| Linux - Server This forum is for the discussion of Linux Software used in a server related context. |
| Notices |
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
Are you new to LinuxQuestions.org? Visit the following links:
Site Howto |
Site FAQ |
Sitemap |
Register Now
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
 |
GNU/Linux Basic Guide
This 255-page guide will provide you with the keys to understand the philosophy of free software, teach you how to use and handle it, and give you the tools required to move easily in the world of GNU/Linux. Many users and administrators will be taking their first steps with this GNU/Linux Basic guide and it will show you how to approach and solve the problems you encounter.
Click Here to receive this Complete Guide absolutely free. |
|
 |
07-16-2012, 09:46 AM
|
#1
|
|
LQ Newbie
Registered: Jul 2012
Posts: 4
Rep: 
|
Debian postfix+courier MySql smtp authentication
Hello everyone!
I have a trouble with postfix+sasl+pam_mysql configuration. I have dedicated server with debian, apache2, posfix and courier.
IMAP(courier) authentication works perfectly, but SMTP(postfix) does strange things. I can log in with any username(e-mail or not), but only empty password. When password and username are correct I have in log "SASL LOGIN authentication failed: authentication failure". If password is empty everything is OK(postfix sends e-mail).
I've tried making this work for a week or so and I have no idea what can be wrong. I've tried postfix with chroot(default) and not. I'm using postfix->saslauthd->pam->mysql.
I've done pretty much everything like in here: http://www.howtoforge.com/virtual-us...debian-squeeze
I hope this is enough information about my problem,
Thanks for your help,
Bartek
PS. Sorry if my English isn't so good but i'm from Poland and I'm 15 years old. |
|
|
|
|
07-16-2012, 05:44 PM
|
#2
|
|
Member
Registered: Nov 2003
Location: Los Angeles
Distribution: debian
Posts: 415
Rep: 
|
Not enough information in your request. Post the mail server config file.
Did you test that SASL authentication is working? What were the results?
|
|
|
|
|
07-17-2012, 02:31 AM
|
#3
|
|
LQ Newbie
Registered: Jul 2012
Posts: 4
Original Poster
Rep:
|
Hi,
Ow, right testsaslauthd -u user -p pass gives me "connect() : No such file or directory"
So, there are my postfix, saslauthd and pam config files. It will be OK with me if saslauthd will authenticate SMTP users in IMAP server.
postfix main.cf
Code:
smtpd_banner = $myhostname ESMTP $mail_name (Debian/GNU)
biff = no
# appending .domain is the MUA's job.
append_dot_mydomain = no
# Uncomment the next line to generate "delayed mail" warnings
delay_warning_time = 4h
readme_directory = /usr/share/doc/postfix
# TLS parameters
smtpd_tls_cert_file = /etc/postfix/smtpd.cert
smtpd_tls_key_file = /etc/postfix/smtpd.key
smtpd_use_tls = yes
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
# See /usr/share/doc/postfix/TLS_README.gz in the postfix-doc package for
# information on enabling SSL in the smtp client.
myhostname = mail.leding.com.pl
alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases
myorigin = /etc/mailname
mydestination = mail.leding.com.pl, localhost, localhost.domain
mynetworks = 127.0.0.0/8
mailbox_command = procmail -a "$EXTENSION"
mailbox_size_limit = 0
recipient_delimiter = +
inet_interfaces = all
html_directory = /usr/share/doc/postfix/html
virtual_alias_domains =
virtual_alias_maps = proxy:mysql:/etc/postfix/mysql-virtual_forwardings.cf, mysql:/etc/postfix/mysql-virtual_email2email.cf
virtual_mailbox_domains = proxy:mysql:/etc/postfix/mysql-virtual_domains.cf
virtual_mailbox_maps = proxy:mysql:/etc/postfix/mysql-virtual_mailboxes.cf
virtual_mailbox_base = /vmail
virtual_uid_maps = static:5000
virtual_gid_maps = static:5000
smtpd_sasl_type = cyrus
smtpd_sasl_auth_enable = yes
broken_sasl_auth_clients = yes
smtpd_sasl_local_domain = mail.leding.com.pl
smtpd_recipient_restrictions = permit_mynetworks permit_sasl_authenticated reject_unauth_destination
virtual_mailbox_limit_maps = proxy:mysql:/etc/postfix/mysql-virtual_mailbox_limit_maps.cf
proxy_read_maps = $local_recipient_maps $mydestination $virtual_alias_maps $virtual_alias_domains $virtual_mailbox_maps $virtual_mailbox_domains $relay_recipient_maps $relay_domains $canonical_maps $sender_canonical_maps $recipient_canonical_maps $relocated_maps $transport_maps $mynetworks $virtual_mailbox_limit_maps
content_filter = amavis:[127.0.0.1]:10024
receive_override_options = no_address_mappings
transport_maps = proxy:mysql:/etc/postfix/mysql-virtual_transports.cf
2bounce_notice_recipient = ceo
bounce_notice_recipient = ceo
notify_classes = 2bounce
postfix master.cf
Code:
#
# Postfix master process configuration file. For details on the format
# of the file, see the master(5) manual page (command: "man 5 master").
#
# Do not forget to execute "postfix reload" after editing this file.
#
# ==========================================================================
# service type private unpriv chroot wakeup maxproc command + args
# (yes) (yes) (yes) (never) (100)
# ==========================================================================
smtp inet n - n - - smtpd
#smtp inet n - - - 1 postscreen
#smtpd pass - - - - - smtpd
#dnsblog unix - - - - 0 dnsblog
#tlsproxy unix - - - - 0 tlsproxy
#submission inet n - - - - smtpd
# -o syslog_name=postfix/submission
# -o smtpd_tls_security_level=encrypt
# -o smtpd_sasl_auth_enable=yes
# -o smtpd_client_restrictions=permit_sasl_authenticated,reject
# -o milter_macro_daemon_name=ORIGINATING
#smtps inet n - - - - smtpd
# -o syslog_name=postfix/smtps
# -o smtpd_tls_wrappermode=yes
# -o smtpd_sasl_auth_enable=yes
# -o smtpd_client_restrictions=permit_sasl_authenticated,reject
# -o milter_macro_daemon_name=ORIGINATING
#628 inet n - - - - qmqpd
pickup fifo n - - 60 1 pickup
cleanup unix n - - - 0 cleanup
qmgr fifo n - n 300 1 qmgr
#qmgr fifo n - n 300 1 oqmgr
tlsmgr unix - - - 1000? 1 tlsmgr
rewrite unix - - - - - trivial-rewrite
bounce unix - - - - 0 bounce
defer unix - - - - 0 bounce
trace unix - - - - 0 bounce
verify unix - - - - 1 verify
flush unix n - - 1000? 0 flush
proxymap unix - - n - - proxymap
proxywrite unix - - n - 1 proxymap
smtp unix - - - - - smtp
relay unix - - - - - smtp
# -o smtp_helo_timeout=5 -o smtp_connect_timeout=5
showq unix n - - - - showq
error unix - - - - - error
retry unix - - - - - error
discard unix - - - - - discard
local unix - n n - - local
virtual unix - n n - - virtual
lmtp unix - - - - - lmtp
anvil unix - - - - 1 anvil
scache unix - - - - 1 scache
#
# ====================================================================
# Interfaces to non-Postfix software. Be sure to examine the manual
# pages of the non-Postfix software to find out what options it wants.
#
# Many of the following services use the Postfix pipe(8) delivery
# agent. See the pipe(8) man page for information about ${recipient}
# and other message envelope options.
# ====================================================================
#
# maildrop. See the Postfix MAILDROP_README file for details.
# Also specify in main.cf: maildrop_destination_recipient_limit=1
#
maildrop unix - n n - - pipe
flags=DRhu user=vmail argv=/usr/bin/maildrop -d ${recipient}
#
# ====================================================================
#
# Recent Cyrus versions can use the existing "lmtp" master.cf entry.
#
# Specify in cyrus.conf:
# lmtp cmd="lmtpd -a" listen="localhost:lmtp" proto=tcp4
#
# Specify in main.cf one or more of the following:
# mailbox_transport = lmtp:inet:localhost
# virtual_transport = lmtp:inet:localhost
#
# ====================================================================
#
# Cyrus 2.1.5 (Amos Gouaux)
# Also specify in main.cf: cyrus_destination_recipient_limit=1
#
#cyrus unix - n n - - pipe
# user=cyrus argv=/cyrus/bin/deliver -e -r ${sender} -m ${extension} ${user}
#
# ====================================================================
# Old example of delivery via Cyrus.
#
#old-cyrus unix - n n - - pipe
# flags=R user=cyrus argv=/cyrus/bin/deliver -e -m ${extension} ${user}
#
# ====================================================================
#
# See the Postfix UUCP_README file for configuration details.
#
uucp unix - n n - - pipe
flags=Fqhu user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail ($recipient)
#
# Other external delivery methods.
#
ifmail unix - n n - - pipe
flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient)
bsmtp unix - n n - - pipe
flags=Fq. user=bsmtp argv=/usr/lib/bsmtp/bsmtp -t$nexthop -f$sender $recipient
scalemail-backend unix - n n - 2 pipe
flags=R user=scalemail argv=/usr/lib/scalemail/bin/scalemail-store ${nexthop} ${user} ${extension}
mailman unix - n n - - pipe
flags=FR user=list argv=/usr/lib/mailman/bin/postfix-to-mailman.py
${nexthop} ${user}
amavis unix - - - - 2 smtp
-o smtp_data_done_timeout=1200
-o smtp_send_xforward_command=yes
127.0.0.1:10025 inet n - - - - smtpd
-o content_filter=
-o local_recipient_maps=
-o relay_recipient_maps=
-o smtpd_restriction_classes=
-o smtpd_client_restrictions=
-o smtpd_helo_restrictions=
-o smtpd_sender_restrictions=
-o smtpd_recipient_restrictions=permit_mynetworks,reject
-o mynetworks=127.0.0.0/8
-o strict_rfc821_envelopes=yes
-o receive_override_options=no_unknown_recipient_checks,no_header_body_checks
/etc/postfix/sasl/smtpd.conf
Code:
pwcheck_method: pam
mech_list: plain login
allow_plaintext: true
auxprop_plugin: sql
sql_engine: mysql
sql_hostnames: 127.0.0.1
sql_user: mail_admin
sql_passwd: xxxx
sql_database: mail
sql_select: SELECT password FROM users WHERE email = '%u'
/etc/defaut/saslauthd
Code:
#
# Settings for saslauthd daemon
# Please read /usr/share/doc/sasl2-bin/README.Debian for details.
#
# Should saslauthd run automatically on startup? (default: no)
START=yes
# Description of this saslauthd instance. Recommended.
# (suggestion: SASL Authentication Daemon)
DESC="SASL Authentication Daemon"
# Short name of this saslauthd instance. Strongly recommended.
# (suggestion: saslauthd)
NAME="saslauthd"
# Which authentication mechanisms should saslauthd use? (default: pam)
#
# Available options in this Debian package:
# getpwent -- use the getpwent() library function
# kerberos5 -- use Kerberos 5
# pam -- use PAM
# rimap -- use a remote IMAP server
# shadow -- use the local shadow password file
# sasldb -- use the local sasldb database file
# ldap -- use LDAP (configuration is in /etc/saslauthd.conf)
#
# Only one option may be used at a time. See the saslauthd man page
# for more information.
#
# Example: MECHANISMS="pam"
# I've used pam but it wasn't working so I've tried rimap - still not working
MECHANISMS="rimap"
# Additional options for this mechanism. (default: none)
# See the saslauthd man page for information about mech-specific options.
MECH_OPTIONS="mail.leding.com.pl"
# How many saslauthd processes should we run? (default: 5)
# A value of 0 will fork a new process for each connection.
THREADS=5
# Other options (default: -c -m /var/run/saslauthd)
# Note: You MUST specify the -m option or saslauthd won't run!
#
# WARNING: DO NOT SPECIFY THE -d OPTION.
# The -d option will cause saslauthd to run in the foreground instead of as
# a daemon. This will PREVENT YOUR SYSTEM FROM BOOTING PROPERLY. If you wish
# to run saslauthd in debug mode, please run it by hand to be safe.
#
# See /usr/share/doc/sasl2-bin/README.Debian for Debian-specific information.
# See the saslauthd man page and the output of 'saslauthd -h' for general
# information about these options.
#
# Example for chroot Postfix users: "-c -m /var/spool/postfix/var/run/saslauthd"
# Example for non-chroot Postfix users: "-c -m /var/run/saslauthd"
#
# To know if your Postfix is running chroot, check /etc/postfix/master.cf.
# If it has the line "smtp inet n - y - - smtpd" or "smtp inet n - - - - smtpd"
# then your Postfix is running in a chroot.
# If it has the line "smtp inet n - n - - smtpd" then your Postfix is NOT
# running in a chroot.
OPTIONS="-c -m /var/run/saslautd -r"
/etc/pam.d/smtp
Code:
auth required pam_mysql.so user=mail_admin passwd=xxxx host=127.0.0.1 db=mail table=users usercolumn=email passwdcolumn=password crypt=1
account sufficient pam_mysql.so user=mail_admin passwd=xxxx host=127.0.0.1 db=mail table=users usercolumn=email passwdcolumn=password crypt=1
BTW if postfix configured correctly to forward undelivered incoming emails to ceo@domain.of.oryginal.email ?
Thanks for your help,
Bartek |
|
|
|
|
07-20-2012, 12:43 AM
|
#4
|
|
Member
Registered: Nov 2003
Location: Los Angeles
Distribution: debian
Posts: 415
Rep:
|
Right off the bat, your saslauthd mechanism is listed as rimap, not PAM.
Your sasl config is broken. You need to run saslauthd without forking in verbose mode in one terminal. Then in another, test saslauthd. Then you will figure out what's wrong.
The last time I did a saslauthd config for postfix, it was not straight forward. Once you get it going, document what you did because you won't look at it again for a long time.
It's been a while since I did a postfix config, but your smtp auth looks like you've mixed PAM and mysql lookups.
This might get you closer: http://www.linuxquestions.org/questi...3/#post3514922
Last edited by mpapet; 07-20-2012 at 12:56 AM.
|
|
|
|
|
07-20-2012, 03:06 AM
|
#5
|
|
LQ Newbie
Registered: Jul 2012
Posts: 4
Original Poster
Rep:
|
Thanks for help!
Now saslauthd works perfectly, and I found that I need to specify -f /var/run/saslauthd/mux -s smtp to testsalsauthd, and now it gives me:
Quote:
root@leding-mail:~# testsaslauthd -f /var/run/saslautd/mux -u bartek@leding.com.pl -s smtp -p 12345
0: OK "Success."
root@leding-mail:~# testsaslauthd -f /var/run/saslautd/mux -u bartek@leding.com.pl -s smtp -p 54321
0: NO "authentication failed"
|
but now I'm working with logs and I'm discovering lots of strange things. So I think there is a chance to run this today(I'm going for a week holiday tomorrow). |
|
|
|
|
07-20-2012, 03:37 AM
|
#6
|
|
LQ Newbie
Registered: Jul 2012
Posts: 4
Original Poster
Rep:
|
OK. I found in auth.log that entries:
Quote:
Jul 20 10:22:43 vm-deb99 postfix/smtpd[8380]: sql_select option missing
Jul 20 10:22:43 vm-deb99 postfix/smtpd[8380]: auxpropfunc error no mechanism available
Jul 20 10:22:43 vm-deb99 postfix/smtpd[8380]: _sasl_plugin_load failed on sasl_auxprop_plug_init for plugin: sql
|
I'm working on it but I really don't know what to do with it.
Thanks for your help,
Bartek
BTW. Edit function don't work for me it starts to load and nothing happen, I'm using Debian sqeeze\chromium in newest version. |
|
|
|
|
07-20-2012, 02:02 PM
|
#7
|
|
Member
Registered: Nov 2003
Location: Los Angeles
Distribution: debian
Posts: 415
Rep:
|
It means the sql plugin is not loaded. I had a similar learning curve with SASL too, so you are going in the right direction.
Like I said, once you figure it out, document it because you'll forget all the little details the next time you need to look at it a long time from now.
|
|
|
|
| Thread Tools |
Search this Thread |
|
|
|
Posting Rules
|
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
HTML code is Off
|
|
|
All times are GMT -5. The time now is 03:21 AM.
|
|
|
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
|
|
 Latest Threads
LQ News
|
|
