Re: Help request: Red Hat Linux 8.0 + Postfix + Cyrus + saslauthd

[Hans Eric Sandstr�m]

As far as I can see your setup is working. What exactly is the problem?

You can test the authentication by base64 encoding yor username and password:
#perl -MMIME::Base64 -e 'print encode_base64("hes\0hes\0secret");'
aGVzAGhlcwBzZWNyZXQ=

Then test it like this:
# telnet smtp.emoh.com 25
Trying 195.66.35.203...
Connected to smtp.emoh.com.
Escape character is '^]'.
220 frontend2.home.se ESMTP Postfix
ehlo localhost
250-frontend2.home.se
250-PIPELINING
250-SIZE 10240000
250-VRFY
250-ETRN
250-AUTH PLAIN LOGIN
250-XVERP
250 8BITMIME
auth plain aGVzAGhlcwBzZWNyZXQ=
235 Authentication successful
quit

Sincerely

Hans Eric Sandstr�m
[EMAIL PROTECTED]

----- Original Message -----
From: "Jeffery Smith" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>; <[EMAIL PROTECTED]>
Sent: Friday, January 24, 2003 7:26 PM
Subject: Help request: Red Hat Linux 8.0 + Postfix + Cyrus + saslauthd


Hello everyone,

I have been searching high and low and have yet to figure out what I am
doing wrong.  I would like to get my Red Hat Linux 8.0 server working
with Postfix + Cyrus + saslauthd (and maybe TLS, too).

Before I get too far, I should mention that I my server is using NIS for
authentication and aliases, so it doesn't use the local passwd, shadow,
or aliases files (or at least there isn't anything useful in the local
files).  This works fine with postfix and I have been using it with no
problem on this server and on another.

Here's what's on my server at the moment:

Red Hat Linux v8.0 full install w/ all patches & updates including:
  postfix-1.1.11-5
  cyrus-sasl-plain-2.1.10-1
  cyrus-sasl-devel-2.1.10-1
  cyrus-sasl-gssapi-2.1.10-1
  cyrus-sasl-md5-2.1.10-1
  cyrus-sasl-2.1.10-1

Relevant services running:
  postfix
  saslauthd

Postfix configuration (main.cf):
  queue_directory = /var/spool/postfix
  program_directory = /usr/libexec/postfix
  command_directory = /usr/sbin
  daemon_directory = /usr/libexec/postfix
  mail_owner = postfix
  myhostname = support.skycomputers.com
  mydomain = skycomputers.com
  myorigin = $myhostname
  inet_interfaces = all
  mydestination = $myhostname, localhost.$mydomain
  relayhost = sky.skycomputers.com
  default_transport = smtp
  local_recipient_maps = $alias_maps unix:passwd.byname
  alias_maps = nis:mail.aliases
  alias_database = hash:/etc/postfix/aliases
  mail_spool_directory = /var/spool/mail
  mailbox_command = /usr/bin/procmail
  header_checks = regexp:/etc/postfix/acl_header
  body_checks = regexp:/etc/postfix/acl_body
  relay_domains = $mydestination, /etc/postfix/relay-domains
  smtpd_client_restrictions = permit_mynetworks
  smtpd_sender_restrictions = check_sender_access
    regexp:/etc/postfix/acl_sender, reject_invalid_hostname,
    reject_non_fqdn_sender
  smtpd_recipient_restrictions = permit_mynetworks,
    permit_sasl_authenticated,reject_non_fqdn_recipient,
    check_relay_domains
  disable_vrfy_command = yes
  mynetworks = 10.0.0.0/24
  allow_untrusted_routing = no
  smtpd_banner = $myhostname ESMTP $mail_name - Authorized Users ONLY!
  smtpd_sasl_auth_enable = yes
  smtpd_sasl_local_domain = $myhostname
  smtpd_sasl_security_options = noanonymous, noplaintext
  smtp_sasl_auth_enable = yes
  smtp_sasl_password_maps = nis:passwd.byname
  smtp_sasl_security_options = noanonymous, noplaintext
  local_destination_concurrency_limit = 2
  debug_peer_level = 2
  debugger_command =
PATH=/usr/bin:/usr/X11R6/bin
xxgdb $daemon_directory/$process_name $process_id & sleep 5
  sendmail_path = /usr/sbin/sendmail.postfix
  newaliases_path = /usr/bin/newaliases.postfix
  mailq_path = /usr/bin/mailq.postfix
  setgid_group = postdrop
  manpage_directory = /usr/share/man
  sample_directory = /usr/share/doc/postfix-1.1.11/samples
  readme_directory = /usr/share/doc/postfix-1.1.11/README_FILES
  maximal_queue_lifetime = 4d
  message_size_limit = 5120000
  delay_warning_time = 6

Postfix configuration (master.cf):
#=======================================================================
# service type private unpriv chroot wakeup maxproc command + args
# (yes) (yes) (yes) (never) (50)
#=======================================================================
#smtp inet n - y - - smtpd
smtp inet n - y - - smtpd -v
smtps   inet n - n - - smtpd -o smtpd_tls_wrappermode=yes -o
smtpd_sasl_auth_enable=yes
#submission inet n - n - - smtpd
#  -o smtpd_enforce_tls=yes -o smtpd_sasl_auth_enable=yes
#628   inet n - n - - qmqpd
pickup fifo n - y 60 1 pickup
cleanup unix n - y - 0 cleanup
#qmgr   fifo n - n 300 1 qmgr
qmgr fifo n - y 300 1 nqmgr
#tlsmgr   fifo - - n 300 1 tlsmgr
rewrite unix - - y - - trivial-rewrite
bounce unix - - y - 0 bounce
defer unix - - y - 0 bounce
flush unix n - y 1000? 0 flush
smtp unix - - y - - smtp
showq unix n - y - - showq
error unix - - y - - error
local   unix - n n - - local
virtual unix - n y - - virtual
lmtp unix - - y - - lmtp
#
# Interfaces to non-Postfix software. Be sure to examine the manual
# pages of the non-Postfix software to find out what options it wants.
# The Cyrus deliver program has changed incompatibly.
#
cyrus   unix - n n - - pipe
  flags=R user=cyrus argv=/cyrus/bin/deliver -e -m ${extension} ${user}
uucp   unix - n n - - pipe
  flags=Fqhu user=uucp argv=uux -r -n -z -a$sender -
$nexthop!rmail.postfix ($recipient)
ifmail    unix  -       n       n       -       -       pipe
  flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient)
bsmtp     unix  -       n       n       -       -       pipe
  flags=Fq. user=foo argv=/usr/local/sbin/bsmtp -f $sender $nexthop
$recipient


Contents of "/usr/lib/sasl/smtpd.conf" & "/usr/lib/sasl2/smtpd.conf":
  pwcheck_method: saslauthd

Here's what happens when connecting to port 25:
  220 support.skycomputers.com ESMTP Postfix - Authorized Users ONLY!
  EHLO support.skycomputers.com
  250-support.skycomputers.com
  250-PIPELINING
  250-SIZE 5120000
  250-ETRN
  250-AUTH GSSAPI PLAIN LOGIN
  250-XVERP
  250 8BITMIME


I'm not sure what, if any, additional information would help, so if
there is more I need to provide to solve this, please let me know.  I am
running out of clever ideas to solve this and I think maybe I am making
this problem harder than it really is.

Thanks for any help anyone can offer!  :)

--
+----------------------------------------------------------------+
| Jeffery Smith - Systems Administrator - [EMAIL PROTECTED] |
| Sky Computers, Inc. (www.skycomputers.com)                     |
+----------------------------------------------------------------+



--
Psyche-list mailing list
[EMAIL PROTECTED]
https://listman.redhat.com/mailman/listinfo/psyche-list



-- 
Psyche-list mailing list
[EMAIL PROTECTED]
https://listman.redhat.com/mailman/listinfo/psyche-list