5

I have mail server Postfix+Saslauth. I configure multiple instance for Postfix:

postfix

postfix-out

and two instances for saslauth:

saslauthd

saslauthd-out

Setting saslauthd is for authenticating Postfix service and saslauthd-out for another instance of it.

For creating second instance of sasl I do it this way:

cp /etc/default/saslauthd /etc/default/saslauthd-out

With this configuration : :~# vim /etc/default/saslauthd-out

 DESC="SASL Authentication Daemon postfix-out"
 NAME="saslauthd-out"
 MECHANISMS="pam"
 OPTIONS="-c -m /var/spool/postfix-out/var/run/saslauthd-out"

In configuration of postfix-out (/etc/postfix-out/sasl/smtp.conf):

  pwcheck_method: saslauthd-out

and for postfix (/etc/postfix/sasl/smtp.conf):

  pwcheck_method: saslauthd

and when I restart saslauth every thing is OK ,

when I try to connect smtp server (postfix) every thing is OK , and Authentication was successfull, but in smtp server (postfix-out) , connect to smtp is OK, but it can't authenticate and this error has occurred:

:~# telnet mail2.example.com 25 
Trying 111.222.333.444...
Connected to mail2.example.com.
Escape character is '^]'. 
220 mail2.example.com ESMTP Postfix (@@DISTRO@@) 
auth plain YWdoc2EAYWdoc2hhbGRvcmFu 
535 5.7.8 Error: authentication failed: no mechanism available

Logs :

Nov 30 09:17:47 mail4 postfix-out/smtpd[4361]: connect from unknown[111.222.333.444]
Nov 30 09:17:58 mail4 postfix-out/smtpd[4361]: warning: SASL authentication problem: unknown password verifier 
Nov 30 09:17:58 mail4 postfix-out/smtpd[4361]: warning: SASL authentication failure: Password verification failed
Nov 30 09:17:58 mail4 postfix-out/smtpd[4361]: warning: unknown[111.222.333.444]: SASL plain authentication failed: no mechanism available
Nov 30 09:18:04 mail4 postfix-out/smtpd[4361]: disconnect from unknown[111.222.333.444]

what is the problem?

Arash Mousavi
  • 658
  • 3
  • 8
  • 21
superuser
  • 271
  • 1
  • 10

1 Answers1

1

pwcheck_method is a configuration option for the Cyrus SASL library. Possible values are auxprop, saslauthd, pwcheck and authdaemond. saslauthd-out is not supported here. You configuration needs to be like this

/etc/default/saslauthd-out:

DESC="SASL Authentication Daemon postfix-out"
NAME="saslauthd-out"
MECHANISMS="pam"
OPTIONS="-c -m /var/spool/postfix-out/var/run/saslauthd-out"

/etc/postfix-out/sasl/smtp.conf:

pwcheck_method: saslauthd
saslauthd_path: /var/spool/postfix-out/var/run/saslauthd-out/mux

somewhere in /etc/postfix-out/main.cf:

smtpd_sasl_auth_enable = yes
smtpd_sasl_path = smtp 
smtpd_sasl_type = cyrus
cyrus_sasl_config_path = /etc/postfix-out/sasl

I just setup a VM with that configuration and it works.

/var/spool/postfix-out/var/run/saslauthd-out has to exist, although personally i would prefer it to be more like /var/spool/postfix-out/saslauthd-out. But that is your decision.

lsmooth
  • 1,521
  • 1
  • 9
  • 17
  • When I do that ,this error has occurred : 535 5.7.8 Error: authentication failed: generic failure ,,with this log : Dec 1 02:26:40 mail postfix-out/smtpd[12858]: warning: SASL authentication failure: cannot connect to saslauthd server: No such file or directory ,,Dec 1 02:26:40 mail4 postfix-out/smtpd[12858]: warning: SASL authentication failure: Password verification failed ,,Dec 1 02:26:40 mail postfix-out/smtpd[12858]: warning: unknown[ip]: SASL plain authentication failed: generic failure – superuser Dec 01 '13 at 07:27
  • That is probably because of your symlink from `/var/run/saslauthd-out` to `/var/spool/postfix-out/var/run/saslauthd-out`. Stop saslauthd-out remove the symlink and start saslauthd-out. If your /var/run is tmpfs, it's gone after the next reboot anyways. – lsmooth Dec 01 '13 at 10:17
  • 1
    I just updated my answer to include all the configuration needed. – lsmooth Dec 01 '13 at 10:34
  • If remove symlink , saslauthd can't give pid . I don't understant your comment , Please explain it. tnx. – superuser Dec 01 '13 at 12:14
  • 2
    What I mean is the symlink is unnecessary. You already told saslauthd-out to put everything in `/var/spool/postfix-out/var/run/saslauthd-out` using -m switch. It will contain mux, mux.accept and the pid-file (saslauthd.pid) but all libsasl needs is the (full) path to mux and it gets that location from saslauthd_path in smtp.conf. – lsmooth Dec 01 '13 at 13:16
  • Ok , Tnx, I do it but can't authenticate and this error occurred : – superuser Dec 01 '13 at 13:57
  • 535 5.7.8 Error: authentication failed: authentication failure \n This error(logfile)\n Dec 1 08:55: mail postfix-out/smtpd: connect from unknown[IP]\n Dec 1 08:55: mail postfix-out/smtpd: warning: SASL authentication problem: unable to open Berkeley db /etc/sasldb2: No such file or directory\n Dec 1 08:55: mail postfix-out/smtpd : warning: SASL authentication failure: Password verification failed\n Dec 1 08:55: mail postfix-out/smtpd: warning: unknown[IP]: SASL PLAIN authentication failed: authentication failure\n Dec 1 08:55:17 mail postfix-out/smtpd: disconnect from unknown[IP]\n – superuser Dec 01 '13 at 13:57
  • Looks like you have sasldb mixed in somewhere in the configuration. Do you have `auxprop_plugin: sasldb` in smtp.conf? If so remove that as you seem to want PAM. – lsmooth Dec 01 '13 at 14:31
  • No , I haven't any configure by `auxprop_plugin` , I connect to smtp server by pam users , It work for another postfix instance fine and authenticate Ok. – superuser Dec 02 '13 at 13:05
  • 1
    I added too more config-lines for main.cf, please add those. – lsmooth Dec 02 '13 at 19:44
  • tnx for your attention , but with this change above error occurred again.\n what is meaning this line : \n `SASL authentication problem: unable to open Berkeley db /etc/sasldb2: No such file or directory` ? – superuser Dec 02 '13 at 21:53
  • let us [continue this discussion in chat](http://chat.stackexchange.com/rooms/11783/discussion-between-lsmooth-and-superuser) – lsmooth Dec 02 '13 at 22:01