[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [suse-security] SuSE 9.0: postfix sasl authentikation fails

Am Freitag, 9. Januar 2004 13:51 schrieb Markus Feilner:

> has anybody got postfix working with cyrus-sasl under suse 9.0?
> I only got replies like "authenticaton failed"
> my /usr/lib/sasl2/smtp.conf is:

> pwcheck_method: auxprop
> mech_list: plain login
If you use sasldb, you can offer cram-md5 and digest-md5 too. If they are 
installed, of course.

> auxprop_plugin: sasldb2
auxprop_plugin: sasldb

> (the path to /usr/lib/sasl2 was added by ldconfig )
No need.

> A user for sasldb was added:
> Mail-server:/usr/lib/sasl2 # saslpasswd2 -c user
> Password: user
> Again (for verification): user
> Mail-server:/usr/lib/sasl2 #

Better to specify a realm (-u).  But if it is already there, show 
sasldblistusers2 look at the user-string. There is a domain-part add it to 
Postfix's configurations as "smtpd_sasl_local_domain".

> And to  /etc/postfix/main.cf I added:
> smtpd_sasl_auth_enable = yes
> smtpd_sasl_security_options = noanonymous
> broken_sasl_auth_clients = yes
> smtpd_recipients_restrictions = permit_sasl_authenticated
> OK,
> rcsaslauthd start, rcpostfix restart and test with telnet or a
> mailclient. I am told SASL with PLAIN or LOGIN should work.

If you want to use sasldb, there is no need to start saslauthd.

> But if I try to send a message, I get the following in /var/log/mail:

> it seems like access to database is not possible.
> Why is authentication failing?

Two other things, check if smtpd runs chrooted (master.cf) and copy the sasldb 
to the jail. And check if user postfix may access sasldb.


Check the headers for your unsubscription address
For additional commands, e-mail: suse-security-help@xxxxxxxx
Security-related bug reports go to security@xxxxxxx, not here