postfix chrooted with smtp authentication
Hello,
I'm running the latest postfix and cyrus-sasl2 ports on FreeBSD6.
This is a new install and i have done them before, correctly configuring
authenticated smtp over tls. This time something is subtly wrong and i can't
figure out what it is.
i'm getting an error about can not contact the saslauthd daemon, no such
file or directory. I'm chrooting all possible
postfix processes and have configured saslauthd to place it's files within
the postfix chroot area.
Any appreciated.
Thanks.
Dave.
#ps -aux|grep smtpd
postfix 2364 0.0 0.3 4016 3232 ?? S 4:00PM 0:00.07 smtpd -n
smtp -
postfix 2376 0.0 0.3 4000 3192 ?? S 4:09PM 0:00.04 smtpd -n
smtp -
postfix 2405 0.0 0.3 4080 3268 ?? S 4:12PM 0:00.05 smtpd -n
smtp -
postfix 2414 0.0 0.3 4076 3256 ?? S 4:15PM 0:00.04 smtpd -n
smtp -
root 2424 0.0 0.1 1588 1036 p1 S+ 4:18PM 0:00.00 grep smtpd
#ps -aux|grep saslauthd
root 813 0.0 0.1 1440 704 ?? Ss 9:50AM 0:00.00
/usr/local/sbin
#grep -v "#" /usr/local/etc/postfix/main.cf
queue_directory = /var/spool/postfix
command_directory = /usr/local/sbin
daemon_directory = /usr/local/libexec/postfix
ail_owner = postfix
default_privs = nobody
myhostname = mail.example.com
mydomain = example.com
myorigin = $mydomain
inet_interfaces = all
proxy_interfaces = xxx.xxx.xxx.xxx
mydestination = $myhostname, localhost.$mydomain, localhost, $mydomain
local_recipient_maps = proxy:unix:passwd.byname $alias_maps
unknown_local_recipient_reject_code = 550
mynetworks = 127.0.0.0/8, 192.168.0.0/24, xxx.xxx.xxx.xxx/32
relay_domains = $mydestination
alias_maps = hash:/usr/local/etc/postfix/aliases
alias_database = hash:/usr/local/etc/postfix/aliases
home_mailbox = Maildir/
mail_spool_directory = /var/mail
header_checks = pcre:/usr/local/etc/postfix/header_checks
body_checks = pcre:/usr/local/etc/postfix/body_checks
smtpd_banner = $myhostname
local_destination_concurrency_limit = 2
default_destination_concurrency_limit = 8
debug_peer_level = 2
debugger_command =
PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin
xxgdb $daemon_directory/$process_name $process_id & sleep 5
sendmail_path = /usr/local/sbin/sendmail
newaliases_path = /usr/local/bin/newaliases
mailq_path = /usr/local/bin/mailq
setgid_group = maildrop
html_directory = no
manpage_directory = /usr/local/man
sample_directory = /usr/local/etc/postfix
readme_directory = no
biff = no
show_user_unknown_table_name = no
empty_address_recipient = MAILER-DAEMON
smtpd_client_connection_count_limit = 25
smtpd_client_connection_rate_limit = 20
strict_8bitmime = no
strict_8bitmime_body = no
strict_mime_encoding_domain = yes
strict_7bit_header = no
mailbox_size_limit = 1000000000
unknown_address_reject_code = 554
unknown_client_reject_code = 554
unknown_hostname_reject_code = 554
unknown_local_recipient_reject_code = 550
unknown_relay_recipient_reject_code = 550
unverified_recipient_reject_code = 550
unverified_sender_reject_code = 550
strict_rfc821_envelopes = no
disable_vrfy_command = yes
smtpd_restriction_classes = from_freemail_host, verify_domain_helo,
verify_domain_sender
from_freemail_host = check_client_access hash:/etc/postfix/freemail_hosts
verify_domain_helo = check_helo_access hash:/etc/postfix/bad_domains,
check_client_access = regexp:/etc/postfix/text_domain_helo_mismatch,
verify_domain_sender = check_sender_access hash:/etc/postfix/bad_domains,
check_client_access = regexp:/etc/postfix/text_domain_sender_mismatch,
reject
smtpd_etrn_restrictions = permit_mynetworks
smtpd_helo_required = yes
smtpd_helo_restrictions =
permit_mynetworks,
reject_unauth_pipelining,
reject_invalid_hostname,
smtpd_sender_restrictions =
permit_sasl_authenticated,
permit_mynetworks,
reject_non_fqdn_sender,
reject_unknown_sender_domain,
reject_unauth_pipelining
reject_rhsbl_sender dsn.rfc-ignorant.org,
reject_sender_login_mismatch
smtpd_client_restrictions =
reject_rbl_client bl.spamcop.net,
reject_rbl_client list.dsbl.org,
reject_rbl_client relays.ordb.org
smtpd_recipient_restrictions =
permit_sasl_authenticated,
permit_mynetworks,
reject_unauth_destination,
reject_invalid_hostname,
reject_non_fqdn_hostname,
reject_non_fqdn_sender,
reject_non_fqdn_recipient,
reject_unknown_sender_domain,
reject_unknown_recipient_domain,
reject_multi_recipient_bounce,
reject_unauth_pipelining,
check_sender_mx_access cidr:/etc/postfix/mx_access.cidr
check_sender_access hash:/etc/postfix/freemail_access
check_sender_access hash:/etc/postfix/verify_domain
smtpd_data_restrictions = reject_unauth_pipelining
enable_sasl_authentication = yes
smtpd_sasl_auth_enable = yes
smtpd_sasl_security_options = noanonymous
smtpd_sasl_local_domain =
broken_sasl_auth_clients = yes
smtp_use_tls = yes
smtpd_use_tls = yes
smtpd_tls_auth_only = yes
smtp_tls_note_starttls_offer = yes
smtpd_tls_key_file = /usr/local/etc/postfix/ssl/key.pem
smtpd_tls_cert_file = /usr/local/etc/postfix/ssl/smtp.pem
smtpd_tls_CAfile = /usr/local/etc/postfix/ssl/cacert.pem
smtpd_tls_received_header = yes
smtpd_tls_session_cache_timeout = 3600s
tls_random_source = dev:/dev/urandom
smtpd_tls_loglevel = 1
virtual_mailbox_domains = example.org
virtual_uid_maps = static:2525
virtual_gid_maps = static:2525
virtual_mailbox_base = /var/spool/postfix/virtual_mailboxes
virtual_mailbox_maps = hash:/etc/postfix/virtual_mailbox_recipients
transport_maps = hash:/etc/postfix/transport
masquerade_domains = $mydomain
masquerade_exceptions = root, cron
#grep -v "#" /usr/local/etc/postfix/master.cf
smtp inet n - y - - smtpd
-o smtpd_client_connection_count_limit=4
smtps inet n - y - - smtpd
-o smtpd_tls_wrappermode=yes -o smtpd_sasl_auth_enable=yes
pickup fifo n - y 60 1 pickup
cleanup unix n - y - 0 cleanup
qmgr fifo n - y 300 1 qmgr
rewrite unix - - y - - trivial-rewrite
bounce unix - - y - 0 bounce
defer unix - - y - 0 bounce
trace unix - - y - 0 bounce
verify unix - - y - 1 verify
flush unix n - y 1000? 0 flush
proxymap unix - - n - - proxymap
smtp unix - - y - - smtp
relay unix - - y - - smtp
-o smtp_helo_timeout=5 -o smtp_connect_timeout=5
showq unix n - y - - showq
error unix - - y - - error
local unix - n n - - local
virtual unix - n n - - virtual
anvil unix - - y - 1 anvil
scache unix - - y - 1 scache
discard unix - - y - - discard
tlsmgr unix - - y 1000? 1 tlsmgr
#cat /usr/local/lib/smt�p�� �� �� �� �� �/sasl2/smtpd.conf
# SASL library configuration file for postfix
# The mech_list parameters list the sasl mechanisms to use,
mech_list: plain login
pwcheck_method: saslauthd
<rc.conf excertp>
saslauthd_enable="YES"
saslauthd_flags="-a getpwent -m /var/spool/postfix/var/state/saslauthd"
saslauthd_runpath="/var/spool/postfix/var/state/saslauthd"
postfix_enable="YES"
sendmail_enable="NO"
#sendmail_flags="-bd"
#sendmail_pidfile="/var/spool/postfix/pid/master.pid"
#sendmail_procname="/usr/local/libexec/postfix/master"
sendmail_outbound_enable="NO"
sendmail_submit_enable="NO"
sendmail_msp_queue_enable="NO"
#pkg_info|grep postfix
postfix-2.2.9,1 A secure alternative to widely-used Sendmail
#pkg_info|grep cyrus
cyrus-sasl-2.1.21_2 RFC 2222 SASL (Simple Authentication and Security Layer)
cyrus-sasl-saslauthd-2.1.21_1 SASL authentication server for cyrus-sasl2
#ldd /usr/local/libexec/postfix/smtpd
/usr/local/libexec/postfix/smtpd:
libsasl2.so.2 => /usr/local/lib/libsasl2.so.2 (0x280d7000)
libpam.so.3 => /usr/lib/libpam.so.3 (0x280ee000)
libcrypt.so.3 => /lib/libcrypt.so.3 (0x280f6000)
libssl.so.4 => /usr/lib/libssl.so.4 (0x2810f000)
libcrypto.so.4 => /lib/libcrypto.so.4 (0x28143000)
libm.so.4 => /lib/libm.so.4 (0x28257000)
libz.so.3 => /lib/libz.so.3 (0x28271000)
libpcre.so.0 => /usr/local/lib/libpcre.so.0 (0x28282000)
libc.so.6 => /lib/libc.so.6 (0x2829a000)
#telnet localhost 25
Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'.
220 mail.example.com
ehlo example.com
250-mail.example.com
250-PIPELINING
250-SIZE 10240000
250-ETRN
250-STARTTLS
250 8BITMIME
quit
221 Bye
Connection closed by foreign host.
|
