postfix hangs when SASL enabled

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
15 messages Options
Reply | Threaded
Open this post in threaded view
|

postfix hangs when SASL enabled

Travis-35
I first tried the instructions in "The BOOK of POSTFIX", but no luck

Then I followed the instructions here:
https://help.ubuntu.com/community/Postfix

In both cases, the symptom is that postfix, upon being restarted,
responds to "nc -v -v localhost 25' with an accept and then an
immediate disconnect.  A second connection succeeds, but no banner is
being printed.

I also notice that even though the SSL keys have passwords on them,
postfix never prompts for them.

I narrowed down the problem to this config value:
smtpd_sasl_auth_enable = yes

Here is the WORKING "postconf -n" (sasl_auth disabled),
let me know if you need more info to help me.

alias_database = hash:/etc/aliases
alias_maps = hash:/etc/aliases, hash:/var/lib/mailman/data/aliases
append_dot_mydomain = no
biff = no
broken_sasl_auth_clients = yes
config_directory = /etc/postfix
home_mailbox = Maildir/
inet_interfaces = all
mailbox_command = /usr/bin/procmail -t -a "$EXTENSION" -a "$USER" -a "$DOMAIN" -a "$LOCAL"
mailbox_size_limit = 0
mydestination = $myhostname, localhost.$mydomain, localhost,                $mydomain, mail.$mydomain, www.$mydomain, ftp.$mydomain, mx.$mydomain,                ntp.$mydomain, ping.$mydomain, smtp.$mydomain, ssh.$mydomain,                time.$mydomain, timehost.$mydomain, vpn.$mydomain, web.$mydomain,             lists.$mydomain
myhostname = lexus.bitrot.info
mynetworks = 172.16.0.0/12, 127.0.0.0/8, 83.149.117.8/32
myorigin = $mydomain
recipient_delimiter = +
relayhost =
smtp_tls_note_starttls_offer = yes
smtp_tls_session_cache_database = btree:${queue_directory}/smtp_scache
smtp_use_tls = yes
smtpd_banner = $myhostname ESMTP $mail_name (Debian/GNU)
smtpd_client_restrictions = permit_mynetworks,        reject_unauth_pipelining,        check_client_access hash:/etc/postfix/whitelist_client,        reject_unknown_reverse_client_hostname,        permit
smtpd_helo_required = yes
smtpd_recipient_restrictions = reject_unknown_recipient_domain,        permit_mynetworks,        permit_sasl_authenticated,        reject_unauth_destination,        permit
smtpd_reject_unlisted_recipient = yes
smtpd_reject_unlisted_sender = no
smtpd_sasl_local_domain =
smtpd_sasl_security_options = noanonymous
smtpd_sender_restrictions = permit_mynetworks,        permit_sasl_authenticated,        check_sender_access hash:/etc/postfix/whitelist_sender,        reject_non_fqdn_sender,        reject_unknown_sender_domain,        permit
smtpd_tls_CAfile = /c/keys/cacert.pem
smtpd_tls_auth_only = no
smtpd_tls_cert_file = /c/keys/mail.bitrot.info-cert.pem
smtpd_tls_key_file = /c/keys/mail.bitrot.info-key.pem
smtpd_tls_loglevel = 1
smtpd_tls_received_header = yes
smtpd_tls_session_cache_database = btree:${queue_directory}/smtpd_scache
smtpd_tls_session_cache_timeout = 3600s
smtpd_use_tls = yes
tls_random_source = dev:/dev/urandom
unknown_local_recipient_reject_code = 550
virtual_alias_domains = hash:/etc/postfix/virtual_alias_domains
virtual_alias_maps = hash:/etc/postfix/virtual_alias_maps

--
Crypto ergo sum.  http://www.subspacefield.org/~travis/
Truth does not fear scrutiny or competition, only lies do.
If you are a spammer, please email [hidden email] to get blacklisted.
Reply | Threaded
Open this post in threaded view
|

Re: postfix hangs when SASL enabled

mouss-2
Travis wrote:

> I first tried the instructions in "The BOOK of POSTFIX", but no luck
>
> Then I followed the instructions here:
> https://help.ubuntu.com/community/Postfix
>
> In both cases, the symptom is that postfix, upon being restarted,
> responds to "nc -v -v localhost 25' with an accept and then an
> immediate disconnect.  A second connection succeeds, but no banner is
> being printed.
>

no need to use nc. just use telnet.

> I also notice that even though the SSL keys have passwords on them,
> postfix never prompts for them.
>

daemons do not prompt.

As
        http://www.postfix.org/TLS_README.html
says:
"The private key must not be encrypted, meaning: the key must be
accessible without a password"


> I narrowed down the problem to this config value:
> smtpd_sasl_auth_enable = yes
>

(next time, describe the problem in the body, even if the subject is
well chosen).

it is probable that you have a config error in your sasl configuration
(smtpd.conf). run saslfinger and report its output.

> Here is the WORKING "postconf -n" (sasl_auth disabled),

next time, show 'postconf -n' for the non working setup.

> [snip]
Reply | Threaded
Open this post in threaded view
|

Re: postfix hangs when SASL enabled

Wietse Venema
In reply to this post by Travis-35
> I narrowed down the problem to this config value:
> smtpd_sasl_auth_enable = yes

All problems are reported to logfile.
http://www.postfix.org/DEBUG_README.html#logging

        Wietse

TO REPORT A PROBLEM see http://www.postfix.org/DEBUG_README.html#mail
Reply | Threaded
Open this post in threaded view
|

Re: postfix hangs when SASL enabled

Travis-35
In reply to this post by mouss-2
On Mon, Sep 08, 2008 at 08:15:24AM +0200, mouss wrote:
> Travis wrote:
> >I also notice that even though the SSL keys have passwords on them,
> >postfix never prompts for them.
> >
>
> daemons do not prompt.

Perhaps they should not, but apache does.  Dovecot has a config file
entry with the password to the key to allow use of keys with
passwords, which is helpful because:

It turns out that my software (tinyca2) as well as the normal
openssl genrsa -des3 -rand /etc/hosts -out smtpd.key 1024
(suggested here: https://help.ubuntu.com/community/Postfix)
both prompt for passwords with which to encrypt the key.

> As
> http://www.postfix.org/TLS_README.html
> says:
> "The private key must not be encrypted, meaning: the key must be
> accessible without a password"

Ah, thank you.

> it is probable that you have a config error in your sasl configuration
> (smtpd.conf). run saslfinger and report its output.

saslfinger - postfix Cyrus sasl configuration Mon Sep  8 23:58:13 CEST 2008
version: 1.0.2
mode: server-side SMTP AUTH

-- basics --
Postfix: 2.3.8
System: Debian GNU/Linux 4.0 \n \l

-- smtpd is linked to --
        libsasl2.so.2 => /usr/lib/libsasl2.so.2 (0xb7d2e000)

-- active SMTP AUTH and TLS parameters for smtpd --
broken_sasl_auth_clients = yes
smtpd_sasl_local_domain =
smtpd_sasl_security_options = noanonymous
smtpd_tls_CAfile = /c/keys/cacert.pem
smtpd_tls_auth_only = no
smtpd_tls_cert_file = /c/keys/mail.bitrot.info-cert.pem
smtpd_tls_key_file = /c/keys/mail.bitrot.info-key.pem
smtpd_tls_loglevel = 1
smtpd_tls_received_header = yes
smtpd_tls_session_cache_database = btree:${queue_directory}/smtpd_scache
smtpd_tls_session_cache_timeout = 3600s
smtpd_use_tls = yes


-- listing of /usr/lib/sasl2 --
total 112
drwxr-xr-x  2 root root  4096 Jul 25 03:08 .
drwxr-xr-x 58 root root 20480 Sep  8 01:16 ..
-rw-r--r--  1 root root 21726 Dec 13  2006 libsasldb.a
-rw-r--r--  1 root root   856 Dec 13  2006 libsasldb.la
-rw-r--r--  1 root root 17980 Dec 13  2006 libsasldb.so
-rw-r--r--  1 root root 17980 Dec 13  2006 libsasldb.so.2
-rw-r--r--  1 root root 17980 Dec 13  2006 libsasldb.so.2.0.22




-- content of /etc/postfix/sasl/smtpd.conf --
# Global parameters
log_level: 3
pwcheck_method: saslauthd
mech_list: plain login



-- active services in /etc/postfix/master.cf --
# service type  private unpriv  chroot  wakeup  maxproc command + args
#               (yes)   (yes)   (yes)   (never) (100)
smtp      inet  n       -       -       -       -       smtpd
pickup    fifo  n       -       -       60      1       pickup
cleanup   unix  n       -       -       -       0       cleanup
qmgr      fifo  n       -       n       300     1       qmgr
tlsmgr    unix  -       -       -       1000?   1       tlsmgr
rewrite   unix  -       -       -       -       -       trivial-rewrite
bounce    unix  -       -       -       -       0       bounce
defer     unix  -       -       -       -       0       bounce
trace     unix  -       -       -       -       0       bounce
verify    unix  -       -       -       -       1       verify
flush     unix  n       -       -       1000?   0       flush
proxymap  unix  -       -       n       -       -       proxymap
smtp      unix  -       -       -       -       -       smtp
relay     unix  -       -       -       -       -       smtp
        -o fallback_relay=
showq     unix  n       -       -       -       -       showq
error     unix  -       -       -       -       -       error
discard   unix  -       -       -       -       -       discard
local     unix  -       n       n       -       -       local
virtual   unix  -       n       n       -       -       virtual
lmtp      unix  -       -       -       -       -       lmtp
anvil     unix  -       -       -       -       1       anvil
scache  unix - - - - 1 scache
maildrop  unix  -       n       n       -       -       pipe
  flags=DRhu user=vmail argv=/usr/bin/maildrop -d ${recipient}
uucp      unix  -       n       n       -       -       pipe
  flags=Fqhu user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail ($recipient)
ifmail    unix  -       n       n       -       -       pipe
  flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient)
bsmtp     unix  -       n       n       -       -       pipe
  flags=Fq. user=bsmtp argv=/usr/lib/bsmtp/bsmtp -t$nexthop -f$sender $recipient
scalemail-backend unix - n n - 2 pipe
  flags=R user=scalemail argv=/usr/lib/scalemail/bin/scalemail-store ${nexthop} ${user} ${extension}
mailman   unix  -       n       n       -       -       pipe
  flags=FR user=list argv=/usr/lib/mailman/bin/postfix-to-mailman.py
  ${nexthop} ${user}

-- mechanisms on localhost --

-- end of saslfinger output --


--
Crypto ergo sum.  http://www.subspacefield.org/~travis/
Truth does not fear scrutiny or competition, only lies do.
If you are a spammer, please email [hidden email] to get blacklisted.
Reply | Threaded
Open this post in threaded view
|

Re: postfix hangs when SASL enabled

Wietse Venema
Travis:
> It turns out that my software (tinyca2) as well as the normal
> openssl genrsa -des3 -rand /etc/hosts -out smtpd.key 1024
> (suggested here: https://help.ubuntu.com/community/Postfix)
> both prompt for passwords with which to encrypt the key.

See instructions at the end of

http://www.postfix.org/TLS_README.html

Begin quote:
  * Create an unpassworded private key for host foo.porcupine.org and create an
    unsigned public key certificate.

    % openssl req -new -nodes -keyout foo-key.pem -out foo-req.pem -days 365
End quote.

        Wietse
Reply | Threaded
Open this post in threaded view
|

Re: postfix hangs when SASL enabled

Barney Desmond
In reply to this post by Travis-35
2008/9/9 Travis <[hidden email]>:
> Perhaps they should not, but apache does.  Dovecot has a config file
> entry with the password to the key to allow use of keys with
> passwords, which is helpful because:

Apache's default behaviour to prompt is less than ideal, but can be
configured to do otherwise.

> It turns out that my software (tinyca2) as well as the normal
> openssl genrsa -des3 -rand /etc/hosts -out smtpd.key 1024
> (suggested here: https://help.ubuntu.com/community/Postfix)
> both prompt for passwords with which to encrypt the key.

As Wietse mentions, this guide is perverse. This smells like
cargo-culting, there's no need to create the key with a passphrase
then strip it a couple of steps later. This will also do exactly what
you want. (I've also fixed that bit of the documentation)

openssl genrsa 1024 > unencrypted.key
Reply | Threaded
Open this post in threaded view
|

Re: postfix hangs when SASL enabled

Travis-35
In reply to this post by mouss-2
On Mon, Sep 08, 2008 at 08:15:24AM +0200, mouss wrote:
> >In both cases, the symptom is that postfix, upon being restarted,
> >responds to "nc -v -v localhost 25' with an accept and then an
> >immediate disconnect.  A second connection succeeds, but no banner is
> >being printed.
> >
>
> no need to use nc. just use telnet.

nc works as well as telnet

Postfix is hanging upon connecting to port 25

I narrowed down the problem to this config value:
smtpd_sasl_auth_enable = yes

When that value is enabled, connections to port 25 get no answer.

Actually the first one is closed quickly, and the second connection
hangs indefinitely.

> >Here is the WORKING "postconf -n" (sasl_auth disabled),
>
> next time, show 'postconf -n' for the non working setup.

Here is postconf -n for non-working setup:

alias_database = hash:/etc/aliases
alias_maps = hash:/etc/aliases, hash:/var/lib/mailman/data/aliases
append_dot_mydomain = no
biff = no
config_directory = /etc/postfix
home_mailbox = Maildir/
inet_interfaces = all
mailbox_command = /usr/bin/procmail -t -a "$EXTENSION" -a "$USER" -a "$DOMAIN" -a "$LOCAL"
mailbox_size_limit = 0
mydestination = $myhostname, localhost.$mydomain, localhost,                $mydomain, mail.$mydomain, www.$mydomain, ftp.$mydomain, mx.$mydomain,                ntp.$mydomain, ping.$mydomain, smtp.$mydomain, ssh.$mydomain,                time.$mydomain, timehost.$mydomain, vpn.$mydomain, web.$mydomain,             lists.$mydomain
myhostname = lexus.bitrot.info
mynetworks = 172.16.0.0/12, 127.0.0.0/8, 83.149.117.8/32
myorigin = $mydomain
recipient_delimiter = +
relayhost =
smtp_tls_session_cache_database = btree:${queue_directory}/smtp_scache
smtpd_banner = $myhostname ESMTP $mail_name (Debian/GNU)
smtpd_client_restrictions = permit_mynetworks,        reject_unauth_pipelining,        check_client_access hash:/etc/postfix/whitelist_client,        reject_unknown_reverse_client_hostname,        permit
smtpd_helo_required = yes
smtpd_recipient_restrictions = reject_unknown_recipient_domain,        permit_mynetworks,        permit_sasl_authenticated,        reject_unauth_destination,        permit
smtpd_reject_unlisted_recipient = yes
smtpd_reject_unlisted_sender = no
smtpd_sasl_auth_enable = yes
smtpd_sender_restrictions = permit_mynetworks,        permit_sasl_authenticated,        check_sender_access hash:/etc/postfix/whitelist_sender,        reject_non_fqdn_sender,        reject_unknown_sender_domain,        permit
smtpd_tls_session_cache_database = btree:${queue_directory}/smtpd_scache
smtpd_use_tls = yes
unknown_local_recipient_reject_code = 550
virtual_alias_domains = hash:/etc/postfix/virtual_alias_domains
virtual_alias_maps = hash:/etc/postfix/virtual_alias_maps

--
Crypto ergo sum.  http://www.subspacefield.org/~travis/
Truth does not fear scrutiny or competition, only lies do.
If you are a spammer, please email [hidden email] to get blacklisted.
Reply | Threaded
Open this post in threaded view
|

saslfinger output, was Re: postfix hangs when SASL enabled

Travis-35
In reply to this post by mouss-2
#### postconf -n when trying to use SASL

alias_database = hash:/etc/aliases
alias_maps = hash:/etc/aliases, hash:/var/lib/mailman/data/aliases
append_dot_mydomain = no
biff = no
config_directory = /etc/postfix
home_mailbox = Maildir/
inet_interfaces = all
mailbox_command = /usr/bin/procmail -t -a "$EXTENSION" -a "$USER" -a "$DOMAIN" -a "$LOCAL"
mailbox_size_limit = 0
mydestination = $myhostname, localhost.$mydomain, localhost,                $mydomain, mail.$mydomain, www.$mydomain, ftp.$mydomain, mx.$mydomain,                ntp.$mydomain, ping.$mydomain, smtp.$mydomain, ssh.$mydomain,                time.$mydomain, timehost.$mydomain, vpn.$mydomain, web.$mydomain,             lists.$mydomain
myhostname = lexus.bitrot.info
mynetworks = 172.16.0.0/12, 127.0.0.0/8, 83.149.117.8/32
myorigin = $mydomain
recipient_delimiter = +
relayhost =
smtp_tls_session_cache_database = btree:${queue_directory}/smtp_scache
smtpd_banner = $myhostname ESMTP $mail_name (Debian/GNU)
smtpd_client_restrictions = permit_mynetworks,        reject_unauth_pipelining,        check_client_access hash:/etc/postfix/whitelist_client,        reject_unknown_reverse_client_hostname,        permit
smtpd_helo_required = yes
smtpd_recipient_restrictions = reject_unknown_recipient_domain,        permit_mynetworks,        permit_sasl_authenticated,        reject_unauth_destination,        permit
smtpd_reject_unlisted_recipient = yes
smtpd_reject_unlisted_sender = no
smtpd_sasl_auth_enable = yes
smtpd_sasl_authenticated_header = yes
smtpd_sasl_path = smtpd
smtpd_sender_restrictions = permit_mynetworks,        permit_sasl_authenticated,        check_sender_access hash:/etc/postfix/whitelist_sender,        reject_non_fqdn_sender,        reject_unknown_sender_domain,        permit
smtpd_tls_session_cache_database = btree:${queue_directory}/smtpd_scache
smtpd_use_tls = yes
unknown_local_recipient_reject_code = 550
virtual_alias_domains = hash:/etc/postfix/virtual_alias_domains
virtual_alias_maps = hash:/etc/postfix/virtual_alias_maps


#### saslfinger -s when trying to use SASL

saslfinger - postfix Cyrus sasl configuration Tue Oct  7 23:25:23 CEST 2008
version: 1.0.2
mode: server-side SMTP AUTH

-- basics --
Postfix: 2.3.8
System: Debian GNU/Linux 4.0 \n \l

-- smtpd is linked to --
        libsasl2.so.2 => /usr/lib/libsasl2.so.2 (0xb7dbb000)

-- active SMTP AUTH and TLS parameters for smtpd --
smtpd_sasl_auth_enable = yes
smtpd_sasl_authenticated_header = yes
smtpd_sasl_path = smtpd
smtpd_tls_session_cache_database = btree:${queue_directory}/smtpd_scache
smtpd_use_tls = yes


-- listing of /usr/lib/sasl2 --
total 116
drwxr-xr-x  2 root root  4096 Oct  7 22:47 .
drwxr-xr-x 60 root root 20480 Sep 28 02:03 ..
-rw-r--r--  1 root root 21726 Dec 13  2006 libsasldb.a
-rw-r--r--  1 root root   856 Dec 13  2006 libsasldb.la
-rw-r--r--  1 root root 17980 Dec 13  2006 libsasldb.so
-rw-r--r--  1 root root 17980 Dec 13  2006 libsasldb.so.2
-rw-r--r--  1 root root 17980 Dec 13  2006 libsasldb.so.2.0.22
-rw-rw----  1 root root    49 Oct  7 22:47 smtpd.conf

-- listing of /usr/local/lib/sasl2 --
total 116
drwxr-xr-x  2 root root  4096 Oct  7 22:47 .
drwxr-xr-x 60 root root 20480 Sep 28 02:03 ..
-rw-r--r--  1 root root 21726 Dec 13  2006 libsasldb.a
-rw-r--r--  1 root root   856 Dec 13  2006 libsasldb.la
-rw-r--r--  1 root root 17980 Dec 13  2006 libsasldb.so
-rw-r--r--  1 root root 17980 Dec 13  2006 libsasldb.so.2
-rw-r--r--  1 root root 17980 Dec 13  2006 libsasldb.so.2.0.22
-rw-rw----  1 root root    49 Oct  7 22:47 smtpd.conf




-- content of /usr/lib/sasl2/smtpd.conf --
pwcheck_method: saslauthd
mech_list: PLAIN LOGIN

-- content of /usr/local/lib/sasl2/smtpd.conf --
pwcheck_method: saslauthd
mech_list: PLAIN LOGIN

-- content of /etc/postfix/sasl/smtpd.conf --
pwcheck_method: saslauthd
mech_list: PLAIN LOGIN


-- active services in /etc/postfix/master.cf --
# service type  private unpriv  chroot  wakeup  maxproc command + args
#               (yes)   (yes)   (yes)   (never) (100)
smtp      inet  n       -       -       -       -       smtpd
pickup    fifo  n       -       -       60      1       pickup
cleanup   unix  n       -       -       -       0       cleanup
qmgr      fifo  n       -       n       300     1       qmgr
tlsmgr    unix  -       -       -       1000?   1       tlsmgr
rewrite   unix  -       -       -       -       -       trivial-rewrite
bounce    unix  -       -       -       -       0       bounce
defer     unix  -       -       -       -       0       bounce
trace     unix  -       -       -       -       0       bounce
verify    unix  -       -       -       -       1       verify
flush     unix  n       -       -       1000?   0       flush
proxymap  unix  -       -       n       -       -       proxymap
smtp      unix  -       -       -       -       -       smtp
relay     unix  -       -       -       -       -       smtp
        -o fallback_relay=
showq     unix  n       -       -       -       -       showq
error     unix  -       -       -       -       -       error
discard   unix  -       -       -       -       -       discard
local     unix  -       n       n       -       -       local
virtual   unix  -       n       n       -       -       virtual
lmtp      unix  -       -       -       -       -       lmtp
anvil     unix  -       -       -       -       1       anvil
scache    unix  -       -       -       -       1       scache
maildrop  unix  -       n       n       -       -       pipe
  flags=DRhu user=vmail argv=/usr/bin/maildrop -d ${recipient}
uucp      unix  -       n       n       -       -       pipe
  flags=Fqhu user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail ($recipient)
ifmail    unix  -       n       n       -       -       pipe
  flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient)
bsmtp     unix  -       n       n       -       -       pipe
  flags=Fq. user=bsmtp argv=/usr/lib/bsmtp/bsmtp -t$nexthop -f$sender $recipient
scalemail-backend unix  -       n       n       -       2       pipe
  flags=R user=scalemail argv=/usr/lib/scalemail/bin/scalemail-store ${nexthop} ${user} ${extension}
mailman   unix  -       n       n       -       -       pipe
  flags=FR user=list argv=/usr/lib/mailman/bin/postfix-to-mailman.py
  ${nexthop} ${user}

-- mechanisms on localhost --

-- end of saslfinger output --


--
Crypto ergo sum.  http://www.subspacefield.org/~travis/
Truth does not fear scrutiny or competition, only lies do.
If you are a spammer, please email [hidden email] to get blacklisted.
Reply | Threaded
Open this post in threaded view
|

Re: saslfinger output, was Re: postfix hangs when SASL enabled

mouss-2
Travis wrote:

> [snip]
> -- basics --
> Postfix: 2.3.8
> System: Debian GNU/Linux 4.0 \n \l
> [snip]
>
> -- listing of /usr/lib/sasl2 --
> total 116
> drwxr-xr-x  2 root root  4096 Oct  7 22:47 .
> drwxr-xr-x 60 root root 20480 Sep 28 02:03 ..
> -rw-r--r--  1 root root 21726 Dec 13  2006 libsasldb.a
> -rw-r--r--  1 root root   856 Dec 13  2006 libsasldb.la
> -rw-r--r--  1 root root 17980 Dec 13  2006 libsasldb.so
> -rw-r--r--  1 root root 17980 Dec 13  2006 libsasldb.so.2
> -rw-r--r--  1 root root 17980 Dec 13  2006 libsasldb.so.2.0.22
> -rw-rw----  1 root root    49 Oct  7 22:47 smtpd.conf


# apt-get install libsasl2-modules

> [snip]
Reply | Threaded
Open this post in threaded view
|

Re: saslfinger output, was Re: postfix hangs when SASL enabled

Travis-35
On Tue, Oct 07, 2008 at 11:32:50PM +0200, mouss wrote:

> Travis wrote:
> >[snip]
> >-- basics --
> >Postfix: 2.3.8
> >System: Debian GNU/Linux 4.0 \n \l
> >[snip]
> >
> >-- listing of /usr/lib/sasl2 --
> >total 116
> >drwxr-xr-x  2 root root  4096 Oct  7 22:47 .
> >drwxr-xr-x 60 root root 20480 Sep 28 02:03 ..
> >-rw-r--r--  1 root root 21726 Dec 13  2006 libsasldb.a
> >-rw-r--r--  1 root root   856 Dec 13  2006 libsasldb.la
> >-rw-r--r--  1 root root 17980 Dec 13  2006 libsasldb.so
> >-rw-r--r--  1 root root 17980 Dec 13  2006 libsasldb.so.2
> >-rw-r--r--  1 root root 17980 Dec 13  2006 libsasldb.so.2.0.22
> >-rw-rw----  1 root root    49 Oct  7 22:47 smtpd.conf
>
>
> # apt-get install libsasl2-modules
>
> >[snip]

Closer... now Thunderbird prompts for my password over and over, but I've
set it properly.
--
Crypto ergo sum.  http://www.subspacefield.org/~travis/
Truth does not fear scrutiny or competition, only lies do.
If you are a spammer, please email [hidden email] to get blacklisted.
Reply | Threaded
Open this post in threaded view
|

Re: saslfinger output, was Re: postfix hangs when SASL enabled

Travis-35
On Fri, Oct 10, 2008 at 03:43:09PM -0500, Travis wrote:
> Closer... now Thunderbird prompts for my password over and over, but I've
> set it properly.

What's the meaning of:

Oct 10 22:40:55 lexus postfix/smtpd[13983]: warning: SASL authentication failure: cannot connect to saslauthd server: Permission denied

--
Crypto ergo sum.  http://www.subspacefield.org/~travis/
Truth does not fear scrutiny or competition, only lies do.
If you are a spammer, please email [hidden email] to get blacklisted.
Reply | Threaded
Open this post in threaded view
|

Re: saslfinger output, was Re: postfix hangs when SASL enabled

Nikita Kipriyanov
Travis wrote:
> What's the meaning of:
>
> Oct 10 22:40:55 lexus postfix/smtpd[13983]: warning: SASL authentication failure: cannot connect to saslauthd server: Permission denied
>  
There are wrong permissions on saslauthd socket. From
http://www.postfix.org/SASL_README.html :

IMPORTANT: saslauthd usually establishes a UNIX domain socket in
/var/run/saslauthd and waits for authentication requests. The Postfix
SMTP server must have read+execute permission to this directory or
authentication attempts will fail.

Reply | Threaded
Open this post in threaded view
|

Re: saslfinger output, was Re: postfix hangs when SASL enabled

mouss-2
In reply to this post by Travis-35
Travis a écrit :

> On Fri, Oct 10, 2008 at 03:43:09PM -0500, Travis wrote:
>  
>> Closer... now Thunderbird prompts for my password over and over, but I've
>> set it properly.
>>    
>
> What's the meaning of:
>
> Oct 10 22:40:55 lexus postfix/smtpd[13983]: warning: SASL authentication failure: cannot connect to saslauthd server: Permission denied
>
>  

It means exactly what it says. smtpd can't access saslauthd socket.
This socket is probably in
/var/run/saslauthd if smtpd is not chrooted, and
/var/spool/postfix/var/run/saslauthd if smtpd is chrooted.

Once you find it, check ownership and permissions of that file as well
as those of its parent directories.

PS. next time, please use google before asking.
Reply | Threaded
Open this post in threaded view
|

Re: saslfinger output, was Re: postfix hangs when SASL enabled

Patrick Ben Koetter
In reply to this post by Travis-35
* Travis <[hidden email]>:
> On Fri, Oct 10, 2008 at 03:43:09PM -0500, Travis wrote:
> > Closer... now Thunderbird prompts for my password over and over, but I've
> > set it properly.
>
> What's the meaning of:
>
> Oct 10 22:40:55 lexus postfix/smtpd[13983]: warning: SASL authentication failure: cannot connect to saslauthd server: Permission denied

It probably means that the user postfix is not in the group sasl. If that's
the case it probably also means you should read the SASL Postfix documentation
that comes with your distribution. There are more traps when you run a Debian
based system e.g. chroot issues.

p@rick

--
The Book of Postfix
<http://www.postfix-book.com>
saslfinger (debugging SMTP AUTH):
<http://postfix.state-of-mind.de/patrick.koetter/saslfinger/>
Reply | Threaded
Open this post in threaded view
|

Re: saslfinger output, was Re: postfix hangs when SASL enabled

Travis-35
In reply to this post by Nikita Kipriyanov
On Sat, Oct 11, 2008 at 03:36:01PM +0400, Nikita Kipriyanov wrote:
> Travis wrote:
> There are wrong permissions on saslauthd socket. From
> http://www.postfix.org/SASL_README.html :
>
> IMPORTANT: saslauthd usually establishes a UNIX domain socket in
> /var/run/saslauthd and waits for authentication requests. The Postfix
> SMTP server must have read+execute permission to this directory or
> authentication attempts will fail.

That fixed it.

I of course never set up the chrooted environment, the defaults for
Debian Linux 4.0 are wrong.

chmod a+rX /var/spool/postfix/var{,/run,/run/saslauthd} fixed it.

--
Crypto ergo sum.  http://www.subspacefield.org/~travis/
Truth does not fear scrutiny or competition, only lies do.
If you are a spammer, please email [hidden email] to get blacklisted.