Hi Becki, Thanks for the answer. I'm however trying to use the PAM way, because using the auxprop method involves storing user passwords in plain text, which I'd like to avoid. I can't seem to find a way to tell the smtpd.conf file to encrypt passwords, and as per the Postfix documentation it seems not possible, so I'm stuck. The best way would be to tell the PAM module that the username table is in the user@domain form, I'm not sure this is possible though.
Any pointers would be very appreciated. Thanks El sáb., 18 abr. 2020 a las 6:30, Admin Beckspaced (<ad...@beckspaced.com>) escribió: > Hi there, > > remember having a similar issue with saslauthd and cut off user names. > > Postfix doc has the proper info > > http://www.postfix.org/SASL_README.html > > %u - The name of the user whose properties are being selected. > %r - The name of the realm to which the user belongs. This could be > the KERBEROS realm, the fully-qualified domain name of the computer the > SASL application is running on, or the domain after the "@" in a username. > > sql_select: SELECT password FROM users WHERE user = '%u@%r' > > best of luck ;) > > Greetings > Becki > > > > > > > Am 17.04.2020 um 21:43 schrieb N KN: > > Hi, > > I'm setting up a mail server with postfix and dovecot. For SMTP, I want to > use saslauthd with a MySQL backend for which I installed the pam_mysql > library, I'm trying to configure it but there's no luck. > > My table schema (users) has 3 columns: > > e-mail, password, quota > > My /etc/pam.d/smtp configuration is: > > auth required pam_mysql.so user=postfix passwd=... host=127.0.0.1 > db=postfix table=users usercolumn=email passwdcolumn=password crypt=2 > account sufficient pam_mysql.so user=postfix passwd=... host=127.0.0.1 > db=postfix table=users usercolumn=email passwdcolumn=password crypt=2 > > However, saslauthd fails on authentication: > > Apr 17 21:20:48 X saslauthd[12714]: DEBUG: auth_pam: pam_authenticate > failed: User not known to the underlying authentication module > Apr 17 21:20:48 X saslauthd[12714]: : auth failure: > [user=mike] [service=smtp] [realm=domain.com] [mech=pam] [reason=PAM aut > h error] > > I can see that the problem relies on saslauthd using "mike" as the > username instead of "m...@domain.com", which is the actual record in the > database for the "email" column. > > Is there a way to tell saslauthd to use the full username (including > domain) for the MySQL lookup? > > My postfix configuration is like this: > > smtpd_sasl_auth_enable = yes > broken_sasl_auth_clients = yes > smtpd_sasl_authenticated_header = yes > smtpd_sasl_security_options = noanonymous > > My saslauthd configuration is like this: > > START=yes > DESC="SASL Authentication Daemon" > NAME="saslauthd" > MECHANISMS="pam" > MECH_OPTIONS="" > THREADS=5 > OPTIONS="-c -m /var/spool/postfix/var/run/saslauthd -r" > > I'd be very grateful if someone could shed some light on it. > > Thanks. > >
