FreeBSD & Postfix & Cyrus SASL & Courier Authdaemond

Patrick Ben Koetter p at state-of-mind.de
Mon Mar 6 15:16:22 EST 2006


* Richard Secor <rsecor at seqlogic.com>:
> 
> Figured this out too.
> Since I need pwcheck_method: in my config...
> I should not have "--without-pwcheck" in my configure.

I don't think this solved your problem. IIRC "--without-pwcheck" disabled
building the deprecated pwcheck daemon, predecessor of saslauthd.

> I removed that line and bam.... Cyrus SASL is now speaking with  
> Courier Authdamond.
> Authdamond is authenticating me.

Using testsaslauthd?

> Now I just have to figure out why postfix won't open up access to  
> send mail out if I'm authenticated.

Well, what does Postfix tell you in the logs?
Here's what comes to my mind immediately:

authdaemond
+ you run the smtpd daemon chrooted and Postfix cannot access the
  authdaemond socket
+ Postfix is not permitted to access the authdaemond socket or the directory
  containing the authdaemond socket
+ Postfix looks for the authdaemond socket at the wrong place

restrictions
Postfix can access the authdaemond socket, authentication takes place
successfully, but then Postfix does not authorize the client to relay
-> add permit_sasl_authenticated to smtpd_recipient_restrictions

smtpd_recipient_restrictions
    ...
    permit_sasl_authenticated
    permit_mynetworks
    reject_unauth_destination
    ...

p at rick


> 
> Thanks,
> -Rich
> 
> On Mar 2, 2006, at 12:45 PM, Richard Secor wrote:
> 
> >Now that the error message is gone I can continue to try to get  
> >this working.
> >Now it appears as though Courier Authdaemond is not trying to  
> >querying the MySQL Database. It works fine with Courier IMAP/POP3.
> >Is there a way to make sure that SASL & Authdaemond are speaking  
> >with one another? I don't see anything in the logs now and I have  
> >all the logging I know about set to the max.
> >
> >Thanks again,
> >-Rich
> >
> >
> >On Mar 2, 2006, at 12:14 PM, Richard Secor wrote:
> >
> >># ls -l /usr/local | grep var
> >>drwx------   5 mysql  mysql  1024 Feb 28 23:24 var
> >># chmod 755 /usr/local/var
> >>
> >>Whoops...lol.
> >>And this is why it's always best to ask. Sometimes you never see  
> >>everything.
> >>
> >>Well now that that's not giving me an error message....
> >>on to the rest.
> >>
> >>Thanks again.
> >>-Rich
> >>
> >>On Mar 2, 2006, at 11:44 AM, Leandro Santi wrote:
> >>
> >>>Richard Secor, 2006-03-02:
> >>>>From system logs:
> >>>>warning: SASL authentication failure: cannot connect to Courier
> >>>>authdaemond: Permission denied
> >>>>
> >>>>...
> >>>>
> >>>># ls -l /usr/local/var/spool |grep authdaemon
> >>>>drwxr-x---  2 postfix  postfix  512 Mar  1 01:42 authdaemon
> >>>>
> >>>># ls -l /usr/local/var/spool/authdaemon/socket
> >>>>srwxrwxrwx  1 root  postfix  0 Mar  1 01:42 /usr/local/var/spool/
> >>>>authdaemon/socket
> >>>>
> >>>>What I've tried:
> >>>>Changing permissions on /usr/local/var/spool/authdaemon. (Even  
> >>>>tried
> >>>>777.)
> >>>
> >>>What about /usr, /usr/local, ... (i.e. every other directory
> >>>in the middle)?
> >>>
> >>>Leandro.
> >>
> >
> 

-- 
The Book of Postfix
<http://www.postfix-book.com>
saslfinger (debugging SMTP AUTH):
<http://postfix.state-of-mind.de/patrick.koetter/saslfinger/>


More information about the Cyrus-sasl mailing list