DaemonForums  

Go Back   DaemonForums > OpenBSD > OpenBSD General

OpenBSD General Other questions regarding OpenBSD which do not fit in any of the categories below.

Reply
 
Thread Tools Display Modes
  #1   (View Single Post)  
Old 5th May 2009
roundkat roundkat is offline
Shell Scout
 
Join Date: May 2008
Posts: 115
Default Smtp Auth Help needed

Greeetings all..

Overview
- To add smtp auth to my working OpenBSD 4.5 smtp gateway to
relay email (use my server for outbound email) for a friend that has a dynamic ip.
- the smtp gateway currently filters and delivers email to
my internal email /samba server which has been in place for several years.

What I have tried /done
- installed via packages
Code:
* cyrus-sasl-2.1.22p5 RFC 2222 SASL (Simple Authentication and Security Layer)
* postfix-2.5.6p1-sasl2 fast, secure sendmail replacement
- Added to /etc/postfix/main.cf
Code:
#SASL support
smtpd_sasl_auth_enable = yes
smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination
smtpd_sasl_path = smtpd
smtpd_sasl_security_options = noanonymous
Using the following as guides for configuration
1) http://www.postfix.org/SASL_README.html#server_sasl
2) http://www.posluns.com/guides/postfix_sasltls.html
#2 being OpenBSD specific, based on OpenBSD 3.2

based on #1
/usr/local/lib/sasl2/smtpd.conf
Code:
pwcheck_method: auxprop
auxprop_plugin: saslauthd
mech_list: PLAIN LOGIN CRAM-MD5 DIGEST-MD5
Tested with example user
Code:
saslpasswd2 -c -u `postconf -h myhostname` exampleuser
- which created /etc/sasldb2.db
- postfix is chrooted so I copied sasldb2.db to /var/spool/postfix/etc/sasldb2.db
-
- postfix check
- postfix reload

Checked sasl authentication
Code:
root@/etc/postfix#saslauthd -v 
saslauthd 2.1.22
authentication mechanisms: sasldb getpwent kerberos5 rimap
Trials
Manually entered
- ehlo sooner.com
- AUTH PLAIN AGNocmlzAGVuZ2xhbmQ=

used following command to get the correct hash
% perl -MMIME::Base64 -e \
'print encode_base64("\0username\0password");'
Code:
root@/etc/postfix#telnet localhost 25
Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'.
220 mydomain.com ESMTP Postfix
ehlo sooner.com
250-mydomain.com
250-PIPELINING
250-SIZE 10240000
250-VRFY
250-ETRN
250-AUTH PLAIN LOGIN DIGEST-MD5 CRAM-MD5
250-ENHANCEDSTATUSCODES
250-8BITMIME
250 DSN
AUTH PLAIN AGNocmlzAGVuZ2xhbmQ=
535 5.7.8 Error: authentication failed: authentication failure

tail /var/log/maillog

postfix/smtpd[21526]: connect from localhost[127.0.0.1]
postfix/smtpd[21526]: warning: SASL authentication failure: Password verification failed
postfix/smtpd[21526]: warning: localhost[127.0.0.1]: SASL PLAIN authentication failed: authentication failure
postfix/smtpd[21526]: lost connection after AUTH from localhost[127.0.0.1]
After much googling I have not found any recent installations for OpenBSD.

I feel that I am missing something fundamental and ask for some pointers to get this working..

Additionally, will write a guide and post for posterity..
My Solaris guide for Nagios has 3,232 hits to date..

thx
rk
__________________
All posts sent on ReCycled Electrons...

Last edited by roundkat; 5th May 2009 at 04:26 PM.
Reply With Quote
  #2   (View Single Post)  
Old 5th May 2009
mwatkins mwatkins is offline
Flying Circus Master
 
Join Date: Mar 2009
Location: Vancouver
Posts: 23
Default

What if you were to create a user "test" with a password "testpass", as in the Postfix docs.

Code:
perl -MMIME::Base64 -e \
>     'print encode_base64("\0test\0testpass")'
AHRlc3QAdGVzdHBhc3M=
Try that and see if it works. Some Googling about referenced unfortunate character combos in password or user id being interpreted as octal numbers rather than ascii characters, which'll give you a hash which doesn't make sense. Start from known good.

Last edited by mwatkins; 5th May 2009 at 10:38 PM.
Reply With Quote
  #3   (View Single Post)  
Old 6th May 2009
roundkat roundkat is offline
Shell Scout
 
Join Date: May 2008
Posts: 115
Default

Thx for the reply..
I did a test
Code:
testsaslauthd -u USER-p PASS
using my shell account and my password

it did work..

so I created a user for my friend and tested it..
it also worked..

I tried to set up his sasl_passwd on postfix
postmap sasl_passwd gave me an error
something about whitespace.

I think I am getting closer in figuring out how to let his email server authenticate
as that "user" to be able to send out email..

rk
__________________
All posts sent on ReCycled Electrons...
Reply With Quote
  #4   (View Single Post)  
Old 8th May 2009
roundkat roundkat is offline
Shell Scout
 
Join Date: May 2008
Posts: 115
Default

question.. do I need to use TLS with this also.. or can TLS used by itself.. ?

tk
__________________
All posts sent on ReCycled Electrons...
Reply With Quote
  #5   (View Single Post)  
Old 8th May 2009
roundkat roundkat is offline
Shell Scout
 
Join Date: May 2008
Posts: 115
Default

well I have given up on this .. for now..
just wrote a script to change the ip in main.cf

rk
__________________
All posts sent on ReCycled Electrons...
Reply With Quote
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Courier IMAP/POP3 can't auth to mysql db revzalot OpenBSD Packages and Ports 5 6th September 2009 05:44 AM
SMTP on non-standard port guitarscn OpenBSD General 7 19th July 2009 12:54 AM
Problem with Postfix and Sasl auth unixbsd OpenBSD General 1 27th April 2009 03:26 AM
Kde4 & other help needed.. Mr-Biscuit FreeBSD General 4 21st September 2008 05:40 PM
Desperate help needed for KDE disappearedng FreeBSD General 12 17th July 2008 05:21 PM


All times are GMT. The time now is 04:43 AM.


Powered by vBulletin® Version 3.8.4
Copyright ©2000 - 2024, Jelsoft Enterprises Ltd.
Content copyright © 2007-2010, the authors
Daemon image copyright ©1988, Marshall Kirk McKusick