| Jukas |
10-30-2007 10:10 PM |
Postfix + Mysql + Sasl SMTP Auth Problem
I'm running a Debian Etch based system running Postfix 2.3.8 (I believe) + Mysql 5.0.32 + Courier IMAP + Amavis + SpamAssassin + PostfixAdmin 2.1.0 handling email for virtual domains. Usernames and Passwords are stored in the MySQL database and passwords are encrypted in md5crypt.
The problem is when I try and SMTP Auth it just bounces the username and password. Here is my config information
main.cf
Code:
smtpd_banner = $myhostname ESMTP $mail_name
biff = no
# appending .domain is the MUA's job.
append_dot_mydomain = no
inet_interfaces = all
# Uncomment the next line to generate "delayed mail" warnings
#delay_warning_time = 4h
alias_maps = hash:/etc/aliases
myorigin = domain.com
myhostname = domain.com
mydestination =
relayhost =
mynetworks = 127.0.0.0/8
mailbox_command = procmail -a "$EXTENSION"
mailbox_size_limit = 0
recipient_delimiter =
virtual_alias_domains =
virtual_alias_maps = mysql:/etc/postfix/mysql_virtual_alias_maps.cf
virtual_mailbox_base = /home/vmail
virtual_mailbox_domains = mysql:/etc/postfix/mysql_virtual_domains_maps.cf
virtual_mailbox_limit = 51200000
virtual_mailbox_maps = mysql:/etc/postfix/mysql_virtual_mailbox_maps.cf
virtual_minimum_uid = 110
virtual_transport = virtual
virtual_uid_maps = static:110
virtual_gid_maps = static:110
smtpd_tls_auth_only = no
smtpd_use_tls = no
smtpd_sasl_auth_enable = yes
smtpd_sasl2_auth_enable = yes
smtpd_sasl_application_name = smtpd
smtpd_sasl_local_domain = $myhostname
smtpd_sasl_security_options = noanonymous
broken_sasl_auth_clients = yes
smtpd_recipient_restrictions = permit_sasl_authenticated, permit_mynetworks, reject_unauth_destination
content_filter = amavis:[127.0.0.1]:10024
smtpd_helo_required = yes
smtpd_client_restrictions =
permit_sasl_authenticated,
reject_rbl_client sbl-xbl.spamhaus.org,
reject_rbl_client dynablock.njabl.org
smtpd_sender_restrictions = reject_non_fqdn_sender, reject_unknown_sender_domain
smtpd_hard_error_limit = 10
smtpd_soft_error_limit = 8
/etc/postfix/sasl/smtpd.conf
Code:
pwcheck_method: auxprop
auxprop_plugin: sql
mech_list: plain login
log_level: 7
sql_engine: mysql
sql_hostnames: localhost
sql_user: someuser
sql_passwd: somepassword
sql_database: postfix
sql_table: mailbox
sql_select: select password from mailbox where username='%u@%r'
When I try and send mail here is what's posted in the logs.
auth.log
Code:
Oct 30 19:08:21 nix postfix/smtpd[21207]: sql plugin create statement from cmusaslsecretPLAIN user domain.com
Oct 30 19:08:21 nix postfix/smtpd[21207]: sql plugin doing query select password from mailbox where username='user@domain.com';
mail.log
Code:
Oct 30 19:08:21 nix postfix/smtpd[21207]: warning: 192.168.1.101]: SASL LOGIN authentication failed: authentication failure
However if I change the /etc/sasl/smtpd.conf to hand off to courier authdaemon as follows:
Code:
pwcheck_method: authdaemond
log_level: 7
mech_list: PLAIN LOGIN
authdaemond_path:/var/run/courier/authdaemon/socket
I can smtp auth and send mail just fine, but I'm concerned I'm sending the password in plain text and I'm seeing the following in my auth.log
Code:
Oct 30 19:35:32 nix postfix/smtpd[21539]: _sasl_plugin_load failed on sasl_auxprop_plug_init for plugin: sql
Oct 30 20:07:38 nix postfix/smtpd[22761]: _sasl_plugin_load failed on sasl_auxprop_plug_init for plugin: sql
Anyone know what I'm doing wrong, or if it's even possible to do what I'm trying? |
