Skip site navigation (1)Skip section navigation (2)
Date:      Fri, 18 Oct 2013 23:35:39 -0600
From:      Jeff Molofee <nehe@telus.net>
To:        freebsd-questions@freebsd.org
Subject:   Postfix & SASL ... Help
Message-ID:  <52621A2B.1080706@telus.net>
In-Reply-To: <mailman.9748.1382072964.365.freebsd-questions@freebsd.org>
References:  <mailman.9748.1382072964.365.freebsd-questions@freebsd.org>

Next in thread | Previous in thread | Raw E-Mail | Index | Archive | Help
Will try to keep this short because this is a list...

I posted the following on the BSD forums and have received no 
responses.  I was hoping some bright minds on this list could help me 
out, or at least point me in the right direction.

I'm trying to get postfix to authenticate users using auxprop/sasldb.

I see the following error in maillog: "warning: SASL authentication 
failure: no user in db"

I am using: FreeBSD 9.x (64 bit), Postfix 2.10.1,1 (PCRE, SASL2, TLS), 
cyrus-imapd-2.4.17_4, cyrus-sasl-2.1.26_2 (authdaemond, 
obsolete_cram_attr, {all mechs})

Cyrus is authenticating against SASL.  Test results below:

 > smtptest -a {username} localhost
S: 220 mail.{company}.com ESMTP Postfix
C: EHLO smtptest
S: 250-mail.{company}.com
S: 250-PIPELINING
S: 250-SIZE 20480000
S: 250-ETRN
S: 250-AUTH PLAIN LOGIN CRAM-MD5 DIGEST-MD5 NTLM
S: 250-AUTH=PLAIN LOGIN CRAM-MD5 DIGEST-MD5 NTLM
S: 250-ENHANCEDSTATUSCODES
S: 250-8BITMIME
S: 250 DSN
Please enter your password:
C: AUTH PLAIN AGrlZmZtBGhvbnRhY4J2
S: 235 2.7.0 Authentication successful
Authenticated.
Security strength factor: 0

In /usr/local/etc/postfix/main.cf I have:
smtpd_sasl_auth_enable          = yes
broken_sasl_auth_clients        = yes
smtpd_sasl_local_domain         = proxy.domain.local
smtpd_sasl_security_options     = noanonymous

smtpd_relay_restrictions        = permit_mynetworks,
permit_sasl_authenticated,
                                   reject_unauth_destination

In /usr/local/lib/sasl2/smtpd.conf I have:
pwcheck_method: auxprop
auxprop_plugin: sasldb
mech_list: PLAIN LOGIN CRAM-MD5 DIGEST-MD5 NTLM

Because the error is saying "no user in db", I'm guessing that postfix 
is not seeing the sasldb2.db at all.
postfix is in the mail group and mail group has permission for files 
like sasldb2.db (I don't believe it's a permission issue).

i thought maybe it was because I didn't have bdb support in cyrus-sasl 
or postfix, but it made no difference if I did or not.

Right now I'm thinking because sasldblistusers2 shows users as follows:

{user}@proxy.domain.local (machine domain)

instead of:

{user}@maildomain.com(web)

that this could be my issue.  But then wouldn't it say "user not found" 
rather than "no user in db"?

why does smtptest work?

would LOVE any help you guys are willing to offer... been at this for a 
few days now, and I'm starting to pull hair out :(




Want to link to this message? Use this URL: <http://docs.FreeBSD.org/cgi/mid.cgi?52621A2B.1080706>