[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Postfix SMTP AUTH with TLS Problems

Hi Adam!

I've spent night night postfix and sasl. I know now how to get it working, but it's a mess. I assume you un-chrooted postfix in /etc/postfix/master.cf. There you can say replace "smtp" in the last column with "smtp -vvv", then you will get incrdibly detailed log. You don't tell us what you want to authenticate: Do you want a sasl-DB? Do you want passwd/shadow? LDAP??? pam?

I my case it was always passwd/shadow. If this is the case, these may help you:

# cat /etc/postfix/sasl/smtpd.conf
pwcheck_method: saslauthd

# cat /etc/default/saslauthd

Clear?? Of course you have to have those sasl-libs installed, check if /usr/lib/sasl2/* exists (postfix2 runs with sasl2) und check that you un-chrooted it!!!

To check, which sasl options postfix offers in main.cf, type "postconf |grep sasl".

I think these are the most important ones:

smtpd_sasl_auth_enable = yes
smtpd_sasl_local_domain =
smtpd_sasl_security_options = noanonymous
smtpd_recipient_restrictions = permit_mynetworks permit_sasl_authenticated ....

Since Postfix 2.? you can leave "smtpd_sasl_local_domain =" empty. This is imporant then postfix asks saslauthd to authenticate user blabla, because postfix would append the sasl local domain lile blabla@blubberblubber.org. saslauthd will most likely not know the latter one: You passwd/shadow only knows "blabla", but you could create a sasl-DB with the user "blabla@blubberblubber.org". I took me some time to get behind this. I hope I remeber it correctly :-)

BTW: TLS is not your Problem yet! After SASL works, you may switch you customers "Outlook" to "Use Authentication but no encrpytion" (Check screenshots here: http://www.net-lab.net/e-trolley/page_198/index.html - only in German but should be clear by position of the buttoons ;))

Then you should take care about TLS and Creating your certs ....
(Write a Mini-Howto on that?)



Adam Dawes wrote:
I know this has come up a few times before, but I'm pulling my hair out
trying to get my Postfix-tls installation working to do SMTP auth. I have
followed the very helpful howto below to the letter.


When I restart my postfix and telnet to localhost 25, my postfix chokes.
Here's what I see in my mail.log:

May 29 14:12:16 sawdois postfix/smtpd[9906]: starting TLS engine
May 29 14:12:16 sawdois postfix/smtpd[9906]: fatal: no SASL authentication
May 29 14:12:17 sawdois postfix/master[9898]: warning: process
/usr/lib/postfix/smtpd pid 9906 exit status 1
May 29 14:12:17 sawdois postfix/master[9898]: warning:
/usr/lib/postfix/smtpd: bad command startup -- throttling

Here's background on my installation:

Debian Woody unstable
Postfix 2.0.16-4
Postfix-tls 2.0.16-4
sasl2-bin 2.1.15-6

The above HOWTO is supposed to work with Postfix still running chroot.
I've tried to unchroot Postfix to see if that would work but to no

One thought is that the Postfix packages don't seem to support PAM.
But if this is  I haven't found anyone on the net with a similar problem
and I would assume it would have come up already if this were the key

Here are the links that I have:

sawdois:/# ldd /usr/lib/postfix/smtpd
        libpostfix-master.so.1 => /usr/lib/libpostfix-master.so.1
        libpostfix-global.so.1 => /usr/lib/libpostfix-global.so.1
        libpostfix-dns.so.1 => /usr/lib/libpostfix-dns.so.1 (0x40045000)
        libpostfix-util.so.1 => /usr/lib/libpostfix-util.so.1 (0x4004a000)
        libssl.so.0.9.7 => /usr/lib/i686/cmov/libssl.so.0.9.7 (0x40068000)
        libcrypto.so.0.9.7 => /usr/lib/i686/cmov/libcrypto.so.0.9.7
        libsasl2.so.2 => /usr/lib/libsasl2.so.2 (0x40196000)
        libdb-4.1.so => /usr/lib/libdb-4.1.so (0x401aa000)
        libnsl.so.1 => /lib/libnsl.so.1 (0x4026b000)
        libresolv.so.2 => /lib/libresolv.so.2 (0x40281000)
        libgdbm_compat.so.3 => /usr/lib/libgdbm_compat.so.3 (0x40293000)
        libc.so.6 => /lib/libc.so.6 (0x40296000)
        libdl.so.2 => /lib/libdl.so.2 (0x403c9000)
        libgdbm.so.3 => /usr/lib/libgdbm.so.3 (0x403cc000)
        /lib/ld-linux.so.2 => /lib/ld-linux.so.2 (0x40000000)

Any ideas about where I should go from here?


Andreas John
net-lab GmbH
Luisenstrasse 30b
63067 Offenbach
Tel: +49 69 85700331


Reply to: