From: Andreas Winkelmann (no email)
Date: Sat Nov 01 2003 - 11:34:11 EST
Am Samstag, 1. November 2003 03:32 schrieb Denny Schierz:
> i have some postfix(1.1(debian woody)) servers and i want, that they
> sends the mails to a relay Postfix 2.x). The debian's Postfix
> authenticates with the plain module on the relay server. That works
> great, one server (postfix 2.x) wants to authenticate via MD5-Digist, it
> fails on the relay server:
> postfix/smtpd[23598]: warning: SASL
> authentication failure: no secret in database
> Nov 1 03:02:35 s15144503 postfix/smtpd[23598]: warning:
> p50890BE2.dip0.t-ipconnect.de[80.137.11.226]: SASL DIGEST-MD5
> authentication failed
> The server supports Digest:
>
> s15144503 root # telnet localhost 25
> Trying 127.0.0.1...
> Connected to localhost.
> Escape character is '^]'.
> 220 huhu, where you are?
> EHLO test
> 250-s15144503.rootmaster.info
> 250-PIPELINING
> 250-SIZE 10240000
> 250-ETRN
> 250-AUTH NTLM LOGIN PLAIN DIGEST-MD5 CRAM-MD5
> 250-AUTH=NTLM LOGIN PLAIN DIGEST-MD5 CRAM-MD5
This means only, that on the server is a "libdigestmd5.so.*" in the
sasl-directory.
> something is not working :-/ Both servers have the same version of
> cyrus-sasl and postfix with same options (runs not in chroot). On the
> relay server runs saslauthd (pam -> mysql).
If you use saslauthd, you have no chance to authenticate with shared-secret
mechs like digest-md5. If you really want digest-md5 you have to store your
accounts in sasldb or another auxprop-db (mysql, ldap,...). But not via
saslauthd/pam. Use the sasl-auxprop-plugin for mysql instead.
> With the relayserver from 1und1.com or auth.smtp.kundenserver.de i had
> no problems.
These servers use only plain and login.
> any suggestion?
-- Andreas
|
|
|