For the last few weeks my mail server has been very happy with just allowing ip/networks to relay mail. However, as things start to grow the thought of updating the main.cf each time to allow another ip is just not reasonable and not to mention the problem if someone wants to send mail from dynamic ip.
SASL2//SASL-authdeamon//SASL-authdeamon-auxprop
So i decided to setup sasl2 for mail relay control.
so i setup my smtpd.conf in /usr/local/lib/sasl2
Code:
pwcheck_method: auxprop
auxprop_plugin: sql
mech_list: PLAIN LOGIN CRAM-MD5 DIGEST-MD5
# SQL engine
sql_engine: mysql
sql_hostnames: localhost
sql_user: sqluser
sql_passwd: *****
sql_database: *****
sql_select: select clear from users where id = '%u'
clear- is the field of the password in the database in plain txt.
id - is the username.
Add the proper lines to main.cf
Code:
# Enable Support for sasl/sasl2
smtpd_sasl_auth_enable = yes
smtpd_sasl2_auth_enable = yes
# Path to sasl conf
smtpd_sasl_path = smtpd
# SASL security options
smtpd_sasl_security_options = noanonymous
# Fix for microsoft
broken_sasl_auth_clients = yes
# Who to accept mail from
smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_non_fqdn_hostname, reject_non_fqdn_sender, reject_unauth_destination, reject_rbl_client bl.spamcop.net, reject_rbl_client relays.ordb.org, reject_rbl_client dnsbl.sorbs.net, reject_rbl_client sbl.spamhaus.org, reject_rbl_client dnsbl.njabl.org, reject_rbl_client list.dsbl.org
restart saslauthd
restart postfix
Fire up evoltion and my login fails.
Here is what shows up in my log files.
maillog
Code:
postfix/smtpd[78891]: > unknown[192.168.2.222]: 220 BOX3.TheEsolution.com ESMTP Postfix
postfix/smtpd[78891]: < unknown[192.168.2.222]: EHLO [192.168.2.222]
postfix/smtpd[78891]: > unknown[192.168.2.222]: 250-BOX3.TheEsolution.com
postfix/smtpd[78891]: > unknown[192.168.2.222]: 250-PIPELINING
postfix/smtpd[78891]: > unknown[192.168.2.222]: 250-SIZE 10240000
postfix/smtpd[78891]: > unknown[192.168.2.222]: 250-VRFY
postfix/smtpd[78891]: > unknown[192.168.2.222]: 250-ETRN
postfix/smtpd[78891]: > unknown[192.168.2.222]: 250-AUTH LOGIN PLAIN DIGEST-MD5 CRAM-MD5
postfix/smtpd[78891]: match_list_match: unknown: no match
postfix/smtpd[78891]: match_list_match: 192.168.2.222: no match
postfix/smtpd[78891]: > unknown[192.168.2.222]: 250-AUTH=LOGIN PLAIN DIGEST-MD5 CRAM-MD5
postfix/smtpd[78891]: > unknown[192.168.2.222]: 250-ENHANCEDSTATUSCODES
postfix/smtpd[78891]: > unknown[192.168.2.222]: 250-8BITMIME
postfix/smtpd[78891]: > unknown[192.168.2.222]: 250 DSN
postfix/smtpd[78891]: < unknown[192.168.2.222]: AUTH PLAIN AGZyZWRkeUB0aGVlc29sdXRpb24uY29tAGlsZWFuYQ==
postfix/smtpd[78891]: xsasl_cyrus_server_first: sasl_method PLAIN, init_response AGZyZWRkeUB0aGVlc29sdXRpb24uY29tAGlsZWFuYQ==
postfix/smtpd[78891]: xsasl_cyrus_server_first: decoded initial response
postfix/smtpd[78891]: warning: SASL authentication failure: Password verification failed
postfix/smtpd[78891]: warning: unknown[192.168.2.222]: SASL PLAIN authentication failed: authentication failure
postfix/smtpd[78891]: > unknown[192.168.2.222]: 535 5.7.0 Error: authentication failed: authentication failure
After looking at this it looks like my password is sent over encoded?
Code:
postfix/smtpd[78891]: xsasl_cyrus_server_first: sasl_method PLAIN, init_response AGZyZWRkeUB0aGVlc29sdXRpb24uY29tAGlsZWFuYQ==
Also everynow and then i get a random error
postfix/smtpd: auxpropfunc error invalid parameter supplied
Is there something im missing in the smptd.con?
Any help/pointers appreciated.
thanks