SMTP AUTH with SASL pain

8 03 2007

OMG…I’ve just spent a ball busting few hours grappling with SMTP AUTH using SASL on my mail server. I’m running postfix on Ubuntu Edgy, and it’s been doing silly things with chrooting postfix. I’ve read so many articles and how-to’s on what should be a relatively trivial task, and, it turns out I was being bitten on the ass by a simple little problem, as per usual. What’s worse is that I found the solution on a blog comment. More on that later.

The problem I was having was that I was unable to authenticate my users, whilst logging in via SMTP, despite the fact that I was able to authenticate them with testsaslauthd. So, I know I have a working database, that can authenticate my users, and I’ve everything configured as it should be, but, I’m still not able to authenticate users connecting via SMTP. I’ve told saslauthd about the fact that postfix is running in a jail, and postfix knows all about saslauthd. What it doesn’t know however, is where to look for the sasldb. Why? Because of the fact that the postfix init file was not told to copy over the db into the jail on init.

To fix this, you will need to look for the FILES section in your postfix init file, which, as you can see, tells the daemon to copy over certain required files to the jail:

FILES=”etc/localtime etc/services etc/resolv.conf etc/hosts \
etc/nsswitch.conf”
for file in $FILES; do
[ -d ${file%/*} ] || mkdir -p ${file%/*}
if [ -f /${file} ]; then rm -f ${file} && cp /${file} ${file}; fi
if [ -f  ${file} ]; then chmod a+rX ${file}; fi
done

It doesn’t however, tell postfix to copy the sasldb over to the jail, resulting in lovely errors like this in your log file:

Mar  8 21:59:07 budvar postfix/smtpd[14746]: warning: SASL authentication problem: unable to open Berkeley db /etc/sasldb2: No such file or directory

So, the trick as you can probably see by now is to include the following in your FILES section etc/sasldb2. Give that a whirl, reload postfix, and you should have a fully functional SMTP server doing Authentication for you. Hopefully Google will pick up on this and rank things a little better, because I found my fix buried deep down (see comment 6) in the depths of the internet.

« Whooppss Fly me to the moon »


Actions

Informations

  • Date : 8 March 2007
  • Categories : General

Leave a comment

You can use these tags : <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>