Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations TouchToneTommy on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

postfix's authentication problem 1

Status
Not open for further replies.
bluelake

bluelake

Technical User
Jan 20, 2003
57
CN
hi, all, I'v installed postfix with sasl authentication successfully, it seems work well: the client can not use postfix server to send mail if the client can not pass smtp authentication, this is what i expected. but when i config my client not use smtp authentication, it still can send mail by the postfix server!(on client: if i choose to use smtp authentication, i must enter the correct username and password, but if i do not chose to use smtp authentication, it can send mail without authentication.)

my test client is kmail
my server is redhatlinux 9+cyrus sasl2+ postfix2.0.4

i do the above test on the same pc(the client and the server both on a same machine)

my main.cf is as below:

#postconf -n
alias_database = hash:/etc/postfix/aliases
alias_maps = hash:/etc/postfix/aliases
command_directory = /usr/sbin
config_directory = /etc/postfix
daemon_directory = /usr/libexec/postfix
debug_peer_level = 2
inet_interfaces = all
mail_owner = postfix
mailq_path = /usr/bin/mailq
manpage_directory = /usr/local/man
mydestination = $myhostname, postfix.$mydomain
mydomain = mydomain.com
myhostname = test.mydomain.com
mynetworks = 127.0.0.0/8, 10.167.34.0/24, hash:/etc/postfix/access
myorigin = $myhostname
newaliases_path = /usr/bin/newaliases
queue_directory = /var/spool/postfix
readme_directory = /etc/postfix/readme_files
relay_domains = $mydomain
sample_directory = /etc/postfix
sendmail_path = /usr/sbin/sendmail
setgid_group = postdrop
smtpd_client_restrictions = permit_sasl_authenticated
smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination
smtpd_sasl_auth_enable = yes
smtpd_sasl_local_domain =
smtpd_sasl_security_options = noanonymous
unknown_local_recipient_reject_code = 450

any help will be appreciated!


There are only 10 types of people in the world: Those who understand binary, and those who don't
 
Sort by date Sort by votes
I'm trying to do exactly the same thing you are. My questions is. you have rh9 out of the box. What else did you install ontop of that to get things working? I can't seem to get your same configuration to work. Thanks!
-ben
 
Upvote 0 Downvote
hmmm, I think I have solved that problem,and my openwebmail works well with postfix and sasl2.

I run the client and server on the same box, so the client did not need smtp authentication. when I did test on another machine, the client had to be authenticated before it could send mail.

perhaps you should check your sasl2 installation process and the configuration in your main.cf.

There are only 10 types of people in the world: Those who understand binary, and those who don't
 
Upvote 0 Downvote
What do you mean my "sasl2 installation process"? What I want to know is, what programs did you isntall ontop of redhat 9 to get this to work. Are you using the default packages, or is it something you downloaded?
-ben
 
Upvote 0 Downvote
the authentication daemon that cyrus sasl2 uses(saslauthd) is different from that of cyrus sasl1 (pwcheck,pam,sasldb,shadow)which is the default package for rh9.

I download the source file of sasl2 and install it by the below steps:
tar -zxvf /root/cyrus-sasl-2.1.12.tar.gz
cd cyrus-sasl-2.1.12
./configure > --prefix=/usr/local/cyrus-sasl2 --enable-login --enable-plain > --enable-pwcheck --with-saslauthd=/var/run
make clean && make
make install

cd /usr/lib
ln -s /usr/local/cyrus-sasl2/lib/* .
cd /usr/lib/sasl2
echo 'pwcheck_method: saslauthd' > smtpd.conf
echo 'mech_list:plain login' >> smtpd.conf

#added a manpath
vi /etc/man.config
#add below:
MANPATH /usr/local/cyrus-sasl2/man

#start the saslauthd daemon
/usr/local/cyrus-sasl2/sbin/saslauthd -a shadow

#test if saslauthd works well, we use the utility comes with source file names 'testsaslauthd'
cd /usr/local/src/cyrus-sasl-2.1.12/saslauthd/
make testsaslauthd
./testsaslauthd -u userID -p 'yours.passwd'
0: OK "Success."
# this mean your sasl works well!

#add it to the system start file
vi /etc/rc.d/rc.local
# add below
/usr/local/cyrus-sasl2/sbin/saslauthd -a shadow

my english is not so well, hope you can understand what i say, good luck.



There are only 10 types of people in the world: Those who understand binary, and those who don't
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

7xja
  • Locked
  • Question
Some problems on Postfix 3.6
Replies
0
Views
260
7xja
7xja
Steve Wilson
  • Locked
  • Question
Problems using HAproxy with postfix
Replies
1
Views
86
Steve Wilson
Steve Wilson
gatsby7
  • Locked
  • Question
postfix + google groups mail problem
Replies
1
Views
44
Noway2
Noway2
8core
  • Locked
  • Question
Mail problems since moving to a new data center...
Replies
1
Views
56
8core
8core
circuitpt
  • Locked
  • Question
Postfix rewrite configuration problem
Replies
0
Views
42
circuitpt
circuitpt

Part and Inventory Search

Sponsor

Back
Top