Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations strongm on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Postfix + Cyrus SASL

Status
Not open for further replies.
fluid11

fluid11

IS-IT--Management
Jan 22, 2002
1,627
US
Here's the first question in the new Postfix forum. I'm re-posting this from the Linux Server forum...


Has anybody gotten Cyrus SASL to work with Postfix? I want to use SASL so that authenticated users can relay.

I've already seen the docs on Postfix's website about this.

This is what I've done....

- installed Cyrus SASL (tried both RPMs and source)

- compiled Postfix with support for SASL...

make makefiles CCARGS="-DUSE_SASL_AUTH -I/usr/local/include" AUXLIBS="-L/usr/local/lib -lsasl"


- edited the main.cf to include the sasl parameters...

smtpd_sasl_auth_enable = yes
smtpd_sasl_security_options = noanonymous
smtpd_sasl_local_domain = $myhostname
broken_sasl_auth_clients = yes

relay_domains = $mydestination
smtpd_recipient_restrictions =
permit_sasl_authenticated,
permit_mynetworks,
check_relay_domains


- created /usr/lib/sasl/smtpd.conf and added "pwcheck_method: sasldb" inside. This file is owned by the postfix user.

- ran 'saslpasswd -a smtpd -c user' to create a user in the /etc/sasldb database



If I telnet to the server and issue a EHLO command, it responds with the correct AUTH commands so SASL is compiled okay. The problem is I can't authenticate.


Anyone have any ideas? This is driving me crazy! I'm about to give up and allow relaying by IP address.


Thanks,
ChrisP
 
Sort by date Sort by votes
I still haven't gotten this working, but I came up with a workaround until I feel like messing with SASL again.


I want to be able to relay from my house, which has a static IP. I added the IP to /etc/hosts and called it home.foo.org. Then I edited main.cf and added home.$mydomain to the mydestination paramter.

This will work for now since I only have a few users working from home, but I'll have to either get SASL or some other method (POP-before-SMTP?) working in the future.

ChrisP
 
Upvote 0 Downvote
I haven't tried Cyrus again yet, but I found a better solution that I couldn't get working before...

smtpd_recipient_restrictions =
check_client_access hash:/etc/postfix/clients
permit_mynetworks,
check_relay_domains

The reason I couldn't get it working before was because I had check_relay_domains listed before check_client_access.


Is anybody reading this besides me?


ChrisP
 
Upvote 0 Downvote
Yes I am reading it too, actually just found out there is a new postfix forum ;-)
Anyway, I am afraid I cant help you with SASL since I have not fiddled with it so far - but it's on my todo list since a while.... if I have info for you I'll post it here ofc.

Regards,
Zodiak
 
Upvote 0 Downvote
Cool, thanks. Same here when I have time to mess with it again. For now, I'll just keep manually adding the static IP's to the client access list.

ChrisP
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

7xja
  • Locked
  • Question
Some problems on Postfix 3.6
Replies
0
Views
296
7xja
7xja
Martin Zahn
  • Locked
  • Question
postfix: fatal: could not find any active network interfaces
Replies
0
Views
309
Martin Zahn
Martin Zahn
alexk345
  • Locked
  • Question
I need a way to block outgoing recipients using Mysql - Postfix / Postmap
Replies
1
Views
299
alexk345
alexk345
BJZeak
  • Locked
  • Question
Looking to understand the feasibility of creating a SEND only POSTFIX solution for an IOT (pi) ctrlr
Replies
0
Views
271
BJZeak
BJZeak
mondji
  • Locked
  • Question
Postfix smarthost: limit the number of message to recipient by time interval
Replies
0
Views
260
mondji
mondji

Part and Inventory Search

Sponsor

Back
Top