postfix+saslauthd - postfix/smtpd doesn't use saslauthd

T Linden bsd at linden.at
Wed Mar 9 05:57:42 EST 2011


Hello,

I can't get working smtp-auth with postfix

I'm using FreeBSD 8.2-RELEASE with:

cyrus-sasl-2.1.23_3
cyrus-sasl-saslauthd-2.1.23
postfix-2.8.0,1

The saslauthdaemon runs:

root    66659  0.0  0.0  9832  1504   3  IJ   11:55PM   0:00.00 /usr/local/sbin/saslauthd -a getpwent -d
root    66663  0.0  0.0  9832  1504   3  IJ   11:55PM   0:00.00 /usr/local/sbin/saslauthd -a getpwent -d
root    66664  0.0  0.0  9832  1504   3  IJ   11:55PM   0:00.00 /usr/local/sbin/saslauthd -a getpwent -d
root    66665  0.0  0.0  9832  1504   3  IJ   11:55PM   0:00.00 /usr/local/sbin/saslauthd -a getpwent -d
root    66666  0.0  0.0  9832  1504   3  IJ   11:55PM   0:00.00 /usr/local/sbin/saslauthd -a getpwent -d

postfix is using SASL:

# postconf -n|grep smtpd_sasl
smtpd_sasl_auth_enable = yes
smtpd_sasl_local_domain =
smtpd_sasl_path = smtpd
smtpd_sasl_security_options = noanonymous

The smtpd is not running in a chroot, master.conf:

212.227.*.*:smtp      inet  n       -       n       -       - smtpd -v

my /usr/local/lib/sasl2/smtpd.conf:

saslauthd_version: 2
pwcheck_method: saslauthd
mech_list: CRAM-MD5 DIGEST-MD5
saslauthd_path: /var/run/saslauthd/mux
log_level: 7

I've got a local user "testmx", which works:

# testsaslauthd -u testmx -p test
0: OK "Success."

The debug-output of saslauthd tells me:

saslauthd[66664] :rel_accept_lock : released accept lock
saslauthd[66665] :get_accept_lock : acquired accept lock
saslauthd[66664] :do_auth         : auth success: [user=testmx] [service=imap] [realm=] [mech=getpwent]
saslauthd[66664] :do_request      : response: OK

So, saslauthd works.

But postfix isn't using it. During a failed login attempt via smtp I see
in the maillog:

Mar  9 00:15:46 p3 postfix/smtpd[68497]: xsasl_cyrus_server_create: SASL service=smtp, realm=(null)
Mar  9 00:15:46 p3 postfix/smtpd[68497]: xsasl_cyrus_server_create: SASL service=smtp, realm=(null)
Mar  9 00:15:47 p3 postfix/smtpd[68497]: xsasl_cyrus_server_first: sasl_method CRAM-MD5
Mar  9 00:15:47 p3 postfix/smtpd[68497]: xsasl_cyrus_server_auth_response: uncoded server challenge: <2409722764.7780592@********.de>
Mar  9 00:15:47 p3 postfix/smtpd[68497]: xsasl_cyrus_server_next: decoded response: testmx 2c5aba95e2bd5fe5a303ee56b7601f6e
Mar  9 00:15:47 p3 postfix/smtpd[68497]: warning: SASL authentication failure: Could not open db
Mar  9 00:15:47 p3 postfix/smtpd[68497]: warning: SASL authentication failure: Could not open db
Mar  9 00:15:47 p3 postfix/smtpd[68497]: warning: SASL authentication failure: no secret in database
Mar  9 00:15:47 p3 postfix/smtpd[68497]: warning: *****.dip.t-dialin.net[79.255.*.*]: SASL CRAM-MD5 authentication failed: authentication failure

Sinces saslauthd runs with debug enabled, I should see incoming requests
logged by it. But there's nothing. The sasl lib doesn't even try to
connect to saslauthd. I can even halt saslauthd and I'll receive
identical log messages.

I traced the postfix/smtpd process using truss and see this:

68497: open("/usr/local/etc/sasldb2.db",O_RDONLY,0600) ERR#2 'No such file or directory'
68497: open("/usr/local/etc/sasldb2.db",O_RDONLY,0600) ERR#2 'No such file or directory'

Of course, there's no such file because I told it to not use it.

The postfix user is allowed to read from saslauthd's socket of course:

# id postfix
uid=125(postfix) gid=125(postfix) groups=125(postfix),6(mail)
# ls -ld /var/run/saslauthd 
drwxrwx---  2 cyrus  mail  512 Mar  8 23:56 /var/run/saslauthd
# ls -l /var/run/saslauthd/mux
srwxrwxrwx  1 root  mail  0 Mar  8 23:55 /var/run/saslauthd/mux

A nightmare. Can please help anyone?


Thanks in advance,
TL

-- 
Please note that according to the German law on data retention,
information on every electronic information exchange with me is
retained for a period of six months.


More information about the Cyrus-sasl mailing list