Loading ...
Sorry, an error occurred while loading the content.

login username / different domain

Expand Messages
  • Jim Douglas
    I have multiple domains setup with Postfix and I have different users in each domain for now. I am using RoundCube for Webmail and have mail.mydomain.com
    Message 1 of 24 , Sep 27, 2006
    • 0 Attachment
      I have multiple domains setup with Postfix and I have different users in
      each domain for now.

      I am using RoundCube for Webmail and have "mail.mydomain.com" listed as the
      default, and only, host.

      Now if I enter a user in a different domain, "mail.wrongdomain.com", that
      user can login and see their email.

      Is this a Postfix Config issue?

      I'm not sure if it's Postfix issue or not which is why I'm posting
      here...any feedback is appreciated.

      Ideally, I'd like to see "username does not exist"....or some other such
      response which is what I expected.

      Jim
    • Jorey Bump
      ... It s not a postfix issue, but it has everything to do with how you handle authentication. If you re not using realms, then a login is just a login. If you
      Message 2 of 24 , Sep 27, 2006
      • 0 Attachment
        Jim Douglas wrote:
        > I have multiple domains setup with Postfix and I have different users in
        > each domain for now.
        >
        > I am using RoundCube for Webmail and have "mail.mydomain.com" listed as
        > the default, and only, host.
        >
        > Now if I enter a user in a different domain, "mail.wrongdomain.com",
        > that user can login and see their email.
        >
        > Is this a Postfix Config issue?
        >
        > I'm not sure if it's Postfix issue or not which is why I'm posting
        > here...any feedback is appreciated.
        >
        > Ideally, I'd like to see "username does not exist"....or some other such
        > response which is what I expected.

        It's not a postfix issue, but it has everything to do with how you
        handle authentication. If you're not using realms, then a login is just
        a login. If you want to include the realm in the login, you will need a
        more complex setup and ensure that RoundCube (and Postfix) are properly
        configured to use it. It may not be worth it if you have a small user base.
      • Patrick Ben Koetter
        ... Probably not. Postfix is a SMTP server. You can t log in . Your problem is probably located in the POP or IMAP part of your mail system. pq -- The Book of
        Message 3 of 24 , Sep 27, 2006
        • 0 Attachment
          * Jim Douglas <jdz99@...>:
          > I have multiple domains setup with Postfix and I have different users in
          > each domain for now.
          >
          > I am using RoundCube for Webmail and have "mail.mydomain.com" listed as the
          > default, and only, host.
          >
          > Now if I enter a user in a different domain, "mail.wrongdomain.com", that
          > user can login and see their email.
          >
          > Is this a Postfix Config issue?

          Probably not. Postfix is a SMTP server. You can't "log in". Your problem is
          probably located in the POP or IMAP part of your mail system.

          pq


          --
          The Book of Postfix
          <http://www.postfix-book.com>
          saslfinger (debugging SMTP AUTH):
          <http://postfix.state-of-mind.de/patrick.koetter/saslfinger/>
        • Jorey Bump
          ... The first consideration is determining which authentication methods your chosen software supports. 1. /etc/shadow: Normal UNIX logins are easy to create,
          Message 4 of 24 , Sep 27, 2006
          • 0 Attachment
            Jim Douglas wrote:
            >> From: Jorey Bump <list@...>
            >>
            >> Jim Douglas wrote:
            >>> I have multiple domains setup with Postfix and I have different users
            >>> in each domain for now.
            >>>
            >>> I am using RoundCube for Webmail and have "mail.mydomain.com" listed
            >>> as the default, and only, host.
            >>>
            >>> Now if I enter a user in a different domain, "mail.wrongdomain.com",
            >>> that user can login and see their email.
            >>>
            >>> Is this a Postfix Config issue?
            >>>
            >>> I'm not sure if it's Postfix issue or not which is why I'm posting
            >>> here...any feedback is appreciated.
            >>>
            >>> Ideally, I'd like to see "username does not exist"....or some other
            >>> such response which is what I expected.
            >>
            >> It's not a postfix issue, but it has everything to do with how you
            >> handle authentication. If you're not using realms, then a login is
            >> just a login. If you want to include the realm in the login, you will
            >> need a more complex setup and ensure that RoundCube (and Postfix) are
            >> properly configured to use it. It may not be worth it if you have a
            >> small user base.
            >
            > I am anticipating there will be a large userbase eventually...
            >
            > Can give a brief pro/con of the top three or 4 methods?

            The first consideration is determining which authentication methods your
            chosen software supports.

            1. /etc/shadow: Normal UNIX logins are easy to create, hard to crack,
            safer for mail if users aren't given a valid shell, but the password
            database isn't always portable. Typically, saslauthd will be used to
            authenticate, but other methods are available, depending on the selected
            software.

            2. sasldb2 with single realm: Programs that use the Cyrus SASL library
            can store passwords in plaintext (and other mechanisms) in /etc/sasldb2.
            If a single realm is used, it is sufficient to use the bare login for
            authentication. If care is taken to specify the realm at password
            creation and in the configuration of all services that use it, it is
            fairly portable. Some consider it a security risk, but others feel this
            is mitigated by the complete lack of system accounts, in that only the
            use of the service is at risk.

            3. SASL w/multiple realms: You can get as complex with this as you want,
            using sasldb2, MySQL, LDAP, etc. This requires a user to login with a
            realm, using a string that resembles an email address. Because of this,
            some confused users may try to log in with aliases, but it does help to
            support distinctly different versions of the same localpart
            (info@... is a different user than info@...). This is
            probably the best option if you intend to scale well, but I'll leave it
            to others to make recommendations.

            4. Kerberos, certificate, OTP: This probably shouldn't be considered
            separately from #3, but it illustrates that you can get extremely
            complex with authentication. Sadly, the most secure forms are well
            beyond the ordinary human, who simply wants something easy to remember
            (opinion is divided on what this means exactly - is a bare login easier
            to remember than a login@realm?).

            No doubt, #1 & 2 are the easiest, but #3 & 4 offer a more centralized
            approach to authentication. You'll need to study the pros & cons of each
            method, and determine which implementation is supported by your
            platform/software/skill level.
          • Jim Douglas
            ... It looks like I want SASL single realm w/ MySql support. How much harder is it to set up multiple realms? Does using MySQl mean I must use auxprop? Jim
            Message 5 of 24 , Sep 27, 2006
            • 0 Attachment
              >From: Jorey Bump <list@...>
              >To: Jim Douglas <jdz99@...>, Postfix <postfix-users@...>
              >Subject: Re: login username / different domain
              >Date: Wed, 27 Sep 2006 18:10:51 -0400
              >
              >Jim Douglas wrote:
              >>>From: Jorey Bump <list@...>
              >>>
              >>>Jim Douglas wrote:
              >>>>I have multiple domains setup with Postfix and I have different users in
              >>>>each domain for now.
              >>>>
              >>>>I am using RoundCube for Webmail and have "mail.mydomain.com" listed as
              >>>>the default, and only, host.
              >>>>
              >>>>Now if I enter a user in a different domain, "mail.wrongdomain.com",
              >>>>that user can login and see their email.
              >>>>
              >>>>Is this a Postfix Config issue?
              >>>>
              >>>>I'm not sure if it's Postfix issue or not which is why I'm posting
              >>>>here...any feedback is appreciated.
              >>>>
              >>>>Ideally, I'd like to see "username does not exist"....or some other such
              >>>>response which is what I expected.
              >>>
              >>>It's not a postfix issue, but it has everything to do with how you handle
              >>>authentication. If you're not using realms, then a login is just a login.
              >>>If you want to include the realm in the login, you will need a more
              >>>complex setup and ensure that RoundCube (and Postfix) are properly
              >>>configured to use it. It may not be worth it if you have a small user
              >>>base.
              >>
              >>I am anticipating there will be a large userbase eventually...
              >>
              >>Can give a brief pro/con of the top three or 4 methods?
              >
              >The first consideration is determining which authentication methods your
              >chosen software supports.
              >
              >1. /etc/shadow: Normal UNIX logins are easy to create, hard to crack, safer
              >for mail if users aren't given a valid shell, but the password database
              >isn't always portable. Typically, saslauthd will be used to authenticate,
              >but other methods are available, depending on the selected software.
              >
              >2. sasldb2 with single realm: Programs that use the Cyrus SASL library can
              >store passwords in plaintext (and other mechanisms) in /etc/sasldb2. If a
              >single realm is used, it is sufficient to use the bare login for
              >authentication. If care is taken to specify the realm at password creation
              >and in the configuration of all services that use it, it is fairly
              >portable. Some consider it a security risk, but others feel this is
              >mitigated by the complete lack of system accounts, in that only the use of
              >the service is at risk.
              >
              >3. SASL w/multiple realms: You can get as complex with this as you want,
              >using sasldb2, MySQL, LDAP, etc. This requires a user to login with a
              >realm, using a string that resembles an email address. Because of this,
              >some confused users may try to log in with aliases, but it does help to
              >support distinctly different versions of the same localpart
              >(info@... is a different user than info@...). This is
              >probably the best option if you intend to scale well, but I'll leave it to
              >others to make recommendations.
              >
              >4. Kerberos, certificate, OTP: This probably shouldn't be considered
              >separately from #3, but it illustrates that you can get extremely complex
              >with authentication. Sadly, the most secure forms are well beyond the
              >ordinary human, who simply wants something easy to remember (opinion is
              >divided on what this means exactly - is a bare login easier to remember
              >than a login@realm?).
              >
              >No doubt, #1 & 2 are the easiest, but #3 & 4 offer a more centralized
              >approach to authentication. You'll need to study the pros & cons of each
              >method, and determine which implementation is supported by your
              >platform/software/skill level.
              >
              >
              >

              It looks like I want SASL single realm w/ MySql support.
              How much harder is it to set up multiple realms?
              Does using MySQl mean I must use auxprop?

              Jim
            • Jim Douglas
              ... What else would I need to compile into Postfix if I were to choose option number 2 and, maybe at a later date, decide on option number 3? This is what I
              Message 6 of 24 , Sep 27, 2006
              • 0 Attachment
                >From: Jorey Bump <list@...>
                >To: Jim Douglas <jdz99@...>, Postfix <postfix-users@...>
                >Subject: Re: login username / different domain
                >Date: Wed, 27 Sep 2006 18:10:51 -0400
                >
                >Jim Douglas wrote:
                >>>From: Jorey Bump <list@...>
                >>>
                >>>Jim Douglas wrote:
                >>>>I have multiple domains setup with Postfix and I have different users in
                >>>>each domain for now.
                >>>>
                >>>>I am using RoundCube for Webmail and have "mail.mydomain.com" listed as
                >>>>the default, and only, host.
                >>>>
                >>>>Now if I enter a user in a different domain, "mail.wrongdomain.com",
                >>>>that user can login and see their email.
                >>>>
                >>>>Is this a Postfix Config issue?
                >>>>
                >>>>I'm not sure if it's Postfix issue or not which is why I'm posting
                >>>>here...any feedback is appreciated.
                >>>>
                >>>>Ideally, I'd like to see "username does not exist"....or some other such
                >>>>response which is what I expected.
                >>>
                >>>It's not a postfix issue, but it has everything to do with how you handle
                >>>authentication. If you're not using realms, then a login is just a login.
                >>>If you want to include the realm in the login, you will need a more
                >>>complex setup and ensure that RoundCube (and Postfix) are properly
                >>>configured to use it. It may not be worth it if you have a small user
                >>>base.
                >>
                >>I am anticipating there will be a large userbase eventually...
                >>
                >>Can give a brief pro/con of the top three or 4 methods?
                >
                >The first consideration is determining which authentication methods your
                >chosen software supports.
                >
                >1. /etc/shadow: Normal UNIX logins are easy to create, hard to crack, safer
                >for mail if users aren't given a valid shell, but the password database
                >isn't always portable. Typically, saslauthd will be used to authenticate,
                >but other methods are available, depending on the selected software.
                >
                >2. sasldb2 with single realm: Programs that use the Cyrus SASL library can
                >store passwords in plaintext (and other mechanisms) in /etc/sasldb2. If a
                >single realm is used, it is sufficient to use the bare login for
                >authentication. If care is taken to specify the realm at password creation
                >and in the configuration of all services that use it, it is fairly
                >portable. Some consider it a security risk, but others feel this is
                >mitigated by the complete lack of system accounts, in that only the use of
                >the service is at risk.
                >
                >3. SASL w/multiple realms: You can get as complex with this as you want,
                >using sasldb2, MySQL, LDAP, etc. This requires a user to login with a
                >realm, using a string that resembles an email address. Because of this,
                >some confused users may try to log in with aliases, but it does help to
                >support distinctly different versions of the same localpart
                >(info@... is a different user than info@...). This is
                >probably the best option if you intend to scale well, but I'll leave it to
                >others to make recommendations.
                >
                >4. Kerberos, certificate, OTP: This probably shouldn't be considered
                >separately from #3, but it illustrates that you can get extremely complex
                >with authentication. Sadly, the most secure forms are well beyond the
                >ordinary human, who simply wants something easy to remember (opinion is
                >divided on what this means exactly - is a bare login easier to remember
                >than a login@realm?).
                >
                >No doubt, #1 & 2 are the easiest, but #3 & 4 offer a more centralized
                >approach to authentication. You'll need to study the pros & cons of each
                >method, and determine which implementation is supported by your
                >platform/software/skill level.
                >
                >
                >
                >

                What else would I need to compile into Postfix if I were to choose option
                number 2 and, maybe at a later date, decide on option number 3?

                This is what I have,

                btree
                cidr
                environ
                hash
                ldap
                mysql
                nis
                pcre
                proxy
                regexp
                static
                unix


                Do I need to add anything or take anything out?

                Thanks,
                Jim
              • Patrick Ben Koetter
                ... Postfix needs to support Cyrus SASL SMTP authentication. The requirements are described in the SASL_README. ... No, these are Postfix map types. You need
                Message 7 of 24 , Sep 27, 2006
                • 0 Attachment
                  * Jim Douglas <jdz99@...>:
                  > >1. /etc/shadow: Normal UNIX logins are easy to create, hard to crack,
                  > >safer for mail if users aren't given a valid shell, but the password
                  > >database isn't always portable. Typically, saslauthd will be used to
                  > >authenticate, but other methods are available, depending on the selected
                  > >software.
                  > >
                  > >2. sasldb2 with single realm: Programs that use the Cyrus SASL library can
                  > >store passwords in plaintext (and other mechanisms) in /etc/sasldb2. If a
                  > >single realm is used, it is sufficient to use the bare login for
                  > >authentication. If care is taken to specify the realm at password creation
                  > >and in the configuration of all services that use it, it is fairly
                  > >portable. Some consider it a security risk, but others feel this is
                  > >mitigated by the complete lack of system accounts, in that only the use of
                  > >the service is at risk.
                  > >
                  > >3. SASL w/multiple realms: You can get as complex with this as you want,
                  > >using sasldb2, MySQL, LDAP, etc. This requires a user to login with a
                  > >realm, using a string that resembles an email address. Because of this,
                  > >some confused users may try to log in with aliases, but it does help to
                  > >support distinctly different versions of the same localpart
                  > >(info@... is a different user than info@...). This is
                  > >probably the best option if you intend to scale well, but I'll leave it to
                  > >others to make recommendations.
                  > >
                  > >4. Kerberos, certificate, OTP: This probably shouldn't be considered
                  > >separately from #3, but it illustrates that you can get extremely complex
                  > >with authentication. Sadly, the most secure forms are well beyond the
                  > >ordinary human, who simply wants something easy to remember (opinion is
                  > >divided on what this means exactly - is a bare login easier to remember
                  > >than a login@realm?).
                  > >
                  > >No doubt, #1 & 2 are the easiest, but #3 & 4 offer a more centralized
                  > >approach to authentication. You'll need to study the pros & cons of each
                  > >method, and determine which implementation is supported by your
                  > >platform/software/skill level.
                  > >
                  >
                  > What else would I need to compile into Postfix if I were to choose option
                  > number 2 and, maybe at a later date, decide on option number 3?

                  Postfix needs to support Cyrus SASL SMTP authentication. The requirements are
                  described in the SASL_README.

                  > This is what I have,
                  >
                  > btree
                  > cidr
                  > environ
                  > hash
                  > ldap
                  > mysql
                  > nis
                  > pcre
                  > proxy
                  > regexp
                  > static
                  > unix
                  >
                  > Do I need to add anything or take anything out?

                  No, these are Postfix map types. You need libsasl to be linked into Postfix,
                  the Cyrus SASL code to be included during Postfix compilation, Postfix SASL
                  configuration in main.cf AND a working smtpd.conf that tells Cyrus SASL
                  libsasl what it should do for Postfix smtpd.

                  Most of your job will be to configure the Cyrus SASL framework to do
                  MySQL-based authentication for the Postfix smtpd daemon. MySQL options are
                  described in Cyrus SASL's options.html (or in Ralf and my book, if you happen
                  to have this).

                  The other config steps are described in SASL_README.

                  p@rick

                  --
                  The Book of Postfix
                  <http://www.postfix-book.com>
                  saslfinger (debugging SMTP AUTH):
                  <http://postfix.state-of-mind.de/patrick.koetter/saslfinger/>
                • Jim Douglas
                  ... Thank for the clarification ! So, all I need to add is the libsasl when I recompile Postfix... One thing I was wondering was about realms. What if I
                  Message 8 of 24 , Sep 28, 2006
                  • 0 Attachment
                    >From: Patrick Ben Koetter <p@...>
                    >To: postfix-users@...
                    >Subject: Re: login username / different domain
                    >Date: Thu, 28 Sep 2006 08:39:27 +0200
                    >
                    >* Jim Douglas <jdz99@...>:
                    > > >1. /etc/shadow: Normal UNIX logins are easy to create, hard to crack,
                    > > >safer for mail if users aren't given a valid shell, but the password
                    > > >database isn't always portable. Typically, saslauthd will be used to
                    > > >authenticate, but other methods are available, depending on the
                    >selected
                    > > >software.
                    > > >
                    > > >2. sasldb2 with single realm: Programs that use the Cyrus SASL library
                    >can
                    > > >store passwords in plaintext (and other mechanisms) in /etc/sasldb2. If
                    >a
                    > > >single realm is used, it is sufficient to use the bare login for
                    > > >authentication. If care is taken to specify the realm at password
                    >creation
                    > > >and in the configuration of all services that use it, it is fairly
                    > > >portable. Some consider it a security risk, but others feel this is
                    > > >mitigated by the complete lack of system accounts, in that only the use
                    >of
                    > > >the service is at risk.
                    > > >
                    > > >3. SASL w/multiple realms: You can get as complex with this as you
                    >want,
                    > > >using sasldb2, MySQL, LDAP, etc. This requires a user to login with a
                    > > >realm, using a string that resembles an email address. Because of this,
                    > > >some confused users may try to log in with aliases, but it does help to
                    > > >support distinctly different versions of the same localpart
                    > > >(info@... is a different user than info@...). This is
                    > > >probably the best option if you intend to scale well, but I'll leave it
                    >to
                    > > >others to make recommendations.
                    > > >
                    > > >4. Kerberos, certificate, OTP: This probably shouldn't be considered
                    > > >separately from #3, but it illustrates that you can get extremely
                    >complex
                    > > >with authentication. Sadly, the most secure forms are well beyond the
                    > > >ordinary human, who simply wants something easy to remember (opinion is
                    > > >divided on what this means exactly - is a bare login easier to remember
                    > > >than a login@realm?).
                    > > >
                    > > >No doubt, #1 & 2 are the easiest, but #3 & 4 offer a more centralized
                    > > >approach to authentication. You'll need to study the pros & cons of
                    >each
                    > > >method, and determine which implementation is supported by your
                    > > >platform/software/skill level.
                    > > >
                    > >
                    > > What else would I need to compile into Postfix if I were to choose
                    >option
                    > > number 2 and, maybe at a later date, decide on option number 3?
                    >
                    >Postfix needs to support Cyrus SASL SMTP authentication. The requirements
                    >are
                    >described in the SASL_README.
                    >
                    > > This is what I have,
                    > >
                    > > btree
                    > > cidr
                    > > environ
                    > > hash
                    > > ldap
                    > > mysql
                    > > nis
                    > > pcre
                    > > proxy
                    > > regexp
                    > > static
                    > > unix
                    > >
                    > > Do I need to add anything or take anything out?
                    >
                    >No, these are Postfix map types. You need libsasl to be linked into
                    >Postfix,
                    >the Cyrus SASL code to be included during Postfix compilation, Postfix SASL
                    >configuration in main.cf AND a working smtpd.conf that tells Cyrus SASL
                    >libsasl what it should do for Postfix smtpd.
                    >
                    >Most of your job will be to configure the Cyrus SASL framework to do
                    >MySQL-based authentication for the Postfix smtpd daemon. MySQL options are
                    >described in Cyrus SASL's options.html (or in Ralf and my book, if you
                    >happen
                    >to have this).
                    >
                    >The other config steps are described in SASL_README.
                    >
                    >p@rick
                    >
                    >--
                    >The Book of Postfix
                    ><http://www.postfix-book.com>
                    >saslfinger (debugging SMTP AUTH):
                    ><http://postfix.state-of-mind.de/patrick.koetter/saslfinger/>

                    Thank for the clarification !

                    So, all I need to add is the libsasl when I recompile Postfix...

                    One thing I was wondering was about realms. What if I configure with one
                    realm as in option 2, and later decide on switching to option 3. Is there
                    anything compliation wise I need to do? Or would moving from option 2 to 3
                    all on the configration side?


                    Thanks,
                    Jm
                  • Patrick Ben Koetter
                    ... If you find this (see the arrow - ) in your output (see the command) then everything is okay: $ ldd `/usr/sbin/postconf -h daemon_directory`/smtpd
                    Message 9 of 24 , Sep 28, 2006
                    • 0 Attachment
                      * Jim Douglas <jdz99@...>:
                      > >> What else would I need to compile into Postfix if I were to choose
                      > >> option number 2 and, maybe at a later date, decide on option number 3?
                      > >
                      > >Postfix needs to support Cyrus SASL SMTP authentication. The requirements
                      > >are described in the SASL_README.
                      > >
                      > >> This is what I have,
                      > >>
                      > >> btree
                      > >> cidr
                      > >> environ
                      > >> hash
                      > >> ldap
                      > >> mysql
                      > >> nis
                      > >> pcre
                      > >> proxy
                      > >> regexp
                      > >> static
                      > >> unix
                      > >>
                      > >> Do I need to add anything or take anything out?
                      > >
                      > >No, these are Postfix map types. You need libsasl to be linked into
                      > >Postfix, the Cyrus SASL code to be included during Postfix compilation,
                      > >Postfix SASL configuration in main.cf AND a working smtpd.conf that tells
                      > >Cyrus SASL libsasl what it should do for Postfix smtpd.
                      > >
                      > >Most of your job will be to configure the Cyrus SASL framework to do
                      > >MySQL-based authentication for the Postfix smtpd daemon. MySQL options are
                      > >described in Cyrus SASL's options.html (or in Ralf and my book, if you
                      > >happen to have this).
                      > >
                      > >The other config steps are described in SASL_README.
                      >
                      > Thank for the clarification !
                      >
                      > So, all I need to add is the libsasl when I recompile Postfix...

                      If you find this (see the arrow ->) in your output (see the command) then
                      everything is okay:

                      $ ldd `/usr/sbin/postconf -h daemon_directory`/smtpd
                      linux-gate.so.1 => (0xb7f18000)
                      libpcre.so.0 => /lib/libpcre.so.0 (0x00abe000)
                      libmysqlclient.so.10 => /usr/lib/mysql/libmysqlclient.so.10 (0x008a7000)
                      libm.so.6 => /lib/tls/libm.so.6 (0x0061c000)
                      ---> libsasl2.so.2 => /usr/lib/libsasl2.so.2 (0x00891000)
                      libssl.so.4 => /lib/libssl.so.4 (0x0085b000)
                      libcrypto.so.4 => /lib/libcrypto.so.4 (0x006e6000)
                      libgssapi_krb5.so.2 => /usr/lib/libgssapi_krb5.so.2 (0x006d0000)
                      libkrb5.so.3 => /usr/lib/libkrb5.so.3 (0x007d1000)
                      libcom_err.so.2 => /lib/libcom_err.so.2 (0x006b3000)
                      libk5crypto.so.3 => /usr/lib/libk5crypto.so.3 (0x00838000)
                      libresolv.so.2 => /lib/libresolv.so.2 (0x0069d000)
                      libdl.so.2 => /lib/libdl.so.2 (0x00641000)
                      libz.so.1 => /usr/lib/libz.so.1 (0x00647000)
                      libdb-4.2.so => /lib/tls/i686/libdb-4.2.so (0x009ee000)
                      libnsl.so.1 => /lib/libnsl.so.1 (0x006b8000)
                      libc.so.6 => /lib/tls/libc.so.6 (0x004ef000)
                      libcrypt.so.1 => /lib/libcrypt.so.1 (0x0066d000)
                      /lib/ld-linux.so.2 (0x004d5000)
                      libpthread.so.0 => /lib/tls/libpthread.so.0 (0x00659000)

                      In this case you already have Cyrus SASL support compiled in an 'all' you need
                      to do is configure how libsasl2 should process authentication for the Postfix
                      smtpd daemon (in smtpd.conf) and enable SMTP AUTH in the Postfix smtpd daemon
                      (in main.cf).

                      You mentioned you want to store authentication data in a MySQL database. That
                      means
                      - you must install the libsql.* auxprop plugin if it isn't there yet. Check
                      your systems install directory for Cyrus-SASL.2.x (usually: /usr/lib/sasl2)
                      - if you use the libsql.* auxprop plugin you must not use encrypted passwords
                      in the database, but only plaintext passwords (please search the archives
                      for explanations on that in case you wonder).
                      - consider consequences when running smtpd daemon chrooted and using a socket
                      to access the MySQL database - a TCP socket might be the painless solution.

                      > One thing I was wondering was about realms. What if I configure with one
                      > realm as in option 2, and later decide on switching to option 3. Is there
                      > anything compliation wise I need to do? Or would moving from option 2 to 3
                      > all on the configration side?

                      Moving from option 2 to 3 is all on the configuration side, but... There's no
                      reason why you could not use different realms with sasldb2 from the start!

                      The following command creates a user user@... and the following
                      creates a user user@...:

                      # saslpasswd2 -c -u example.com user
                      # saslpasswd2 -c -u example.net user

                      In case you want to go from option 2 to 3 you might want to take a look at the
                      db-tools tool db_dump, which would dump the contents from sasldb2 so you can
                      reuse it to build a MySQL database.

                      p@rick



                      --
                      The Book of Postfix
                      <http://www.postfix-book.com>
                      saslfinger (debugging SMTP AUTH):
                      <http://postfix.state-of-mind.de/patrick.koetter/saslfinger/>
                    • Jim Douglas
                      ... I already have a MySQL backend...I spent a lot of time configuring it.. http://www.dbmail.org/ Does it make sense to be even considering option 2 with a
                      Message 10 of 24 , Sep 28, 2006
                      • 0 Attachment
                        >From: Patrick Ben Koetter <p@...>
                        >To: postfix-users@...
                        >Subject: Re: login username / different domain
                        >Date: Thu, 28 Sep 2006 19:02:14 +0200
                        >
                        >* Jim Douglas <jdz99@...>:
                        > > >> What else would I need to compile into Postfix if I were to choose
                        > > >> option number 2 and, maybe at a later date, decide on option number
                        >3?
                        > > >
                        > > >Postfix needs to support Cyrus SASL SMTP authentication. The
                        >requirements
                        > > >are described in the SASL_README.
                        > > >
                        > > >> This is what I have,
                        > > >>
                        > > >> btree
                        > > >> cidr
                        > > >> environ
                        > > >> hash
                        > > >> ldap
                        > > >> mysql
                        > > >> nis
                        > > >> pcre
                        > > >> proxy
                        > > >> regexp
                        > > >> static
                        > > >> unix
                        > > >>
                        > > >> Do I need to add anything or take anything out?
                        > > >
                        > > >No, these are Postfix map types. You need libsasl to be linked into
                        > > >Postfix, the Cyrus SASL code to be included during Postfix compilation,
                        > > >Postfix SASL configuration in main.cf AND a working smtpd.conf that
                        >tells
                        > > >Cyrus SASL libsasl what it should do for Postfix smtpd.
                        > > >
                        > > >Most of your job will be to configure the Cyrus SASL framework to do
                        > > >MySQL-based authentication for the Postfix smtpd daemon. MySQL options
                        >are
                        > > >described in Cyrus SASL's options.html (or in Ralf and my book, if you
                        > > >happen to have this).
                        > > >
                        > > >The other config steps are described in SASL_README.
                        > >
                        > > Thank for the clarification !
                        > >
                        > > So, all I need to add is the libsasl when I recompile Postfix...
                        >
                        >If you find this (see the arrow ->) in your output (see the command) then
                        >everything is okay:
                        >
                        >$ ldd `/usr/sbin/postconf -h daemon_directory`/smtpd
                        > linux-gate.so.1 => (0xb7f18000)
                        > libpcre.so.0 => /lib/libpcre.so.0 (0x00abe000)
                        > libmysqlclient.so.10 => /usr/lib/mysql/libmysqlclient.so.10
                        >(0x008a7000)
                        > libm.so.6 => /lib/tls/libm.so.6 (0x0061c000)
                        >---> libsasl2.so.2 => /usr/lib/libsasl2.so.2 (0x00891000)
                        > libssl.so.4 => /lib/libssl.so.4 (0x0085b000)
                        > libcrypto.so.4 => /lib/libcrypto.so.4 (0x006e6000)
                        > libgssapi_krb5.so.2 => /usr/lib/libgssapi_krb5.so.2 (0x006d0000)
                        > libkrb5.so.3 => /usr/lib/libkrb5.so.3 (0x007d1000)
                        > libcom_err.so.2 => /lib/libcom_err.so.2 (0x006b3000)
                        > libk5crypto.so.3 => /usr/lib/libk5crypto.so.3 (0x00838000)
                        > libresolv.so.2 => /lib/libresolv.so.2 (0x0069d000)
                        > libdl.so.2 => /lib/libdl.so.2 (0x00641000)
                        > libz.so.1 => /usr/lib/libz.so.1 (0x00647000)
                        > libdb-4.2.so => /lib/tls/i686/libdb-4.2.so (0x009ee000)
                        > libnsl.so.1 => /lib/libnsl.so.1 (0x006b8000)
                        > libc.so.6 => /lib/tls/libc.so.6 (0x004ef000)
                        > libcrypt.so.1 => /lib/libcrypt.so.1 (0x0066d000)
                        > /lib/ld-linux.so.2 (0x004d5000)
                        > libpthread.so.0 => /lib/tls/libpthread.so.0 (0x00659000)
                        >
                        >In this case you already have Cyrus SASL support compiled in an 'all' you
                        >need
                        >to do is configure how libsasl2 should process authentication for the
                        >Postfix
                        >smtpd daemon (in smtpd.conf) and enable SMTP AUTH in the Postfix smtpd
                        >daemon
                        >(in main.cf).
                        >
                        >You mentioned you want to store authentication data in a MySQL database.
                        >That
                        >means
                        >- you must install the libsql.* auxprop plugin if it isn't there yet. Check
                        > your systems install directory for Cyrus-SASL.2.x (usually:
                        >/usr/lib/sasl2)
                        >- if you use the libsql.* auxprop plugin you must not use encrypted
                        >passwords
                        > in the database, but only plaintext passwords (please search the
                        >archives
                        > for explanations on that in case you wonder).
                        >- consider consequences when running smtpd daemon chrooted and using a
                        >socket
                        > to access the MySQL database - a TCP socket might be the painless
                        >solution.
                        >
                        > > One thing I was wondering was about realms. What if I configure with
                        >one
                        > > realm as in option 2, and later decide on switching to option 3. Is
                        >there
                        > > anything compliation wise I need to do? Or would moving from option 2
                        >to 3
                        > > all on the configration side?
                        >
                        >Moving from option 2 to 3 is all on the configuration side, but... There's
                        >no
                        >reason why you could not use different realms with sasldb2 from the start!
                        >
                        >The following command creates a user user@... and the following
                        >creates a user user@...:
                        >
                        ># saslpasswd2 -c -u example.com user
                        ># saslpasswd2 -c -u example.net user
                        >
                        >In case you want to go from option 2 to 3 you might want to take a look at
                        >the
                        >db-tools tool db_dump, which would dump the contents from sasldb2 so you
                        >can
                        >reuse it to build a MySQL database.
                        >
                        >p@rick
                        >
                        >
                        >
                        >--
                        >The Book of Postfix
                        ><http://www.postfix-book.com>
                        >saslfinger (debugging SMTP AUTH):
                        ><http://postfix.state-of-mind.de/patrick.koetter/saslfinger/>

                        I already have a MySQL backend...I spent a lot of time configuring it..

                        http://www.dbmail.org/

                        Does it make sense to be even considering option 2 with a MySQL backend in
                        place? I thought it would be better for users to have a non-email address
                        login...that was my only concern and from what you're saying it seems to me
                        it would just be a configuration issue later on...

                        Jim
                      • mouss
                        ... If you use mysql, there is no point in using sasldb. so go for option 3. You can then use one or more realms by tuning your sql queries. configure sasl to
                        Message 11 of 24 , Sep 28, 2006
                        • 0 Attachment
                          Jim Douglas wrote:
                          > I already have a MySQL backend...I spent a lot of time configuring it..
                          >
                          > http://www.dbmail.org/
                          >
                          > Does it make sense to be even considering option 2 with a MySQL
                          > backend in place? I thought it would be better for users to have a
                          > non-email address login...that was my only concern and from what
                          > you're saying it seems to me it would just be a configuration issue
                          > later on...

                          If you use mysql, there is no point in using sasldb. so go for option 3.
                          You can then use one or more realms by tuning your sql queries.
                          configure sasl to use the same tables as your dbmail so that users have
                          a single password for "outgoing" (SMTP) and "incoming" (IMAP/POP) mail.

                          Before you ask, here is a sample smtpd.conf (to put where your sasl
                          wants it, which is system|installation dependent)

                          pwcheck_method: auxprop
                          auxprop_plugin: sql
                          mech_list: plain login
                          sql_engine: mysql
                          sql_hostnames: 127.0.0.1
                          sql_user: xxxxxxx
                          sql_passwd: yyyyyyy
                          sql_database: mail
                          sql_select: select password from Address where user = '%u' AND domain =
                          '%r'
                          log_level: 7



                          As Patrick said, make sure to store passwords in plain text because sasl
                          doesn't support encrypted passwords in mysql (There is a patch around,
                          but sasl is already complex enough). You may use courier authdaemon via
                          sasl, or use dovecot sasl (with a recent postfix), but given that you're
                          using dbmail, this is more work than necessary.
                        • Jim Douglas
                          ... I m trying to test the SASL config and can t find any documentation on this command, server -s rcmd -p 8000 I get a server command not found error I m
                          Message 12 of 24 , Sep 29, 2006
                          • 0 Attachment
                            >From: Patrick Ben Koetter <p@...>
                            >To: postfix-users@...
                            >Subject: Re: login username / different domain
                            >Date: Thu, 28 Sep 2006 19:02:14 +0200
                            >
                            >* Jim Douglas <jdz99@...>:
                            > > >> What else would I need to compile into Postfix if I were to choose
                            > > >> option number 2 and, maybe at a later date, decide on option number
                            >3?
                            > > >
                            > > >Postfix needs to support Cyrus SASL SMTP authentication. The
                            >requirements
                            > > >are described in the SASL_README.
                            > > >
                            > > >> This is what I have,
                            > > >>
                            > > >> btree
                            > > >> cidr
                            > > >> environ
                            > > >> hash
                            > > >> ldap
                            > > >> mysql
                            > > >> nis
                            > > >> pcre
                            > > >> proxy
                            > > >> regexp
                            > > >> static
                            > > >> unix
                            > > >>
                            > > >> Do I need to add anything or take anything out?
                            > > >
                            > > >No, these are Postfix map types. You need libsasl to be linked into
                            > > >Postfix, the Cyrus SASL code to be included during Postfix compilation,
                            > > >Postfix SASL configuration in main.cf AND a working smtpd.conf that
                            >tells
                            > > >Cyrus SASL libsasl what it should do for Postfix smtpd.
                            > > >
                            > > >Most of your job will be to configure the Cyrus SASL framework to do
                            > > >MySQL-based authentication for the Postfix smtpd daemon. MySQL options
                            >are
                            > > >described in Cyrus SASL's options.html (or in Ralf and my book, if you
                            > > >happen to have this).
                            > > >
                            > > >The other config steps are described in SASL_README.
                            > >
                            > > Thank for the clarification !
                            > >
                            > > So, all I need to add is the libsasl when I recompile Postfix...
                            >
                            >If you find this (see the arrow ->) in your output (see the command) then
                            >everything is okay:
                            >
                            >$ ldd `/usr/sbin/postconf -h daemon_directory`/smtpd
                            > linux-gate.so.1 => (0xb7f18000)
                            > libpcre.so.0 => /lib/libpcre.so.0 (0x00abe000)
                            > libmysqlclient.so.10 => /usr/lib/mysql/libmysqlclient.so.10
                            >(0x008a7000)
                            > libm.so.6 => /lib/tls/libm.so.6 (0x0061c000)
                            >---> libsasl2.so.2 => /usr/lib/libsasl2.so.2 (0x00891000)
                            > libssl.so.4 => /lib/libssl.so.4 (0x0085b000)
                            > libcrypto.so.4 => /lib/libcrypto.so.4 (0x006e6000)
                            > libgssapi_krb5.so.2 => /usr/lib/libgssapi_krb5.so.2 (0x006d0000)
                            > libkrb5.so.3 => /usr/lib/libkrb5.so.3 (0x007d1000)
                            > libcom_err.so.2 => /lib/libcom_err.so.2 (0x006b3000)
                            > libk5crypto.so.3 => /usr/lib/libk5crypto.so.3 (0x00838000)
                            > libresolv.so.2 => /lib/libresolv.so.2 (0x0069d000)
                            > libdl.so.2 => /lib/libdl.so.2 (0x00641000)
                            > libz.so.1 => /usr/lib/libz.so.1 (0x00647000)
                            > libdb-4.2.so => /lib/tls/i686/libdb-4.2.so (0x009ee000)
                            > libnsl.so.1 => /lib/libnsl.so.1 (0x006b8000)
                            > libc.so.6 => /lib/tls/libc.so.6 (0x004ef000)
                            > libcrypt.so.1 => /lib/libcrypt.so.1 (0x0066d000)
                            > /lib/ld-linux.so.2 (0x004d5000)
                            > libpthread.so.0 => /lib/tls/libpthread.so.0 (0x00659000)
                            >
                            >In this case you already have Cyrus SASL support compiled in an 'all' you
                            >need
                            >to do is configure how libsasl2 should process authentication for the
                            >Postfix
                            >smtpd daemon (in smtpd.conf) and enable SMTP AUTH in the Postfix smtpd
                            >daemon
                            >(in main.cf).
                            >
                            >You mentioned you want to store authentication data in a MySQL database.
                            >That
                            >means
                            >- you must install the libsql.* auxprop plugin if it isn't there yet. Check
                            > your systems install directory for Cyrus-SASL.2.x (usually:
                            >/usr/lib/sasl2)
                            >- if you use the libsql.* auxprop plugin you must not use encrypted
                            >passwords
                            > in the database, but only plaintext passwords (please search the
                            >archives
                            > for explanations on that in case you wonder).
                            >- consider consequences when running smtpd daemon chrooted and using a
                            >socket
                            > to access the MySQL database - a TCP socket might be the painless
                            >solution.
                            >
                            > > One thing I was wondering was about realms. What if I configure with
                            >one
                            > > realm as in option 2, and later decide on switching to option 3. Is
                            >there
                            > > anything compliation wise I need to do? Or would moving from option 2
                            >to 3
                            > > all on the configration side?
                            >
                            >Moving from option 2 to 3 is all on the configuration side, but... There's
                            >no
                            >reason why you could not use different realms with sasldb2 from the start!
                            >
                            >The following command creates a user user@... and the following
                            >creates a user user@...:
                            >
                            ># saslpasswd2 -c -u example.com user
                            ># saslpasswd2 -c -u example.net user
                            >
                            >In case you want to go from option 2 to 3 you might want to take a look at
                            >the
                            >db-tools tool db_dump, which would dump the contents from sasldb2 so you
                            >can
                            >reuse it to build a MySQL database.
                            >
                            >p@rick
                            >
                            >
                            >
                            >--
                            >The Book of Postfix
                            ><http://www.postfix-book.com>
                            >saslfinger (debugging SMTP AUTH):
                            ><http://postfix.state-of-mind.de/patrick.koetter/saslfinger/>


                            I'm trying to test the SASL config and can't find any documentation on this
                            command,

                            server -s rcmd -p 8000
                            I get a "server" command not found" error

                            I'm on FC5...I installed rcmd. How else can I test the SASL config?

                            Thanks,
                            Jim
                          • Jim Douglas
                            ... When I run this command, ... I get.. ldd: postconf -h /etc/init.d/smptd: No such file or directory Why is that? When I build Postfix there were the option
                            Message 13 of 24 , Sep 29, 2006
                            • 0 Attachment
                              >From: Patrick Ben Koetter <p@...>
                              >To: postfix-users@...
                              >Subject: Re: login username / different domain
                              >Date: Thu, 28 Sep 2006 19:02:14 +0200
                              >
                              >* Jim Douglas <jdz99@...>:
                              > > >> What else would I need to compile into Postfix if I were to choose
                              > > >> option number 2 and, maybe at a later date, decide on option number
                              >3?
                              > > >
                              > > >Postfix needs to support Cyrus SASL SMTP authentication. The
                              >requirements
                              > > >are described in the SASL_README.
                              > > >
                              > > >> This is what I have,
                              > > >>
                              > > >> btree
                              > > >> cidr
                              > > >> environ
                              > > >> hash
                              > > >> ldap
                              > > >> mysql
                              > > >> nis
                              > > >> pcre
                              > > >> proxy
                              > > >> regexp
                              > > >> static
                              > > >> unix
                              > > >>
                              > > >> Do I need to add anything or take anything out?
                              > > >
                              > > >No, these are Postfix map types. You need libsasl to be linked into
                              > > >Postfix, the Cyrus SASL code to be included during Postfix compilation,
                              > > >Postfix SASL configuration in main.cf AND a working smtpd.conf that
                              >tells
                              > > >Cyrus SASL libsasl what it should do for Postfix smtpd.
                              > > >
                              > > >Most of your job will be to configure the Cyrus SASL framework to do
                              > > >MySQL-based authentication for the Postfix smtpd daemon. MySQL options
                              >are
                              > > >described in Cyrus SASL's options.html (or in Ralf and my book, if you
                              > > >happen to have this).
                              > > >
                              > > >The other config steps are described in SASL_README.
                              > >
                              > > Thank for the clarification !
                              > >
                              > > So, all I need to add is the libsasl when I recompile Postfix...
                              >
                              >If you find this (see the arrow ->) in your output (see the command) then
                              >everything is okay:
                              >
                              >$ ldd `/usr/sbin/postconf -h daemon_directory`/smtpd
                              > linux-gate.so.1 => (0xb7f18000)
                              > libpcre.so.0 => /lib/libpcre.so.0 (0x00abe000)
                              > libmysqlclient.so.10 => /usr/lib/mysql/libmysqlclient.so.10
                              >(0x008a7000)
                              > libm.so.6 => /lib/tls/libm.so.6 (0x0061c000)
                              >---> libsasl2.so.2 => /usr/lib/libsasl2.so.2 (0x00891000)
                              > libssl.so.4 => /lib/libssl.so.4 (0x0085b000)
                              > libcrypto.so.4 => /lib/libcrypto.so.4 (0x006e6000)
                              > libgssapi_krb5.so.2 => /usr/lib/libgssapi_krb5.so.2 (0x006d0000)
                              > libkrb5.so.3 => /usr/lib/libkrb5.so.3 (0x007d1000)
                              > libcom_err.so.2 => /lib/libcom_err.so.2 (0x006b3000)
                              > libk5crypto.so.3 => /usr/lib/libk5crypto.so.3 (0x00838000)
                              > libresolv.so.2 => /lib/libresolv.so.2 (0x0069d000)
                              > libdl.so.2 => /lib/libdl.so.2 (0x00641000)
                              > libz.so.1 => /usr/lib/libz.so.1 (0x00647000)
                              > libdb-4.2.so => /lib/tls/i686/libdb-4.2.so (0x009ee000)
                              > libnsl.so.1 => /lib/libnsl.so.1 (0x006b8000)
                              > libc.so.6 => /lib/tls/libc.so.6 (0x004ef000)
                              > libcrypt.so.1 => /lib/libcrypt.so.1 (0x0066d000)
                              > /lib/ld-linux.so.2 (0x004d5000)
                              > libpthread.so.0 => /lib/tls/libpthread.so.0 (0x00659000)
                              >
                              >In this case you already have Cyrus SASL support compiled in an 'all' you
                              >need
                              >to do is configure how libsasl2 should process authentication for the
                              >Postfix
                              >smtpd daemon (in smtpd.conf) and enable SMTP AUTH in the Postfix smtpd
                              >daemon
                              >(in main.cf).
                              >
                              >You mentioned you want to store authentication data in a MySQL database.
                              >That
                              >means
                              >- you must install the libsql.* auxprop plugin if it isn't there yet. Check
                              > your systems install directory for Cyrus-SASL.2.x (usually:
                              >/usr/lib/sasl2)
                              >- if you use the libsql.* auxprop plugin you must not use encrypted
                              >passwords
                              > in the database, but only plaintext passwords (please search the
                              >archives
                              > for explanations on that in case you wonder).
                              >- consider consequences when running smtpd daemon chrooted and using a
                              >socket
                              > to access the MySQL database - a TCP socket might be the painless
                              >solution.
                              >
                              > > One thing I was wondering was about realms. What if I configure with
                              >one
                              > > realm as in option 2, and later decide on switching to option 3. Is
                              >there
                              > > anything compliation wise I need to do? Or would moving from option 2
                              >to 3
                              > > all on the configration side?
                              >
                              >Moving from option 2 to 3 is all on the configuration side, but... There's
                              >no
                              >reason why you could not use different realms with sasldb2 from the start!
                              >
                              >The following command creates a user user@... and the following
                              >creates a user user@...:
                              >
                              ># saslpasswd2 -c -u example.com user
                              ># saslpasswd2 -c -u example.net user
                              >
                              >In case you want to go from option 2 to 3 you might want to take a look at
                              >the
                              >db-tools tool db_dump, which would dump the contents from sasldb2 so you
                              >can
                              >reuse it to build a MySQL database.
                              >
                              >p@rick
                              >
                              >
                              >
                              >--
                              >The Book of Postfix
                              ><http://www.postfix-book.com>
                              >saslfinger (debugging SMTP AUTH):
                              ><http://postfix.state-of-mind.de/patrick.koetter/saslfinger/>

                              When I run this command,

                              >$ ldd `/usr/sbin/postconf -h /etc/init.d/daemon_directory`/smtpd

                              I get..

                              ldd: postconf -h /etc/init.d/smptd: No such file or directory

                              Why is that? When I build Postfix there were the option in the
                              posftix.spec,
                              %define LDAP 2
                              %define MYSQL 1
                              %define PCRE 1
                              %define SASL 2
                              %define TLS 1
                              %define IPV6 1
                              %define POSTDROP_GID 90
                              %define PFLOGSUMM 1

                              I should have SASL in there at this point....

                              Jim
                            • Jim Douglas
                              ... I couldn t get this command to run, ldd `/usr/sbin/postconf -h /etc/init.d`/smtpd it said, ldd: /usr/sbin/postconf -h /etc/init.d/smtpd No such file or
                              Message 14 of 24 , Sep 29, 2006
                              • 0 Attachment
                                >From: Patrick Ben Koetter <p@...>
                                >To: postfix-users@...
                                >Subject: Re: login username / different domain
                                >Date: Thu, 28 Sep 2006 19:02:14 +0200
                                >
                                >* Jim Douglas <jdz99@...>:
                                > > >> What else would I need to compile into Postfix if I were to choose
                                > > >> option number 2 and, maybe at a later date, decide on option number
                                >3?
                                > > >
                                > > >Postfix needs to support Cyrus SASL SMTP authentication. The
                                >requirements
                                > > >are described in the SASL_README.
                                > > >
                                > > >> This is what I have,
                                > > >>
                                > > >> btree
                                > > >> cidr
                                > > >> environ
                                > > >> hash
                                > > >> ldap
                                > > >> mysql
                                > > >> nis
                                > > >> pcre
                                > > >> proxy
                                > > >> regexp
                                > > >> static
                                > > >> unix
                                > > >>
                                > > >> Do I need to add anything or take anything out?
                                > > >
                                > > >No, these are Postfix map types. You need libsasl to be linked into
                                > > >Postfix, the Cyrus SASL code to be included during Postfix compilation,
                                > > >Postfix SASL configuration in main.cf AND a working smtpd.conf that
                                >tells
                                > > >Cyrus SASL libsasl what it should do for Postfix smtpd.
                                > > >
                                > > >Most of your job will be to configure the Cyrus SASL framework to do
                                > > >MySQL-based authentication for the Postfix smtpd daemon. MySQL options
                                >are
                                > > >described in Cyrus SASL's options.html (or in Ralf and my book, if you
                                > > >happen to have this).
                                > > >
                                > > >The other config steps are described in SASL_README.
                                > >
                                > > Thank for the clarification !
                                > >
                                > > So, all I need to add is the libsasl when I recompile Postfix...
                                >
                                >If you find this (see the arrow ->) in your output (see the command) then
                                >everything is okay:
                                >
                                >$ ldd `/usr/sbin/postconf -h daemon_directory`/smtpd
                                > linux-gate.so.1 => (0xb7f18000)
                                > libpcre.so.0 => /lib/libpcre.so.0 (0x00abe000)
                                > libmysqlclient.so.10 => /usr/lib/mysql/libmysqlclient.so.10
                                >(0x008a7000)
                                > libm.so.6 => /lib/tls/libm.so.6 (0x0061c000)
                                >---> libsasl2.so.2 => /usr/lib/libsasl2.so.2 (0x00891000)
                                > libssl.so.4 => /lib/libssl.so.4 (0x0085b000)
                                > libcrypto.so.4 => /lib/libcrypto.so.4 (0x006e6000)
                                > libgssapi_krb5.so.2 => /usr/lib/libgssapi_krb5.so.2 (0x006d0000)
                                > libkrb5.so.3 => /usr/lib/libkrb5.so.3 (0x007d1000)
                                > libcom_err.so.2 => /lib/libcom_err.so.2 (0x006b3000)
                                > libk5crypto.so.3 => /usr/lib/libk5crypto.so.3 (0x00838000)
                                > libresolv.so.2 => /lib/libresolv.so.2 (0x0069d000)
                                > libdl.so.2 => /lib/libdl.so.2 (0x00641000)
                                > libz.so.1 => /usr/lib/libz.so.1 (0x00647000)
                                > libdb-4.2.so => /lib/tls/i686/libdb-4.2.so (0x009ee000)
                                > libnsl.so.1 => /lib/libnsl.so.1 (0x006b8000)
                                > libc.so.6 => /lib/tls/libc.so.6 (0x004ef000)
                                > libcrypt.so.1 => /lib/libcrypt.so.1 (0x0066d000)
                                > /lib/ld-linux.so.2 (0x004d5000)
                                > libpthread.so.0 => /lib/tls/libpthread.so.0 (0x00659000)
                                >
                                >In this case you already have Cyrus SASL support compiled in an 'all' you
                                >need
                                >to do is configure how libsasl2 should process authentication for the
                                >Postfix
                                >smtpd daemon (in smtpd.conf) and enable SMTP AUTH in the Postfix smtpd
                                >daemon
                                >(in main.cf).
                                >
                                >You mentioned you want to store authentication data in a MySQL database.
                                >That
                                >means
                                >- you must install the libsql.* auxprop plugin if it isn't there yet. Check
                                > your systems install directory for Cyrus-SASL.2.x (usually:
                                >/usr/lib/sasl2)
                                >- if you use the libsql.* auxprop plugin you must not use encrypted
                                >passwords
                                > in the database, but only plaintext passwords (please search the
                                >archives
                                > for explanations on that in case you wonder).
                                >- consider consequences when running smtpd daemon chrooted and using a
                                >socket
                                > to access the MySQL database - a TCP socket might be the painless
                                >solution.
                                >
                                > > One thing I was wondering was about realms. What if I configure with
                                >one
                                > > realm as in option 2, and later decide on switching to option 3. Is
                                >there
                                > > anything compliation wise I need to do? Or would moving from option 2
                                >to 3
                                > > all on the configration side?
                                >
                                >Moving from option 2 to 3 is all on the configuration side, but... There's
                                >no
                                >reason why you could not use different realms with sasldb2 from the start!
                                >
                                >The following command creates a user user@... and the following
                                >creates a user user@...:
                                >
                                ># saslpasswd2 -c -u example.com user
                                ># saslpasswd2 -c -u example.net user
                                >
                                >In case you want to go from option 2 to 3 you might want to take a look at
                                >the
                                >db-tools tool db_dump, which would dump the contents from sasldb2 so you
                                >can
                                >reuse it to build a MySQL database.
                                >
                                >p@rick
                                >
                                >
                                >
                                >--
                                >The Book of Postfix
                                ><http://www.postfix-book.com>
                                >saslfinger (debugging SMTP AUTH):
                                ><http://postfix.state-of-mind.de/patrick.koetter/saslfinger/>

                                I couldn't get this command to run,
                                ldd `/usr/sbin/postconf -h /etc/init.d`/smtpd
                                it said,
                                ldd: /usr/sbin/postconf -h /etc/init.d/smtpd "No such file or directory"

                                I tried the following,
                                sals2-sample-server -s rcmd -p 8000 (I tried a number os sockets)
                                ..and I get,

                                trying 10, 1, 6
                                trying 2, 1, 6
                                bind: Address already in use
                                couldn't bind to any socket.

                                I run saslfinger and I see,
                                -- smtpd is linked to --
                                libsasl2.so.2 => /usr/lib/libsasl2.so.2 (0x0013f000)
                                ...so it looks like I compiled Postfix/SASL ok...


                                ..here's the rest of the output..

                                saslfinger - postfix Cyrus sasl configuration Fri Sep 29 21:29:35 EDT 2006
                                version: 1.0
                                mode: server-side SMTP AUTH

                                -- basics --
                                Postfix: 2.3.3
                                System: Fedora Core release 5 (Bordeaux)
                                -- smtpd is linked to --
                                libsasl2.so.2 => /usr/lib/libsasl2.so.2 (0x0013f000)

                                -- active SMTP AUTH and TLS parameters for smtpd --
                                broken_sasl_auth_clients = yes
                                smtpd_sasl_auth_enable = yes
                                smtpd_sasl_authenticated_header = yes
                                smtpd_sasl_local_domain =
                                smtpd_sasl_security_options = noanonymous


                                -- listing of /usr/lib/sasl --
                                total 124
                                drwxr-xr-x 2 root root 4096 Sep 29 14:31 .
                                drwxr-xr-x 125 root root 110592 Sep 29 17:13 ..
                                -rw-r--r-- 1 root root 47 Sep 29 14:03 smtpd.conf

                                -- listing of /usr/lib/sasl2 --
                                total 3048
                                drwxr-xr-x 2 root root 4096 Sep 29 20:07 .
                                drwxr-xr-x 125 root root 110592 Sep 29 17:13 ..
                                -rwxr-xr-x 1 root root 884 Feb 20 2006 libanonymous.la
                                -rwxr-xr-x 1 root root 14668 Feb 20 2006 libanonymous.so
                                -rwxr-xr-x 1 root root 14668 Feb 20 2006 libanonymous.so.2
                                -rwxr-xr-x 1 root root 14668 Feb 20 2006 libanonymous.so.2.0.21
                                -rwxr-xr-x 1 root root 856 Feb 20 2006 liblogin.la
                                -rwxr-xr-x 1 root root 15080 Feb 20 2006 liblogin.so
                                -rwxr-xr-x 1 root root 15080 Feb 20 2006 liblogin.so.2
                                -rwxr-xr-x 1 root root 15080 Feb 20 2006 liblogin.so.2.0.21
                                -rwxr-xr-x 1 root root 856 Feb 20 2006 libplain.la
                                -rwxr-xr-x 1 root root 15144 Feb 20 2006 libplain.so
                                -rwxr-xr-x 1 root root 15144 Feb 20 2006 libplain.so.2
                                -rwxr-xr-x 1 root root 15144 Feb 20 2006 libplain.so.2.0.21
                                -rwxr-xr-x 1 root root 941 Feb 20 2006 libsasldb.la
                                -rwxr-xr-x 1 root root 909324 Feb 20 2006 libsasldb.so
                                -rwxr-xr-x 1 root root 909324 Feb 20 2006 libsasldb.so.2
                                -rwxr-xr-x 1 root root 909324 Feb 20 2006 libsasldb.so.2.0.21
                                -rw-r--r-- 1 root root 262 Sep 29 20:07 sample.conf
                                -rw-r--r-- 1 root root 262 Sep 29 20:07 smtpd.conf
                                -rw-r--r-- 1 root root 275 Sep 29 20:07 smtpd.conf~




                                -- content of /usr/lib/sasl/smtpd.conf --
                                pwcheck_method: saslauthd
                                saslauthd_version: 2

                                -- content of /usr/lib/sasl2/smtpd.conf --
                                log_level: 3

                                pwcheck_method: auxprop

                                auxprop_plugin: sql
                                mech_list: plain login
                                sql_engine: mysql
                                sql_hostnames: 127.0.0.1
                                sql_user: --- replaced ---
                                sql_passwd: --- replaced ---
                                sql_database: dbmail
                                sql_select: select passwd from dbmail_users where userid = '%u' and passwd=
                                '%r'

                                -- active services in /etc/postfix/master.cf --
                                # service type private unpriv chroot wakeup maxproc command + args
                                # (yes) (yes) (yes) (never) (100)
                                smtp inet n - n - - smtpd
                                pickup fifo n - n 60 1 pickup
                                cleanup unix n - n - 0 cleanup
                                qmgr fifo n - n 300 1 qmgr
                                tlsmgr unix - - n 1000? 1 tlsmgr
                                rewrite unix - - n - - trivial-rewrite
                                bounce unix - - n - 0 bounce
                                defer unix - - n - 0 bounce
                                trace unix - - n - 0 bounce
                                verify unix - - n - 1 verify
                                flush unix n - n 1000? 0 flush
                                proxymap unix - - n - - proxymap
                                smtp unix - - n - - smtp
                                relay unix - - n - - smtp
                                -o fallback_relay=
                                showq unix n - n - - showq
                                error unix - - n - - error
                                discard unix - - n - - discard
                                local unix - n n - - local
                                virtual unix - n n - - virtual
                                lmtp unix - - n - - lmtp
                                anvil unix - - n - 1 anvil
                                scache unix - - n - 1 scache


                                dbmail-lmtp unix - - n - - lmtp -v

                                maildrop unix - n n - - pipe
                                flags=DRhu user=vmail argv=/usr/local/bin/maildrop -d ${recipient}


                                old-cyrus unix - n n - - pipe
                                flags=R user=cyrus argv=/usr/lib/cyrus-imapd/deliver -e -m ${extension}
                                ${user}
                                cyrus unix - n n - - pipe
                                user=cyrus argv=/usr/lib/cyrus-imapd/deliver -e -r ${sender} -m ${extension}
                                ${user}
                                uucp unix - n n - - pipe
                                flags=Fqhu user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail
                                ($recipient)
                                ifmail unix - n n - - pipe
                                flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient)
                                bsmtp unix - n n - - pipe
                                flags=Fq. user=foo argv=/usr/local/sbin/bsmtp -f $sender $nexthop $recipient

                                -- mechanisms on localhost --
                                250-AUTH LOGIN PLAIN
                                250-AUTH=LOGIN PLAIN

                                -- end of saslfinger output --

                                I appreciate any feedback...I don't know what to try next..

                                Thanks,
                                Jim
                              • Patrick Ben Koetter
                                ... If you compare your statement below with mine above, then WHERE in my example did I specify /etc/init.d to be part of the command? ... yes. ... Follow
                                Message 15 of 24 , Sep 30, 2006
                                • 0 Attachment
                                  * Jim Douglas <jdz99@...>:
                                  > >If you find this (see the arrow ->) in your output (see the command) then
                                  > >everything is okay:
                                  > >
                                  > >$ ldd `/usr/sbin/postconf -h daemon_directory`/smtpd
                                  > > linux-gate.so.1 => (0xb7f18000)
                                  > > libpcre.so.0 => /lib/libpcre.so.0 (0x00abe000)
                                  > > libmysqlclient.so.10 => /usr/lib/mysql/libmysqlclient.so.10
                                  > >(0x008a7000)
                                  > > libm.so.6 => /lib/tls/libm.so.6 (0x0061c000)
                                  > >---> libsasl2.so.2 => /usr/lib/libsasl2.so.2 (0x00891000)
                                  > > libssl.so.4 => /lib/libssl.so.4 (0x0085b000)
                                  > > libcrypto.so.4 => /lib/libcrypto.so.4 (0x006e6000)
                                  > > libgssapi_krb5.so.2 => /usr/lib/libgssapi_krb5.so.2 (0x006d0000)
                                  > > libkrb5.so.3 => /usr/lib/libkrb5.so.3 (0x007d1000)
                                  > > libcom_err.so.2 => /lib/libcom_err.so.2 (0x006b3000)
                                  > > libk5crypto.so.3 => /usr/lib/libk5crypto.so.3 (0x00838000)
                                  > > libresolv.so.2 => /lib/libresolv.so.2 (0x0069d000)
                                  > > libdl.so.2 => /lib/libdl.so.2 (0x00641000)
                                  > > libz.so.1 => /usr/lib/libz.so.1 (0x00647000)
                                  > > libdb-4.2.so => /lib/tls/i686/libdb-4.2.so (0x009ee000)
                                  > > libnsl.so.1 => /lib/libnsl.so.1 (0x006b8000)
                                  > > libc.so.6 => /lib/tls/libc.so.6 (0x004ef000)
                                  > > libcrypt.so.1 => /lib/libcrypt.so.1 (0x0066d000)
                                  > > /lib/ld-linux.so.2 (0x004d5000)
                                  > > libpthread.so.0 => /lib/tls/libpthread.so.0 (0x00659000)
                                  > >

                                  If you compare your statement below with mine above, then WHERE in my example
                                  did I specify "/etc/init.d" to be part of the command?


                                  > I couldn't get this command to run,
                                  > ldd `/usr/sbin/postconf -h /etc/init.d`/smtpd
                                  > it said,
                                  > ldd: /usr/sbin/postconf -h /etc/init.d/smtpd "No such file or directory"
                                  >
                                  > I tried the following,
                                  > sals2-sample-server -s rcmd -p 8000 (I tried a number os sockets)
                                  > ..and I get,
                                  >
                                  > trying 10, 1, 6
                                  > trying 2, 1, 6
                                  > bind: Address already in use
                                  > couldn't bind to any socket.
                                  >
                                  > I run saslfinger and I see,
                                  > -- smtpd is linked to --
                                  > libsasl2.so.2 => /usr/lib/libsasl2.so.2 (0x0013f000)
                                  > ...so it looks like I compiled Postfix/SASL ok...

                                  yes.


                                  > ..here's the rest of the output..
                                  >
                                  > saslfinger - postfix Cyrus sasl configuration Fri Sep 29 21:29:35 EDT 2006
                                  > version: 1.0
                                  > mode: server-side SMTP AUTH
                                  >
                                  > -- basics --
                                  > Postfix: 2.3.3
                                  > System: Fedora Core release 5 (Bordeaux)
                                  > -- smtpd is linked to --
                                  > libsasl2.so.2 => /usr/lib/libsasl2.so.2 (0x0013f000)
                                  >
                                  > -- active SMTP AUTH and TLS parameters for smtpd --
                                  > broken_sasl_auth_clients = yes
                                  > smtpd_sasl_auth_enable = yes
                                  > smtpd_sasl_authenticated_header = yes
                                  > smtpd_sasl_local_domain =
                                  > smtpd_sasl_security_options = noanonymous
                                  >
                                  >
                                  > -- listing of /usr/lib/sasl --
                                  > total 124
                                  > drwxr-xr-x 2 root root 4096 Sep 29 14:31 .
                                  > drwxr-xr-x 125 root root 110592 Sep 29 17:13 ..
                                  > -rw-r--r-- 1 root root 47 Sep 29 14:03 smtpd.conf
                                  >
                                  > -- listing of /usr/lib/sasl2 --
                                  > total 3048
                                  > drwxr-xr-x 2 root root 4096 Sep 29 20:07 .
                                  > drwxr-xr-x 125 root root 110592 Sep 29 17:13 ..
                                  > -rwxr-xr-x 1 root root 884 Feb 20 2006 libanonymous.la
                                  > -rwxr-xr-x 1 root root 14668 Feb 20 2006 libanonymous.so
                                  > -rwxr-xr-x 1 root root 14668 Feb 20 2006 libanonymous.so.2
                                  > -rwxr-xr-x 1 root root 14668 Feb 20 2006 libanonymous.so.2.0.21
                                  > -rwxr-xr-x 1 root root 856 Feb 20 2006 liblogin.la
                                  > -rwxr-xr-x 1 root root 15080 Feb 20 2006 liblogin.so
                                  > -rwxr-xr-x 1 root root 15080 Feb 20 2006 liblogin.so.2
                                  > -rwxr-xr-x 1 root root 15080 Feb 20 2006 liblogin.so.2.0.21
                                  > -rwxr-xr-x 1 root root 856 Feb 20 2006 libplain.la
                                  > -rwxr-xr-x 1 root root 15144 Feb 20 2006 libplain.so
                                  > -rwxr-xr-x 1 root root 15144 Feb 20 2006 libplain.so.2
                                  > -rwxr-xr-x 1 root root 15144 Feb 20 2006 libplain.so.2.0.21
                                  > -rwxr-xr-x 1 root root 941 Feb 20 2006 libsasldb.la
                                  > -rwxr-xr-x 1 root root 909324 Feb 20 2006 libsasldb.so
                                  > -rwxr-xr-x 1 root root 909324 Feb 20 2006 libsasldb.so.2
                                  > -rwxr-xr-x 1 root root 909324 Feb 20 2006 libsasldb.so.2.0.21
                                  > -rw-r--r-- 1 root root 262 Sep 29 20:07 sample.conf
                                  > -rw-r--r-- 1 root root 262 Sep 29 20:07 smtpd.conf
                                  > -rw-r--r-- 1 root root 275 Sep 29 20:07 smtpd.conf~
                                  >
                                  >
                                  >
                                  >
                                  > -- content of /usr/lib/sasl/smtpd.conf --
                                  > pwcheck_method: saslauthd
                                  > saslauthd_version: 2
                                  >
                                  > -- content of /usr/lib/sasl2/smtpd.conf --
                                  > log_level: 3
                                  >
                                  > pwcheck_method: auxprop
                                  >
                                  > auxprop_plugin: sql
                                  > mech_list: plain login
                                  > sql_engine: mysql
                                  > sql_hostnames: 127.0.0.1
                                  > sql_user: --- replaced ---
                                  > sql_passwd: --- replaced ---
                                  > sql_database: dbmail
                                  > sql_select: select passwd from dbmail_users where userid = '%u' and passwd=
                                  > '%r'
                                  >
                                  > -- active services in /etc/postfix/master.cf --
                                  > # service type private unpriv chroot wakeup maxproc command + args
                                  > # (yes) (yes) (yes) (never) (100)
                                  > smtp inet n - n - - smtpd
                                  > pickup fifo n - n 60 1 pickup
                                  > cleanup unix n - n - 0 cleanup
                                  > qmgr fifo n - n 300 1 qmgr
                                  > tlsmgr unix - - n 1000? 1 tlsmgr
                                  > rewrite unix - - n - - trivial-rewrite
                                  > bounce unix - - n - 0 bounce
                                  > defer unix - - n - 0 bounce
                                  > trace unix - - n - 0 bounce
                                  > verify unix - - n - 1 verify
                                  > flush unix n - n 1000? 0 flush
                                  > proxymap unix - - n - - proxymap
                                  > smtp unix - - n - - smtp
                                  > relay unix - - n - - smtp
                                  > -o fallback_relay=
                                  > showq unix n - n - - showq
                                  > error unix - - n - - error
                                  > discard unix - - n - - discard
                                  > local unix - n n - - local
                                  > virtual unix - n n - - virtual
                                  > lmtp unix - - n - - lmtp
                                  > anvil unix - - n - 1 anvil
                                  > scache unix - - n - 1 scache
                                  >
                                  >
                                  > dbmail-lmtp unix - - n - - lmtp -v
                                  >
                                  > maildrop unix - n n - - pipe
                                  > flags=DRhu user=vmail argv=/usr/local/bin/maildrop -d ${recipient}
                                  >
                                  >
                                  > old-cyrus unix - n n - - pipe
                                  > flags=R user=cyrus argv=/usr/lib/cyrus-imapd/deliver -e -m ${extension}
                                  > ${user}
                                  > cyrus unix - n n - - pipe
                                  > user=cyrus argv=/usr/lib/cyrus-imapd/deliver -e -r ${sender} -m
                                  > ${extension} ${user}
                                  > uucp unix - n n - - pipe
                                  > flags=Fqhu user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail
                                  > ($recipient)
                                  > ifmail unix - n n - - pipe
                                  > flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient)
                                  > bsmtp unix - n n - - pipe
                                  > flags=Fq. user=foo argv=/usr/local/sbin/bsmtp -f $sender $nexthop $recipient
                                  >
                                  > -- mechanisms on localhost --
                                  > 250-AUTH LOGIN PLAIN
                                  > 250-AUTH=LOGIN PLAIN
                                  >
                                  > -- end of saslfinger output --
                                  >
                                  > I appreciate any feedback...I don't know what to try next..

                                  Follow the advice I gave in my previous mails? You, for example, don't have
                                  libsql* in /usr/lib/sasl2. Check my mails and mousses config advice for
                                  smtpd.conf. Everything you need has been described.

                                  p@rick

                                  --
                                  The Book of Postfix
                                  <http://www.postfix-book.com>
                                  saslfinger (debugging SMTP AUTH):
                                  <http://postfix.state-of-mind.de/patrick.koetter/saslfinger/>
                                • Jim Douglas
                                  ... I thought the `/usr/sbin/postconf -h /etc/init.d`/smtpd, was using single quotes, my mistake... It looks like my problem is that I have been compiling SASL
                                  Message 16 of 24 , Sep 30, 2006
                                  • 0 Attachment
                                    >From: Patrick Ben Koetter <p@...>
                                    >To: postfix-users@...
                                    >Subject: Re: login username / different domain
                                    >Date: Sat, 30 Sep 2006 10:09:08 +0200
                                    >
                                    >* Jim Douglas <jdz99@...>:
                                    > > >If you find this (see the arrow ->) in your output (see the command)
                                    >then
                                    > > >everything is okay:
                                    > > >
                                    > > >$ ldd `/usr/sbin/postconf -h daemon_directory`/smtpd
                                    > > > linux-gate.so.1 => (0xb7f18000)
                                    > > > libpcre.so.0 => /lib/libpcre.so.0 (0x00abe000)
                                    > > > libmysqlclient.so.10 => /usr/lib/mysql/libmysqlclient.so.10
                                    > > >(0x008a7000)
                                    > > > libm.so.6 => /lib/tls/libm.so.6 (0x0061c000)
                                    > > >---> libsasl2.so.2 => /usr/lib/libsasl2.so.2 (0x00891000)
                                    > > > libssl.so.4 => /lib/libssl.so.4 (0x0085b000)
                                    > > > libcrypto.so.4 => /lib/libcrypto.so.4 (0x006e6000)
                                    > > > libgssapi_krb5.so.2 => /usr/lib/libgssapi_krb5.so.2
                                    >(0x006d0000)
                                    > > > libkrb5.so.3 => /usr/lib/libkrb5.so.3 (0x007d1000)
                                    > > > libcom_err.so.2 => /lib/libcom_err.so.2 (0x006b3000)
                                    > > > libk5crypto.so.3 => /usr/lib/libk5crypto.so.3 (0x00838000)
                                    > > > libresolv.so.2 => /lib/libresolv.so.2 (0x0069d000)
                                    > > > libdl.so.2 => /lib/libdl.so.2 (0x00641000)
                                    > > > libz.so.1 => /usr/lib/libz.so.1 (0x00647000)
                                    > > > libdb-4.2.so => /lib/tls/i686/libdb-4.2.so (0x009ee000)
                                    > > > libnsl.so.1 => /lib/libnsl.so.1 (0x006b8000)
                                    > > > libc.so.6 => /lib/tls/libc.so.6 (0x004ef000)
                                    > > > libcrypt.so.1 => /lib/libcrypt.so.1 (0x0066d000)
                                    > > > /lib/ld-linux.so.2 (0x004d5000)
                                    > > > libpthread.so.0 => /lib/tls/libpthread.so.0 (0x00659000)
                                    > > >
                                    >
                                    >If you compare your statement below with mine above, then WHERE in my
                                    >example
                                    >did I specify "/etc/init.d" to be part of the command?
                                    >
                                    >
                                    > > I couldn't get this command to run,
                                    > > ldd `/usr/sbin/postconf -h /etc/init.d`/smtpd
                                    > > it said,
                                    > > ldd: /usr/sbin/postconf -h /etc/init.d/smtpd "No such file or directory"
                                    > >
                                    > > I tried the following,
                                    > > sals2-sample-server -s rcmd -p 8000 (I tried a number os sockets)
                                    > > ..and I get,
                                    > >
                                    > > trying 10, 1, 6
                                    > > trying 2, 1, 6
                                    > > bind: Address already in use
                                    > > couldn't bind to any socket.
                                    > >
                                    > > I run saslfinger and I see,
                                    > > -- smtpd is linked to --
                                    > > libsasl2.so.2 => /usr/lib/libsasl2.so.2 (0x0013f000)
                                    > > ...so it looks like I compiled Postfix/SASL ok...
                                    >
                                    >yes.
                                    >
                                    >
                                    > > ..here's the rest of the output..
                                    > >
                                    > > saslfinger - postfix Cyrus sasl configuration Fri Sep 29 21:29:35 EDT
                                    >2006
                                    > > version: 1.0
                                    > > mode: server-side SMTP AUTH
                                    > >
                                    > > -- basics --
                                    > > Postfix: 2.3.3
                                    > > System: Fedora Core release 5 (Bordeaux)
                                    > > -- smtpd is linked to --
                                    > > libsasl2.so.2 => /usr/lib/libsasl2.so.2 (0x0013f000)
                                    > >
                                    > > -- active SMTP AUTH and TLS parameters for smtpd --
                                    > > broken_sasl_auth_clients = yes
                                    > > smtpd_sasl_auth_enable = yes
                                    > > smtpd_sasl_authenticated_header = yes
                                    > > smtpd_sasl_local_domain =
                                    > > smtpd_sasl_security_options = noanonymous
                                    > >
                                    > >
                                    > > -- listing of /usr/lib/sasl --
                                    > > total 124
                                    > > drwxr-xr-x 2 root root 4096 Sep 29 14:31 .
                                    > > drwxr-xr-x 125 root root 110592 Sep 29 17:13 ..
                                    > > -rw-r--r-- 1 root root 47 Sep 29 14:03 smtpd.conf
                                    > >
                                    > > -- listing of /usr/lib/sasl2 --
                                    > > total 3048
                                    > > drwxr-xr-x 2 root root 4096 Sep 29 20:07 .
                                    > > drwxr-xr-x 125 root root 110592 Sep 29 17:13 ..
                                    > > -rwxr-xr-x 1 root root 884 Feb 20 2006 libanonymous.la
                                    > > -rwxr-xr-x 1 root root 14668 Feb 20 2006 libanonymous.so
                                    > > -rwxr-xr-x 1 root root 14668 Feb 20 2006 libanonymous.so.2
                                    > > -rwxr-xr-x 1 root root 14668 Feb 20 2006 libanonymous.so.2.0.21
                                    > > -rwxr-xr-x 1 root root 856 Feb 20 2006 liblogin.la
                                    > > -rwxr-xr-x 1 root root 15080 Feb 20 2006 liblogin.so
                                    > > -rwxr-xr-x 1 root root 15080 Feb 20 2006 liblogin.so.2
                                    > > -rwxr-xr-x 1 root root 15080 Feb 20 2006 liblogin.so.2.0.21
                                    > > -rwxr-xr-x 1 root root 856 Feb 20 2006 libplain.la
                                    > > -rwxr-xr-x 1 root root 15144 Feb 20 2006 libplain.so
                                    > > -rwxr-xr-x 1 root root 15144 Feb 20 2006 libplain.so.2
                                    > > -rwxr-xr-x 1 root root 15144 Feb 20 2006 libplain.so.2.0.21
                                    > > -rwxr-xr-x 1 root root 941 Feb 20 2006 libsasldb.la
                                    > > -rwxr-xr-x 1 root root 909324 Feb 20 2006 libsasldb.so
                                    > > -rwxr-xr-x 1 root root 909324 Feb 20 2006 libsasldb.so.2
                                    > > -rwxr-xr-x 1 root root 909324 Feb 20 2006 libsasldb.so.2.0.21
                                    > > -rw-r--r-- 1 root root 262 Sep 29 20:07 sample.conf
                                    > > -rw-r--r-- 1 root root 262 Sep 29 20:07 smtpd.conf
                                    > > -rw-r--r-- 1 root root 275 Sep 29 20:07 smtpd.conf~
                                    > >
                                    > >
                                    > >
                                    > >
                                    > > -- content of /usr/lib/sasl/smtpd.conf --
                                    > > pwcheck_method: saslauthd
                                    > > saslauthd_version: 2
                                    > >
                                    > > -- content of /usr/lib/sasl2/smtpd.conf --
                                    > > log_level: 3
                                    > >
                                    > > pwcheck_method: auxprop
                                    > >
                                    > > auxprop_plugin: sql
                                    > > mech_list: plain login
                                    > > sql_engine: mysql
                                    > > sql_hostnames: 127.0.0.1
                                    > > sql_user: --- replaced ---
                                    > > sql_passwd: --- replaced ---
                                    > > sql_database: dbmail
                                    > > sql_select: select passwd from dbmail_users where userid = '%u' and
                                    >passwd=
                                    > > '%r'
                                    > >
                                    > > -- active services in /etc/postfix/master.cf --
                                    > > # service type private unpriv chroot wakeup maxproc command + args
                                    > > # (yes) (yes) (yes) (never) (100)
                                    > > smtp inet n - n - - smtpd
                                    > > pickup fifo n - n 60 1 pickup
                                    > > cleanup unix n - n - 0 cleanup
                                    > > qmgr fifo n - n 300 1 qmgr
                                    > > tlsmgr unix - - n 1000? 1 tlsmgr
                                    > > rewrite unix - - n - - trivial-rewrite
                                    > > bounce unix - - n - 0 bounce
                                    > > defer unix - - n - 0 bounce
                                    > > trace unix - - n - 0 bounce
                                    > > verify unix - - n - 1 verify
                                    > > flush unix n - n 1000? 0 flush
                                    > > proxymap unix - - n - - proxymap
                                    > > smtp unix - - n - - smtp
                                    > > relay unix - - n - - smtp
                                    > > -o fallback_relay=
                                    > > showq unix n - n - - showq
                                    > > error unix - - n - - error
                                    > > discard unix - - n - - discard
                                    > > local unix - n n - - local
                                    > > virtual unix - n n - - virtual
                                    > > lmtp unix - - n - - lmtp
                                    > > anvil unix - - n - 1 anvil
                                    > > scache unix - - n - 1 scache
                                    > >
                                    > >
                                    > > dbmail-lmtp unix - - n - - lmtp -v
                                    > >
                                    > > maildrop unix - n n - - pipe
                                    > > flags=DRhu user=vmail argv=/usr/local/bin/maildrop -d ${recipient}
                                    > >
                                    > >
                                    > > old-cyrus unix - n n - - pipe
                                    > > flags=R user=cyrus argv=/usr/lib/cyrus-imapd/deliver -e -m ${extension}
                                    > > ${user}
                                    > > cyrus unix - n n - - pipe
                                    > > user=cyrus argv=/usr/lib/cyrus-imapd/deliver -e -r ${sender} -m
                                    > > ${extension} ${user}
                                    > > uucp unix - n n - - pipe
                                    > > flags=Fqhu user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail
                                    > > ($recipient)
                                    > > ifmail unix - n n - - pipe
                                    > > flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient)
                                    > > bsmtp unix - n n - - pipe
                                    > > flags=Fq. user=foo argv=/usr/local/sbin/bsmtp -f $sender $nexthop
                                    >$recipient
                                    > >
                                    > > -- mechanisms on localhost --
                                    > > 250-AUTH LOGIN PLAIN
                                    > > 250-AUTH=LOGIN PLAIN
                                    > >
                                    > > -- end of saslfinger output --
                                    > >
                                    > > I appreciate any feedback...I don't know what to try next..
                                    >
                                    >Follow the advice I gave in my previous mails? You, for example, don't have
                                    >libsql* in /usr/lib/sasl2. Check my mails and mousses config advice for
                                    >smtpd.conf. Everything you need has been described.
                                    >
                                    >p@rick
                                    >
                                    >--
                                    >The Book of Postfix
                                    ><http://www.postfix-book.com>
                                    >saslfinger (debugging SMTP AUTH):
                                    ><http://postfix.state-of-mind.de/patrick.koetter/saslfinger/>

                                    I thought the `/usr/sbin/postconf -h /etc/init.d`/smtpd, was using single
                                    quotes, my mistake...

                                    It looks like my problem is that I have been compiling SASL into Postfix
                                    from source RPM's by changing configuration options in the postfix.spec
                                    file...

                                    I know this may not be a Postfix issue but can it be done this way? I am
                                    using Fedora Core 5.


                                    Jim
                                  • Jim Douglas
                                    ... I reviewed the emails, downloaded and configured SASL, there was no libsql*..... ..so after installing I created the link, ln -s /usr/local/lib/sasl2
                                    Message 17 of 24 , Sep 30, 2006
                                    • 0 Attachment
                                      >From: Patrick Ben Koetter <p@...>
                                      >To: postfix-users@...
                                      >Subject: Re: login username / different domain
                                      >Date: Sat, 30 Sep 2006 10:09:08 +0200
                                      >
                                      >* Jim Douglas <jdz99@...>:
                                      > > >If you find this (see the arrow ->) in your output (see the command)
                                      >then
                                      > > >everything is okay:
                                      > > >
                                      > > >$ ldd `/usr/sbin/postconf -h daemon_directory`/smtpd
                                      > > > linux-gate.so.1 => (0xb7f18000)
                                      > > > libpcre.so.0 => /lib/libpcre.so.0 (0x00abe000)
                                      > > > libmysqlclient.so.10 => /usr/lib/mysql/libmysqlclient.so.10
                                      > > >(0x008a7000)
                                      > > > libm.so.6 => /lib/tls/libm.so.6 (0x0061c000)
                                      > > >---> libsasl2.so.2 => /usr/lib/libsasl2.so.2 (0x00891000)
                                      > > > libssl.so.4 => /lib/libssl.so.4 (0x0085b000)
                                      > > > libcrypto.so.4 => /lib/libcrypto.so.4 (0x006e6000)
                                      > > > libgssapi_krb5.so.2 => /usr/lib/libgssapi_krb5.so.2
                                      >(0x006d0000)
                                      > > > libkrb5.so.3 => /usr/lib/libkrb5.so.3 (0x007d1000)
                                      > > > libcom_err.so.2 => /lib/libcom_err.so.2 (0x006b3000)
                                      > > > libk5crypto.so.3 => /usr/lib/libk5crypto.so.3 (0x00838000)
                                      > > > libresolv.so.2 => /lib/libresolv.so.2 (0x0069d000)
                                      > > > libdl.so.2 => /lib/libdl.so.2 (0x00641000)
                                      > > > libz.so.1 => /usr/lib/libz.so.1 (0x00647000)
                                      > > > libdb-4.2.so => /lib/tls/i686/libdb-4.2.so (0x009ee000)
                                      > > > libnsl.so.1 => /lib/libnsl.so.1 (0x006b8000)
                                      > > > libc.so.6 => /lib/tls/libc.so.6 (0x004ef000)
                                      > > > libcrypt.so.1 => /lib/libcrypt.so.1 (0x0066d000)
                                      > > > /lib/ld-linux.so.2 (0x004d5000)
                                      > > > libpthread.so.0 => /lib/tls/libpthread.so.0 (0x00659000)
                                      > > >
                                      >
                                      >If you compare your statement below with mine above, then WHERE in my
                                      >example
                                      >did I specify "/etc/init.d" to be part of the command?
                                      >
                                      >
                                      > > I couldn't get this command to run,
                                      > > ldd `/usr/sbin/postconf -h /etc/init.d`/smtpd
                                      > > it said,
                                      > > ldd: /usr/sbin/postconf -h /etc/init.d/smtpd "No such file or directory"
                                      > >
                                      > > I tried the following,
                                      > > sals2-sample-server -s rcmd -p 8000 (I tried a number os sockets)
                                      > > ..and I get,
                                      > >
                                      > > trying 10, 1, 6
                                      > > trying 2, 1, 6
                                      > > bind: Address already in use
                                      > > couldn't bind to any socket.
                                      > >
                                      > > I run saslfinger and I see,
                                      > > -- smtpd is linked to --
                                      > > libsasl2.so.2 => /usr/lib/libsasl2.so.2 (0x0013f000)
                                      > > ...so it looks like I compiled Postfix/SASL ok...
                                      >
                                      >yes.
                                      >
                                      >
                                      > > ..here's the rest of the output..
                                      > >
                                      > > saslfinger - postfix Cyrus sasl configuration Fri Sep 29 21:29:35 EDT
                                      >2006
                                      > > version: 1.0
                                      > > mode: server-side SMTP AUTH
                                      > >
                                      > > -- basics --
                                      > > Postfix: 2.3.3
                                      > > System: Fedora Core release 5 (Bordeaux)
                                      > > -- smtpd is linked to --
                                      > > libsasl2.so.2 => /usr/lib/libsasl2.so.2 (0x0013f000)
                                      > >
                                      > > -- active SMTP AUTH and TLS parameters for smtpd --
                                      > > broken_sasl_auth_clients = yes
                                      > > smtpd_sasl_auth_enable = yes
                                      > > smtpd_sasl_authenticated_header = yes
                                      > > smtpd_sasl_local_domain =
                                      > > smtpd_sasl_security_options = noanonymous
                                      > >
                                      > >
                                      > > -- listing of /usr/lib/sasl --
                                      > > total 124
                                      > > drwxr-xr-x 2 root root 4096 Sep 29 14:31 .
                                      > > drwxr-xr-x 125 root root 110592 Sep 29 17:13 ..
                                      > > -rw-r--r-- 1 root root 47 Sep 29 14:03 smtpd.conf
                                      > >
                                      > > -- listing of /usr/lib/sasl2 --
                                      > > total 3048
                                      > > drwxr-xr-x 2 root root 4096 Sep 29 20:07 .
                                      > > drwxr-xr-x 125 root root 110592 Sep 29 17:13 ..
                                      > > -rwxr-xr-x 1 root root 884 Feb 20 2006 libanonymous.la
                                      > > -rwxr-xr-x 1 root root 14668 Feb 20 2006 libanonymous.so
                                      > > -rwxr-xr-x 1 root root 14668 Feb 20 2006 libanonymous.so.2
                                      > > -rwxr-xr-x 1 root root 14668 Feb 20 2006 libanonymous.so.2.0.21
                                      > > -rwxr-xr-x 1 root root 856 Feb 20 2006 liblogin.la
                                      > > -rwxr-xr-x 1 root root 15080 Feb 20 2006 liblogin.so
                                      > > -rwxr-xr-x 1 root root 15080 Feb 20 2006 liblogin.so.2
                                      > > -rwxr-xr-x 1 root root 15080 Feb 20 2006 liblogin.so.2.0.21
                                      > > -rwxr-xr-x 1 root root 856 Feb 20 2006 libplain.la
                                      > > -rwxr-xr-x 1 root root 15144 Feb 20 2006 libplain.so
                                      > > -rwxr-xr-x 1 root root 15144 Feb 20 2006 libplain.so.2
                                      > > -rwxr-xr-x 1 root root 15144 Feb 20 2006 libplain.so.2.0.21
                                      > > -rwxr-xr-x 1 root root 941 Feb 20 2006 libsasldb.la
                                      > > -rwxr-xr-x 1 root root 909324 Feb 20 2006 libsasldb.so
                                      > > -rwxr-xr-x 1 root root 909324 Feb 20 2006 libsasldb.so.2
                                      > > -rwxr-xr-x 1 root root 909324 Feb 20 2006 libsasldb.so.2.0.21
                                      > > -rw-r--r-- 1 root root 262 Sep 29 20:07 sample.conf
                                      > > -rw-r--r-- 1 root root 262 Sep 29 20:07 smtpd.conf
                                      > > -rw-r--r-- 1 root root 275 Sep 29 20:07 smtpd.conf~
                                      > >
                                      > >
                                      > >
                                      > >
                                      > > -- content of /usr/lib/sasl/smtpd.conf --
                                      > > pwcheck_method: saslauthd
                                      > > saslauthd_version: 2
                                      > >
                                      > > -- content of /usr/lib/sasl2/smtpd.conf --
                                      > > log_level: 3
                                      > >
                                      > > pwcheck_method: auxprop
                                      > >
                                      > > auxprop_plugin: sql
                                      > > mech_list: plain login
                                      > > sql_engine: mysql
                                      > > sql_hostnames: 127.0.0.1
                                      > > sql_user: --- replaced ---
                                      > > sql_passwd: --- replaced ---
                                      > > sql_database: dbmail
                                      > > sql_select: select passwd from dbmail_users where userid = '%u' and
                                      >passwd=
                                      > > '%r'
                                      > >
                                      > > -- active services in /etc/postfix/master.cf --
                                      > > # service type private unpriv chroot wakeup maxproc command + args
                                      > > # (yes) (yes) (yes) (never) (100)
                                      > > smtp inet n - n - - smtpd
                                      > > pickup fifo n - n 60 1 pickup
                                      > > cleanup unix n - n - 0 cleanup
                                      > > qmgr fifo n - n 300 1 qmgr
                                      > > tlsmgr unix - - n 1000? 1 tlsmgr
                                      > > rewrite unix - - n - - trivial-rewrite
                                      > > bounce unix - - n - 0 bounce
                                      > > defer unix - - n - 0 bounce
                                      > > trace unix - - n - 0 bounce
                                      > > verify unix - - n - 1 verify
                                      > > flush unix n - n 1000? 0 flush
                                      > > proxymap unix - - n - - proxymap
                                      > > smtp unix - - n - - smtp
                                      > > relay unix - - n - - smtp
                                      > > -o fallback_relay=
                                      > > showq unix n - n - - showq
                                      > > error unix - - n - - error
                                      > > discard unix - - n - - discard
                                      > > local unix - n n - - local
                                      > > virtual unix - n n - - virtual
                                      > > lmtp unix - - n - - lmtp
                                      > > anvil unix - - n - 1 anvil
                                      > > scache unix - - n - 1 scache
                                      > >
                                      > >
                                      > > dbmail-lmtp unix - - n - - lmtp -v
                                      > >
                                      > > maildrop unix - n n - - pipe
                                      > > flags=DRhu user=vmail argv=/usr/local/bin/maildrop -d ${recipient}
                                      > >
                                      > >
                                      > > old-cyrus unix - n n - - pipe
                                      > > flags=R user=cyrus argv=/usr/lib/cyrus-imapd/deliver -e -m ${extension}
                                      > > ${user}
                                      > > cyrus unix - n n - - pipe
                                      > > user=cyrus argv=/usr/lib/cyrus-imapd/deliver -e -r ${sender} -m
                                      > > ${extension} ${user}
                                      > > uucp unix - n n - - pipe
                                      > > flags=Fqhu user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail
                                      > > ($recipient)
                                      > > ifmail unix - n n - - pipe
                                      > > flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient)
                                      > > bsmtp unix - n n - - pipe
                                      > > flags=Fq. user=foo argv=/usr/local/sbin/bsmtp -f $sender $nexthop
                                      >$recipient
                                      > >
                                      > > -- mechanisms on localhost --
                                      > > 250-AUTH LOGIN PLAIN
                                      > > 250-AUTH=LOGIN PLAIN
                                      > >
                                      > > -- end of saslfinger output --
                                      > >
                                      > > I appreciate any feedback...I don't know what to try next..
                                      >
                                      >Follow the advice I gave in my previous mails? You, for example, don't have
                                      >libsql* in /usr/lib/sasl2. Check my mails and mousses config advice for
                                      >smtpd.conf. Everything you need has been described.
                                      >
                                      >p@rick
                                      >
                                      >--
                                      >The Book of Postfix
                                      ><http://www.postfix-book.com>
                                      >saslfinger (debugging SMTP AUTH):
                                      ><http://postfix.state-of-mind.de/patrick.koetter/saslfinger/>

                                      I reviewed the emails, downloaded and configured SASL, there was no
                                      libsql*.....

                                      ..so after installing I created the link,

                                      ln -s /usr/local/lib/sasl2 /usr/local/sasl2

                                      ..made sure this was in syslogs.conf

                                      auth.* /var/log/auth
                                      (no output to the log file)

                                      Then I did this again,
                                      touch /usr/lib/sasl2.smptd.conf
                                      chmod 644 /usr/lib/sasl2/smptd.conf

                                      There was a copy of smptd.conf in this dir also so I copied the config
                                      setting here also, then,
                                      touch /usr/lib/sasl/smptd.conf
                                      chmod 644 /usr/lib/sasl/smptd.conf

                                      this is the smptd.conf,
                                      log_level: 3

                                      pwcheck_method: auxprop

                                      auxprop_plugin: sql
                                      mech_list: plain login
                                      sql_engine: mysql
                                      sql_hostnames: 127.0.0.1
                                      sql_user: root
                                      sql_passwd: mypassword
                                      sql_database: dbmail
                                      sql_select: select passwd from dbmail_users where userid = '%u' and passwd=
                                      '%r'

                                      then, in while in the /usr/lib/sasl2 dir

                                      ln -s smptd.conf sample.conf

                                      ....and still, when I try,

                                      sasl2-sample-server -s rcmd -p 8000 I get,
                                      trying 10, 1, 6
                                      trying 2, 1, 6
                                      bind: Address already in use
                                      Couldn't bind to any address

                                      when I try another port I get,
                                      sasl2-sample-server -s rcmd -p 8010 I get,
                                      trying 10, 1, 6
                                      trying 2, 1, 6
                                      bind: Address already in use

                                      ...and nothing happens, I have to <ctrl c> to exit,

                                      ..entering this,
                                      sasl2-sample-client -s rcmd -p 8000 -m PLAIN 127.0.0.1

                                      Nothing happens I have to <ctrl c> to exit,

                                      ...this is what I have in main.cf,

                                      smtpd_sasl_auth_enable = yes
                                      smtpd_sasl_security_options = noanonymous
                                      smtpd_sasl_local_domain =
                                      smtpd_sasl_authenticated_header = yes
                                      smtpd_recipient_restrictions = permit_mynetworks permit_sasl_authenticated
                                      broken_sasl_auth_clients = yes

                                      (MySQL is definately running on localhost, and I can login)

                                      I have reviewed the steps many times at this point and really appreciate
                                      your feedback.

                                      Thanks,
                                      Jim
                                    • Patrick Ben Koetter
                                      ... A Typo? smptd.conf should be smtpd.conf ! ... A Typo? smptd.conf should be smtpd.conf ! ... Looks like you re hung up on that typo... ;) ... It always
                                      Message 18 of 24 , Sep 30, 2006
                                      • 0 Attachment
                                        * Jim Douglas <jdz99@...>:
                                        > I reviewed the emails, downloaded and configured SASL, there was no
                                        > libsql*.....
                                        >
                                        > ..so after installing I created the link,
                                        >
                                        > ln -s /usr/local/lib/sasl2 /usr/local/sasl2
                                        >
                                        > ..made sure this was in syslogs.conf
                                        >
                                        > auth.* /var/log/auth
                                        > (no output to the log file)
                                        >
                                        > Then I did this again,
                                        > touch /usr/lib/sasl2.smptd.conf
                                        > chmod 644 /usr/lib/sasl2/smptd.conf

                                        A Typo?
                                        smptd.conf should be smtpd.conf !


                                        > There was a copy of smptd.conf in this dir also so I copied the config
                                        > setting here also, then,
                                        > touch /usr/lib/sasl/smptd.conf
                                        > chmod 644 /usr/lib/sasl/smptd.conf

                                        A Typo?
                                        smptd.conf should be smtpd.conf !

                                        > this is the smptd.conf,
                                        > log_level: 3
                                        >
                                        > pwcheck_method: auxprop
                                        >
                                        > auxprop_plugin: sql
                                        > mech_list: plain login
                                        > sql_engine: mysql
                                        > sql_hostnames: 127.0.0.1
                                        > sql_user: root
                                        > sql_passwd: mypassword
                                        > sql_database: dbmail
                                        > sql_select: select passwd from dbmail_users where userid = '%u' and passwd=
                                        > '%r'
                                        >
                                        > then, in while in the /usr/lib/sasl2 dir
                                        >
                                        > ln -s smptd.conf sample.conf

                                        Looks like you're hung up on that typo... ;)


                                        > ....and still, when I try,
                                        >
                                        > sasl2-sample-server -s rcmd -p 8000 I get,
                                        > trying 10, 1, 6
                                        > trying 2, 1, 6
                                        > bind: Address already in use
                                        > Couldn't bind to any address
                                        >
                                        > when I try another port I get,
                                        > sasl2-sample-server -s rcmd -p 8010 I get,
                                        > trying 10, 1, 6
                                        > trying 2, 1, 6
                                        > bind: Address already in use

                                        It always complains about that. You can ignore it safely.


                                        > ...and nothing happens, I have to <ctrl c> to exit,

                                        yep. that's regular procedure too.


                                        > ..entering this,
                                        > sasl2-sample-client -s rcmd -p 8000 -m PLAIN 127.0.0.1

                                        With server on port 8010 or 8000?


                                        > Nothing happens I have to <ctrl c> to exit,
                                        >
                                        > ...this is what I have in main.cf,
                                        >
                                        > smtpd_sasl_auth_enable = yes
                                        > smtpd_sasl_security_options = noanonymous
                                        > smtpd_sasl_local_domain =
                                        > smtpd_sasl_authenticated_header = yes
                                        > smtpd_recipient_restrictions = permit_mynetworks permit_sasl_authenticated
                                        > broken_sasl_auth_clients = yes

                                        That's okay.


                                        > (MySQL is definately running on localhost, and I can login)

                                        On localhost or on 127.0.0.1? (Yes, there may be a difference in MySQL...)

                                        As sql_user: root with sql_passwd: mypassword (you shouldn't be using root, by
                                        the way...)


                                        > I have reviewed the steps many times at this point and really appreciate
                                        > your feedback.

                                        Okay. Check the smptd-typo, which should be smtpd.conf. Then check if libsql
                                        is there now and send saslfinger -s output to reflect the current state.

                                        You should be able to see sasl2-sample-server and -client communicating with
                                        each other when you start the server and connect to it from a different
                                        terminal window.

                                        If you start sasl2-sample-server without binding it to any mechanism as well
                                        start the client without "-m PLAIN", then the client should tell you all
                                        mechanisms the server offered, which should be what you have in smtpd.conf.
                                        That's a good way to verify, smtpd.conf gets read...

                                        p@rick


                                        --
                                        The Book of Postfix
                                        <http://www.postfix-book.com>
                                        saslfinger (debugging SMTP AUTH):
                                        <http://postfix.state-of-mind.de/patrick.koetter/saslfinger/>
                                      • Jim Douglas
                                        ... Yes, it s a typo it is spelled correctly except in this email... ... MySQL is ok on localhost and 127.0.0.1... root is just till I get things working..
                                        Message 19 of 24 , Oct 1, 2006
                                        • 0 Attachment
                                          >From: Patrick Ben Koetter <p@...>
                                          >To: postfix-users@...
                                          >Subject: Re: login username / different domain
                                          >Date: Sat, 30 Sep 2006 23:37:54 +0200
                                          >
                                          >* Jim Douglas <jdz99@...>:
                                          > > I reviewed the emails, downloaded and configured SASL, there was no
                                          > > libsql*.....
                                          > >
                                          > > ..so after installing I created the link,
                                          > >
                                          > > ln -s /usr/local/lib/sasl2 /usr/local/sasl2
                                          > >
                                          > > ..made sure this was in syslogs.conf
                                          > >
                                          > > auth.* /var/log/auth
                                          > > (no output to the log file)
                                          > >
                                          > > Then I did this again,
                                          > > touch /usr/lib/sasl2.smptd.conf
                                          > > chmod 644 /usr/lib/sasl2/smptd.conf
                                          >
                                          >A Typo?
                                          >smptd.conf should be smtpd.conf !

                                          Yes, it's a typo it is spelled correctly except in this email...

                                          >
                                          >
                                          > > There was a copy of smptd.conf in this dir also so I copied the config
                                          > > setting here also, then,
                                          > > touch /usr/lib/sasl/smptd.conf
                                          > > chmod 644 /usr/lib/sasl/smptd.conf
                                          >
                                          >A Typo?
                                          >smptd.conf should be smtpd.conf !
                                          >
                                          > > this is the smptd.conf,
                                          > > log_level: 3
                                          > >
                                          > > pwcheck_method: auxprop
                                          > >
                                          > > auxprop_plugin: sql
                                          > > mech_list: plain login
                                          > > sql_engine: mysql
                                          > > sql_hostnames: 127.0.0.1
                                          > > sql_user: root
                                          > > sql_passwd: mypassword
                                          > > sql_database: dbmail
                                          > > sql_select: select passwd from dbmail_users where userid = '%u' and
                                          >passwd=
                                          > > '%r'
                                          > >
                                          > > then, in while in the /usr/lib/sasl2 dir
                                          > >
                                          > > ln -s smptd.conf sample.conf
                                          >
                                          >Looks like you're hung up on that typo... ;)
                                          >
                                          >
                                          > > ....and still, when I try,
                                          > >
                                          > > sasl2-sample-server -s rcmd -p 8000 I get,
                                          > > trying 10, 1, 6
                                          > > trying 2, 1, 6
                                          > > bind: Address already in use
                                          > > Couldn't bind to any address
                                          > >
                                          > > when I try another port I get,
                                          > > sasl2-sample-server -s rcmd -p 8010 I get,
                                          > > trying 10, 1, 6
                                          > > trying 2, 1, 6
                                          > > bind: Address already in use
                                          >
                                          >It always complains about that. You can ignore it safely.
                                          >
                                          >
                                          > > ...and nothing happens, I have to <ctrl c> to exit,
                                          >
                                          >yep. that's regular procedure too.
                                          >
                                          >
                                          > > ..entering this,
                                          > > sasl2-sample-client -s rcmd -p 8000 -m PLAIN 127.0.0.1
                                          >
                                          >With server on port 8010 or 8000?
                                          >
                                          >
                                          > > Nothing happens I have to <ctrl c> to exit,
                                          > >
                                          > > ...this is what I have in main.cf,
                                          > >
                                          > > smtpd_sasl_auth_enable = yes
                                          > > smtpd_sasl_security_options = noanonymous
                                          > > smtpd_sasl_local_domain =
                                          > > smtpd_sasl_authenticated_header = yes
                                          > > smtpd_recipient_restrictions = permit_mynetworks
                                          >permit_sasl_authenticated
                                          > > broken_sasl_auth_clients = yes
                                          >
                                          >That's okay.
                                          >
                                          >
                                          > > (MySQL is definately running on localhost, and I can login)
                                          >
                                          >On localhost or on 127.0.0.1? (Yes, there may be a difference in MySQL...)
                                          >
                                          >As sql_user: root with sql_passwd: mypassword (you shouldn't be using root,
                                          >by
                                          >the way...)

                                          MySQL is ok on localhost and 127.0.0.1..."root" is just till I get things
                                          working..

                                          >
                                          >
                                          > > I have reviewed the steps many times at this point and really appreciate
                                          > > your feedback.
                                          >
                                          >Okay. Check the smptd-typo, which should be smtpd.conf. Then check if
                                          >libsql
                                          >is there now and send saslfinger -s output to reflect the current state.

                                          libsql is in /usr/local/lib/sasl2 and I linked them, like so,
                                          ln -s /usr/local/lib/sasl2 /usr/lib/sasl2


                                          >
                                          >You should be able to see sasl2-sample-server and -client communicating
                                          >with
                                          >each other when you start the server and connect to it from a different
                                          >terminal window.

                                          sasl2-sample-server -s rcmd -p 8000 returns,
                                          trying 10, 1, 6
                                          bind: Address already in use
                                          trying 2, 1, 6
                                          bind: Address already in use
                                          Couldn't bind to any socket

                                          When I run in a second window and enter,
                                          sasl2-sample-client -s rcmd -p 8000 -m PLAIN 127.0.0.1

                                          Nothing happens....

                                          >
                                          >If you start sasl2-sample-server without binding it to any mechanism as
                                          >well
                                          >start the client without "-m PLAIN", then the client should tell you all
                                          >mechanisms the server offered, which should be what you have in smtpd.conf.

                                          sasl2-sample-server returns,
                                          trying 10, 1, 6
                                          bind: Address already in use
                                          trying 2, 1, 6
                                          bind: Address already in use
                                          Couldn't bind to any socket

                                          ...without the -m PLAIN I get,
                                          usage: client [-p port] [-s service] [-m mech] [-p port] host


                                          saslfiger -s output...

                                          saslfinger - postfix Cyrus sasl configuration Sun Oct 1 09:44:44 EDT 2006
                                          version: 1.0
                                          mode: server-side SMTP AUTH

                                          -- basics --
                                          Postfix: 2.3.3
                                          System: Fedora Core release 5 (Bordeaux)

                                          -- smtpd is linked to --
                                          libsasl2.so.2 => /usr/lib/libsasl2.so.2 (0x00409000)

                                          -- active SMTP AUTH and TLS parameters for smtpd --
                                          broken_sasl_auth_clients = yes
                                          smtpd_sasl_auth_enable = yes
                                          smtpd_sasl_authenticated_header = yes
                                          smtpd_sasl_local_domain =
                                          smtpd_sasl_security_options = noanonymous


                                          -- listing of /usr/lib/sasl --
                                          total 132
                                          drwxr-xr-x 2 root root 4096 Sep 30 14:26 .
                                          drwxr-xr-x 125 root root 110592 Sep 30 14:13 ..
                                          -rw-r--r-- 1 root root 0 Sep 30 14:23 smptd.conf
                                          -rw-r--r-- 1 root root 263 Sep 30 14:26 smtpd.conf
                                          -rw-r--r-- 1 root root 263 Sep 30 14:15 smtpd.conf~
                                          -rw-r--r-- 1 root root 263 Sep 30 13:18 smtpd.conf.rpmsave

                                          -- listing of /usr/lib/sasl2 --
                                          total 3060
                                          drwxr-xr-x 2 root root 4096 Oct 1 09:44 .
                                          drwxr-xr-x 125 root root 110592 Sep 30 14:13 ..
                                          -rwxr-xr-x 1 root root 884 Feb 20 2006 libanonymous.la
                                          -rwxr-xr-x 1 root root 14668 Feb 20 2006 libanonymous.so
                                          -rwxr-xr-x 1 root root 14668 Feb 20 2006 libanonymous.so.2
                                          -rwxr-xr-x 1 root root 14668 Feb 20 2006 libanonymous.so.2.0.21
                                          -rwxr-xr-x 1 root root 856 Feb 20 2006 liblogin.la
                                          -rwxr-xr-x 1 root root 15080 Feb 20 2006 liblogin.so
                                          -rwxr-xr-x 1 root root 15080 Feb 20 2006 liblogin.so.2
                                          -rwxr-xr-x 1 root root 15080 Feb 20 2006 liblogin.so.2.0.21
                                          -rwxr-xr-x 1 root root 856 Feb 20 2006 libplain.la
                                          -rwxr-xr-x 1 root root 15144 Feb 20 2006 libplain.so
                                          -rwxr-xr-x 1 root root 15144 Feb 20 2006 libplain.so.2
                                          -rwxr-xr-x 1 root root 15144 Feb 20 2006 libplain.so.2.0.21
                                          -rwxr-xr-x 1 root root 941 Feb 20 2006 libsasldb.la
                                          -rwxr-xr-x 1 root root 909324 Feb 20 2006 libsasldb.so
                                          -rwxr-xr-x 1 root root 909324 Feb 20 2006 libsasldb.so.2
                                          -rwxr-xr-x 1 root root 909324 Feb 20 2006 libsasldb.so.2.0.21
                                          -rw-r--r-- 1 root root 0 Sep 30 14:27 out
                                          -rw-r--r-- 1 root root 890 Oct 1 09:44 output.txt
                                          -rw-r--r-- 1 root root 0 Sep 30 14:27 out.txt
                                          -rw-r--r-- 1 root root 26 Sep 29 14:03 sample.conf
                                          drwxr-xr-x 2 root root 4096 Sep 30 13:35 sasl2
                                          -rw-r--r-- 1 root root 0 Sep 30 14:23 smptd.conf
                                          -rw-r--r-- 1 root root 26 Sep 29 14:03 smtpd.conf
                                          -rw-r--r-- 1 root root 275 Sep 29 20:07 smtpd.conf~
                                          -rw-r--r-- 1 root root 262 Sep 29 20:07 smtpd.conf.rpmsave
                                          -rw-r--r-- 1 root root 0 Sep 30 12:53 test

                                          -- listing of /usr/local/lib/sasl2 --
                                          total 2280
                                          drwxr-xr-x 2 root root 4096 Sep 30 13:35 .
                                          drwxr-xr-x 4 root root 4096 Sep 30 13:35 ..
                                          -rwxr-xr-x 1 root root 695 Sep 30 13:35 libanonymous.la
                                          -rwxr-xr-x 1 root root 55287 Sep 30 13:35 libanonymous.so
                                          -rwxr-xr-x 1 root root 55287 Sep 30 13:35 libanonymous.so.2
                                          -rwxr-xr-x 1 root root 55287 Sep 30 13:35 libanonymous.so.2.0.22
                                          -rwxr-xr-x 1 root root 683 Sep 30 13:34 libcrammd5.la
                                          -rwxr-xr-x 1 root root 61405 Sep 30 13:34 libcrammd5.so
                                          -rwxr-xr-x 1 root root 61405 Sep 30 13:34 libcrammd5.so.2
                                          -rwxr-xr-x 1 root root 61405 Sep 30 13:34 libcrammd5.so.2.0.22
                                          -rwxr-xr-x 1 root root 713 Sep 30 13:34 libdigestmd5.la
                                          -rwxr-xr-x 1 root root 126446 Sep 30 13:34 libdigestmd5.so
                                          -rwxr-xr-x 1 root root 126446 Sep 30 13:34 libdigestmd5.so.2
                                          -rwxr-xr-x 1 root root 126446 Sep 30 13:34 libdigestmd5.so.2.0.22
                                          -rwxr-xr-x 1 root root 763 Sep 30 13:34 libgssapiv2.la
                                          -rwxr-xr-x 1 root root 79626 Sep 30 13:34 libgssapiv2.so
                                          -rwxr-xr-x 1 root root 79626 Sep 30 13:34 libgssapiv2.so.2
                                          -rwxr-xr-x 1 root root 79626 Sep 30 13:34 libgssapiv2.so.2.0.22
                                          -rwxr-xr-x 1 root root 679 Sep 30 13:35 liblogin.la
                                          -rwxr-xr-x 1 root root 56483 Sep 30 13:35 liblogin.so
                                          -rwxr-xr-x 1 root root 56483 Sep 30 13:35 liblogin.so.2
                                          -rwxr-xr-x 1 root root 56483 Sep 30 13:35 liblogin.so.2.0.22
                                          -rwxr-xr-x 1 root root 668 Sep 30 13:34 libotp.la
                                          -rwxr-xr-x 1 root root 121082 Sep 30 13:34 libotp.so
                                          -rwxr-xr-x 1 root root 121082 Sep 30 13:34 libotp.so.2
                                          -rwxr-xr-x 1 root root 121082 Sep 30 13:34 libotp.so.2.0.22
                                          -rwxr-xr-x 1 root root 679 Sep 30 13:34 libplain.la
                                          -rwxr-xr-x 1 root root 56941 Sep 30 13:34 libplain.so
                                          -rwxr-xr-x 1 root root 56941 Sep 30 13:34 libplain.so.2
                                          -rwxr-xr-x 1 root root 56941 Sep 30 13:34 libplain.so.2.0.22
                                          -rwxr-xr-x 1 root root 704 Sep 30 13:34 libsasldb.la
                                          -rwxr-xr-x 1 root root 98065 Sep 30 13:34 libsasldb.so
                                          -rwxr-xr-x 1 root root 98065 Sep 30 13:34 libsasldb.so.2
                                          -rwxr-xr-x 1 root root 98065 Sep 30 13:34 libsasldb.so.2.0.22
                                          -rwxr-xr-x 1 root root 690 Sep 30 13:35 libsql.la
                                          -rwxr-xr-x 1 root root 59571 Sep 30 13:35 libsql.so
                                          -rwxr-xr-x 1 root root 59571 Sep 30 13:35 libsql.so.2
                                          -rwxr-xr-x 1 root root 59571 Sep 30 13:35 libsql.so.2.0.22




                                          -- content of /usr/lib/sasl/smtpd.conf --
                                          log_level: 3

                                          pwcheck_method: auxprop

                                          auxprop_plugin: sql
                                          mech_list: PLAIN LOGIN
                                          sql_engine: mysql
                                          sql_hostnames: 127.0.0.1
                                          sql_user: --- replaced ---
                                          sql_passwd: --- replaced ---
                                          sql_database: dbmail
                                          sql_select: select passwd from dbmail_users where userid = '%u' and passwd=
                                          '%r'

                                          -- content of /usr/lib/sasl2/smtpd.conf --
                                          pwcheck_method: saslauthd


                                          -- active services in /etc/postfix/master.cf --
                                          # service type private unpriv chroot wakeup maxproc command + args
                                          # (yes) (yes) (yes) (never) (100)
                                          smtp inet n - n - - smtpd
                                          pickup fifo n - n 60 1 pickup
                                          cleanup unix n - n - 0 cleanup
                                          qmgr fifo n - n 300 1 qmgr
                                          tlsmgr unix - - n 1000? 1 tlsmgr
                                          rewrite unix - - n - - trivial-rewrite
                                          bounce unix - - n - 0 bounce
                                          defer unix - - n - 0 bounce
                                          trace unix - - n - 0 bounce
                                          verify unix - - n - 1 verify
                                          flush unix n - n 1000? 0 flush
                                          proxymap unix - - n - - proxymap
                                          smtp unix - - n - - smtp
                                          relay unix - - n - - smtp
                                          -o fallback_relay=
                                          showq unix n - n - - showq
                                          error unix - - n - - error
                                          discard unix - - n - - discard
                                          local unix - n n - - local
                                          virtual unix - n n - - virtual
                                          lmtp unix - - n - - lmtp
                                          anvil unix - - n - 1 anvil
                                          scache unix - - n - 1 scache

                                          dbmail-lmtp unix - - n - - lmtp -v

                                          maildrop unix - n n - - pipe
                                          flags=DRhu user=vmail argv=/usr/local/bin/maildrop -d ${recipient}

                                          old-cyrus unix - n n - - pipe
                                          flags=R user=cyrus argv=/usr/lib/cyrus-imapd/deliver -e -m ${extension}
                                          ${user}
                                          cyrus unix - n n - - pipe
                                          user=cyrus argv=/usr/lib/cyrus-imapd/deliver -e -r ${sender} -m
                                          ${extension} ${user}
                                          uucp unix - n n - - pipe
                                          flags=Fqhu user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail
                                          ($recipient)
                                          ifmail unix - n n - - pipe
                                          flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient)
                                          bsmtp unix - n n - - pipe
                                          flags=Fq. user=foo argv=/usr/local/sbin/bsmtp -f $sender $nexthop
                                          $recipient

                                          -- mechanisms on localhost --


                                          Thanks again,
                                          Jim



                                          >That's a good way to verify, smtpd.conf gets read...
                                          >
                                          >p@rick
                                          >
                                          >
                                          >--
                                          >The Book of Postfix
                                          ><http://www.postfix-book.com>
                                          >saslfinger (debugging SMTP AUTH):
                                          ><http://postfix.state-of-mind.de/patrick.koetter/saslfinger/>
                                        • Patrick Ben Koetter
                                          ... okay. ... okay. ... Not successfully as you can see in the saslfinger output... ... No idea what you are doing different... ... This is not the content of
                                          Message 20 of 24 , Oct 1, 2006
                                          • 0 Attachment
                                            * Jim Douglas <jdz99@...>:
                                            > >A Typo?
                                            > >smptd.conf should be smtpd.conf !
                                            >
                                            > Yes, it's a typo it is spelled correctly except in this email...

                                            okay.

                                            > >On localhost or on 127.0.0.1? (Yes, there may be a difference in MySQL...)
                                            > >
                                            > >As sql_user: root with sql_passwd: mypassword (you shouldn't be using root,
                                            > >by the way...)
                                            >
                                            > MySQL is ok on localhost and 127.0.0.1..."root" is just till I get things
                                            > working..

                                            okay.

                                            > >> I have reviewed the steps many times at this point and really appreciate
                                            > >> your feedback.
                                            > >
                                            > >Okay. Check the smptd-typo, which should be smtpd.conf. Then check if
                                            > >libsql is there now and send saslfinger -s output to reflect the current
                                            > >state.
                                            >
                                            > libsql is in /usr/local/lib/sasl2 and I linked them, like so,
                                            > ln -s /usr/local/lib/sasl2 /usr/lib/sasl2

                                            Not successfully as you can see in the saslfinger output...

                                            > >You should be able to see sasl2-sample-server and -client communicating
                                            > >with each other when you start the server and connect to it from a
                                            > >different terminal window.
                                            >
                                            > sasl2-sample-server -s rcmd -p 8000 returns,
                                            > trying 10, 1, 6
                                            > bind: Address already in use
                                            > trying 2, 1, 6
                                            > bind: Address already in use
                                            > Couldn't bind to any socket

                                            No idea what you are doing different...

                                            > When I run in a second window and enter,
                                            > sasl2-sample-client -s rcmd -p 8000 -m PLAIN 127.0.0.1
                                            >
                                            > Nothing happens....
                                            >
                                            > >
                                            > >If you start sasl2-sample-server without binding it to any mechanism as
                                            > >well start the client without "-m PLAIN", then the client should tell you
                                            > >all mechanisms the server offered, which should be what you have in
                                            > >smtpd.conf.
                                            >
                                            > sasl2-sample-server returns,
                                            > trying 10, 1, 6
                                            > bind: Address already in use
                                            > trying 2, 1, 6
                                            > bind: Address already in use
                                            > Couldn't bind to any socket
                                            >
                                            > ...without the -m PLAIN I get,
                                            > usage: client [-p port] [-s service] [-m mech] [-p port] host
                                            >
                                            >
                                            > saslfiger -s output...
                                            >
                                            > saslfinger - postfix Cyrus sasl configuration Sun Oct 1 09:44:44 EDT 2006
                                            > version: 1.0
                                            > mode: server-side SMTP AUTH
                                            >
                                            > -- basics --
                                            > Postfix: 2.3.3
                                            > System: Fedora Core release 5 (Bordeaux)
                                            >
                                            > -- smtpd is linked to --
                                            > libsasl2.so.2 => /usr/lib/libsasl2.so.2 (0x00409000)
                                            >
                                            > -- active SMTP AUTH and TLS parameters for smtpd --
                                            > broken_sasl_auth_clients = yes
                                            > smtpd_sasl_auth_enable = yes
                                            > smtpd_sasl_authenticated_header = yes
                                            > smtpd_sasl_local_domain =
                                            > smtpd_sasl_security_options = noanonymous
                                            >
                                            >
                                            > -- listing of /usr/lib/sasl --
                                            > total 132
                                            > drwxr-xr-x 2 root root 4096 Sep 30 14:26 .
                                            > drwxr-xr-x 125 root root 110592 Sep 30 14:13 ..
                                            > -rw-r--r-- 1 root root 0 Sep 30 14:23 smptd.conf
                                            > -rw-r--r-- 1 root root 263 Sep 30 14:26 smtpd.conf
                                            > -rw-r--r-- 1 root root 263 Sep 30 14:15 smtpd.conf~
                                            > -rw-r--r-- 1 root root 263 Sep 30 13:18 smtpd.conf.rpmsave
                                            >
                                            > -- listing of /usr/lib/sasl2 --

                                            This is not the content of /usr/local/lib/sasl2, but it should be.

                                            > total 3060
                                            > drwxr-xr-x 2 root root 4096 Oct 1 09:44 .
                                            > drwxr-xr-x 125 root root 110592 Sep 30 14:13 ..
                                            > -rwxr-xr-x 1 root root 884 Feb 20 2006 libanonymous.la
                                            > -rwxr-xr-x 1 root root 14668 Feb 20 2006 libanonymous.so
                                            > -rwxr-xr-x 1 root root 14668 Feb 20 2006 libanonymous.so.2
                                            > -rwxr-xr-x 1 root root 14668 Feb 20 2006 libanonymous.so.2.0.21
                                            > -rwxr-xr-x 1 root root 856 Feb 20 2006 liblogin.la
                                            > -rwxr-xr-x 1 root root 15080 Feb 20 2006 liblogin.so
                                            > -rwxr-xr-x 1 root root 15080 Feb 20 2006 liblogin.so.2
                                            > -rwxr-xr-x 1 root root 15080 Feb 20 2006 liblogin.so.2.0.21
                                            > -rwxr-xr-x 1 root root 856 Feb 20 2006 libplain.la
                                            > -rwxr-xr-x 1 root root 15144 Feb 20 2006 libplain.so
                                            > -rwxr-xr-x 1 root root 15144 Feb 20 2006 libplain.so.2
                                            > -rwxr-xr-x 1 root root 15144 Feb 20 2006 libplain.so.2.0.21
                                            > -rwxr-xr-x 1 root root 941 Feb 20 2006 libsasldb.la
                                            > -rwxr-xr-x 1 root root 909324 Feb 20 2006 libsasldb.so
                                            > -rwxr-xr-x 1 root root 909324 Feb 20 2006 libsasldb.so.2
                                            > -rwxr-xr-x 1 root root 909324 Feb 20 2006 libsasldb.so.2.0.21
                                            > -rw-r--r-- 1 root root 0 Sep 30 14:27 out
                                            > -rw-r--r-- 1 root root 890 Oct 1 09:44 output.txt
                                            > -rw-r--r-- 1 root root 0 Sep 30 14:27 out.txt
                                            > -rw-r--r-- 1 root root 26 Sep 29 14:03 sample.conf
                                            > drwxr-xr-x 2 root root 4096 Sep 30 13:35 sasl2
                                            > -rw-r--r-- 1 root root 0 Sep 30 14:23 smptd.conf
                                            > -rw-r--r-- 1 root root 26 Sep 29 14:03 smtpd.conf
                                            > -rw-r--r-- 1 root root 275 Sep 29 20:07 smtpd.conf~
                                            > -rw-r--r-- 1 root root 262 Sep 29 20:07 smtpd.conf.rpmsave
                                            > -rw-r--r-- 1 root root 0 Sep 30 12:53 test
                                            >
                                            > -- listing of /usr/local/lib/sasl2 --
                                            > total 2280
                                            > drwxr-xr-x 2 root root 4096 Sep 30 13:35 .
                                            > drwxr-xr-x 4 root root 4096 Sep 30 13:35 ..
                                            > -rwxr-xr-x 1 root root 695 Sep 30 13:35 libanonymous.la
                                            > -rwxr-xr-x 1 root root 55287 Sep 30 13:35 libanonymous.so
                                            > -rwxr-xr-x 1 root root 55287 Sep 30 13:35 libanonymous.so.2
                                            > -rwxr-xr-x 1 root root 55287 Sep 30 13:35 libanonymous.so.2.0.22
                                            > -rwxr-xr-x 1 root root 683 Sep 30 13:34 libcrammd5.la
                                            > -rwxr-xr-x 1 root root 61405 Sep 30 13:34 libcrammd5.so
                                            > -rwxr-xr-x 1 root root 61405 Sep 30 13:34 libcrammd5.so.2
                                            > -rwxr-xr-x 1 root root 61405 Sep 30 13:34 libcrammd5.so.2.0.22
                                            > -rwxr-xr-x 1 root root 713 Sep 30 13:34 libdigestmd5.la
                                            > -rwxr-xr-x 1 root root 126446 Sep 30 13:34 libdigestmd5.so
                                            > -rwxr-xr-x 1 root root 126446 Sep 30 13:34 libdigestmd5.so.2
                                            > -rwxr-xr-x 1 root root 126446 Sep 30 13:34 libdigestmd5.so.2.0.22
                                            > -rwxr-xr-x 1 root root 763 Sep 30 13:34 libgssapiv2.la
                                            > -rwxr-xr-x 1 root root 79626 Sep 30 13:34 libgssapiv2.so
                                            > -rwxr-xr-x 1 root root 79626 Sep 30 13:34 libgssapiv2.so.2
                                            > -rwxr-xr-x 1 root root 79626 Sep 30 13:34 libgssapiv2.so.2.0.22
                                            > -rwxr-xr-x 1 root root 679 Sep 30 13:35 liblogin.la
                                            > -rwxr-xr-x 1 root root 56483 Sep 30 13:35 liblogin.so
                                            > -rwxr-xr-x 1 root root 56483 Sep 30 13:35 liblogin.so.2
                                            > -rwxr-xr-x 1 root root 56483 Sep 30 13:35 liblogin.so.2.0.22
                                            > -rwxr-xr-x 1 root root 668 Sep 30 13:34 libotp.la
                                            > -rwxr-xr-x 1 root root 121082 Sep 30 13:34 libotp.so
                                            > -rwxr-xr-x 1 root root 121082 Sep 30 13:34 libotp.so.2
                                            > -rwxr-xr-x 1 root root 121082 Sep 30 13:34 libotp.so.2.0.22
                                            > -rwxr-xr-x 1 root root 679 Sep 30 13:34 libplain.la
                                            > -rwxr-xr-x 1 root root 56941 Sep 30 13:34 libplain.so
                                            > -rwxr-xr-x 1 root root 56941 Sep 30 13:34 libplain.so.2
                                            > -rwxr-xr-x 1 root root 56941 Sep 30 13:34 libplain.so.2.0.22
                                            > -rwxr-xr-x 1 root root 704 Sep 30 13:34 libsasldb.la
                                            > -rwxr-xr-x 1 root root 98065 Sep 30 13:34 libsasldb.so
                                            > -rwxr-xr-x 1 root root 98065 Sep 30 13:34 libsasldb.so.2
                                            > -rwxr-xr-x 1 root root 98065 Sep 30 13:34 libsasldb.so.2.0.22
                                            > -rwxr-xr-x 1 root root 690 Sep 30 13:35 libsql.la
                                            > -rwxr-xr-x 1 root root 59571 Sep 30 13:35 libsql.so
                                            > -rwxr-xr-x 1 root root 59571 Sep 30 13:35 libsql.so.2
                                            > -rwxr-xr-x 1 root root 59571 Sep 30 13:35 libsql.so.2.0.22
                                            >
                                            >
                                            >
                                            >
                                            > -- content of /usr/lib/sasl/smtpd.conf --

                                            Your MySQL config from /usr/lib/sasl/smtpd.conf will never be read, because
                                            Postfix uses Cyrus-SASL.2.x. and that means it searches for
                                            /usr/lib/sasl2/smtpd.conf.

                                            # cp /usr/lib/sasl/smtpd.conf /usr/lib/sasl2/smtpd.conf


                                            > log_level: 3
                                            >
                                            > pwcheck_method: auxprop
                                            >
                                            > auxprop_plugin: sql
                                            > mech_list: PLAIN LOGIN
                                            > sql_engine: mysql
                                            > sql_hostnames: 127.0.0.1
                                            > sql_user: --- replaced ---
                                            > sql_passwd: --- replaced ---
                                            > sql_database: dbmail
                                            > sql_select: select passwd from dbmail_users where userid = '%u' and passwd=
                                            > '%r'
                                            >
                                            > -- content of /usr/lib/sasl2/smtpd.conf --
                                            > pwcheck_method: saslauthd
                                            >
                                            >
                                            > -- active services in /etc/postfix/master.cf --
                                            > # service type private unpriv chroot wakeup maxproc command + args
                                            > # (yes) (yes) (yes) (never) (100)
                                            > smtp inet n - n - - smtpd
                                            > pickup fifo n - n 60 1 pickup
                                            > cleanup unix n - n - 0 cleanup
                                            > qmgr fifo n - n 300 1 qmgr
                                            > tlsmgr unix - - n 1000? 1 tlsmgr
                                            > rewrite unix - - n - - trivial-rewrite
                                            > bounce unix - - n - 0 bounce
                                            > defer unix - - n - 0 bounce
                                            > trace unix - - n - 0 bounce
                                            > verify unix - - n - 1 verify
                                            > flush unix n - n 1000? 0 flush
                                            > proxymap unix - - n - - proxymap
                                            > smtp unix - - n - - smtp
                                            > relay unix - - n - - smtp
                                            > -o fallback_relay=
                                            > showq unix n - n - - showq
                                            > error unix - - n - - error
                                            > discard unix - - n - - discard
                                            > local unix - n n - - local
                                            > virtual unix - n n - - virtual
                                            > lmtp unix - - n - - lmtp
                                            > anvil unix - - n - 1 anvil
                                            > scache unix - - n - 1 scache
                                            >
                                            > dbmail-lmtp unix - - n - - lmtp -v
                                            >
                                            > maildrop unix - n n - - pipe
                                            > flags=DRhu user=vmail argv=/usr/local/bin/maildrop -d ${recipient}
                                            >
                                            > old-cyrus unix - n n - - pipe
                                            > flags=R user=cyrus argv=/usr/lib/cyrus-imapd/deliver -e -m ${extension}
                                            > ${user}
                                            > cyrus unix - n n - - pipe
                                            > user=cyrus argv=/usr/lib/cyrus-imapd/deliver -e -r ${sender} -m
                                            > ${extension} ${user}
                                            > uucp unix - n n - - pipe
                                            > flags=Fqhu user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail
                                            > ($recipient)
                                            > ifmail unix - n n - - pipe
                                            > flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient)
                                            > bsmtp unix - n n - - pipe
                                            > flags=Fq. user=foo argv=/usr/local/sbin/bsmtp -f $sender $nexthop
                                            > $recipient
                                            >
                                            > -- mechanisms on localhost --
                                            >
                                            >
                                            > Thanks again,
                                            > Jim
                                            >
                                            >
                                            >
                                            > >That's a good way to verify, smtpd.conf gets read...
                                            > >
                                            > >p@rick
                                            > >
                                            > >
                                            > >--
                                            > >The Book of Postfix
                                            > ><http://www.postfix-book.com>
                                            > >saslfinger (debugging SMTP AUTH):
                                            > ><http://postfix.state-of-mind.de/patrick.koetter/saslfinger/>
                                            >
                                            >

                                            --
                                            The Book of Postfix
                                            <http://www.postfix-book.com>
                                            saslfinger (debugging SMTP AUTH):
                                            <http://postfix.state-of-mind.de/patrick.koetter/saslfinger/>
                                          • mouss
                                            ... Try this and see for yourself # mkdir /tmp/jim # mkdir /tmp/douglas # ln -s /tmp/jim /tmp/douglas # ls -l /tmp/ |grep douglas # ls -l /tmp/douglas Morale
                                            Message 21 of 24 , Oct 1, 2006
                                            • 0 Attachment
                                              Jim Douglas wrote:
                                              >
                                              > libsql is in /usr/local/lib/sasl2 and I linked them, like so,
                                              > ln -s /usr/local/lib/sasl2 /usr/lib/sasl2

                                              Try this and see for yourself

                                              # mkdir /tmp/jim
                                              # mkdir /tmp/douglas
                                              # ln -s /tmp/jim /tmp/douglas
                                              # ls -l /tmp/ |grep douglas
                                              # ls -l /tmp/douglas

                                              Morale of the story: check that your commands really did you what you
                                              wanted...
                                            • Jim Douglas
                                              ... It was the link that was causing the problem, I can authenticate now from one terminal window to the other... Now, after putting these setting in main.cf..
                                              Message 22 of 24 , Oct 1, 2006
                                              • 0 Attachment
                                                >From: Patrick Ben Koetter <p@...>
                                                >To: postfix-users@...
                                                >Subject: Re: login username / different domain
                                                >Date: Sun, 1 Oct 2006 21:39:11 +0200
                                                >
                                                >* Jim Douglas <jdz99@...>:
                                                > > >A Typo?
                                                > > >smptd.conf should be smtpd.conf !
                                                > >
                                                > > Yes, it's a typo it is spelled correctly except in this email...
                                                >
                                                >okay.
                                                >
                                                > > >On localhost or on 127.0.0.1? (Yes, there may be a difference in
                                                >MySQL...)
                                                > > >
                                                > > >As sql_user: root with sql_passwd: mypassword (you shouldn't be using
                                                >root,
                                                > > >by the way...)
                                                > >
                                                > > MySQL is ok on localhost and 127.0.0.1..."root" is just till I get
                                                >things
                                                > > working..
                                                >
                                                >okay.
                                                >
                                                > > >> I have reviewed the steps many times at this point and really
                                                >appreciate
                                                > > >> your feedback.
                                                > > >
                                                > > >Okay. Check the smptd-typo, which should be smtpd.conf. Then check if
                                                > > >libsql is there now and send saslfinger -s output to reflect the
                                                >current
                                                > > >state.
                                                > >
                                                > > libsql is in /usr/local/lib/sasl2 and I linked them, like so,
                                                > > ln -s /usr/local/lib/sasl2 /usr/lib/sasl2
                                                >
                                                >Not successfully as you can see in the saslfinger output...
                                                >
                                                > > >You should be able to see sasl2-sample-server and -client communicating
                                                > > >with each other when you start the server and connect to it from a
                                                > > >different terminal window.
                                                > >
                                                > > sasl2-sample-server -s rcmd -p 8000 returns,
                                                > > trying 10, 1, 6
                                                > > bind: Address already in use
                                                > > trying 2, 1, 6
                                                > > bind: Address already in use
                                                > > Couldn't bind to any socket
                                                >
                                                >No idea what you are doing different...
                                                >
                                                > > When I run in a second window and enter,
                                                > > sasl2-sample-client -s rcmd -p 8000 -m PLAIN 127.0.0.1
                                                > >
                                                > > Nothing happens....
                                                > >
                                                > > >
                                                > > >If you start sasl2-sample-server without binding it to any mechanism as
                                                > > >well start the client without "-m PLAIN", then the client should tell
                                                >you
                                                > > >all mechanisms the server offered, which should be what you have in
                                                > > >smtpd.conf.
                                                > >
                                                > > sasl2-sample-server returns,
                                                > > trying 10, 1, 6
                                                > > bind: Address already in use
                                                > > trying 2, 1, 6
                                                > > bind: Address already in use
                                                > > Couldn't bind to any socket
                                                > >
                                                > > ...without the -m PLAIN I get,
                                                > > usage: client [-p port] [-s service] [-m mech] [-p port] host
                                                > >
                                                > >
                                                > > saslfiger -s output...
                                                > >
                                                > > saslfinger - postfix Cyrus sasl configuration Sun Oct 1 09:44:44 EDT
                                                >2006
                                                > > version: 1.0
                                                > > mode: server-side SMTP AUTH
                                                > >
                                                > > -- basics --
                                                > > Postfix: 2.3.3
                                                > > System: Fedora Core release 5 (Bordeaux)
                                                > >
                                                > > -- smtpd is linked to --
                                                > > libsasl2.so.2 => /usr/lib/libsasl2.so.2 (0x00409000)
                                                > >
                                                > > -- active SMTP AUTH and TLS parameters for smtpd --
                                                > > broken_sasl_auth_clients = yes
                                                > > smtpd_sasl_auth_enable = yes
                                                > > smtpd_sasl_authenticated_header = yes
                                                > > smtpd_sasl_local_domain =
                                                > > smtpd_sasl_security_options = noanonymous
                                                > >
                                                > >
                                                > > -- listing of /usr/lib/sasl --
                                                > > total 132
                                                > > drwxr-xr-x 2 root root 4096 Sep 30 14:26 .
                                                > > drwxr-xr-x 125 root root 110592 Sep 30 14:13 ..
                                                > > -rw-r--r-- 1 root root 0 Sep 30 14:23 smptd.conf
                                                > > -rw-r--r-- 1 root root 263 Sep 30 14:26 smtpd.conf
                                                > > -rw-r--r-- 1 root root 263 Sep 30 14:15 smtpd.conf~
                                                > > -rw-r--r-- 1 root root 263 Sep 30 13:18 smtpd.conf.rpmsave
                                                > >
                                                > > -- listing of /usr/lib/sasl2 --
                                                >
                                                >This is not the content of /usr/local/lib/sasl2, but it should be.
                                                >
                                                > > total 3060
                                                > > drwxr-xr-x 2 root root 4096 Oct 1 09:44 .
                                                > > drwxr-xr-x 125 root root 110592 Sep 30 14:13 ..
                                                > > -rwxr-xr-x 1 root root 884 Feb 20 2006 libanonymous.la
                                                > > -rwxr-xr-x 1 root root 14668 Feb 20 2006 libanonymous.so
                                                > > -rwxr-xr-x 1 root root 14668 Feb 20 2006 libanonymous.so.2
                                                > > -rwxr-xr-x 1 root root 14668 Feb 20 2006 libanonymous.so.2.0.21
                                                > > -rwxr-xr-x 1 root root 856 Feb 20 2006 liblogin.la
                                                > > -rwxr-xr-x 1 root root 15080 Feb 20 2006 liblogin.so
                                                > > -rwxr-xr-x 1 root root 15080 Feb 20 2006 liblogin.so.2
                                                > > -rwxr-xr-x 1 root root 15080 Feb 20 2006 liblogin.so.2.0.21
                                                > > -rwxr-xr-x 1 root root 856 Feb 20 2006 libplain.la
                                                > > -rwxr-xr-x 1 root root 15144 Feb 20 2006 libplain.so
                                                > > -rwxr-xr-x 1 root root 15144 Feb 20 2006 libplain.so.2
                                                > > -rwxr-xr-x 1 root root 15144 Feb 20 2006 libplain.so.2.0.21
                                                > > -rwxr-xr-x 1 root root 941 Feb 20 2006 libsasldb.la
                                                > > -rwxr-xr-x 1 root root 909324 Feb 20 2006 libsasldb.so
                                                > > -rwxr-xr-x 1 root root 909324 Feb 20 2006 libsasldb.so.2
                                                > > -rwxr-xr-x 1 root root 909324 Feb 20 2006 libsasldb.so.2.0.21
                                                > > -rw-r--r-- 1 root root 0 Sep 30 14:27 out
                                                > > -rw-r--r-- 1 root root 890 Oct 1 09:44 output.txt
                                                > > -rw-r--r-- 1 root root 0 Sep 30 14:27 out.txt
                                                > > -rw-r--r-- 1 root root 26 Sep 29 14:03 sample.conf
                                                > > drwxr-xr-x 2 root root 4096 Sep 30 13:35 sasl2
                                                > > -rw-r--r-- 1 root root 0 Sep 30 14:23 smptd.conf
                                                > > -rw-r--r-- 1 root root 26 Sep 29 14:03 smtpd.conf
                                                > > -rw-r--r-- 1 root root 275 Sep 29 20:07 smtpd.conf~
                                                > > -rw-r--r-- 1 root root 262 Sep 29 20:07 smtpd.conf.rpmsave
                                                > > -rw-r--r-- 1 root root 0 Sep 30 12:53 test
                                                > >
                                                > > -- listing of /usr/local/lib/sasl2 --
                                                > > total 2280
                                                > > drwxr-xr-x 2 root root 4096 Sep 30 13:35 .
                                                > > drwxr-xr-x 4 root root 4096 Sep 30 13:35 ..
                                                > > -rwxr-xr-x 1 root root 695 Sep 30 13:35 libanonymous.la
                                                > > -rwxr-xr-x 1 root root 55287 Sep 30 13:35 libanonymous.so
                                                > > -rwxr-xr-x 1 root root 55287 Sep 30 13:35 libanonymous.so.2
                                                > > -rwxr-xr-x 1 root root 55287 Sep 30 13:35 libanonymous.so.2.0.22
                                                > > -rwxr-xr-x 1 root root 683 Sep 30 13:34 libcrammd5.la
                                                > > -rwxr-xr-x 1 root root 61405 Sep 30 13:34 libcrammd5.so
                                                > > -rwxr-xr-x 1 root root 61405 Sep 30 13:34 libcrammd5.so.2
                                                > > -rwxr-xr-x 1 root root 61405 Sep 30 13:34 libcrammd5.so.2.0.22
                                                > > -rwxr-xr-x 1 root root 713 Sep 30 13:34 libdigestmd5.la
                                                > > -rwxr-xr-x 1 root root 126446 Sep 30 13:34 libdigestmd5.so
                                                > > -rwxr-xr-x 1 root root 126446 Sep 30 13:34 libdigestmd5.so.2
                                                > > -rwxr-xr-x 1 root root 126446 Sep 30 13:34 libdigestmd5.so.2.0.22
                                                > > -rwxr-xr-x 1 root root 763 Sep 30 13:34 libgssapiv2.la
                                                > > -rwxr-xr-x 1 root root 79626 Sep 30 13:34 libgssapiv2.so
                                                > > -rwxr-xr-x 1 root root 79626 Sep 30 13:34 libgssapiv2.so.2
                                                > > -rwxr-xr-x 1 root root 79626 Sep 30 13:34 libgssapiv2.so.2.0.22
                                                > > -rwxr-xr-x 1 root root 679 Sep 30 13:35 liblogin.la
                                                > > -rwxr-xr-x 1 root root 56483 Sep 30 13:35 liblogin.so
                                                > > -rwxr-xr-x 1 root root 56483 Sep 30 13:35 liblogin.so.2
                                                > > -rwxr-xr-x 1 root root 56483 Sep 30 13:35 liblogin.so.2.0.22
                                                > > -rwxr-xr-x 1 root root 668 Sep 30 13:34 libotp.la
                                                > > -rwxr-xr-x 1 root root 121082 Sep 30 13:34 libotp.so
                                                > > -rwxr-xr-x 1 root root 121082 Sep 30 13:34 libotp.so.2
                                                > > -rwxr-xr-x 1 root root 121082 Sep 30 13:34 libotp.so.2.0.22
                                                > > -rwxr-xr-x 1 root root 679 Sep 30 13:34 libplain.la
                                                > > -rwxr-xr-x 1 root root 56941 Sep 30 13:34 libplain.so
                                                > > -rwxr-xr-x 1 root root 56941 Sep 30 13:34 libplain.so.2
                                                > > -rwxr-xr-x 1 root root 56941 Sep 30 13:34 libplain.so.2.0.22
                                                > > -rwxr-xr-x 1 root root 704 Sep 30 13:34 libsasldb.la
                                                > > -rwxr-xr-x 1 root root 98065 Sep 30 13:34 libsasldb.so
                                                > > -rwxr-xr-x 1 root root 98065 Sep 30 13:34 libsasldb.so.2
                                                > > -rwxr-xr-x 1 root root 98065 Sep 30 13:34 libsasldb.so.2.0.22
                                                > > -rwxr-xr-x 1 root root 690 Sep 30 13:35 libsql.la
                                                > > -rwxr-xr-x 1 root root 59571 Sep 30 13:35 libsql.so
                                                > > -rwxr-xr-x 1 root root 59571 Sep 30 13:35 libsql.so.2
                                                > > -rwxr-xr-x 1 root root 59571 Sep 30 13:35 libsql.so.2.0.22
                                                > >
                                                > >
                                                > >
                                                > >
                                                > > -- content of /usr/lib/sasl/smtpd.conf --
                                                >
                                                >Your MySQL config from /usr/lib/sasl/smtpd.conf will never be read, because
                                                >Postfix uses Cyrus-SASL.2.x. and that means it searches for
                                                >/usr/lib/sasl2/smtpd.conf.
                                                >
                                                ># cp /usr/lib/sasl/smtpd.conf /usr/lib/sasl2/smtpd.conf
                                                >
                                                >
                                                > > log_level: 3
                                                > >
                                                > > pwcheck_method: auxprop
                                                > >
                                                > > auxprop_plugin: sql
                                                > > mech_list: PLAIN LOGIN
                                                > > sql_engine: mysql
                                                > > sql_hostnames: 127.0.0.1
                                                > > sql_user: --- replaced ---
                                                > > sql_passwd: --- replaced ---
                                                > > sql_database: dbmail
                                                > > sql_select: select passwd from dbmail_users where userid = '%u' and
                                                >passwd=
                                                > > '%r'
                                                > >
                                                > > -- content of /usr/lib/sasl2/smtpd.conf --
                                                > > pwcheck_method: saslauthd
                                                > >
                                                > >
                                                > > -- active services in /etc/postfix/master.cf --
                                                > > # service type private unpriv chroot wakeup maxproc command + args
                                                > > # (yes) (yes) (yes) (never) (100)
                                                > > smtp inet n - n - - smtpd
                                                > > pickup fifo n - n 60 1 pickup
                                                > > cleanup unix n - n - 0 cleanup
                                                > > qmgr fifo n - n 300 1 qmgr
                                                > > tlsmgr unix - - n 1000? 1 tlsmgr
                                                > > rewrite unix - - n - - trivial-rewrite
                                                > > bounce unix - - n - 0 bounce
                                                > > defer unix - - n - 0 bounce
                                                > > trace unix - - n - 0 bounce
                                                > > verify unix - - n - 1 verify
                                                > > flush unix n - n 1000? 0 flush
                                                > > proxymap unix - - n - - proxymap
                                                > > smtp unix - - n - - smtp
                                                > > relay unix - - n - - smtp
                                                > > -o fallback_relay=
                                                > > showq unix n - n - - showq
                                                > > error unix - - n - - error
                                                > > discard unix - - n - - discard
                                                > > local unix - n n - - local
                                                > > virtual unix - n n - - virtual
                                                > > lmtp unix - - n - - lmtp
                                                > > anvil unix - - n - 1 anvil
                                                > > scache unix - - n - 1 scache
                                                > >
                                                > > dbmail-lmtp unix - - n - - lmtp -v
                                                > >
                                                > > maildrop unix - n n - - pipe
                                                > > flags=DRhu user=vmail argv=/usr/local/bin/maildrop -d ${recipient}
                                                > >
                                                > > old-cyrus unix - n n - - pipe
                                                > > flags=R user=cyrus argv=/usr/lib/cyrus-imapd/deliver -e -m ${extension}
                                                > > ${user}
                                                > > cyrus unix - n n - - pipe
                                                > > user=cyrus argv=/usr/lib/cyrus-imapd/deliver -e -r ${sender} -m
                                                > > ${extension} ${user}
                                                > > uucp unix - n n - - pipe
                                                > > flags=Fqhu user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail
                                                > > ($recipient)
                                                > > ifmail unix - n n - - pipe
                                                > > flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient)
                                                > > bsmtp unix - n n - - pipe
                                                > > flags=Fq. user=foo argv=/usr/local/sbin/bsmtp -f $sender $nexthop
                                                > > $recipient
                                                > >
                                                > > -- mechanisms on localhost --
                                                > >
                                                > >
                                                > > Thanks again,
                                                > > Jim
                                                > >
                                                > >
                                                > >
                                                > > >That's a good way to verify, smtpd.conf gets read...
                                                > > >
                                                > > >p@rick
                                                > > >
                                                > > >
                                                > > >--
                                                > > >The Book of Postfix
                                                > > ><http://www.postfix-book.com>
                                                > > >saslfinger (debugging SMTP AUTH):
                                                > > ><http://postfix.state-of-mind.de/patrick.koetter/saslfinger/>
                                                > >
                                                > >
                                                >
                                                >--
                                                >The Book of Postfix
                                                ><http://www.postfix-book.com>
                                                >saslfinger (debugging SMTP AUTH):
                                                ><http://postfix.state-of-mind.de/patrick.koetter/saslfinger/>

                                                It was the link that was causing the problem, I can authenticate now from
                                                one terminal window to the other...

                                                Now, after putting these setting in main.cf..

                                                broken_sasl_auth_clients = yes
                                                smtpd_sasl_auth_enable = yes
                                                smtpd_sasl_security_options = noanonymous
                                                smtpd_sasl_local_domain =
                                                smtpd_recipient_restrictions = permit_mynetworks,
                                                reject_invalid_hostname,
                                                reject_non_fqdn_sender,
                                                reject_non_fqdn_recipient,
                                                reject_unknown_recipient_domain,
                                                reject_unauth_pipelining,
                                                reject_unknown_sender_domain,
                                                permit_sasl_authenticated,
                                                reject_unauth_destination

                                                I get an error in my log after trying to login from webmail,

                                                Oct 1 20:39:20 cpe-22-63-233-133 authdaemond: failed to connect to mysql
                                                server (server=mysql.example.com, userid=admin): Unknown MySQL server host
                                                'mysql.example.com' (1)
                                                Oct 1 20:39:20 cpe-22-63-233-133 imapd: LOGIN FAILED, user=foo,
                                                ip=[::ffff:22-63-233-133]
                                                Oct 1 20:39:20 cpe-22-63-233-133 imapd: authentication error: Input/output
                                                error

                                                ...where can I change "mysql.example.com"?

                                                I thought we specified this info in smtpd.conf?


                                                Thanks,
                                                Jim
                                              • Patrick Ben Koetter
                                                ... fine. ... The error stems not from Postfix, but from Courier IMAP s authdaemond server. You need to fix it in authdaemond s config and the best people to
                                                Message 23 of 24 , Oct 1, 2006
                                                • 0 Attachment
                                                  * Jim Douglas <jdz99@...>:
                                                  > It was the link that was causing the problem, I can authenticate now from
                                                  > one terminal window to the other...

                                                  fine.

                                                  > Now, after putting these setting in main.cf..
                                                  >
                                                  > broken_sasl_auth_clients = yes
                                                  > smtpd_sasl_auth_enable = yes
                                                  > smtpd_sasl_security_options = noanonymous
                                                  > smtpd_sasl_local_domain =
                                                  > smtpd_recipient_restrictions = permit_mynetworks,
                                                  > reject_invalid_hostname,
                                                  > reject_non_fqdn_sender,
                                                  > reject_non_fqdn_recipient,
                                                  > reject_unknown_recipient_domain,
                                                  > reject_unauth_pipelining,
                                                  > reject_unknown_sender_domain,
                                                  > permit_sasl_authenticated,
                                                  > reject_unauth_destination
                                                  >
                                                  > I get an error in my log after trying to login from webmail,
                                                  >
                                                  > Oct 1 20:39:20 cpe-22-63-233-133 authdaemond: failed to connect to mysql
                                                  > server (server=mysql.example.com, userid=admin): Unknown MySQL server host
                                                  > 'mysql.example.com' (1)

                                                  The error stems not from Postfix, but from Courier IMAP's authdaemond server.
                                                  You need to fix it in authdaemond's config and the best people to support you
                                                  with that are the ones on the Courier mailing list.

                                                  p@rick

                                                  --
                                                  The Book of Postfix
                                                  <http://www.postfix-book.com>
                                                  saslfinger (debugging SMTP AUTH):
                                                  <http://postfix.state-of-mind.de/patrick.koetter/saslfinger/>
                                                • Jim Douglas
                                                  ... It s been a long time since I set this up...I guess I need to configure the IMAP server... Any sugestion on which one is better than another? Jim
                                                  Message 24 of 24 , Oct 2, 2006
                                                  • 0 Attachment
                                                    >From: Patrick Ben Koetter <p@...>
                                                    >To: postfix-users@...
                                                    >Subject: Re: login username / different domain
                                                    >Date: Mon, 2 Oct 2006 08:56:50 +0200
                                                    >
                                                    >* Jim Douglas <jdz99@...>:
                                                    > > It was the link that was causing the problem, I can authenticate now
                                                    >from
                                                    > > one terminal window to the other...
                                                    >
                                                    >fine.
                                                    >
                                                    > > Now, after putting these setting in main.cf..
                                                    > >
                                                    > > broken_sasl_auth_clients = yes
                                                    > > smtpd_sasl_auth_enable = yes
                                                    > > smtpd_sasl_security_options = noanonymous
                                                    > > smtpd_sasl_local_domain =
                                                    > > smtpd_recipient_restrictions = permit_mynetworks,
                                                    > > reject_invalid_hostname,
                                                    > > reject_non_fqdn_sender,
                                                    > > reject_non_fqdn_recipient,
                                                    > > reject_unknown_recipient_domain,
                                                    > > reject_unauth_pipelining,
                                                    > > reject_unknown_sender_domain,
                                                    > > permit_sasl_authenticated,
                                                    > > reject_unauth_destination
                                                    > >
                                                    > > I get an error in my log after trying to login from webmail,
                                                    > >
                                                    > > Oct 1 20:39:20 cpe-22-63-233-133 authdaemond: failed to connect to
                                                    >mysql
                                                    > > server (server=mysql.example.com, userid=admin): Unknown MySQL server
                                                    >host
                                                    > > 'mysql.example.com' (1)
                                                    >
                                                    >The error stems not from Postfix, but from Courier IMAP's authdaemond
                                                    >server.
                                                    >You need to fix it in authdaemond's config and the best people to support
                                                    >you
                                                    >with that are the ones on the Courier mailing list.
                                                    >
                                                    >p@rick
                                                    >
                                                    >--
                                                    >The Book of Postfix
                                                    ><http://www.postfix-book.com>
                                                    >saslfinger (debugging SMTP AUTH):
                                                    ><http://postfix.state-of-mind.de/patrick.koetter/saslfinger/>

                                                    It's been a long time since I set this up...I guess I need to configure the
                                                    IMAP server... Any sugestion on which one is better than another?

                                                    Jim
                                                  Your message has been successfully submitted and would be delivered to recipients shortly.