From: Jonatan Arango (no email)
Date: Wed Jun 01 2005 - 09:57:09 EDT
Hi Patrick, thank you for help me.
This is the saslfinger output
saslfinger - postfix Cyrus sasl configuration Wed Jun 1 08:46:38 COT
2005
version: 0.9.9.1
mode: server-side SMTP AUTH
-- basics --
Postfix: 2.2.2
System: Fedora Core release 3 (Heidelberg)
-- smtpd is linked to --
libsasl.so.7 => /usr/lib/libsasl.so.7 (0x00125000)
libsasl2.so.2 => /usr/lib/libsasl2.so.2 (0x00101000)
-- active SMTP AUTH and TLS parameters for smtpd --
broken_sasl_auth_clients = yes
smtpd_sasl_application_name = smtpd
smtpd_sasl_auth_enable = yes
smtpd_sasl_local_domain =
smtpd_sasl_security_options = noanonymous
smtpd_tls_cert_file = /etc/postfix/smtpd.pem
smtpd_tls_key_file = /etc/postfix/smtpd-key.pem
smtpd_tls_loglevel = 1
smtpd_use_tls = yes
-- listing of /usr/lib/sasl --
total 488
drwxr-xr-x 2 root root 4096 May 31 22:08 .
drwxr-xr-x 124 root root 69632 Jun 1 04:26 ..
-rw-r--r-- 1 root root 4630 Oct 7 2004 libanonymous.a
-rwxr-xr-x 1 root root 871 May 31 22:03 libanonymous.la
-rwxr-xr-x 1 root root 5748 May 31 22:03 libanonymous.so
-rwxr-xr-x 1 root root 5748 May 31 22:03 libanonymous.so.1
-rwxr-xr-x 1 root root 5748 May 31 22:03 libanonymous.so.1.0.17
-rw-r--r-- 1 root root 9754 Oct 7 2004 libcrammd5.a
-rwxr-xr-x 1 root root 857 May 31 22:03 libcrammd5.la
-rwxr-xr-x 1 root root 9884 May 31 22:03 libcrammd5.so
-rwxr-xr-x 1 root root 9884 May 31 22:03 libcrammd5.so.1
-rwxr-xr-x 1 root root 9884 May 31 22:03 libcrammd5.so.1.0.19
-rw-r--r-- 1 root root 34260 Oct 7 2004 libdigestmd5.a
-rwxr-xr-x 1 root root 880 May 31 22:03 libdigestmd5.la
-rwxr-xr-x 1 root root 30804 May 31 22:03 libdigestmd5.so
-rwxr-xr-x 1 root root 30804 May 31 22:03 libdigestmd5.so.0
-rwxr-xr-x 1 root root 30804 May 31 22:03 libdigestmd5.so.0.0.20
-rw-r--r-- 1 root root 11318 Oct 7 2004 libgssapiv2.a
-rwxr-xr-x 1 root root 906 May 31 15:15 libgssapiv2.la
-rwxr-xr-x 1 root root 11952 May 31 15:16 libgssapiv2.so
-rwxr-xr-x 1 root root 11952 May 31 15:16 libgssapiv2.so.1
-rwxr-xr-x 1 root root 11952 May 31 15:16 libgssapiv2.so.1.0.19
-rw-r--r-- 1 root root 6594 Oct 7 2004 liblogin.a
-rwxr-xr-x 1 root root 847 Oct 7 2004 liblogin.la
-rwxr-xr-x 1 root root 7248 Oct 7 2004 liblogin.so
-rwxr-xr-x 1 root root 7248 Oct 7 2004 liblogin.so.0
-rwxr-xr-x 1 root root 7248 Oct 7 2004 liblogin.so.0.0.7
-rw-r--r-- 1 root root 6146 Oct 7 2004 libplain.a
-rwxr-xr-x 1 root root 849 Oct 7 2004 libplain.la
-rwxr-xr-x 1 root root 7000 Oct 7 2004 libplain.so
-rwxr-xr-x 1 root root 7000 Oct 7 2004 libplain.so.1
-rwxr-xr-x 1 root root 7000 Oct 7 2004 libplain.so.1.0.16
-- listing of /usr/lib/sasl2 --
total 3568
drwxr-xr-x 2 root root 4096 May 31 22:15 .
drwxr-xr-x 124 root root 69632 Jun 1 04:26 ..
-rwxr-xr-x 1 root root 875 May 31 22:03 libanonymous.la
-rwxr-xr-x 1 root root 12820 May 31 22:03 libanonymous.so
-rwxr-xr-x 1 root root 12820 May 31 22:03 libanonymous.so.2
-rwxr-xr-x 1 root root 12820 May 31 22:03 libanonymous.so.2.0.19
-rwxr-xr-x 1 root root 863 May 31 22:03 libcrammd5.la
-rwxr-xr-x 1 root root 15216 May 31 22:03 libcrammd5.so
-rwxr-xr-x 1 root root 15216 May 31 22:03 libcrammd5.so.2
-rwxr-xr-x 1 root root 15216 May 31 22:03 libcrammd5.so.2.0.19
-rwxr-xr-x 1 root root 884 May 31 22:03 libdigestmd5.la
-rwxr-xr-x 1 root root 42964 May 31 22:03 libdigestmd5.so
-rwxr-xr-x 1 root root 42964 May 31 22:03 libdigestmd5.so.2
-rwxr-xr-x 1 root root 42964 May 31 22:03 libdigestmd5.so.2.0.19
-rwxr-xr-x 1 root root 911 May 31 15:15 libgssapiv2.la
-rwxr-xr-x 1 root root 22292 May 31 15:16 libgssapiv2.so
-rwxr-xr-x 1 root root 22292 May 31 15:16 libgssapiv2.so.2
-rwxr-xr-x 1 root root 22292 May 31 15:16 libgssapiv2.so.2.0.19
-rwxr-xr-x 1 root root 851 Oct 7 2004 liblogin.la
-rwxr-xr-x 1 root root 13296 Oct 7 2004 liblogin.so
-rwxr-xr-x 1 root root 13296 Oct 7 2004 liblogin.so.2
-rwxr-xr-x 1 root root 13296 Oct 7 2004 liblogin.so.2.0.19
-rwxr-xr-x 1 root root 851 Oct 7 2004 libplain.la
-rwxr-xr-x 1 root root 13360 Oct 7 2004 libplain.so
-rwxr-xr-x 1 root root 13360 Oct 7 2004 libplain.so.2
-rwxr-xr-x 1 root root 13360 Oct 7 2004 libplain.so.2.0.19
-rwxr-xr-x 1 root root 923 May 31 22:03 libsasldb.la
-rwxr-xr-x 1 root root 784960 May 31 22:03 libsasldb.so
-rwxr-xr-x 1 root root 784960 May 31 22:03 libsasldb.so.2
-rwxr-xr-x 1 root root 784960 May 31 22:03 libsasldb.so.2.0.19
-rwxr-xr-x 1 root root 901 May 31 22:03 libsql.la
-rwxr-xr-x 1 root root 232608 May 31 22:03 libsql.so
-rwxr-xr-x 1 root root 232608 May 31 22:03 libsql.so.2
-rwxr-xr-x 1 root root 232608 May 31 22:03 libsql.so.2.0.19
-rw-r--r-- 1 root root 25 Sep 1 2004 Sendmail.conf
-rw-r--r-- 1 root root 325 May 31 22:10 smtpd.conf
-- content of /usr/lib/sasl2/smtpd.conf --
#pwcheck_method:saslauthd
sasl_pwcheck_method:auxprop
sasl_auxprop_plugin:sql
sasl_sql_engine: mysql
sasl_mech_list: plain login
sasl_sql_hostnames: localhost
sql_user: --- replaced ---
sql_passwd: --- replaced ---
sasl_sql_database: postfix
sasl_sql_verbose:yes
sasl_sql_select:SELECT password FROM mailbox WHERE username='%u@%r'
-- active services in /etc/postfix/master.cf --
# service type private unpriv chroot wakeup maxproc command + args
# (yes) (yes) (yes) (never) (100)
smtp inet n - n - - smtpd
pickup fifo n - n 60 1 pickup
cleanup unix n - n - 0 cleanup
qmgr fifo n - n 300 1 qmgr
tlsmgr unix - - n 1000? 1 tlsmgr
rewrite unix - - n - - trivial-rewrite
bounce unix - - n - 0 bounce
defer unix - - n - 0 bounce
trace unix - - n - 0 bounce
verify unix - - n - 1 verify
flush unix n - n 1000? 0 flush
proxymap unix - - n - - proxymap
smtp unix - - n - - smtp
relay unix - - n - - smtp
-o fallback_relay=
showq unix n - n - - showq
error unix - - n - - error
discard unix - - n - - discard
local unix - n n - - local
virtual unix - n n - - virtual
lmtp unix - - n - - lmtp
anvil unix - - n - 1 anvil
scache unix - - n - 1 scache
maildrop unix - n n - - pipe
flags=DRhu user=vmail argv=/usr/local/bin/maildrop -d ${recipient}
old-cyrus unix - n n - - pipe
flags=R user=cyrus argv=/cyrus/bin/deliver -e -m ${extension} ${user}
cyrus unix - n n - - pipe
user=cyrus argv=/cyrus/bin/deliver -e -r ${sender} -m ${extension}
${user}
uucp unix - n n - - pipe
flags=Fqhu user=uucp argv=uux -r -n -z -a$sender -
$nexthop!rmail.postfix ($recipient)
ifmail unix - n n - - pipe
flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient)
bsmtp unix - n n - - pipe
flags=Fq. user=foo argv=/usr/local/sbin/bsmtp -f $sender $nexthop
$recipient
filter unix - n n - - pipe
flags=Rq user=vacation argv=/CORREO/vacation/mailfilter -f ${sender}
-- ${recipient}
policy unix - n n - - spawn
user=nobody argv=/usr/bin/perl /etc/postfix/spf-policy.pl
-- mechanisms on localhost --
250-AUTH CRAM-MD5 DIGEST-MD5 PLAIN LOGIN GSSAPI
250-AUTH=CRAM-MD5 DIGEST-MD5 PLAIN LOGIN GSSAPI
-- end of saslfinger output --
El mié, 01-06-2005 a las 00:31, Patrick Ben Koetter escribió:
> I reset the thread because I think you hijacked it... anyway....
>
> Let's see...
>
> * Jonatan Arango <>:
> > I need to implement smtp authentication but after trying for a day I
> > couldn't do it the virtual users and domains are stored in mysql and I need
> > the smtp authentication be done with the same table, after googleing I see
> > that is posible
> >
> > Any help is apreciated or please point me to a clear howto
> >
> > postfix-2.2.2-3
> > MySQL-server-4.0.24-0
> > cyrus-sasl-gssapi-2.1.19-3
> > cyrus-sasl-devel-2.1.19-3
> > cyrus-sasl-2.1.19-3
> > cyrus-sasl-md5-2.1.19-3
> > cyrus-sasl-plain-2.1.19-3
> > cyrus-sasl-sql-2.1.19-3
> > pam-0.77-65
> >
> > ldd /usr/sbin/postfix
> > libldap-2.2.so.7 => /usr/lib/libldap-2.2.so.7 (0x06f40000)
> > liblber-2.2.so.7 => /usr/lib/liblber-2.2.so.7 (0x00117000)
> > libmysqlclient.so.12 => /usr/lib/libmysqlclient.so.12
> > (0x0049b000)
> > libm.so.6 => /lib/tls/libm.so.6 (0x064f6000)
> > libpq.so.3 => /usr/lib/libpq.so.3 (0x0047f000)
> > libcrypt.so.1 => /lib/libcrypt.so.1 (0x0764c000)
> > libsasl.so.7 => /usr/lib/libsasl.so.7 (0xf6fdf000)
>
> SASL1 support
>
> > libssl.so.4 => /lib/libssl.so.4 (0x00dbf000)
> > libcrypto.so.4 => /lib/libcrypto.so.4 (0x00cbf000)
> > libgssapi_krb5.so.2 => /usr/lib/libgssapi_krb5.so.2 (0x00da9000)
> > libkrb5.so.3 => /usr/lib/libkrb5.so.3 (0x00c35000)
> > libcom_err.so.2 => /lib/libcom_err.so.2 (0x00ba6000)
> > libk5crypto.so.3 => /usr/lib/libk5crypto.so.3 (0x00c9c000)
> > libresolv.so.2 => /lib/libresolv.so.2 (0x00675000)
> > libdl.so.2 => /lib/libdl.so.2 (0x00467000)
> > libz.so.1 => /usr/lib/libz.so.1 (0x0046d000)
> > libdb-4.2.so => /lib/tls/i686/libdb-4.2.so (0x00843000)
> > libnsl.so.1 => /lib/libnsl.so.1 (0x072bf000)
> > libc.so.6 => /lib/tls/libc.so.6 (0x00319000)
> > libsasl2.so.2 => /usr/lib/libsasl2.so.2 (0xf6fc8000)
>
> SASL2 support
>
> > libnss_files.so.2 => /lib/libnss_files.so.2 (0x002e8000)
> > libnss_dns.so.2 => /lib/libnss_dns.so.2 (0x002f5000)
> > /lib/ld-linux.so.2 (0x00300000)
> > libpthread.so.0 => /lib/tls/libpthread.so.0 (0x00558000)
> > libgdbm.so.2 => /usr/lib/libgdbm.so.2 (0x00442000)
> > libpam.so.0 => /lib/libpam.so.0 (0x00590000)
> >
> > /usr/lib/sasl2/smtpd.conf
> >
> > pwcheck_method:auxprop
> > auxprop_plugin:sql
> > sql_engine: mysql
> > mech_list: plain login
>
> With "auxprop:sql" you can expand the mech_list to offer also CRAD-MD5 and
> DIGEST-MD5.
>
> > sql_hostnames: localhost
> > sql_user: postfix
> > sql_passwd: ********
> > sql_database: postfix_db
> > sql_select:SELECT password FROM mailbox WHERE username='%u@%r'
> >
> > /etc/sysconfig/saslauthd
> > MECH=pam
>
> You don't need saslauthd if you use an auxprop. you can skip the whole
> saslauthd and PAM stuff.
>
> > /etc/pam.d/smtp
> > auth sufficient pam_mysql.so user=postfix passwd=postfix host=localhost
> > db=postfix table=mailbox usercolumn=username passwdcolumn=password
> > crypt=1
> > account required pam_mysql.so user=postfix passwd=postfix host=localhost
> > db=postfix table=mailbox usercolumn=username passwdcolumn=password
> > crypt=1
> >
> > # postconf -n|grep sasl
> >
> > broken_sasl_auth_clients = yes
> > smtpd_sasl_application_name = smtpd
> > smtpd_sasl_auth_enable = yes
> > smtpd_sasl_local_domain =
> > smtpd_sasl_security_options = noanonymous
> >
> > the maillog says
> >
> > May 31 18:50:00 mx01 postfix/smtpd[12539]: warning:
> > joarango.telecorp.net[200.24.76.9]: SASL LOGIN authentication failed
>
> Which AUTH mechanisms does a telnet session to joarango.telecorp.net on port
> 25 show after a EHLO?
>
> > If I try
> >
> > testsaslauthd -u '' -p 'password' -s smtpd
> > 0: OK "Success."
> > testsaslauthd -u '' -p 'password' -s smtp
> > 0: OK "Success."
>
> That's fine, but you don't need saslauthd.
>
> > The mysql_log shows ok the sql_select
>
> IF you want to use saslauthd, then change smtpd.conf like this:
>
> pwcheck_method: saslauthd
> mech_list: plain login
>
> and remove the rest.
>
> > I think postfix is not talking to saslauthd or pam or auxprop
>
> Postfix might be running chrooted or/and unable to access the socket.
>
> Can you send output from "saslfinger -s"? See below for URL to saslfinger.
>
p at rick
-- Ing. Jonatan Arango Depto Ingeniería y Tecnología Telecorp Ltda Tel 6292901 Ext111 6211841/6211745 E-mail:
|
|
|