Re: Fwd: getting postfix + sasl to work
El día Tue, 28 Jan 2003 08:08:26 -0800 Rupa Schomaker [EMAIL PROTECTED] escribió: Got it. Just reviewed the sasl documentation. The *only* way to support CRAM-MD5 or DIGEST-MD5 (encrypted auth) is to use sasldb or something called auxprop -- not sure how they are related. So, even if you got saslauthd working (and the documentation is correct), it will only support traditional (non encrypted) authentication. I think you are wrong. I have postfix + sasl in a Solaris server (not chrooted) and I use CRAM-MD5 to authenticate via saslauthd. -- Angel L. Mateo Martínez Sección de Redes y Comunicaciones Area de Tecnologías de la Información _o) y las Comunicaciones Aplicadas (ATICA) / \\ http://www.um.es/atica_(___V Tfo: 968367590 Fax: 968363389 -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Fwd: getting postfix + sasl to work
Hi I just entered in the list, so I didn't see your first question, but postfix with sasldb works fine. The trick under debian with sasldb is to copy (after having added the user in sasldb) /etc/sasldb to /var/spool/postfix/etc and making this file redeable for postfix because postfix is chrooted. Regards, Pierre Am Mittwoch, 29. Januar 2003 09:09 schrieb Angel L. Mateo: El día Tue, 28 Jan 2003 08:08:26 -0800 Rupa Schomaker [EMAIL PROTECTED] escribió: Got it. Just reviewed the sasl documentation. The *only* way to support CRAM-MD5 or DIGEST-MD5 (encrypted auth) is to use sasldb or something called auxprop -- not sure how they are related. So, even if you got saslauthd working (and the documentation is correct), it will only support traditional (non encrypted) authentication. I think you are wrong. I have postfix + sasl in a Solaris server (not chrooted) and I use CRAM-MD5 to authenticate via saslauthd. -- My Sites: http://www.linux-age.com http://www.globeall.de Tel. +49 (0)30 757 02 517 Fax: +49 (0)30 757 02 518 -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Fwd: getting postfix + sasl to work
El día Wed, 29 Jan 2003 09:45:01 +0100 martin f krafft [EMAIL PROTECTED] escribió: also sprach Angel L. Mateo [EMAIL PROTECTED] [2003.01.29.0909 +0100]: I think you are wrong. I have postfix + sasl in a Solaris server (not chrooted) and I use CRAM-MD5 to authenticate via saslauthd. can you share more information, like the configuration of saslauthd, and how you configured postfix? and pam? I dit it compiling all the software (postfix and sasl) from the source (postfix 1.1.11 and sasl 1.5.28, I think). I configure postfix to do authentication via saslauthd (in the smtpd.conf file). Then, the only I have to do is to run saslauthd before run postfix. I didn't need to configure anything more. With this configuration, I can authenticate with PLAIN, CRAM-MD5 and any other authentication mechanism that SASL supports (saslauthd is running as root). -- Angel L. Mateo Martínez Sección de Redes y Comunicaciones Area de Tecnologías de la Información _o) y las Comunicaciones Aplicadas (ATICA) / \\ http://www.um.es/atica_(___V Tfo: 968367590 Fax: 968363389 -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Fwd: getting postfix + sasl to work
also sprach Angel L. Mateo [EMAIL PROTECTED] [2003.01.29.0950 +0100]: configure anything more. With this configuration, I can authenticate with PLAIN, CRAM-MD5 and any other authentication mechanism that SASL supports (saslauthd is running as root). How do you start saslauthd? -- Please do not CC me! Mutt (www.mutt.org) can handle this automatically. .''`. martin f. krafft [EMAIL PROTECTED] : :' :proud Debian developer, admin, and user `. `'` `- Debian - when you have better things to do than fixing a system NOTE: The pgp.net keyservers and their mirrors are broken! Get my key here: http://people.debian.org/~madduck/gpg/330c4a75.asc msg27101/pgp0.pgp Description: PGP signature
Re: Fwd: getting postfix + sasl to work
El día Wed, 29 Jan 2003 09:59:38 +0100 martin f krafft [EMAIL PROTECTED] escribió: also sprach Angel L. Mateo [EMAIL PROTECTED] [2003.01.29.0950 +0100]: configure anything more. With this configuration, I can authenticate with PLAIN, CRAM-MD5 and any other authentication mechanism that SASL supports (saslauthd is running as root). How do you start saslauthd? saslauthd (nothing more) -- Angel L. Mateo Martínez Sección de Redes y Comunicaciones Area de Tecnologías de la Información _o) y las Comunicaciones Aplicadas (ATICA) / \\ http://www.um.es/atica_(___V Tfo: 968367590 Fax: 968363389 -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Fwd: getting postfix + sasl to work
also sprach Angel L. Mateo [EMAIL PROTECTED] [2003.01.29.1002 +0100]: saslauthd (nothing more) do you know how it authenticates? /etc/sasldb? pam? -- Please do not CC me! Mutt (www.mutt.org) can handle this automatically. .''`. martin f. krafft [EMAIL PROTECTED] : :' :proud Debian developer, admin, and user `. `'` `- Debian - when you have better things to do than fixing a system NOTE: The pgp.net keyservers and their mirrors are broken! Get my key here: http://people.debian.org/~madduck/gpg/330c4a75.asc msg27103/pgp0.pgp Description: PGP signature
Re: Fwd: getting postfix + sasl to work
Derrick 'dman' Hudson wrote: :-). Yes, I am the exim guru, but I'm also playing with postfix. I wanted to better understand how it was designed and see how it's configuration/configurability compared. I still have exim as the SMTP server on my machine so that I can reject spam during the SMTP session (using sa-exim), and currently postfix can't do that. However, I also hvae the postfix package installed and postfix is /usr/sbin/sendmail and performing local (and remove) delivery only through that interface. (by local here I mean /var/mail/$USER, not using maildrop or any other fancy MDA; exim is doing that) Well, personally, I favor exim so far. Mailman integration, delivery to /home/$USER/Maildir and now TLS and SMTP-Auth makes it pretty nice. Although I wonder about plans on exim4 in official Debian. Any news? Also, I am missing pam_exim in debian, as it allows to run exim as non-root and still use PAM for authentication. But exim also has a weird thing: I wanted to make my ssl key only readable to root.cert and having exim's user 'mail' in group cert. However that does not work. Strange, isn't it? The .key and the .crt file needs to be in group mail to let exim access it. Too bad :-/ Any ideas? HS -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Fwd: getting postfix + sasl to work
martin f krafft [EMAIL PROTECTED] writes: also sprach Rupa Schomaker [EMAIL PROTECTED] [2003.01.27.1652 +0100]: It is nearly impossible to get sasl to work *correctly* in a chroot and even more difficult with PAM. Which is, I believe, why saslauthd was created - to load the authentication off to another software outside the chroot. There is absolutely no documentation though. Got it. Just reviewed the sasl documentation. The *only* way to support CRAM-MD5 or DIGEST-MD5 (encrypted auth) is to use sasldb or something called auxprop -- not sure how they are related. So, even if you got saslauthd working (and the documentation is correct), it will only support traditional (non encrypted) authentication. Refer to /usr/share/doc/libsasl2/sysadmin.html for details. I just run it outside of it's jail... Also, you cannot use anything but PLAIN auth (plaintext userid/passwd in a base64 string) if you use PAM. Probably not a good idea. If you use sasldb (or sasldb2) then you can use things like CRAM-MD5. Why not? All (some? most?) of the over the wire encrypted methods that sasl supports requires that the real password be available to the piece of software that is mediating the authentication (in this case the sasl libs smtpd links against). For PAM, even if the password is stored somewhere in the clear, there is no way to ask pam what is the password for this user, just is this password valid. So, the only auth method supported are those that don't require the auth mechanism to know the real password -- AUTH PLAIN. Generally PAM will then auth against pam_unix which uses /etc/shadow. Those passwords cannot be reversed (since they are hashes or whatever). So, even if PAM supported giving the password to the auth requester it couldn't if you were using normal unix passwords. At one point (2yrs ago?) I was using pam_userdb (plaint text password storage) for users that existed on both unix and imap. PAM worked for unix logins and I had a auth module for sasl that worked with the db format for pam_userdb. I no longer had the source for that (eek, never put it in my cvs) and when I switched to sasl2 I realized that I had so few users that would use the functionality (combined unix and imap authentication database) that writing the code again would be silly and instead I just have different auth databases for unix login (me and wife) and imap login (everyone else plus me). Is there any way to synchronize the /etc/shadow and /etc/sasldb passwords? I am asking because my users finally learnt how to use the passwd binary. I can't expect them to know anything else. Not that I know of. You can: 1) make passwd a wrapper that uses both passwd and saslpasswd when the user changes their password. 2) write a pam module that knows how to update sasldb and add it to /etc/pam.d/passwd. Both of the above means you have two authentication databases, but they are kept in sync as long as people use either passwd or programs that work through PAM (including passwd). Alternatively, you can do what I described above and: 3) Write a PAM module that stores enough info for both unix logins and sasl logins and then write a sasl module to authenticate against the new file layout. -- -rupa -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Fwd: getting postfix + sasl to work
martin f krafft [EMAIL PROTECTED] writes: also sprach Derrick 'dman' Hudson [EMAIL PROTECTED] [2003.01.27.1949 +0100]: 1) the pam config file can be found 2) the pam module referenced can be found 3) any other resources the pam module needs can be found which is a lot, and i am not willing to maintain a chroot with all these features. There was a time when Wietse spoke about adding an auth service to postfix so that all the auth stuff could be ripped out of smtpd. I don't know what happened to that, for all I know it got into postfix 2.0... The idea was to leave smtpd in the jail even when the auth stuff required elevated privs. authd (or whatever it would be called) would run with whatever privs were necessary to do the authentication. smtpd and authd would communicate like any other postfix daemon (unix domain sockets normally). If you look at the postfix source, you can see that Wietse is not too happy about linking SASL with smtpd. Of course, he is pretty paranoid about security... much more than most would ever be. The SASL_README file starts out with: quote WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING === This code is not blessed by Wietse. To use SASL support on Debian GNU/Linux, you must install the postfix-tls package. People who go to the trouble of installing Postfix may have the expectation that Postfix is more secure than some other mailers. With SASL authentication enabled in the Postfix SMTP client and SMTP server, Postfix becomes no more secure than other mail systems that use the Cyrus SASL library. The Cyrus SASL library has too little documentation about how the software is supposed to work; and it is too much code to be used in a security-sensitive program such as an SMTP client or server. /quote -- -rupa -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Fwd: getting postfix + sasl to work
also sprach Derrick 'dman' Hudson [EMAIL PROTECTED] [2003.01.24.2244 +0100]: /etc/postfix/sasl/smtpd.conf pwcheck_method: PAM /etc/pam.d/smtp # (take your pick and remove the rest) # (how do you want it to find the user/pass matches?) authrequiredpam_permit.so authrequiredpam_pwdfile.so pwdfile /etc/postfix/dman/passwd authrequiredpam_unix.so authrequiredpam_ldap.so Okay, I tried this (without pam_ldap), creating a passwd file in /etc/postfix that I referenced in the pwdfile.so line similar to yours. I then restarted postfix. I now get the following errors: postfix/smtpd[18838]: warning: SASL authentication problem: unable to open Berkeley db /etc/sasldb2: No such file or directory postfix/smtpd[18838]: warning: SASL authentication problem: unable to open Berkeley db /etc/sasldb2: No such file or directory postfix/smtpd[18838]: warning: SASL authentication failure: no secret in database postfix/smtpd[18838]: warning: dclient217-162-113-106.hispeed.ch[217.162.113.106]: SASL CRAM-MD5 authentication failed this has got to be chroot related, since postfix's smtpd runs in a chroot in /var/spool/postfix on Debian. dman, what's your master.cf file look like in terms of the chroot column? wait, why are you using postfix anyway? aren't you the exim guru? is there anyone out there using postfix + saslauthd ? -- Please do not CC me! Mutt (www.mutt.org) can handle this automatically. .''`. martin f. krafft [EMAIL PROTECTED] : :' :proud Debian developer, admin, and user `. `'` `- Debian - when you have better things to do than fixing a system NOTE: The pgp.net keyservers and their mirrors are broken! Get my key here: http://people.debian.org/~madduck/gpg/330c4a75.asc msg26535/pgp0.pgp Description: PGP signature
Re: Fwd: getting postfix + sasl to work
martin f krafft [EMAIL PROTECTED] writes: this has got to be chroot related, since postfix's smtpd runs in a chroot in /var/spool/postfix on Debian. dman, what's your master.cf file look like in terms of the chroot column? wait, why are you using postfix anyway? aren't you the exim guru? It is nearly impossible to get sasl to work *correctly* in a chroot and even more difficult with PAM. I just run it outside of it's jail... Also, you cannot use anything but PLAIN auth (plaintext userid/passwd in a base64 string) if you use PAM. Probably not a good idea. If you use sasldb (or sasldb2) then you can use things like CRAM-MD5. is there anyone out there using postfix + saslauthd ? Not I, though that is probably how you'd be able to run it in a chroot... -- -rupa -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Fwd: getting postfix + sasl to work
On Mon, Jan 27, 2003 at 09:56:25AM +0100, martin f krafft wrote: | also sprach Derrick 'dman' Hudson [EMAIL PROTECTED] [2003.01.24.2244 +0100]: | /etc/postfix/sasl/smtpd.conf | pwcheck_method: PAM | | /etc/pam.d/smtp | # (take your pick and remove the rest) | # (how do you want it to find the user/pass matches?) | authrequiredpam_permit.so | authrequiredpam_pwdfile.so pwdfile /etc/postfix/dman/passwd | authrequiredpam_unix.so | authrequiredpam_ldap.so | | Okay, I tried this (without pam_ldap), creating a passwd file in | /etc/postfix that I referenced in the pwdfile.so line similar to | yours. I then restarted postfix. I now get the following errors: | | postfix/smtpd[18838]: warning: SASL authentication problem: unable to open Berkeley |db /etc/sasldb2: No such file or directory | postfix/smtpd[18838]: warning: SASL authentication problem: unable to open Berkeley |db /etc/sasldb2: No such file or directory I remember seeing mention of this somewhere. I think it is the sasl library that is requiring write access to that file so it can store secrets and stuff there. It is only needed under some setups, though. | postfix/smtpd[18838]: warning: SASL authentication failure: no secret in database | postfix/smtpd[18838]: warning: dclient217-162-113-106.hispeed.ch[217.162.113.106]: |SASL CRAM-MD5 authentication failed I haven't tried using CRAM-MD5 [reordered quoting] | is there anyone out there using postfix + saslauthd ? I think this is why. I think the saslauthd is what wants to write to /etc/sasldb2. Do you have a line in /etc/postfix/sasl/smtpd.conf that references saslauthd? If so, I'd try removing it and using only PAM. It's what I have and it works for me. If you get that working and you still want to use saslauthd then go from there. | this has got to be chroot related, since postfix's smtpd runs in | a chroot in /var/spool/postfix on Debian. That could be. | dman, what's your master.cf file look like in terms of the chroot | column? # == # service type private unpriv chroot wakeup maxproc command + args # (yes) (yes) (yes) (never) (100) # == smtp2 inet n - - - - smtpd (smtp2 is defined as port 2525 in /etc/services since exim still owns port 25, see below for that explanation) | wait, why are you using postfix anyway? aren't you the exim guru? :-). Yes, I am the exim guru, but I'm also playing with postfix. I wanted to better understand how it was designed and see how it's configuration/configurability compared. I still have exim as the SMTP server on my machine so that I can reject spam during the SMTP session (using sa-exim), and currently postfix can't do that. However, I also hvae the postfix package installed and postfix is /usr/sbin/sendmail and performing local (and remove) delivery only through that interface. (by local here I mean /var/mail/$USER, not using maildrop or any other fancy MDA; exim is doing that) HTH, -D -- Contrary to popular belief, Unix is user friendly. It just happens to be selective about who it makes friends with. -- Dave Parnas http://dman.ddts.net/~dman/ msg26639/pgp0.pgp Description: PGP signature
Re: Fwd: getting postfix + sasl to work
On Sun, Jan 26, 2003 at 08:43:31PM +0100, martin f krafft wrote: | also sprach Derrick 'dman' Hudson [EMAIL PROTECTED] [2003.01.24.2244 +0100]: | /etc/postfix/sasl/smtpd.conf | pwcheck_method: PAM | | If postfix is in a chroot, will that work? Yes, if 1) the pam config file can be found 2) the pam module referenced can be found 3) any other resources the pam module needs can be found Hmm, I just retested (a lot of things have happened since the last time I thought about this) and pam_pwdfile.so (at least I didn't retest pam_permit or pam_deny) doesn't work in the jail. I suspect it could be set up if the pam module and the password file were found in the jail. *Note* Correction to my earlier post -- I did have smtpd in the chroot jail as I posted but auth failed in that case. Eliminating the jail solved that problem. | What happened to saslauthd? I thought that was overkill, for me at least. HTH, -D -- Q: What is the difference betwee open-source and commercial software? A: If you have a problem with commercial software you can call a phone number and they will tell you it might be solved in a future version. For open-source sofware there isn't a phone number to call, but you get the solution within a day. http://dman.ddts.net/~dman/ msg26640/pgp0.pgp Description: PGP signature
Re: Fwd: getting postfix + sasl to work
also sprach Derrick 'dman' Hudson [EMAIL PROTECTED] [2003.01.27.1943 +0100]: | postfix/smtpd[18838]: warning: SASL authentication problem: unable to open Berkeley db /etc/sasldb2: No such file or directory | postfix/smtpd[18838]: warning: SASL authentication problem: unable to open Berkeley db /etc/sasldb2: No such file or directory I remember seeing mention of this somewhere. I think it is the sasl library that is requiring write access to that file so it can store secrets and stuff there. It is only needed under some setups, though. what??? the sasl library stores secrets??? | postfix/smtpd[18838]: warning: SASL authentication failure: no secret in database | postfix/smtpd[18838]: warning: dclient217-162-113-106.hispeed.ch[217.162.113.106]: SASL CRAM-MD5 authentication failed I haven't tried using CRAM-MD5 what do you use? I think this is why. I think the saslauthd is what wants to write to /etc/sasldb2. then it would not be postfix/smtpd causing the log entry... # == # service typeprivate unpriv chroot wakeup maxproc command + args # (yes) (yes) (yes) (never) (100) # == smtp2 inet n - - - - smtpd (smtp2 is defined as port 2525 in /etc/services since exim still owns port 25, see below for that explanation) so you have a chrooted smtpd, your passwd file in /etc/passwd/dman/passwd and a pam file /etc/pam.d/smtp and you are saying that SASL-AUTH works for you? how could it??? -- Please do not CC me! Mutt (www.mutt.org) can handle this automatically. .''`. martin f. krafft [EMAIL PROTECTED] : :' :proud Debian developer, admin, and user `. `'` `- Debian - when you have better things to do than fixing a system NOTE: The pgp.net keyservers and their mirrors are broken! Get my key here: http://people.debian.org/~madduck/gpg/330c4a75.asc msg26668/pgp0.pgp Description: PGP signature
Re: Fwd: getting postfix + sasl to work
also sprach Rupa Schomaker [EMAIL PROTECTED] [2003.01.27.1652 +0100]: It is nearly impossible to get sasl to work *correctly* in a chroot and even more difficult with PAM. Which is, I believe, why saslauthd was created - to load the authentication off to another software outside the chroot. There is absolutely no documentation though. I just run it outside of it's jail... Also, you cannot use anything but PLAIN auth (plaintext userid/passwd in a base64 string) if you use PAM. Probably not a good idea. If you use sasldb (or sasldb2) then you can use things like CRAM-MD5. Why not? Is there any way to synchronize the /etc/shadow and /etc/sasldb passwords? I am asking because my users finally learnt how to use the passwd binary. I can't expect them to know anything else. -- Please do not CC me! Mutt (www.mutt.org) can handle this automatically. .''`. martin f. krafft [EMAIL PROTECTED] : :' :proud Debian developer, admin, and user `. `'` `- Debian - when you have better things to do than fixing a system NOTE: The pgp.net keyservers and their mirrors are broken! Get my key here: http://people.debian.org/~madduck/gpg/330c4a75.asc msg26673/pgp0.pgp Description: PGP signature
Re: Fwd: getting postfix + sasl to work
also sprach Derrick 'dman' Hudson [EMAIL PROTECTED] [2003.01.27.1949 +0100]: 1) the pam config file can be found 2) the pam module referenced can be found 3) any other resources the pam module needs can be found which is a lot, and i am not willing to maintain a chroot with all these features. *Note* Correction to my earlier post -- I did have smtpd in the chroot jail as I posted but auth failed in that case. Eliminating the jail solved that problem. as i thought. | What happened to saslauthd? I thought that was overkill, for me at least. it's the right way, as long as PAM doesn't work through sockets or ports... -- Please do not CC me! Mutt (www.mutt.org) can handle this automatically. .''`. martin f. krafft [EMAIL PROTECTED] : :' :proud Debian developer, admin, and user `. `'` `- Debian - when you have better things to do than fixing a system NOTE: The pgp.net keyservers and their mirrors are broken! Get my key here: http://people.debian.org/~madduck/gpg/330c4a75.asc msg26677/pgp0.pgp Description: PGP signature
Re: Fwd: getting postfix + sasl to work
also sprach Derrick 'dman' Hudson [EMAIL PROTECTED] [2003.01.24.2244 +0100]: /etc/postfix/sasl/smtpd.conf pwcheck_method: PAM If postfix is in a chroot, will that work? What happened to saslauthd? You can't assign IP address 127.0.0.1 to the loopback adapter, because it is a reserved address for loopback devices (Microsoft Windows XP - P R O F E S S I O N A L) YEAH! -- Please do not CC me! Mutt (www.mutt.org) can handle this automatically. .''`. martin f. krafft [EMAIL PROTECTED] : :' :proud Debian developer, admin, and user `. `'` `- Debian - when you have better things to do than fixing a system NOTE: The pgp.net keyservers and their mirrors are broken! Get my key here: http://people.debian.org/~madduck/gpg/330c4a75.asc msg26444/pgp0.pgp Description: PGP signature
Fwd: getting postfix + sasl to work
did people see this and just noone respond? - Forwarded message from martin f krafft [EMAIL PROTECTED] - Date: Sat, 18 Jan 2003 00:08:47 +0100 From: martin f krafft [EMAIL PROTECTED] To: debian users [EMAIL PROTECTED] Subject: getting postfix + sasl to work User-Agent: Mutt/1.4i Organization: Debian GNU/Linux I can't get SASL support working with postfix on Debian Woody. postfix and TLS are fully configured and operable, now I tried to enable SASL by: 1) installing - sasl2-bin and libsasl2 - libsasl2-modules-plain - libsasl2-digestmd5-plain 2) configuring postfix' main.cf smtpd_sasl_auth_enable = yes smtpd_sasl_local_domain = smtp.madduck.net smtpd_sasl_security_options = noanonymous, noplaintext broken_sasl_auth_clients = no 3) configuring postfix' master.cf (the \ at the end is not in the file, just here to split the line) smtps inet n - n - - smtpd -o smtpd_tls_wrappermode=yes \ -o smtpd_sasl_security_options=noanonymous submission inet n - n - - smtpd -o smtpd_enforce_tls=yes \ -o smtpd_sasl_security_options=noanonymous 4) starting saslauthd with PAM as the auth method in /etc/default/saslauthd /etc/init.d/saslauthd start 5) telling postfix to use saslauthd echo pwcheck_method: saslauthd /etc/postfix/sasl/smtpd.conf chmod 0644 !$ 6) restarting postfix /etc/init.d/postfix restart When I now try to connect to either of the ports smtp, smtps or submission (25, 465, 587), the logs show this on the mailserver: postfix/smtpd[28047]: fatal: no SASL authentication mechanisms postfix/master[26121]: warning: process /usr/lib/postfix/smtpd pid 28047 exit status 1 postfix/master[26121]: warning: /usr/lib/postfix/smtpd: bad command startup -- throttling and no connection can be made with the respective port. What am I doing wrong? -- Please do not CC me! Mutt (www.mutt.org) can handle this automatically. .''`. martin f. krafft [EMAIL PROTECTED] : :' :proud Debian developer, admin, and user `. `'` `- Debian - when you have better things to do than fixing a system NOTE: The pgp.net keyservers and their mirrors are broken! Get my key here: http://people.debian.org/~madduck/gpg/330c4a75.asc - End forwarded message - -- Please do not CC me! Mutt (www.mutt.org) can handle this automatically. .''`. martin f. krafft [EMAIL PROTECTED] : :' :proud Debian developer, admin, and user `. `'` `- Debian - when you have better things to do than fixing a system NOTE: The pgp.net keyservers and their mirrors are broken! Get my key here: http://people.debian.org/~madduck/gpg/330c4a75.asc msg25908/pgp0.pgp Description: PGP signature
Re: Fwd: getting postfix + sasl to work
On Fri, Jan 24, 2003 at 12:56:44PM +0100, martin f krafft wrote: | did people see this and just noone respond? [snip forwarded message] Yes. I worked through the problem on my system, but I used version 2.0.x from unstable. I didn't think my solution was relevant to your problem (see bug 176048 for a description of what I ran into). While working on that I saw that postfix 1.11 was built with sasl2 even though 2.0 was built with sasl 1.5. Apparently the _sarge_ 1.11 was built with sasl2, but the version you installed from woody was sasl 1.5 as Markus on postfix-users pointed out. Install the libsasl-digestmd5-plain and libsasl-modules-plain packages to get the rest of what you need for sasl 1.5. HTH, -D -- Bugs come in through open windows. Keep Windows shut! http://dman.ddts.net/~dman/ msg25948/pgp0.pgp Description: PGP signature
Re: Fwd: getting postfix + sasl to work
also sprach Derrick 'dman' Hudson [EMAIL PROTECTED] [2003.01.24.1630 +0100]: though 2.0 was built with sasl 1.5. Apparently the _sarge_ 1.11 was built with sasl2, but the version you installed from woody was sasl 1.5 as Markus on postfix-users pointed out. Install the libsasl-digestmd5-plain and libsasl-modules-plain packages to get the rest of what you need for sasl 1.5. cool. thanks. it seems like i fixed it. don't have SASL working yet, but it doesn't barf no more. now i just need to get it to authenticate... on monday... -- Please do not CC me! Mutt (www.mutt.org) can handle this automatically. .''`. martin f. krafft [EMAIL PROTECTED] : :' :proud Debian developer, admin, and user `. `'` `- Debian - when you have better things to do than fixing a system NOTE: The pgp.net keyservers and their mirrors are broken! Get my key here: http://people.debian.org/~madduck/gpg/330c4a75.asc msg25984/pgp0.pgp Description: PGP signature
Re: Fwd: getting postfix + sasl to work
On Fri, Jan 24, 2003 at 06:21:18PM +0100, martin f krafft wrote: | also sprach Derrick 'dman' Hudson [EMAIL PROTECTED] [2003.01.24.1630 +0100]: | though 2.0 was built with sasl 1.5. Apparently the _sarge_ 1.11 was | built with sasl2, but the version you installed from woody was sasl | 1.5 as Markus on postfix-users pointed out. Install the | libsasl-digestmd5-plain and libsasl-modules-plain packages to get the | rest of what you need for sasl 1.5. | | cool. thanks. it seems like i fixed it. don't have SASL working yet, | but it doesn't barf no more. now i just need to get it to | authenticate... on monday... That's progress! :-) /etc/postfix/sasl/smtpd.conf pwcheck_method: PAM /etc/pam.d/smtp # (take your pick and remove the rest) # (how do you want it to find the user/pass matches?) authrequiredpam_permit.so authrequiredpam_pwdfile.so pwdfile /etc/postfix/dman/passwd authrequiredpam_unix.so authrequiredpam_ldap.so -D -- You can't assign IP address 127.0.0.1 to the loopback adapter, because it is a reserved address for loopback devices (Microsoft Windows XP - P R O F E S S I O N A L) http://dman.ddts.net/~dman/ msg26030/pgp0.pgp Description: PGP signature
