View Single Post
  #1   (View Single Post)  
Old 5th May 2009
roundkat roundkat is offline
Shell Scout
 
Join Date: May 2008
Posts: 115
Default Smtp Auth Help needed

Greeetings all..

Overview
- To add smtp auth to my working OpenBSD 4.5 smtp gateway to
relay email (use my server for outbound email) for a friend that has a dynamic ip.
- the smtp gateway currently filters and delivers email to
my internal email /samba server which has been in place for several years.

What I have tried /done
- installed via packages
Code:
* cyrus-sasl-2.1.22p5 RFC 2222 SASL (Simple Authentication and Security Layer)
* postfix-2.5.6p1-sasl2 fast, secure sendmail replacement
- Added to /etc/postfix/main.cf
Code:
#SASL support
smtpd_sasl_auth_enable = yes
smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination
smtpd_sasl_path = smtpd
smtpd_sasl_security_options = noanonymous
Using the following as guides for configuration
1) http://www.postfix.org/SASL_README.html#server_sasl
2) http://www.posluns.com/guides/postfix_sasltls.html
#2 being OpenBSD specific, based on OpenBSD 3.2

based on #1
/usr/local/lib/sasl2/smtpd.conf
Code:
pwcheck_method: auxprop
auxprop_plugin: saslauthd
mech_list: PLAIN LOGIN CRAM-MD5 DIGEST-MD5
Tested with example user
Code:
saslpasswd2 -c -u `postconf -h myhostname` exampleuser
- which created /etc/sasldb2.db
- postfix is chrooted so I copied sasldb2.db to /var/spool/postfix/etc/sasldb2.db
-
- postfix check
- postfix reload

Checked sasl authentication
Code:
root@/etc/postfix#saslauthd -v 
saslauthd 2.1.22
authentication mechanisms: sasldb getpwent kerberos5 rimap
Trials
Manually entered
- ehlo sooner.com
- AUTH PLAIN AGNocmlzAGVuZ2xhbmQ=

used following command to get the correct hash
% perl -MMIME::Base64 -e \
'print encode_base64("\0username\0password");'
Code:
root@/etc/postfix#telnet localhost 25
Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'.
220 mydomain.com ESMTP Postfix
ehlo sooner.com
250-mydomain.com
250-PIPELINING
250-SIZE 10240000
250-VRFY
250-ETRN
250-AUTH PLAIN LOGIN DIGEST-MD5 CRAM-MD5
250-ENHANCEDSTATUSCODES
250-8BITMIME
250 DSN
AUTH PLAIN AGNocmlzAGVuZ2xhbmQ=
535 5.7.8 Error: authentication failed: authentication failure

tail /var/log/maillog

postfix/smtpd[21526]: connect from localhost[127.0.0.1]
postfix/smtpd[21526]: warning: SASL authentication failure: Password verification failed
postfix/smtpd[21526]: warning: localhost[127.0.0.1]: SASL PLAIN authentication failed: authentication failure
postfix/smtpd[21526]: lost connection after AUTH from localhost[127.0.0.1]
After much googling I have not found any recent installations for OpenBSD.

I feel that I am missing something fundamental and ask for some pointers to get this working..

Additionally, will write a guide and post for posterity..
My Solaris guide for Nagios has 3,232 hits to date..

thx
rk
__________________
All posts sent on ReCycled Electrons...

Last edited by roundkat; 5th May 2009 at 04:26 PM.
Reply With Quote