Re: Relay between 2 Postfix : SASL authentication failure
Hi ! I managed to make it work. Finally ! Thank you Victor ! However, I've done dozen of tests and I found a weird behaviour when authenticating and I can reproduce it every time. This is a test sample I've done. Obviously to have a success, the login/password in sasl_passwd.db and the login/unix passwd on mta2 are a match. MTA1 - MTA2 Unix PasswdUnix Passwd sasl_passwd.db popo arthur === success (normal) arthur popo arthur === fail (normal) laura arthur arthur === fail (normal) laura arthur michel === fail (normal) laura arthur michel === success (normal) michel popo popo === success (normal) popo alfred alfred === success (*not* normal) popo On MTA2, after decryption of the base64, I get username/popo as expected but the authentication successes. After restarting (/etc/init.d/postfix restart) on both machines, it still validates. If I reboot the machines, it fails as it is supposed to. I'm not sure if the unix password on MTA1 is relevant here but I wrote it on my paper so maybe it could be a hint, I don't know...
Re: Relay between 2 Postfix : SASL authentication failure
Victor Duchovni a écrit :
Try again, with a more useful log sample, and configuration settings
for the receiving side. The log sample should include multiple lines
of logging from the SMTP client, showing any TLS handshake, ...
Alright, please take a look at the end of this email for the
configuration files for mta1 and mta2. They're almost identical.
In attachments, there are the logs.
relayhost = 10.0.0.6
Per the documentation, this must be:
relayhost = [10.0.0.6]
and the SMTP client password table:
[10.0.0.6] user:pass
It's done. I thought it was only optional the [ ]. I don't recall
exactly, something to do with MX.
smtp_tls_loglevel = 2
Too verbose.
Yes, I know but I set it only for the tests.
smtp_use_tls = yes
Obsolete, with 2.3 and later, use:
smtp_tls_security_level = may
Agreed.
-- permissions for /etc/postfix/sasl_passwd --
-rw-r--r-- 1 root root 43 avr 19 17:43 /etc/postfix/sasl_passwd
This should NOT be world-readable.
Yes, I know but at this time, it's for the tests, so I don't care. But
thanks anyway !
I hope you have enough information now.
Gregory.
Configuration files :
*** MTA 1 ***
mta1:/etc/postfix# postconf -n
alias_database = hash:/etc/aliases
alias_maps = hash:/etc/aliases
append_dot_mydomain = no
biff = no
broken_sasl_auth_clients = no
config_directory = /etc/postfix
home_mailbox = Maildir/
inet_interfaces = all
mailbox_command = procmail -a $EXTENSION
mailbox_size_limit = 0
message_size_limit = 0
mydestination = mta1.local, localhost.local, , localhost
myhostname = mta1.local
mynetworks = 127.0.0.0/8 [:::127.0.0.0]/104 [::1]/128
myorigin = /etc/mailname
readme_directory = no
recipient_delimiter = +
relayhost = [10.0.0.6]
smtp_sasl_auth_enable = yes
smtp_sasl_mechanism_filter = plain
smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd
smtp_tls_loglevel = 2
smtp_tls_note_starttls_offer = yes
smtp_tls_security_level = encrypt
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
smtpd_banner = $myhostname ESMTP $mail_name (Debian/GNU)
smtpd_recipient_restrictions = permit_sasl_authenticated,
reject_unauth_destination
smtpd_sasl_auth_enable = yes
smtpd_sasl_authenticated_header = yes
smtpd_sasl_security_options = noanonymous, noplaintext
smtpd_sasl_tls_security_options = noanonymous
smtpd_sasl_type = cyrus
smtpd_tls_CAfile = /etc/CA/ca.crt
smtpd_tls_auth_only = yes
smtpd_tls_cert_file = /etc/postfix/certificate/postfix_mta1.crt
smtpd_tls_key_file = /etc/postfix/certificate/postfix_mta1.key
smtpd_tls_loglevel = 2
smtpd_tls_received_header = yes
smtpd_tls_security_level = encrypt
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
*** MTA 2 ***
mta2:/etc/postfix# postconf -n
alias_database = hash:/etc/aliases
alias_maps = hash:/etc/aliases
append_dot_mydomain = no
biff = no
broken_sasl_auth_clients = no
config_directory = /etc/postfix
home_mailbox = Maildir/
inet_interfaces = all
mailbox_command = procmail -a $EXTENSION
mailbox_size_limit = 0
message_size_limit = 0
mydestination = mta2.local, localhost.local, , localhost
myhostname = mta2.local
mynetworks = 127.0.0.0/8 [:::127.0.0.0]/104 [::1]/128
myorigin = /etc/mailname
readme_directory = no
recipient_delimiter = +
relayhost = [10.0.0.5]
smtp_sasl_auth_enable = yes
smtp_sasl_mechanism_filter = plain
smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd
smtp_tls_loglevel = 2
smtp_tls_note_starttls_offer = yes
smtp_tls_security_level = encrypt
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
smtpd_banner = $myhostname ESMTP $mail_name (Debian/GNU)
smtpd_recipient_restrictions = permit_sasl_authenticated,
reject_unauth_destination
smtpd_sasl_auth_enable = yes
smtpd_sasl_authenticated_header = yes
smtpd_sasl_security_options = noanonymous, noplaintext
smtpd_sasl_tls_security_options = noanonymous
smtpd_sasl_type = cyrus
smtpd_tls_CAfile = /etc/CA/ca.crt
smtpd_tls_auth_only = yes
smtpd_tls_cert_file = /etc/postfix/certificate/postfix_mta2.crt
smtpd_tls_key_file = /etc/postfix/certificate/postfix_mta2.key
smtpd_tls_loglevel = 2
smtpd_tls_received_header = yes
smtpd_tls_security_level = encrypt
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
Apr 20 12:02:00 mta1 postfix/smtpd[2949]: Anonymous TLS connection established from unknown[10.0.0.2]: TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)
Apr 20 12:02:00 mta1 postfix/smtpd[2949]: warning: SASL authentication failure: no secret in database
Apr 20 12:02:00 mta1 postfix/smtpd[2949]: warning: unknown[10.0.0.2]: SASL CRAM-MD5 authentication failed: authentication failure
Apr 20 12:02:00 mta1 postfix/smtpd[2949]: warning: SASL authentication failure: no secret in database
Apr 20 12:02:00 mta1 postfix/smtpd[2949]: warning: unknown[10.0.0.2]: SASL NTLM authentication failed: authentication failure
Apr 20 12:02:00 mta1 postfix/smtpd[2949]: 9356961EE:
Re: Relay between 2 Postfix : SASL authentication failure
I managed to have an authentication but it's really weird. I'm on Debian Lenny. In /etc/default/saslauthd on both mta1 and mta2, I have : START=yes DESC=SASL Authentication Daemon NAME=saslauthd MECHANISMS=shadow MECH_OPTIONS= THREADS=5 OPTIONS=-c -m /var/spool/postfix/var/run/saslauthd mta1:/etc/postfix# more /etc/postfix/sasl/smtpd.conf pwcheck_method: saslauthd The authentication I now have, only works if I set a sasldb which is by default in /etc/sasldb2 but because of the chroot, I need to copy it (maybe a link would be enough, I haven't tested yet) in /var/spool/postfix/etc I don't understand why I need this sasldb while I configured for shadow...
Re: Relay between 2 Postfix : SASL authentication failure
On Tue, Apr 20, 2010 at 12:21:35PM +0200, Gregory BELLIER wrote: Try again, with a more useful log sample, and configuration settings for the receiving side. The log sample should include multiple lines of logging from the SMTP client, showing any TLS handshake, ... Alright, please take a look at the end of this email for the configuration files for mta1 and mta2. They're almost identical. In attachments, there are the logs. Did you read the logs? Apr 20 12:02:00 mta1 postfix/smtpd[2949]: Anonymous TLS connection established f rom unknown[10.0.0.2]: TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits) Apr 20 12:02:00 mta1 postfix/smtpd[2949]: warning: SASL authentication failure: no secret in database Apr 20 12:02:00 mta1 postfix/smtpd[2949]: warning: unknown[10.0.0.2]: SASL CRAM- MD5 authentication failed: authentication failure Apr 20 12:02:00 mta1 postfix/smtpd[2949]: warning: SASL authentication failure: no secret in database Apr 20 12:02:00 mta1 postfix/smtpd[2949]: warning: unknown[10.0.0.2]: SASL NTLM authentication failed: authentication failure Apr 20 12:02:00 mta1 postfix/smtpd[2949]: 9356961EE: client=unknown[10.0.0.2], s asl_method=PLAIN, sasl_username=dest Why are you offering CRAM-MD5 and NTLM on mta1, when only PLAIN works? mta1:/etc/postfix# postconf -n relayhost = [10.0.0.6] smtp_sasl_auth_enable = yes smtp_sasl_mechanism_filter = plain smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd smtp_tls_security_level = encrypt mta2:/etc/postfix# postconf -n relayhost = [10.0.0.5] smtpd_sasl_auth_enable = yes smtpd_sasl_security_options = noanonymous, noplaintext smtpd_sasl_tls_security_options = noanonymous smtpd_sasl_type = cyrus Apr 20 12:02:00 mta1 xxx/pkcs11: Untrusted TLS connection established to 10.0.0.6[10.0.0.6]:25: TLSv1 with cipher ADH-XXX-SHA (256/256 bits) Apr 20 12:02:00 mta1 xxx/pkcs11: warning: SASL authentication failure: No worthy mechs found The server at 10.0.0.6 is not configured to offer PLAIN, even over TLS. Apr 20 12:02:01 mta2 postfix/smtpd[2954]: connect from mta1.local[10.0.0.5] Apr 20 12:02:01 mta2 xxx/pkcs11: Anonymous TLS connection established from mta1.local[10.0.0.5]: TLSv1 with cipher ADH-XXX-SHA (256/256 bits) Apr 20 12:02:01 mta2 xxx/pkcs11: disconnect from mta1.local[10.0.0.5] Why is smtpd calling itself pkcs11? Are you loading shared libraries that call openlog() and mess-up the application's syslog name? In any case, it sure looks like no PLAIN authentication support is configured on mta2, and you are showing no evidence of which mechanisms are available on this MTA via TLS (sasl-finger does not use TLS). You need to disable verbose TLS logging, and enable verbose non-TLS logging mta2:main.cf: debug_peer_list=10.0.0.5 and see what mechanisms if any are actually offered to the peer MTA. Also look at SASL's smtpd.conf in the appropriate location and determine what mechanisms should be offered. -- Viktor. P.S. Morgan Stanley is looking for a New York City based, Senior Unix system/email administrator to architect and sustain our perimeter email environment. If you are interested, please drop me a note.
Re: Relay between 2 Postfix : SASL authentication failure
On Tue, Apr 20, 2010 at 05:18:48PM +0200, Gregory BELLIER wrote:
I managed to have an authentication but it's really weird. I'm on Debian
Lenny.
In /etc/default/saslauthd on both mta1 and mta2, I have :
START=yes
DESC=SASL Authentication Daemon
NAME=saslauthd
MECHANISMS=shadow
MECH_OPTIONS=
THREADS=5
OPTIONS=-c -m /var/spool/postfix/var/run/saslauthd
mta1:/etc/postfix# more /etc/postfix/sasl/smtpd.conf
pwcheck_method: saslauthd
Is this where Postfix is configured to look for the smtpd.conf file?
I don't recall seeing any configuration settings that make it so...
Debian may have patches that make this location the default, but do check
that you are using the right pathname...
To use ${config_directory} for the SASL smtpd.conf I have (non-Debian
system):
main.cf:
# Postfix 2.5+, with Cyrus SASL 2.1.22+
# http://www.postfix.org/postconf.5.html#cyrus_sasl_config_path
#
cyrus_sasl_config_path = ${config_directory}
smtpd.conf:
pwcheck_method: saslauthd
mech_list: PLAIN
I use PAM, the saslauthd daemon is running as
# ps -o pid,args -p $(pgrep -P 1 saslauthd)
PID COMMAND
3821 saslauthd -m /var/run/saslauthd -a pam
Have you checked the options with which saslauthd is actually running?
For completeness, since I use PAM, the PAM stack is:
auth requisitepam_krb5.so.1 auth_only
account required pam_localuser.so file=/etc/postfix/saslusers
password required pam_deny.so
session required pam_deny.so
The saslusers file limits which accounts are allowed to authenticate:
joeuser:x:NN:NN:submit SASL user:/:
The authentication I now have, only works if I set a sasldb which is by
default in /etc/sasldb2 but because of the chroot, I need to copy it (maybe
a link would be enough, I haven't tested yet) in /var/spool/postfix/etc
I don't understand why I need this sasldb while I configured for shadow...
Either Postfix is not configured to use saslauthd, or saslauthd is not
configured as you believe.
--
Viktor.
P.S. Morgan Stanley is looking for a New York City based, Senior Unix
system/email administrator to architect and sustain our perimeter email
environment. If you are interested, please drop me a note.
Re: Relay between 2 Postfix : SASL authentication failure
Victor Duchovni a écrit : On Tue, Apr 20, 2010 at 12:21:35PM +0200, Gregory BELLIER wrote: Did you read the logs? I did. Why are you offering CRAM-MD5 and NTLM on mta1, when only PLAIN works? Because in my file sasl/smtpd.conf, every time I set a mech_list, it doesn't work. So I didn't set any mech in the mech_list because it does no harm for the moment. However, I did some tests. The server at 10.0.0.6 is not configured to offer PLAIN, even over TLS. Then why does it work if my MUA sends an email directly to each MTA ? Apr 20 12:02:01 mta2 postfix/smtpd[2954]: connect from mta1.local[10.0.0.5] Apr 20 12:02:01 mta2 xxx/pkcs11: Anonymous TLS connection established from mta1.local[10.0.0.5]: TLSv1 with cipher ADH-XXX-SHA (256/256 bits) Apr 20 12:02:01 mta2 xxx/pkcs11: disconnect from mta1.local[10.0.0.5] Why is smtpd calling itself pkcs11? Are you loading shared libraries that call openlog() and mess-up the application's syslog name? Yes. In any case, it sure looks like no PLAIN authentication support is configured on mta2, and you are showing no evidence of which mechanisms are available on this MTA via TLS (sasl-finger does not use TLS). You need to disable verbose TLS logging, and enable verbose non-TLS logging mta2:main.cf: debug_peer_list=10.0.0.5 Thanks for this option I haven't come across. TLS is now disabled. To answer your questions in the other email : - saslauthd is running with the following options : saslauthd -a shadow -c -m /var/run/saslauthd -n 5 Moreover, I can identify myself with testsaslauthd -u username -p password - /etc/postfix/sasl/smtpd.conf is where this file is expected by default (I found it somewhere). Anyway, I added cyrus_sasl_config_path and my file is taken into account because I added the line mech_list with only plain, looked at the log, added login, and saw login plain. I did 4 tests, please take a look at the logs at the end of this email : 1) login, plain and sasldb2 with secret inside and reachable pwcheck_method: saslauthd mech_list: LOGIN PLAIN 2) sasldb2 with secret inside and reachable pwcheck_method: saslauthd # mech_list: LOGIN PLAIN - commented 3) login, plain but sasldb2 file unreachable Same as n°1 (I don't provide a log for this one, it's useless) 4) sasldb2 unreachable pwcheck_method: saslauthd # mech_list: LOGIN PLAIN - commented - The test n°2 is the only one working. Because of the tests my main.cf changed, at the end of this email, you can find my postconf -n. I also did a test disabling the chroot in master.cf and it didn't change the behaviour. I hope this is clear for you because it isn't for me. ^^ Thanks for your help ! Greg. PS: My first email has been rejected because it was too long. The logs and postconf are in attachment. 1) login, plain and sasldb2 with secret inside and reachable Apr 20 18:26:24 mta2 postfix/smtpd[5447]: connect from mta1.local[10.0.0.5] Apr 20 18:26:24 mta2 postfix/smtpd[5447]: match_hostname: mta1.local ~? 127.0.0.0/8 Apr 20 18:26:24 mta2 postfix/smtpd[5447]: match_hostaddr: 10.0.0.5 ~? 127.0.0.0/8 Apr 20 18:26:24 mta2 postfix/smtpd[5447]: match_hostname: mta1.local ~? [:::127.0.0.0]/104 Apr 20 18:26:24 mta2 postfix/smtpd[5447]: match_hostaddr: 10.0.0.5 ~? [:::127.0.0.0]/104 Apr 20 18:26:24 mta2 postfix/smtpd[5447]: match_hostname: mta1.local ~? [::1]/128 Apr 20 18:26:24 mta2 postfix/smtpd[5447]: match_hostaddr: 10.0.0.5 ~? [::1]/128 Apr 20 18:26:24 mta2 postfix/smtpd[5447]: match_list_match: mta1.local: no match Apr 20 18:26:24 mta2 postfix/smtpd[5447]: match_list_match: 10.0.0.5: no match Apr 20 18:26:24 mta2 postfix/smtpd[5447]: auto_clnt_open: connected to private/anvil Apr 20 18:26:24 mta2 postfix/smtpd[5447]: send attr request = connect Apr 20 18:26:24 mta2 postfix/smtpd[5447]: send attr ident = smtp:10.0.0.5 Apr 20 18:26:24 mta2 postfix/smtpd[5447]: private/anvil: wanted attribute: status Apr 20 18:26:24 mta2 postfix/smtpd[5447]: input attribute name: status Apr 20 18:26:24 mta2 postfix/smtpd[5447]: input attribute value: 0 Apr 20 18:26:24 mta2 postfix/smtpd[5447]: private/anvil: wanted attribute: count Apr 20 18:26:24 mta2 postfix/smtpd[5447]: input attribute name: count Apr 20 18:26:24 mta2 postfix/smtpd[5447]: input attribute value: 1 Apr 20 18:26:24 mta2 postfix/smtpd[5447]: private/anvil: wanted attribute: rate Apr 20 18:26:24 mta2 postfix/smtpd[5447]: input attribute name: rate Apr 20 18:26:24 mta2 postfix/smtpd[5447]: input attribute value: 1 Apr 20 18:26:24 mta2 postfix/smtpd[5447]: private/anvil: wanted attribute: (list terminator) Apr 20 18:26:24 mta2 postfix/smtpd[5447]: input attribute name: (end) Apr 20 18:26:24 mta2 postfix/smtpd[5447]: mta1.local[10.0.0.5]: 220 mta2.local ESMTP Postfix (Debian/GNU) Apr 20 18:26:24 mta2 postfix/smtpd[5447]: watchdog_pat: 0xb7f34ac8 Apr 20 18:26:24 mta2 postfix/smtpd[5447]: mta1.local[10.0.0.5]: EHLO mta1.local Apr 20 18:26:24 mta2 postfix/smtpd[5447]:
Re: Relay between 2 Postfix : SASL authentication failure
On Tue, Apr 20, 2010 at 09:37:48PM +0200, Gregory BELLIER wrote: In the session below, the client did not want to use PLAIN, presumably because TLS was not in effect. Leave TLS enabled. I asked you to disable TLS very verbose logging (smtp*_tls_loglevel=0 or 1) not TLS. Now test with a client that supports PLAIN without TLS, or that uses TLS. If you read your logs carefully, there is enough there to figure it all out... You should be able to solve the problem now that you can see everything in the logs. Apr 20 18:26:24 mta2 postfix/smtpd[5447]: mta1.local[10.0.0.5]: 220 mta2.local ESMTP Postfix (Debian/GNU) Apr 20 18:26:24 mta2 postfix/smtpd[5447]: mta1.local[10.0.0.5]: EHLO mta1.local Apr 20 18:26:24 mta2 postfix/smtpd[5447]: mta1.local[10.0.0.5]: 250-mta2.local Apr 20 18:26:24 mta2 postfix/smtpd[5447]: mta1.local[10.0.0.5]: 250-PIPELINING Apr 20 18:26:24 mta2 postfix/smtpd[5447]: mta1.local[10.0.0.5]: 250-SIZE Apr 20 18:26:24 mta2 postfix/smtpd[5447]: mta1.local[10.0.0.5]: 250-VRFY Apr 20 18:26:24 mta2 postfix/smtpd[5447]: mta1.local[10.0.0.5]: 250-ETRN Apr 20 18:26:24 mta2 postfix/smtpd[5447]: mta1.local[10.0.0.5]: 250-AUTH LOGIN PLAIN Apr 20 18:26:24 mta2 postfix/smtpd[5447]: mta1.local[10.0.0.5]: 250-ENHANCEDSTATUSCODES Apr 20 18:26:24 mta2 postfix/smtpd[5447]: mta1.local[10.0.0.5]: 250-8BITMIME Apr 20 18:26:24 mta2 postfix/smtpd[5447]: mta1.local[10.0.0.5]: 250 DSN Apr 20 18:26:24 mta2 postfix/smtpd[5447]: mta1.local[10.0.0.5]: QUIT Apr 20 18:26:24 mta2 postfix/smtpd[5447]: mta1.local[10.0.0.5]: 221 2.0.0 Bye However, it does not mind doing CRAM-MD5, but this requires unhashed passwords, and so cannot work with shadow. Apr 20 18:33:23 mta2 postfix/smtpd[5498]: mta1.local[10.0.0.5]: 220 mta2.local ESMTP Postfix (Debian/GNU) Apr 20 18:33:23 mta2 postfix/smtpd[5498]: mta1.local[10.0.0.5]: EHLO mta1.local Apr 20 18:33:23 mta2 postfix/smtpd[5498]: mta1.local[10.0.0.5]: 250-mta2.local Apr 20 18:33:23 mta2 postfix/smtpd[5498]: mta1.local[10.0.0.5]: 250-PIPELINING Apr 20 18:33:23 mta2 postfix/smtpd[5498]: mta1.local[10.0.0.5]: 250-SIZE Apr 20 18:33:23 mta2 postfix/smtpd[5498]: mta1.local[10.0.0.5]: 250-VRFY Apr 20 18:33:23 mta2 postfix/smtpd[5498]: mta1.local[10.0.0.5]: 250-ETRN Apr 20 18:33:23 mta2 postfix/smtpd[5498]: mta1.local[10.0.0.5]: 250-AUTH LOGIN CRAM-MD5 DIGEST-MD5 NTLM PLAIN Apr 20 18:33:23 mta2 postfix/smtpd[5498]: mta1.local[10.0.0.5]: 250-ENHANCEDSTATUSCODES Apr 20 18:33:23 mta2 postfix/smtpd[5498]: mta1.local[10.0.0.5]: 250-8BITMIME Apr 20 18:33:23 mta2 postfix/smtpd[5498]: mta1.local[10.0.0.5]: 250 DSN Apr 20 18:33:23 mta2 postfix/smtpd[5498]: mta1.local[10.0.0.5]: AUTH DIGEST-MD5 Apr 20 18:33:23 mta2 postfix/smtpd[5498]: mta1.local[10.0.0.5]: 235 2.7.0 Authentication successful -- Viktor. P.S. Morgan Stanley is looking for a New York City based, Senior Unix system/email administrator to architect and sustain our perimeter email environment. If you are interested, please drop me a note.
Re: Relay between 2 Postfix : SASL authentication failure
On Mon, Apr 19, 2010 at 06:28:47PM +0200, Gregory BELLIER wrote: Hi all ! I would like to set up authentication between 2 postfix hosted on Debian Lenny and until now it doesn't work. Here is a log sample : warning: SASL authentication failure: No worthy mechs found SASL authentication failed; cannot authenticate to server 10.0.0.6[10.0.0.6]: no mechanism available Try again, with a more useful log sample, and configuration settings for the receiving side. The log sample should include multiple lines of logging from the SMTP client, showing any TLS handshake, ... relayhost = 10.0.0.6 Per the documentation, this must be: relayhost = [10.0.0.6] and the SMTP client password table: [10.0.0.6] user:pass smtp_sasl_auth_enable = yes smtp_sasl_mechanism_filter = plain smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd smtp_tls_loglevel = 2 Too verbose. smtp_use_tls = yes Obsolete, with 2.3 and later, use: smtp_tls_security_level = may -- permissions for /etc/postfix/sasl_passwd -- -rw-r--r-- 1 root root 43 avr 19 17:43 /etc/postfix/sasl_passwd This should NOT be world-readable. -- permissions for /etc/postfix/sasl_passwd.db -- -rw-r--r-- 1 root root 12288 avr 19 17:43 /etc/postfix/sasl_passwd.db Ditto, but postmap will take care of that, when you fix the source permissions. -- Viktor. P.S. Morgan Stanley is looking for a New York City based, Senior Unix system/email administrator to architect and sustain our perimeter email environment. If you are interested, please drop me a note.
