From: Andreas Winkelmann (no email)
Date: Tue Sep 13 2005 - 10:08:40 EDT
Am Tuesday 13 September 2005 15:25 schrieb Daniel:
> I am wracking my brain trying to figure out how to get this stuff working.
> No matter what I seem to do, authentication fails and postfix doesn't tell
> me why. Here's my setup and what I've done so far:
>
> Fedora Core 4
> Postfix 2.2.5 compiled with support for SASL (2.2.20), PostgreSQL, MySQL,
> DB, and TLS
>
> --- The smtpd portion of /etc/postfix/main.cf ---
>
> smtpd_sasl_auth_enable = yes
> smtpd_sasl_security_options = noanonymous
> broken_sasl_auth_clients = yes
> smtpd_recipient_restrictions = permit_mynetworks,
> permit_sasl_authenticated, reject_unauth_destination, permit
>
> --- My smptd.conf file (/usr/lib/sasl2/smtpd.conf) ---
>
> pwcheck_method: auxprop
> mech_list: plain login
> allowanonymouslogin: no
> allowplaintext: yes
allowanonymouslogin and allowplaintext are not Cyrus-SASL Options. Maybe
Copy&Paste from a Cyrus-Imap Config-File?
> auxprop_plugin: sql
> sql_engine: pgsql
> sql_hostname: localhost
> sql_database: maildb
> sql_user: dbUser
> sql_passwd: dbPass
> sql_select: SELECT password FROM users WHERE id = '%u@%r'
> log_level: 7
>
> I have smtpd starting with -v in /etc/postfix/master.cf. I get all sorts of
The logging regarding Cyrus-SASL is much more improved in Postfix 2.3.x, maybe
if other attempts fail it is a try worth to use it.
> nice logs when I'm running, but next to nothing with regard to errors
> during authentication. When my user attempts to login, I can see in the
> logs where PLAIN authentication is attempted and fails with error 535. I
> don't know what error 535 is, though. Looking at the PostgreSQL logs,
> postfix/sasl is never attempting to connect to the database. I know
> PostgreSQL works because I use it for other applications. I can also login
> to the mail database fine with the postfix user/pass.
>
> I've also noticed if I change the sql_engine to anything else, even
> something as random as "banana", I get the same error in postfix as I do
> when it's set to mysql, pgsql, etc. So, what am I doing wrong? How can I
> debug this further? I'd really like to have SMTP authentication working
> without using saslauthd or pam. Oh, and my passwords are NOT encrypted
> within the database. Thank you!
Hmm, please google for saslfinger and strat it with "-s" for server and post
the Output.
Did you build Cyrus-SASL at your own? Or did you install packages?
-- Andreas
|
|
|