SMTP AUTH using sasldb2
David Henard
directory
I have Cyrus sasl2 ver. 2.1.12-31 and postfix ver 2.0.6-14.
My smtpd.conf file contains the following lines.
pwcheck_method: auxprop
mech_list: plain login
I have smtpd_sasl_auth_enable = yes and local_recipient_maps =
hash:/etc/sasldb2 and smtp_sasl_password_maps = hash:/etc/sasldb2.
I am new to Linux and have been searching the internet for help on this but
I just can't seem to find the answer. Any help would be greatly
appreciated. Will post what further information is necessary.
Dave
Kyle Dent
The Cyrus sasldb2 file is not going to be interoperable with
Postfix. If these are local users, the default
local_recipient_maps will work (local_recipient_maps =
proxy:unix:passwd.byname $alias_maps). Otherwise, you should
create a separate lookup table for Postfix that contains the
names of your users and point local_recipient_maps to that. Write
yourself a script to add new users that adds the names to both
tables.
Kyle
Pollywog
"David Henard" <dhe...@hazmanage.com> wrote:
> I am getting the error fatal: open database /etc/sasldb2.db: No such file or
> directory
I had this problem too, so I changed ownership of the file to user postfix and
group sasl. Since I am using Cyrus and Procmail, I had to add users cyrus and
procmail to the sasl group and chmod the file 660. Cyrus, Postfix, SASL and
Procmail are all playing nice now.
--
Andrew
Pollywog
Kyle Dent <kd...@seaglass.com> wrote:
> The Cyrus sasldb2 file is not going to be interoperable with
> Postfix. If these are local users, the default
> local_recipient_maps will work (local_recipient_maps =
> proxy:unix:passwd.byname $alias_maps). Otherwise, you should
> create a separate lookup table for Postfix that contains the
> names of your users and point local_recipient_maps to that. Write
> yourself a script to add new users that adds the names to both
> tables.
I use the same file for Postfix and Cyrus, but I think I would rather have
separate files for each. I will do it when I figure out how.
--
Andrew
David Henard
storing all of my users in the sasldb2 database and they do not have
accounts on the box, and I changed the delivery agent to use lmtp. Do I
need to create my own database in MySQL and use that for Cyrus and Postfix?
Then would I change local_recipient_maps to that database?
I have change the user to postfix and joined it to the mail group of which
Cyrus is a part of as well.
Andreas Winkelmann
> I am getting the error fatal: open database /etc/sasldb2.db: No such file
> or directory
Switch off chrooting of smtp...smtpd (master.cf).
> I have Cyrus sasl2 ver. 2.1.12-31 and postfix ver 2.0.6-14.
> My smtpd.conf file contains the following lines.
> pwcheck_method: auxprop
> mech_list: plain login
> I have smtpd_sasl_auth_enable = yes and local_recipient_maps =
> hash:/etc/sasldb2 and smtp_sasl_password_maps = hash:/etc/sasldb2.
The second and third options are absolutely wrong.
> I am new to Linux and have been searching the internet for help on this but
> I just can't seem to find the answer. Any help would be greatly
> appreciated. Will post what further information is necessary.
--
Andreas
Pollywog
>
> > I have smtpd_sasl_auth_enable = yes and local_recipient_maps =
> > hash:/etc/sasldb2 and smtp_sasl_password_maps = hash:/etc/sasldb2.
>
To the original poster: Please take a look at the documentation at
http://postfix.state-of-mind.de/patrick.koetter/smtpauth/
Read it from start to finish, but pay close attention to the first few pages
and then follow what it says step-by-step with your Postfix configuration.
It got my smtp auth working. The one setting you might have trouble with is
smtpd_sasl_local_domain I tried my fqdn and I tried leaving it blank and it
didn't work. Just run sasldblistusers2 to see what your password file in
/etc/sasldb2 looks like.
My password in that file looks like this:
user@slider: userPassword
So what I had to do to get things working was set
smtpd_sasl_local_domain = slider
I believe you can prevent that problem altogether by putting your hostname in
that option (where I have slider above) and entering your sasl passwords this
way:
saslpasswd2 -c username -u yourhostname
Oh one more thing, do not use the same passwords that you are using for logins
to your machine; not the ones you use in /etc/passwd.
--
Andrew
Pollywog
"David Henard" <dhe...@hazmanage.com> wrote:
> To my understanding I had to change the local_recipient_maps because I am
> storing all of my users in the sasldb2 database and they do not have
> accounts on the box, and I changed the delivery agent to use lmtp. Do I
> need to create my own database in MySQL and use that for Cyrus and Postfix?
> Then would I change local_recipient_maps to that database?
I use hash in my local_recipient_maps but you can use MySQL if you wish.
local_recipient_maps = hash:/etc/postfix/recipients
$relocated_maps
$alias_maps
unix:passwd.byname
I am not using MySQL at all, not yet. I am using the same /etc/sasldb2 to
authenticate users in Cyrus and Postfix, but I am not sure that it is the
right way to do it.
I had to 'chown postfix.sasl /etc/sasldb2' to get things to work and I had to
make cyrus a member of the sasl group and then I chmod'd the file 660. I am
running Debian and used deb source to build Postfix and Cyrus21 packages.
>
> I have change the user to postfix and joined it to the mail group of which
> Cyrus is a part of as well.
That might be sufficient.
I am not sure that I have done everything the right way, but it works.
--
Andrew
David Henard
username@hostname. If I add username@domain to my sasldb2 file so I have
username: userPassword and username@domain: userPassword. I am able to
login to postfix and Cyrus as username. With out both entries I can only
log on to the postfix system as stated above and Cyrus as username. What am
I missing?
Thanks,
David
----- Original Message -----
From: "Pollywog" <li...@shadypond.com>
To: <postfi...@postfix.org>
Sent: Wednesday, November 26, 2003 12:46 PM
Subject: Re: SMTP AUTH using sasldb2
Andreas Winkelmann
> I am able to authenticate to my server now but I have to do it as
> username@hostname. If I add username@domain to my sasldb2 file so I have
> username: userPassword and username@domain: userPassword. I am able to
> login to postfix and Cyrus as username. With out both entries I can only
> log on to the postfix system as stated above and Cyrus as username. What
> am I missing?
Please show:
# postconf smtpd_sasl_local_domain
# sasldblistusers2
--
Andreas
David Henard
sasldblistusers2 =
username1@mail: userPassword
username2@mail: userPassword
username3@mail: userPassword
Server name = mail.example.com
I would like to authenticate with just username for both systems.
Thanks,
David
----- Original Message -----
From: "Andreas Winkelmann" <m...@awinkelmann.de>
To: <postfi...@postfix.org>
Sent: Wednesday, December 03, 2003 9:24 AM
Subject: Re: SMTP AUTH using sasldb2
Andreas Winkelmann
> # postconf smtpd_sasl_local_domain = example.com
>
> sasldblistusers2 =
> username1@mail: userPassword
> username2@mail: userPassword
> username3@mail: userPassword
>
> Server name = mail.example.com
> I would like to authenticate with just username for both systems.
Then add your users with:
# saslpasswd2 -c -u example.com username1
# saslpasswd2 -c -u example.com username2
Your sasldblistusers2 should look like:
user...@example.com: userPassword
user...@example.com: userPassword
Then it should be possible to authenticate with "username1" and the assigned
password.
--
Andreas
Andreas Winkelmann
> > # postconf smtpd_sasl_local_domain = example.com
> >
> > sasldblistusers2 =
> > username1@mail: userPassword
> > username2@mail: userPassword
> > username3@mail: userPassword
> >
> > Server name = mail.example.com
> > I would like to authenticate with just username for both systems.
Or simply change smtpd_sasl_local_domain to "mail"...
# postconf -e "smtpd_sasl_local_domain = mail"
--
Andreas
David Henard
Now would it be better to have it setup with the domainname rather then the
hostname? Or does this matter? Right now I have only one server that
handles the mail.
Thanks,
David
----- Original Message -----
From: "Andreas Winkelmann" <m...@awinkelmann.de>
To: <postfi...@postfix.org>
Sent: Wednesday, December 03, 2003 11:33 AM
Subject: Re: SMTP AUTH using sasldb2
Andreas Winkelmann
> Thanks for the advice. It worked!
>
> Now would it be better to have it setup with the domainname rather then the
> hostname? Or does this matter? Right now I have only one server that
> handles the mail.
If you use the domain or the hostname is not really important, IMHO.
Hmm, if you want to use more than one server, i think sasldb is not the best
choice. If you want to use sasldb, you have to keep this file over all
servers in sync. Maybe a global ldap- or mysql-server should be better in
this case.
--
Andreas