Re: Postfix SMTP Auth

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

----- Original Message ----- 
From: "Jason Wellman" <nimh@xxxxxxxxxxx>
>
> Hey all,
>
> I have searched the mail archives and Google trying to solve my Postfix
> SMTP AUTH issue.
>
> I have read the document:
>
> /usr/share/doc/postfix-2.0.11/README-Postfix-SASL-RedHat.txt
>
> And performed all the tasks it outlines but I am getting the errors
> (hostnames edited of course):
>
> Jan 13 17:36:37 XXX postfix/smtpd[13820]: connect from XXX.net[1.1.1.1]
> Jan 13 17:36:37 XXX postfix/smtpd[13820]: warning: SASL authentication
> problem: unable to open Berkeley db /etc/sasldb2: No such file or
directory
> Jan 13 17:36:37 XXX postfix/smtpd[13820]: warning: SASL authentication
> problem: unable to open Berkeley db /etc/sasldb2: No such file or
directory
> Jan 13 17:36:37 XXX postfix/smtpd[13820]: warning: SASL authentication
> failure: no secret in database
> Jan 13 17:36:37 XXX postfix/smtpd[13820]: warning: XXX.net[1.1.1.1]:
> SASL CRAM-MD5 authentication failed
> Jan 13 17:37:31 XXX postfix/smtpd[13820]: lost connection after AUTH
> from XXX.net[1.1.1.1]
> Jan 13 17:37:31 XXX postfix/smtpd[13820]: disconnect from XXX.net[1.1.1.1]
>

It looks like you may have already perfromed some of the following tasks,
but I'm going to mention them anyway. The following works at my end.

1) Recompile postfix to support sasl version 2? i.e.
[scowles@voyager scowles]$ rpm -q postfix
postfix-2.0.16-8.pcre.sasl2.tls.rh9

2) After adding users to /etc/sasldb2 using the saslpasswd2 command, did you
copy /etc/sasldb2 to the postfix chrooted etc directory? i.e.
/var/spool/postfix/etc

3) Define the auth method to be used in /usr/lib/sasl2/smtpd.conf. NOTE: I
do NOT run saslauthd
[scowles@voyager sasl2]$ pwd
/usr/lib/sasl2
[scowles@voyager sasl2]$ cat smtpd.conf
pwcheck_method: auxprop
realm: mail.mydomain.tld

4) Add the sasl related entries to /etc/postfix/main.cf
[scowles@voyager postfix]$ pwd
/etc/postfix
[scowles@voyager postfix]$ grep sasl main.cf
smtpd_sasl_auth_enable = yes
smtpd_sasl2_auth_enable = yes
smtpd_sasl_local_domain = mail.mydomain.tld
smtpd_sasl_security_options = noanonymous
broken_sasl_auth_clients = yes

...and the following:
smtpd_recipient_restrictions =
[snip...]
  permit_mynetworks
  permit_sasl_authenticated
  reject

Note the order of the permits. I allow users that match "mynetworks" to send
e-mail without authenticating.

Steve Cowles
[Index of Archives]     [Current Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Yosemite News]     [Yosemite Photos]     [KDE Users]     [Fedora Tools]     [Fedora Docs]

  Powered by Linux