Hi, Followed your steps and this is output
warning: SASL authentication failure: Password verification failed Jun 9 13:12:26 domain.com postfix/smtpd[1391]: warning: fdsakjfhbdskj.fdsakjfhbdskj.com[ip_address]: SASL plain authentication failed: authentication failure testsaslauthd -s pam -u tom -p redhat 0: NO "authentication failed" testsaslauthd -s pam -u tom -p redhat 0: NO "authentication failed" On Thu, Jun 9, 2011 at 2:36 PM, Patrick Ben Koetter <p...@state-of-mind.de>wrote: > * Suresh Kumar Prajapati <er.sureshprajap...@gmail.com>: > > For the time being I just want to go with system accounts,once this is > set , > > I can catch up with second option. > > Fine. > > Run saslauthd with "-a shadow". > Run testsaslauthd and verify you have a user for whom authenication works. > Drop "smtpd_sasl_local_domain" in main.cf. > Reload postfix. > Download http://jetmore.org/john/code/gen-auth, make it executable and run > it > like this: > > % ./gen-auth plain username password > Auth String: AGZvbwBiYXI= > > Use the Auth String: (here: AGZvbwBiYXI=) in a telnet session. Do not use > "LOGIN" as in your previous test. Send PLAIN like this: > > AUTH PLAIN AGZvbwBiYXI= > > It *should* work... > > p@rick > > > > > > > > > > > > On Thu, Jun 9, 2011 at 2:23 PM, Patrick Ben Koetter <p...@state-of-mind.de > >wrote: > > > > > * Suresh Kumar Prajapati <er.sureshprajap...@gmail.com>: > > > > Both are system users and I've assigned password to them using > > > > passwd user_name > > > > command as well > > > > saslpasswd2 user_name > > > > > > So we have two ways to go: system accounts or separate mail user > database. > > > > > > I recommend using the separate database, because compromised accounts > would > > > only affect your mail service but not the system (if you use different > > > usernames and passwords...). > > > > > > Which way do you want to go? > > > > > > p@rick > > > > > > > > > > > > > > > > > > > > > > > > > On Thu, Jun 9, 2011 at 2:12 PM, Patrick Ben Koetter < > p...@state-of-mind.de > > > >wrote: > > > > > > > > > * Suresh Kumar Prajapati <er.sureshprajap...@gmail.com>: > > > > > > Hi > > > > > > following is the output from the command you have > > > > > > [root@<domain.com> ~]# testsaslauthd -s pam -u tom -p redhat > > > > > > 0: NO "authentication failed" > > > > > > > > > > > > and then i change /etc/sysconfig/saslauthd > > > > > > fiel MECH=shadow > > > > > > and then run the following command > > > > > > > > > > > > [root@<domain.com> ~]# testsaslauthd -s shadow -u tom -p redhat > > > > > > 0: OK "Success." > > > > > > > > > > Great. We're one step further. > > > > > > > > > > Where do you store the identities mail senders should use to > > > authenticate? > > > > > Are > > > > > all your senders system accounts? Are they in a database? > > > > > > > > > > p@rick > > > > > > > > > > > > > > > -- > > > > > All technical questions asked privately will be automatically > answered > > > on > > > > > the > > > > > list and archived for public access unless privacy is explicitely > > > required > > > > > and > > > > > justified. > > > > > > > > > > saslfinger (debugging SMTP AUTH): > > > > > <http://postfix.state-of-mind.de/patrick.koetter/saslfinger/> > > > > > > > > > > > > > > > > > > > > > -- > > > > Best Regards, > > > > Suresh Kumar Prajapati > > > > Linux Security Admin > > > > E-mail: er.sureshprajap...@gmail.com > > > > > > > > ---------------------------------------------------------------------------------------- > > > > Pencils could be made with erasers at both ends, but what would be > the > > > > point? > > > > > > -- > > > state of mind () > > > Digitale Kommunikation > > > > > > http://www.state-of-mind.de > > > > > > Franziskanerstraße 15 Telefon +49 89 3090 4664 > > > 81669 München Telefax +49 89 3090 4666 > > > > > > Amtsgericht München Partnerschaftsregister PR 563 > > > > > > > > > > > > -- > > Best Regards, > > Suresh Kumar Prajapati > > Linux Security Admin > > E-mail: er.sureshprajap...@gmail.com > > > ---------------------------------------------------------------------------------------- > > Pencils could be made with erasers at both ends, but what would be the > > point? > > -- > All technical questions asked privately will be automatically answered on > the > list and archived for public access unless privacy is explicitely required > and > justified. > > saslfinger (debugging SMTP AUTH): > <http://postfix.state-of-mind.de/patrick.koetter/saslfinger/> > -- Best Regards, Suresh Kumar Prajapati Linux Security Admin E-mail: er.sureshprajap...@gmail.com ---------------------------------------------------------------------------------------- Pencils could be made with erasers at both ends, but what would be the point?
