Re: Postfix SMTP AUTH with TLS Problems

To: Adam Dawes <adam@dawes.org>, debian-isp@lists.debian.org
Subject: Re: Postfix SMTP AUTH with TLS Problems
From: Andreas John <aj@net-lab.net>
Date: Sun, 30 May 2004 13:14:48 +0200
Message-id: <[🔎] 40B9C228.9000406@net-lab.net>
In-reply-to: <[🔎] Pine.LNX.4.33.0405291511520.6698-100000@sawdaw.clandestino.com>
References: <[🔎] Pine.LNX.4.33.0405291511520.6698-100000@sawdaw.clandestino.com>

Hi Adam!

I've spent night night postfix and sasl. I know now how to get itworking, but it's a mess. I assume you un-chrooted postfix in/etc/postfix/master.cf. There you can say replace "smtp" in the lastcolumn with "smtp -vvv", then you will get incrdibly detailed log.You don't tell us what you want to authenticate: Do you want a sasl-DB?Do you want passwd/shadow? LDAP??? pam?

I my case it was always passwd/shadow. If this is the case, these mayhelp you:


# cat /etc/postfix/sasl/smtpd.conf
pwcheck_method: saslauthd
mech_list: PLAIN LOGIN DIGEST-MD5

# cat /etc/default/saslauthd
START=yes
MECHANISMS=shadow

Clear?? Of course you have to have those sasl-libs installed, check if/usr/lib/sasl2/* exists (postfix2 runs with sasl2) und check that youun-chrooted it!!!

To check, which sasl options postfix offers in main.cf, type "postconf|grep sasl".


I think these are the most important ones:

smtpd_sasl_auth_enable = yes
smtpd_sasl_local_domain =
smtpd_sasl_security_options = noanonymous

smtpd_recipient_restrictions = permit_mynetworkspermit_sasl_authenticated ....

Since Postfix 2.? you can leave "smtpd_sasl_local_domain =" empty. Thisis imporant then postfix asks saslauthd to authenticate user blabla,because postfix would append the sasl local domain lileblabla@blubberblubber.org. saslauthd will most likely not know thelatter one: You passwd/shadow only knows "blabla", but you could createa sasl-DB with the user "blabla@blubberblubber.org". I took me some timeto get behind this. I hope I remeber it correctly :-)

BTW: TLS is not your Problem yet! After SASL works, you may switch youcustomers "Outlook" to "Use Authentication but no encrpytion" (Checkscreenshots here: http://www.net-lab.net/e-trolley/page_198/index.html -only in German but should be clear by position of the buttoons ;))


Then you should take care about TLS and Creating your certs ....
(Write a Mini-Howto on that?)

HTH

rgds,
Andreas


Adam Dawes wrote:

I know this has come up a few times before, but I'm pulling my hair out
trying to get my Postfix-tls installation working to do SMTP auth. I have
followed the very helpful howto below to the letter.

http://lists.q-linux.com/pipermail/plug/2003-July/029503.html

When I restart my postfix and telnet to localhost 25, my postfix chokes.
Here's what I see in my mail.log:

May 29 14:12:16 sawdois postfix/smtpd[9906]: starting TLS engine
May 29 14:12:16 sawdois postfix/smtpd[9906]: fatal: no SASL authentication
mechanisms
May 29 14:12:17 sawdois postfix/master[9898]: warning: process
/usr/lib/postfix/smtpd pid 9906 exit status 1
May 29 14:12:17 sawdois postfix/master[9898]: warning:
/usr/lib/postfix/smtpd: bad command startup -- throttling

Here's background on my installation:

Debian Woody unstable
Postfix 2.0.16-4
Postfix-tls 2.0.16-4
sasl2-bin 2.1.15-6

The above HOWTO is supposed to work with Postfix still running chroot.
I've tried to unchroot Postfix to see if that would work but to no
success.

One thought is that the Postfix packages don't seem to support PAM.
But if this is  I haven't found anyone on the net with a similar problem
and I would assume it would have come up already if this were the key
snafu.

Here are the links that I have:

sawdois:/# ldd /usr/lib/postfix/smtpd
        libpostfix-master.so.1 => /usr/lib/libpostfix-master.so.1
(0x40021000)
        libpostfix-global.so.1 => /usr/lib/libpostfix-global.so.1
(0x40027000)
        libpostfix-dns.so.1 => /usr/lib/libpostfix-dns.so.1 (0x40045000)
        libpostfix-util.so.1 => /usr/lib/libpostfix-util.so.1 (0x4004a000)
        libssl.so.0.9.7 => /usr/lib/i686/cmov/libssl.so.0.9.7 (0x40068000)
        libcrypto.so.0.9.7 => /usr/lib/i686/cmov/libcrypto.so.0.9.7
(0x40099000)
        libsasl2.so.2 => /usr/lib/libsasl2.so.2 (0x40196000)
        libdb-4.1.so => /usr/lib/libdb-4.1.so (0x401aa000)
        libnsl.so.1 => /lib/libnsl.so.1 (0x4026b000)
        libresolv.so.2 => /lib/libresolv.so.2 (0x40281000)
        libgdbm_compat.so.3 => /usr/lib/libgdbm_compat.so.3 (0x40293000)
        libc.so.6 => /lib/libc.so.6 (0x40296000)
        libdl.so.2 => /lib/libdl.so.2 (0x403c9000)
        libgdbm.so.3 => /usr/lib/libgdbm.so.3 (0x403cc000)
        /lib/ld-linux.so.2 => /lib/ld-linux.so.2 (0x40000000)

Any ideas about where I should go from here?

thanks,
Adam



--
Andreas John
net-lab GmbH
Luisenstrasse 30b
63067 Offenbach
Tel: +49 69 85700331

http://www.net-lab.net

Reply to:

References:
- Postfix SMTP AUTH with TLS Problems
  - From: Adam Dawes <adam@dawes.org>

Prev by Date: SquirrelMail errors
Next by Date: Re: reject non-enlish email body messages
Previous by thread: Postfix SMTP AUTH with TLS Problems
Next by thread: SquirrelMail errors
Index(es):
- Date
- Thread