You are not logged in.

Pages: 1

#1 2009-01-23 07:54:02

anarxi
Member
From: schaumburg, IL
Registered: 2008-12-20
Posts: 55
Website

can't get postfix working with sasl

[root@pentagon postfix]# postconf -n
alias_database = $alias_maps
alias_maps = hash:/etc/postfix/aliases
broken_sasl_auth_clients = yes
command_directory = /usr/sbin
config_directory = /etc/postfix
daemon_directory = /usr/lib/postfix
data_directory = /var/lib/postfix
debug_peer_level = 2
html_directory = no
inet_interfaces = all
mail_owner = postfix
mailq_path = /usr/bin/mailq
manpage_directory = /usr/share/man
mydestination = $myhostname, localhost.$mydomain, localhost
mydomain = pentagon.atlaikyk.net
myhostname = mail.pentagon.atlaikyk.net
mynetworks_style = host
myorigin = $mydomain
newaliases_path = /usr/bin/newaliases
queue_directory = /var/spool/postfix
readme_directory = no
relay_domains = *
relayhost = $mydomain
sample_directory = /etc/postfix/sample
sendmail_path = /usr/sbin/sendmail
setgid_group = postdrop
smtp_use_tls = yes
smtpd_recipient_restrictions = permit_mynetworks,permit_sasl_authenticated,reject_unauth_destination,permit
smtpd_sasl_auth_enable = yes
smtpd_sasl_local_domain = $mydomain
smtpd_sasl_path = smtpd
smtpd_sasl_security_options = noanonymous
smtpd_sasl_tls_security_options = $smtpd_sasl_security_options
smtpd_tls_CAfile = /etc/postfix/ssl/cacert.pem
smtpd_tls_auth_only = no
smtpd_tls_key_file = /etc/postfix/ssl/smtpd.key
smtpd_tls_loglevel = 1
smtpd_tls_received_header = yes
smtpd_tls_session_cache_timeout = 3600s
tls_random_source = dev:/dev/urandom
unknown_local_recipient_reject_code = 550

smtpd.conf

pwcheck_method: saslauthd
saslauthd_path: /var/run/saslauthd/mux
mech_list: plain login
log_level: 7

I'm not sure where to put smtpd.conf so I put everywhere?
/etc/postfix/sasl/smtpd.conf
/etc/postfix/sasl2/smtpd.conf
/usr/lib/sasl2/smtpd.conf
/usr/local/lib/sasl2/smtpd.conf
/etc/sasl2/smtpd.conf

You need to have backups right? big_smile

anyway, I still get plain logins:

[root@pentagon /]# telnet localhost 25
Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'.
220 mail.pentagon.atlaikyk.net ESMTP Postfix
ehlo localhost
250-mail.pentagon.atlaikyk.net
250-PIPELINING
250-SIZE 10240000
250-VRFY
250-ETRN
250-AUTH PLAIN LOGIN
250-AUTH=PLAIN LOGIN
250-ENHANCEDSTATUSCODES
250-8BITMIME
250 DSN
quit
221 2.0.0 Bye
Connection closed by foreign host.

(certs and keys for ssl was also generated and placed in /etc/postfix/ssl/cacert.pen  cakey.pem  smtpd.csr  smtpd.key )

what am I missing?

there is now knowledge that is not power

Offline

#2 2009-01-23 18:17:28

dschrute
Member
From: NJ, USA
Registered: 2007-04-09
Posts: 183

Re: can't get postfix working with sasl

I haven't done sasl auth for incoming smtp connections, only for my smtp/postfix to other/outbound connections.  But whenever I've set it up I followed the excellent instructions in the Postfix SASL HowTo here :
http://www.postfix.org/SASL_README.html

Did you follow those steps ?  Is saslauthd running ?  What is the output of postconf -a ?

Offline

#3 2009-01-23 22:11:38

anarxi
Member
From: schaumburg, IL
Registered: 2008-12-20
Posts: 55
Website

Re: can't get postfix working with sasl

[root@pentagon evil]# postconf -a
cyrus
dovecot

yes I followed those steps

Last edited by anarxi (2009-01-23 22:14:09)

there is now knowledge that is not power

Offline

#4 2009-01-23 23:52:50

dschrute
Member
From: NJ, USA
Registered: 2007-04-09
Posts: 183

Re: can't get postfix working with sasl

Actually, after reading the following, it looks like your setup is working...At least as far as it goes.
http://postfix.state-of-mind.de/patrick … ients.html

Note especially sections 12.3, 12.3.1 and the "Note" in section 12.3.2

Offline

#5 2009-01-24 00:07:47

anarxi
Member
From: schaumburg, IL
Registered: 2008-12-20
Posts: 55
Website

Re: can't get postfix working with sasl

Notice the two new lines?
250-AUTH PLAIN LOGIN DIGEST-MD5 CRAM-MD5 GSSAPI
250-AUTH=PLAIN LOGIN DIGEST-MD5 CRAM-MD5 GSSAPI

----

thats from your link. and thats what mine does not have

there is now knowledge that is not power

Offline

#6 2009-01-24 02:49:46

dschrute
Member
From: NJ, USA
Registered: 2007-04-09
Posts: 183

Re: can't get postfix working with sasl

Notice the two new lines?
250-AUTH PLAIN LOGIN DIGEST-MD5 CRAM-MD5 GSSAPI
250-AUTH=PLAIN LOGIN DIGEST-MD5 CRAM-MD5 GSSAPI

thats from your link. and thats what mine does not have

Indeed.  And right below that in the Note :

If you don't see all the mechanisms as pointed out in this HOWTO it means that you didn't install or compile all the SASL mechanisms. Please make sure that you have at least the following as we are going to need them in the HOWTO: PLAIN LOGIN

And directly below that...

Since we use PLAIN as mechanism we will have to pass our credentials plaintext. But hold, the credentials must be Base64 encoded,...

The way i read all that, SASL only *requires* AUTH PLAIN, but if additional mechanisms are available it may also use them.  So it looks to me like SASL is working, as far as it can, given the options it was installed/compiled/configured with. 
I'm not trying to be difficult or obtuse, but you haven't said specifically which mechanism you want to use, only that you want SASL to work.  And given what I've read it is, but only with PLAIN AUTH.  If you need the additional SASL mechanisms, I'd check which the sasl package was built with.

Oh, wait....You're limiting which ones will be used with the "mech_list:" line in smtpd.conf.  If you want to use something else, you at least need to add it there.

Offline

#7 2009-01-24 03:57:22

anarxi
Member
From: schaumburg, IL
Registered: 2008-12-20
Posts: 55
Website

Re: can't get postfix working with sasl

yeah, that was my misunderstanding, sasl is just authentication which is working, the problem is with TLS.

firstone I fixed  (smtp_use_tls = yes | was mistyped)

but I got problem with startls

[evil@pentagon ~]$ telnet localhost 25
Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'.
220 smtp.tuojtuoj.com ESMTP Postfix
ehlo localhost
250-smtp.tuojtuoj.com
250-PIPELINING
250-SIZE 10240000
250-VRFY
250-ETRN
250-STARTTLS
250-AUTH PLAIN LOGIN
250-AUTH=PLAIN LOGIN
250-ENHANCEDSTATUSCODES
250-8BITMIME
250 DSN
starttls
454 4.7.0 TLS not available due to local problem

there is now knowledge that is not power

Offline

#8 2009-01-24 06:31:14

anarxi
Member
From: schaumburg, IL
Registered: 2008-12-20
Posts: 55
Website

Re: can't get postfix working with sasl

/var/log/mail.log

Jan 24 10:20:32 pentagon postfix/smtpd[7912]: warning: No server certs available. TLS won't be enabled

but I have all the certs and mail.cf with correct paths inside postfix directory. what could be wrong?

there is now knowledge that is not power

Offline

#9 2009-01-24 13:08:56

dschrute
Member
From: NJ, USA
Registered: 2007-04-09
Posts: 183

Re: can't get postfix working with sasl

The first thing that comes to my mind is permissions on the cert files.  Make sure your postfix user has access.  Second I'd triple check all tls lines in your postfix config.  typos are a bitch.  I've found that almost every time I had a problem with Postfix, it was a typo in the config that I had already checked 4 times but somehow missed.

Failing that I'd go step by step through something like the Postfix-TLS Howto here, if you haven't already :
http://postfix.state-of-mind.de/patrick … pport.html

Good luck.

Offline

Pages: 1

Board footer

Powered by FluxBB