smtp and cleanup shoudn't use chroot in master.cf when usinf ssl+ldap. Jakjr
On Thu, Aug 14, 2008 at 4:03 AM, Patrick Ben Koetter <[EMAIL PROTECTED]>wrote: > * Alejandro Facultad <[EMAIL PROTECTED]>: > >>> apt-get install sasl2-bin libsasl2-modules > >>> > >>> /etc/default/saslauthd: > >>> START=yes > >>> MECHANISMS="ldap" > >>> MECH_OPTIONS="" > >>> THREADS=5 > >>> OPTIONS="-c -m /var/spool/postfix/var/run/saslauthd" > >>> > >>> /etc/saslauthd.conf: > >>> ldap_servers: ldap://ldap.company.com/ > >>> ldap_search_base: ou=people,dc=company,dc=com > >>> ldap_bind_dn: cn=admin,dc=company,dc=com > >>> ldap_bind_pw: xyz > >>> ldap_filter: (&(objectClass=CourierMailAccount)(cn=%U)) > >>> ldap_scope: sub > >>> ldap_auth_method: bind > >>> > >>> I execute: > >>> dpkg-statoverride --add root sasl 710 > >>> /var/spool/postfix/var/run/saslauthd > >>> adduser postfix sasl > >>> > >>> /etc/postfix/sasl/smtpd.conf: > >>> pwcheck_method: saslauthd > >>> mech_list: plain login > >>> log_level: 7 > >>> > >>> /etc/postfix/master.cf: > >>> smtp inet n - n - - smtpd -o > >>> content_filter=spamassassin # No chroot > >>> > >>> /etc/postfix/main.cf: > >>> # TLS > >>> smtp_tls_security_level = may > >>> smtpd_tls_security_level = may > >>> smtpd_tls_auth_only = no > >>> smtpd_tls_cert_file = /etc/courier/smtpd.cert > >>> smtpd_tls_key_file = /etc/courier/smtpd.key > >>> smtpd_tls_loglevel = 2 > >>> smtpd_tls_received_header = yes > >>> smtpd_tls_session_cache_timeout = 3600s > >>> tls_random_source = dev:/dev/urandom > >>> # SASL > >>> smtpd_sasl_auth_enable = yes > >>> smtpd_sasl_security_options = noanonymous > >>> smtpd_sasl_local_domain = > >>> broken_sasl_auth_clients = yes > >>> # SMTP Restrictions > >>> smtpd_recipient_restrictions = permit_sasl_authenticate, > >>> permit_mynetworks > >>> > >>> Restart postfix and saslauthd > >>> > >>> After that: > >>> > >>> $telnet mail 25 > >>> > >>> and I see: > >>> 250-STARTTLS > >>> 250-AUTH LOGIN PLAIN 250-AUTH=LOGIN PLAIN > >>> So TLS and SASL are OK. > >>> > >>> Finally I configure my mail client (Iceweasel) and sens a mail, > >>> asking me for the password, but I FAIL !!! I see this in > >>> /var/log/auth.log: > >>> > >>> Aug 13 15:25:45 mail postfix/cleanup[4182]: looking for plugins in > >>> '/usr/lib/sasl2', failed to open directory, error: No such file or > >>> directory > >>> Aug 13 15:25:53 mail postfix/smtpd[4196]: looking for plugins in > >>> '/usr/lib/sasl2', failed to open directory, error: No such file or > >>> directory > >>> Aug 13 15:27:15 mail postfix/cleanup[4222]: looking for plugins in > >>> '/usr/lib/sasl2', failed to open directory, error: No such file or > >>> directory > >>> Aug 13 15:29:41 mail postfix/cleanup[4290]: looking for plugins in > >>> '/usr/lib/sasl2', failed to open directory, error: No such file or > >>> directory > >>> Aug 13 15:29:57 mail postfix/smtpd[4303]: looking for plugins in > >>> '/usr/lib/sasl2', failed to open directory, error: No such file or > >>> directory > >>> Aug 13 15:30:01 mail CRON[4306]: (pam_unix) session opened for user > >>> vmail by (uid=0) > >>> Aug 13 15:30:01 mail pam_limits[4306]: setrlimit limit #11 to > >>> soft=-1, hard=-1 failed: Operation not permitted; uid=0 euid=0 > >>> Aug 13 15:30:01 mail pam_limits[4306]: setrlimit limit #12 to > >>> soft=-1, hard=-1 failed: Operation not permitted; uid=0 euid=0 > >>> Aug 13 15:30:01 mail CRON[4306]: (pam_unix) session closed for user > >>> vmail > >>> > >>> > >> You need to install either the courier or dovecot packages to provide > >> the necessary utilities/libraries. > >> > >> For the courier option, you'll need libsasl2-modules and sasl2-bin at > >> a minimum. I don't think the dovecot packages have broken out the > >> auth portion yet, so you would need to install dovecot-imapd and/or > >> dovecot-pop3d. > >> > > I had libsasl2-modules and sasl2-bin as I just said above. > > > > What can I do ???? > > Simplify (for the moment). > > 1. $ ls -l /usr/lib/sasl2 > 2. Verify it works with testsaslauthd. > 3. Move on to Postfix. > > [EMAIL PROTECTED] > > -- > The Book of Postfix > <http://www.postfix-book.com> > saslfinger (debugging SMTP AUTH): > <http://postfix.state-of-mind.de/patrick.koetter/saslfinger/> >
