I was curious is someone here could help me out with something. I've used howtoforge.net for some time and absolutely love all the information and howto's here, it's great. Usually when I work on something and have problems I'll check the logs and just Google my problem, but this time seems to be a little more difficult and I can't figure out what is wrong. I followed the "Virtual Users And Domains With Postfix, Courier And MySQL" by falko but used Debian Etch instead. I can send and receive email without a problem through roundcube, but I can't send mail out from an email client such as Ice Dove or Outlook. Here are some of my configuration files: /etc/postfix/main.cf Code: myhostname = mail.switchtower.org mydestination = mail.switchtower.org, localhost, localhost.localdomain mynetworks = 127.0.0.0/8 virtual_alias_domains = virtual_alias_maps = proxy:mysql:/etc/postfix/mysql-virtual_forwardings.cf, mysql:/etc/postfix/mysql-virtual_email2email.cf virtual_mailbox_domains = proxy:mysql:/etc/postfix/mysql-virtual_domains.cf virtual_mailbox_maps = proxy:mysql:/etc/postfix/mysql-virtual_mailboxes.cf virtual_mailbox_base = /home/vmail virtual_uid_maps = static:5000 virtual_gid_maps = static:5000 smtpd_sasl_auth_enable = yes broken_sasl_auth_clients = yes smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination smtpd_use_tls = yes smtpd_tls_cert_file = /etc/postfix/smtpd.cert smtpd_tls_key_file = /etc/postfix/smtpd.key transport_maps = proxy:mysql:/etc/postfix/mysql-virtual_transports.cf virtual_create_maildirsize = yes virtual_mailbox_extended = yes virtual_mailbox_limit_maps = proxy:mysql:/etc/postfix/mysql-virtual_mailbox_limit_maps.cf virtual_mailbox_limit_override = yes virtual_maildir_limit_message = "The user you are trying to reach is over quota." virtual_overquota_bounce = yes proxy_read_maps = $local_recipient_maps $mydestination $virtual_alias_maps $virtual_alias_domains $virtual_mailbox_maps $virtual_mailbox_domains $relay_recipient_maps $relay_domains $canonical_maps $sender_canonical_maps $recipient_canonical_maps $relocated_maps $transport_maps $mynetworks $virtual_mailbox_limit_maps inet_interfaces = all /etc/default/saslauthd Code: # # Settings for saslauthd daemon # # Should saslauthd run automatically on startup? (default: no) START=yes # Which authentication mechanisms should saslauthd use? (default: pam) # # Available options in this Debian package: # getpwent -- use the getpwent() library function # kerberos5 -- use Kerberos 5 # pam -- use PAM # rimap -- use a remote IMAP server # shadow -- use the local shadow password file # sasldb -- use the local sasldb database file # ldap -- use LDAP (configuration is in /etc/saslauthd.conf) # # Only one option may be used at a time. See the saslauthd man page # for more information. # # Example: MECHANISMS="pam" MECHANISMS="pam" OPTIONS="-m /var/spool/postfix/var/run/saslauthd -r -c" # Additional options for this mechanism. (default: none) # See the saslauthd man page for information about mech-specific options. MECH_OPTIONS="" # How many saslauthd processes should we run? (default: 5) # A value of 0 will fork a new process for each connection. THREADS=5 # Other options (default: -c) # See the saslauthd man page for information about these options. # # Example for postfix users: "-c -m /var/spool/postfix/var/run/saslauthd" # Note: See /usr/share/doc/sasl2-bin/README.Debian #OPTIONS="-c" /etc/postfix/sasl/smtpd.conf Code: pwcheck_method: saslauthd mech_list: plain login allow_plaintext: true auxprop_plugin: mysql sql_hostnames: 127.0.0.1 sql_user: mail_admin sql_passwd: (password) sql_database: mail sql_select: select password from users where email = '%u' /etc/pam.d/smtp Code: auth required pam_mysql.so user=mail_admin passwd=password host=127.0.0.1 db=mail table=users usercolumn=email passwdcolumn=password crypt=1 account sufficient pam_mysql.so user=mail_admin passwd=password host=127.0.0.1 db=mail table=users usercolumn=email passwdcolumn=password crypt=1 tail -20 /var/log/mail.log Code: Apr 1 10:58:54 mail postfix/anvil[29009]: statistics: max connection count 1 for (smtp:24.11.146.57) at Apr 1 10:55:30 Apr 1 10:58:54 mail postfix/anvil[29009]: statistics: max cache size 1 at Apr 1 10:55:30 Apr 1 10:59:36 mail imapd: Connection, ip=[::ffff:127.0.0.1] Apr 1 10:59:36 mail authdaemond: received auth request, service=imap, authtype=login Apr 1 10:59:36 mail authdaemond: authmysql: trying this module Apr 1 10:59:36 mail authdaemond: SQL query: SELECT email, password, "", 5000, 5000, "/home/vmail", CONCAT(SUBSTRING_INDEX(email,'@',-1),'/',SUBSTRING_INDEX(email,'@',1),'/'), quota, "", "" FROM users WHERE email = "[email protected]" Apr 1 10:59:36 mail authdaemond: password matches successfully Apr 1 10:59:36 mail authdaemond: authmysql: sysusername=<null>, sysuserid=5000, sysgroupid=5000, homedir=/home/vmail, [email protected], fullname=<null>, maildir=switchtower.org/nick/, quota=2147483647, options=<null> Apr 1 10:59:36 mail authdaemond: Authenticated: sysusername=<null>, sysuserid=5000, sysgroupid=5000, homedir=/home/vmail, [email protected], fullname=<null>, maildir=switchtower.org/nick/, quota=2147483647, options=<null> Apr 1 10:59:36 mail imapd: LOGIN, [email protected], ip=[::ffff:127.0.0.1], protocol=IMAP Apr 1 10:59:36 mail imapd: LOGOUT, [email protected], ip=[::ffff:127.0.0.1], headers=0, body=0, rcvd=25, sent=180, time=0 Apr 1 11:00:36 mail imapd: Connection, ip=[::ffff:127.0.0.1] Apr 1 11:00:36 mail authdaemond: received auth request, service=imap, authtype=login Apr 1 11:00:36 mail authdaemond: authmysql: trying this module Apr 1 11:00:36 mail authdaemond: SQL query: SELECT email, password, "", 5000, 5000, "/home/vmail", CONCAT(SUBSTRING_INDEX(email,'@',-1),'/',SUBSTRING_INDEX(email,'@',1),'/'), quota, "", "" FROM users WHERE email = "[email protected]" Apr 1 11:00:36 mail authdaemond: password matches successfully Apr 1 11:00:36 mail authdaemond: authmysql: sysusername=<null>, sysuserid=5000, sysgroupid=5000, homedir=/home/vmail, [email protected], fullname=<null>, maildir=switchtower.org/nick/, quota=2147483647, options=<null> Apr 1 11:00:36 mail authdaemond: Authenticated: sysusername=<null>, sysuserid=5000, sysgroupid=5000, homedir=/home/vmail, [email protected], fullname=<null>, maildir=switchtower.org/nick/, quota=2147483647, options=<null> Apr 1 11:00:36 mail imapd: LOGIN, [email protected], ip=[::ffff:127.0.0.1], protocol=IMAP Apr 1 11:00:36 mail imapd: LOGOUT, [email protected], ip=[::ffff:127.0.0.1], headers=0, body=0, rcvd=25, sent=180, time=0 Please let me know if you can help and also if you need anything else from me. Any help would be GREATLY appreciated Nick
thank you falko for responding I tried enabling "Server requires authentication" in Ice Dove, but it just told me that the server didn't support it. Here is some updated log files from the server, maybe this will help better understand the problem: Code: Apr 2 13:04:48 mail imapd: LOGIN, [email protected], ip=[::ffff:127.0.0.1], protocol=IMAP Apr 2 13:04:48 mail imapd: LOGOUT, [email protected], ip=[::ffff:127.0.0.1], headers=0, body=0, rcvd=25, sent=180, time=0 Apr 2 13:05:20 mail postfix/smtpd[3140]: warning: dict_nis_init: NIS domain name not set - NIS lookups disabled Apr 2 13:05:21 mail postfix/smtpd[3140]: warning: 69.16.222.227: address not listed for hostname switchtower.liquidweb.com Apr 2 13:05:21 mail postfix/smtpd[3140]: connect from unknown[69.16.222.227] Apr 2 13:05:26 mail postfix/smtpd[3140]: warning: SASL authentication failure: Password verification failed Apr 2 13:05:26 mail postfix/smtpd[3140]: warning: unknown[69.16.222.227]: SASL PLAIN authentication failed: authentication failure Apr 2 13:05:26 mail postfix/smtpd[3140]: warning: unknown[69.16.222.227]: SASL LOGIN authentication failed: authentication failure Thanks again, Nick
Did you use this tutorial? http://www.howtoforge.com/virtual_postfix_mysql_quota_courier_ubuntu_edgy If so, you must change /etc/default/saslauthd. On Etch, PARAMS has been replaced with OPTIONS, so replace Code: PARAMS="-m /var/spool/postfix/var/run/saslauthd -r" with Code: OPTIONS="-m /var/spool/postfix/var/run/saslauthd -r -c"
thanks for you reply falko, I did use Code: OPTIONS="-m /var/spool/postfix/var/run/saslauthd -r -c" I'll look through the Ubuntu howto see if I can see any differences in what I did. Thanks again.
I'm trying to do the exact same thing. I'd like my mail users to be able to send mail through my postfix, but it needs to be secure. I don't care if I just have a single username/password for all users trying to send email, actually. Has anyone tried this using the rimap option in saskauthd for this purpose?
All is fixed Falko was right, i wasn't forcing my client to use TLS for SMTP connections. Thanks Falko, as usually, I've used your suggestion to fix my problem. Nick
Mine is working now too. Here's what I did, top to bottom, to get debian etch with postfix working to send SMTP mail securely with TLS: 1. apt-get install libsasl2-modules sasl2-bin 2. edited /etc/default/saslauthd like this: START=yes MECHANISMS="shadow" MECH_OPTIONS="" THREADS=5 OPTIONS="-c" 3. copied contents of /usr/share/postfix/main.cf.tls into /etc/postfix/main.cf, added these lines: smtpd_sasl_auth_enable = yes broken_sasl_auth_clients = yes smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination smtpd_tls_cert_file=/etc/ssl/certs/wadhome.org.pem smtpd_tls_key_file=/etc/ssl/private/wadhome.org.pem smtpd_use_tls=yes smtpd_tls_session_cache_database = btree:${queue_directory}/smtpd_scache smtp_tls_session_cache_database = btree:${queue_directory}/smtp_scache 4. put stuff into /etc/postfix/sasl/smtpd.conf: pwcheck_method: saslauthd mech_list: plain login 5. Fixed problems with postfix ownership of the pipe: mkdir -p /var/spool/postfix/var/run/saslauthd Added this to /etc/fstab: /var/run/saslauthd /var/spool/postfix/var/run/saslauthd none bind 0 0 mount /var/spool/postfix/var/run/saslauthd chmod 755 /var/spool/postfix/var/run/saslauthd 6. /etc/init.d/saslauthd start 7. /etc/init.d/postfix restart
I'm trying to setup SMTP authentication for my mail-server (DEBIAN ETCH) for the last 5 days but nothing i tried so far is really working. Perhaps anybody here can help me getting all running I created /var/spool/postfix/var/run/saslauthd/ by running: mkdir -p /var/spool/postfix/var/run/saslauthd/ I followed /usr/share/doc/sasl2-bin/README.Debian and made: dpkg-statoverride --add root sasl 710 /var/spool/postfix/var/run/saslauthd /etc/default/saslauthd Code: START=yes MECHANISMS="pam" MECH_OPTIONS="" THREADS=5 OPTIONS="-c -m /var/spool/postfix/var/run/saslauthd" /etc/pam.d/smtp Code: auth required pam_mysql.so user=mailuser passwd=mypasswd host=localhost db=mailusers table=mailbox usercolumn=user passwdcolumn=password crypt=1 account sufficient pam_mysql.so user=mailuser passwd=mypasswd host=localhost db=mailusers table=mailbox usercolumn=user passwdcolumn=password crypt=1 relevant information from /etc/postfix/main.cf Code: smtpd_sasl_auth_enable = yes smtpd_sasl_security_options = noanonymous smtpd_sasl_local_domain = $myhostname broken_sasl_auth_clients = no smtpd_helo_required = yes smtpd_recipient_restrictions = permit_sasl_authenticated, permit_mynetworks, reject_unauth_destination smtpd_sender_restrictions = permit_sasl_authenticated, permit_mynetworks, reject_unauth_destination smtpd_helo_restrictions = permit_sasl_authenticated, permit_mynetworks, reject_unauth_destination smtpd_use_tls = yes smtpd_tls_auth_only = yes smtpd_tls_key_file = /etc/postfix/smtpd.pem smtpd_tls_cert_file = /etc/postfix/smtpd.pem smtpd_tls_CAfile = /etc/postfix/smtpd.pem If I use this /etc/postfix/sasl/smtpd.conf Code: pwcheck_method: saslauthd mech_ist: PLAIN LOGIN then I'm getting the following error in /var/log/auth.log Code: May 23 20:56:41 servername postfix/smtpd[25836]: sql_select option missing May 23 20:56:41 servername postfix/smtpd[25836]: auxpropfunc error no mechanism available May 23 20:56:41 servername postfix/smtpd[25836]: _sasl_plugin_load failed on sasl_auxprop_plug_init for plugin: sql If I use this version of /etc/postfix/sasl/smtpd.conf instead Code: pwcheck_method: saslauthd mech_ist: PLAIN LOGIN sasl_pwcheck_method: auxprop sasl_auxprop_plugin: mysql allow_plaintext: true password_format: crypt mech_list: plain login CRAM-MD5 DIGEST-MD5 sql_engine: mysql sql_hostnames: 127.0.0.1 sql_database: mailusers sql_user: mailuser sql_passwd: mypasswd sql_select: SELECT password FROM mailbox WHERE user='%u@%r I receive the following error Code: May 23 21:01:21 servername postfix/smtpd[26465]: warning: SASL authentication failure: incorrect digest response May 23 21:01:21 servername postfix/smtpd[26465]: warning: p54xxxxxx.dip.t-dialin.net[xx.xxx.xx.xxx]: SASL CRAM-MD5 authentication failed: authentication failure Hope I didn't forget to post one of these config-files If so please tell me I will give you the missing information. Thanks for your help in advance...
Try this in /etc/postfix/sasl/smtpd.conf (from http://www.howtoforge.com/virtual_postfix_mysql_quota_courier_ubuntu_edgy_p3 ): Code: pwcheck_method: saslauthd mech_list: plain login allow_plaintext: true auxprop_plugin: mysql sql_hostnames: 127.0.0.1 sql_user: mail_admin sql_passwd: mail_admin_password sql_database: mail sql_select: select password from users where email = '%u'
Thanks for your help. I tried it an now I'm getting another error message Code: May 24 19:05:24 servername postfix/smtpd[22417]: TLS connection established from p54xxxxxx.dip.t-dialin.net[XX.XX.XX.XX]: TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits) May 24 19:05:24 servername postfix/smtpd[22417]: warning: p54xxxxxx.dip.t-dialin.net[XX.XX.XX.XX]: SASL CRAM-MD5 authentication failed: no mechanism available May 24 19:05:24 servername postfix/smtpd[22417]: disconnect from p54xxxxxx.dip.t-dialin.net[XX.XX.XX.XX]
That is the output of 'telnet localhost 25' and 'ehlo localhost': Code: 250-server.domain.de 250-PIPELINING 250-SIZE 10240000 250-ETRN 250-STARTTLS 250-ENHANCEDSTATUSCODES 250-8BITMIME 250 DSN
There are not AUTH lines at all, so something is wrong in your main.cf. Please compare your setup again with the tutorial.
I didn't find anything wrong in main.cf. Instead I found out that I have a problem starting saslauthd. In /etc/postfix/sasl/smtpd.conf i set the loglevel to 7 and then tried to start saslauthd by hand Code: /usr/sbin/saslauthd -dV -a pam -c -m /var/spool/postfix/var/run/saslauthd start What I get is this: Code: /usr/sbin/saslauthd -dV -a pam -c -m /var/spool/postfix/var/run/saslauthd start saslauthd[26345] :main : num_procs : 5 saslauthd[26345] :main : mech_option: NULL saslauthd[26345] :main : run_path : /var/spool/postfix/var/run/saslauthd saslauthd[26345] :main : auth_mech : pam saslauthd[26345] :cache_alloc_mm : mmaped shared memory segment on file: /var/spool/postfix/var/run/saslauthd/cache.mmap saslauthd[26345] :cache_init : bucket size: 92 bytes saslauthd[26345] :cache_init : stats size : 36 bytes saslauthd[26345] :cache_init : timeout : 28800 seconds saslauthd[26345] :cache_init : cache table: 944764 total bytes saslauthd[26345] :cache_init : cache table: 1711 slots saslauthd[26345] :cache_init : cache table: 10266 buckets saslauthd[26345] :cache_init_lock : flock file opened at /var/spool/postfix/var/run/saslauthd/cache.flock saslauthd[26345] :ipc_init : using accept lock file: /var/spool/postfix/var/run/saslauthd/mux.accept saslauthd[26345] :detach_tty : master pid is: 0 saslauthd[26345] :ipc_init : could not bind to socket: /var/spool/postfix/var/run/saslauthd/mux saslauthd[26345] :ipc_init : bind: Address already in use So the daemon isn't startet at all. Any idea?
Thanks for your help. Server is running now. Had to delete the folder "mux" in /var/spool/postfix/var/run/saslauthd/.
