postfix+saslauthd - postfix/smtpd doesn't use saslauthd
T Linden
bsd at linden.at
Wed Mar 9 05:57:42 EST 2011
Hello,
I can't get working smtp-auth with postfix
I'm using FreeBSD 8.2-RELEASE with:
cyrus-sasl-2.1.23_3
cyrus-sasl-saslauthd-2.1.23
postfix-2.8.0,1
The saslauthdaemon runs:
root 66659 0.0 0.0 9832 1504 3 IJ 11:55PM 0:00.00 /usr/local/sbin/saslauthd -a getpwent -d
root 66663 0.0 0.0 9832 1504 3 IJ 11:55PM 0:00.00 /usr/local/sbin/saslauthd -a getpwent -d
root 66664 0.0 0.0 9832 1504 3 IJ 11:55PM 0:00.00 /usr/local/sbin/saslauthd -a getpwent -d
root 66665 0.0 0.0 9832 1504 3 IJ 11:55PM 0:00.00 /usr/local/sbin/saslauthd -a getpwent -d
root 66666 0.0 0.0 9832 1504 3 IJ 11:55PM 0:00.00 /usr/local/sbin/saslauthd -a getpwent -d
postfix is using SASL:
# postconf -n|grep smtpd_sasl
smtpd_sasl_auth_enable = yes
smtpd_sasl_local_domain =
smtpd_sasl_path = smtpd
smtpd_sasl_security_options = noanonymous
The smtpd is not running in a chroot, master.conf:
212.227.*.*:smtp inet n - n - - smtpd -v
my /usr/local/lib/sasl2/smtpd.conf:
saslauthd_version: 2
pwcheck_method: saslauthd
mech_list: CRAM-MD5 DIGEST-MD5
saslauthd_path: /var/run/saslauthd/mux
log_level: 7
I've got a local user "testmx", which works:
# testsaslauthd -u testmx -p test
0: OK "Success."
The debug-output of saslauthd tells me:
saslauthd[66664] :rel_accept_lock : released accept lock
saslauthd[66665] :get_accept_lock : acquired accept lock
saslauthd[66664] :do_auth : auth success: [user=testmx] [service=imap] [realm=] [mech=getpwent]
saslauthd[66664] :do_request : response: OK
So, saslauthd works.
But postfix isn't using it. During a failed login attempt via smtp I see
in the maillog:
Mar 9 00:15:46 p3 postfix/smtpd[68497]: xsasl_cyrus_server_create: SASL service=smtp, realm=(null)
Mar 9 00:15:46 p3 postfix/smtpd[68497]: xsasl_cyrus_server_create: SASL service=smtp, realm=(null)
Mar 9 00:15:47 p3 postfix/smtpd[68497]: xsasl_cyrus_server_first: sasl_method CRAM-MD5
Mar 9 00:15:47 p3 postfix/smtpd[68497]: xsasl_cyrus_server_auth_response: uncoded server challenge: <2409722764.7780592@********.de>
Mar 9 00:15:47 p3 postfix/smtpd[68497]: xsasl_cyrus_server_next: decoded response: testmx 2c5aba95e2bd5fe5a303ee56b7601f6e
Mar 9 00:15:47 p3 postfix/smtpd[68497]: warning: SASL authentication failure: Could not open db
Mar 9 00:15:47 p3 postfix/smtpd[68497]: warning: SASL authentication failure: Could not open db
Mar 9 00:15:47 p3 postfix/smtpd[68497]: warning: SASL authentication failure: no secret in database
Mar 9 00:15:47 p3 postfix/smtpd[68497]: warning: *****.dip.t-dialin.net[79.255.*.*]: SASL CRAM-MD5 authentication failed: authentication failure
Sinces saslauthd runs with debug enabled, I should see incoming requests
logged by it. But there's nothing. The sasl lib doesn't even try to
connect to saslauthd. I can even halt saslauthd and I'll receive
identical log messages.
I traced the postfix/smtpd process using truss and see this:
68497: open("/usr/local/etc/sasldb2.db",O_RDONLY,0600) ERR#2 'No such file or directory'
68497: open("/usr/local/etc/sasldb2.db",O_RDONLY,0600) ERR#2 'No such file or directory'
Of course, there's no such file because I told it to not use it.
The postfix user is allowed to read from saslauthd's socket of course:
# id postfix
uid=125(postfix) gid=125(postfix) groups=125(postfix),6(mail)
# ls -ld /var/run/saslauthd
drwxrwx--- 2 cyrus mail 512 Mar 8 23:56 /var/run/saslauthd
# ls -l /var/run/saslauthd/mux
srwxrwxrwx 1 root mail 0 Mar 8 23:55 /var/run/saslauthd/mux
A nightmare. Can please help anyone?
Thanks in advance,
TL
--
Please note that according to the German law on data retention,
information on every electronic information exchange with me is
retained for a period of six months.
More information about the Cyrus-sasl
mailing list