gettin postfix sasl pam and mysql to work. HELP
Steve B
Mysql database. I need postfix to handle multiple domains and multiple
users. I also need this information to be stored in a mysql database so
I can manipulate and manage the data through other interfaces. I have
been pulling my hair out with this for days! I just can't seem to get it
to work. Here is what I have done thus far (btw: my linux distro is
Gentoo so we don't have RPM's)
I have compiled postfix (with sasl support) and cyrus-sasl. I have
compiled pam_mysql and setup the /etc/pam.d/ files to use mysql. I have
created some tables to hold the data in mysql (you can see the tables I've
created at http://www.gentoo.org/doc/en/virt-mail-howto.xml - this is
the basic guide I have been following).
At first when I telneted to postfix I recieved no AUTH lines via
the EHLO command. Something I did fixed that (not sure what) but now I
have auth lines in the EHLO command. However its still not authing
against the mysql database. I am not sure if postfix is talking to sasl
correctly or if the problem is in sasl2, pam_mysql.so or mysql it's
self. Below is the output from logs and such
My mail logs (seperated)
[mail.err]
sunflower1 log # tail -20 mail.err
Feb 5 18:56:02 sunflower1 pop3d: LOGIN FAILED, ip= [::ffff:211.238.230.137]
Feb 5 18:57:02 sunflower1 pop3d: LOGIN FAILED, ip=[::ffff:211.238.230.137]
Feb 5 18:58:03 sunflower1 pop3d: LOGIN FAILED, ip=[::ffff:211.238.230.137]
Feb 5 18:59:02 sunflower1 pop3d: LOGIN FAILED, ip=[::ffff:211.238.230.137]
Feb 5 19:00:02 sunflower1 pop3d: LOGIN FAILED, ip=[::ffff:211.238.230.137]
Feb 5 19:01:03 sunflower1 pop3d: LOGIN FAILED, ip=[::ffff:211.238.230.137]
Feb 5 19:02:02 sunflower1 pop3d: LOGIN FAILED, ip=[::ffff:211.238.230.137]
Feb 5 19:03:03 sunflower1 pop3d: LOGIN FAILED, ip=[::ffff:211.238.230.137]
Feb 5 19:04:02 sunflower1 pop3d: LOGIN FAILED, ip=[::ffff:211.238.230.137]
Feb 5 19:05:03 sunflower1 pop3d: LOGIN FAILED, ip=[::ffff:211.238.230.137]
Feb 5 19:06:02 sunflower1 pop3d: LOGIN FAILED, ip=[::ffff:211.238.230.137]
Feb 5 19:07:03 sunflower1 pop3d: LOGIN FAILED, ip=[::ffff:211.238.230.137]
Feb 5 19:08:02 sunflower1 pop3d: LOGIN FAILED, ip=[::ffff:211.238.230.137]
Feb 5 19:09:02 sunflower1 pop3d: LOGIN FAILED, ip=[::ffff:211.238.230.137]
Feb 5 19:10:02 sunflower1 pop3d: LOGIN FAILED, ip=[::ffff:211.238.230.137]
Feb 5 19:11:03 sunflower1 pop3d: LOGIN FAILED, ip=[::ffff:211.238.230.137]
Feb 5 19:12:02 sunflower1 pop3d: LOGIN FAILED, ip=[::ffff:211.238.230.137]
Feb 5 19:13:02 sunflower1 pop3d: LOGIN FAILED, ip=[::ffff:211.238.230.137]
Feb 6 13:31:43 sunflower1 pop3d-ssl: LOGIN FAILED, ip=[::ffff:147.242.160.33]
Feb 6 13:31:50 sunflower1 pop3d-ssl: LOGIN FAILED, ip=[::ffff:147.242.160.33]
[mail.warn]
sunflower1 log # tail -20 mail.warn
Feb 5 13:29:41 sunflower1 postfix/smtpd[2468]: warning:
std_addr_pattern: invalid address pattern "mail.secure-dt.net"
Feb 5 13:34:37 sunflower1 postfix/smtpd[2517]: warning:
std_addr_pattern: invalid address pattern "mail.secure-dt.net"
Feb 5 13:35:54 sunflower1 postfix/smtpd[2517]: warning:
std_addr_pattern: invalid address pattern "mail.secure-dt.net"
Feb 5 13:36:07 sunflower1 postfix/smtpd[2547]: warning:
std_addr_pattern: invalid address pattern "mail.secure-dt.net"
Feb 5 18:22:56 sunflower1 postfix/smtpd[4481]: warning:
std_addr_pattern: invalid address pattern "mail.secure-dt.net"
Feb 5 18:24:02 sunflower1 postfix/smtpd[4481]: warning:
std_addr_pattern: invalid address pattern "mail.secure-dt.net"
Feb 6 13:44:33 sunflower1 postfix/trivial-rewrite[18405]: warning:
do not list domain secure-dt.net in BOTH mydestination and
virtual_mailbox_domains
Feb 6 13:44:33 sunflower1 postfix/trivial-rewrite[18405]: warning:
do not list domain secure-dt.net in BOTH mydestination and
virtual_mailbox_domains
[mail.info]
sunflower1 log # tail -20 mail.info
>>>> Feb 5 19:11:57 sunflower1 pop3d: Connection, ip=[::ffff:211.238.230.137]
Feb 5 19:12:02 sunflower1 pop3d: Disconnected, ip=[::ffff:211.238.230.137]
Feb 5 19:12:57 sunflower1 pop3d: Connection, ip=[::ffff:211.238.230.137]
Feb 5 19:13:02 sunflower1 pop3d: Disconnected, ip=[::ffff:211.238.230.137]
Feb 5 19:13:24 sunflower1 postfix/postfix-script: stopping the
Postfix mail system
Feb 5 19:13:24 sunflower1 postfix/master[2205]: terminating on
signal 15
Feb 5 19:14:27 sunflower1 postfix/postfix-script: starting the
Postfix mail system
Feb 5 19:14:27 sunflower1 postfix/master[2206]: daemon started --
version 2.0.16
Feb 6 13:30:35 sunflower1 postfix/postfix-script: stopping the
Postfix mail system
Feb 6 13:30:35 sunflower1 postfix/master[2206]: terminating on
signal 15
Feb 6 13:30:37 sunflower1 postfix/postfix-script: starting the
Postfix mail system
Feb 6 13:30:37 sunflower1 postfix/master[18370]: daemon started --
version 2.0.16
Feb 6 13:31:36 sunflower1 pop3d-ssl: Connection, ip=[::ffff:147.242.160.33]
Feb 6 13:31:43 sunflower1 pop3d-ssl: Unexpected SSL connection
shutdown.
Feb 6 13:31:45 sunflower1 pop3d-ssl: Connection, ip=[::ffff:147.242.160.33]
Feb 6 13:31:51 sunflower1 pop3d-ssl: Unexpected SSL connection
shutdown.
Feb 6 13:44:33 sunflower1 postfix/pickup[18378]: BB4E33480C: uid=0
from=<root>
Feb 6 13:44:33 sunflower1 postfix/cleanup[18404]: BB4E33480C:
message-id=<20040206044...@sunflower1.secure-dt.net>
Feb 6 13:44:33 sunflower1 postfix/qmgr[18379]: BB4E33480C: from=<ro...@secure-dt.net>,
size=427, nrcpt=1 (queue active)
Feb 6 13:44:33 sunflower1 postfix/local[18409]: BB4E33480C: to=<bu...@secure-dt.net>,
relay=local, delay=0, status=sent (maildir)
[mail.log]
sunflower1 log # tail -20 mail.log
Feb 5 19:13:24 sunflower1 postfix/postfix-script: stopping the
Postfix mail system
Feb 5 19:13:24 sunflower1 postfix/master[2205]: terminating on
signal 15
Feb 5 19:14:27 sunflower1 postfix/postfix-script: starting the
Postfix mail system
Feb 5 19:14:27 sunflower1 postfix/master[2206]: daemon started --
version 2.0.16
Feb 6 13:30:35 sunflower1 postfix/postfix-script: stopping the
Postfix mail system
Feb 6 13:30:35 sunflower1 postfix/master[2206]: terminating on
signal 15
Feb 6 13:30:37 sunflower1 postfix/postfix-script: starting the
Postfix mail system
Feb 6 13:30:37 sunflower1 postfix/master[18370]: daemon started --
version 2.0.16
Feb 6 13:31:36 sunflower1 pop3d-ssl: Connection, ip=[::ffff:147.242.160.33]
Feb 6 13:31:43 sunflower1 pop3d-ssl: LOGIN FAILED, ip=[::ffff:147.242.160.33]
Feb 6 13:31:43 sunflower1 pop3d-ssl: Unexpected SSL connection
shutdown.
Feb 6 13:31:45 sunflower1 pop3d-ssl: Connection, ip=[::ffff:147.242.160.33]
Feb 6 13:31:50 sunflower1 pop3d-ssl: LOGIN FAILED, ip=[::ffff:147.242.160.33]
Feb 6 13:31:51 sunflower1 pop3d-ssl: Unexpected SSL connection
shutdown.
Feb 6 13:44:33 sunflower1 postfix/pickup[18378]: BB4E33480C: uid=0
from=<root>
Feb 6 13:44:33 sunflower1 postfix/cleanup[18404]: BB4E33480C:
message-id=<20040206044...@sunflower1.secure-dt.net>
Feb 6 13:44:33 sunflower1 postfix/qmgr[18379]: BB4E33480C: from=<ro...@secure-dt.net>,
size=427, nrcpt=1 (queue active)
Feb 6 13:44:33 sunflower1 postfix/trivial-rewrite[18405]: warning:
do not list domain secure-dt.net in BOTH mydestination and
virtual_mailbox_domains
Feb 6 13:44:33 sunflower1 postfix/trivial-rewrite[18405]: warning:
do not list domain secure-dt.net in BOTH mydestination and
virtual_mailbox_domains
Feb 6 13:44:33 sunflower1 postfix/local[18409]: BB4E33480C: to=<bu...@secure-dt.net>,
relay=local, delay=0, status=sent (maildir)
[mysql.log]
/usr/sbin/mysqld, Version: 4.0.16-log, started with:
Tcp port: 3306 Unix socket: /var/run/mysqld/mysqld.sock
Time Id Command Argument
040205 8:50:47 1 Connect Access denied for user: 'mailsql@localhost'
(Using password: NO)
040205 8:50:55 2 Connect Access denied for user: 'mailsql@localhost'
(Using password: NO)
040205 8:51:33 3 Connect Access denied for user: 'mailsql@localhost'
(Using password: NO)
040205 8:53:59 4 Connect Access denied for user: 'root@localhost'
(Using password: NO)
040205 8:54:26 5 Connect Access denied for user: 'root@localhost'
(Using password: NO)
040205 8:56:01 6 Connect Access denied for user: 'root@localhost'
(Using password: NO)
040205 9:22:05 7 Connect Access denied for user: 'mailsql@localhost'
(Using password: NO)
040205 9:52:12 8 Connect Access denied for user: 'mailsql@localhost'
(Using password: NO)
040205 9:59:08 9 Connect Access denied for user: 'mailsql@localhost'
(Using password: NO)
040205 13:06:35 10 Connect Access denied for user: 'mailsql@localhost'
(Using password: NO)
[output of postconf -n]
sunflower1 mysql # postconf -n
alias_database = hash:/etc/mail/aliases
alias_maps = mysql:/etc/postfix/mysql-aliases.cf
broken_sasl_auth_clients = yes
command_directory = /usr/sbin
config_directory = /etc/postfix
daemon_directory = /usr/lib/postfix
debug_peer_level = 5
debug_peer_list = mail.secure-dt.net 211.238.230.137
default_destination_concurrency_limit = 10
home_mailbox = .maildir/
inet_interfaces = all
local_destination_concurrency_limit = 2
local_recipient_maps = $alias_maps $virtual_mailbox_maps unix:passwd.byname
local_transport = local
mail_owner = postfix
mailq_path = /usr/bin/mailq
manpage_directory = /usr/share/man
masquerade_domains = $mydomain
mydestination = $myhostname, localhost.$mydomain $mydomain
mydomain = secure-dt.net
myhostname = mail.secure-dt.net
mynetworks = 211.238.230.137/24, 127.0.0.0/8
myorigin = $mydomain
newaliases_path = /usr/bin/newaliases
queue_directory = /var/spool/postfix
readme_directory = /usr/share/doc/postfix-2.0.16-r1/readme
relocated_maps = mysql:/etc/postfix/mysql-relocated.cf
sample_directory = /usr/share/doc/postfix-2.0.16-r1/sample
sendmail_path = /usr/sbin/sendmail
setgid_group = postdrop
smtpd_recipient_restrictions = permit_sasl_authenticated,
permit_mynetworks, reject_unauth_destination
smtpd_sasl_auth_enable = yes
smtpd_sasl_local_domain =
smtpd_sasl_security_options = noanonymous
smtpd_tls_CAfile = /etc/postfix/cacert.pem
smtpd_tls_cert_file = /etc/postfix/newcert.pem
smtpd_tls_key_file = /etc/postfix/newreq.pem
smtpd_tls_loglevel = 3
smtpd_tls_received_header = yes
smtpd_tls_session_cache_timeout = 3600s
smtpd_use_tls = yes
tls_random_source = dev:/dev/urandom
unknown_local_recipient_reject_code = 450
virtual_alias_maps = mysql:/etc/postfix/mysql-virtual.cf
virtual_gid_maps = static:$vmail -gid
virtual_mailbox_base = /
virtual_mailbox_domains = secure-dt.net code-universe.com
virtual_mailbox_maps = mysql:/etc/postfix/mysql-virtual-maps.cf
virtual_minimum_uid = 1000
virtual_transport = virtual
virtual_uid_maps = static:$vmail -uid
Any help would be appreciated.
José Luis Tallón
>Hello. I have been trying to get Postfix to auth users through a
>Mysql database. I need postfix to handle multiple domains and multiple
>users. I also need this information to be stored in a mysql database so
>I can manipulate and manage the data through other interfaces. I have
>been pulling my hair out with this for days! I just can't seem to get it
> to work. Here is what I have done thus far (btw: my linux distro is
>Gentoo so we don't have RPM's)
<rude>
Hmm... I expected somebody using Gentoo to at least be able to read ...
</rude>
I apologize for the former comment, but Wietse spent a lot of time writing
clear error messages
>I have compiled postfix (with sasl support) and cyrus-sasl. I have
>compiled pam_mysql and setup the /etc/pam.d/ files to use mysql. I have
>created some tables to hold the data in mysql (you can see the tables I've
>created at http://www.gentoo.org/doc/en/virt-mail-howto.xml - this is
>the basic guide I have been following).
Again, which Postfix version do you use ? ( Hint: 'postfix -d mail_version' )
Update: It can be read in one of the logs later, but that's not the usual
procedure.
>At first when I telneted to postfix I recieved no AUTH lines via
>the EHLO command. Something I did fixed that (not sure what) but now I
>have auth lines in the EHLO command.
Instead of changing things blindly, please try to learn how the general
system works before. Then, tweak params one-at-a-time, RTFineM in between.
>However its still not authing against the mysql database.
>I am not sure if postfix is talking to sasl correctly
Postfix talks to SASL just fine if you tell it to.
>or if the problem is in sasl2, pam_mysql.so or mysql itself.
SASL - pam_mysql
SASL2 - auxprop_mysql
choose either one, but do not mix them.
>Below is the output from logs and such
>My mail logs (seperated)
>[mail.err]
>sunflower1 log # tail -20 mail.err
>Feb 5 18:56:02 sunflower1 pop3d: LOGIN FAILED, ip= [::ffff:211.238.230.137]
>[snip]
>Feb 6 13:31:50 sunflower1 pop3d-ssl: LOGIN FAILED, ip=[::ffff:147.242.160.33]
What does this have to do with Postfix? Postfix is an MTA, not a POP3 server
>[mail.warn]
>sunflower1 log # tail -20 mail.warn
>Feb 5 13:29:41 sunflower1 postfix/smtpd[2468]: warning:
>std_addr_pattern: invalid address pattern "mail.secure-dt.net"
>[snip]
>Feb 6 13:44:33 sunflower1 postfix/trivial-rewrite[18405]: warning:
> do not list domain secure-dt.net in BOTH mydestination and
>virtual_mailbox_domains
>Feb 6 13:44:33 sunflower1 postfix/trivial-rewrite[18405]: warning:
> do not list domain secure-dt.net in BOTH mydestination and
>virtual_mailbox_domains
Postfix is very clearly pointing the misconfiguration.
> [mail.info]
>sunflower1 log # tail -20 mail.info
> >>>> Feb 5 19:11:57 sunflower1 pop3d: Connection,
> ip=[::ffff:211.238.230.137]
>[snip]
>Feb 5 19:13:24 sunflower1 postfix/postfix-script: stopping the
>Postfix mail system
>Feb 5 19:13:24 sunflower1 postfix/master[2205]: terminating on
>signal 15
[restarting Postfix blindly]
>Feb 6 13:30:37 sunflower1 postfix/postfix-script: starting the
>Postfix mail system
>Feb 6 13:30:37 sunflower1 postfix/master[18370]: daemon started --
> version 2.0.16
Aha! Postfix v2.0.16
[snip, POP3 garbage]
>Feb 6 13:44:33 sunflower1 postfix/pickup[18378]: BB4E33480C: uid=0
> from=<root>
>Feb 6 13:44:33 sunflower1 postfix/cleanup[18404]: BB4E33480C:
>message-id=<20040206044...@sunflower1.secure-dt.net>
>Feb 6 13:44:33 sunflower1 postfix/qmgr[18379]: BB4E33480C:
>from=<ro...@secure-dt.net>,
> size=427, nrcpt=1 (queue active)
>Feb 6 13:44:33 sunflower1 postfix/local[18409]: BB4E33480C:
>to=<bu...@secure-dt.net>,
> relay=local, delay=0, status=sent (maildir)
So, here it is working ...
>[mail.log]
>sunflower1 log # tail -20 mail.log
[useless entries]
[snip - same 10 times ]
You forgot to specify the password for the user 'mailsql@localhost' and
probably forgot to allow it to login( Hint: GRANT select ON db.table TO
user@host IDENTIFIED BY 'password' )
You have to decide whether $mydomain is a 'local' domain or a
'virtual_mailbox' domain.
You probably want the latter, so:
mydestination = $myhostname, localhost.$mydomain
>virtual_mailbox_maps = mysql:/etc/postfix/mysql-virtual-maps.cf
>virtual_minimum_uid = 1000
>virtual_transport = virtual
>virtual_uid_maps = static:$vmail -uid
To configure SASL2 to use mysql, you *do not* need PAM, but SASL2's MySQL
auxprop
Regards,
J.L.
Steve B.
=C3=B3n wrote:
> At 11:33 06/02/2004, you wrote:
> >Hello. I have been trying to get Postfix to auth users through a
> >Mysql database. I need postfix to handle multiple domains and multiple
> >users. I also need this information to be stored in a mysql database so
> >I can manipulate and manage the data through other interfaces. I have
> >been pulling my hair out with this for days! I just can't seem to get it
> > to work. Here is what I have done thus far (btw: my linux distro is
> >Gentoo so we don't have RPM's)
>
> <rude>
> Hmm... I expected somebody using Gentoo to at least be able to read ...
> </rude>
>
> I apologize for the former comment, but Wietse spent a lot of time writing
> clear error messages
>
m,=20
other than to be rude and show people your superior knowledge, and how stup=
id=20
the rest of the world is.
> >I have compiled postfix (with sasl support) and cyrus-sasl. I have
> >compiled pam_mysql and setup the /etc/pam.d/ files to use mysql. I have
> >created some tables to hold the data in mysql (you can see the tables I'=
ve
> >created at http://www.gentoo.org/doc/en/virt-mail-howto.xml - this is
> >the basic guide I have been following).
>
> Again, which Postfix version do you use ? ( Hint: 'postfix -d mail_versio=
n'
> ) Update: It can be read in one of the logs later, but that's not the usu=
al
> procedure.
>
> >At first when I telneted to postfix I recieved no AUTH lines via
> >the EHLO command. Something I did fixed that (not sure what) but now I
> >have auth lines in the EHLO command.
>
> Instead of changing things blindly, please try to learn how the general
> system works before. Then, tweak params one-at-a-time, RTFineM in between.
>
Thats what your normaly do, but after four days of messing with it, you sta=
rt=20
to do stuff and forget what you did.. ya know you can't remember if you jus=
t=20
changed x.. if that is what you did three days ago.. opps I forgot. You hav=
e=20
superior knowledge to the rest of the world and this has never happened to=
=20
you.
> >However its still not authing against the mysql database.
> >I am not sure if postfix is talking to sasl correctly
>
> Postfix talks to SASL just fine if you tell it to.
>
> >or if the problem is in sasl2, pam_mysql.so or mysql itself.
>
> SASL - pam_mysql
> SASL2 - auxprop_mysql
>
> choose either one, but do not mix them.
>
So good advice. Thank you. From the documentation *I* was reading on how to=
=20
set this up, it made no mention. It said cyrus-sasl2 and according that tha=
t=20
documention, it said to use pam.
> >Below is the output from logs and such
> >My mail logs (seperated)
> >[mail.err]
> >sunflower1 log # tail -20 mail.err
> >Feb 5 18:56:02 sunflower1 pop3d: LOGIN FAILED, ip=3D
> > [::ffff:211.238.230.137] [snip]
> >Feb 6 13:31:50 sunflower1 pop3d-ssl: LOGIN FAILED,
> > ip=3D[::ffff:147.242.160.33]
>
> What does this have to do with Postfix? Postfix is an MTA, not a POP3
> server
>
I figured it was relevant to show that users were not being authed.
> >[mail.warn]
> >sunflower1 log # tail -20 mail.warn
> >Feb 5 13:29:41 sunflower1 postfix/smtpd[2468]: warning:
> >std_addr_pattern: invalid address pattern "mail.secure-dt.net"
> >[snip]
> >Feb 6 13:44:33 sunflower1 postfix/trivial-rewrite[18405]: warning:
> > do not list domain secure-dt.net in BOTH mydestination and
> >virtual_mailbox_domains
> >Feb 6 13:44:33 sunflower1 postfix/trivial-rewrite[18405]: warning:
> > do not list domain secure-dt.net in BOTH mydestination and
> >virtual_mailbox_domains
>
> Postfix is very clearly pointing the misconfiguration.
>
I can understand the mydestination, what lost me was the std_addr_pattern: =
wtf=20
is it getting this info.. is it pulling this out of mysql ? is it somewhere=
=20
in the config.
> > [mail.info]
> >sunflower1 log # tail -20 mail.info
> >
> > >>>> Feb 5 19:11:57 sunflower1 pop3d: Connection,
> >
> > ip=3D[::ffff:211.238.230.137]
> >[snip]
> >Feb 5 19:13:24 sunflower1 postfix/postfix-script: stopping the
> >Postfix mail system
> >Feb 5 19:13:24 sunflower1 postfix/master[2205]: terminating on
> >signal 15
>
> [restarting Postfix blindly]
>
I guess "postfix reload" after changing the config files is forbidden.
> >Feb 6 13:30:37 sunflower1 postfix/postfix-script: starting the
> >Postfix mail system
> >Feb 6 13:30:37 sunflower1 postfix/master[18370]: daemon started --
> > version 2.0.16
>
> Aha! Postfix v2.0.16
>
Kill me. I forgot to post the version.
> [snip, POP3 garbage]
>
> >Feb 6 13:44:33 sunflower1 postfix/pickup[18378]: BB4E33480C: uid=3D0
> > from=3D<root>
> >Feb 6 13:44:33 sunflower1 postfix/cleanup[18404]: BB4E33480C:
> >message-id=3D<20040206044...@sunflower1.secure-dt.net>
> >Feb 6 13:44:33 sunflower1 postfix/qmgr[18379]: BB4E33480C:
> >from=3D<ro...@secure-dt.net>,
> > size=3D427, nrcpt=3D1 (queue active)
> >Feb 6 13:44:33 sunflower1 postfix/local[18409]: BB4E33480C:
> >to=3D<bu...@secure-dt.net>,
> > relay=3Dlocal, delay=3D0, status=3Dsent (maildir)
>
> So, here it is working ...
>
It working using Mutt from the command line with no auth. I never said it=20
didn't work, I said I can't get it to auth against mysql.
> >[mail.log]
> >sunflower1 log # tail -20 mail.log
>
> [useless entries]
>
> >Feb 6 13:44:33 sunflower1 postfix/pickup[18378]: BB4E33480C: uid=3D0
> > from=3D<root>
> >Feb 6 13:44:33 sunflower1 postfix/cleanup[18404]: BB4E33480C:
> >message-id=3D<20040206044...@sunflower1.secure-dt.net>
> >Feb 6 13:44:33 sunflower1 postfix/qmgr[18379]: BB4E33480C:
> >from=3D<ro...@secure-dt.net>,
> > size=3D427, nrcpt=3D1 (queue active)
> >Feb 6 13:44:33 sunflower1 postfix/trivial-rewrite[18405]: warning:
> > do not list domain secure-dt.net in BOTH mydestination and
> >virtual_mailbox_domains
> >Feb 6 13:44:33 sunflower1 postfix/trivial-rewrite[18405]: warning:
> > do not list domain secure-dt.net in BOTH mydestination and
> >virtual_mailbox_domains
> >Feb 6 13:44:33 sunflower1 postfix/local[18409]: BB4E33480C:
> >to=3D<bu...@secure-dt.net>,
> > relay=3Dlocal, delay=3D0, status=3Dsent (maildir)
> >
> >[mysql.log]
> >/usr/sbin/mysqld, Version: 4.0.16-log, started with:
> >Tcp port: 3306 Unix socket: /var/run/mysqld/mysqld.sock
> >Time Id Command Argument
> >040205 8:50:47 1 Connect Access denied for user:
> >'mailsql@localhost'
> > (Using password: NO)
> >040205 8:50:55 2 Connect Access denied for user:
> >'mailsql@localhost'
> > (Using password: NO)
>
> [snip - same 10 times ]
>
> You forgot to specify the password for the user 'mailsql@localhost' and
> probably forgot to allow it to login( Hint: GRANT select ON db.table TO
> user@host IDENTIFIED BY 'password' )
>
Umm.. No I didn't. As I said earlier I verified the user mailsql could logi=
n=20
to the mysql database with the password.
mysql -hlocalhost -u mailsql -p mailsql=20
asks for the password, I type it in and I get access to the database. It=20
appears to me (who knows I'm stupid) that the -p options is not being passe=
d=20
to mysql to allow for a password, since I get the same type of error in my=
=20
log if I do
mailsql -hlocalhost -umailsql mailsql
> > [output of postconf -n]
> >sunflower1 mysql # postconf -n
> >alias_database =3D hash:/etc/mail/aliases
> >alias_maps =3D mysql:/etc/postfix/mysql-aliases.cf
> >broken_sasl_auth_clients =3D yes
> >command_directory =3D /usr/sbin
> >config_directory =3D /etc/postfix
> >daemon_directory =3D /usr/lib/postfix
> >debug_peer_level =3D 5
> >debug_peer_list =3D mail.secure-dt.net 211.238.230.137
> >default_destination_concurrency_limit =3D 10
> >home_mailbox =3D .maildir/
> >inet_interfaces =3D all
> >local_destination_concurrency_limit =3D 2
> >local_recipient_maps =3D $alias_maps $virtual_mailbox_maps
> > unix:passwd.byname local_transport =3D local
> >mail_owner =3D postfix
> >mailq_path =3D /usr/bin/mailq
> >manpage_directory =3D /usr/share/man
> >masquerade_domains =3D $mydomain
> >mydestination =3D $myhostname, localhost.$mydomain $mydomain
> >mydomain =3D secure-dt.net
> >myhostname =3D mail.secure-dt.net
> >mynetworks =3D 211.238.230.137/24, 127.0.0.0/8
> >myorigin =3D $mydomain
> >newaliases_path =3D /usr/bin/newaliases
> >queue_directory =3D /var/spool/postfix
> >readme_directory =3D /usr/share/doc/postfix-2.0.16-r1/readme
> >relocated_maps =3D mysql:/etc/postfix/mysql-relocated.cf
> >sample_directory =3D /usr/share/doc/postfix-2.0.16-r1/sample
> >sendmail_path =3D /usr/sbin/sendmail
> >setgid_group =3D postdrop
> >smtpd_recipient_restrictions =3D permit_sasl_authenticated,
> >permit_mynetworks, reject_unauth_destination
> >smtpd_sasl_auth_enable =3D yes
> >smtpd_sasl_local_domain =3D
> >smtpd_sasl_security_options =3D noanonymous
> >smtpd_tls_CAfile =3D /etc/postfix/cacert.pem
> >smtpd_tls_cert_file =3D /etc/postfix/newcert.pem
> >smtpd_tls_key_file =3D /etc/postfix/newreq.pem
> >smtpd_tls_loglevel =3D 3
> >smtpd_tls_received_header =3D yes
> >smtpd_tls_session_cache_timeout =3D 3600s
> >smtpd_use_tls =3D yes
> >tls_random_source =3D dev:/dev/urandom
> >unknown_local_recipient_reject_code =3D 450
> >virtual_alias_maps =3D mysql:/etc/postfix/mysql-virtual.cf
> >virtual_gid_maps =3D static:$vmail -gid
> >virtual_mailbox_base =3D /
> >virtual_mailbox_domains =3D secure-dt.net code-universe.com
>
> You have to decide whether $mydomain is a 'local' domain or a
> 'virtual_mailbox' domain.
> You probably want the latter, so:
> mydestination =3D $myhostname, localhost.$mydomain
>
Basicly I want to check if its a local account, if it is I want to drop=20
in .maildir, if not I want to drop it in a maildrop based upon the domain.
> >virtual_mailbox_maps =3D mysql:/etc/postfix/mysql-virtual-maps.cf
> >
> >virtual_minimum_uid =3D 1000
> >virtual_transport =3D virtual
> >virtual_uid_maps =3D static:$vmail -uid
>
> To configure SASL2 to use mysql, you *do not* need PAM, but SASL2's MySQL
> auxprop
>
I will try and find information regarding auxprop. Again the docs I was=20
reading made no mention, it said to use sasl2, smtpd.conf pw_checkmethod:=20
saslauthd and to configure pam to access mysql. Your advice was really=20
helpfull toward the end, but it was completly unessesary to be completly ru=
de=20
about it.
>
>
> Regards,
> J.L.
=2DSteve