Hi,
I'm at a loss as to what is wrong with my current mail server setup. I'm trying to setup postfix to use the saslauthd methos and check passwords against pam. Seams like a better method to me than using sasldb and copying the passwords into postfix's chroot everytime I add a new user. I have done this sevral times on other distros but.. for some reason I cant get it to work on Debian.
Currentaly here is what I have done.
installed postfix-tls, sasl2-bin + libs and modules)
edited /etc/default/saslauthd to start the daemon.
created var/run in the postfix chroot, moved the saslauthd directory from /var/run to /var/spool/postfix/var/run then linked it back to /var/run, added the postfix user to sasl group so it can read the files.
Created and copied /etc/pam.d/smtp to the directory /var/spool/postfix/etc/pam.d
My config's are as folows.
Code:
# START /etc/postfix/main.cf
smtpd_banner = $myhostname ESMTP $mail_name (Debian/GNU)
biff = no
append_at_myorigin = yes
append_dot_mydomain = no
myhostname = hostname.domain.tld # system handles mail for *.domain.tld
alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases
myorigin = /etc/mailname
mydestination = domain.tld, hostname.domain.tld, localhost.localhost, localhost
relayhost =
transport_maps = hash:/etc/postfix/transport # system uses a smarthost
mynetworks = 127.0.0.0/8
home_mailbox = .maildir/
mailbox_command = /usr/bin/procmail
mailbox_size_limit = 0
recipient_delimiter = +
# SASL
smtpd_sasl_auth_enable = yes
smtpd_sasl_security_options = noanonymous
smtpd_sasl_local_domain = $myhostname # wonderng about this..
broken_sasl_auth_clients = yes
smtpd_recipient_restrictions = permit_sasl_authenticated, permit_mynetworks, check_relay_domains
# TLS
smtpd_tls_auth_only = no
smtp_use_tls = no
smtpd_use_tls = yes
smtp_tls_note_starttls_offer = yes
smtpd_tls_key_file = /etc/postfix/ssl/postfix_key.pem
smtpd_tls_cert_file = /etc/postfix/ssl/postfix_cert.pem
smtpd_tls_CAfile = /etc/postfix/ssl/ca_cert.pem
smtpd_tls_loglevel = 1
smtpd_tls_received_header = yes
smtpd_tls_session_cache_timeout = 3600s
tls_random_source = dev:/dev/urandom
# END
--
# START /etc/postfix/sasl/smtpd.conf
pwcheck_method: saslauthd
mech_list: PLAIN
minimum_layer: 0
auto_transition: no
# END
--
# START /var/spool/postfix/etc/pam.d/smtp (root:root,644)
auth sufficient pam_ldap.so
auth required pam_unix.so use_first_pass
account sufficient pam_ldap.so
account required pam_unix.so use_first_pass
password sufficient pam_ldap.so
password required pam_unix.so use_first_pass
session required pam_unix.so
# END
--
the logs say..
Oct 19 14:59:02 loki postfix/smtpd[2640]: connect from unknown[172.16.0.2]
Oct 19 14:59:06 loki postfix/smtpd[2640]: warning: SASL authentication failure: Password verification failed
I have tried username,
username@domain.tld, and
username@hostname.domain.tld and all of them fail.. The problem is either that saslauthd can't check against pam.. or that postfix cant check saslauthd.
Is there a way to test that saslauthd is actualy checking pam, without using postfix?
Are there any errors in my configs?
Thanks in advance.