Authenticated Relaying using Postfix

Discussion in 'Server Operation' started by williatf, Jul 7, 2008.

  1. williatf

    williatf New Member

    I'm having trouble configuring postfix to allow authenticated relaying of messages. I'm getting dizzy reading all of the how-tos around this topic and I'm not making sense of them.

    I originally set up my box using a modified perfect server set-up for suse 10.2. I use postfixadmin to administer my email server. I'd like to be able to use the same mysql database to authenticate remote users. I know it can be done, but I can't figure out how to do it on my system.

    Any help would be appreciated.

    -- williatf
     
  2. falko

    falko Super Moderator Howtoforge Staff

    All of the tutorials here come with SMTP-AUTH by default. What exactly is your problem?
     
  3. williatf

    williatf New Member

    Falko, Thanks for the quick reply.

    The problem is authenticating virtual users against a mysql database. I'm having trouble fitting all of the pieces together.

    -- williatf
     
  4. falko

    falko Super Moderator Howtoforge Staff

    You can check out the tutorials about "Virtual Users and Domains with Postfix ..." in the Postfix category: http://www.howtoforge.com/howtos/email/postfix
    That should give you the idea. Unfortunately we have no such tutorial for SUSE.
     
  5. williatf

    williatf New Member

    Thanks Falco. I was able to piece it together somewhat for my Suse 10.2 box. saslauthd is now reading my mysql table and appears to be authenticating correctly when tested using testsaslauthd.

    testsaslauthd -u user@domain.realm -p xxxxxx -s smtp
    returns OK "Success."

    The table has two columns that are being queried: username, password.

    username is a full email address: user@domain.realm.

    However, when I test my mail server directly via telnet, the authentication fails.

    The log indicates the following

    Jul 12 14:54:10 server1 saslauthd[6389]: do_auth : auth failure: [service=smtp] [realm=] [mech=pam] [reason=PAM auth error]

    The "user=" is missing the domain part of the email address.

    I'm generating the user/password sequence using the following command:

    perl -MMIME::Base64 -e 'print encode_base64("user\0user@domain.realm\0password");'

    The contents of my /etc/pam.d/smtp is:

    auth required pam_mysql.so user=postfix passwd=xxxxxx host=localhost db=postfix table=mailbox usercolumn=username passwdcolumn=password crypt=1
    account sufficient pam_mysql.so user=postfix passwd=xxxxxx host=localhost db=postfix table=mailbox usercolumn=username passwdcolumn=password crypt=1

    The contents of my /etc/sasl2/smtpd.conf is:

    pwcheck_method: saslauthd
    mech_list: plain login
    auxprop_plugin: mysql
    sql_user: postfix
    sql_passwd: xxxxxx
    sql_database: postfix
    sql_select: SELECT password FROM mailbox WHERE username = '%u'

    saslauthd includes the "-r" switch at start-up.

    What is wrong with this configuration?

    Thanks for the help!

    -- williatf
     
  6. falko

    falko Super Moderator Howtoforge Staff

    I'm not sure, but for SUSE the smtpd.conf might be located elsewhere, e.g. in /usr/lib/sasl.
     
  7. williatf

    williatf New Member

    I think I figured it out.

    The "smtpd_sasl_local_domain" setting in main.cf was not set to anything. That setting provides saslauthd with the realm that it appends to the username for authentication. I set it to $mydomain.

    I'm not sure how to configure postfix / saslauthd for many virtual domains, where usernames could be the same across two or more domains. But, this works for me.

    Thanks for trying!

    -- williatf
     
  8. ethanlifka

    ethanlifka New Member

    Login to Postfix using full email address

    I am still confused about logging in to postfix using a full email address. I would like to login to my account using Outlook and use my full email address a the username. Does the mysql virtual user setup solve this issue and does the database get updated by ispconfig. Ispconfig uses virtusertable to solve this issue with squirlmail and webmail. Is there a way to do the same with Outlook and other programs without setting up a complicated database. I was looking for something easy like adding:
    virual_alias_maps = /etc/postfix/virtusertable
    to main.cf, but this does not work. Can someone tell me why?

    I have searched hundreds of posts.

    Does anyone have a solution?
     
  9. falko

    falko Super Moderator Howtoforge Staff

    This is not possible because ISPConfig 2 is incompatible with the virtual users setup.
     

Share This Page