Loading ...
Sorry, an error occurred while loading the content.

Re: Postfix + SASL + Mysql

Expand Messages
  • abondi@libero.it
    ... Ok, but setting sasl authorization for sending emails should strenghten my server... Or maybe I m wrong? Can you point out some good docs to making postfix
    Message 1 of 7 , Apr 27 7:02 AM
    • 0 Attachment
      > * abondi@... <abondi@...>:
      > > I configured my web server (Ubuntu 7.04) following main instructions from
      > > http://flurdy.com/docs/postfix/.
      > >
      > > I can send and receive email, till I tried to apply also the SASL part of
      > > the tutorial, and here's the problem: I can't send mail, my server keeps
      > > asking the password for login to smtp server.
      > >
      > > But, looking at mysql logs, it doesn't do any query to decide if the
      > > username/password is correct (I enabled login feature, I see other queries)
      > > and the postfix log output is:
      > >
      > > -------------------------------------------
      > > Apr 24 18:35:36 novilab postfix/smtpd[21132]: connect from unknown[192.168.0.200]
      > > Apr 24 18:35:38 novilab postfix/smtpd[21132]: warning: SASL authentication problem: unable to open Berkeley db /etc/sasldb2: No such file or directory
      > > --------------------------------------------
      >
      > Ignore this message. SASL logs it if all methods fail, which it doesn't log
      > and then it tries the default method sasldb, which also fails but this gets
      > loggt. Don't follow that trail. It's misleading.
      >
      > > Found that the /var/log/auth.log shows this:
      > >
      > > ---------------------------------------------
      > > Apr 26 12:14:53 novilab postfix/smtpd[28512]: sql_select option missing
      > > Apr 26 12:14:53 novilab postfix/smtpd[28512]: auxpropfunc error no mechanism available
      > > Apr 26 12:14:53 novilab postfix/smtpd[28512]: _sasl_plugin_load failed on sasl_auxprop_plug_init for plugin: sql
      > > ----------------------------------------------
      >
      > libsasl tries to initalize the sql plugin. It does not have sql_select config
      > data and this gets logged.
      >
      >
      > > But I can't figure out why! As you see, my saslfinger -s output shows that
      > > sql_select option is displayed... Please help, I don't want to become an
      > > open relay server!
      >
      > That doesn't make your system an open relay.


      Ok, but setting sasl authorization for sending emails should strenghten my server... Or maybe I'm wrong?
      Can you point out some good docs to making postfix more secure?


      > > ----------------------------------------------
      > > saslfinger - postfix Cyrus sasl configuration gio apr 26 12:21:21 CEST 2007
      > > version: 1.0.1
      > > mode: server-side SMTP AUTH
      > >
      > > -- basics --
      > > Postfix: 2.3.8
      > > System: Ubuntu 7.04 \n \l
      > >
      > > -- smtpd is linked to --
      > > libsasl2.so.2 => /usr/lib/libsasl2.so.2 (0xb7d49000)
      > >
      > > -- active SMTP AUTH and TLS parameters for smtpd --
      > > broken_sasl_auth_clients = yes
      > > smtpd_sasl_auth_enable = yes
      > > smtpd_sasl_local_domain =
      >
      > Wrong statement:
      > > smtpd_sasl_path = /etc/postfix/sasl:/usr/lib/sasl2
      >
      > Correct statement:
      > smtpd_sasl_path = smtpd
      >
      [...]
      > Fix smtpd_sasl_path, run saslfinger again. The -- mechanisms on localhost --
      > list should match your mech_list. If that works you have a base to work from.
      >
      > p@rick


      And here's the problem! WOW! Fixed, thank you very much!
      Even if I'm having another problem (postfix/postdrop... permission denied), but I'll open another thread if I can't find out how to solve it...

      Thank you very much!
      Andrea
      www.andreabondi.it


      ------------------------------------------------------
      Passa a Infostrada. ADSL e Telefono senza limiti e senza canone Telecom
      http://click.libero.it/infostrada
    Your message has been successfully submitted and would be delivered to recipients shortly.