Loading ...
Sorry, an error occurred while loading the content.
 

SMTP AUTH: Need your comments on this guide

Expand Messages
  • thorsopia@lavabit.com
    Hi, Do you see any problems with this [1] guide? Note: by changing the saslauthd path other applications that use saslauthd may be affected. [1] How to check
    Message 1 of 7 , Oct 30, 2012
      Hi,

      Do you see any problems with this [1] guide?

      "Note: by changing the saslauthd path other applications that use
      saslauthd may be affected." [1]

      How to check that I won't break other apps?

      Also, I have some problems with this command:

      $ sudo dpkg-statoverride --force --update \
      > --add root sasl 755 /var/spool/postfix/var/run/saslauthd/
      dpkg-statoverride: warning: stripping trailing /
      dpkg-statoverride: warning: An override for
      '/var/spool/postfix/var/run/saslauthd' already exists, but --force
      specified so will be ignored.

      $ ls -l /var/spool/postfix/var/run/saslauthd/
      ...
      -rw------- 1 root root ... cache.flock
      -rw------- 1 root root ... cache.mmap
      srwxrwxrwx 1 root root ... mux
      -rw------- 1 root root ... mux.accept
      -rw------- 1 root root ... saslauthd.pid

      How to run the command?

      [1] https://help.ubuntu.com/community/Postfix#Authentication
    • Patrick Ben Koetter
      ... They fail? If you tell saslauthd to establish the authentication socket in a non default location you will have to tell all applications where that new
      Message 2 of 7 , Oct 30, 2012
        * thorsopia@... <thorsopia@...>:
        > Hi,
        >
        > Do you see any problems with this [1] guide?
        >
        > "Note: by changing the saslauthd path other applications that use
        > saslauthd may be affected." [1]
        >
        > How to check that I won't break other apps?

        They fail? If you tell saslauthd to establish the authentication socket in a
        non default location you will have to tell all applications where that new
        location is or they will fail.

        The question is: Do you have any applications except for Postfix smtpd server
        that would need to use saslauthd as password verification service? If you
        don't, ignore the note and go on.

        > Also, I have some problems with this command:
        >
        > $ sudo dpkg-statoverride --force --update \
        > > --add root sasl 755 /var/spool/postfix/var/run/saslauthd/
        > dpkg-statoverride: warning: stripping trailing /
        > dpkg-statoverride: warning: An override for
        > '/var/spool/postfix/var/run/saslauthd' already exists, but --force
        > specified so will be ignored.

        That's a typical case of working against the system and breaking it.

        If you do an 'ls -ld ...' on the socket dir you will note it belongs to the
        group sasl and the group may access files in the dir.

        Add postfix to the sasl group:

        % adduser postfix sasl

        Then restart Postfix.

        Now Postfix' smtpd server is allowed to access the authentication socket.

        > How to run the command?

        Don't! Tell the author to fix his br0ken docs. And while you are at it, tell
        him there's no need to use vi when all he wants to do is _read_ a file. He can
        do with less and his system will be more secure - from him. ;)

        p@rick


        --
        [*] sys4 AG

        http://sys4.de, +49 (89) 30 90 46 64
        Franziskanerstraße 15, 81669 München

        Sitz der Gesellschaft: München, Amtsgericht München: HRB 199263
        Vorstand: Patrick Ben Koetter, Axel von der Ohe, Marc Schiffbauer
        Aufsichtsratsvorsitzender: Joerg Heidrich
      • /dev/rob0
        On Tue, Oct 30, 2012 at 03:57:33AM -0400, thorsopia@lavabit.com ... Sure. Why did you (why did the author of the guide) choose Cyrus SASL? If you are using
        Message 3 of 7 , Oct 30, 2012
          On Tue, Oct 30, 2012 at 03:57:33AM -0400, thorsopia@...
          wrote:
          > Do you see any problems with this [1] guide?
          >
          > "Note: by changing the saslauthd path other applications that use
          > saslauthd may be affected." [1]

          Sure. Why did you (why did the author of the guide) choose Cyrus
          SASL? If you are using Dovecot IMAP, it makes absolutely no sense
          then to use Cyrus SASL. Dovecot SASL is much easier to set up. If
          you're using something else for IMAP, Dovecot SASL is a reason to
          consider changing.

          http://www.postfix.org/SASL_README.html#server_dovecot
          http://wiki2.dovecot.org/HowTo/PostfixAndDovecotSASL

          Hint: if an online guide tells you do do something silly, that's a
          reason to consider it suspect. Another hint: use and trust the
          Postfix documentation. Many thousands of people are generating web
          content saying how they set up Postfix. They might not know any more
          than you do about it. If you read and understand the documentation,
          they definitely will not know more than you do.
          --
          http://rob0.nodns4.us/ -- system administration and consulting
          Offlist GMX mail is seen only if "/dev/rob0" is in the Subject:
        • thorsopia@lavabit.com
          ... I ve already configured Courier. Is it really necessary to switch to Dovecot?
          Message 4 of 7 , Oct 31, 2012
            > Sure. Why did you (why did the author of the guide) choose Cyrus
            > SASL? If you are using Dovecot IMAP, it makes absolutely no sense
            > then to use Cyrus SASL. Dovecot SASL is much easier to set up. If
            > you're using something else for IMAP, Dovecot SASL is a reason to
            > consider changing.

            I've already configured Courier. Is it really necessary to switch to
            Dovecot?
          • thorsopia@lavabit.com
            ... server ... The problem is that I m not sure. And I don t know how to check.
            Message 5 of 7 , Oct 31, 2012
              > The question is: Do you have any applications except for Postfix smtpd
              server
              > that would need to use saslauthd as password verification service? If you
              > don't, ignore the note and go on.

              The problem is that I'm not sure. And I don't know how to check.
            • Patrick Ben Koetter
              ... Usually you have to configure a server-side service to use Cyrus SASL. If you or anybody else on your system hasn t done so, you don t have an application
              Message 6 of 7 , Oct 31, 2012
                * thorsopia@... <thorsopia@...>:
                > > The question is: Do you have any applications except for Postfix smtpd
                > server
                > > that would need to use saslauthd as password verification service? If you
                > > don't, ignore the note and go on.
                >
                > The problem is that I'm not sure. And I don't know how to check.

                Usually you have to configure a server-side service to use Cyrus SASL. If you
                or anybody else on your system hasn't done so, you don't have an application
                that uses Cyrus SASL's password verification services at the moment.

                p@rick

                --
                [*] sys4 AG

                http://sys4.de, +49 (89) 30 90 46 64
                Franziskanerstraße 15, 81669 München

                Sitz der Gesellschaft: München, Amtsgericht München: HRB 199263
                Vorstand: Patrick Ben Koetter, Axel von der Ohe, Marc Schiffbauer
                Aufsichtsratsvorsitzender: Joerg Heidrich
              • Benny Pedersen
                ... nope, one just need to learn cyrus sasl api, at minimal setup saslauthd with rimap makes it work anywhere even with gmail accounts
                Message 7 of 7 , Nov 1, 2012
                  thorsopia@... skrev den 31-10-2012 22:48:
                  >> Sure. Why did you (why did the author of the guide) choose Cyrus
                  >> SASL? If you are using Dovecot IMAP, it makes absolutely no sense
                  >> then to use Cyrus SASL. Dovecot SASL is much easier to set up. If
                  >> you're using something else for IMAP, Dovecot SASL is a reason to
                  >> consider changing.
                  >
                  > I've already configured Courier. Is it really necessary to switch to
                  > Dovecot?

                  nope, one just need to learn cyrus sasl api, at minimal setup saslauthd
                  with rimap makes it work anywhere even with gmail accounts
                Your message has been successfully submitted and would be delivered to recipients shortly.