Results 1 to 7 of 7

Thread: SASLAUTHD

  1. #1
    Member
    Join Date
    Oct 2009
    Location
    Vienna
    Posts
    36

    SASLAUTHD

    Hello

    my Problem is the SASLAUTH

    my System: SLES 11, Zarafa with MultiDomain,

    I do not create it somehow with sasl

    here my config:
    excerpt from that main.cf
    smtpd_recipient_restrictions = permit_sasl_authenticated,permit_mynetworks,reject _unauth_destination
    smtp_sasl_auth_enable = yes^M
    smtpd_sasl_auth_enable = yes ^M
    smtpd_sasl_security_options = noanonymous,
    broken_sasl_auth_clients = yes


    smtp.conf
    pwcheck_method: saslauthd
    log_level: 3
    mech_list: PLAIN LOGIN DIGEST-MD5
    #
    auxprop_plugin: sql
    #
    sql_engine: mysql
    sql_hostnames: localhost
    sql_usessl: no
    sql_user: root
    sql_passwd:
    sql_database: zarafa
    sql_select: select value from objectproperty where objectid=(select objectid from objectproperty where value='%s' limit 1) and propname=
    'loginname';


    [color=#FF0000]I am me not reliably whether the SELECT query am correct [/color]


    [color=#FF0000]I use multi Domain thus am changed the attitudes in server.cfg [/color]

    excerpt from that server.cfg
    enable_hosted_zarafa = true
    loginname_format = %[email protected]%c
    storename_format = %f(%c)





    here d. mail.log
    Apr 9 00:23:40 Server-005 postfix/smtpd[14252]: warning: SASL per-process initialization failed: generic failure
    Apr 9 00:23:40 Server-005 postfix/smtpd[14252]: fatal: SASL per-process initialization failed
    Apr 9 00:23:41 Server-005 postfix/master[14208]: warning: process /usr/lib/postfix/smtpd pid 14252 exit status 1
    Apr 9 00:23:41 Server-005 postfix/master[14208]: warning: /usr/lib/postfix/smtpd: bad command startup -- throttling
    Apr 9 00:24:41 Server-005 postfix/smtpd[14303]: warning: SASL per-process initialization failed: generic failure
    Apr 9 00:24:41 Server-005 postfix/smtpd[14303]: fatal: SASL per-process initialization failed
    Apr 9 00:24:42 Server-005 postfix/master[14208]: warning: process /usr/lib/postfix/smtpd pid 14303 exit status 1
    Apr 9 00:24:42 Server-005 postfix/master[14208]: warning: /usr/lib/postfix/smtpd: bad command startup -- throttling
    Apr 9 00:25:42 Server-005 postfix/smtpd[14337]: warning: SASL per-process initialization failed: generic failure
    Apr 9 00:25:42 Server-005 postfix/smtpd[14337]: fatal: SASL per-process initialization failed




    without saslauth I can send away and receive without problems mails (outook,webaccess)

    as soon as I sasl in main.cf activate transmit nothing more

    I ask for assistance

    Andre

  2. #2

    Re: SASLAUTHD

    Hi André,

    Maybe the guide at will help you. It uses the rimap method for saslauthd, which is easier to configure than the sql method.

  3. #3
    Member
    Join Date
    Oct 2009
    Location
    Vienna
    Posts
    36

    Re: SASLAUTHD

    Hy

    Thanks for the link.
    I accomplished it after this guidance. With Outlook and Web ACCESS I get no more error message

    Apr 9 14:11:02 Server postfix/smtpd[16680]: connect from localhost[127.0.0.1]
    Apr 9 14:11:02 Server postfix/smtpd[16680]: E85B739E85: client=localhost[127.0.0.1]
    Apr 9 14:11:02 Server postfix/cleanup[16770]: E85B739E85: message-id=<[email protected]>
    Apr 9 14:11:02 Server postfix/smtpd[16680]: disconnect from localhost[127.0.0.1]
    Apr 9 14:11:02 Server postfix/qmgr[15781]: E85B739E85: from=<[email protected]>, size=8110, nrcpt=1 (queue active)
    Apr 9 14:11:04 Server postfix/smtp[16774]: Host offered STARTTLS: [gmail-smtp-in.l.google.com]
    Apr 9 14:11:07 Server postfix/smtp[16774]: E85B739E85: to=<[email protected]>, relay=gmail-smtp-in.l.google.com[74.125.43.27]:25, delay=4.6, delays=0.03/0.02/1.3/3.2, dsn=2.0.0, status=sent (250 2.0.0 OK 1302351088 c21si11638674bkc.82)
    Apr 9 14:11:07 Server postfix/qmgr[15781]: E85B739E85: removed




    with IMAP I get the following message

    Apr 9 14:06:29 Server postfix/smtpd[16526]: connect from unknown[91.119.30.227]
    Apr 9 14:06:30 Server postfix/smtpd[16526]: warning: SASL authentication failure: Password verification failed
    Apr 9 14:06:30 Server postfix/smtpd[16526]: warning: unknown[91.119.30.227]: SASL PLAIN authentication failed: authentication failure
    Apr 9 14:06:31 Server postfix/smtpd[16526]: lost connection after AUTH from unknown[91.119.30.227]
    Apr 9 14:06:31 Server postfix/smtpd[16526]: disconnect from unknown[91.119.30.227]
    Apr 9 14:07:39 Server postfix/anvil[16130]: statistics: max connection rate 3/60s for (smtp:91.119.30.227) at Apr 9 13:58:22
    Apr 9 14:07:39 Server postfix/anvil[16130]: statistics: max connection count 1 for (smtp:91.119.30.227) at Apr 9 13:57:39
    Apr 9 14:07:39 Server postfix/anvil[16130]: statistics: max cache size 1 at Apr 9 13:57:39



    andre

  4. #4

    Re: SASLAUTHD

    Well, at least the webaccess and Outlook are working now! I can see one obvious problem, you probably don't need this line:
    Postfix's smtp_sasl_auth_enable option is there so that your mail server can authenticate with an outbound relay, e.g. an ISP mail server. If you're sending directly from your server to the recipient's server, you don't need that setting. If you are relaying via another server that requires SASL authentication, you need to set the option smtp_sasl_password_maps. This tells Postfix what username and password to use when sending mail out.

    In case it's not clear, the option I'm referring to above is separate to smtpd_sasl_auth_enable, which is how your users will authenticate to send mail. You'll also want to include permit_sasl_authenticated in smtpd_sender_restrictions as well as smtpd_recipient_restrictions.

    As for the saslauthd configuration itself, I'm not familiar with SLES so can't really help there, as it seems to be different on different distros. On the Debian and CentOS boxes I maintain here are the contents of /etc/postfix/sasl/smtpd.conf:
    Here's /etc/sysconfig/saslauthd on CentOS:
    Here's /etc/default/saslauthd on Debian:
    Both CentOS 5 and Debian 5 ship Cyrus SASL 2.1.22.

    The only other things I can suggest to check are that the Zarafa gateway is running, that unencrypted IMAP is enabled, and that you have all the required SASL packages (e.g. on Debian you need at least libsasl2-2, libsasl2-modules and sasl2-bin, on CentOS you need cyrus-sasl, cyrus-sasl-lib and cyrus-sasl-plain).

  5. #5
    Member
    Join Date
    Oct 2009
    Location
    Vienna
    Posts
    36

    Re: SASLAUTHD

    Hello

    It's not work with rimap

    here my changes (smtpd.conf)


    /etc/sasl2/smtpd.conf

    pwcheck_method: saslauthd
    log_level: 3
    mech_list: plain login



    /etc/sysconfig/saslauthd
    saslauthd -a rimap -O meinedomain.at -c

    /etc/postfix/main.cf
    smtpd_banner = $myhostname ESMTP $mail_name ^M
    smtpd_sender_restrictions = hash:/etc/postfix/access^M
    smtpd_client_restrictions =^M
    smtpd_helo_required = yes^M
    smtpd_helo_restrictions =^M
    smtpd_recipient_restrictions = permit_mynetworks,permit_sasl_authenticated,reject _unauth_destination^M

    smtpd_sasl_auth_enable = yes ^M
    #smtpd_sasl_security_options = noanonymous,
    #broken_sasl_auth_clients = yes



    here my test:

    Server-005:~ # testsaslauthd -u -p Passwort
    0: OK "Success."

    here the test with telnet


    Server-005:~ # telnet meinedomain.at 25
    Trying 192.168.100.85...
    Connected to meinedomain.at.
    Escape character is '^]'.
    220 Server-005.meinedomain.at ESMTP Postfix
    EHLO meinedomain.at
    250-Server-005.meinedomain.at
    250-PIPELINING
    250-SIZE 15240000
    250-VRFY
    250-ETRN
    250-STARTTLS
    250-AUTH PLAIN LOGIN
    250-ENHANCEDSTATUSCODES
    250-8BITMIME
    250 DSN




    here my changes but if I write an email am located this in the log .
    why does sasl authorisation not work with webaccess and Outlook Mapi

    Apr 18 19:36:30 Server-005 postfix/smtpd[18437]: connect from localhost[127.0.0.1]
    Apr 18 19:36:30 Server-005 postfix/smtpd[18437]: 855AF39E8A: client=localhost[127.0.0.1]
    Apr 18 19:36:30 Server-005 postfix/cleanup[18454]: 855AF39E8A: message-id=<[email protected]>
    Apr 18 19:36:30 Server-005 postfix/qmgr[18417]: 855AF39E8A: from=<[email protected]>, size=8111, nrcpt=1 (queue active)
    Apr 18 19:36:30 Server-005 postfix/smtpd[18437]: disconnect from localhost[127.0.0.1]
    Apr 18 19:36:30 Server-005 postfix/smtp[18458]: certificate verification failed for gmail-smtp-in.l.google.com[74.125.39.27]:25: untrusted issuer /C=US/O=Equifax/OU=Equifax Secure Certificate Authority
    Apr 18 19:36:32 Server-005 postfix/smtp[18458]: 855AF39E8A: to=<[email protected]>, relay=gmail-smtp-in.l.google.com[74.125.39.27]:25, delay=2.3, delays=0.08/0.03/0.38/1.8, dsn=2.0.0, status=sent (250 2.0.0 OK 1303148216 y18si10653466wbd.17)
    Apr 18 19:36:32 Server-005 postfix/qmgr[18417]: 855AF39E8A: removed


    here the log with imap Client

    Apr 18 20:19:25 Server005 postfix/smtpd[20474]: connect from unknown[91.119.3.227]
    Apr 18 20:19:27 Server-005 postfix/smtpd[20474]: warning: unknown[91.119.3.227]: [color=#FF0000]SASL LOGIN authentication failed: authentication failure[/color]
    Apr 18 20:19:27 Server-005 postfix/smtpd[20474]: lost connection after AUTH from unknown[91.119.3.227]
    Apr 18 20:19:27 Server-005 postfix/smtpd[20474]: disconnect from unknown[91.119.3.227]


    here my /var/log/zarafa/gateway.log
    Mon Apr 18 20:38:27 2011: [21489] Starting worker process for IMAP request
    Mon Apr 18 20:38:27 2011: [21529] IMAP Login from 192.168.100.1 for user
    Mon Apr 18 20:38:30 2011: [21529] Client disconnected
    Mon Apr 18 20:38:30 2011: [21529] IMAP thread exiting
    Mon Apr 18 20:38:30 2011: [21489] Starting worker process for IMAP request
    Mon Apr 18 20:38:30 2011: [21531] IMAP Login from 192.168.100.1 for user
    Mon Apr 18 20:38:30 2011: [21489] Starting worker process for IMAP request
    Mon Apr 18 20:38:30 2011: [21533] IMAP Login from 192.168.100.1 for user
    Mon Apr 18 20:38:31 2011: [21531] Client disconnected
    Mon Apr 18 20:38:31 2011: [21531] IMAP thread exiting
    Mon Apr 18 20:38:56 2011: [21489] Starting worker process for IMAP request
    Mon Apr 18 20:38:56 2011: [21544] Failed to login from 192.168.100.85 with [color=#FF0000]invalid username "test" or wrong password. Error: 0x80040111[/color]
    Mon Apr 18 20:38:56 2011: [21544] Client disconnected
    Mon Apr 18 20:38:56 2011: [21544] IMAP thread exiting


    which I do not understand ??? my username is [color=#FF0000]not only test[/color]

    it does not query somehow sasl auth :?:

    Please help

    Thanks

  6. #6

    Re: SASLAUTHD

    Trying adding "-r" as an option to /etc/sysconfig/saslauthd.

  7. #7
    Member
    Join Date
    Oct 2009
    Location
    Vienna
    Posts
    36

    Re: SASLAUTHD

    Hy kitserve

    Thanks. Its run. with -r (with Imap client) :-) :-)

    one asks has I still

    if I email with webmail send look this however so out
    Apr 18 19:36:30 Server-005 postfix/smtpd[18437]: connect from localhost[127.0.0.1]
    Apr 18 19:36:30 Server-005 postfix/smtpd[18437]: 855AF39E8A: client=localhost[127.0.0.1]
    Apr 18 19:36:30 Server-005 postfix/cleanup[18454]: 855AF39E8A: message-id=<[email protected]>
    Apr 18 19:36:30 Server-005 postfix/qmgr[18417]: 855AF39E8A: from=<[email protected]>, size=8111, nrcpt=1 (queue active)
    Apr 18 19:36:30 Server-005 postfix/smtpd[18437]: disconnect from localhost[127.0.0.1]
    Apr 18 19:36:30 Server-005 postfix/smtp[18458]: certificate verification failed for gmail-smtp-in.l.google.com[74.125.39.27]:25: untrusted issuer /C=US/O=Equifax/OU=Equifax Secure Certificate Authority
    Apr 18 19:36:32 Server-005 postfix/smtp[18458]: 855AF39E8A: to=<[email protected]>, relay=gmail-smtp-in.l.google.com[74.125.39.27]:25, delay=2.3, delays=0.08/0.03/0.38/1.8, dsn=2.0.0, status=sent (250 2.0.0 OK 1303148216 y18si10653466wbd.17)
    Apr 18 19:36:32 Server-005 postfix/qmgr[18417]: 855AF39E8A: removed


    ciao andre

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •