Postfix & SASL ... Help
Jeff Molofee
nehe at telus.net
Sat Oct 19 05:36:49 UTC 2013
Will try to keep this short because this is a list...
I posted the following on the BSD forums and have received no
responses. I was hoping some bright minds on this list could help me
out, or at least point me in the right direction.
I'm trying to get postfix to authenticate users using auxprop/sasldb.
I see the following error in maillog: "warning: SASL authentication
failure: no user in db"
I am using: FreeBSD 9.x (64 bit), Postfix 2.10.1,1 (PCRE, SASL2, TLS),
cyrus-imapd-2.4.17_4, cyrus-sasl-2.1.26_2 (authdaemond,
obsolete_cram_attr, {all mechs})
Cyrus is authenticating against SASL. Test results below:
> smtptest -a {username} localhost
S: 220 mail.{company}.com ESMTP Postfix
C: EHLO smtptest
S: 250-mail.{company}.com
S: 250-PIPELINING
S: 250-SIZE 20480000
S: 250-ETRN
S: 250-AUTH PLAIN LOGIN CRAM-MD5 DIGEST-MD5 NTLM
S: 250-AUTH=PLAIN LOGIN CRAM-MD5 DIGEST-MD5 NTLM
S: 250-ENHANCEDSTATUSCODES
S: 250-8BITMIME
S: 250 DSN
Please enter your password:
C: AUTH PLAIN AGrlZmZtBGhvbnRhY4J2
S: 235 2.7.0 Authentication successful
Authenticated.
Security strength factor: 0
In /usr/local/etc/postfix/main.cf I have:
smtpd_sasl_auth_enable = yes
broken_sasl_auth_clients = yes
smtpd_sasl_local_domain = proxy.domain.local
smtpd_sasl_security_options = noanonymous
smtpd_relay_restrictions = permit_mynetworks,
permit_sasl_authenticated,
reject_unauth_destination
In /usr/local/lib/sasl2/smtpd.conf I have:
pwcheck_method: auxprop
auxprop_plugin: sasldb
mech_list: PLAIN LOGIN CRAM-MD5 DIGEST-MD5 NTLM
Because the error is saying "no user in db", I'm guessing that postfix
is not seeing the sasldb2.db at all.
postfix is in the mail group and mail group has permission for files
like sasldb2.db (I don't believe it's a permission issue).
i thought maybe it was because I didn't have bdb support in cyrus-sasl
or postfix, but it made no difference if I did or not.
Right now I'm thinking because sasldblistusers2 shows users as follows:
{user}@proxy.domain.local (machine domain)
instead of:
{user}@maildomain.com(web)
that this could be my issue. But then wouldn't it say "user not found"
rather than "no user in db"?
why does smtptest work?
would LOVE any help you guys are willing to offer... been at this for a
few days now, and I'm starting to pull hair out :(
More information about the freebsd-questions
mailing list