From: Patrick Ben Koetter (p at state-of-mind dot de)
Date: Wed Jun 01 2005 - 01:31:35 EDT
I reset the thread because I think you hijacked it... anyway....
Let's see...
* Jonatan Arango <>:
> I need to implement smtp authentication but after trying for a day I
> couldn't do it the virtual users and domains are stored in mysql and I need
> the smtp authentication be done with the same table, after googleing I see
> that is posible
>
> Any help is apreciated or please point me to a clear howto
>
> postfix-2.2.2-3
> MySQL-server-4.0.24-0
> cyrus-sasl-gssapi-2.1.19-3
> cyrus-sasl-devel-2.1.19-3
> cyrus-sasl-2.1.19-3
> cyrus-sasl-md5-2.1.19-3
> cyrus-sasl-plain-2.1.19-3
> cyrus-sasl-sql-2.1.19-3
> pam-0.77-65
>
> ldd /usr/sbin/postfix
> libldap-2.2.so.7 => /usr/lib/libldap-2.2.so.7 (0x06f40000)
> liblber-2.2.so.7 => /usr/lib/liblber-2.2.so.7 (0x00117000)
> libmysqlclient.so.12 => /usr/lib/libmysqlclient.so.12
> (0x0049b000)
> libm.so.6 => /lib/tls/libm.so.6 (0x064f6000)
> libpq.so.3 => /usr/lib/libpq.so.3 (0x0047f000)
> libcrypt.so.1 => /lib/libcrypt.so.1 (0x0764c000)
> libsasl.so.7 => /usr/lib/libsasl.so.7 (0xf6fdf000)
SASL1 support
> libssl.so.4 => /lib/libssl.so.4 (0x00dbf000)
> libcrypto.so.4 => /lib/libcrypto.so.4 (0x00cbf000)
> libgssapi_krb5.so.2 => /usr/lib/libgssapi_krb5.so.2 (0x00da9000)
> libkrb5.so.3 => /usr/lib/libkrb5.so.3 (0x00c35000)
> libcom_err.so.2 => /lib/libcom_err.so.2 (0x00ba6000)
> libk5crypto.so.3 => /usr/lib/libk5crypto.so.3 (0x00c9c000)
> libresolv.so.2 => /lib/libresolv.so.2 (0x00675000)
> libdl.so.2 => /lib/libdl.so.2 (0x00467000)
> libz.so.1 => /usr/lib/libz.so.1 (0x0046d000)
> libdb-4.2.so => /lib/tls/i686/libdb-4.2.so (0x00843000)
> libnsl.so.1 => /lib/libnsl.so.1 (0x072bf000)
> libc.so.6 => /lib/tls/libc.so.6 (0x00319000)
> libsasl2.so.2 => /usr/lib/libsasl2.so.2 (0xf6fc8000)
SASL2 support
> libnss_files.so.2 => /lib/libnss_files.so.2 (0x002e8000)
> libnss_dns.so.2 => /lib/libnss_dns.so.2 (0x002f5000)
> /lib/ld-linux.so.2 (0x00300000)
> libpthread.so.0 => /lib/tls/libpthread.so.0 (0x00558000)
> libgdbm.so.2 => /usr/lib/libgdbm.so.2 (0x00442000)
> libpam.so.0 => /lib/libpam.so.0 (0x00590000)
>
> /usr/lib/sasl2/smtpd.conf
>
> pwcheck_method:auxprop
> auxprop_plugin:sql
> sql_engine: mysql
> mech_list: plain login
With "auxprop:sql" you can expand the mech_list to offer also CRAD-MD5 and
DIGEST-MD5.
> sql_hostnames: localhost
> sql_user: postfix
> sql_passwd: ********
> sql_database: postfix_db
> sql_select:SELECT password FROM mailbox WHERE username='%u@%r'
>
> /etc/sysconfig/saslauthd
> MECH=pam
You don't need saslauthd if you use an auxprop. you can skip the whole
saslauthd and PAM stuff.
> /etc/pam.d/smtp
> auth sufficient pam_mysql.so user=postfix passwd=postfix host=localhost
> db=postfix table=mailbox usercolumn=username passwdcolumn=password
> crypt=1
> account required pam_mysql.so user=postfix passwd=postfix host=localhost
> db=postfix table=mailbox usercolumn=username passwdcolumn=password
> crypt=1
>
> # postconf -n|grep sasl
>
> broken_sasl_auth_clients = yes
> smtpd_sasl_application_name = smtpd
> smtpd_sasl_auth_enable = yes
> smtpd_sasl_local_domain =
> smtpd_sasl_security_options = noanonymous
>
> the maillog says
>
> May 31 18:50:00 mx01 postfix/smtpd[12539]: warning:
> joarango.telecorp.net[200.24.76.9]: SASL LOGIN authentication failed
Which AUTH mechanisms does a telnet session to joarango.telecorp.net on port
25 show after a EHLO?
> If I try
>
> testsaslauthd -u '' -p 'password' -s smtpd
> 0: OK "Success."
> testsaslauthd -u '' -p 'password' -s smtp
> 0: OK "Success."
That's fine, but you don't need saslauthd.
> The mysql_log shows ok the sql_select
IF you want to use saslauthd, then change smtpd.conf like this:
pwcheck_method: saslauthd
mech_list: plain login
and remove the rest.
> I think postfix is not talking to saslauthd or pam or auxprop
Postfix might be running chrooted or/and unable to access the socket.
Can you send output from "saslfinger -s"? See below for URL to saslfinger.
p at rick
-- The Book of Postfix <http://www.postfix-book.com> SMTP AUTH debug utility: <http://postfix.state-of-mind.de/patrick.koetter/saslfinger/>
|
|
|