Next message: Patrick Ben Koetter: "Re: postfix + saslauthd problem"
I'm testing postfix this way:
telnet hosting.vpcit.ru 25
Trying 91.192.168.241...
Connected to hosting.vpcit.ru.
Escape character is '^]'.
220 Welcome to ESMTP llc. Gercon
helo andreyv
250 mail.1vp.ru
auth plain
334
AGR1a2VudWtlbUB2cGNpdC5ydQBzdGFydGVy
535 5.7.0 Error: authentication failed: generic failure
In syslog I see:
Jul 2 12:18:38 hosting postfix/smtpd[31141]: warning: SASL authentication
failure: cannot connect to saslauthd server: No such file or directory
Jul 2 12:18:38 hosting postfix/smtpd[31141]: warning: SASL authentication
failure: Password verification failed
Jul 2 12:18:38 hosting postfix/smtpd[31141]: warning: unknown[10.10.80.20]:
SASL plain authentication failed: generic failure
Where is my mistake?
Additional info:
Auth string is generated using this script
http://jetmore.org/john/code/gen-auth
I configured postfix this way:
/etc/postfix/main.cf
# See /usr/share/postfix/main.cf.dist for a commented, more complete version
# Debian specific: Specifying a file name will cause the first
# line of that file to be used as the name. The Debian default
# is /etc/mailname.
#myorigin = /etc/mailname
smtpd_banner = Welcome to ESMTP llc. Gercon
biff = no
# appending .domain is the MUA's job.
append_dot_mydomain = no
# Uncomment the next line to generate "delayed mail" warnings
#delay_warning_time = 4h
# TLS parameters
smtpd_tls_cert_file=/etc/ssl/certs/ssl-cert-snakeoil.pem
smtpd_tls_key_file=/etc/ssl/private/ssl-cert-snakeoil.key
smtpd_use_tls=yes
smtpd_tls_session_cache_database = btree:${queue_directory}/smtpd_scache
smtp_tls_session_cache_database = btree:${queue_directory}/smtp_scache
# See /usr/share/doc/postfix/TLS_README.gz in the postfix-doc package for
# information on enabling SSL in the smtp client.
#this section is for hosted domains
myhostname = mail.1vp.ru
alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases
myorigin = $myhostname
mydestination = $myhostname, localhost.$mydomain, localhost
relayhost =
mynetworks = 127.0.0.0/8
mailbox_size_limit = 0
recipient_delimiter = +
inet_interfaces = all
command_directory = /usr/sbin
daemon_directory = /usr/lib/postfix
mydomain = localdomain
local_recipient_maps = unix:passwd.byname $alias_maps
virtual_alias_domains = /etc/mail/local-host-names
virtual_alias_maps = hash:/etc/mail/virtusertable
smtp_generic_maps = hash:/etc/mail/generic
smtpd_sasl_auth_enable = yes
smtpd_sender_restrictions = permit_sasl_authenticated
smtpd_recipient_restrictions = permit_sasl_authenticated, permit_mynetworks,
reject_unauth_destination, reject_unlisted_recipient,
reject_unverified_recipient, check_policy_service inet:127.0.0.1:60000
#this section is for my domain
virtual_mailbox_domains = vpcit.ru
virtual_mailbox_base = /var/mail/vpcit.ru/
virtual_mailbox_maps = pgsql:/etc/postfix/vpcit.ru_mailboxes
virtual_minimum_uid = 100
virtual_uid_maps = static:5000
virtual_gid_maps = static:5000
virtual_destination_concurrency_limit = 10
virtual_destination_recipient_limit = 10
virtual_mailbox_limit = 100000000
inet_protocols = ipv4
smtpd_sasl_type = cyrus
smtp_sasl_auth_enable = no
broken_sasl_auth_clients = yes
smtpd_sasl_authenticated_header = yes
smtpd_sasl_security_options = noanonymous
unknown_local_recipient_reject_code = 450
smtp_sasl_password_maps = pgsql:/etc/pam_pgsql.conf
/etc/postfix/vpcit.ru_mailboxes
hosts = db
user = postgres
password = bestsql
dbname = userdb
table = vpcit_ru
select_field = pw_name
where_field = email
/etc/postfix/sasl/smtpd.conf
pwcheck_method: saslauthd
mech_list: plain login
/etc/default/saslauthd
#
# Settings for saslauthd daemon
#
# Should saslauthd run automatically on startup? (default: no)
START=yes
# Which authentication mechanisms should saslauthd use? (default: pam)
#
# Available options in this Debian package:
# getpwent -- use the getpwent() library function
# kerberos5 -- use Kerberos 5
# pam -- use PAM
# rimap -- use a remote IMAP server
# shadow -- use the local shadow password file
# sasldb -- use the local sasldb database file
# ldap -- use LDAP (configuration is in /etc/saslauthd.conf)
#
# Only one option may be used at a time. See the saslauthd man page
# for more information.
#
# Example: MECHANISMS="pam"
MECHANISMS="pam"
DESC="SASL Authentication Daemon"
NAME="saslauthd"
# Additional options for this mechanism. (default: none)
# See the saslauthd man page for information about mech-specific options.
MECH_OPTIONS=""
# How many saslauthd processes should we run? (default: 5)
# A value of 0 will fork a new process for each connection.
THREADS=5
# Other options (default: -c)
# See the saslauthd man page for information about these options.
#
# Example for postfix users: "-c -m /var/spool/postfix/var/run/saslauthd"
# Note: See /usr/share/doc/sasl2-bin/README.Debian
#OPTIONS="-c"
OPTIONS="-m /var/spool/postfix/var/run/saslauthd"
/etc/pam.d/smtp
auth required pam_pgsql.so
account required pam_pgsql.so
password required pam_pgsql.so
/etc/pam_pgsql.conf
database = userdb
host = db
user = postgres
password = bestsql
table = vpcit_ru
user_column = email
pwd_column = pw_clear_passwd
pw_type = plain
debug = /var/log/pam_pgsql.log
#but there is no file /var/log/pam_pgsql.log
Yours faithfully,
Andrey.
