From owner-freebsd-questions@FreeBSD.ORG  Sun Mar 16 00:49:28 2014
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
Delivered-To: freebsd-questions@FreeBSD.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits))
 (No client certificate requested)
 by hub.freebsd.org (Postfix) with ESMTPS id BAD6476C
 for <freebsd-questions@FreeBSD.org>; Sun, 16 Mar 2014 00:49:28 +0000 (UTC)
Received: from blu0-omc2-s10.blu0.hotmail.com (blu0-omc2-s10.blu0.hotmail.com
 [65.55.111.85]) by mx1.freebsd.org (Postfix) with ESMTP id 825C18BA
 for <freebsd-questions@FreeBSD.org>; Sun, 16 Mar 2014 00:49:28 +0000 (UTC)
Received: from BLU0-SMTP408 ([65.55.111.73]) by blu0-omc2-s10.blu0.hotmail.com
 with Microsoft SMTPSVC(6.0.3790.4675); 
 Sat, 15 Mar 2014 17:48:22 -0700
X-TMN: [D043Xf/ByUp3bXTab6VT4RapQKSCCjjm]
X-Originating-Email: [drew@mykitchentable.net]
Message-ID: <BLU0-SMTP40877E7CD3C03FC72E1A57EB3720@phx.gbl>
Received: from [127.0.0.1] ([69.62.167.70]) by BLU0-SMTP408.phx.gbl over TLS
 secured channel with Microsoft SMTPSVC(6.0.3790.4675); 
 Sat, 15 Mar 2014 17:48:19 -0700
Date: Sat, 15 Mar 2014 17:48:19 -0700
From: Drew Tomlinson <drew@mykitchentable.net>
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64;
 rv:24.0) Gecko/20100101 Thunderbird/24.3.0
MIME-Version: 1.0
To: Reko Turja <reko.turja@liukuma.net>, freebsd-questions@FreeBSD.org
Subject: Re: Help with SMTP AUTH
References: <BLU0-SMTP4079D728856FBE24B0A93C9B3730@phx.gbl>
 <CE8684D1E0E64379B17CD55A149AA466@Rivendell>
In-Reply-To: <CE8684D1E0E64379B17CD55A149AA466@Rivendell>
Content-Type: text/plain; charset="ISO-8859-1"; format=flowed
Content-Transfer-Encoding: 7bit
X-Antivirus: avast! (VPS 140315-1, 03/15/2014), Outbound message
X-Antivirus-Status: Clean
X-OriginalArrivalTime: 16 Mar 2014 00:48:19.0619 (UTC)
 FILETIME=[6CD2FF30:01CF40B1]
Sender: <hotmail_1c57bbabcde0de0c@live.com>
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/options/freebsd-questions>, 
 <mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions/>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
 <mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sun, 16 Mar 2014 00:49:28 -0000

On 3/15/2014 12:06 PM, Reko Turja wrote:
> From: Drew Tomlinson
> Sent: Saturday, March 15, 2014 8:10 PM
> To: freebsd-questions@FreeBSD.org
> Subject: Help with SMTP AUTH
>
>> I'm running FreeBSD 10 with Postfix 2.11, Cyrus SASL 2.1.26, and 
>> saslauthd 2.1.26 .  I've followed various tutorials on the Net and 
>> even checked my current configs against backups from a machine that 
>> died but used to run smtp auth successfully.
>>
>> I've also tested using testsaslauthd and get the OK message:
>
> Edit /usr/local/lib/sasl2/smtpd.conf and put following in there (add 
> additional mechs if needed/desired):
>
> pwcheck_method: saslauthd
> mech_list: plain login
>
> Then check that you have something like this in postfix/master.cf in 
> addition of other settings:
>
> smtps    inet   n       -       n       -       -       smtpd
>  -o smtpd_sasl_auth_enable=yes
>  -o smtpd_tls_wrappermode=yes
>  -o smtpd_tls_security_level=encrypt
> #  -o smtpd_etrn_restrictions=reject
> # Submission kept for older client conformity
> submission inet n       -       n       -       -       smtpd
>  -o smtpd_etrn_restrictions=reject
>  -o smtpd_sasl_auth_enable=yes
>  -o smtpd_tls_security_level=encrypt
>
> and in postfix main.cf something like this:
>
> smtpd_sasl_security_options = noanonymous
> smtpd_sasl_local_domain = $myhostname
> broken_sasl_auth_clients = yes
> smtpd_sasl_authenticated_header = yes
Thank you for your reply.  Your post above gave me the clue I needed to 
get sasl_auth listenting.  Instead of "-o smtpd_sasl_auth_enable=yes " 
in master.cf, I added "smtpd_sasl_auth_enable=yes" to main.cf.  I only 
had the smtp (client) version of that line in there before.

Now authentication is attempted but fails with these lines in my maillog:

Mar 15 17:40:39 blacklamb postfix/smtpd[91702]: warning: SASL 
authentication failure: no user in db

I'm not sure if postfix is using saslauthd.  I started it in debug mode 
at the console and only got this output even when attempting to use 
sasl_auth from a client:

  # saslauthd -d -a pam
saslauthd[91714] :main            : num_procs  : 5
saslauthd[91714] :main            : mech_option: NULL
saslauthd[91714] :main            : run_path   : /var/run/saslauthd
saslauthd[91714] :main            : auth_mech  : pam
saslauthd[91714] :ipc_init        : using accept lock file: 
/var/run/saslauthd/mux.accept
saslauthd[91714] :detach_tty      : master pid is: 0
saslauthd[91714] :ipc_init        : listening on socket: 
/var/run/saslauthd/mux
saslauthd[91714] :main            : using process model
saslauthd[91714] :have_baby       : forked child: 91715
saslauthd[91715] :get_accept_lock : acquired accept lock
saslauthd[91714] :have_baby       : forked child: 91716
saslauthd[91714] :have_baby       : forked child: 91717
saslauthd[91714] :have_baby       : forked child: 91718

I would have expected to see something during the sasl_auth attempt.  
Should I have?

Thanks,

Drew



-- 
Like card tricks?

Visit The Alchemist's Warehouse to
learn card magic secrets for free!

http://alchemistswarehouse.com