[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [suse-security] SuSE 9.0: postfix sasl authentikation fails



Am Freitag, 9. Januar 2004 14:00 schrieb Andreas Winkelmann:
> Am Freitag, 9. Januar 2004 13:51 schrieb Markus Feilner:
> > has anybody got postfix working with cyrus-sasl under suse 9.0?
> > I only got replies like "authenticaton failed"
> >
> > my /usr/lib/sasl2/smtp.conf is:
>
> smtpd.conf
>
> > pwcheck_method: auxprop
> > mech_list: plain login
>
> If you use sasldb, you can offer cram-md5 and digest-md5 too. If they
> are installed, of course.
>
> > auxprop_plugin: sasldb2
>
> auxprop_plugin: sasldb
>
> > (the path to /usr/lib/sasl2 was added by ldconfig )
>
> No need.
>
> > A user for sasldb was added:
> > Mail-server:/usr/lib/sasl2 # saslpasswd2 -c user
> > Password: user
> > Again (for verification): user
> > Mail-server:/usr/lib/sasl2 #
>
> Better to specify a realm (-u).  But if it is already there, show
> sasldblistusers2 look at the user-string. There is a domain-part add
> it to Postfix's configurations as "smtpd_sasl_local_domain".
>
> > And to  /etc/postfix/main.cf I added:
> >
> > smtpd_sasl_auth_enable = yes
> > smtpd_sasl_security_options = noanonymous
> > broken_sasl_auth_clients = yes
> > smtpd_recipients_restrictions = permit_sasl_authenticated
> >
> > OK,
> > rcsaslauthd start, rcpostfix restart and test with telnet or a
> > mailclient. I am told SASL with PLAIN or LOGIN should work.
>
> If you want to use sasldb, there is no need to start saslauthd.
>
> > But if I try to send a message, I get the following in
> > /var/log/mail:
> >
> > it seems like access to database is not possible.
> > Why is authentication failing?
>
> Two other things, check if smtpd runs chrooted (master.cf) and copy
> the sasldb to the jail. And check if user postfix may access sasldb.
>
> --
> 	Andreas

Andreas, thanks a lot!!
Two typos and the thing about the realm!
One more question ...
I want _only_ sasl-auth'd Users to be allowed to send.
According to http://postfix.state-of-mind.de/patrick.koetter/smtpauth/
smtp_auth_mailclients.html I put in /etc/postfix/main.cf:

mydomain = somewhere
myorigin = Mailserver.somewhere
mydestination = $myhostname, localhost.$mydomain
relay_domains = somewhere
smtpd_sender_restrictions = 
	permit_mynetworks
	permit_sasl_authenticated
	reject
mynetworks=127.0.0.0/8
smtpd_sasl_auth_enable = yes
smtpd_sasl_security_options = noanonymous
smtpd_sasl_local_domain = Mailserver
broken_sasl_auth_clients = yes

But: although a user is authenticated successfully (thanks again!) - 
relaying is denied.
"postfix/smtpd[7504]: generic_checks: name=reject_unauth_destination 
status=2"

If on the other hand i put
mynetworks=192.168.0.0/24,
everyone from that subnet may relay, without Authentication. 
Where am I wrong or what am i missing?
Thanks!

-- 
Mit freundlichen Grüßen
Markus Feilner
--
Linux Solutions, Training, Seminare und Workshops - auch Inhouse
Feilner IT Linux & GIS Erlangerstr. 2 93059 Regensburg
fon: +49 941 70 65 23  - mobil: +49 170 302 709 2 
web: http://feilner-it.net mail: mfeilner@xxxxxxxxxxxxxx


--
Check the headers for your unsubscription address
For additional commands, e-mail: suse-security-help@xxxxxxxx
Security-related bug reports go to security@xxxxxxx, not here