Ubuntu Server 13.10 | Postfix 2.10.2 | Cyrus 2.4.16
Hi everyone, I am stack. I would like to use in my test environment virtual domains and emails. I have 2 domains. The users from default domain i can via sasl and pam authenticate without problem. I use in my mail software credentials like user password. Now I don’t want to use pam mechanism, but sasldb. See hereunder my configs: /etc/default/saslauthd START=yes MECHANISMS=sasldb MECH_OPTIONS= THREADS=5 #chroot Postfix OPTIONS=-c -m /var/spool/postfix/var/run/saslauthd” /etc/postfix/main.cf #only sasl/virtual related config info! mydomain = domain.tld myhostname = mail.domain.tld mydestination = mail.domain.tld, domain.tld, localhost.domain.tld, localhost mailbox_transport = lmtp:unix:/var/run/cyrus/socket/lmtp #- # Virtual mailbox/domains with delivery to cyrus lmtp #- virtual_transport = $mailbox_transport virtual_mailbox_domains = domain.tld, domain2.tld virtual_mailbox_maps = hash:/etc/postfix/vmailbox virtual_alias_maps = hash:/etc/postfix/virtual /etc/postfix/vamilbox #--- #domain.tld #u...@domain.tld u...@domain.tld and...@domain.tld domain.tld/andrey i...@domain.tld domain.tld/info #--- #domain2.tld #u...@domain.tld u...@domain.tld i...@domain2.tld domain2.tld/info /etc/postfix/virtual #--- #domain.tld #u...@domain.tld u...@domain.tld and...@domain.tld andrey i...@domain.tld info #--- #domain2.tld #u...@domain.tld u...@domain.tld i...@domain2.tld info /etc/imapd.conf #only sasl/virtual related config info! allowplaintext: yes sasl_mech_list: PLAIN loginrealms: domain.tld,domain2.tld virtdomains: userid defaultdomain: domain.tld sasl_pwcheck_method: saslauthd sasl_auto_transition: no Then I did following steps: saslpasswd2 -u domain.tld info testsaslauthd -u info -r domain.tld -p Pa77w0rd 0: OK Success. testsaslauthd -u i...@domain.tld -p Pa77w0rd 0: NO authentication failed /var/log/mail.log Mar 7 15:49:23 srv01 cyrus/imaps[3906]: badlogin: [192.168.1.1] plaintext info SASL(-13): authentication failure: checkpass failed /var/log/auth.log Mar 7 15:49:23 srv01 saslauthd[3655]: do_auth : auth failure: [user=info] [service=imap] [realm=] [mech=sasldb] [reason=Unknown] In windows live mail I use following credentials: i...@domain.tld Pa77w0rd. And I cannot login... I do not understand, why it does not work? What I need to change? Thank you. Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ To Unsubscribe: https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus
Re: Ubuntu Server 13.10 | Postfix 2.10.2 | Cyrus 2.4.16
On 03/07/14 17:13 +0100, Andrey wrote: Hi everyone, I am stack. I would like to use in my test environment virtual domains and emails. I have 2 domains. The users from default domain i can via sasl and pam authenticate without problem. I use in my mail software credentials like user password. Now I don’t want to use pam mechanism, but sasldb. See hereunder my configs: /etc/default/saslauthd START=yes MECHANISMS=sasldb MECH_OPTIONS= THREADS=5 saslauthd, with default compile options, does not contain support for sasldb. It is recommended to use the sasldb auxprop plugin in this scenario rather than saslauthd. Configure /etc/imapd.conf with: sasl_auxprop_plugin: sasldb sasl_pwcheck_method: auxprop #chroot Postfix OPTIONS=-c -m /var/spool/postfix/var/run/saslauthd” /etc/postfix/main.cf #only sasl/virtual related config info! mydomain = domain.tld myhostname = mail.domain.tld mydestination = mail.domain.tld, domain.tld, localhost.domain.tld, localhost mailbox_transport = lmtp:unix:/var/run/cyrus/socket/lmtp Configure your postfix smtpd.conf with: auxprop_plugin: sasldb pwcheck_method: auxprop The sasldb database is typically contained in /etc, and not underneath underneath the Postfix chroot. Either disable chrooting of smtpd in /etc/postfix/master.cf, or configure an appropriate 'sasl_sasldb_path' in /etc/imapd.conf, and a 'sasldb_path' in your postfix smtpd.conf file. If you continue to chroot postfix, you will also need to specify the location of the sasldb database with 'saslpasswd2 -f path'. /etc/imapd.conf #only sasl/virtual related config info! allowplaintext: yes sasl_mech_list: PLAIN loginrealms: domain.tld,domain2.tld virtdomains: userid defaultdomain: domain.tld sasl_pwcheck_method: saslauthd sasl_auto_transition: no Then I did following steps: saslpasswd2 -u domain.tld info testsaslauthd -u info -r domain.tld -p Pa77w0rd 0: OK Success. testsaslauthd -u i...@domain.tld -p Pa77w0rd 0: NO authentication failed With saslauthd, you may wish to experiment with the '-r' option (/etc/default/saslauthd OPTIONS). -- Dan White Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ To Unsubscribe: https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus
Re: Ubuntu Server 13.10 | Postfix 2.10.2 | Cyrus 2.4.16
Hi this was very helpful: sasl_auxprop_plugin: sasldb But is works only in combination with: sasl_pwcheck_method: saslauth I can now log in to default domain as user password via Windows live mail (WLM) and send/receive e-mails. And I a succeed on testsaslauthd. However, the user in sasldb with name i...@domain2.tld cannot login. in /etc/default/saslauthd START=yes MECHANISMS=sasldb THREADS=5 OPTIONS=-c -m /var/run/saslauthd -rVd root@srv01:~# sasldblistusers2 cyrus@srv01: userPassword i...@domain2.tld: userPassword andrey@srv01: userPassword root@srv01:~#testsaslauthd -u i...@domain2.tld -p Pa77w0rd 0: NO authentication failed Debug: root@srv01:~# service saslauthd restart * Stopping SASL Authentication Daemon saslauthd [ OK ] * Starting SASL Authentication Daemon saslauthd saslauthd[8891] :main: num_procs : 5 saslauthd[8891] :main: mech_option: NULL saslauthd[8891] :main: run_path : /var/run/saslauthd saslauthd[8891] :main: auth_mech : sasldb saslauthd[8891] :cache_alloc_mm : mmaped shared memory segment on file: /var/run/saslauthd/cache.mmap saslauthd[8891] :cache_init : bucket size: 96 bytes saslauthd[8891] :cache_init : stats size : 36 bytes saslauthd[8891] :cache_init : timeout: 28800 seconds saslauthd[8891] :cache_init : cache table: 985828 total bytes saslauthd[8891] :cache_init : cache table: 1711 slots saslauthd[8891] :cache_init : cache table: 10266 buckets saslauthd[8891] :cache_init_lock : flock file opened at /var/run/saslauthd/cache.flock saslauthd[8891] :ipc_init: using accept lock file: /var/run/saslauthd/mux.accept saslauthd[8891] :detach_tty : master pid is: 0 saslauthd[8891] :ipc_init: listening on socket: /var/run/saslauthd/mux saslauthd[8891] :main: using process model saslauthd[8891] :have_baby : forked child: 8892 saslauthd[8892] :get_accept_lock : acquired accept lock saslauthd[8891] :have_baby : forked child: 8893 saslauthd[8891] :have_baby : forked child: 8894 saslauthd[8891] :have_baby : forked child: 8895 saslauthd[8892] :rel_accept_lock : released accept lock saslauthd[8892] :cache_get_rlock : attempting a read lock on slot: 1130 saslauthd[8892] :cache_lookup: [login=i...@domain2.tld] [service=] [realm=imap]: not found, update pending saslauthd[8892] :cache_un_lock : attempting to release lock on slot: 1130 saslauthd[8893] :get_accept_lock : acquired accept lock saslauthd[8892] :do_auth : auth failure: [user=i...@domain2.tld] [service=imap] [realm=] [mech=sasldb] [reason=Unknown] saslauthd[8892] :do_request : response: NO I test it from WLM and got an error too... Thank you -Oorspronkelijk bericht- From: Dan White Sent: Friday, March 7, 2014 6:01 PM To: Andrey Cc: info-cyrus@lists.andrew.cmu.edu Subject: Re: Ubuntu Server 13.10 | Postfix 2.10.2 | Cyrus 2.4.16 On 03/07/14 17:13 +0100, Andrey wrote: Hi everyone, I am stack. I would like to use in my test environment virtual domains and emails. I have 2 domains. The users from default domain i can via sasl and pam authenticate without problem. I use in my mail software credentials like user password. Now I don’t want to use pam mechanism, but sasldb. See hereunder my configs: /etc/default/saslauthd START=yes MECHANISMS=sasldb MECH_OPTIONS= THREADS=5 saslauthd, with default compile options, does not contain support for sasldb. It is recommended to use the sasldb auxprop plugin in this scenario rather than saslauthd. Configure /etc/imapd.conf with: sasl_auxprop_plugin: sasldb sasl_pwcheck_method: auxprop #chroot Postfix OPTIONS=-c -m /var/spool/postfix/var/run/saslauthd” /etc/postfix/main.cf #only sasl/virtual related config info! mydomain = domain.tld myhostname = mail.domain.tld mydestination = mail.domain.tld, domain.tld, localhost.domain.tld, localhost mailbox_transport = lmtp:unix:/var/run/cyrus/socket/lmtp Configure your postfix smtpd.conf with: auxprop_plugin: sasldb pwcheck_method: auxprop The sasldb database is typically contained in /etc, and not underneath underneath the Postfix chroot. Either disable chrooting of smtpd in /etc/postfix/master.cf, or configure an appropriate 'sasl_sasldb_path' in /etc/imapd.conf, and a 'sasldb_path' in your postfix smtpd.conf file. If you continue to chroot postfix, you will also need to specify the location of the sasldb database with 'saslpasswd2 -f path'. /etc/imapd.conf #only sasl/virtual related config info! allowplaintext: yes sasl_mech_list: PLAIN loginrealms: domain.tld,domain2.tld virtdomains: userid defaultdomain: domain.tld sasl_pwcheck_method: saslauthd sasl_auto_transition: no Then I did following steps: saslpasswd2 -u domain.tld info testsaslauthd -u info -r domain.tld -p Pa77w0rd 0: OK Success. testsaslauthd -u i...@domain.tld -p Pa77w0rd 0: NO authentication failed With saslauthd, you may wish to experiment with the '-r'
Re: Ubuntu Server 13.10 | Postfix 2.10.2 | Cyrus 2.4.16
On 03/07/14 22:02 +0100, Andrey wrote: Hi this was very helpful: sasl_auxprop_plugin: sasldb But is works only in combination with: sasl_pwcheck_method: saslauth 'sasl_pwcheck_method: auxprop' is really what you want here. saslauthd and testsaslauthd are no longer needed. -- Dan White Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ To Unsubscribe: https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus
Re: Ubuntu Server 13.10 | Postfix 2.10.2 | Cyrus 2.4.16
On 03/07/14 16:33 -0600, Dan White wrote: On 03/07/14 22:02 +0100, Andrey wrote: Hi this was very helpful: sasl_auxprop_plugin: sasldb But is works only in combination with: sasl_pwcheck_method: saslauth 'sasl_pwcheck_method: auxprop' is really what you want here. saslauthd and testsaslauthd are no longer needed. Also, imtest and smtptest can be used for simple testing. -- Dan White Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ To Unsubscribe: https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus
Re: Ubuntu Server 13.10 | Postfix 2.10.2 | Cyrus 2.4.16
Hi Dan I tried everything from your first post and test it with testsaslauthd and imtest: root@srv01:~# imtest -p 143 -u andrey -z mail.domain.tld S: * OK [CAPABILITY IMAP4rev1 LITERAL+ ID ENABLE STARTTLS AUTH=PLAIN SASL-IR] server ready Please enter your password: C: A01 AUTHENTICATE PLAIN YW5kcmV5AHJvb3QAUGE3N3cwcmQ= S: A01 NO generic failure Authentication failed. generic failure Security strength factor: 0 S: C01 BAD Please login first S: A003 BAD Please login first S: Date: BAD Please login first S: * BAD Invalid tag S: * BAD Invalid tag S: * BAD Invalid tag S: * BAD Invalid tag S: * BAD Invalid tag S: * BAD Invalid tag S: * BAD Invalid tag S: * BAD Invalid tag S: A003 BAD Please login first S: Date: BAD Please login first S: * BAD Invalid tag S: * BAD Invalid tag S: * BAD Invalid tag S: * BAD Invalid tag S: * BAD Invalid tag S: * BAD Invalid tag S: * BAD Invalid tag S: * BAD Invalid tag S: A003 BAD Please login first S: Date: BAD Please login first S: * BAD Invalid tag S: * BAD Invalid tag S: * BAD Invalid tag S: * BAD Invalid tag S: * BAD Invalid tag S: * BAD Invalid tag S: * BAD Invalid tag S: * BAD Invalid tag S: A003 BAD Please login first S: Date: BAD Please login first S: * BAD Invalid tag S: * BAD Invalid tag S: * BAD Invalid tag S: * BAD Invalid tag S: * BAD Invalid tag S: * BAD Invalid tag S: * BAD Invalid tag S: * BYE Fatal error: word too long failure: prot layer failure And like this: root@srv01:~# imtest -p 143 -u info -r domain.tld -z mail.domain.tld S: * OK [CAPABILITY IMAP4rev1 LITERAL+ ID ENABLE STARTTLS AUTH=PLAIN SASL-IR] server ready Please enter your password: C: A01 AUTHENTICATE PLAIN aW5mbwByb290AFBhNzd3MHJk S: A01 NO generic failure Authentication failed. generic failure Security strength factor: 0 S: C01 BAD Please login first S: A003 BAD Please login first S: Date: BAD Please login first S: * BAD Invalid tag S: * BAD Invalid tag S: * BAD Invalid tag S: * BAD Invalid tag S: * BAD Invalid tag S: * BAD Invalid tag S: * BAD Invalid tag S: * BAD Invalid tag S: A003 BAD Please login first S: Date: BAD Please login first S: * BAD Invalid tag S: * BAD Invalid tag S: * BAD Invalid tag S: * BAD Invalid tag S: * BAD Invalid tag S: * BAD Invalid tag S: * BAD Invalid tag S: * BAD Invalid tag S: A003 BAD Please login first S: Date: BAD Please login first S: * BAD Invalid tag S: * BAD Invalid tag S: * BAD Invalid tag S: * BAD Invalid tag S: * BAD Invalid tag S: * BAD Invalid tag S: * BAD Invalid tag S: * BAD Invalid tag S: A003 BAD Please login first S: Date: BAD Please login first S: * BAD Invalid tag S: * BAD Invalid tag S: * BAD Invalid tag S: * BAD Invalid tag S: * BAD Invalid tag S: * BAD Invalid tag S: * BAD Invalid tag S: * BYE Fatal error: word too long failure: prot layer failure It is looks like auxprop don't want to work... The same error I got if I use saslauthd... I feel problem might be in sasl2-bin library. -Oorspronkelijk bericht- From: Dan White Sent: Friday, March 7, 2014 11:37 PM To: Andrey Cc: info-cyrus@lists.andrew.cmu.edu Subject: Re: Ubuntu Server 13.10 | Postfix 2.10.2 | Cyrus 2.4.16 On 03/07/14 16:33 -0600, Dan White wrote: On 03/07/14 22:02 +0100, Andrey wrote: Hi this was very helpful: sasl_auxprop_plugin: sasldb But is works only in combination with: sasl_pwcheck_method: saslauth 'sasl_pwcheck_method: auxprop' is really what you want here. saslauthd and testsaslauthd are no longer needed. Also, imtest and smtptest can be used for simple testing. -- Dan White Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ To Unsubscribe: https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus
Re: Ubuntu Server 13.10 | Postfix 2.10.2 | Cyrus 2.4.16
Hi, On Sat, 08 Mar 2014 08:39:19 +0900, Andrey ? andrew_...@hotmail.com wrote: I tried everything from your first post and test it with testsaslauthd and imtest: root@srv01:~# imtest -p 143 -u andrey -z mail.domain.tld S: * OK [CAPABILITY IMAP4rev1 LITERAL+ ID ENABLE STARTTLS AUTH=PLAIN SASL-IR] server ready Please enter your password: C: A01 AUTHENTICATE PLAIN YW5kcmV5AHJvb3QAUGE3N3cwcmQ= S: A01 NO generic failure Authentication failed. generic failure Security strength factor: 0 You can find allowplaintext option in imapd.conf(5) -- OBATA Akio / ob...@lins.jp Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ To Unsubscribe: https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus