# Postfix+SASLAUTHD Problems

## DoubleDub

So I've been beating my head against this for a while and haven't gotten anywhere.  Here's where I currently stand:

I have Postfix and Cyrus-SASL installed:

[ebuild   R   ] mail-mta/postfix-2.2.5  -hardened +ipv6 -ldap -mailwrapper -mbox +mysql* -nis +pam -postgres +sasl (-selinux) +ssl -vda 0 kB

[ebuild   R   ] dev-libs/cyrus-sasl-2.1.20  -authdaemond* +berkdb* +gdbm +java -kerberos -ldap +mysql* +pam -postgres +ssl -static 0 kB

I want Postfix to allow me to relay from external sources via authentication to the local usernames and passwords.  

Here's what I've done so far.

I have added the following to the /etc/postfix/main.cf (I have collected these from numerous sources online):

smtpd_recipient_restrictions = permit_sasl_authenticated reject_unauth_destination

smtpd_sasl_authenticated_header = yes

smtpd_sasl_auth_enable = yes

smtpd_sasl_security_options = noanonymous

smtpd_sasl_tls_security_options = $smtpd_sasl_security_options

broken_sasl_auth_clients = yes

When I telnet into the server I do get AUTH LOGIN PLAIN ....

My /etc/sasl2/smtpd.conf file reads:

pwcheck_method:saslauthd

My /etc/conf.d/saslauthd file reads:

# Config file for /etc/init.d/saslauthd

SASLAUTHD_OPTS="-V "

SASLAUTHD_OPTS="${SASLAUTH_MECH} -a pam"

(commented lines omitted)

When I try to log in I get the following in my logs and authentication failed, even though testsaslauthd gives me a pass:

testsaslauthd -u test -p pass

0: OK "Success."

printf 'test\0test\0pass' | encode-base64

dGVzdAB0ZXN0AHBhc3M=

telnet localhost 25

Trying 127.0.0.1...

Connected to localhost.

Escape character is '^]'.

220 mail.noneofyourbusiness.com ESMTP Postfix

ehlo test.com

250-mail.noneofyourbusiness.com

250-PIPELINING

250-SIZE 10240000

250-VRFY

250-ETRN

250-AUTH CRAM-MD5 DIGEST-MD5 LOGIN PLAIN NTLM

250-AUTH=CRAM-MD5 DIGEST-MD5 LOGIN PLAIN NTLM

250 8BITMIME

auth plain dGVzdAB0ZXN0AHBhc3M=

535 Error: authentication failed

quit

221 Bye

Connection closed by foreign host.

In the syslog:

tail /var/log/messages

[some omitted]

Jan 10 16:58:19 bender postfix/smtpd[19600]: warning: SASL authentication failure: cannot connect to saslauthd server: No such file or directory

Jan 10 16:58:19 bender postfix/smtpd[19600]: warning: SASL authentication failure: Password verification failed

Jan 10 16:58:19 bender postfix/smtpd[19600]: warning: unknown[127.0.0.1]: SASL plain authentication failed

Jan 10 16:58:23 bender postfix/smtpd[19600]: disconnect from unknown[127.0.0.1]

Any ideas?  I'm stumped - not sure why it can't connect to SASLAUTHD.  (And yes - I verified that it was running using `ps ax' after reading several posts here in the forums.)

Thanks in advance!

edit:

After posting I noticed that Cyrus-Sasl was emerged with -authdaemond even though I had reemerged it with USE="authdaemond".  Could this be my issue?  Any ideas?  Thanks!

----------

## vladgrigorescu

When you emerge with USE="authdaemond..." it will perform the current emerge with those USE flags, but not future ones.  For this, use the /etc/portage/package.uses file.

----------

## DoubleDub

Thanks, I'll give that a shot - I wasn't even sure if my problem was related to the -authdaemond.

edit:

Looks like that didn't help any:

Jan 10 21:46:01 bender postfix/smtpd[26073]: warning: SASL authentication failure: cannot connect to saslauthd server: No such file or directory

Jan 10 21:46:01 bender postfix/smtpd[26073]: warning: SASL authentication failure: Password verification failed

Jan 10 21:46:01 bender postfix/smtpd[26073]: warning: unknown[127.0.0.1]: SASL plain authentication failed

----------

## xces

Are you running your Postfix services in a chroot environment (see master.cf)? In that case, the socket of saslauthd has to be inside the chroot directory.

----------

## DoubleDub

Thanks - I turned off the chroot on my master.cf config and I was able to authenticate successfully.  What would I need to change with sasl to make it work in a chroot setup?

----------

