[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [suse-security] SuSE 9.0: postfix sasl authentikation fails
Am Freitag, 9. Januar 2004 13:51 schrieb Markus Feilner:
> has anybody got postfix working with cyrus-sasl under suse 9.0?
> I only got replies like "authenticaton failed"
> my /usr/lib/sasl2/smtp.conf is:
> pwcheck_method: auxprop
> mech_list: plain login
If you use sasldb, you can offer cram-md5 and digest-md5 too. If they are
installed, of course.
> auxprop_plugin: sasldb2
> (the path to /usr/lib/sasl2 was added by ldconfig )
> A user for sasldb was added:
> Mail-server:/usr/lib/sasl2 # saslpasswd2 -c user
> Password: user
> Again (for verification): user
> Mail-server:/usr/lib/sasl2 #
Better to specify a realm (-u). But if it is already there, show
sasldblistusers2 look at the user-string. There is a domain-part add it to
Postfix's configurations as "smtpd_sasl_local_domain".
> And to /etc/postfix/main.cf I added:
> smtpd_sasl_auth_enable = yes
> smtpd_sasl_security_options = noanonymous
> broken_sasl_auth_clients = yes
> smtpd_recipients_restrictions = permit_sasl_authenticated
> rcsaslauthd start, rcpostfix restart and test with telnet or a
> mailclient. I am told SASL with PLAIN or LOGIN should work.
If you want to use sasldb, there is no need to start saslauthd.
> But if I try to send a message, I get the following in /var/log/mail:
> it seems like access to database is not possible.
> Why is authentication failing?
Two other things, check if smtpd runs chrooted (master.cf) and copy the sasldb
to the jail. And check if user postfix may access sasldb.
Check the headers for your unsubscription address
For additional commands, e-mail: suse-security-help@xxxxxxxx
Security-related bug reports go to security@xxxxxxx, not here