1 |
Hello, |
2 |
|
3 |
I've been attempting to create a Virtual Mail Server using Postfix, MySQL, and |
4 |
Courier, however I've hit a slight brick wall when dealing with the S.M.T.P.\ |
5 |
authentication. As advised at [1], is is generally preferable to use the unified |
6 |
Courier-Authlib interface when interacting with the database, as opposed to |
7 |
having Courier-Authlib *and* cyrus-sasl attaining direct access. |
8 |
|
9 |
I've been at this for a while, and I'm almost annoyed, and somewhat desperate. |
10 |
Although every other element of my mail server works spotlessly, including |
11 |
'STARTTLS', S.M.T.P.\ authentication through cyrus-sasl and courier-authlib |
12 |
confuses me endlessly, especially due to the lack of information dumped to the |
13 |
logs, despite the maximum levels of logging enabled in the respective |
14 |
configuration files. |
15 |
|
16 |
courier-authlib seems to be working fine, as 'authtest' is capable of retrieving |
17 |
user accounts specified in the MySQL database, which leads me to believe that |
18 |
the problem lies with cyrus-sasl. I also know that Postfix is probably loading |
19 |
cyrus-sasl correctly, as an error in the /etc/sasl2/smtpd.conf file leads to an |
20 |
error when starting Postfix. Fixing the syntax error leads to no errors, but |
21 |
also invokes no mention of a successful load in the syslog. |
22 |
|
23 |
[2] is a list of the Postfix capabilities, as reported via telnet 'EHLO', [3] is |
24 |
the /etc/sasl2/smtpd.conf file, and [4] is the relevant parts of Postfix |
25 |
main.cf. |
26 |
|
27 |
I'm unsure if the erroneous behaviour seen here is a result of a personal |
28 |
fundamental misunderstanding of the virtual mail server stack, or just a silly |
29 |
typo or omission in one of configuration files. |
30 |
|
31 |
Thank you in advance for your assistance. |
32 |
|
33 |
-- |
34 |
|
35 |
[1] S.M.T.P. Authentication, Gentoo Wiki |
36 |
https://wiki.gentoo.org/wiki/Complete_Virtual_Mail_Server/SMTP_Authentication/en |
37 |
|
38 |
[2] Postfix capabilities; notice the upsetting lack of an AUTH response. |
39 |
Issuing an AUTH LOGIN command results in "503 5.5.1 Error: authentication not |
40 |
enabled" being returned. |
41 |
|
42 |
250-PIPELINING |
43 |
250-SIZE 20971520 |
44 |
250-ETRN |
45 |
250-STARTTLS |
46 |
250-ENHANCEDSTATUSCODES |
47 |
250-8BITMIME |
48 |
250-DSN |
49 |
250-SMTPUTF8 |
50 |
250 CHUNKING |
51 |
|
52 |
[3] smtpd.conf; the courier-authlib socket should have the correct ownership, |
53 |
such that it is owned by root:mail. 'postfix' belongs to the 'mail' group. |
54 |
|
55 |
pwcheck_method: authdaemond |
56 |
mech_list: LOGIN PLAIN |
57 |
sql_select: dummy |
58 |
authdaemond_path: /var/lib/courier/authdaemon/socket |
59 |
log_level: 7 |
60 |
|
61 |
[4] S.A.S.L.-relevant sections of the Postfix main.cf file. (line break on |
62 |
recipient_restrictions added for this e-mail) |
63 |
|
64 |
smtpd_sasl_path = smtpd |
65 |
broken_sasl_auth_clients = yes |
66 |
smtpd_sasl_auth_enable = yes |
67 |
smtpd_sasl_security_options = noanonymous |
68 |
smtpd_sasl_local_domain = |
69 |
smtpd_sasl_authenticated_header = yes |
70 |
smtpd_recipient_restrictions = permit_sasl_authenticated, permit_mynetworks \ |
71 |
reject_unauth_destination |
72 |
|
73 |
-- |
74 |
|
75 |
Ashley Dixon |
76 |
suugaku.co.uk |