How can i tell SASL2 to stop using /etc/sasldb2 ?

Patrick Ben Koetter p at state-of-mind.de
Sat Jul 28 04:45:37 EDT 2007


* Gert Cuykens <gert.cuykens at gmail.com>:
> On 7/28/07, Patrick Ben Koetter <p at state-of-mind.de> wrote:
> > If you don't use crypted passwords in the database you might as well use the
> > sql auxprop plugin. Then you can additionaly use the shared-secret mechanisms
> > CRAM-MD5, DIGEST-MD5 and NTLM.
> 
> That was plan A but that didn't work
> 
> ubuntu 7.04
> postfix 2.3.8
> postfix-mysql 2.3.8
> mysql-server 5.0.38
> libmysqlclient-dev 5.0.38
> libsasl2 2.1.22
> libsasl2-modules 2.1.22
> libsasl2-modules-sql 2.1.22
> 
> /etc/postfix/main.cf
> mydomain = lan
> myhostname = www.lan
> mynetworks = 127.0.0.1/32
> myorigin = $mydomain
> mydestination = localhost $mydomain
> relay_domains =
> #mailbox_size_limit =
> #message_size_limit =
> home_mailbox = mailbox
> mailbox_transport = dbmail-lmtp:localhost:24
> local_recipient_maps = mysql:/etc/postfix/sql-recipients.cf
> disable_dns_lookups = yes
> smtpd_sasl_auth_enable = yes
> smtpd_sasl_path = /etc/postfix/sasl:/usr/lib/sasl2

READ the docs and find out what $smtpd_sasl_path should be.


> smtpd_sasl_local_domain =
> smtpd_tls_security_level = may
> smtpd_tls_cert_file = /etc/ssl/certs/ssl-cert-snakeoil.pem
> smtpd_tls_key_file  = /etc/ssl/private/ssl-cert-snakeoil.key
> 
> /etc/postfix/sasl/smtpd.conf
> pwcheck_method: auxprop
> auxprop_plugin: mysql login plain cram-md5 digest-md5
> mysql_user: dbmail
> mysql_passwd:
> mysql_database: dbmail
> mysql_statement: SELECT passwd FROM dbmail_users WHERE userid = '%u'
> mysql_verbose: yes

Looks like a google copy & paste orgy to me...

This is how it should be:

# /etc/postfix/sasl/smtpd.conf
pwcheck_method: auxprop
auxprop_plugin: sql 
# Add ntlm to mech_list if you use Outlook
# Check that there's libntlm.* in /usr/lib/sasl2/
mech_list: login plain cram-md5 digest-md5
sql_engine: mysql
sql_user: dbmail
sql_passwd:
sql_database: dbmail
sql_statement: SELECT passwd FROM dbmail_users WHERE userid = '%u'


> /etc/postfix/sql-recipients.cf
> user = dbmail
> password =
> hosts = localhost
> dbname = dbmail
> table = dbmail_aliases
> select_field = alias
> where_field = alias

/etc/postfix/sql-recipients.cf ain't relevant for SMTP AUTH.

p at rick



> 
> root at www:/etc/postfix# netcat localhost 25
> 220 www.lan ESMTP Postfix
> AUTH PLAIN cm9vdAByb290QGxhbgA=
> 535 5.7.0 Error: authentication failed: authentication failure

-- 
The Book of Postfix
<http://www.postfix-book.com>
saslfinger (debugging SMTP AUTH):
<http://postfix.state-of-mind.de/patrick.koetter/saslfinger/>


More information about the Cyrus-sasl mailing list