Problem z SASL authentication

Serwery i sieci oparte na Slackware, wszelkiego rodzaju usługi, troubleshooting.

Moderatorzy: Moderatorzy, Administratorzy

tomekn
Użytkownik
Posty: 58
Rejestracja: 2004-11-26, 09:47

Problem z SASL authentication

Post autor: tomekn »

Właśnie uruchomiłem sobie postfixa + dovecot + mysql wszystko działa prawidłowo oprócz SASL authentication.

Mianowicie podczas próby wysłania emaila w logach postfixa widzę:

Kod: Zaznacz cały

connect from localhost.localdomain[127.0.0.1]
warning: SASL authentication failure: Could not open /etc/sasldb2: gdbm_errno=8
warning: SASL authentication failure: Could not open /etc/sasldb2: gdbm_errno=8
warning: SASL authentication failure: no secret in database
warning: localhost.localdomain[127.0.0.1]: SASL CRAM-MD5 authentication failed: authentication failure
lost connection after AUTH from localhost.localdomain[127.0.0.1]
disconnect from localhost.localdomain[127.0.0.1]
co ciekawe konta userów przechowuje w MySql i logowanie via IMAP działa prawidłowo. Dodatkowo smtp skonfigurowałem w połączeniu z Mysql:

Kod: Zaznacz cały

pwcheck_method: saslauthd
mech_list: CRAM-MD5
auxprop_plugin: sql
sql_engine: mysql
sql_hostnames: 127.0.0.1
sql_database: database
sql_user: user
sql_passwd: pass
sql_select: SELECT password FROM mailbox WHERE username = '%u@%r' AND active = '1'
sql_verbose: true
więc dlaczego smtp szuka:

Kod: Zaznacz cały

warning: SASL authentication failure: Could not open /etc/sasldb2: gdbm_errno=8
Dzięki za sugestie
Awatar użytkownika
Outlaw
Administrator
Posty: 2862
Rejestracja: 2004-06-29, 22:23
Lokalizacja: eth0
Kontakt:

Re: Problem z SASL authentication

Post autor: Outlaw »

Pokaż swoje main.cf i dovecot.conf.
tomekn pisze:pwcheck_method: saslauthd
mech_list: CRAM-MD5
auxprop_plugin: sql
sql_engine: mysql
sql_hostnames: 127.0.0.1
sql_database: database
sql_user: user
sql_passwd: pass
sql_select: SELECT password FROM mailbox WHERE username = '%u@%r' AND active = '1'
sql_verbose: true
Ten wycinek z jakiego pliku jest?
tomekn
Użytkownik
Posty: 58
Rejestracja: 2004-11-26, 09:47

Re: Problem z SASL authentication

Post autor: tomekn »

Main.cf

Kod: Zaznacz cały

#soft_bounce = no

queue_directory = /var/spool/postfix

command_directory = /usr/sbin

daemon_directory = /usr/libexec/postfix

data_directory = /var/lib/postfix

mail_owner = postfix
#default_privs = nobody
#myhostname = host.domain.tld
#myhostname = virtual.domain.tld

myhostname = poczta.mojadomenka.pl
mydomain = mojadomenka.pl
myorigin = $mydomain

inet_interfaces = all
#inet_interfaces = $myhostname
#inet_interfaces = $myhostname, localhost

#proxy_interfaces =
#proxy_interfaces = 1.2.3.4

#mydestination = $myhostname, localhost.$mydomain, localhost
#mydestination = $myhostname, localhost.$mydomain, localhost, $mydomain
#mydestination = $myhostname, localhost.$mydomain, localhost, $mydomain,
#	mail.$mydomain, www.$mydomain, ftp.$mydomain

#local_recipient_maps = unix:passwd.byname $alias_maps
#local_recipient_maps = proxy:unix:passwd.byname $alias_maps
#local_recipient_maps =

unknown_local_recipient_reject_code = 550

#mynetworks_style = class
#mynetworks_style = subnet
#mynetworks_style = host

#mynetworks = 168.100.189.0/28, 127.0.0.0/8
#mynetworks = $config_directory/mynetworks
#mynetworks = hash:/etc/postfix/network_table
#relay_domains = $mydestination

#relayhost = $mydomain
#relayhost = [gateway.my.domain]
#relayhost = [mailserver.isp.tld]
#relayhost = uucphost
#relayhost = [an.ip.add.ress]

#relay_recipient_maps = hash:/etc/postfix/relay_recipients

#in_flow_delay = 1s

#alias_maps = dbm:/etc/aliases
#alias_maps = hash:/etc/aliases
#alias_maps = hash:/etc/aliases, nis:mail.aliases
#alias_maps = netinfo:/aliases

#alias_database = dbm:/etc/aliases
#alias_database = dbm:/etc/mail/aliases
#alias_database = hash:/etc/aliases
#alias_database = hash:/etc/aliases, hash:/opt/majordomo/aliases

#recipient_delimiter = +

#home_mailbox = Mailbox
#home_mailbox = Maildir/
 
#mail_spool_directory = /var/mail
#mail_spool_directory = /var/spool/mail

#mailbox_command = /some/where/procmail
#mailbox_command = /some/where/procmail -a "$EXTENSION"

#mailbox_transport = lmtp:unix:/file/name
#mailbox_transport = cyrus

#fallback_transport = lmtp:unix:/file/name
#fallback_transport = cyrus
#fallback_transport =

#luser_relay = $user@other.host
#luser_relay = $local@other.host
#luser_relay = admin+$local
  
#header_checks = regexp:/etc/postfix/header_checks

#fast_flush_domains = $relay_domains

#smtpd_banner = $myhostname ESMTP $mail_name
#smtpd_banner = $myhostname ESMTP $mail_name ($mail_version)

#local_destination_concurrency_limit = 2
#default_destination_concurrency_limit = 20

debug_peer_level = 2

#debug_peer_list = 127.0.0.1
#debug_peer_list = some.domain

debugger_command =
	 PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin
	 ddd $daemon_directory/$process_name $process_id & sleep 5

sendmail_path = /usr/sbin/sendmail
newaliases_path = /usr/bin/newaliases
mailq_path = /usr/bin/mailq
setgid_group = postdrop
html_directory = /usr/doc/postfix-2.6.5/html
manpage_directory = /usr/man
sample_directory = /etc/postfix
readme_directory = /usr/doc/postfix-2.6.5/README_FILES

# Virtual users configuration
virtual_relay_domains_maps = mysql:/etc/postfix/mysql/mysql_relay_domains_maps.cf
virtual_alias_maps = mysql:/etc/postfix/mysql/mysql_virtual_alias_maps.cf
virtual_mailbox_limit_maps = mysql:/etc/postfix/mysql/mysql_virtual_mailbox_limit_maps.cf
virtual_mailbox_maps = mysql:/etc/postfix/mysql/mysql_virtual_mailbox_maps.cf
virtual_transport = virtual
virtual_mailbox_base = /var/spool/mail
virtual_mailbox_domains = proxy:mysql:/etc/postfix/mysql/mysql_virtual_domains_maps.cf
# 89 is the default UID of postfix user on CentOS systems,
# it will be used for virtual accounts too
virtual_minimum_uid = 103
virtual_uid_maps = static:1008
virtual_gid_maps = static:110

# Enable SASL authentication.
smtpd_sasl_auth_enable = yes
smtpd_sasl_security_options = noanonymous, noplaintext
broken_sasl_auth_clients = yes
smtpd_recipient_restrictions = permit_sasl_authenticated, permit_mynetworks, reject_unauth_destination
smtpd_sasl_local_domain = mojadomenka.pl
smtpd_sasl_path = /usr/lib/sasl2/postfix.conf

Dovecot.conf

Kod: Zaznacz cały

base_dir = /var/run/dovecot/
protocols = imap imaps

#   protocol imap {
#     listen = *:10143
#     ssl_listen = *:10943
#     ..
#   }
#   protocol pop3 {
#     listen = *:10100
#     ..
#   }
#listen = *

disable_plaintext_auth = yes

#shutdown_clients = yes

log_path = /var/log/dovecot.log

info_log_path = /var/log/dovecot_info.log

log_timestamp = "%b %d %H:%M:%S "

syslog_facility = mail

##
## SSL settings
##

ssl_listen = 127.0.0.1

ssl = yes

ssl_cert_file = /etc/postfix/ssl/postfix_public_cert.pem
ssl_key_file = /etc/postfix/ssl/postfix_private_key.pem

#ssl_key_password =

#ssl_ca_file = 

#ssl_verify_client_cert = no

#ssl_cert_username_field = commonName

#ssl_parameters_regenerate = 168

#ssl_cipher_list = ALL:!LOW:!SSLv2

# Show protocol level SSL errors.
verbose_ssl = yes

##
## Login processes
##

login_dir = /var/run/dovecot/login
login_chroot = yes
login_user = dovecot

#login_process_size = 64

#login_process_per_connection = yes

#login_processes_count = 3
#login_max_processes_count = 128
#login_max_connections = 256

login_greeting = Dovecot ready.
#login_trusted_networks =

#login_log_format_elements = user=<%u> method=%m rip=%r lip=%l %c

login_log_format = %$: %s

##
## Mailbox locations and namespaces
##

mail_location = maildir:/var/spool/mail/%d/%u/

#namespace private {
   # Hierarchy separator to use. You should use the same separator for all
   # namespaces or some clients get confused. '/' is usually a good one.
   # The default however depends on the underlying mail storage format.
   #separator = 

   # Prefix required to access this namespace. This needs to be different for
   # all namespaces. For example "Public/".
   #prefix = 

   # Physical location of the mailbox. This is in same format as
   # mail_location, which is also the default for it.
   #location =

   # There can be only one INBOX, and this setting defines which namespace
   # has it.
   #inbox = no

   # If namespace is hidden, it's not advertised to clients via NAMESPACE
   # extension. You'll most likely also want to set list=no. This is mostly
   # useful when converting from another server with different namespaces which
   # you want to deprecate but still keep working. For example you can create
   # hidden namespaces with prefixes "~/mail/", "~%u/mail/" and "mail/".
   #hidden = yes

   # Show the mailboxes under this namespace with LIST command. This makes the
   # namespace visible for clients that don't support NAMESPACE extension.
   # "children" value lists child mailboxes, but hides the namespace prefix.
   #list = yes

   # Namespace handles its own subscriptions. If set to "no", the parent
   # namespace handles them (empty prefix should always have this as "yes")
   #subscriptions = yes
#}

# Example shared namespace configuration
#namespace shared {
   #separator = /

   # Mailboxes are visible under "shared/user@domain/"
   # %%n, %%d and %%u are expanded to the destination user.
   #prefix = shared/%%u/

   # Mail location for other users' mailboxes. Note that %variables and ~/
   # expands to the logged in user's data. %%n, %%d, %%u and %%h expand to the
   # destination user's data.
   #location = maildir:%%h/Maildir:INDEX=~/Maildir/shared/%%u

   # Use the default namespace for saving subscriptions.
   #subscriptions = no

   # List the shared/ namespace only if there are visible shared mailboxes.
   #list = children
#}

mail_uid = 1008
mail_gid = 110

#mail_privileged_group =

#mail_access_groups =

#mail_full_filesystem_access = no

##
## Mail processes
##

#mail_debug = no

mail_log_prefix = "%Us(%u): "

#mail_log_max_lines_per_sec = 10

#mmap_disable = no

#dotlock_use_excl = yes

#fsync_disable = no

#mail_nfs_storage = no
#mail_nfs_index = no

#lock_method = fcntl

#mail_drop_priv_before_exec = no

#verbose_proctitle = no

first_valid_uid = 1008
last_valid_uid = 1008

first_valid_gid = 110
last_valid_gid = 110

#max_mail_processes = 512

#mail_process_size = 256

#mail_max_keyword_length = 50

#valid_chroot_dirs = 

#mail_chroot = 

##
## Mailbox handling optimizations
##

#mail_cache_min_mail_count = 0

#mailbox_idle_check_interval = 30

#mail_save_crlf = no

##
## Maildir-specific settings
##

#maildir_stat_dirs = no

#maildir_copy_with_hardlinks = yes

#maildir_copy_preserve_filename = no

#maildir_very_dirty_syncs = no

##
## mbox-specific settings
##

#mbox_read_locks = fcntl
#mbox_write_locks = dotlock fcntl

#mbox_lock_timeout = 300
#mbox_dotlock_change_timeout = 120

#mbox_dirty_syncs = yes

#mbox_very_dirty_syncs = no

#mbox_lazy_writes = yes

#mbox_min_index_size = 0

##
## dbox-specific settings
##

#dbox_rotate_size = 2048
#dbox_rotate_min_size = 16

#dbox_rotate_days = 0

##
## IMAP specific settings
##

protocol imap {
  # Login executable location.
  login_executable = /usr/libexec/dovecot/imap-login

  # IMAP executable location. Changing this allows you to execute other
  # binaries before the imap process is executed.
  #
  # This would write rawlogs into user's ~/dovecot.rawlog/, if it exists:
  #   mail_executable = /usr/libexec/dovecot/rawlog /usr/libexec/dovecot/imap
  # <doc/wiki/Debugging/Rawlog.txt>
  #
  # This would attach gdb into the imap process and write backtraces into
  # /tmp/gdbhelper.* files:
  #   mail_executable = /usr/libexec/dovecot/gdbhelper /usr/libexec/dovecot/imap
  #
  mail_executable = /usr/libexec/dovecot/imap

  # Maximum IMAP command line length in bytes. Some clients generate very long
  # command lines with huge mailboxes, so you may need to raise this if you get
  # "Too long argument" or "IMAP command line too large" errors often.
  #imap_max_line_length = 65536

  # Maximum number of IMAP connections allowed for a user from each IP address.
  # NOTE: The username is compared case-sensitively.
  #mail_max_userip_connections = 10

  # Support for dynamically loadable plugins. mail_plugins is a space separated
  # list of plugins to load.
  #mail_plugins = 
  mail_plugin_dir = /usr/lib/dovecot/imap

  # IMAP logout format string:
  #  %i - total number of bytes read from client
  #  %o - total number of bytes sent to client
  imap_logout_format = bytes=%i/%o

  # Override the IMAP CAPABILITY response.
  #imap_capability = 

  # How many seconds to wait between "OK Still here" notifications when
  # client is IDLEing.
  #imap_idle_notify_interval = 120

  # ID field names and values to send to clients. Using * as the value makes
  # Dovecot use the default value. The following fields have default values
  # currently: name, version, os, os-version, support-url, support-email.
  imap_id_send = *

  # ID fields sent by client to log. * means everything.
  imap_id_log = *

  # Workarounds for various client bugs:
  #   delay-newmail:
  #     Send EXISTS/RECENT new mail notifications only when replying to NOOP
  #     and CHECK commands. Some clients ignore them otherwise, for example OSX
  #     Mail (<v2.1). Outlook Express breaks more badly though, without this it
  #     may show user "Message no longer in server" errors. Note that OE6 still
  #     breaks even with this workaround if synchronization is set to
  #     "Headers Only".
  #   netscape-eoh:
  #     Netscape 4.x breaks if message headers don't end with the empty "end of
  #     headers" line. Normally all messages have this, but setting this
  #     workaround makes sure that Netscape never breaks by adding the line if
  #     it doesn't exist. This is done only for FETCH BODY[HEADER.FIELDS..]
  #     commands. Note that RFC says this shouldn't be done.
  #   tb-extra-mailbox-sep:
  #     With mbox storage a mailbox can contain either mails or submailboxes,
  #     but not both. Thunderbird separates these two by forcing server to
  #     accept '/' suffix in mailbox names in subscriptions list.
  # The list is space-separated.
  imap_client_workarounds = delay-newmail netscape-eoh tb-extra-mailbox-sep
}
  
##
## POP3 specific settings
##

protocol pop3 {
  # Login executable location.
  login_executable = /usr/libexec/dovecot/pop3-login

  # POP3 executable location. See IMAP's mail_executable above for examples
  # how this could be changed.
  mail_executable = /usr/libexec/dovecot/pop3

  # Don't try to set mails non-recent or seen with POP3 sessions. This is
  # mostly intended to reduce disk I/O. With maildir it doesn't move files
  # from new/ to cur/, with mbox it doesn't write Status-header.
  #pop3_no_flag_updates = no

  # Support LAST command which exists in old POP3 specs, but has been removed
  # from new ones. Some clients still wish to use this though. Enabling this
  # makes RSET command clear all \Seen flags from messages.
  pop3_enable_last = no

  # If mail has X-UIDL header, use it as the mail's UIDL.
  #pop3_reuse_xuidl = no

  # Keep the mailbox locked for the entire POP3 session.
  #pop3_lock_session = no

  # POP3 UIDL (unique mail identifier) format to use. You can use following
  # variables, along with the variable modifiers described in
  # <doc/wiki/Variables.txt> (e.g. %Uf for the filename in uppercase)
  #
  #  %v - Mailbox's IMAP UIDVALIDITY
  #  %u - Mail's IMAP UID
  #  %m - MD5 sum of the mailbox headers in hex (mbox only)
  #  %f - filename (maildir only)
  #
  # If you want UIDL compatibility with other POP3 servers, use:
  #  UW's ipop3d         : %08Xv%08Xu
  #  Courier             : %f or %v-%u (both might be used simultaneosly)
  #  Cyrus (<= 2.1.3)    : %u
  #  Cyrus (>= 2.1.4)    : %v.%u
  #  Dovecot v0.99.x     : %v.%u
  #  tpop3d              : %Mf
  #
  # Note that Outlook 2003 seems to have problems with %v.%u format which was
  # Dovecot's default, so if you're building a new server it would be a good
  # idea to change this. %08Xu%08Xv should be pretty fail-safe.
  #
  pop3_uidl_format = %08Xu%08Xv

  # Permanently save UIDLs sent to POP3 clients, so pop3_uidl_format changes
  # won't change those UIDLs. Currently this works only with Maildir.
  pop3_save_uidl = no

  # POP3 logout format string:
  #  %i - total number of bytes read from client
  #  %o - total number of bytes sent to client
  #  %t - number of TOP commands
  #  %p - number of bytes sent to client as a result of TOP command
  #  %r - number of RETR commands
  #  %b - number of bytes sent to client as a result of RETR command
  #  %d - number of deleted messages
  #  %m - number of messages (before deletion)
  #  %s - mailbox size in bytes (before deletion)
  pop3_logout_format = top=%t/%p, retr=%r/%b, del=%d/%m, size=%s

  # Maximum number of POP3 connections allowed for a user from each IP address.
  # NOTE: The username is compared case-sensitively.
  #mail_max_userip_connections = 3

  # Support for dynamically loadable plugins. mail_plugins is a space separated
  # list of plugins to load.
  #mail_plugins = 
  mail_plugin_dir = /usr/lib/dovecot/pop3

  # Workarounds for various client bugs:
  #   outlook-no-nuls:
  #     Outlook and Outlook Express hang if mails contain NUL characters.
  #     This setting replaces them with 0x80 character.
  #   oe-ns-eoh:
  #     Outlook Express and Netscape Mail breaks if end of headers-line is
  #     missing. This option simply sends it if it's missing.
  # The list is space-separated.
  pop3_client_workarounds = outlook-no-nuls oe-ns-eoh
}

##
## LDA specific settings
##

protocol lda {
  #postmaster_address =

  #hostname = 
  #mail_plugins = 
  #mail_plugin_dir = /usr/lib/dovecot/lda

  #quota_full_tempfail = no

  # Format to use for logging mail deliveries. You can use variables:
  #  %$ - Delivery status message (e.g. "saved to INBOX")
  #  %m - Message-ID
  #  %s - Subject
  #  %f - From address
  #deliver_log_format = msgid=%m: %$

  # Binary to use for sending mails.
  #sendmail_path = /usr/lib/sendmail

  # Subject: header to use for rejection mails. You can use the same variables
  # as for rejection_reason below.
  #rejection_subject = Rejected: %s

  # Human readable error message for rejection mails. You can use variables:
  #  %n = CRLF, %r = reason, %s = original subject, %t = recipient
  #rejection_reason = Your message to <%t> was automatically rejected:%n%r

  # UNIX socket path to master authentication server to find users.
  #auth_socket_path = /var/run/dovecot/auth-master
}

##
## Authentication processes
##

# Executable location
auth_executable = /usr/libexec/dovecot/dovecot-auth

#auth_process_size = 256

#auth_cache_size = 0
#auth_cache_ttl = 3600
#auth_cache_negative_ttl = 3600

#auth_realms =

#auth_default_realm = 

auth_username_chars = abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ01234567890.-_@

#auth_username_translation =

#auth_username_format =

#auth_master_user_separator =

#auth_anonymous_username = anonymous

auth_verbose = yes

auth_debug = yes

#auth_debug_passwords = no

#auth_worker_max_count = 30

#auth_gssapi_hostname =

#auth_krb5_keytab = 

#auth_use_winbind = no

# Path for Samba's ntlm_auth helper binary.
#auth_winbind_helper_path = /usr/bin/ntlm_auth

# Number of seconds to delay before replying to failed authentications.
#auth_failure_delay = 2

auth default {
  # Space separated list of wanted authentication mechanisms:
  #   plain login digest-md5 cram-md5 ntlm rpa apop anonymous gssapi otp skey
  #   gss-spnego
  # NOTE: See also disable_plaintext_auth setting.
  mechanisms = cram-md5

  #passdb passwd-file {
    # File contains a list of usernames, one per line
    #args = /etc/dovecot.deny
    #deny = yes
  #}

#  passdb pam {
    # [session=yes] [setcred=yes] [failure_show_msg=yes] [max_requests=<n>]
    # [cache_key=<key>] [<service name>]
    #
    # session=yes makes Dovecot open and immediately close PAM session. Some
    # PAM plugins need this to work, such as pam_mkhomedir.
    #
    # setcred=yes makes Dovecot establish PAM credentials if some PAM plugins
    # need that. They aren't ever deleted though, so this isn't enabled by
    # default.
    #
    # max_requests specifies how many PAM lookups to do in one process before
    # recreating the process. The default is 100, because many PAM plugins
    # leak memory.
    #
    # cache_key can be used to enable authentication caching for PAM
    # (auth_cache_size also needs to be set). It isn't enabled by default
    # because PAM modules can do all kinds of checks besides checking password,
    # such as checking IP address. Dovecot can't know about these checks
    # without some help. cache_key is simply a list of variables (see
    # doc/wiki/Variables.txt) which must match for the cached data to be used.
    # Here are some examples:
    #   %u - Username must match. Probably sufficient for most uses.
    #   %u%r - Username and remote IP address must match.
    #   %u%s - Username and service (ie. IMAP, POP3) must match.
    # 
    # The service name can contain variables, for example %Ls expands to
    # pop3 or imap.
    #
    # Some examples:
    #   args = session=yes %Ls
    #   args = cache_key=%u dovecot
    #args = dovecot
#  }

  # System users (NSS, /etc/passwd, or similiar)
  # In many systems nowadays this uses Name Service Switch, which is
  # configured in /etc/nsswitch.conf. <doc/wiki/AuthDatabase.Passwd.txt>
  #passdb passwd {
    # [blocking=yes] - See userdb passwd for explanation
    #args = 
  #}

  # Shadow passwords for system users (NSS, /etc/shadow or similiar).
  # Deprecated by PAM nowadays.
  # <doc/wiki/PasswordDatabase.Shadow.txt>
  #passdb shadow {
    # [blocking=yes] - See userdb passwd for explanation
    #args = 
  #}

  # PAM-like authentication for OpenBSD.
  # <doc/wiki/PasswordDatabase.BSDAuth.txt>
  #passdb bsdauth {
    # [cache_key=<key>] - See cache_key in PAM for explanation.
    #args =
  #}

  # passwd-like file with specified location
  # <doc/wiki/AuthDatabase.PasswdFile.txt>
  #passdb passwd-file {
    # [scheme=<default password scheme>] [username_format=<format>]
    # <Path for passwd-file>
    #args = 
  #}

  # checkpassword executable authentication
  # NOTE: You will probably want to use "userdb prefetch" with this.
  # <doc/wiki/AuthDatabase.CheckPassword.txt>
  #passdb checkpassword {
    # Path for checkpassword binary
    #args = 
  #}

  # SQL database <doc/wiki/AuthDatabase.SQL.txt>
  passdb sql {
    # Path for SQL configuration file, see doc/dovecot-sql-example.conf
    args = /etc/dovecot/dovecot-mysql.conf
  }

  # LDAP database <doc/wiki/AuthDatabase.LDAP.txt>
  #passdb ldap {
    # Path for LDAP configuration file, see doc/dovecot-ldap-example.conf
    #args = 
  #}

  # vpopmail authentication <doc/wiki/AuthDatabase.VPopMail.txt>
  #passdb vpopmail {
    # [cache_key=<key>] - See cache_key in PAM for explanation.
    # [quota_template=<template>] - %q expands to Maildir++ quota
    #   (eg. quota_template=quota_rule=*:backend=%q)
    #args =
  #}

  #
  # User database specifies where mails are located and what user/group IDs
  # own them. For single-UID configuration use "static".
  #
  # <doc/wiki/UserDatabase.txt>
  #

  #userdb prefetch {
  #}

  userdb passwd {
    # [blocking=yes] - By default the lookups are done in the main dovecot-auth
    # process. This setting causes the lookups to be done in auth worker
    # proceses. Useful with remote NSS lookups that may block.
    # NOTE: Be sure to use this setting with nss_ldap or users might get
    # logged in as each others!
    #args = 
  }

  # passwd-like file with specified location
  # <doc/wiki/AuthDatabase.PasswdFile.txt>
  #userdb passwd-file {
    # [username_format=<format>] <Path for passwd-file>
    #args =
  #}

  # checkpassword executable user database lookup
  # <doc/wiki/AuthDatabase.CheckPassword.txt>
  #userdb checkpassword {
    # Path for checkpassword binary
    #args = 
  #}

  # static settings generated from template <doc/wiki/UserDatabase.Static.txt>
  #userdb static {
    #args =
  #}

  # SQL database <doc/wiki/AuthDatabase.SQL.txt>
  userdb sql {
    # Path for SQL configuration file, see doc/dovecot-sql-example.conf
    args = /etc/dovecot/dovecot-mysql.conf
  }

  # LDAP database <doc/wiki/AuthDatabase.LDAP.txt>
  #userdb ldap {
    # Path for LDAP configuration file, see doc/dovecot-ldap-example.conf
    #args = 
  #}

  # vpopmail <doc/wiki/AuthDatabase.VPopMail.txt>
  #userdb vpopmail {
  #}

  user = root

  #chroot = 

  #count = 1

  #ssl_require_client_cert = no

  #ssl_username_from_cert = no

  # It's possible to export the authentication interface to other programs:
  socket listen {
    #master {
      # Master socket provides access to userdb information. It's typically
      # used to give Dovecot's local delivery agent access to userdb so it
      # can find mailbox locations.
      #path = /var/run/dovecot/auth-master
      #mode = 0600
      # Default user/group is the one who started dovecot-auth (root)
      #user = 
      #group = 
    #}
    client {
      # The client socket is generally safe to export to everyone. Typical use
      # is to export it to your SMTP server so it can do SMTP AUTH lookups
      # using it.
      path = /var/run/dovecot/auth-client
      mode = 0660
#      user = postfix
#      group = postfix

    }
  }
}

#auth external {
#  socket connect {
#    master {
#      path = /var/run/dovecot/auth-master
#    }
#  }
#}

##
## Dictionary server settings
##

dict {
  #quota = mysql:/etc/dovecot-dict-quota.conf 
  #expire = db:/var/lib/dovecot/expire.db
}

# Path to Berkeley DB's configuration file. See doc/dovecot-db-example.conf
#dict_db_config = 

##
## Plugin settings
##

plugin {
  # Here you can give some extra environment variables to mail processes.
  # This is mostly meant for passing parameters to plugins. %variable
  # expansion is done for all values.

  # Quota plugin. Multiple backends are supported:
  #   dirsize: Find and sum all the files found from mail directory.
  #            Extremely SLOW with Maildir. It'll eat your CPU and disk I/O.
  #   dict: Keep quota stored in dictionary (eg. SQL)
  #   maildir: Maildir++ quota
  #   fs: Read-only support for filesystem quota
  #
  # Quota limits are set using "quota_rule" parameters, either in here or in
  # userdb. It's also possible to give mailbox-specific limits, for example:
  #   quota_rule = *:storage=1048576
  #   quota_rule2 = Trash:storage=102400
  # User has now 1GB quota, but when saving to Trash mailbox the user gets
  # additional 100MB.
  #
  # Multiple quota roots are also possible, for example:
  #   quota = dict:user::proxy::quota
  #   quota2 = dict:domain:%d:proxy::quota_domain
  #   quota_rule = *:storage=102400
  #   quota2_rule = *:storage=1048576
  # Gives each user their own 100MB quota and one shared 1GB quota within
  # the domain.
  #
  # You can execute a given command when user exceeds a specified quota limit.
  # Each quota root has separate limits. Only the command for the first
  # exceeded limit is excecuted, so put the highest limit first.
  # Note that % needs to be escaped as %%, otherwise "% " expands to empty.
  #   quota_warning = storage=95%% /usr/local/bin/quota-warning.sh 95
  #   quota_warning2 = storage=80%% /usr/local/bin/quota-warning.sh 80
  #quota = maildir

  # ACL plugin. vfile backend reads ACLs from "dovecot-acl" file from maildir
  # directory. You can also optionally give a global ACL directory path where
  # ACLs are applied to all users' mailboxes. The global ACL directory contains
  # one file for each mailbox, eg. INBOX or sub.mailbox. cache_secs parameter
  # specifies how many seconds to wait between stat()ing dovecot-acl file
  # to see if it changed.
  #acl = vfile:/etc/dovecot-acls:cache_secs=300

  # To let users LIST mailboxes shared by other users, Dovecot needs a
  # shared mailbox dictionary. For example:
  #acl_shared_dict = file:/var/lib/dovecot/shared-mailboxes

  # Convert plugin. If set, specifies the source storage path which is
  # converted to destination storage (mail_location) when the user logs in.
  # The existing mail directory is renamed to <dir>-converted.
  #convert_mail = mbox:%h/mail
  # Skip mailboxes which we can't open successfully instead of aborting.
  #convert_skip_broken_mailboxes = no
  # Skip directories beginning with '.'
  #convert_skip_dotdirs = no
  # If source storage has mailbox names with destination storage's hierarchy
  # separators, replace them with this character.
  #convert_alt_hierarchy_char = _

  # Trash plugin. When saving a message would make user go over quota, this
  # plugin automatically deletes the oldest mails from configured mailboxes
  # until the message can be saved within quota limits. The configuration file
  # is a text file where each line is in format: <priority> <mailbox name>
  # Mails are first deleted in lowest -> highest priority number order
  #trash = /etc/dovecot-trash.conf

  # Expire plugin. Mails are expunged from mailboxes after being there the
  # configurable time. The first expiration date for each mailbox is stored in
  # a dictionary so it can be quickly determined which mailboxes contain
  # expired mails. The actual expunging is done in a nightly cronjob, which
  # you must set up:
  #   dovecot --exec-mail ext /usr/libexec/dovecot/expire-tool
  #expire = Trash 7 Spam 30
  #expire_dict = proxy::expire

  # Lazy expunge plugin. Currently works only with maildirs. When a user
  # expunges mails, the mails are moved to a mailbox in another namespace
  # (1st). When a mailbox is deleted, the mailbox is moved to another namespace
  # (2nd) as well. Also if the deleted mailbox had any expunged messages,
  # they're moved to a 3rd namespace. The mails won't be counted in quota,
  # and they're not deleted automatically (use a cronjob or something).
  #lazy_expunge = .EXPUNGED/ .DELETED/ .DELETED/.EXPUNGED/

  # Events to log. Also available: flag_change append
  #mail_log_events = delete undelete expunge copy mailbox_delete mailbox_rename
  # Group events within a transaction to one line.
  #mail_log_group_events = no
  # Available fields: uid, box, msgid, from, subject, size, vsize, flags
  # size and vsize are available only for expunge and copy events.
  #mail_log_fields = uid box msgid size
}

# Config files can also be included. deliver doesn't support them currently.
#!include /etc/dovecot/conf.d/*.conf
# Optional configurations, don't give an error if it's not found:
#!include_try /etc/dovecot/extra.conf

Podany wyżej plik dot. sasl postfix.conf z /usr/lib/sasl2/postfix.conf
Przedstawiony wycinek to cała zawartość tego pliku.
Ostatnio zmieniony 2010-03-16, 15:31 przez tomekn, łącznie zmieniany 1 raz.
Awatar użytkownika
webster
Użytkownik
Posty: 1269
Rejestracja: 2009-10-06, 11:58
Lokalizacja: Gdańsk
Kontakt:

Re: Problem z SASL authentication

Post autor: webster »

nie widzę całej treści /usr/lib/sasl2/postfix.conf.
Podaj jeszcze na wszelki wypadek jeżeli Posiadasz /usr/lib/sasl2/smtpd.conf
††† Chaos Of The Mirror - Valheru †††
††† I ♥ SlackWare RuLeZ †††

Slackware Poland FaceBook
tomekn
Użytkownik
Posty: 58
Rejestracja: 2004-11-26, 09:47

Re: Problem z SASL authentication

Post autor: tomekn »

Pliku /usr/lib/sasl2/smtpd.conf nie posiadam.
Tak jak pisałem już wcześniej mój /usr/lib/sasl2/postfix.conf

Kod: Zaznacz cały

pwcheck_method: saslauthd
mech_list: CRAM-MD5
auxprop_plugin: sql
sql_engine: mysql
sql_hostnames: 127.0.0.1
sql_database: database
sql_user: user
sql_passwd: pass
sql_select: SELECT password FROM mailbox WHERE username = '%u@%r' AND active = '1'
sql_verbose: true 
Ostatnio zmieniony 2010-03-16, 19:12 przez tomekn, łącznie zmieniany 1 raz.
Awatar użytkownika
Outlaw
Administrator
Posty: 2862
Rejestracja: 2004-06-29, 22:23
Lokalizacja: eth0
Kontakt:

Re: Problem z SASL authentication

Post autor: Outlaw »

Skoro masz już dovecot to czemu chcesz jeszcze mieć dodatkowo saslauthd? Zrób uwierzytelnianie w dovecot. W google jest dużo opisów jak zrobić postfixa+dovcota w oparciu o bazę mysql więc nie powinnieneś mieć problemów. Od Siebie na ten temat mogę polecić swojego bloga: http://blog.outlaw.one.pl/2009/06/24/lu ... -postfixa/

Co do main.cf musisz odpowiednio zmienić/dodać swoje wpisy na wzór tych

Kod: Zaznacz cały

# SASL paramters
smtpd_sasl_type = dovecot
smtpd_sasl_path = private/auth
smtpd_sasl_auth_enable = yes
smtpd_sasl_security_options = noanonymous
virtual_transport = dovecot
dovecot_destination_recipient_limit = 1
broken_sasl_auth_clients = yes
a jak ma wyglądać w takim wypadku dovecot.conf to znajdziesz w google, bo ja mam dovcota dopasowanego do panelu hostingowego więc moje wpisy się różnią od standardowych.
Ostatnio zmieniony 2010-03-16, 22:45 przez Outlaw, łącznie zmieniany 1 raz.
ODPOWIEDZ