# Postfix + SASL keeps trying to use BerkeleyDB instead of PAM

## melvin22

I've been trying to setup Postfix on my home network to use SMTP authentication using PAM.  I followd instructions on the guide I found on these forums (https://forums.gentoo.org/viewtopic.php?t=56633) but no matter what I do it doesn't work, and when I look at the logs I see this:

```

Jun  9 13:09:29 [postfix/smtpd] TLS connection established from unknown[10.1.1.31]: TLSv1 with cipher RC4-SHA (128/128 bits)

Jun  9 13:09:29 [postfix/smtpd] warning: SASL authentication problem: unable to open Berkeley db /etc/sasl2/sasldb2: Permission denied

                - Last output repeated twice -

Jun  9 13:09:29 [postfix/smtpd] warning: SASL authentication failure: Password verification failed

Jun  9 13:09:29 [postfix/smtpd] warning: unknown[10.1.1.31]: SASL PLAIN authentication failed

```

Here are my config files:

/etc/postfix/main.cf

```

queue_directory = /var/spool/postfix

command_directory = /usr/sbin

daemon_directory = /usr/lib/postfix

mail_owner = postfix

myorigin = $myhostname

mydestination = $myhostname, localhost.$mydomain $mydomain

unknown_local_recipient_reject_code = 450

mynetworks_style = subnet

mynetworks = 127.0.0.0/8 10.1.1.0/24

mailbox_command = /usr/bin/procmail

debug_peer_level = 2

debugger_command =

         PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin

         xxgdb $daemon_directory/$process_name $process_id & sleep 5

sendmail_path = /usr/sbin/sendmail

newaliases_path = /usr/bin/newaliases

mailq_path = /usr/bin/mailq

setgid_group = postdrop

manpage_directory = /usr/share/man

sample_directory = /usr/share/doc/postfix-2.0.16-r1/sample

readme_directory = /usr/share/doc/postfix-2.0.16-r1/readme

default_destination_concurrency_limit = 2

alias_database = hash:/etc/mail/aliases

local_destination_concurrency_limit = 2

alias_maps = hash:/etc/mail/aliases

home_mailbox = .maildir/

 

smtpd_sasl_auth_enable = yes

smtpd_sasl_password_maps = hash:/etc/postfix/saslpass

smtpd_sasl_security_options = noanonymous

smtpd_sasl_local_domain =

broken_sasl_auth_clients = yes

smtpd_recipient_restrictions = permit_sasl_authenticated, reject

 

smtpd_use_tls=yes

smtpd_tls_auth_only = yes

smtpd_tls_key_file = /etc/ssl/postfix/server.key

smtpd_tls_cert_file = /etc/ssl/postfix/server.crt

smtpd_tls_CAfile = /etc/ssl/postfix/server.pem

smtpd_tls_loglevel = 3

smtpd_tls_received_header = yes

smtpd_tls_session_cache_timeout = 3600s

tls_random_source = dev:/dev/urandom

```

/etc/sasl2/smpd.conf

```

pwcheck_method:sslauthd

mech_list: login plain

```

/etc/conf.d/saslauthd

```

SASL_AUTHMECH=pam

SASL_RIMAP_HOSTNAME=""

SASL_TIME_OF_DAY_LOGIN_RESTRICTIONS=yes

SASLAUTHD_OPTS="-a ${SASL_AUTHMECH}"

```

When I emerge everything I had the flags "ssl pam nls maildir sasl gdbm berkdb -mysql -ldap 

 -mbox -postgres -kerberos -java -static".

I also made a link from /etc/sasl2/smtpd.conf /usr/lib/sasl2/smtpd.conf

When I run saslauthd -v, this is what I see:

```

saslauthd 2.1.14

authentication mechanisms: getpwent pam rimap shadow

```

Finally, when I connect using telnet I see:

```

Connected to localhost

220 localhost ESMTP Postfix

EHLO localhost

250-localhost

250-pipelining

250-SIZE 10240000

250-VRFY

250-ETRN

250-STARTLS

250-XVERP

250 8BITMIME

```

Does anyone have any idea what's going on?

----------

## Janne Pikkarainen

Did you copypaste this 

```
pwcheck_method:sslauthd
```

from your /etc/sasl2/smtpd.conf or write it by hand? I suspect that it should read saslauthd instead of sslauthd.

----------

## melvin22

My file has saslauthd

----------

## melvin22

Apparently I have to have the pwcheck daemon running.  I found the answer here:

https://forums.gentoo.org/viewtopic.php?t=165748&highlight=sasl+postfix&sid=bdf209cbd460a66960e9b9ef07b4018e

----------

## jgongo

I had a similar problem until I symlinked /usr/lib/sasl2/smtpd.conf to /etc/sasl2/smtpd.conf. It seems postfix searches for its sasl configuration in /usr/lib/sasl2 instead of /etc/sasl2

Regards

Jose

----------

