[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Postfix - SASL - PAM


For several days I try to set up an authenticated postfix smtp server, but
didn't succeed. Hope you can help me out with this. I've seen former
discussions about this, but still failed to get a valid configuration.

Only users with a local UNIX account should be able to send mail to foreign
domains. The type of authentication should by supported by most common
e-mail client (like MS Outlook en Outlook Express :-().

Also I don't want experimental or unstable Debian packages. I use a Debian
3.0r2 (Woody) installation,

According to several documentenation about this, I should look at SASL and
installed the following packages and versions:

* postfix          1.1.11-0.woody
* postfix-tls      1.1.11+tls0.7.15-0.woody1
* libsasl-digestmd5-plain 1.5.27-3
* libsasl-modules-plain  1.5.27-3
* libsasl7         1.5.27-3
* sasl-bin         1.5.27-3

Then I configured /etc/postfix/main.cf with the following options:
smtpd_sasl_auth_enable = yes
smtpd_sasl_security_options = noanonymous
smtpd_sasl_local_domain = $myhostname
smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated,
smtpd_sasl_application_name = smtpd
broken_sasl_auth_clients = yes

and /etc/postfix/master.cf with the following options (line was added, but
commented out, by one of the installed packages):
smtps     inet  n       -       n       -       -       smtpd -o
smtpd_tls_wrappermode=yes -o smtpd_sasl_auth_enable=yes

I created /etc/postfix/sasl/smtpd.conf, with one sigle line:
pwcheck_method: pwcheck
(also tried pam and shadow as value). File access 644
(Server is not running chrooted)

My user passwords are in the shadow file. To be sure I added postfix to the
shadow group (hope this isn't really needed).

Some documentation advise to create /etc/pam.d/smtp:
auth       required     pam_unix.so
account    required     pam_unix.so
session    required     pam_unix.so

The pwcheck is installed as system deamon, when starting it says:
Starting Cyrus PAM pwcheck daemon: pwcheck,
so it tells PAM is being used

Now when I telnet to the local host, I got the following

Connected to localhost.
Escape character is '^]'.
220 mail.mydomain.nl ESMTP Postfix (Debian/GNU)
EHLO mail.mydomain.nl
250-SIZE 10240000
AUTH PLAIN dXNlcm5hbWUAdXNlcm5hbWUAcGFzc3dvcmQ=
535 Error: authentication failed

(I used a valid user and password)

I get in mail.log:
May  9 12:38:35 esd425 postfix/smtpd[16989]: connect from
May  9 12:39:57 esd425 postfix/smtpd[16989]: warning: localhost[]:
SASL PLAIN authentication failed

In auth.log
May  9 12:41:14 esd425 postfix/smtpd[17055]: unable to open Berkeley db
/etc/sasldb: No such file or directory
May  9 12:41:14 esd425 postfix/smtpd[17055]: unable to open Berkeley db
/etc/sasldb: No such file or directory

Lines in auth.log looks like it isn't using PAM at all (also couldn't find a
PAM log line anywhere).
Answer in telnet isn't telling it is using DIGEST-MD5, which I should prefer
(but this is only an other problem for now).

What am I doing wrong? Please can someone give me some helpfull directions?

Erwin van der Horst

Reply to: