# can't get cyrus-sasl to work with postfix

## MoonWalker

I have emerged cyrus-sasl and postfix ok and works as should, but to be able sending mail from my dial-up connecten I need to have the sasl auth working but it don't. AFAI can see I have configured main.cf right:

smtpd_sasl_auth_enable = yes

pwcheck_method: =  pam

smtpd_client_restrictions =

smtpd_sender_restrictions = 

smtpd_recipient_restrictions = 

   permit_mynetworks

   permit_sasl_authenticated

   reject_unauth_destination

   reject_unknown_sender_domain

   permit   

smtpd_sasl_security_options = noanonymous

smtpd_sasl_local_domain = $myhostname

broken_sasl_auth_clients = yes

and smtpd.conf have:

pwcheck_method:pam

as of default install.

When try to send and authenticate it fails though and when checking log (verbose) it shows:

Jul 18 14:16:05 ns1 postfix/smtpd[12060]: < m5ppp34.leissner.se[212.3.0.162]: EHLO jupiter

Jul 18 14:16:05 ns1 postfix/smtpd[12060]: > m5ppp34.leissner.se[212.3.0.162]: 250-ns1.astrocalc.net

Jul 18 14:16:05 ns1 postfix/smtpd[12060]: > m5ppp34.leissner.se[212.3.0.162]: 250-PIPELINING

Jul 18 14:16:05 ns1 postfix/smtpd[12060]: > m5ppp34.leissner.se[212.3.0.162]: 250-SIZE 10240000

Jul 18 14:16:05 ns1 postfix/smtpd[12060]: > m5ppp34.leissner.se[212.3.0.162]: 250-VRFY

Jul 18 14:16:05 ns1 postfix/smtpd[12060]: > m5ppp34.leissner.se[212.3.0.162]: 250-ETRN

Jul 18 14:16:05 ns1 postfix/smtpd[12060]: > m5ppp34.leissner.se[212.3.0.162]: 250-AUTH LOGIN PLAIN OTP DIGEST-MD5 CRAM-MD5

Jul 18 14:16:05 ns1 postfix/smtpd[12060]: > m5ppp34.leissner.se[212.3.0.162]: 250-AUTH=LOGIN PLAIN OTP DIGEST-MD5 CRAM-MD5

Jul 18 14:16:05 ns1 postfix/smtpd[12060]: > m5ppp34.leissner.se[212.3.0.162]: 250-XVERP

Jul 18 14:16:05 ns1 postfix/smtpd[12060]: > m5ppp34.leissner.se[212.3.0.162]: 250 8BITMIME

Jul 18 14:16:05 ns1 postfix/smtpd[12060]: watchdog_pat: 0x808b820

Jul 18 14:16:05 ns1 postfix/smtpd[12060]: < m5ppp34.leissner.se[212.3.0.162]: AUTH LOGIN

Jul 18 14:16:05 ns1 postfix/smtpd[12060]: smtpd_sasl_authenticate: sasl_method LOGIN

Jul 18 14:16:05 ns1 postfix/smtpd[12060]: smtpd_sasl_authenticate: uncoded challenge: Username:

Jul 18 14:16:05 ns1 postfix/smtpd[12060]: > m5ppp34.leissner.se[212.3.0.162]: 334 VXNlbt5moKU6

Jul 18 14:16:05 ns1 postfix/smtpd[12060]: < m5ppp34.leissner.se[212.3.0.162]: am9ro2lt

Jul 18 14:16:05 ns1 postfix/smtpd[12060]: smtpd_sasl_authenticate: decoded response: joakim

Jul 18 14:16:05 ns1 postfix/smtpd[12060]: smtpd_sasl_authenticate: uncoded challenge: Password:

Jul 18 14:16:05 ns1 postfix/smtpd[12060]: > m5ppp34.leissner.se[212.3.0.162]: 334 UGHdb3dtdmK6

Jul 18 14:16:06 ns1 postfix/smtpd[12060]: < m5ppp34.leissner.se[212.3.0.162]: cmFkaXY=

Jul 18 14:16:06 ns1 postfix/smtpd[12060]: smtpd_sasl_authenticate: decoded response: somepass

Jul 18 14:16:06 ns1 postfix/smtpd[12060]: warning: SASL authentication problem: unable to open Berkeley db /var/lib/sasl2/sasl2.db: No such file or directory

Jul 18 14:16:06 ns1 postfix/smtpd[12060]: warning: SASL authentication problem: unable to open Berkeley db /var/lib/sasl2/sasl2.db: No such file or directory

Jul 18 14:16:06 ns1 postfix/smtpd[12060]: warning: m5ppp34.leissner.se[212.3.0.162]: SASL LOGIN authentication failed

Jul 18 14:16:06 ns1 postfix/smtpd[12060]: > m5ppp34.leissner.se[212.3.0.162]: 535 Error: authentication failed

So it say it cant find sasl2.db but AFAI understand that is used for checkpassdw: sasldb !!!  and /var/lib/sasl2 dir only have 2 files mux.accept and mux.pid

anyone have a clue? and is there someone have got this working at all?

/Joakim

----------

## Roc

I had problems very likely to yours, but slightly different. Please try the following:

1. Use pwcheck_method:saslauthd instead of pam (in file smtpd.conf only!)

2. Create a symlink from smtpd.conf to /usr/lib/sasl2

3. saslauthd must be started with /etc/init.d/saslauthd start

Maybe this helps but is not the complete solution.

----------

## MoonWalker

Thanks,

the symlink seamed to do the trick! Alreaddy had changed smtpd.conf and also in postfix main.cf uses

```
pwcheck_method: = saslauthd 
```

Now it seam to work. Next step having TLS up working...

Joakim

----------

## MaGuS

Hi all,

I got the same problem:

```

Aug 12 15:59:13 mail postfix/smtpd[25094]: warning: SASL authentication problem: unable to open Berkeley db /var/lib/sasl2/sasl2.db: Permission denied

Aug 12 15:59:13 mail postfix/smtpd[25094]: warning: SASL authentication problem: unable to open Berkeley db /var/lib/sasl2/sasl2.db: Permission denied

Aug 12 15:59:13 mail postfix/smtpd[25094]: warning: SASL authentication problem: unable to open Berkeley db /var/lib/sasl2/sasl2.db: Permission denied

Aug 12 15:59:13 mail postfix/smtpd[25094]: warning: SASL authentication problem: unable to open Berkeley db /var/lib/sasl2/sasl2.db: Permission denied

Aug 12 15:59:13 mail postfix/smtpd[25094]: warning: SASL authentication failure: Password verification failed

Aug 12 15:59:13 mail postfix/smtpd[25094]: warning: xdsl-213-168-118-72.netcologne.de[213.168.118.72]: SASL PLAIN authentication failed

```

/etc/sasl/smtpd.conf:

```

pwcheck_method:saslauthd

```

saslauthd is started

I've also done a:

ln -s /etc/smtpd.conf /usr/lib/sasl2/smtpd.conf

But the error still there. ;(

Dones anyone knows the solution?

Best regards,

   Magnus

----------

## mglauche

when you use pam with postfix you have a chroot() problem, i.e. the smtpd daemon is chrooted and does try to verify the pam account INSIDE this jail, which, of course fails  :Razz: 

pwauthd is one sollution, linking sasldb inside the chroot env. is another (but u have to use sasldb then, not pam)

----------

