How to setup mysql and saslauthd with postfix (CentOS 5.3)

Guardian-Mage · 04-20-2009, 05:45 AM

I've been trying to setup a mail server which uses Postfix and authenticates against a mysql database. I've had no luck, and was wondering if anyone knows of a recent tutorial which could help me.

I think the main area that I am having troubles with is installing postfix/saslauthd since none of the tutorials cover that, and I do everything else right. I followed http://www.howtoforge.com/virtual-us...ysql-centos5.1 and I could telnet localhost smtp and ehlo localhost gave me expected output, but I just couldn't authenticate.

-Brandon

datopdog · 04-20-2009, 06:13 AM

You can use pam_mysql and saslauthd to do that. You need to install pam_mysql you can get an rpm here http://www.topdog-software.com/oss/p...RC1-1.i386.rpm

Edit /etc/pam.d/smtp.postfix and add.

Code:

auth       optional     pam_mysql.so user=<mysql_username> passwd=<mysql_pw> host=/var/lib/mysql/mysql.sock db=<db_name> table=<user_table> usercolumn=<user_column> passwdcolumn=<user_pass_column> crypt=3
account    required     pam_mysql.so user=<mysql_username> passwd=<mysql_pw> host=/var/lib/mysql/mysql.sock db=<db_name> table=<user_table> usercolumn=<user_column> passwdcolumn=<user_pass_column> crypt=3

Edit /etc/sysconfig/saslauthd and set

Code:

MECH=pam

Edit /usr/lib/sasl2/smtpd.conf and set

Code:

pwcheck_method: saslauthd
mech_list: PLAIN LOGIN

Then run.

Code:

postconf -e "smtpd_sasl_path = smtpd"
postconf -e "smtpd_sasl_type = cyrus"
postconf -e "smtpd_sasl_auth_enable = yes"
postconf -e "smtpd_sasl_security_options = noanonymous"
postconf -e "smtpd_sasl_authenticated_header = yes"
postconf -e "broken_sasl_auth_clients = yes"

Guardian-Mage · 04-20-2009, 06:23 AM

I just did it without encrypted mysql passwords and it works now.

But I'll try what you suggested too

datopdog · 04-20-2009, 06:27 AM

Quote:

Originally Posted by Guardian-Mage

I just did it without encrypted mysql passwords and it works now.

But I'll try what you suggested too

That is highly insecure, i suspect you have the wrong value set for crypt= that is why the failure occurs. Tune that value to the type of encryption you are using for the password field.

These are the options

Code:

crypt (plain)

    The method to encrypt the user's password:

       0 (or "plain") = No encryption.  Passwords stored in plaintext.
                        HIGHLY DISCOURAGED.

       1 (or "Y")     = Use crypt(3) function.

       2 (or "mysql") = Use MySQL PASSWORD() function. It is possible
                        that the encryption function used by PAM-MySQL
                        is different from that of the MySQL server, as
                        PAM-MySQL uses the function defined in MySQL's
                        C-client API instead of using PASSWORD() SQL function
                        in the query.
                        
       3 (or "md5")   = Use plain hex MD5.

       4 (or "sha1")  = Use plain hex SHA1.

Guardian-Mage · 04-20-2009, 02:59 PM

Ok, I did what you said and it works now. However, my format was the username is user@domain.tld and it didn't work. When i changed it to user it works. How can I add the domain to the username?

http://lists.freebsd.org/pipermail/f...ch/039296.html

I tried that with this situation but had no luck. Any ideas?

(I'm still waiting for the email to go through, not sure if it will work)

Also, exert from my mail logs

Code:

Apr 20 15:16:41 cl-t112-271cl postfix/trivial-rewrite[9875]: warning: do not list domain sabotix.com in BOTH mydestination and virtual_mailbox_domains

mysql-virtual_domains.cf

Code:

user = mysql_user
password = mysql_pass
dbname = mail
query = SELECT domain AS virtual FROM domains WHERE domain='%s'
hosts = 127.0.0.1

mysql-virtual_mailboxes.cf

Code:

user = mail_admin
password = 36upuYacHuCUw57e9Ewazej5
dbname = mail
query = SELECT CONCAT(SUBSTRING_INDEX(email,'@',-1),'/',SUBSTRING_INDEX(email,'@',1),'/') FROM users WHERE email='%s'
hosts = 127.0.0.1

Just received my emails 10 minutes after they were sent. Anyway I can make it faster?

datopdog · 04-21-2009, 02:16 AM

Add this

Code:

FLAGS="-r -n 0 -c"

if you want to use the full email address.

As for the other error if you are using virtual hosting you cannot have the same domain as both a local destination as well as a virtual host.

Guardian-Mage · 04-21-2009, 05:35 AM

For local destination can I use my server ip?

datopdog · 04-21-2009, 05:36 AM

Why would u want to do that ?

Guardian-Mage · 04-21-2009, 05:45 AM

I want all my users to be virtual users, and you just said I can't have a virtual domain the same as my local destination. Does that mean I can have the user user@sabotix.com virtual, but just remove the virtual domain listing for it?

datopdog · 04-21-2009, 05:47 AM

Just have any empty my destination value, and set the domains as virtual.

Guardian-Mage · 04-21-2009, 06:05 AM

Did what you said and it works fine now, also I recieve the message instantly.

Thanks, you've been a huge help

Don't suppose you can help me with a clock skew error?

http://www.linuxquestions.org/questi...9/#post3516021