Problem with Cyrus-SASL with auxprop-mysql and Postfix

Jens Mittag thomas-moore at gmx.net
Sun Feb 11 05:24:58 EST 2007


Am Sonntag, den 11.02.2007, 10:33 +0100 schrieb Jens Mittag:
> Am Sonntag, den 11.02.2007, 10:15 +0100 schrieb Patrick Ben Koetter:
> > * Jens Mittag <thomas-moore at gmx.net>:
> > > Hi!
> > > 
> > > I know this has been discussed often enough, but though I've read a lot of
> > > postings about this topic I can not solve it...
> > > 
> > > I've set set debug levels to the maximum values possible (for both postfix
> > > and SASL) and get the following error (which is not very helpful to me):
> > > 
> > > postfix/smtpd[5036]: Read 49 chars: AUTH PLAIN AG0wMHJlZGJpQG0wMHJlLmRlADVta
> > > postfix/smtpd[5036]: warning: SASL authentication failure: Password verification failed
> > > m00re postfix/smtpd[5036]: warning: unknown[62.214.237.110]: SASL PLAIN authentication failed
> > > m00re postfix/smtpd[5036]: Write 34 chars: 535 Error: authentication failed??
> > > 
> > > My smtpd.conf looks like:
> > > 
> > > log_level: 7
> > > pwcheck_method: auxprop
> > > auxprop_plugin: sql
> > > mech_list: plain login
> > > sql_engine: mysql
> > > sql_hostnames: 127.0.0.1
> > > sql_user: postfix
> > > sql_passwd: passwort
> > > sql_database: postfix
> > > sql_select: select password from mailbox where username='%u@%r'
> > > 
> > > At first I thought the sql_select is wrong, but unfortunately, SASL does not
> > > connect to MySQL at all. What could cause this? 
> > > 
> > > My system is Ubuntu 6.06 LTS (means I have version 2.1.19.dfsg1-0.1ubuntu2
> > > installed). 
> > > 
> > > Besides doing the auxprop approach I also tried authdaemond, but with no
> > > success either. I have already switched from a chrooted postfix to normal
> > > operation, but I still get 
> > > 
> > > postfix/smtpd[23588]: warning: SASL authentication failure: cannot connect
> > > to Courier authdaemond: No such file or directory
> > > 
> > > The smtpd.conf I used for this approach is:
> > > 
> > > pwcheck_method: authdaemond
> > > log_level: 7
> > > mech_list: PLAIN LOGIN
> > > authdaemond_path: /var/run/courier/authdaemon/socket
> > > 
> > > The socket file exists and is readable by the user postfix... whats wrong?
> > 
> > First guess: In both cases you are running the Postfix smtpd daemon chrooted
> > and therefore it can't access the MySQL socket or the authdaemond socket.
> > 
> > If that's not the answer show 'saslfinger -s' output.
> 
> According to what I've read on mailinglists and the postfix doc, its
> sufficient to change the smtpd settings in master.cf to disable the
> chroot of postfix... 
> 
> saslfinger -s gives me:
> 
> -- content of /etc/postfix/sasl/smtpd.conf --
> pwcheck_method: authdaemond
> log_level: 7
> mech_list: PLAIN LOGIN
> authdaemond_path: /var/run/courier/authdaemon/socket
> 
> 
> -- active services in /etc/postfix/master.cf --
> # service type  private unpriv  chroot  wakeup  maxproc command + args
> #               (yes)   (yes)   (yes)   (never) (100)
> smtp      inet  n       -       n       -       -       smtpd
> 
> pickup    fifo  n       -       -       60      1       pickup
> cleanup   unix  n       -       -       -       0       cleanup
> qmgr      fifo  n       -       n       300     1       qmgr
> tlsmgr    unix  -       -       -       1000?   1       tlsmgr
> rewrite   unix  -       -       -       -       -       trivial-rewrite
> bounce    unix  -       -       -       -       0       bounce
> defer     unix  -       -       -       -       0       bounce
> trace     unix  -       -       -       -       0       bounce
> verify    unix  -       -       -       -       1       verify
> flush     unix  n       -       -       1000?   0       flush
> proxymap  unix  -       -       n       -       -       proxymap
> smtp      unix  -       -       -       -       -       smtp
> relay     unix  -       -       -       -       -       smtp
>         -o fallback_relay=
> showq     unix  n       -       -       -       -       showq
> error     unix  -       -       -       -       -       error
> discard   unix  -       -       -       -       -       discard
> local     unix  -       n       n       -       -       local
> virtual   unix  -       n       n       -       -       virtual
> lmtp      unix  -       -       -       -       -       lmtp
> anvil     unix  -       -       -       -       1       anvil
> scache    unix  -       -       -       -       1       scache
> maildrop  unix  -       n       n       -       -       pipe
>   flags=DRhu user=vmail argv=/usr/bin/maildrop -d ${recipient}
> uucp      unix  -       n       n       -       -       pipe
>   flags=Fqhu user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail
> ($recipient)
> ifmail    unix  -       n       n       -       -       pipe
>   flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient)
> bsmtp     unix  -       n       n       -       -       pipe
>   flags=Fq. user=bsmtp argv=/usr/lib/bsmtp/bsmtp -t$nexthop -f$sender
> $recipient
> scalemail-backend unix  -       n       n       -       2       pipe
>   flags=R user=scalemail argv=/usr/lib/scalemail/bin/scalemail-store
> ${nexthop} ${user} ${extension}
> mailman   unix  -       n       n       -       -       pipe
>   flags=FR user=list argv=/usr/lib/mailman/bin/postfix-to-mailman.py
>   ${nexthop} ${user}
> 
> 
> 
> amavis unix - - n - 2 smtp
>         -o smtp_data_done_timeout=1200
>         -o disable_dns_lookups=yes
> 
> 127.0.0.1:10025 inet n - n - - smtpd
>         -o content_filter=
>         -o local_recipient_maps=
>         -o relay_recipient_maps=
>         -o smtpd_restriction_classes=
>         -o smtpd_client_restrictions=
>         -o smtpd_helo_restrictions=
>         -o smtpd_sender_restrictions=
>         -o smtpd_recipient_restrictions=permit_mynetworks,reject
>         -o mynetworks=127.0.0.0/8
>         -o strict_rfc821_envelopes=yes
> 
> -- mechanisms on localhost --
> 
> -- end of saslfinger output --
> 
> cheers
>  Jens

Okay... got it working now. I am not sure what the problem was, but it
works now with the auxprop sql engine and also in chroot... Thanks for
your help guys.

cheers
 Jens



More information about the Cyrus-sasl mailing list