chrooting Postfix+SASL+TLS
Hi all, Has anyone successfully set up Postfix to run chrooted with saslauthd? I've been trying to get this to work for several days now and have run out of ideas. Everything works fine non-chrooted, but as soon as I run postfix/smtpd chrooted, I get the following messages in maillog: Jul 23 09:46:30 xxx postfix/smtpd[2472]: connect from yyy[999.999.999.999] Jul 23 09:46:30 xxx postfix/smtpd[2472]: setting up TLS connection from yyy[999.999.999.999] Jul 23 09:46:30 xxx postfix/smtpd[2472]: TLS connection established from yyy[999.999.999.99]: TLSv1 with cipher RC4-MD5 (128/128 bits) Jul 23 09:46:30 xxx postfix/smtpd[2472]: warning: SASL authentication failure: cannot connect to saslauthd server: No such file or directory Jul 23 09:46:30 xxx postfix/smtpd[2472]: warning: yyy[999.999.999.999]: SASL LOGIN authentication failed Jul 23 09:46:30 xxx postfix/smtpd[2472]: warning: Read failed in network_biopair_interop with errno=0: num_read=0, want_read=5 Jul 23 09:46:30 xxx postfix/smtpd[2472]: lost connection after AUTH from yyy[999.999.999.999] Jul 23 09:46:30 xxx postfix/smtpd[2472]: disconnect from yyy[999.999.999.999] Here is what I have installed: OS: FreeBSD 4.9-RELEASE ports installed: openssl-0.9.7d cyrus-sasl-2.1.18 cyrus-sasl-saslauthd-2.1.18_1 postfix installed from source with TLS patch applied: postfix-2.1.3 pfixtls-0.8.18-2.1.3-0.9.7d postfix chroot directory: /var/spool/postfix saslauthd startup options: /usr/local/sbin/saslauthd -a getpwent -m /var/spool/postfix/var/state/saslauthd tls/sasl options in /etc/postfix/main.cf: # sasl config # broken_sasl_auth_clients = yes smtpd_sasl_auth_enable = yes smtpd_sasl_local_domain = smtpd_sender_restrictions = permit_sasl_authenticated, permit_mynetworks smtpd_recipient_restrictions = permit_sasl_authenticated, permit_mynetworks, reject_unauth_destination # tls config # smtp_use_tls = yes smtpd_use_tls = yes smtp_tls_note_starttls_offer = yes smtpd_tls_key_file = /etc/postfix/ssl/smtpd.pem smtpd_tls_cert_file = /etc/postfix/ssl/smtpd.pem smtpd_tls_CAfile = /etc/postfix/ssl/smtpd.pem smtpd_tls_loglevel = 1 smtpd_tls_received_header = yes smtpd_tls_session_cache_timeout = 3600s tls_random_source = dev:/dev/urandom I have tried all kinds of tips from my archive searches and still no luck. Can anyone give me any pointers/instructions on how to run postfix chrooted with saslauthd using FreeBSD 4.9? any advice will be appreciated. thanks in advance, Alex M. ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: chrooting Postfix+SASL+TLS
Hi, Yah, your problem is when saslauth and smtp are chrooted they do not have there unix socket that they use to communicate. When saslauthd normally starts i believe it makes a socket at /var/run/mux i'm not near my machine to confirm this, but assuming your postfix chroot is /var/spool/postfix you would do: # mkdir -p /var/spool/postfix/var/run/mux and when you start saslauth use the -m option and specify the path to the chroot location. HTH Dave. ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: chrooting Postfix+SASL+TLS
Hi Dave, I have setup /var/spool/postfix/var/state/salsauthd for that per a how-to I read. The normal socket was located in /var/state/saslauthd, so I figured that was the correct location. I guess I can try /var/spool/postfix/var/run and see if that works. am On Fri, 23 Jul 2004, dave wrote: Hi, Yah, your problem is when saslauth and smtp are chrooted they do not have there unix socket that they use to communicate. When saslauthd normally starts i believe it makes a socket at /var/run/mux i'm not near my machine to confirm this, but assuming your postfix chroot is /var/spool/postfix you would do: # mkdir -p /var/spool/postfix/var/run/mux and when you start saslauth use the -m option and specify the path to the chroot location. HTH Dave. ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: chrooting Postfix+SASL+TLS
this is a follow up to my attempts to change the socket location. I now get the following message: Jul 23 10:54:22 xxx postfix/smtpd[3010]: warning: SASL authentication failure: cannot connect to saslauthd server: Connection refused this different from No such file or directory, but still does not work. I tried setting owner to 'cyrus' and group to 'mail', still no luck. I also tried chmod 0770 /var/spool/postfix/var/run i read that somewhere, a how-to doc i believe. Anyone else have any suggestions? i am guessing it may be some type of permissions issue at this point? thanks, am On Fri, 23 Jul 2004, Alex Melkomukov wrote: Hi Dave, I have setup /var/spool/postfix/var/state/salsauthd for that per a how-to I read. The normal socket was located in /var/state/saslauthd, so I figured that was the correct location. I guess I can try /var/spool/postfix/var/run and see if that works. am On Fri, 23 Jul 2004, dave wrote: Hi, Yah, your problem is when saslauth and smtp are chrooted they do not have there unix socket that they use to communicate. When saslauthd normally starts i believe it makes a socket at /var/run/mux i'm not near my machine to confirm this, but assuming your postfix chroot is /var/spool/postfix you would do: # mkdir -p /var/spool/postfix/var/run/mux and when you start saslauth use the -m option and specify the path to the chroot location. HTH Dave. ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
