DaemonForums  

Go Back   DaemonForums > OpenBSD > OpenBSD General

OpenBSD General Other questions regarding OpenBSD which do not fit in any of the categories below.

Reply
 
Thread Tools Display Modes
  #1   (View Single Post)  
Old 1st July 2013
Torxed Torxed is offline
Port Guard
 
Join Date: Jul 2013
Location: Sweden
Posts: 10
Default postfix + Cyrus SASL - cannot connect to saslauthd server: No such file

Everything is up and running and answer on calls but the login for postfix doesn't seem to work (it works for Courier IMAP, just not postfix).

Here's the error output:

Code:
    Jun 30 22:22:10 HOST postfix/smtps/smtpd[31676]: Anonymous TLS connection established from unknown[<my ip>]: TLSv1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits)
    Jun 30 22:22:10 HOST postfix/smtps/smtpd[31676]: warning: SASL authentication failure: cannot connect to saslauthd server: No such file or directory
    Jun 30 22:22:10 HOST postfix/smtps/smtpd[31676]: warning: SASL authentication failure: Password verification failed
    Jun 30 22:22:10 HOST postfix/smtps/smtpd[31676]: warning: unknown[<my ip>]: SASL PLAIN authentication failed: generic failure

Here's `/usr/local/lib/sasl2/smtpd.conf`:

Code:
    pwcheck_method: saslauthd
    mech_list: PLAIN LOGIN
    authdaemond_path: /var/run/courier-auth/socket
    log_level: 7
And the socket has been created:

`# ls -l /var/run/courier-auth/`

Code:
    total 4
    -rw-r--r--  1 root  wheel     5 Jun 30 22:19 pid
    -rw-------  1 root  wheel     0 Jun 30 22:19 pid.lock
    srwxrwxrwx  1 root  _postfix  0 Jun 30 22:19 socket
The `/etc/courier/authdaemonrc` says:

Code:
    [...]
    authmodulelist="authpwd"
    [...]
    authdaemonvar=/var/run/courier-auth
    [...]
I have no clue why this is going wrong, or where to begin to check for errors since the log doesn't specify which file it's looking for or where the connection is going wrong so i'm in desperate need of some help here.


System:
=======
* OpenBSD 5.3
* postfix-2.10.20130201-sasl2
* courier-authlib-0.64.0
* courier-imap-4.11.0


Edit: I've also taken into account that postfix runs in a chrooted environment (tried not chrooting as well just for the sake of it) and thus i created a symlink from /var/run/courier-auth -> /storage/spool/postfix/var/run/courier-auth without success.


note:
Code:
# testsaslauthd -u anton -p PassWord123 -f /var/run/courier-auth/socket -s smtp
size read failed
And also

Code:
# testsaslauthd -u anton -p PassWord123 -s smtp                                 
connect() : No such file or directory
Which bothers me, because for some reason /usr/local/lib/sasl2/smtpd.conf isn't taken into account but at the same time, changing pwcheck_method into something obscure it will complain, it just doesn't take the socket path..
Reply With Quote
  #2   (View Single Post)  
Old 1st July 2013
Torxed Torxed is offline
Port Guard
 
Join Date: Jul 2013
Location: Sweden
Posts: 10
Default

Got a little bit closer to the solution.
The startup was missing some parameters aparently (don't know how i came to that comclulsion), but i modified the `/etc/rc.d/saslauthd` with the following outcome:

Code:
daemon_flags="-a getpwent -m /var/run/courier-auth/"
getpwent was the part i was missing, now testsaslauthd -u anton -p PassWord123 -f /storage/spool/postfix/var/run/courier-auth/mux gives me:
Code:
0: OK "Success."
Also these changes and made a config change to master.cf un-chrooting postfix (for now) it all works!
However IMAP has stoped working, and i don't know why..

Code:
Jul  1 10:50:13 HOST imapd-ssl: authentication error: Connection refused
Jul  1 10:50:14 HOST imapd-ssl: authdaemon: s_connect() failed: Connection refused
Jul  1 10:50:14 HOST imapd-ssl: [Hint: perhaps authdaemond is not running?]
SMTP works, so i can send e-mails, now i just can't view them with a client..

Last edited by Torxed; 1st July 2013 at 09:01 AM.
Reply With Quote
  #3   (View Single Post)  
Old 1st July 2013
J65nko J65nko is offline
Administrator
 
Join Date: May 2008
Location: Budel - the Netherlands
Posts: 4,125
Default

Usually pkg_add displays a message with some configuration hints. You could use pkg_info -M <package_name> to see whether there are any of those.
__________________
You don't need to be a genius to debug a pf.conf firewall ruleset, you just need the guts to run tcpdump
Reply With Quote
  #4   (View Single Post)  
Old 1st July 2013
Torxed Torxed is offline
Port Guard
 
Join Date: Jul 2013
Location: Sweden
Posts: 10
Default

Quote:
Originally Posted by J65nko View Post
Usually pkg_add displays a message with some configuration hints. You could use pkg_info -M <package_name> to see whether there are any of those.
Yepp followed those to the letter.

Code:
# pkg_info -M courier-imap
Information for inst:courier-imap-4.11.0

Install notice:
You now need to edit appropriately the Courier-IMAP configuration files
installed in /etc/courier/.

Pay particular attention to the details in imapd.cnf, and read ssl(8) if
necessary. You MUST set the CN in imapd.cnf to the hostname by which
your IMAP server is accessed, or else clients will complain. When this
is done, you can use the 'mkimapdcert' script to automatically generate
a server certificate, which is installed into /etc/ssl/imapd.pem
First of all, 80% of that text cares for the generation of certificates (and that part works fine).
The last few lines tells me to edit IMAP configuration files in /etc/courier/ which is a no-brainer..

So it leaves me with:
  • A working SMTP (as of this morning)
  • Broken Courier IMAP support
  • Working SASL2 auth
Reply With Quote
  #5   (View Single Post)  
Old 1st July 2013
Torxed Torxed is offline
Port Guard
 
Join Date: Jul 2013
Location: Sweden
Posts: 10
Default

Ok, so i've managed to get IMAP(courier) and SMTP(postfix) support working with SASL2 but, IMAP reports invalid credentials...

I'm not sure that this parameter is correct `/usr/local/lib/sasl2/smtpd.conf`:
Code:
authdaemond_path: /var/run/courier-auth/
It appears that this is the parameter needed for Courier to work, postfix doesn't rely to heavily on this, it uses `saslauthd_path` for whatever reason (?).

Here's the entire `/usr/local/lib/sasl2/smtpd.conf`:
Code:
pwcheck_method: saslauthd
mech_list: PLAIN LOGIN
authdaemond_path: /var/run/courier-auth/
saslauthd_path: /var/run/courier-auth/mux
autotransition:true
log_level: 3
Here's the entire `/etc/courier/authdaemonrc`:
Code:
authmodulelist="authpwd"
authmodulelistorig="authpwd"
daemons=5
authdaemonvar=/var/run/courier-auth
DEBUG_LOGIN=1
DEFAULTOPTIONS=""
LOGGEROPTS=""
And the `/etc/courier/imapd-ssl`:
Code:
SSLPORT=993
SSLADDRESS=0
SSLPIDFILE=/var/run/courier/imapd-ssl.pid
SSLLOGGEROPTS="-name=imapd-ssl"
IMAPDSSLSTART=YES
IMAPDSTARTTLS=NO
IMAP_TLS_REQUIRED=0
COURIERTLS=/usr/local/bin/couriertls
TLS_CERTFILE=/etc/ssl/imapd.pem
TLS_TRUSTCERTS=/etc/ssl/cert.pem
TLS_VERIFYPEER=NONE
MAILDIRPATH=/storage/mail

And this is how i start the whole shebang:
(note: saslauthd is normally started via /etc/rc.d but i unfolded that script for viewers convencience)
Code:
/usr/local/sbin/saslauthd -a getpwent -m /var/run/courier-auth/
/usr/local/sbin/authdaemond start
/usr/local/libexec/imapd.rc start
/usr/local/libexec/imapd-ssl.rc start
/etc/rc.d/postfix start

And this is what the `/var/run/` directory looks like:
Code:
drwxr-x---  2 _courier  _courier    512 Jul  1 14:49 courier
lrwxr-xr-x  1 root      wheel        43 Jul  1 14:47 courier-auth -> /storage/spool/postfix/var/run/courier-auth
and just to be clear, the `/storage/spool/.../courier-auth/`:
Code:
srwxrwxrwx  1 root  _postfix  0 Jul  1 14:49 mux
-rw-------  1 root  _postfix  0 Jul  1 14:49 mux.accept
-rw-r--r--  1 root  _postfix  5 Jul  1 14:49 pid
-rw-------  1 root  _postfix  0 Jul  1 14:49 pid.lock
-rw-------  1 root  _postfix  6 Jul  1 14:49 saslauthd.pid
srwxrwxrwx  1 root  _postfix  0 Jul  1 14:49 socket
And this is what the `/var/log/maillog` says about a authentication with proper credentials:

Code:
Jul  1 15:04:50 HOST imapd-ssl: LOGIN FAILED, method=PLAIN, ip=[::ffff:<ipv4>]
Jul  1 15:04:55 HOST imapd-ssl: LOGIN FAILED, user=anton, ip=[::ffff:<ipv4>]

postfix SMTP works in the sense that the server accepted the authentication and reports back to the client that the mail is in queue.

courier IMAP however does not authenticate as it should (either via SSL or plain IMAP).
Reply With Quote
  #6   (View Single Post)  
Old 1st July 2013
jggimi's Avatar
jggimi jggimi is offline
More noise than signal
 
Join Date: May 2008
Location: USA
Posts: 7,975
Default

I'm not a Postfix user, but last year in trying to help someone else with TLS/SASL and Postfix I found this link. Don't use 2048-bit DSA.

http://www.mail-archive.com/openssl-.../msg47175.html
Reply With Quote
  #7   (View Single Post)  
Old 1st July 2013
Torxed Torxed is offline
Port Guard
 
Join Date: Jul 2013
Location: Sweden
Posts: 10
Default

Quote:
Originally Posted by jggimi View Post
I'm not a Postfix user, but last year in ...url... trying to help someone else with TLS/SASL and Postfix I found this link. Don't use 2048-bit DSA.

... url ...
It's a Courier IMAP issue now (postfix works).
And it's not a SSL/TLS related issue, thx tho.
Reply With Quote
  #8   (View Single Post)  
Old 2nd July 2013
Torxed Torxed is offline
Port Guard
 
Join Date: Jul 2013
Location: Sweden
Posts: 10
Default

Ok so i solved that issue, aparently in `/etc/courier/imapd` placing "DEFDOMAIN=domain.se" was a bad idea because for some reason that screws everything up.

Dumped that, and now IMAP works as well.. almost.. creating a new thread for that because this is getting full with clutter, and the original problem is solved.
Reply With Quote
Reply

Tags
openbsd 5.3, postfix, sasl

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
OBSD, Postfix, TLS, Sasl *pulling my hair out.* Dazhelpwiz OpenBSD General 2 31st October 2012 01:04 AM
connect to l2pd server mfaridi FreeBSD General 1 9th January 2011 12:48 PM
Problem with Postfix and Sasl auth unixbsd OpenBSD General 1 27th April 2009 03:26 AM
Postfix, SASL w/ LDAP kronic OpenBSD General 2 19th June 2008 06:49 AM
Working Configuration for Openbsd 4.0 - Postfix - SASL - TLS roundkat Guides 0 4th May 2008 05:38 PM


All times are GMT. The time now is 05:53 AM.


Powered by vBulletin® Version 3.8.4
Copyright ©2000 - 2024, Jelsoft Enterprises Ltd.
Content copyright © 2007-2010, the authors
Daemon image copyright ©1988, Marshall Kirk McKusick