digitaly
asked on
Help configuring and debugging SMTP-AUTH (Cyrus/Posftix/SASL/TLS/SSL on FreeBSD 5.4)
Hi folks,
I've been working on setting up a nice new FreeBSD 5.4 server (updates, patches, etc work like a charm) but I'm having a terrible time getting SMTP Auth to work right. Here's the deal. I've got Cyrus IMAP setup, along with SASL and SASLAUTHD running. Creating mailboxes with cyradm works fine. Logging into IMAP server works fine. Reading mail, moving mail, deleting mail, etc. works fine. Postfix... well, kinda works, kinda doesn't. It starts up and responds, but doesn't do what it should do. SMTP Auth claims it can't find the SASLDB (when using SSL) and postfix says it can't find the mailbox (when using just TLS, no SSL). Any help would be greatly appreciated (gotta have this running on Monday). Here are some configuration files and some log output:
main.cf
========================== =
biff = no
soft_bounce = yes
queue_directory = /var/spool/postfix
command_directory = /usr/local/sbin
daemon_directory = /usr/local/libexec/postfix
mail_owner = postfix
default_privs = nobody
myhostname = checker2.divisionpoint.net
mydomain = divisionpoint.net
myorigin = $mydomain
inet_interfaces = all
mydestination = $myhostname, localhost.$mydomain $mydomain
local_recipient_maps = unix:passwd.byname $alias_maps
unknown_local_recipient_re ject_code = 550
mynetworks_style = host
mynetworks = 192.168.2.0/24, 127.0.0.0/8
relay_domains = $mydestination
recipient_delimiter = +
mailbox_transport = lmtp:unix:/var/imap/socket /lmtp
virtual_transport = lmtp:unix:/var/imap/socket /lmtp
virtual_mailbox_domains = checker2.divisonpoint.net, divisionpoint.net, checkertaxistand.com
virtual_alias_maps = hash:/usr/local/etc/postfi x/virtual
fallback_transport = cyrus
luser_relay = $local@other.host
smtpd_banner = $myhostname ESMTP $mail_name
debug_peer_level = 2
debugger_command =
PATH=/bin:/usr/bin:/usr/lo cal/bin:/u sr/X11R6/b in
xxgdb $daemon_directory/$process _name $process_id & sleep 5
sendmail_path = /usr/local/sbin/sendmail
newaliases_path = /usr/local/bin/newaliases
mailq_path = /usr/local/bin/mailq
setgid_group = maildrop
html_directory = no
manpage_directory = /usr/local/man
sample_directory = /usr/local/etc/postfix
readme_directory = no
masquerade_domains = $mydomain
smtpd_recipient_restrictio ns =
permit_sasl_authenticated
reject_non_fqdn_recipient
permit_mynetworks
reject_unauth_destination
reject_unknown_sender_doma in
permit
smtpd_helo_restrictions = reject_invalid_hostname
smtpd_require_helo = yes
smtpd_sender_restrictions = permit_sasl_authenticated, permit_mynetworks
empty_address_recipient = thepostmaster
message_size_limit = 7340032
smtpd_sasl_auth_enable = yes
smtpd_sasl_security_option s = noanonymous
smtpd_sasl_local_domain = $myhostname
broken_sasl_auth_clients = yes
smtpd_use_tls = yes
smtpd_tls_auth_only = yes
smtpd_tls_key_file = /usr/local/etc/postfix/ser ver.pem
smtpd_tls_cert_file = /usr/local/etc/postfix/ser ver.pem
smtpd_tls_CAfile = /usr/local/etc/postfix/ser ver.pem
smtpd_tls_loglevel = 3
smtpd_tls_received_header = yes
smtpd_tls_session_cache_ti meout = 360s
tls_random_source = dev:/dev/urandom
========================== =
master.cf (just the smtps line)
========================== =
smtps inet n - y - - smtpd -o smtpd_tls_wrappermode=yes -o smtpd_sasl_auth_enable=yes
========================== =
smtpd.conf
========================== =
pwcheck_method: saslauthd
mech_list: PLAIN LOGIN CRAM-MD5
#saslauthd_path: /var/run/saslauthd/mux
========================== =
SMTP with SSL (log output)
========================== =
Jul 1 23:45:23 checker2 postfix/smtpd[39662]: TLS connection established from unknown[192.168.2.100]: TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)
Jul 1 23:45:27 checker2 postfix/smtpd[39662]: warning: SASL authentication failure: no user in db
Jul 1 23:45:27 checker2 postfix/smtpd[39662]: 6BFC745024: client=unknown[192.168.2.1 00], sasl_method=CRAM-MD5, sasl_username=[username at domain]
Jul 1 23:45:27 checker2 postfix/cleanup[39665]: 6BFC745024: message-id=<44A741B7.50903 06@[domain ]>
Jul 1 23:45:27 checker2 postfix/qmgr[39641]: 6BFC745024: from=<[username at domain]>, size=769, nrcpt=1 (queue active)
Jul 1 23:45:27 checker2 postfix/smtpd[39662]: disconnect from unknown[192.168.2.100]
Jul 1 23:45:27 checker2 postfix/lmtp[39667]: 6BFC745024: to=<[username2 at domain]>, orig_to=<[username at domain]>, relay=/var/imap/socket/lmt p[/var/ima p/socket/l mtp], delay=0, status=SOFTBOUNCE (host /var/imap/socket/lmtp[/var /imap/sock et/lmtp] said: 550-Mailbox unknown. Either there is no mailbox associated with this 550-name or you do not have authorization to see it. 550 5.1.1 User unknown (in reply to RCPT TO command))
========================== =
SMTP with TLS only, no SSL (log output)
========================== =
Jul 1 23:41:56 checker2 postfix/smtpd[39642]: TLS connection established from unknown[192.168.2.100]: SSLv3 with cipher D$
Jul 1 23:42:00 checker2 postfix/smtpd[39642]: warning: SASL authentication failure: Could not open db
Jul 1 23:42:00 checker2 postfix/smtpd[39642]: warning: SASL authentication failure: Could not open db
Jul 1 23:42:00 checker2 postfix/smtpd[39642]: warning: SASL authentication failure: no secret in database
Jul 1 23:42:00 checker2 postfix/smtpd[39642]: warning: unknown[192.168.2.100]: SASL CRAM-MD5 authentication failed
Jul 1 23:42:00 checker2 postfix/smtpd[39642]: warning: SASL authentication failure: Could not open db
Jul 1 23:42:00 checker2 postfix/smtpd[39642]: warning: SASL authentication failure: Could not open db
Jul 1 23:42:00 checker2 postfix/smtpd[39642]: warning: SASL authentication failure: Password verification failed
Jul 1 23:42:00 checker2 postfix/smtpd[39642]: warning: unknown[192.168.2.100]: SASL PLAIN authentication failed
Jul 1 23:42:00 checker2 postfix/smtpd[39642]: warning: SASL authentication failure: Could not open db
Jul 1 23:42:00 checker2 postfix/smtpd[39642]: warning: SASL authentication failure: Could not open db
Jul 1 23:42:00 checker2 postfix/smtpd[39642]: warning: unknown[192.168.2.100]: SASL LOGIN authentication failed
Jul 1 23:42:03 checker2 postfix/smtpd[39642]: lost connection after AUTH from unknown[192.168.2.100]
Jul 1 23:42:03 checker2 postfix/smtpd[39642]: disconnect from unknown[192.168.2.100]
========================== =
I've been working on setting up a nice new FreeBSD 5.4 server (updates, patches, etc work like a charm) but I'm having a terrible time getting SMTP Auth to work right. Here's the deal. I've got Cyrus IMAP setup, along with SASL and SASLAUTHD running. Creating mailboxes with cyradm works fine. Logging into IMAP server works fine. Reading mail, moving mail, deleting mail, etc. works fine. Postfix... well, kinda works, kinda doesn't. It starts up and responds, but doesn't do what it should do. SMTP Auth claims it can't find the SASLDB (when using SSL) and postfix says it can't find the mailbox (when using just TLS, no SSL). Any help would be greatly appreciated (gotta have this running on Monday). Here are some configuration files and some log output:
main.cf
==========================
biff = no
soft_bounce = yes
queue_directory = /var/spool/postfix
command_directory = /usr/local/sbin
daemon_directory = /usr/local/libexec/postfix
mail_owner = postfix
default_privs = nobody
myhostname = checker2.divisionpoint.net
mydomain = divisionpoint.net
myorigin = $mydomain
inet_interfaces = all
mydestination = $myhostname, localhost.$mydomain $mydomain
local_recipient_maps = unix:passwd.byname $alias_maps
unknown_local_recipient_re
mynetworks_style = host
mynetworks = 192.168.2.0/24, 127.0.0.0/8
relay_domains = $mydestination
recipient_delimiter = +
mailbox_transport = lmtp:unix:/var/imap/socket
virtual_transport = lmtp:unix:/var/imap/socket
virtual_mailbox_domains = checker2.divisonpoint.net,
virtual_alias_maps = hash:/usr/local/etc/postfi
fallback_transport = cyrus
luser_relay = $local@other.host
smtpd_banner = $myhostname ESMTP $mail_name
debug_peer_level = 2
debugger_command =
PATH=/bin:/usr/bin:/usr/lo
xxgdb $daemon_directory/$process
sendmail_path = /usr/local/sbin/sendmail
newaliases_path = /usr/local/bin/newaliases
mailq_path = /usr/local/bin/mailq
setgid_group = maildrop
html_directory = no
manpage_directory = /usr/local/man
sample_directory = /usr/local/etc/postfix
readme_directory = no
masquerade_domains = $mydomain
smtpd_recipient_restrictio
permit_sasl_authenticated
reject_non_fqdn_recipient
permit_mynetworks
reject_unauth_destination
reject_unknown_sender_doma
permit
smtpd_helo_restrictions = reject_invalid_hostname
smtpd_require_helo = yes
smtpd_sender_restrictions = permit_sasl_authenticated,
empty_address_recipient = thepostmaster
message_size_limit = 7340032
smtpd_sasl_auth_enable = yes
smtpd_sasl_security_option
smtpd_sasl_local_domain = $myhostname
broken_sasl_auth_clients = yes
smtpd_use_tls = yes
smtpd_tls_auth_only = yes
smtpd_tls_key_file = /usr/local/etc/postfix/ser
smtpd_tls_cert_file = /usr/local/etc/postfix/ser
smtpd_tls_CAfile = /usr/local/etc/postfix/ser
smtpd_tls_loglevel = 3
smtpd_tls_received_header = yes
smtpd_tls_session_cache_ti
tls_random_source = dev:/dev/urandom
==========================
master.cf (just the smtps line)
==========================
smtps inet n - y - - smtpd -o smtpd_tls_wrappermode=yes -o smtpd_sasl_auth_enable=yes
==========================
smtpd.conf
==========================
pwcheck_method: saslauthd
mech_list: PLAIN LOGIN CRAM-MD5
#saslauthd_path: /var/run/saslauthd/mux
==========================
SMTP with SSL (log output)
==========================
Jul 1 23:45:23 checker2 postfix/smtpd[39662]: TLS connection established from unknown[192.168.2.100]: TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)
Jul 1 23:45:27 checker2 postfix/smtpd[39662]: warning: SASL authentication failure: no user in db
Jul 1 23:45:27 checker2 postfix/smtpd[39662]: 6BFC745024: client=unknown[192.168.2.1
Jul 1 23:45:27 checker2 postfix/cleanup[39665]: 6BFC745024: message-id=<44A741B7.50903
Jul 1 23:45:27 checker2 postfix/qmgr[39641]: 6BFC745024: from=<[username at domain]>, size=769, nrcpt=1 (queue active)
Jul 1 23:45:27 checker2 postfix/smtpd[39662]: disconnect from unknown[192.168.2.100]
Jul 1 23:45:27 checker2 postfix/lmtp[39667]: 6BFC745024: to=<[username2 at domain]>, orig_to=<[username at domain]>, relay=/var/imap/socket/lmt
==========================
SMTP with TLS only, no SSL (log output)
==========================
Jul 1 23:41:56 checker2 postfix/smtpd[39642]: TLS connection established from unknown[192.168.2.100]: SSLv3 with cipher D$
Jul 1 23:42:00 checker2 postfix/smtpd[39642]: warning: SASL authentication failure: Could not open db
Jul 1 23:42:00 checker2 postfix/smtpd[39642]: warning: SASL authentication failure: Could not open db
Jul 1 23:42:00 checker2 postfix/smtpd[39642]: warning: SASL authentication failure: no secret in database
Jul 1 23:42:00 checker2 postfix/smtpd[39642]: warning: unknown[192.168.2.100]: SASL CRAM-MD5 authentication failed
Jul 1 23:42:00 checker2 postfix/smtpd[39642]: warning: SASL authentication failure: Could not open db
Jul 1 23:42:00 checker2 postfix/smtpd[39642]: warning: SASL authentication failure: Could not open db
Jul 1 23:42:00 checker2 postfix/smtpd[39642]: warning: SASL authentication failure: Password verification failed
Jul 1 23:42:00 checker2 postfix/smtpd[39642]: warning: unknown[192.168.2.100]: SASL PLAIN authentication failed
Jul 1 23:42:00 checker2 postfix/smtpd[39642]: warning: SASL authentication failure: Could not open db
Jul 1 23:42:00 checker2 postfix/smtpd[39642]: warning: SASL authentication failure: Could not open db
Jul 1 23:42:00 checker2 postfix/smtpd[39642]: warning: unknown[192.168.2.100]: SASL LOGIN authentication failed
Jul 1 23:42:03 checker2 postfix/smtpd[39642]: lost connection after AUTH from unknown[192.168.2.100]
Jul 1 23:42:03 checker2 postfix/smtpd[39642]: disconnect from unknown[192.168.2.100]
==========================
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER