| 1 |
Hello, |
| 2 |
|
| 3 |
I've been attempting to create a Virtual Mail Server using Postfix, MySQL, and |
| 4 |
Courier, however I've hit a slight brick wall when dealing with the S.M.T.P.\ |
| 5 |
authentication. As advised at [1], is is generally preferable to use the unified |
| 6 |
Courier-Authlib interface when interacting with the database, as opposed to |
| 7 |
having Courier-Authlib *and* cyrus-sasl attaining direct access. |
| 8 |
|
| 9 |
I've been at this for a while, and I'm almost annoyed, and somewhat desperate. |
| 10 |
Although every other element of my mail server works spotlessly, including |
| 11 |
'STARTTLS', S.M.T.P.\ authentication through cyrus-sasl and courier-authlib |
| 12 |
confuses me endlessly, especially due to the lack of information dumped to the |
| 13 |
logs, despite the maximum levels of logging enabled in the respective |
| 14 |
configuration files. |
| 15 |
|
| 16 |
courier-authlib seems to be working fine, as 'authtest' is capable of retrieving |
| 17 |
user accounts specified in the MySQL database, which leads me to believe that |
| 18 |
the problem lies with cyrus-sasl. I also know that Postfix is probably loading |
| 19 |
cyrus-sasl correctly, as an error in the /etc/sasl2/smtpd.conf file leads to an |
| 20 |
error when starting Postfix. Fixing the syntax error leads to no errors, but |
| 21 |
also invokes no mention of a successful load in the syslog. |
| 22 |
|
| 23 |
[2] is a list of the Postfix capabilities, as reported via telnet 'EHLO', [3] is |
| 24 |
the /etc/sasl2/smtpd.conf file, and [4] is the relevant parts of Postfix |
| 25 |
main.cf. |
| 26 |
|
| 27 |
I'm unsure if the erroneous behaviour seen here is a result of a personal |
| 28 |
fundamental misunderstanding of the virtual mail server stack, or just a silly |
| 29 |
typo or omission in one of configuration files. |
| 30 |
|
| 31 |
Thank you in advance for your assistance. |
| 32 |
|
| 33 |
-- |
| 34 |
|
| 35 |
[1] S.M.T.P. Authentication, Gentoo Wiki |
| 36 |
https://wiki.gentoo.org/wiki/Complete_Virtual_Mail_Server/SMTP_Authentication/en |
| 37 |
|
| 38 |
[2] Postfix capabilities; notice the upsetting lack of an AUTH response. |
| 39 |
Issuing an AUTH LOGIN command results in "503 5.5.1 Error: authentication not |
| 40 |
enabled" being returned. |
| 41 |
|
| 42 |
250-PIPELINING |
| 43 |
250-SIZE 20971520 |
| 44 |
250-ETRN |
| 45 |
250-STARTTLS |
| 46 |
250-ENHANCEDSTATUSCODES |
| 47 |
250-8BITMIME |
| 48 |
250-DSN |
| 49 |
250-SMTPUTF8 |
| 50 |
250 CHUNKING |
| 51 |
|
| 52 |
[3] smtpd.conf; the courier-authlib socket should have the correct ownership, |
| 53 |
such that it is owned by root:mail. 'postfix' belongs to the 'mail' group. |
| 54 |
|
| 55 |
pwcheck_method: authdaemond |
| 56 |
mech_list: LOGIN PLAIN |
| 57 |
sql_select: dummy |
| 58 |
authdaemond_path: /var/lib/courier/authdaemon/socket |
| 59 |
log_level: 7 |
| 60 |
|
| 61 |
[4] S.A.S.L.-relevant sections of the Postfix main.cf file. (line break on |
| 62 |
recipient_restrictions added for this e-mail) |
| 63 |
|
| 64 |
smtpd_sasl_path = smtpd |
| 65 |
broken_sasl_auth_clients = yes |
| 66 |
smtpd_sasl_auth_enable = yes |
| 67 |
smtpd_sasl_security_options = noanonymous |
| 68 |
smtpd_sasl_local_domain = |
| 69 |
smtpd_sasl_authenticated_header = yes |
| 70 |
smtpd_recipient_restrictions = permit_sasl_authenticated, permit_mynetworks \ |
| 71 |
reject_unauth_destination |
| 72 |
|
| 73 |
-- |
| 74 |
|
| 75 |
Ashley Dixon |
| 76 |
suugaku.co.uk |
Archives