| View previous topic :: View next topic |
| Author |
Message |
himynameisJake
n00b
Joined: 06 Apr 2005
Posts: 1
|
 Posted: Wed Apr 06, 2005 1:07 am Post subject: Postfix/Cyrus-SASL/MySQL Authentication Issues |
 |
|
I'm attempting to set up a mail using virtual domains with postfix and mysql. I have pop3 and imap working, but I'm having difficulties getting sasl to recognize my users under smtp auth, which I need, because I need to allow outgoing mail to all domains (sans those on the spamhaus list and such).
taken from the mail logfile
| Code: | Apr 5 19:54:56 [postfix/smtpd] > foo.bar[x.x.x.x]: 220 mail.tsncentral.com ESMTP Postfix
Apr 5 19:54:56 [postfix/smtpd] watchdog_pat: 0x80a0288
Apr 5 19:54:56 [postfix/smtpd] < foo.bar[x.x.x.x]: EHLO SCOTCH
Apr 5 19:54:56 [postfix/smtpd] > foo.bar[x.x.x.x]: 250-mail.fake.com
Apr 5 19:54:56 [postfix/smtpd] > foo.bar[x.x.x.x]: 250-PIPELINING
Apr 5 19:54:56 [postfix/smtpd] > foo.bar[x.x.x.x]: 250-SIZE 10240000
Apr 5 19:54:56 [postfix/smtpd] > foo.bar[x.x.x.x]: 250-VRFY
Apr 5 19:54:56 [postfix/smtpd] > foo.bar[x.x.x.x]: 250-ETRN
Apr 5 19:54:56 [postfix/smtpd] > foo.bar[x.x.x.x]: 250-STARTTLS
Apr 5 19:54:56 [postfix/smtpd] > foo.bar[x.x.x.x]: 250-AUTH LOGIN PLAIN
Apr 5 19:54:56 [postfix/smtpd] > foo.bar[x.x.x.x]: 250-AUTH=LOGIN PLAIN
Apr 5 19:54:56 [postfix/smtpd] match_list_match: foobar.com: no match
Apr 5 19:54:56 [postfix/smtpd] match_list_match: x.x.x.x: no match
Apr 5 19:54:56 [postfix/smtpd] > foo.bar[x.x.x.x]: 250 8BITMIME
Apr 5 19:54:56 [postfix/smtpd] watchdog_pat: 0x80a0288
Apr 5 19:54:56 [postfix/smtpd] < foo.bar[x.x.x.x]: AUTH LOGIN
Apr 5 19:54:56 [postfix/smtpd] smtpd_sasl_authenticate: sasl_method LOGIN
Apr 5 19:54:56 [postfix/smtpd] smtpd_sasl_authenticate: uncoded challenge: Username:
Apr 5 19:54:56 [postfix/smtpd] > foo.bar[x.x.x.x]: 334 encodedstuff
Apr 5 19:54:56 [postfix/smtpd] < foo.bar[x.x.x.x]: encodedstuff
Apr 5 19:54:56 [postfix/smtpd] smtpd_sasl_authenticate: decoded response: fake@fake.com
Apr 5 19:54:56 [postfix/smtpd] smtpd_sasl_authenticate: uncoded challenge: Password:
Apr 5 19:54:56 [postfix/smtpd] > foo.bar[x.x.x.x]: 334 encodedstuff
Apr 5 19:54:56 [postfix/smtpd] < foo.bar[x.x.x.x]: encodedstuff
Apr 5 19:54:56 [postfix/smtpd] smtpd_sasl_authenticate: decoded response: fakepassword
Apr 5 19:54:56 [postfix/smtpd] warning: foo.bar[x.x.x.x]: SASL LOGIN authentication failed
Apr 5 19:54:56 [postfix/smtpd] > foo.bar[x.x.x.x]: 535 Error: authentication failed |
My configuration is as follows
/etc/postfix/main.cf
| Code: | broken_sasl_auth_clients = yes
smtpd_sasl_auth_enable = yes
smtpd_sasl_local_domain = $mydomain
smtpd_sasl_security_options = noanonymous
smtpd_sasl2_auth_enable = yes
smtpd_recipient_restrictions =
permit_mynetworks,
permit_sasl_authenticated,
reject_unauth_destination,
reject_unauth_pipelining,
reject_invalid_hostname,
reject_unknown_sender_domain,
reject_rbl_client sbl-xbl.spamhaus.org,
smtpd_use_tls = yes
#smtpd_tls_auth_only = yes
smtpd_tls_key_file = /etc/postfix/newreq.pem
smtpd_tls_cert_file = /etc/postfix/newcert.pem
smtpd_tls_CAfile = /etc/postfix/cacert.pem
smtpd_tls_loglevel = 3
smtpd_tls_received_header = yes
smtpd_tls_session_cache_timeout = 3600s
tls_random_source = dev:/dev/urandom |
/etc/pam.d/saslauthd
| Code: | auth sufficient pam_mysql.so host=localhost db=postfix user=postfix \
passwd=fakefake table=mailbox usercolumn=username passwdcolumn=password crypt=1
account required pam_mysql.so host=localhost db=postfix user=postfix \
passwd=fakefake table=mailbox usercolumn=username passwdcolumn=password crypt=1 |
/etc/conf.d/saslauthd
| Code: | SASLAUTHD_OPTS="${SASLAUTH_MECH} -a pam -r"
SASLAUTHD_OPTS="${SASLAUTHD_OPTS} -n 5"
SASLAUTHD_OPTS="${SASLAUTHD_OPTS} -c -s 128 -t 30" |
/etc/sasl2/smtpd.conf
| Code: | #pwcheck_method: auxprop
#auxprop_plugin: sql
pwcheck_method: saslauthd
mech_list: plain login
sql_engine: mysql
allowanonymouslogin: no
allowplaintext: yes
#mech_list: PLAIN LOGIN
srp_mda: md5
srvtab: /dev/null
opiekeys: /dev/null
password_format: crypt
sql_hostnames: localhost
sql_user: postfix
sql_passwd: fakefake
sql_database: postfix
sql_select: SELECT password FROM mailbox WHERE username = '%u@%r' |
My database passwords are stored in CRAM-MD5 format; they work fine with courier-imap. I'm using the newest versions of all my software, including the masked version of Cyrus-SASL.
Any help would be greatly appreciated. |
|
| Back to top |
|
 |
Shazam
Apprentice
Joined: 23 Nov 2004
Posts: 191
Location: Germany
|
| Posted: Wed Apr 06, 2005 9:45 am Post subject: |
|
|
| the prob is, that postfix doesn't support crypted passwords. the only way to authenticate against crypted passwords would be authenticating against the imap server, which again isn't a lot securer than just storing them plain in the db, becaue on the imap way you can't use tls or ssl. |
|
| Back to top |
|
|
|
|
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
|
|
Networking & Security
