postfix+saslauthd - postfix/smtpd doesn't use saslauthd

Patrick Ben Koetter p at state-of-mind.de
Wed Mar 9 07:12:27 EST 2011 


Am 09.03.2011 11:57, schrieb T Linden:
> my /usr/local/lib/sasl2/smtpd.conf:
>
> saslauthd_version: 2
> pwcheck_method: saslauthd
> mech_list: CRAM-MD5 DIGEST-MD5

saslauthd can only handle PLAIN and LOGIN. Replace CRAM-MD5 DIGEST-MD5 with 
PLAIN and LOGIN.

p@



> saslauthd_path: /var/run/saslauthd/mux
> log_level: 7
>
> I've got a local user "testmx", which works:
>
> # testsaslauthd -u testmx -p test
> 0: OK "Success."
>
> The debug-output of saslauthd tells me:
>
> saslauthd[66664] :rel_accept_lock : released accept lock
> saslauthd[66665] :get_accept_lock : acquired accept lock
> saslauthd[66664] :do_auth         : auth success: [user=testmx] [service=imap] [realm=] [mech=getpwent]
> saslauthd[66664] :do_request      : response: OK
>
> So, saslauthd works.
>
> But postfix isn't using it. During a failed login attempt via smtp I see
> in the maillog:
>
> Mar  9 00:15:46 p3 postfix/smtpd[68497]: xsasl_cyrus_server_create: SASL service=smtp, realm=(null)
> Mar  9 00:15:46 p3 postfix/smtpd[68497]: xsasl_cyrus_server_create: SASL service=smtp, realm=(null)
> Mar  9 00:15:47 p3 postfix/smtpd[68497]: xsasl_cyrus_server_first: sasl_method CRAM-MD5
> Mar  9 00:15:47 p3 postfix/smtpd[68497]: xsasl_cyrus_server_auth_response: uncoded server challenge:<2409722764.7780592@********.de>
> Mar  9 00:15:47 p3 postfix/smtpd[68497]: xsasl_cyrus_server_next: decoded response: testmx 2c5aba95e2bd5fe5a303ee56b7601f6e
> Mar  9 00:15:47 p3 postfix/smtpd[68497]: warning: SASL authentication failure: Could not open db
> Mar  9 00:15:47 p3 postfix/smtpd[68497]: warning: SASL authentication failure: Could not open db
> Mar  9 00:15:47 p3 postfix/smtpd[68497]: warning: SASL authentication failure: no secret in database
> Mar  9 00:15:47 p3 postfix/smtpd[68497]: warning: *****.dip.t-dialin.net[79.255.*.*]: SASL CRAM-MD5 authentication failed: authentication failure
>
> Sinces saslauthd runs with debug enabled, I should see incoming requests
> logged by it. But there's nothing. The sasl lib doesn't even try to
> connect to saslauthd. I can even halt saslauthd and I'll receive
> identical log messages.
>
> I traced the postfix/smtpd process using truss and see this:
>
> 68497: open("/usr/local/etc/sasldb2.db",O_RDONLY,0600) ERR#2 'No such file or directory'
> 68497: open("/usr/local/etc/sasldb2.db",O_RDONLY,0600) ERR#2 'No such file or directory'
>
> Of course, there's no such file because I told it to not use it.
>
> The postfix user is allowed to read from saslauthd's socket of course:
>
> # id postfix
> uid=125(postfix) gid=125(postfix) groups=125(postfix),6(mail)
> # ls -ld /var/run/saslauthd
> drwxrwx---  2 cyrus  mail  512 Mar  8 23:56 /var/run/saslauthd
> # ls -l /var/run/saslauthd/mux
> srwxrwxrwx  1 root  mail  0 Mar  8 23:55 /var/run/saslauthd/mux
>
> A nightmare. Can please help anyone?
>
>
> Thanks in advance,
> TL
>

-- 
state of mind
Digitale Kommunikation

http://www.state-of-mind.de

Franziskanerstraße 15      Telefon +49 89 3090 4664
81669 München              Telefax +49 89 3090 4666

Amtsgericht München        Partnerschaftsregister PR 563
-------------- next part --------------
A non-text attachment was scrubbed...
Name: p.vcf
Type: text/x-vcard
Size: 399 bytes
Desc: not available
Url : http://lists.andrew.cmu.edu/pipermail/cyrus-sasl/attachments/20110309/014e943b/attachment.vcf 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 5372 bytes
Desc: S/MIME Cryptographic Signature
Url : http://lists.andrew.cmu.edu/pipermail/cyrus-sasl/attachments/20110309/014e943b/attachment.bin

More information about the Cyrus-sasl mailing list