I've been poking at this for a week with no luck at all. I presume I am
doing something dumb but I can't see what.
I have what I think is a bog standard debian systen running in a virtual
machine on my laptop, with the usual postfix and sasl packages. All of
the mail addresses and mailboxes are in a virtual domain so I want to use
sasldb to authenticate.
Postfix has cyrus and dovecot support, per postconf -a
I've put a few dummy user entries in /etc/sasldb2 and set up the saslauthd
service, which for now I'm running in debug mode. When I try sending a
test query the daemon gets it and replies:
# testsaslauthd -f /var/spool/postfix/var/run/saslauthd/mux -u aaa -r test.qy
-p aaaa
saslauthd[8239] :released accept lock
saslauthd[8239] :attempting a read lock on slot: 742
saslauthd[8239] :[login=aaa] [service=imap] [realm=test.qy]: not found, update
pending
saslauthd[8239] :attempting to release lock on slot: 742
saslauthd[8239] :attempting a write lock on slot: 742
saslauthd[8239] :lookup committed
saslauthd[8239] :attempting to release lock on slot: 742
saslauthd[8239] :auth success: [user=aaa] [service=imap] [realm=test.qy]
[mech=sasldb]
saslauthd[8239] :response: OK
saslauthd[8239] :acquired accept lock
0: OK "Success."
But when I try to get postfix to authenticate, I cannot get it even to talk to
the daemon. Connecting to the submission port and doing auth works fine as far
as it goes:
$ gnutls-cli --no-ca-verification --crlf 172.16.157.132:465
[ cert stuff skipped ]
- Simple Client Mode:
220 debian12.qy ESMTP Postfix (Debian/GNU)
ehlo bob
250-debian12.qy
250-PIPELINING
250-SIZE 10240000
250-VRFY
250-ETRN
250-AUTH LOGIN PLAIN
250-ENHANCEDSTATUSCODES
250-8BITMIME
250-DSN
250-SMTPUTF8
250 CHUNKING
auth plain AGFhYUB0ZXN0LnF5AGFhYWE=
535 5.7.8 Error: authentication failed: authentication failure
quit
221 2.0.0 Bye
When I look at the logs, it gets the user name OK but can't authenticate
Jul 02 11:47:20 debian12 postfix/submissions/smtpd[9563]: connect from
unknown[172.16.157.1]
Jul 02 11:47:32 debian12 postfix/submissions/smtpd[9563]: warning: SASL
authentication failure: Password verification failed
Jul 02 11:47:32 debian12 postfix/submissions/smtpd[9563]: warning:
unknown[172.16.157.1]: SASL plain authentication failed: authentication failure,
sasl_username=a...@test.qy
Jul 02 11:47:34 debian12 postfix/submissions/smtpd[9563]: disconnect from
unknown[172.16.157.1] ehlo=1 auth=0/1 quit=1 commands=2/3
In main.cf it has the debian default config, and I added this:
smtp_sasl_type = cyrus
smtpd_sasl_path = smtpd
cyrus_sasl_config_path = /usr/lib/sasl2
smtpd_sasl_auth_enable = yes
smtpd_tls_auth_only = yes
smtpd_sasl_mechanism_filter = login, plain
Per the instructions in the postfix SASL page and the Cyrus SASL doc
page I put this both in /etc/sasl2/smtpd.conf and in
/usr/lib/sasl2/smtpd.conf since it's not clear which postfix prefers:
pwcheck_method: saslauthd
mech_list: PLAIN LOGIN
The default location for the saslauthd socket is /var/run/saslauthd
but postfix is chrooted so I've tried having the daemon listen there
or at /var/spool/postfix/var/run/saslauthd. The daemon works fine
either way, per the test above, but postfix doesn't talk to it.
What am I missing?
Regards,
John Levine, jo...@taugh.com, Taughannock Networks, Trumansburg NY
Please consider the environment before reading this e-mail. https://jl.ly
_______________________________________________
Postfix-users mailing list -- postfix-users@postfix.org
To unsubscribe send an email to postfix-users-le...@postfix.org
