Date: Sat, 15 Mar 2014 17:48:19 -0700 From: Drew Tomlinson <drew@mykitchentable.net> To: Reko Turja <reko.turja@liukuma.net>, freebsd-questions@FreeBSD.org Subject: Re: Help with SMTP AUTH Message-ID: <BLU0-SMTP40877E7CD3C03FC72E1A57EB3720@phx.gbl> In-Reply-To: <CE8684D1E0E64379B17CD55A149AA466@Rivendell> References: <BLU0-SMTP4079D728856FBE24B0A93C9B3730@phx.gbl> <CE8684D1E0E64379B17CD55A149AA466@Rivendell>
next in thread | previous in thread | raw e-mail | index | archive | help
On 3/15/2014 12:06 PM, Reko Turja wrote: > From: Drew Tomlinson > Sent: Saturday, March 15, 2014 8:10 PM > To: freebsd-questions@FreeBSD.org > Subject: Help with SMTP AUTH > >> I'm running FreeBSD 10 with Postfix 2.11, Cyrus SASL 2.1.26, and >> saslauthd 2.1.26 . I've followed various tutorials on the Net and >> even checked my current configs against backups from a machine that >> died but used to run smtp auth successfully. >> >> I've also tested using testsaslauthd and get the OK message: > > Edit /usr/local/lib/sasl2/smtpd.conf and put following in there (add > additional mechs if needed/desired): > > pwcheck_method: saslauthd > mech_list: plain login > > Then check that you have something like this in postfix/master.cf in > addition of other settings: > > smtps inet n - n - - smtpd > -o smtpd_sasl_auth_enable=yes > -o smtpd_tls_wrappermode=yes > -o smtpd_tls_security_level=encrypt > # -o smtpd_etrn_restrictions=reject > # Submission kept for older client conformity > submission inet n - n - - smtpd > -o smtpd_etrn_restrictions=reject > -o smtpd_sasl_auth_enable=yes > -o smtpd_tls_security_level=encrypt > > and in postfix main.cf something like this: > > smtpd_sasl_security_options = noanonymous > smtpd_sasl_local_domain = $myhostname > broken_sasl_auth_clients = yes > smtpd_sasl_authenticated_header = yes Thank you for your reply. Your post above gave me the clue I needed to get sasl_auth listenting. Instead of "-o smtpd_sasl_auth_enable=yes " in master.cf, I added "smtpd_sasl_auth_enable=yes" to main.cf. I only had the smtp (client) version of that line in there before. Now authentication is attempted but fails with these lines in my maillog: Mar 15 17:40:39 blacklamb postfix/smtpd[91702]: warning: SASL authentication failure: no user in db I'm not sure if postfix is using saslauthd. I started it in debug mode at the console and only got this output even when attempting to use sasl_auth from a client: # saslauthd -d -a pam saslauthd[91714] :main : num_procs : 5 saslauthd[91714] :main : mech_option: NULL saslauthd[91714] :main : run_path : /var/run/saslauthd saslauthd[91714] :main : auth_mech : pam saslauthd[91714] :ipc_init : using accept lock file: /var/run/saslauthd/mux.accept saslauthd[91714] :detach_tty : master pid is: 0 saslauthd[91714] :ipc_init : listening on socket: /var/run/saslauthd/mux saslauthd[91714] :main : using process model saslauthd[91714] :have_baby : forked child: 91715 saslauthd[91715] :get_accept_lock : acquired accept lock saslauthd[91714] :have_baby : forked child: 91716 saslauthd[91714] :have_baby : forked child: 91717 saslauthd[91714] :have_baby : forked child: 91718 I would have expected to see something during the sasl_auth attempt. Should I have? Thanks, Drew -- Like card tricks? Visit The Alchemist's Warehouse to learn card magic secrets for free! http://alchemistswarehouse.com
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?BLU0-SMTP40877E7CD3C03FC72E1A57EB3720>