Help with SASL TLS with Postfix using a database for user details

Hi,

I need some help getting SASL TLS working with Postfix on DBMail.

For those not familiar with DBMail, it is a database (MYSQL) email storage system that offers imap and pop access (ie all emails are stored completely in a database instead of in files) - see http://www.dbmail.org for more info.

It also stores usernames and passwords (plain text) in the database.

I've got postfix working with dbmail on my Fedora Core 8 box, and am now trying to get it to work with SASL TLS.

Relavent parts of my config are:

/etc/postfix/main.cf:

Code:

... 
smtpd_sasl_local_domain = 
smtpd_sasl_auth_enable = yes 
smtpd_sasl_security_options = noanonymous 
broken_sasl_auth_clients = yes 
smtpd_recipient_restrictions = permit_sasl_authenticated,permit_mynetworks,reject_unauth_destination 
smtpd_tls_auth_only = no 
smtp_use_tls = yes 
smtpd_use_tls = yes 
smtp_tls_note_starttls_offer = yes 
smtpd_tls_key_file = /etc/postfix/secure.reidware.net.key 
smtpd_tls_cert_file = /etc/postfix/secure.reidware.net.crt 
smtpd_tls_CAfile = /etc/postfix/imapd.pem 
smtpd_tls_loglevel = 1 
smtpd_tls_received_header = yes 
smtpd_tls_session_cache_timeout = 3600s 

/etc/postfix/master.cf:

Code:

smtp      inet  n       -       n       -       -       smtpd 
pickup    fifo  n       -       n       60      1       pickup 
cleanup   unix  n       -       n       -       0       cleanup 
qmgr      fifo  n       -       n       300     1       qmgr 
tlsmgr    unix  -       -       n       1000?   1       tlsmgr 
rewrite   unix  -       -       n       -       -       trivial-rewrite 
bounce    unix  -       -       n       -       0       bounce 
defer     unix  -       -       n       -       0       bounce 
trace     unix  -       -       n       -       0       bounce 
verify    unix  -       -       n       -       1       verify 
flush     unix  n       -       n       1000?   0       flush 
proxymap  unix  -       -       n       -       -       proxymap 
smtp      unix  -       -       n       -       -       smtp 
relay     unix  -       -       n       -       -       smtp 
        -o fallback_relay= 
showq     unix  n       -       n       -       -       showq 
error     unix  -       -       n       -       -       error 
retry     unix  -       -       n       -       -       error 
discard   unix  -       -       n       -       -       discard 
local     unix  -       n       n       -       -       local 
virtual   unix  -       n       n       -       -       virtual 
lmtp      unix  -       -       n       -       -       lmtp 
anvil     unix  -       -       n       -       1       anvil 
scache  unix - - n - 1 scache 
dbmail-lmtp     unix    -       -       n       -       -       lmtp 

/usr/lib/sasl2/smtpd.conf:

Code:

pwcheck_method: auxprop 
auxprop_plugin: sql 
sql_engine: mysql 
mech_list: PLAIN LOGIN 
sql_hostnames: localhost 
sql_user: dbmail 
sql_passwd: <password> 
sql_database: dbmail 
sql_verbose: yes 
sql_select: SELECT passwd FROM dbmail_users WHERE userid = '%u' 

In theory, I think this should work in a similar way to how many other virtual postfix systems work that store user details in a database.

However, when I try to test my server from Outlook I keep getting asked for login details - it gives the perception that either my user name or password is not being accepted (I've made sure that password is stored as plain).

My maillog looks like:

Code:

Apr 15 21:47:12 fs02 dbmail/imap4d[3401]: Message:[serverchild] serverchild.c,PerformChildTask(+349): incoming connection from [10.1.100.196] by pid [3401] 
Apr 15 21:47:12 fs02 dbmail/imap4d[3401]: Message:[imapsession] dbmail-imapsession.c,dbmail_imap_session_handle_auth(+1623): user (id:7, name <user name>) tries login 
Apr 15 21:47:12 fs02 dbmail/imap4d[3401]: Message:[imapsession] dbmail-imapsession.c,dbmail_imap_session_handle_auth(+1644): user (id 7, name <user name>) login accepted 
Apr 15 21:47:12 fs02 dbmail/imap4d[3401]: Error:[imap] imap4.c,IMAPClientHandler(+303): command return with error [idle] 
Apr 15 21:47:12 fs02 dbmail/imap4d[3401]: Message:[imap] imap4.c,IMAPClientHandler(+323): Closing connection for client from IP [10.1.100.196] 
Apr 15 21:47:12 fs02 postfix/smtpd[3450]: connect from unknown[10.1.100.196] 
Apr 15 21:47:12 fs02 postfix/smtpd[3450]: setting up TLS connection from unknown[10.1.100.196] 
Apr 15 21:47:12 fs02 postfix/smtpd[3450]: TLS connection established from unknown[10.1.100.196]: TLSv1 with cipher AES128-SHA (128/128 bits) 
Apr 15 21:47:12 fs02 postfix/smtpd[3450]: warning: unknown[10.1.100.196]: SASL LOGIN authentication failed: authentication failure 
Apr 15 21:47:12 fs02 postfix/smtpd[3450]: lost connection after AUTH from unknown[10.1.100.196] 
Apr 15 21:47:12 fs02 postfix/smtpd[3450]: disconnect from unknown[10.1.100.196] 
Apr 15 21:47:32 fs02 dbmail/imap4d[3432]: Message:[imap] imapcommands.c,_ic_logout(+126): user (id:7) logging out @ [2008-04-15 21:47:32] 
Apr 15 21:47:32 fs02 dbmail/imap4d[3432]: Message:[imap] imap4.c,IMAPClientHandler(+323): Closing connection for client from IP [10.1.100.196] 
Apr 15 21:47:32 fs02 dbmail/imap4d[3399]: Message:[imap] imapcommands.c,_ic_logout(+126): user (id:7) logging out @ [2008-04-15 21:47:32] 
Apr 15 21:47:32 fs02 dbmail/imap4d[3399]: Message:[imap] imap4.c,IMAPClientHandler(+323): Closing connection for client from IP [10.1.100.196] 

(Note: this also shows a successful test of imap)

Can someone give me some suggestions on what I've done wrong?

Thanks!
James.

 

Are you sure that this is the correct query?

Code:

sql_select: SELECT passwd FROM dbmail_users WHERE userid = '%u' 

Does the SQL password contain any special characters? That might be a problem.

 

My /usr/lib/sasl2/smtpd.conf looks like this:

log_level: 1
sql_verbose: no

pwcheck_method: auxprop
auxprop_plugin: sql
sql_engine: mysql
mech_list: DIGEST-MD5 CRAM-MD5 PLAIN LOGIN
sql_hostnames: localhost
sql_user: ******
sql_passwd: ******
sql_database: dbmail
sql_select: SELECT passwd FROM dbmail_users WHERE userid = '%u@%r'

With this setting it works for me with Fedora 7.