr/local/cyrus-sasl/sbin/testsaslauthd -u rodrigo.monteiro@mydomain -p password 0: OK Success. Is that what the SMTP client sends to the SMTP server? Check your smtpd_sasl_local_domain setting. You may need to set this to: smtpd_sasl_local_domain = $myhostname Wietse
Re: Cyrus SASL Auth
Why am I getting wrong password now? It was missing the -r parameter in saslauthd. Problem resolved. Thanks for the help! Regards, Rodrigo. -- M. Rodrigo Monteiro Free as in Freedom, not free as in free beer As we are liberated from our own fear, our presence automatically liberates others Linux User # 403730
configure postfix to relay host with yahoo
Hello, they are four days that i try to configure my postfix to run with smtp.mail.yahoo.com but don't running. I search help on google.fr/linux and i found some solutions. I configure postfix with stunnel my /etc/stunnel/stunnel.conf : (when i try connect with telnet localhost 11125 i think is ok) [smtp-tls-wrapper] accept = 11125 client = yes connect = smtp.mail.yahoo.com:smtps My postfix configuration : smtpd_banner = $myhostname ESMTP $mail_name (Debian/GNU) biff = no append_dot_mydomain = no readme_directory = no myhostname = osiris alias_maps = hash:/etc/aliases alias_database = hash:/etc/aliases mydestination = osiris, localhost.localdomain, , localhost relayhost = [127.0.0.1]:11125 mynetworks = 127.0.0.0/8 [:::127.0.0.0]/104 [::1]/128 mailbox_command = procmail -a $EXTENSION mailbox_size_limit = 0 recipient_delimiter = + inet_interfaces = all virtual_alias_maps = hash:/etc/postfix/virtual ## SASL Settings # This is going in to THIS server # We need this smtp_sasl_auth_enable = yes smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd smtpd_sasl_local_domain = $myhostname smtp_sasl_security_options = noanonymous smtp_sasl_security_options = smtp_sasl_tls_security_options = noanonymous smtpd_sasl_application_name = smtpd # Disable DNS Lookups disable_dns_lookups = yes # smtp_generic_maps = hash:/etc/postfix/generic I using mutt to send mail and postfix log say this : (nahliel is my local user, nahliel.steinb...@yahoo.fr is my mail address on yahoo, osiris is the hostname of my laptop where postfix running) May 30 18:25:32 osiris postfix/pickup[2146]: 57EE1281D9F: uid=1001 from=nahliel May 30 18:25:32 osiris postfix/cleanup[2965]: 57EE1281D9F: message-id=20110530162532.GA2926@osiris May 30 18:25:32 osiris postfix/qmgr[2332]: 57EE1281D9F: from=nahliel@osiris, size=468, nrcpt=1 (queue active) May 30 18:25:33 osiris postfix/smtp[2967]: 57EE1281D9F: to=postfix-users@postfix.org, relay=127.0.0.1[127.0.0.1]:11125, delay=1.2, delays=0.17/0.13/0.78/0.12, dsn=5.0.0, status=bounced (host 127.0.0.1[127.0.0.1] said: 530 authentication required - for help go to http://help.yahoo.com/help/us/mail/pop/pop-11.html (in reply to MAIL FROM command)) May 30 18:25:33 osiris postfix/cleanup[2965]: B24A0281DA0: message-id=20110530162533.B24A0281DA0@osiris May 30 18:25:33 osiris postfix/bounce[2969]: 57EE1281D9F: sender non-delivery notification: B24A0281DA0 May 30 18:25:33 osiris postfix/qmgr[2332]: B24A0281DA0: from=, size=2353, nrcpt=1 (queue active) May 30 18:25:33 osiris postfix/qmgr[2332]: 57EE1281D9F: removed May 30 18:25:34 osiris postfix/smtp[2967]: B24A0281DA0: to=nahliel@osiris, relay=127.0.0.1[127.0.0.1]:11125, delay=0.79, delays=0.06/0/0.58/0.15, dsn=5.0.0, status=bounced (host 127.0.0.1[127.0.0.1] said: 530 authentication required - for help go to http://help.yahoo.com/help/us/mail/pop/pop-11.html (in reply to MAIL FROM command)) Log says authentification required I configure my sasl_password table : [smtp.mail.yahoo.com]:465 nahliel.steinb...@yahoo.fr:my_passwd(on yahoo) i do : postmap sasl_password (to make hash) I configure generic table : (and to postmap command hash to) nahliel@localdomain.local nahliel.steinb...@yahoo.fr Can you help me ? May 30 18:25:34 osiris postfix/qmgr[2332]: B24A0281DA0: removed
Re: configure postfix to relay host with yahoo
On 5/30/2011 11:45 AM, Nahliel Steinberg wrote: ... relayhost = [127.0.0.1]:11125 ... Log says authentification required I configure my sasl_password table : [smtp.mail.yahoo.com]:465nahliel.steinb...@yahoo.fr:my_passwd(on yahoo) The correct entry is the postfix relayhost setting (the postfix nexthop), not the stunnel destination. [127.0.0.1]:11125 username:password -- Noel Jones
Re : configure postfix to relay host with yahoo
Tank's you Noel, i change it [127.0.0.1]:11125 username:password and i do hash : postmap sasl_passwd i restart postfix : /etc/init.d/postfix restart an i try to send a mail log say this, and i think that authentification is ok : May 30 19:00:25 osiris postfix/pickup[3167]: 2CEF7281D9F: uid=1001 from=nahliel May 30 19:00:25 osiris postfix/cleanup[3197]: 2CEF7281D9F: message-id=20110530170025.GA3171@osiris May 30 19:00:25 osiris postfix/qmgr[3168]: 2CEF7281D9F: from=nahliel@osiris, size=476, nrcpt=1 (queue active) May 30 19:00:26 osiris postfix/smtp[3199]: 2CEF7281D9F: to=regis.cour...@gmail.com, relay=127.0.0.1[127.0.0.1]:11125, delay=1.2, delays=0.12/0.01/0.94/0.13, dsn=5.0.0, status=bounced (host 127.0.0.1[127.0.0.1] said: 553 From address not verified - see http://help.yahoo.com/l/us/yahoo/mail/original/manage/sendfrom-07.html (in reply to MAIL FROM command)) May 30 19:00:26 osiris postfix/cleanup[3197]: 8901F281DA0: message-id=20110530170026.8901F281DA0@osiris May 30 19:00:26 osiris postfix/qmgr[3168]: 8901F281DA0: from=, size=2395, nrcpt=1 (queue active) May 30 19:00:26 osiris postfix/bounce[3201]: 2CEF7281D9F: sender non-delivery notification: 8901F281DA0 May 30 19:00:26 osiris postfix/qmgr[3168]: 2CEF7281D9F: removed May 30 19:00:28 osiris postfix/smtp[3199]: 8901F281DA0: to=nahliel@osiris, relay=127.0.0.1[127.0.0.1]:11125, delay=1.7, delays=0.06/0/1.4/0.2, dsn=5.0.0, status=bounced (host 127.0.0.1[127.0.0.1] said: 501 Syntax error in arguments (in reply to MAIL FROM command)) May 30 19:00:28 osiris postfix/qmgr[3168]: 8901F281DA0: removed I think the problem is the mail address sender ? postfix send my local address : nahliel@osiris and yahoo don't know this address ? May 30 19:00:25 osiris postfix/qmgr[3168]: 2CEF7281D9F: from=nahliel@osiris, size=476, nrcpt=1 (queue active) what must i do to rewrite the good address when my message send ? Sorry to my english, is poor -- Noel Jones
Re: Mail forwarding
On 26/05/11 21:46, mouss wrote: Le 26/05/2011 18:41, pch0317 a écrit : Hi, I want to forward mail only for one user u...@mydomain.tld to u...@otherdomain.tld. I try do it in this way: /etc/postfix/virtual: ... u...@mydomain.tld u...@mydomain.tld, u...@otherdomain.tld ... When I send mail to u...@mydomain.tld it receive message but user u...@otherdomain.tld receive 2 identical copy of mail. How to send only one copy of mail to u...@otherdomain.tld http://www.postfix.org/FILTER_README.html http://www.postfix.org/postconf.5.html#receive_override_options perfect help Thanks
Configure postfix with yahoo.fr
Hi, It's ok Noel, i configure /etc/postfix/sender_canonical And postfix run successfull. Thank's you very much. -- Nahliel
configuration concept help
Hi, I have a problem trying to work out a postfix solution. I have 2 smtp servers: Mail gateway VSgate1 for MX, Spam, Virus Mail server Postfix1 for general mail processing and storage. my aim is to achieve the following 1. receive all mail through gateway mail server VSgate1. 2. VSgate1 delivers all successful mail to postfix server Postfix1 and process internally. 3. from postfix server Postfix1 send ALL mail to VSgate1 for washing 4. VSgate1 delivers internal as per 2. 5. VSgate1 delivers external mail to internet My question is can anyone point me in the right direction to solve the traffic flow with out causing a mail loop between the 2 servers. I already can do item 1. but cannot work out the rest. Thanks for any advice you can give Regards - Andy
Re: configuration concept help
On 05/31/2011 01:00 AM, an...@melted-ice.co.uk wrote: Hi, I have a problem trying to work out a postfix solution. I have 2 smtp servers: Mail gateway VSgate1 for MX, Spam, Virus Mail server Postfix1 for general mail processing and storage. my aim is to achieve the following 1. receive all mail through gateway mail server VSgate1. 2. VSgate1 delivers all successful mail to postfix server Postfix1 and process internally. 3. from postfix server Postfix1 send ALL mail to VSgate1 for washing 4. VSgate1 delivers internal as per 2. 5. VSgate1 delivers external mail to internet My question is can anyone point me in the right direction to solve the traffic flow with out causing a mail loop between the 2 servers. No. You are deliberately creating a loop. Mail will forever loop between 2. and 4. above. I already can do item 1. but cannot work out the rest. Why do you need to do this ? It looks very unnecessary. Start here: http://www.postfix.org/STANDARD_CONFIGURATION_README.html -- J.
Re: configuration concept help
Le 31/05/2011 01:00, an...@melted-ice.co.uk a écrit : Hi, I have a problem trying to work out a postfix solution. I have 2 smtp servers: Mail gateway VSgate1 for MX, Spam, Virus Mail server Postfix1 for general mail processing and storage. my aim is to achieve the following 1. receive all mail through gateway mail server VSgate1. 2. VSgate1 delivers all successful mail to postfix server Postfix1 and process internally. 3. from postfix server Postfix1 send ALL mail to VSgate1 for washing 4. VSgate1 delivers internal as per 2. 5. VSgate1 delivers external mail to internet My question is can anyone point me in the right direction to solve the traffic flow with out causing a mail loop between the 2 servers. part of your aim is that mail received by vsgate1 goes to postfix1 which sends it to vsgate1. so the loop is part of your goal. no help is possible. so the big question is: what is the REAL goal? what REAL problem are you trying to solve? there is no point making mail flow along random paths just for the love of it. a single postfix can deliver mail internally and can relay mail to outside. in short, what postfix1 is for? please notice: if you can't explain your problem clearly, we can't help you. I already can do item 1. but cannot work out the rest.
Re: Re : configure postfix to relay host with yahoo
Le 30/05/2011 19:09, Nahliel Steinberg a écrit : Tank's you Noel, i change it [127.0.0.1]:11125 username:password and i do hash : postmap sasl_passwd i restart postfix : /etc/init.d/postfix restart an i try to send a mail log say this, and i think that authentification is ok : May 30 19:00:25 osiris postfix/pickup[3167]: 2CEF7281D9F: uid=1001 from=nahliel May 30 19:00:25 osiris postfix/cleanup[3197]: 2CEF7281D9F: message-id=20110530170025.GA3171@osiris May 30 19:00:25 osiris postfix/qmgr[3168]: 2CEF7281D9F: from=nahliel@osiris, size=476, nrcpt=1 (queue active) nahliel@osiris is an invalid address. try again... you want someth...@yahoo.com ... May 30 19:00:26 osiris postfix/smtp[3199]: 2CEF7281D9F: to=regis.cour...@gmail.com, relay=127.0.0.1[127.0.0.1]:11125, delay=1.2, delays=0.12/0.01/0.94/0.13, dsn=5.0.0, status=bounced (host 127.0.0.1[127.0.0.1] said: 553 From address not verified - see http://help.yahoo.com/l/us/yahoo/mail/original/manage/sendfrom-07.html (in reply to MAIL FROM command)) May 30 19:00:26 osiris postfix/cleanup[3197]: 8901F281DA0: message-id=20110530170026.8901F281DA0@osiris May 30 19:00:26 osiris postfix/qmgr[3168]: 8901F281DA0: from=, size=2395, nrcpt=1 (queue active) May 30 19:00:26 osiris postfix/bounce[3201]: 2CEF7281D9F: sender non-delivery notification: 8901F281DA0 May 30 19:00:26 osiris postfix/qmgr[3168]: 2CEF7281D9F: removed May 30 19:00:28 osiris postfix/smtp[3199]: 8901F281DA0: to=nahliel@osiris, relay=127.0.0.1[127.0.0.1]:11125, delay=1.7, delays=0.06/0/1.4/0.2, dsn=5.0.0, status=bounced (host 127.0.0.1[127.0.0.1] said: 501 Syntax error in arguments (in reply to MAIL FROM command)) May 30 19:00:28 osiris postfix/qmgr[3168]: 8901F281DA0: removed I think the problem is the mail address sender ? postfix send my local address : nahliel@osiris and yahoo don't know this address ? May 30 19:00:25 osiris postfix/qmgr[3168]: 2CEF7281D9F: from=nahliel@osiris, size=476, nrcpt=1 (queue active) what must i do to rewrite the good address when my message send ? Sorry to my english, is poor -- Noel Jones
