Postfix SASL/PAM/MySQL fails on Sarge
Hi, list...
I'm the author of the Postfix/MySQL/SASL/Courier/virtual tutorial at
workaround.org. As a preparation for the next Debian release (sarge) I'm
preparing/testing the setup for the current versions of the appropriate
packages in testing. So far everything works with one frustrating
exception: SMTP AUTH.
To be a little more verbose: my virtual users (stored in a MySQL
backend) can fetch their emails via POP3 (package "courier-pop" version)
using the courier-authdaemon. This part works perfectly. However sending
mail via the very same server as a mail relay fails. The users are
supposed to use SMTP authentication using the same passwords stored in
the MySQL database. Postfix should use SASL, SASL should use PAM and PAM
should access the MySQL database. However somehow the SASL part is
b0rked.
These postfix-related packages are installed:
- libsasl-digestmd5-plain (1.5.27-3.5)
- libsasl-modules-plain (1.5.27-3.5)
- libsasl7 (1.5.27-3.5)
- libsasl2 (2.1.15-6)
- libpam-mysql (0.5.0-3)
- postfix (1.1.11.0-3)
- postfix-mysql (1.1.11.0-3)
- postfix-tls (1.1.11.0-3)
As soon as I set "smtpd_sasl_auth_enable=yes" in the
/etc/postfix/main.cf, do a "postfix reload" and a "telnet localhost 25"
these lines are showing up in the /var/log/mail.warn:
===
postfix/smtpd[28248]: fatal: no SASL authentication mechanisms
postfix/master[25454]: warning: process /usr/lib/postfix/smtpd pid 28248 exit status 1
postfix/master[25454]: warning: /usr/lib/postfix/smtpd: bad command startup -- throttling
===
Unfortunately this message is /very/ fatal as all SMTP connections are
killed before any communication can happen.
My /etc/postfix/sasl/smtpd.conf and
/var/spool/postfix/etc/postfix/sasl/smtpd.conf read:
===
pwcheck_method: pam
===
These files are in /usr/lib/sasl/:
libanonymous.so libdigestmd5.so.0 liblogin.so.0.0.6
libanonymous.so.1 libdigestmd5.so.0.0.19 libplain.so
libanonymous.so.1.0.16 libgssapiv2.so libplain.so.1
libcrammd5.so libgssapiv2.so.1 libplain.so.1.0.15
libcrammd5.so.1 libgssapiv2.so.1.0.18 smtpd.conf
libcrammd5.so.1.0.17 liblogin.so
libdigestmd5.so liblogin.so.0
The /etc/pam.d/smtp file reads:
===
auth required pam_mysql.so user=dbuser passwd=secret host=gondor \
db=database table=users usercolumn=email passwdcolumn=password crypt=1
account sufficient pam_mysql.so user=dbuser passwd=secret host=gondor \
db=database table=users usercolumn=email passwdcolumn=password crypt=1
===
These lines in the /etc/postfix/main.cf were meant to enable SASL:
===
smtpd_sasl_auth_enable = yes
smtpd_sasl_local_domain = $myhostname
smtpd_recipient_restrictions = permit_mynetworks
permit_sasl_authenticated
check_relay_domains
smtpd_sasl_security_options = noanonymous
broken_sasl_auth_clients = yes
===
As a test I disabled the chroot jail by setting the "n" option for the
"smtp" in the /etc/postfix/master.cf. Unfortunately it did not seem to
be simply a permissions problem. Has anyone heard of bugs regarding this
setup? Or does anyone run a similar setup? Or does anyone have a deeper
understanding of what libraries (sasl, sasl2, ...) are used when? Or
does anyone have at least an idea how to better debug what Postfix does
not like? (PAM and SASL always seem to hide their secrets from me.)
Again: all this worked in Woody. Something must have changed. But after
three days of IRCing and googling I'm desperate enough to bother this
list. :) (This does not smell like a general Postfix problem. That's why
I ask here and not on the postfix list.)
I'd appreciate any hints and support. Thanks in advance.
Regards
Christoph
--
~
~
".signature" [Modified] 3 lines --100%-- 3,41 All
Reply to: