| View previous topic :: View next topic |
| Author |
Message |
jecepede
Apprentice
Joined: 19 Nov 2002
Posts: 239
|
 Posted: Thu Aug 04, 2005 9:31 am Post subject: [SOLVED] SASL and MYSQ problem..... |
 |
|
Aloha !
I have installed a small mailserver and it seems to work but ok.
The only slight problem I have is that I can't send my mail via authenticated smtp ?
I have SASL and/or (?) courier-authlib trying to talk to my mysqldatabase.
I strated folowing the instructions from http://www.gentoo.org/doc/en/virt-mail-howto.xml but soon I realised I doid not want that so I switched to : http://high5.net/postfixadmin/
This seems to work OK.
I can make/delete/change users and mailaliasses that fully work. I also installed Squirrelmail and from there I can sent and recieve mail.....
Now the [BLEEP BLEEP] authenticated SMTP :
Ok, time for some errors :
| Code: | Aug 4 06:46:40 postsmurf-v postfix/smtpd[12220]: name_mask: subnet
Aug 4 06:46:40 postsmurf-v postfix/smtpd[12220]: inet_addr_local: configured 2 IPv4 addresses
Aug 4 06:46:40 postsmurf-v postfix/smtpd[12220]: warning: inet_addr_local[procnet_ifinet6]: Couldn't open /proc/net/if_inet6 for reading: No such file or directory
Aug 4 06:46:40 postsmurf-v postfix/smtpd[12220]: inet_addr_local: configured 0 IPv6 addresses
Aug 4 06:46:40 postsmurf-v postfix/smtpd[12220]: mynetworks: 10.0.1.0/24 127.0.0.0/8
Aug 4 06:46:40 postsmurf-v postfix/smtpd[12220]: match_string: mynetworks ~? debug_peer_list
Aug 4 06:46:40 postsmurf-v postfix/smtpd[12220]: match_string: mynetworks ~? fast_flush_domains
Aug 4 06:46:40 postsmurf-v postfix/smtpd[12220]: match_string: mynetworks ~? mynetworks
Aug 4 06:46:40 postsmurf-v postfix/smtpd[12220]: match_string: relay_domains ~? debug_peer_list
Aug 4 06:46:40 postsmurf-v postfix/smtpd[12220]: match_string: relay_domains ~? fast_flush_domains
Aug 4 06:46:40 postsmurf-v postfix/smtpd[12220]: match_string: relay_domains ~? mynetworks
Aug 4 06:46:40 postsmurf-v postfix/smtpd[12220]: match_string: relay_domains ~? permit_mx_backup_networks
Aug 4 06:46:40 postsmurf-v postfix/smtpd[12220]: match_string: relay_domains ~? qmqpd_authorized_clients
Aug 4 06:46:40 postsmurf-v postfix/smtpd[12220]: match_string: relay_domains ~? relay_domains
Aug 4 06:46:40 postsmurf-v postfix/smtpd[12220]: cfg_get_str: /etc/postfix/mysql_relay_domains_maps.cf: user = postfix
Aug 4 06:46:40 postsmurf-v postfix/smtpd[12220]: cfg_get_str: /etc/postfix/mysql_relay_domains_maps.cf: password = [SEKRET]
Aug 4 06:46:40 postsmurf-v postfix/smtpd[12220]: cfg_get_str: /etc/postfix/mysql_relay_domains_maps.cf: dbname = postfix
Aug 4 06:46:40 postsmurf-v postfix/smtpd[12220]: cfg_get_str: /etc/postfix/mysql_relay_domains_maps.cf: table = domain
Aug 4 06:46:40 postsmurf-v postfix/smtpd[12220]: cfg_get_str: /etc/postfix/mysql_relay_domains_maps.cf: select_field = domain
Aug 4 06:46:40 postsmurf-v postfix/smtpd[12220]: cfg_get_str: /etc/postfix/mysql_relay_domains_maps.cf: where_field = domain
Aug 4 06:46:40 postsmurf-v postfix/smtpd[12220]: cfg_get_str: /etc/postfix/mysql_relay_domains_maps.cf: additional_conditions = and backupmx = '1'
Aug 4 06:46:40 postsmurf-v postfix/smtpd[12220]: cfg_get_str: /etc/postfix/mysql_relay_domains_maps.cf: hosts = localhost
Aug 4 06:46:40 postsmurf-v postfix/smtpd[12220]: mysqlname_parse: /etc/postfix/mysql_relay_domains_maps.cf: adding host 'localhost' to list of mysql server hosts
Aug 4 06:46:40 postsmurf-v postfix/smtpd[12220]: dict_open: mysql:/etc/postfix/mysql_relay_domains_maps.cf
Aug 4 06:46:40 postsmurf-v postfix/smtpd[12220]: match_string: permit_mx_backup_networks ~? debug_peer_list
Aug 4 06:46:40 postsmurf-v postfix/smtpd[12220]: match_string: permit_mx_backup_networks ~? fast_flush_domains
Aug 4 06:46:40 postsmurf-v postfix/smtpd[12220]: match_string: permit_mx_backup_networks ~? mynetworks
Aug 4 06:46:40 postsmurf-v postfix/smtpd[12220]: match_string: permit_mx_backup_networks ~? permit_mx_backup_networks
Aug 4 06:46:40 postsmurf-v postfix/smtpd[12220]: connect to subsystem private/proxymap
Aug 4 06:46:40 postsmurf-v postfix/smtpd[12220]: send attr request = open
Aug 4 06:46:40 postsmurf-v postfix/smtpd[12220]: send attr table = unix:passwd.byname
Aug 4 06:46:40 postsmurf-v postfix/smtpd[12220]: send attr flags = 64
Aug 4 06:46:40 postsmurf-v postfix/smtpd[12220]: private/proxymap socket: wanted attribute: status
Aug 4 06:46:40 postsmurf-v postfix/smtpd[12220]: input attribute name: status
Aug 4 06:46:40 postsmurf-v postfix/smtpd[12220]: input attribute value: 0
Aug 4 06:46:40 postsmurf-v postfix/smtpd[12220]: private/proxymap socket: wanted attribute: flags
Aug 4 06:46:40 postsmurf-v postfix/smtpd[12220]: input attribute name: flags
Aug 4 06:46:40 postsmurf-v postfix/smtpd[12220]: input attribute value: 80
Aug 4 06:46:40 postsmurf-v postfix/smtpd[12220]: private/proxymap socket: wanted attribute: (list terminator)
Aug 4 06:46:40 postsmurf-v postfix/smtpd[12220]: input attribute name: (end)
Aug 4 06:46:40 postsmurf-v postfix/smtpd[12220]: dict_proxy_open: connect to map=unix:passwd.byname status=0 server_flags=0120
Aug 4 06:46:40 postsmurf-v postfix/smtpd[12220]: dict_open: proxy:unix:passwd.byname
Aug 4 06:46:40 postsmurf-v postfix/smtpd[12220]: dict_open: hash:/etc/mail/aliases
Aug 4 06:46:40 postsmurf-v postfix/smtpd[12220]: cfg_get_str: /etc/postfix/mysql_virtual_alias_maps.cf: user = postfix
Aug 4 06:46:40 postsmurf-v postfix/smtpd[12220]: cfg_get_str: /etc/postfix/mysql_virtual_alias_maps.cf: password = [SEKRET]
Aug 4 06:46:40 postsmurf-v postfix/smtpd[12220]: cfg_get_str: /etc/postfix/mysql_virtual_alias_maps.cf: dbname = postfix
Aug 4 06:46:40 postsmurf-v postfix/smtpd[12220]: cfg_get_str: /etc/postfix/mysql_virtual_alias_maps.cf: table = alias
Aug 4 06:46:40 postsmurf-v postfix/smtpd[12220]: cfg_get_str: /etc/postfix/mysql_virtual_alias_maps.cf: select_field = goto
Aug 4 06:46:40 postsmurf-v postfix/smtpd[12220]: cfg_get_str: /etc/postfix/mysql_virtual_alias_maps.cf: where_field = address
Aug 4 06:46:40 postsmurf-v postfix/smtpd[12220]: cfg_get_str: /etc/postfix/mysql_virtual_alias_maps.cf: additional_conditions =
Aug 4 06:46:40 postsmurf-v postfix/smtpd[12220]: cfg_get_str: /etc/postfix/mysql_virtual_alias_maps.cf: hosts = localhost
Aug 4 06:46:40 postsmurf-v postfix/smtpd[12220]: mysqlname_parse: /etc/postfix/mysql_virtual_alias_maps.cf: adding host 'localhost' to list of mysql server hosts
Aug 4 06:46:40 postsmurf-v postfix/smtpd[12220]: dict_open: mysql:/etc/postfix/mysql_virtual_alias_maps.cf
Aug 4 06:46:40 postsmurf-v postfix/smtpd[12220]: cfg_get_str: /etc/postfix/mysql_virtual_mailbox_maps.cf: user = postfix
Aug 4 06:46:40 postsmurf-v postfix/smtpd[12220]: cfg_get_str: /etc/postfix/mysql_virtual_mailbox_maps.cf: password = [SEKRET]
Aug 4 06:46:40 postsmurf-v postfix/smtpd[12220]: cfg_get_str: /etc/postfix/mysql_virtual_mailbox_maps.cf: dbname = postfix
Aug 4 06:46:40 postsmurf-v postfix/smtpd[12220]: cfg_get_str: /etc/postfix/mysql_virtual_mailbox_maps.cf: table = mailbox
Aug 4 06:46:40 postsmurf-v postfix/smtpd[12220]: cfg_get_str: /etc/postfix/mysql_virtual_mailbox_maps.cf: select_field = maildir
Aug 4 06:46:40 postsmurf-v postfix/smtpd[12220]: cfg_get_str: /etc/postfix/mysql_virtual_mailbox_maps.cf: where_field = username
Aug 4 06:46:40 postsmurf-v postfix/smtpd[12220]: cfg_get_str: /etc/postfix/mysql_virtual_mailbox_maps.cf: additional_conditions =
Aug 4 06:46:40 postsmurf-v postfix/smtpd[12220]: cfg_get_str: /etc/postfix/mysql_virtual_mailbox_maps.cf: hosts = localhost
Aug 4 06:46:40 postsmurf-v postfix/smtpd[12220]: mysqlname_parse: /etc/postfix/mysql_virtual_mailbox_maps.cf: adding host 'localhost' to list of mysql server hosts
Aug 4 06:46:40 postsmurf-v postfix/smtpd[12220]: dict_open: mysql:/etc/postfix/mysql_virtual_mailbox_maps.cf
Aug 4 06:46:40 postsmurf-v postfix/smtpd[12220]: match_string: smtpd_access_maps ~? debug_peer_list
Aug 4 06:46:40 postsmurf-v postfix/smtpd[12220]: match_string: smtpd_access_maps ~? fast_flush_domains
Aug 4 06:46:40 postsmurf-v postfix/smtpd[12220]: match_string: smtpd_access_maps ~? mynetworks
Aug 4 06:46:40 postsmurf-v postfix/smtpd[12220]: match_string: smtpd_access_maps ~? permit_mx_backup_networks
Aug 4 06:46:40 postsmurf-v postfix/smtpd[12220]: match_string: smtpd_access_maps ~? qmqpd_authorized_clients
Aug 4 06:46:40 postsmurf-v postfix/smtpd[12220]: match_string: smtpd_access_maps ~? relay_domains
Aug 4 06:46:40 postsmurf-v postfix/smtpd[12220]: match_string: smtpd_access_maps ~? smtpd_access_maps
Aug 4 06:46:40 postsmurf-v postfix/smtpd[12220]: smtpd_sasl_initialize: SASL config file is smtpd.conf
Aug 4 06:46:40 postsmurf-v postfix/smtpd[12220]: match_string: fast_flush_domains ~? debug_peer_list
Aug 4 06:46:40 postsmurf-v postfix/smtpd[12220]: match_string: fast_flush_domains ~? fast_flush_domains
Aug 4 06:46:40 postsmurf-v postfix/smtpd[12220]: watchdog_create: 0x80adad0 18000
Aug 4 06:46:40 postsmurf-v postfix/smtpd[12220]: watchdog_stop: 0x80adad0
Aug 4 06:46:40 postsmurf-v postfix/smtpd[12220]: watchdog_start: 0x80adad0
Aug 4 06:46:40 postsmurf-v postfix/smtpd[12220]: connection established
Aug 4 06:46:40 postsmurf-v postfix/smtpd[12220]: master_notify: status 0
Aug 4 06:46:40 postsmurf-v postfix/smtpd[12220]: name_mask: resource
Aug 4 06:46:40 postsmurf-v postfix/smtpd[12220]: name_mask: software
Aug 4 06:46:40 postsmurf-v postfix/smtpd[12220]: name_mask: noanonymous
Aug 4 06:46:40 postsmurf-v postfix/smtpd[12220]: connect from ip-10-0-1-243.ip.prioritytelecom.net[10.0.1.243]
Aug 4 06:46:40 postsmurf-v postfix/smtpd[12220]: match_list_match: ip-10-0-1-243.ip.prioritytelecom.net: no match
Aug 4 06:46:40 postsmurf-v postfix/smtpd[12220]: match_list_match: 10.0.1.243: no match
Aug 4 06:46:40 postsmurf-v postfix/smtpd[12220]: match_list_match: ip-10-0-1-243.ip.prioritytelecom.net: no match
Aug 4 06:46:40 postsmurf-v postfix/smtpd[12220]: match_list_match: 10.0.1.243: no match
Aug 4 06:46:40 postsmurf-v postfix/smtpd[12220]: > ip-10-0-1-243.ip.prioritytelecom.net[10.0.1.243]: 220 postsmurf.wabbit-wion.nl ESMTP Postfix
Aug 4 06:46:40 postsmurf-v postfix/smtpd[12220]: watchdog_pat: 0x80adad0
Aug 4 06:46:40 postsmurf-v postfix/smtpd[12220]: < ip-10-0-1-243.ip.prioritytelecom.net[10.0.1.243]: EHLO [192.168.1.94]
Aug 4 06:46:40 postsmurf-v postfix/smtpd[12220]: > ip-10-0-1-243.ip.prioritytelecom.net[10.0.1.243]: 250-postsmurf.wabbit-wion.nl
Aug 4 06:46:40 postsmurf-v postfix/smtpd[12220]: > ip-10-0-1-243.ip.prioritytelecom.net[10.0.1.243]: 250-PIPELINING
Aug 4 06:46:40 postsmurf-v postfix/smtpd[12220]: > ip-10-0-1-243.ip.prioritytelecom.net[10.0.1.243]: 250-SIZE 10240000
Aug 4 06:46:40 postsmurf-v postfix/smtpd[12220]: > ip-10-0-1-243.ip.prioritytelecom.net[10.0.1.243]: 250-ETRN
Aug 4 06:46:40 postsmurf-v postfix/smtpd[12220]: > ip-10-0-1-243.ip.prioritytelecom.net[10.0.1.243]: 250-AUTH LOGIN PLAIN
Aug 4 06:46:40 postsmurf-v postfix/smtpd[12220]: > ip-10-0-1-243.ip.prioritytelecom.net[10.0.1.243]: 250-AUTH=LOGIN PLAIN
Aug 4 06:46:40 postsmurf-v postfix/smtpd[12220]: match_list_match: ip-10-0-1-243.ip.prioritytelecom.net: no match
Aug 4 06:46:40 postsmurf-v postfix/smtpd[12220]: match_list_match: 10.0.1.243: no match
Aug 4 06:46:40 postsmurf-v postfix/smtpd[12220]: > ip-10-0-1-243.ip.prioritytelecom.net[10.0.1.243]: 250 8BITMIME
Aug 4 06:46:40 postsmurf-v postfix/smtpd[12220]: watchdog_pat: 0x80adad0
Aug 4 06:46:50 postsmurf-v postfix/smtpd[12220]: < ip-10-0-1-243.ip.prioritytelecom.net[10.0.1.243]: AUTH PLAIN AHBvc3RtYXN0ZXJAd2FiYml0LXdpb24ubmwAenRiYnM=
Aug 4 06:46:50 postsmurf-v postfix/smtpd[12220]: smtpd_sasl_authenticate: sasl_method PLAIN, init_response AHBvc3RtYXN0ZXJAd2FiYml0LXdpb24ubmwAenRiYnM=
Aug 4 06:46:50 postsmurf-v postfix/smtpd[12220]: smtpd_sasl_authenticate: decoded initial response
Aug 4 06:46:50 postsmurf-v postfix/smtpd[12220]: warning: SASL authentication failure: Password verification failed
Aug 4 06:46:50 postsmurf-v postfix/smtpd[12220]: warning: ip-10-0-1-243.ip.prioritytelecom.net[10.0.1.243]: SASL PLAIN authentication failed
Aug 4 06:46:50 postsmurf-v postfix/smtpd[12220]: > ip-10-0-1-243.ip.prioritytelecom.net[10.0.1.243]: 535 Error: authentication failed
Aug 4 06:46:50 postsmurf-v postfix/smtpd[12220]: watchdog_pat: 0x80adad0
Aug 4 06:46:50 postsmurf-v postfix/smtpd[12220]: < ip-10-0-1-243.ip.prioritytelecom.net[10.0.1.243]: AUTH LOGIN
Aug 4 06:46:50 postsmurf-v postfix/smtpd[12220]: smtpd_sasl_authenticate: sasl_method LOGIN
Aug 4 06:46:50 postsmurf-v postfix/smtpd[12220]: smtpd_sasl_authenticate: uncoded challenge: Username:
Aug 4 06:46:50 postsmurf-v postfix/smtpd[12220]: > ip-10-0-1-243.ip.prioritytelecom.net[10.0.1.243]: 334 VXNlcm5hbWU6
Aug 4 06:46:50 postsmurf-v postfix/smtpd[12220]: < ip-10-0-1-243.ip.prioritytelecom.net[10.0.1.243]: cG9zdG1hc3RlckB3YWJiaXQtd2lvbi5ubA==
Aug 4 06:46:50 postsmurf-v postfix/smtpd[12220]: smtpd_sasl_authenticate: decoded response: postmaster@wabbit-wion.nl
Aug 4 06:46:50 postsmurf-v postfix/smtpd[12220]: smtpd_sasl_authenticate: uncoded challenge: Password:
Aug 4 06:46:50 postsmurf-v postfix/smtpd[12220]: > ip-10-0-1-243.ip.prioritytelecom.net[10.0.1.243]: 334 UGFzc3dvcmQ6
Aug 4 06:46:51 postsmurf-v postfix/smtpd[12220]: < ip-10-0-1-243.ip.prioritytelecom.net[10.0.1.243]: enRiYnM=
Aug 4 06:46:51 postsmurf-v postfix/smtpd[12220]: smtpd_sasl_authenticate: decoded response: ztbbs
Aug 4 06:46:51 postsmurf-v postfix/smtpd[12220]: warning: ip-10-0-1-243.ip.prioritytelecom.net[10.0.1.243]: SASL LOGIN authentication failed
Aug 4 06:46:51 postsmurf-v postfix/smtpd[12220]: > ip-10-0-1-243.ip.prioritytelecom.net[10.0.1.243]: 535 Error: authentication failed
Aug 4 06:46:51 postsmurf-v postfix/smtpd[12220]: watchdog_pat: 0x80adad0 |
NB: I have cleared out the password (DUH) and the IP address....
Can anyone tell me what is wrong or gimme a hint ?
Greets
Jessy
_________________
I've got that retro-feeling :
http://instagram.com/jecepede
Check out my YouTube channel
https://www.youtube.com/jecepede
Last edited by jecepede on Thu Aug 04, 2005 7:15 pm; edited 1 time in total |
|
| Back to top |
|
 |
kashani
Advocate
Joined: 02 Sep 2002
Posts: 2032
Location: San Francisco
|
| Posted: Thu Aug 04, 2005 1:24 pm Post subject: |
|
|
I believe the problem might be that PostfixAdmin uses encrypted passwords unlike the Gentoo Virtual How-to. I recently built a Postfix Admin setup and here's how I set up SASL
First I changed cyrus-sasl to use Courier's authdaemon rather than talk to Mysql itself.
| Code: |
echo "dev-libs/cyrus-sasl authdaemond -mysql" >> /etc/portage/package.use
emerge cyrus-sasl
|
Here's the /etc/sasl2/smtpd.conf file
| Code: |
pwcheck_method: authdaemond
log_level: 3
mech_list: PLAIN LOGIN
authdaemond_path:/var/lib/courier/authdaemon/socket
|
And the /etc/conf.d/sasluathd
| Code: |
# Initial (empty) options.
SASLAUTHD_OPTS=""
# Specify the authentications mechanism.
# *NOTE* For list see: saslauthd -v
# From 2.1.19, add "-r" to options for old behavior
# ie. reassemble user and realm to user@realm form.
# SASLAUTHD_OPTS="${SASLAUTH_MECH} -a pam -r"
SASLAUTHD_OPTS="${SASLAUTH_MECH} -a pam -r"
|
IIRC you have to change the permissions a bit on /var/lib/courier/authdaemon so that SASL can connect to the socket.
That's pretty much it. I also added the plugin to SquirrelMail to allow users to change their password from there as well rather than having to come out to the PostfixAdmin interface.
kashani
_________________
Will personally fix your server in exchange for motorcycle related shop tools in good shape. |
|
| Back to top |
|
|
jecepede
Apprentice
Joined: 19 Nov 2002
Posts: 239
|
| Posted: Thu Aug 04, 2005 3:17 pm Post subject: SASL cannot connect...... |
|
|
Aloha !
Absolutely WONDERFULL ! I
I got my Cyrus-thingy to stop talking to the MySQL database and now it is trying to talk to the authdaemon.......
| Code: | echo "dev-libs/cyrus-sasl authdaemond -mysql" >> /etc/portage/package.use
emerge cyrus-sasl |
BTW, The command above is unfamilliar to me. The file package.use doesn't even exist so I used :
| Code: | | postsmurf-v # USE="authdaemond -mysql" emerge cyrus-sasl |
The last bit however was not really ok ?
| Quote: | | IIRC you have to change the permissions a bit on /var/lib/courier/authdaemon so that SASL can connect to the socket. |
| Code: | Aug 4 15:12:00 postsmurf-v postfix/smtpd[3283]: warning: SASL authentication failure: cannot connect to Courier authdaemond: No such file or directory
Aug 4 15:12:00 postsmurf-v postfix/smtpd[3283]: warning: SASL authentication failure: Password verification failed
Aug 4 15:12:00 postsmurf-v postfix/smtpd[3283]: warning: unknown[10.0.1.1]: SASL PLAIN authentication failed
Aug 4 15:12:00 postsmurf-v postfix/smtpd[3283]: > unknown[10.0.1.1]: 535 Error: authentication failed |
And it gets even weirder :
| Code: | postsmurf-v / # testsaslauthd -u some-virtual-user@wabbit-wion.nl -p [SOMEPWD]
0: NO "authentication failed"
postsmurf-v / #
Or even :
postsmurf-v / # testsaslauthd -f /var/lib/courier/authdaemon/socket -u some-virtual-user@wabbit-wion.nl -p [SOMEPWD]
size read failed
0:
The localusers however, are OK !
postsmurf-v / # testsaslauthd -u some-locallinux-user -p [SOMEPWD]
0: OK "Success."
|
Did I REALLY miss something somewhere ?
Now I am back to square one, saslauthdb does not look in the MySQL database, only LOCAL users ??????????
Greets !
Jessy
_________________
I've got that retro-feeling :
http://instagram.com/jecepede
Check out my YouTube channel
https://www.youtube.com/jecepede |
|
| Back to top |
|
|
kashani
Advocate
Joined: 02 Sep 2002
Posts: 2032
Location: San Francisco
|
| Posted: Thu Aug 04, 2005 5:43 pm Post subject: |
|
|
I think I forgot to mention a few things that I've probably taken for granted.
1. courier-authlib needs to be running and working.
I'm not sure how far you are in your setup, but since sasl is going to use Courier's authdaemon for auth, authdaemon needs to be running and working, Get pop3/imap to auth first. Once that works sasl should works as well.
2. package.use
When you do USE="blah -blahblah" at the commandline Gentoo doesn't preserve it going forward. So when there is an update to cyrus-sasl two months from now it'll be built with the old USE variables instead of the ones you want. You'll restart the daemons and your system will be broken at some in oportune time. You need to create /etc/portage/ and then create package.use for any settings you want to apply per package so that Gentoo will always use those variables on that package. Here's an example of mine.
| Code: |
popmail ~ # more /etc/portage/package.use
mail-mta/postfix mysql ssl sasl vda
dev-libs/cyrus-sasl authdaemond -mysql
mail-client/squirrelmail virus-scan
net-www/apache -threads
dev-php/mod_php gd session
dev-php/php gd session
|
You can also create package.keywords package.mask and a few other in /etc/portage that have different functions.
3. chaning permissions on /var/lib/courier/authdaemon/
These are the default permissions
www ~ # ls -la /var/lib/courier/
drwxr-x--- 2 mail mail 4096 May 16 15:32 authdaemon
You can do a chmod 755 /var/lib/courier/authdaemon/ so that sasl could actually connect to the socket or mess with the groups which might be more secure. For now I'd chmod just so you can get it working.
kashani
_________________
Will personally fix your server in exchange for motorcycle related shop tools in good shape. |
|
| Back to top |
|
|
jecepede
Apprentice
Joined: 19 Nov 2002
Posts: 239
|
| Posted: Thu Aug 04, 2005 7:03 pm Post subject: It works !!!!!! |
|
|
Aloha !
This is one of gthe things I like sooooooooooooo muxh about Gentoo, the ENORMOUS forum-pages...
I came across a small story about pathing SASL, look here for more detail : http://frost.ath.cx/software/cyrus-sasl-patches/
So I thought, the current SASLAUTHD doesn't have it, maybe if I modify the ACCEPT_KEYWORDS in the file /etc/make.conf
I then got version : 2.1.21-r1 instead of the "older" 2.1.20 version.
This version came with a MOUNTAIN of patches. After it installed I only hat to check my config file like so :
| Code: | postsmurf-v / # cat /etc/sasl2/smtpd.conf
# $Header: /var/cvsroot/gentoo-x86/mail-mta/postfix/files/smtp.sasl,v 1.2 2004/07/18 03:26:56 dragonheart Exp $
pwcheck_method: auxprop
auxprop_plugin: sql
log_level: 6
#mech_list: PLAIN LOGIN CRAM-MD5 DIGEST-MD5
mech_list: PLAIN LOGIN
## http://frost.ath.cx/software/cyrus-sasl-patches/
## password_format: [plaintext|crypt|crypt_trad]
password_format: crypt
srp_mda: md5
allowplaintext: yes
## --> http://www.asyd.net/docs/cyrus-options.html
sql_engine: mysql
sql_hostnames: localhost
sql_user: [SPECIALUSER]
sql_passwd: [SEKRET]
sql_database: postfix
sql_select: SELECT password FROM mailbox WHERE username = '%u@%r' AND active = '1' LIMIT 1
sql_usessl: no |
NOTE : the password_format: crypt option ONLY works if you compile with useflag crypt, but you already knw that....
As a final step, I used :
| Quote: | # "Simple but Perfect" mbox to Maildir converter v0.1
# by Philip Mak <[EMAIL PROTECTED]> |
: to convert my box-files to maildirs 
In simpeler words : I'm back in business !
Greets !
Jessy
_________________
I've got that retro-feeling :
http://instagram.com/jecepede
Check out my YouTube channel
https://www.youtube.com/jecepede |
|
| Back to top |
|
|
jecepede
Apprentice
Joined: 19 Nov 2002
Posts: 239
|
| Posted: Thu Aug 04, 2005 7:14 pm Post subject: The final words..... |
|
|
Ho ho ho !
Thanx for helping me out :
| kashani wrote: | I think I forgot to mention a few things that I've probably taken for granted.
1. courier-authlib needs to be running and working.
I'm not sure how far you are in your setup, but since sasl is going to use Courier's authdaemon for auth, authdaemon needs to be running and working, Get pop3/imap to auth first. Once that works sasl should works as well.
|
I was/am able to do everything but authenticate thru SMTP. I already was able to pop, to use imap, to use the webmail and to use the Postfix-Admin utility.
| kashani wrote: | 2. package.use
When you do USE="blah -blahblah" at the commandline Gentoo doesn't preserve it going forward. So when there is an update to cyrus-sasl two months from now it'll be built with the old USE variables instead of the ones you want. You'll restart the daemons and your system will be broken at some in oportune time. You need to create /etc/portage/ and then create package.use for any settings you want to apply per package so that Gentoo will always use those variables on that package. Here's an example of mine.
[code]
popmail ~ # more /etc/portage/package.use
mail-mta/postfix mysql ssl sasl vda
[code]dev-libs/cyrus-sasl authdaemond -mysql
mail-client/squirrelmail virus-scan
net-www/apache -threads
dev-php/mod_php gd session
dev-php/php gd session
[/code]
You can also create package.keywords package.mask and a few other in /etc/portage that have different functions.
|
Oops, my mistake. 
I didn't understand I needed to create it. Actually, wont putting these flags in the make.conf have the same effect ?
Oh, no, scratch that question. In make.conf they will apply for ALL packages, and in /etc/portage/package.use they are only valid for selected packages.
THAT is a golden tip. Thank you very much for that.
I created the /etc/portage/package.use - file too. Except, I used : dev-libs/cyrus-sasl authdaemond mysql crypt
| kashani wrote: | 3. chaning permissions on /var/lib/courier/authdaemon/
These are the default permissions
www ~ # ls -la /var/lib/courier/
drwxr-x--- 2 mail mail 4096 May 16 15:32 authdaemon
You can do a chmod 755 /var/lib/courier/authdaemon/ so that sasl could actually connect to the socket or mess with the groups which might be more secure. For now I'd chmod just so you can get it working.
kashani |
The permissions were correct, the owner however was root... So a quick chown postfix:postfix made it accesible, it didn't make it work thow 
Anyway...
Thank you goes to all who helped (Specially to kashani) me out 
Greets !
Jessy
_________________
I've got that retro-feeling :
http://instagram.com/jecepede
Check out my YouTube channel
https://www.youtube.com/jecepede |
|
| Back to top |
|
|
|
Networking & Security
