Re: postfix smtp authentication

To: Serkan Hamarat <serkan@efes.net.tr>
Cc: debian-isp@lists.debian.org
Subject: Re: postfix smtp authentication
From: Héctor <hector@bith.net>
Date: Wed, 5 Mar 2003 13:30:04 +0100
Message-id: <20030305123004.GA3309@glendalough.bith.net>
In-reply-to: <3E64D562.5040609@efes.net.tr>
References: <3E64909A.4000101@bith.net> <3E64D562.5040609@efes.net.tr>

  Finally I have solved the problem destroying the security :-)
  To allow access to /etc/shadow file, now Postfix user ('postfix') runs as
member or shadow group, and that's all: now it runs ok.

  So I want to know if anybody uses that configuration (postfix as shadow
groups, or /etc/shadow readable by everybody). After making a strace to the
master process (and searching in 10.000 lines), I observed that the pam
subsystem tried first to open directly /etc/shadow, it failed, and then it
tried to use unix_chkpwd(), that I have not discovered why not goes ok.



On Mar/04/2003, Serkan Hamarat wrote:
> Seems confs are okay.  Look also authentication log files under
> /var/log/ .  I hope it gives a clue.  i remember that it must be
> log/auth.log or it writes in log/syslog file.
> 
> Try to add an 'acct' line to your pam.d/smtp file :
> auth required pam_unix.so
> acct required pam_unix.so
> 
> Finnaly; try to uninstall libsasl2 and libsasl2-modules-plain or 
> something like version 2 sasl, if you use stable.
> 
> 
> Hector wrote:
> >
> >  I want to use Postfix SMTP Authentication, but I have found some 
> >problems to run it: it runs with sasldb, but I need other authentication 
> >mechanisms, and I always obtained the same: "535 Error: authentication 
> >failed".
> >
> >  I have installed:
> >      libsasl-digest
> >      libsasl-gssapi
> >      libsasl-module
> >      libsasl2
> >      libsasl2-modul
> >      libsasl7
> >      sasl-bin
> >
> >  /etc/postfix/sasl/smtpd.conf contains "pwcheck_method: pam"
> >  and /etc/postfix/master.cf (Postfix is NOT chrooted):
> >  --------------------
> >  # service type  private unpriv  chroot  wakeup  maxproc command + args
> >  #               (yes)   (yes)   (yes)   (never) (100)
> >  smtp      inet  n       -       n       -       -       smtpd
> >       -o smtpd_sasl_auth_enable=yes
> >  --------------------
> >
> >  in /etc/postfix/main.cf:
> >  --------------------
> >  smtpd_sasl_auth_enable      = yes
> >  broken_sasl_auth_clients    = yes
> >  smtpd_sasl_local_domain     = galway.csnet.es
> >  smtpd_sasl_security_options = noanonymous
> >  --------------------
> >
> >  The problem is that in the log I can only see this:
> >  --------------------
> >  smtpd_sasl_authenticate: sasl_method plain, init_response 
> >Y2VASDFSADFAGNlc19jSDAFKJSADFLKJdg=
> >  Mar  4 09:41:53 titania postfix/smtpd[21035]: smtpd_sasl_authenticate: 
> >decoded initial response xxx_xxxxx
> >Mar  4 09:41:55 titania smtpd[21035]: warning:
> >galway[1.1.1.1]: SASL plain authentication failed
> >  --------------------
> >
> >  If I tried to use sasldb I authenticate without problems. ¿Does 
> >anybody know how is pam configured? I have in /etc/pam.d/smtp the next 
> >lines:
> >  --------------------
> >  #%PAM-1.0
> >  auth       required   pam_unix.so
> >  --------------------
> >
> >
> >
> >
> >
> >
>

Reply to:

References:
- postfix smtp authentication
  - From: Hector <hector@bith.net>
- Re: postfix smtp authentication
  - From: Serkan Hamarat <serkan@efes.net.tr>

Prev by Date: Re: seeking input on rbls and anti-spam measures
Next by Date: Routing with Linux
Previous by thread: Re: postfix smtp authentication
Next by thread: Routing with Linux
Index(es):
- Date
- Thread