Postfix - SASL - PAM

To: debian-isp@lists.debian.org
Subject: Postfix - SASL - PAM
From: Erwin van der Horst <debian_list@eiri.nl>
Date: Sun, 09 May 2004 13:01:36 +0200
Message-id: <[🔎] 001101c435b5$00273a20$647ba8c0@eiri>

Hi,

For several days I try to set up an authenticated postfix smtp server, but
didn't succeed. Hope you can help me out with this. I've seen former
discussions about this, but still failed to get a valid configuration.

Only users with a local UNIX account should be able to send mail to foreign
domains. The type of authentication should by supported by most common
e-mail client (like MS Outlook en Outlook Express :-().

Also I don't want experimental or unstable Debian packages. I use a Debian
3.0r2 (Woody) installation,

According to several documentenation about this, I should look at SASL and
installed the following packages and versions:

* postfix          1.1.11-0.woody
* postfix-tls      1.1.11+tls0.7.15-0.woody1
* libsasl-digestmd5-plain 1.5.27-3
* libsasl-modules-plain  1.5.27-3
* libsasl7         1.5.27-3
* sasl-bin         1.5.27-3

Then I configured /etc/postfix/main.cf with the following options:
smtpd_sasl_auth_enable = yes
smtpd_sasl_security_options = noanonymous
smtpd_sasl_local_domain = $myhostname
smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated,
check_relay_domains
smtpd_sasl_application_name = smtpd
broken_sasl_auth_clients = yes

and /etc/postfix/master.cf with the following options (line was added, but
commented out, by one of the installed packages):
smtps     inet  n       -       n       -       -       smtpd -o
smtpd_tls_wrappermode=yes -o smtpd_sasl_auth_enable=yes


I created /etc/postfix/sasl/smtpd.conf, with one sigle line:
pwcheck_method: pwcheck
(also tried pam and shadow as value). File access 644
(Server is not running chrooted)

My user passwords are in the shadow file. To be sure I added postfix to the
shadow group (hope this isn't really needed).

Some documentation advise to create /etc/pam.d/smtp:
#%PAM-1.0
auth       required     pam_unix.so
account    required     pam_unix.so
session    required     pam_unix.so

The pwcheck is installed as system deamon, when starting it says:
Starting Cyrus PAM pwcheck daemon: pwcheck,
so it tells PAM is being used

Now when I telnet to the local host, I got the following

Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'.
220 mail.mydomain.nl ESMTP Postfix (Debian/GNU)
EHLO mail.mydomain.nl
250-mail.mydomain.nl
250-PIPELINING
250-SIZE 10240000
250-VRFY
250-ETRN
250-AUTH LOGIN PLAIN
250-AUTH=LOGIN PLAIN
250-XVERP
250 8BITMIME
AUTH PLAIN dXNlcm5hbWUAdXNlcm5hbWUAcGFzc3dvcmQ=
535 Error: authentication failed

(I used a valid user and password)

I get in mail.log:
May  9 12:38:35 esd425 postfix/smtpd[16989]: connect from
localhost[127.0.0.1]
May  9 12:39:57 esd425 postfix/smtpd[16989]: warning: localhost[127.0.0.1]:
SASL PLAIN authentication failed

In auth.log
May  9 12:41:14 esd425 postfix/smtpd[17055]: unable to open Berkeley db
/etc/sasldb: No such file or directory
May  9 12:41:14 esd425 postfix/smtpd[17055]: unable to open Berkeley db
/etc/sasldb: No such file or directory

Lines in auth.log looks like it isn't using PAM at all (also couldn't find a
PAM log line anywhere).
Answer in telnet isn't telling it is using DIGEST-MD5, which I should prefer
(but this is only an other problem for now).

What am I doing wrong? Please can someone give me some helpfull directions?

Regards,
Erwin van der Horst

Reply to:

Prev by Date: Re: Eth*'s and they corresponding hardwares
Next by Date: Re: You can start saving now
Previous by thread: Re: Snort and satable/testing
Next by thread: Re: You can start saving now
Index(es):
- Date
- Thread