saslauthd problems
Greg Groth
ggroth99 at hotmail.com
Sun Feb 26 22:09:02 PST 2006
I am having great difficulty in getting SMTP-AUTH working on a mail server.
I went through this not too long ago on another box, and was able to get it
working (SSL is another story). On this box, when I try to send an email, I
get the following in maillog:
Feb 26 23:42:16 ns1 sm-mta[1783]: NOQUEUE: connect from
node-40241be2.mdw.onnet.us.uu.net [64.36.27.226]
Feb 26 23:42:16 ns1 sm-mta[1783]: AUTH: available mech=NTLM LOGIN ANONYMOUS
PLAIN GSSAPI OTP DIGEST-MD5 CRAM-MD5, allowed mech=PLAIN LOGIN
Feb 26 23:42:16 ns1 sm-mta[1783]: k1R5gGCB001783: Milter: no active filter
Feb 26 23:42:17 ns1 sm-mta[1783]: k1R5gGCB001783: ruleset=check_rcpt,
arg1=<ggroth at gregs-garage.com>, relay=node-40241be2.mdw.onnet.us.uu.net
[64.36.27.226], reject=550 5.7.1 <ggroth at gregs-garage.com>... Relaying
denied. Proper authentication required.
I checked to see if saslauthd was running:
ns1# ps -aux | grep saslauthd
root 532 0.0 0.4 2824 1884 ?? Is 8:41PM 0:00.02
/usr/local/sbin/saslauthd -a pam
root 533 0.0 0.3 2776 1604 ?? I 8:41PM 0:00.00
/usr/local/sbin/saslauthd -a pam
root 534 0.0 0.3 2776 1604 ?? I 8:41PM 0:00.00
/usr/local/sbin/saslauthd -a pam
root 535 0.0 0.3 2776 1604 ?? I 8:41PM 0:00.00
/usr/local/sbin/saslauthd -a pam
root 536 0.0 0.3 2776 1604 ?? I 8:41PM 0:00.00
/usr/local/sbin/saslauthd -a pam
The only other mention in any of the logs regarding sasl I could find was
this:
Feb 26 20:41:53 ns1 saslauthd[532]: detach_tty : master pid is: 532
Feb 26 20:41:53 ns1 saslauthd[532]: ipc_init : listening on socket:
/var/state/saslauthd/mux
System is FreeBSD 6.0 using a fresh install. System has latest ports of
Sendmail, IMAP-UW, Cyrus-SASL2, Cyrus-SASL2-Auth
I can relay without a problem if I add my IP to the Sendmail Access db, but
it won't work with SMTP-AUTH.
Sendmail was installed as part of the base install. I added the following
commands to /etc/make.conf:
SENDMAIL_CFLAGS=-I/usr/local/include -DSASL=2
SENDMAIL_LDFLAGS=-L/usr/local/lib
SENDMAIL_LDADD=-lsasl2
I then ran the whole make buildworld, make kernel, etc. deal, then
recompiled Sendmail as follows:
cd /usr/src/usr.sbin/sendmail
make clean
make depend
make
make install
Added the following to my mc file:
define(`confAUTH_MECHANISMS',`PLAIN LOGIN')dnl
TRUST_AUTH_MECH(`PLAIN LOGIN')dnl
ran make cf
make install
make restart
I added saslauthd_enable="YES" to /etc/rc.conf, and it appears to be
starting at boot.
I checked /usr/local/lib/sasl2/Sendmail.conf, and have the following:
pwcheck_method: saslauthd
I then went back through and checked all of the Makefiles and startup
scripts as I saw a bug mentioned in the docs that said to check the library
paths (if compiling from scratch), and everything seems to be pointing to
where it should be. I've gone through both systems and cannot find a
difference in either the way they were compiled or configured, yet I'm at a
standstill. The only difference is that on the system that is giving me
fits is I rebuilt the /etc/pwd.db and /etc/spwd.db from a backup of
master.passwd using pwd_mkdb. I checked the password dbs on both systems
thinking I might have some kind of db compatability problem, both files on
both systems came back as follows:
ns1# file /etc/pwd.db
/etc/pwd.db: Berkeley DB 1.85 (Hash, version 2, native byte-order)
ns1# file /etc/spwd.db
/etc/pwd.db: Berkeley DB 1.85 (Hash, version 2, native byte-order)
As far as I can figure out, saslauthd is configured to fall back to it's own
database authentication scheme if other methods fail, and the "Milter: no
active filter" error is probably it complaining that it can't find the
database. Why isn't it checking the password file? Anyone have any ideas?
I'm at my wit's end.
TIA
Greg Groth
_________________________________________________________________
Is your PC infected? Get a FREE online computer virus scan from McAfee®
Security. http://clinic.mcafee.com/clinic/ibuy/campaign.asp?cid=3963
More information about the freebsd-questions
mailing list