Loading ...
Sorry, an error occurred while loading the content.

Re: SASL question

Expand Messages
  • Bob Proulx
    ... I am not sure it is your desire to use the sasldb2 file. But if it is then on Debian it needs to be made available in the chroot which on Debian is
    Message 1 of 17 , Feb 13, 2013
    • 0 Attachment
      Curtis Maurand wrote:
      > Patrick Ben Koetter wrote:
      > >> However, nothing in my configuration says to open the sasldb file
      > >> anywhere as the auth machanism is set to imap, but postfix seems
      > >> intent on opening this file anyway.
      > >
      > > Cyrus SASL opens sasldb as fallback when all other attempts to do
      > > AUTH have failed. That in turn says your current setup is
      > > non-functional. Which docs did you follow? What's your current
      > > setup?
      >
      > My currwnt setup has the imap connecting to a remote server on a private
      > network. The imap server is dbmail 2.2.17.
      >
      > Postfix is a member of the sasl group. There is an sasldb2 file
      > just in case.

      I am not sure it is your desire to use the sasldb2 file. But if it is
      then on Debian it needs to be made available in the chroot which on
      Debian is usually located at /var/spool/postfix/etc. For me it meant
      the easiest thing to do was to modify the /etc/init.d/postfix script
      to make sure it was copied into the chroot when it was started.

      I added etc/sasldb2 to this next section.

      FILES="etc/sasldb2 etc/localtime etc/services etc/resolv.conf etc/hosts \
      etc/nsswitch.conf etc/nss_mdns.config"
      for file in $FILES; do
      [ -d ${file%/*} ] || mkdir -p ${file%/*}
      if [ -f /${file} ]; then rm -f ${file} && cp -p /${file} ${file}; fi
      # if [ -f ${file} ]; then chmod a+rX ${file}; fi
      done

      And I also removed that line that is commented out so that the
      original permissions are preserved. That causes permissions to be
      preserved from the /etc file into the chroot area when the file is
      copied into it. Otherwise the file would be available to everyone.
      Using the original permissions on all of the files is okay.

      Again, that is only if you are intending to use the sasldb2 file. It
      is a nice simple fallback. But most schemes use other access control
      methods.

      Bob
    • Curtis Maurand
      ... Thanks for all your help everyone. I actually found the answer in an email from about a year ago. Thank you to google. Apparently saslauthd on Ubuntu
      Message 2 of 17 , Feb 18, 2013
      • 0 Attachment
        On 2/13/2013 7:35 PM, Bob Proulx wrote:
        > Curtis Maurand wrote:
        >> Patrick Ben Koetter wrote:
        >>>> However, nothing in my configuration says to open the sasldb file
        >>>> anywhere as the auth machanism is set to imap, but postfix seems
        >>>> intent on opening this file anyway.
        >>> Cyrus SASL opens sasldb as fallback when all other attempts to do
        >>> AUTH have failed. That in turn says your current setup is
        >>> non-functional. Which docs did you follow? What's your current
        >>> setup?
        >> My currwnt setup has the imap connecting to a remote server on a private
        >> network. The imap server is dbmail 2.2.17.
        >>
        >> Postfix is a member of the sasl group. There is an sasldb2 file
        >> just in case.
        > I am not sure it is your desire to use the sasldb2 file. But if it is
        > then on Debian it needs to be made available in the chroot which on
        > Debian is usually located at /var/spool/postfix/etc. For me it meant
        > the easiest thing to do was to modify the /etc/init.d/postfix script
        > to make sure it was copied into the chroot when it was started.
        >
        > I added etc/sasldb2 to this next section.
        >
        > FILES="etc/sasldb2 etc/localtime etc/services etc/resolv.conf etc/hosts \
        > etc/nsswitch.conf etc/nss_mdns.config"
        > for file in $FILES; do
        > [ -d ${file%/*} ] || mkdir -p ${file%/*}
        > if [ -f /${file} ]; then rm -f ${file} && cp -p /${file} ${file}; fi
        > # if [ -f ${file} ]; then chmod a+rX ${file}; fi
        > done
        >
        > And I also removed that line that is commented out so that the
        > original permissions are preserved. That causes permissions to be
        > preserved from the /etc file into the chroot area when the file is
        > copied into it. Otherwise the file would be available to everyone.
        > Using the original permissions on all of the files is okay.
        >
        > Again, that is only if you are intending to use the sasldb2 file. It
        > is a nice simple fallback. But most schemes use other access control
        > methods.
        >
        > Bob
        Thanks for all your help everyone. I actually found the answer in an
        email from about a year ago. Thank you to google. Apparently saslauthd
        on Ubuntu runs chrooted while postfix does not. In order to make things
        work I had to establish a symbolic link in
        /var/spool/postfix/var/run/saslauthd to /var/run/sadlauthd and that
        solved the trouble.

        Cheers,
        --Curtis
      Your message has been successfully submitted and would be delivered to recipients shortly.