Re: [gentoo-security] postfix and SASL - gentoo-security

From:	Joerg Mertin <smurphy@××××××.org>
To:	gentoo-security@l.g.o
Subject:	Re: [gentoo-security] postfix and SASL
Date:	Wed, 05 Oct 2005 14:37:04
Message-Id:	`48730.80.146.243.75.1128522723.squirrel@stargate.solsys.org`
In Reply to:	Re: [gentoo-security] postfix and SASL by Joe Strusz

1

Hmmm, mine loos like this:

2

$ cat cat /etc/postfix/sasl/smtpd.conf

3

pwcheck_method: saslauthd

4

mech_list: plain login

5

6

also -

7

$ cat /etc/sysconfig/saslauthd

8

# $Id: saslauthd.sysconfig,v 1.1 2001/05/02 10:55:48 wiget Exp $

9

# Authentications mechanism (for list see saslauthd -v)

10

SASL_AUTHMECH=pam

11

12

# Hostname for remote IMAP server (if rimap auth mech is used)

13

# Ldap configuration file (if ldap auth mech is used)

14

SASL_MECH_OPTIONS=

15

16

# Extra options (for list see saslauthd -h)

17

SASLAUTHD_OPTS=

18

19

I remember having had a glithc with some named-pipe files - e.g.

20

communication between postfix and saslauthd using different paths for

21

communication.

22

23

24

<quote who="Joe Strusz">

25

> How would i go about clearing out all the SASL config files, and

26

> reemerging it?

27

>

28

> I tried deleted the /etc/sasl2/smtpd.conf

29

>

30

> then i ran emerge -C cyrus-sasl; emerge cyrus-sasl

31

>

32

> yet it didn't replace any config files...

33

>

34

>

35

>

36

>>X-Original-To: jstrusz@×××××.com

37

>>Delivered-To: jstrusz@×××××.com

38

>>Delivered-To: <gentoo-security@l.g.o>

39

>>X-Mailer: QUALCOMM Windows Eudora Version 6.2.3.4

40

>>Date: Wed, 05 Oct 2005 09:05:33 -0500

41

>>To: gentoo-security@l.g.o

42

>>From: Joe Strusz <jstrusz@×××××.com>

43

>>Subject: Fwd: Re: Fwd: Re: [gentoo-security] postfix and SASL

44

>>List-Post: <mailto:gentoo-security@l.g.o>

45

>>List-Help: <mailto:gentoo-security+help@g.o>

46

>>List-Unsubscribe: <mailto:gentoo-security+unsubscribe@g.o>

47

>>List-Subscribe: <mailto:gentoo-security+subscribe@g.o>

48

>>List-Id: Gentoo Linux mail <gentoo-security.gentoo.org>

49

>>X-BeenThere: gentoo-security@g.o

50

>>Reply-To: gentoo-security@l.g.o

51

>>X-Virus-Scanned: This message was scanned for viruses by ClamAV.

52

>>X-Virus-Scanned: This message was scanned for viruses by ClamAV.

53

>>X-Spam-Status: No, hits=-1.973 tagged_above=-100 required=6.5 tests=AWL,

54

>>  BAYES_00, RCVD_IN_NJABL_RELAY

55

>>X-Spam-Level:

56

>>

57

>>I ran the saslpasswd2 -c <username> command to no avail... im still

58

>>receiving the blasted password prompt.

59

>>

60

>>I know that sasl uses sasldb2 by default, but i swear i changed that to

61

>> pam.

62

>>

63

>>

64

>>>X-Original-To: jstrusz@×××××.com

65

>>>Delivered-To: jstrusz@×××××.com

66

>>>Delivered-To: <gentoo-security@l.g.o>

67

>>>Date: Wed, 05 Oct 2005 14:41:51 +0100

68

>>>From: Jonathan Wright <mail@×××××××××.uk>

69

>>>User-Agent: Mozilla Thunderbird 1.0.6 (X11/20050822)

70

>>>X-Accept-Language: en-us, en

71

>>>List-Post: <mailto:gentoo-security@l.g.o>

72

>>>List-Help: <mailto:gentoo-security+help@g.o>

73

>>>List-Unsubscribe: <mailto:gentoo-security+unsubscribe@g.o>

74

>>>List-Subscribe: <mailto:gentoo-security+subscribe@g.o>

75

>>>List-Id: Gentoo Linux mail <gentoo-security.gentoo.org>

76

>>>X-BeenThere: gentoo-security@g.o

77

>>>Reply-To: gentoo-security@l.g.o

78

>>>To: gentoo-security@l.g.o

79

>>>Subject: Re: Fwd: Re: [gentoo-security] postfix and SASL

80

>>>X-Virus-Scanned: This message was scanned for viruses by ClamAV.

81

>>>X-Spam-Status: No, hits=-2.599 tagged_above=-100 required=6.5

82

>>> tests=BAYES_00

83

>>>X-Spam-Level:

84

>>>

85

>>>Joe Strusz wrote:

86

>>>>OK, well i disabled the smtpd_tl_auth_only line.

87

>>>>And now whenever i try to connect via say outlook express on a

88

>>>>client machine...

89

>>>>I check the box that says, "my outgoing server requires

90

>>>>authentication", and i do get the password prompt, however

91

>>>>whichever login/password i try to use it gets rejected, over and

92

>>>>over and over again...

93

>>>>any suggestions?

94

>>>

95

>>>SASL doesn't use system authentication (such as PAM/LDAP) by

96

>>>default. It uses it's own password database (similar to the way samba

97

>>> works).

98

>>>

99

>>>Make sure that you run:

100

>>>

101

>>>saslpasswd2 -c <username>

102

>>>

103

>>>to add the user (and their password) to the SASL authentication

104

>>> database.

105

>>>

106

>>>--

107

>>>  Jonathan Wright                           ~ mail at djnauk.co.uk

108

>>>                                            ~ www.djnauk.co.uk

109

>>>--

110

>>>  2.6.12-gentoo-r6-djnauk-b2 AMD Athlon(tm) XP 2100+

111

>>>  up 5 days,  5:17,  4 users,  load average: 0.47, 0.32, 0.29

112

>>>--

113

>>>  "The world is not divided into sheeps and goats. Not all  things

114

>>>  are black nor all things white. It is a fundamental of  taxonomy

115

>>>  that nature rarely deals  with  discrete  categories.  Only  the

116

>>>  human mind invents categories and  tries  to  force  facts  into

117

>>>  separated pigeon-holes."

118

>>>

119

>>>  "The living world is a continuum in each and every  one  of  its

120

>>>  aspects. The sooner we learn this concerning sexual behavior the

121

>>>  sooner we shall reach a sound understanding of the realities  of

122

>>>  sex."

123

>>>

124

>>>          ~ Alfred Kinsey, Sexual Behavior in the Human Male, 1948

125

>>>--

126

>>>gentoo-security@g.o mailing list

127

>>

128

>>

129

>>Joe Strusz

130

>>

131

>>IT Assistant

132

>>Oxford Publishing, Inc.

133

>>307 West Jackson Avenue

134

>>Oxford, MS 38655-2154

135

>>800-247-3881

136

>>662-236-5510x40

137

>>jstrusz@×××××.com

138

>>http://www.nightclub.com

139

>>

140

>>

141

>>--

142

>>gentoo-security@g.o mailing list

143

>

144

>

145

> Joe Strusz

146

>

147

> IT Assistant

148

> Oxford Publishing, Inc.

149

> 307 West Jackson Avenue

150

> Oxford, MS 38655-2154

151

> 800-247-3881

152

> 662-236-5510x40

153

> jstrusz@×××××.com

154

> http://www.nightclub.com

155

>

156

>

157

> --

158

> gentoo-security@g.o mailing list

159

>

160

>

161

162

163

--

164

------------------------------------------------------------------------

165

| Joerg Mertin              :  smurphy@××××××.org                (Home)|

166

| in Forchheim/Germany      :  smurphy@×××××.de                  (Alt1)|

167

| Stardust's LiNUX System   :                                          |

168

| Web: http://www.solsys.org                                           |

169

------------------------------------------------------------------------

170

PGP Fingerprint: AF0F FB75 997B 025F 4538 5AD6 9888 5D97 170B 8B7A

--

175

gentoo-security@g.o mailing list

1	Hmmm, mine loos like this:
2	$ cat cat /etc/postfix/sasl/smtpd.conf
3	pwcheck_method: saslauthd
4	mech_list: plain login
5
6	also -
7	$ cat /etc/sysconfig/saslauthd
8	# $Id: saslauthd.sysconfig,v 1.1 2001/05/02 10:55:48 wiget Exp $
9	# Authentications mechanism (for list see saslauthd -v)
10	SASL_AUTHMECH=pam
11
12	# Hostname for remote IMAP server (if rimap auth mech is used)
13	# Ldap configuration file (if ldap auth mech is used)
14	SASL_MECH_OPTIONS=
15
16	# Extra options (for list see saslauthd -h)
17	SASLAUTHD_OPTS=
18
19	I remember having had a glithc with some named-pipe files - e.g.
20	communication between postfix and saslauthd using different paths for
21	communication.
22
23
24	<quote who="Joe Strusz">
25	> How would i go about clearing out all the SASL config files, and
26	> reemerging it?
27	>
28	> I tried deleted the /etc/sasl2/smtpd.conf
29	>
30	> then i ran emerge -C cyrus-sasl; emerge cyrus-sasl
31	>
32	> yet it didn't replace any config files...
33	>
34	>
35	>
36	>>X-Original-To: jstrusz@×××××.com
37	>>Delivered-To: jstrusz@×××××.com
38	>>Delivered-To: <gentoo-security@l.g.o>
39	>>X-Mailer: QUALCOMM Windows Eudora Version 6.2.3.4
40	>>Date: Wed, 05 Oct 2005 09:05:33 -0500
41	>>To: gentoo-security@l.g.o
42	>>From: Joe Strusz <jstrusz@×××××.com>
43	>>Subject: Fwd: Re: Fwd: Re: [gentoo-security] postfix and SASL
44	>>List-Post: <mailto:gentoo-security@l.g.o>
45	>>List-Help: <mailto:gentoo-security+help@g.o>
46	>>List-Unsubscribe: <mailto:gentoo-security+unsubscribe@g.o>
47	>>List-Subscribe: <mailto:gentoo-security+subscribe@g.o>
48	>>List-Id: Gentoo Linux mail <gentoo-security.gentoo.org>
49	>>X-BeenThere: gentoo-security@g.o
50	>>Reply-To: gentoo-security@l.g.o
51	>>X-Virus-Scanned: This message was scanned for viruses by ClamAV.
52	>>X-Virus-Scanned: This message was scanned for viruses by ClamAV.
53	>>X-Spam-Status: No, hits=-1.973 tagged_above=-100 required=6.5 tests=AWL,
54	>> BAYES_00, RCVD_IN_NJABL_RELAY
55	>>X-Spam-Level:
56	>>
57	>>I ran the saslpasswd2 -c <username> command to no avail... im still
58	>>receiving the blasted password prompt.
59	>>
60	>>I know that sasl uses sasldb2 by default, but i swear i changed that to
61	>> pam.
62	>>
63	>>
64	>>>X-Original-To: jstrusz@×××××.com
65	>>>Delivered-To: jstrusz@×××××.com
66	>>>Delivered-To: <gentoo-security@l.g.o>
67	>>>Date: Wed, 05 Oct 2005 14:41:51 +0100
68	>>>From: Jonathan Wright <mail@×××××××××.uk>
69	>>>User-Agent: Mozilla Thunderbird 1.0.6 (X11/20050822)
70	>>>X-Accept-Language: en-us, en
71	>>>List-Post: <mailto:gentoo-security@l.g.o>
72	>>>List-Help: <mailto:gentoo-security+help@g.o>
73	>>>List-Unsubscribe: <mailto:gentoo-security+unsubscribe@g.o>
74	>>>List-Subscribe: <mailto:gentoo-security+subscribe@g.o>
75	>>>List-Id: Gentoo Linux mail <gentoo-security.gentoo.org>
76	>>>X-BeenThere: gentoo-security@g.o
77	>>>Reply-To: gentoo-security@l.g.o
78	>>>To: gentoo-security@l.g.o
79	>>>Subject: Re: Fwd: Re: [gentoo-security] postfix and SASL
80	>>>X-Virus-Scanned: This message was scanned for viruses by ClamAV.
81	>>>X-Spam-Status: No, hits=-2.599 tagged_above=-100 required=6.5
82	>>> tests=BAYES_00
83	>>>X-Spam-Level:
84	>>>
85	>>>Joe Strusz wrote:
86	>>>>OK, well i disabled the smtpd_tl_auth_only line.
87	>>>>And now whenever i try to connect via say outlook express on a
88	>>>>client machine...
89	>>>>I check the box that says, "my outgoing server requires
90	>>>>authentication", and i do get the password prompt, however
91	>>>>whichever login/password i try to use it gets rejected, over and
92	>>>>over and over again...
93	>>>>any suggestions?
94	>>>
95	>>>SASL doesn't use system authentication (such as PAM/LDAP) by
96	>>>default. It uses it's own password database (similar to the way samba
97	>>> works).
98	>>>
99	>>>Make sure that you run:
100	>>>
101	>>>saslpasswd2 -c <username>
102	>>>
103	>>>to add the user (and their password) to the SASL authentication
104	>>> database.
105	>>>
106	>>>--
107	>>> Jonathan Wright ~ mail at djnauk.co.uk
108	>>> ~ www.djnauk.co.uk
109	>>>--
110	>>> 2.6.12-gentoo-r6-djnauk-b2 AMD Athlon(tm) XP 2100+
111	>>> up 5 days, 5:17, 4 users, load average: 0.47, 0.32, 0.29
112	>>>--
113	>>> "The world is not divided into sheeps and goats. Not all things
114	>>> are black nor all things white. It is a fundamental of taxonomy
115	>>> that nature rarely deals with discrete categories. Only the
116	>>> human mind invents categories and tries to force facts into
117	>>> separated pigeon-holes."
118	>>>
119	>>> "The living world is a continuum in each and every one of its
120	>>> aspects. The sooner we learn this concerning sexual behavior the
121	>>> sooner we shall reach a sound understanding of the realities of
122	>>> sex."
123	>>>
124	>>> ~ Alfred Kinsey, Sexual Behavior in the Human Male, 1948
125	>>>--
126	>>>gentoo-security@g.o mailing list
127	>>
128	>>
129	>>Joe Strusz
130	>>
131	>>IT Assistant
132	>>Oxford Publishing, Inc.
133	>>307 West Jackson Avenue
134	>>Oxford, MS 38655-2154
135	>>800-247-3881
136	>>662-236-5510x40
137	>>jstrusz@×××××.com
138	>>http://www.nightclub.com
139	>>
140	>>
141	>>--
142	>>gentoo-security@g.o mailing list
143	>
144	>
145	> Joe Strusz
146	>
147	> IT Assistant
148	> Oxford Publishing, Inc.
149	> 307 West Jackson Avenue
150	> Oxford, MS 38655-2154
151	> 800-247-3881
152	> 662-236-5510x40
153	> jstrusz@×××××.com
154	> http://www.nightclub.com
155	>
156	>
157	> --
158	> gentoo-security@g.o mailing list
159	>
160	>
161
162
163	--
164	------------------------------------------------------------------------
165	\| Joerg Mertin : smurphy@××××××.org (Home)\|
166	\| in Forchheim/Germany : smurphy@×××××.de (Alt1)\|
167	\| Stardust's LiNUX System : \|
168	\| Web: http://www.solsys.org \|
169	------------------------------------------------------------------------
170	PGP Fingerprint: AF0F FB75 997B 025F 4538 5AD6 9888 5D97 170B 8B7A
171
172
173
174	--
175	gentoo-security@g.o mailing list

Gentoo Archives: gentoo-security