Re: postfix+saslauthd - postfix/smtpd doesn't use saslauthd

[Patrick Ben Koetter <p@xxxxxxxxxxxxxxxx>]

Am 09.03.2011 11:57, schrieb T Linden:
> my /usr/local/lib/sasl2/smtpd.conf:
>
> saslauthd_version: 2
> pwcheck_method: saslauthd
> mech_list: CRAM-MD5 DIGEST-MD5

saslauthd can only handle PLAIN and LOGIN. Replace CRAM-MD5 DIGEST-MD5 with 
PLAIN and LOGIN.

p@



> saslauthd_path: /var/run/saslauthd/mux
> log_level: 7
>
> I've got a local user "testmx", which works:
>
> # testsaslauthd -u testmx -p test
> 0: OK "Success."
>
> The debug-output of saslauthd tells me:
>
> saslauthd[66664] :rel_accept_lock : released accept lock
> saslauthd[66665] :get_accept_lock : acquired accept lock
> saslauthd[66664] :do_auth         : auth success: [user=testmx] [service=imap] [realm=] [mech=getpwent]
> saslauthd[66664] :do_request      : response: OK
>
> So, saslauthd works.
>
> But postfix isn't using it. During a failed login attempt via smtp I see
> in the maillog:
>
> Mar  9 00:15:46 p3 postfix/smtpd[68497]: xsasl_cyrus_server_create: SASL service=smtp, realm=(null)
> Mar  9 00:15:46 p3 postfix/smtpd[68497]: xsasl_cyrus_server_create: SASL service=smtp, realm=(null)
> Mar  9 00:15:47 p3 postfix/smtpd[68497]: xsasl_cyrus_server_first: sasl_method CRAM-MD5
> Mar  9 00:15:47 p3 postfix/smtpd[68497]: xsasl_cyrus_server_auth_response: uncoded server challenge:<2409722764.7780592@********.de>
> Mar  9 00:15:47 p3 postfix/smtpd[68497]: xsasl_cyrus_server_next: decoded response: testmx 2c5aba95e2bd5fe5a303ee56b7601f6e
> Mar  9 00:15:47 p3 postfix/smtpd[68497]: warning: SASL authentication failure: Could not open db
> Mar  9 00:15:47 p3 postfix/smtpd[68497]: warning: SASL authentication failure: Could not open db
> Mar  9 00:15:47 p3 postfix/smtpd[68497]: warning: SASL authentication failure: no secret in database
> Mar  9 00:15:47 p3 postfix/smtpd[68497]: warning: *****.dip.t-dialin.net[79.255.*.*]: SASL CRAM-MD5 authentication failed: authentication failure
>
> Sinces saslauthd runs with debug enabled, I should see incoming requests
> logged by it. But there's nothing. The sasl lib doesn't even try to
> connect to saslauthd. I can even halt saslauthd and I'll receive
> identical log messages.
>
> I traced the postfix/smtpd process using truss and see this:
>
> 68497: open("/usr/local/etc/sasldb2.db",O_RDONLY,0600) ERR#2 'No such file or directory'
> 68497: open("/usr/local/etc/sasldb2.db",O_RDONLY,0600) ERR#2 'No such file or directory'
>
> Of course, there's no such file because I told it to not use it.
>
> The postfix user is allowed to read from saslauthd's socket of course:
>
> # id postfix
> uid=125(postfix) gid=125(postfix) groups=125(postfix),6(mail)
> # ls -ld /var/run/saslauthd
> drwxrwx---  2 cyrus  mail  512 Mar  8 23:56 /var/run/saslauthd
> # ls -l /var/run/saslauthd/mux
> srwxrwxrwx  1 root  mail  0 Mar  8 23:55 /var/run/saslauthd/mux
>
> A nightmare. Can please help anyone?
>
>
> Thanks in advance,
> TL

--
state of mind
Digitale Kommunikation

http://www.state-of-mind.de

FranziskanerstraÃe 15      Telefon +49 89 3090 4664
81669 MÃnchen              Telefax +49 89 3090 4666

Amtsgericht MÃnchen        Partnerschaftsregister PR 563

begin:vcard
fn:Patrick Ben Koetter
n:Koetter;Patrick Ben
org;quoted-printable:state of mind;Gesch=C3=A4ftsf=C3=BChrung
adr;quoted-printable:;;Franziskanerstrasse 15;M=C3=BCnchen;Bayern;81669;Deutschland
email;internet:p@xxxxxxxxxxxxxxxx
tel;work:+49 89 3090 4664
tel;fax:+49 89 3090 4666
tel;cell:+49 176 6 227 227 7
x-mozilla-html:FALSE
url:www.state-of-mind.de
version:2.1
end:vcard

Attachment: smime.p7s
Description: S/MIME Cryptographic Signature