We're having difficulties authenticating over smtp, running postfix + cyrus on centos 7.
When I try to telnet to port 25 (or 587) locally and auth plain, I get the following errors in the mail log:
Sep 25 10:25:00 blabla postfix/smtpd[3858]: warning: SASL authentication problem: unable to open Berkeley db /etc/sasldb2: Permission denied
Sep 25 10:25:00 blabla postfix/smtpd[31106]: warning: SASL authentication failure: Password verification failed
Sep 25 10:25:00 blabla postfix/smtpd[31106]: warning: unknown[::1]: SASL plain authentication failed: authentication failure
Not sure what sasldb2 has to do with anything and if that warning has any real bearing on the problem.
testsaslauthd with the same credentials returns OK.
Postfix is not running in chroot mode:
smtp inet n - n - - smtpd
smtps inet n - n - - smtpd
submission inet n - n - - smtpd
-o smtpd_sasl_auth_enable=yes
I'm using /etc/shadow for authentication, so ps aux | grep sasl says:
/usr/sbin/saslauthd -m /var/run/saslauthd -a shadow
Socket dir is /var/run/saslauthd so in main.cf, I have:
smtpd_sasl_path = /var/run/saslauthd/
smtpd_sasl_auth_enable = yes
smtpd_sasl_security_options = noanonymous
smtpd_sasl_local_domain = $myhostname
tls_random_source = dev:/dev/urandom
smtpd_sasl_local_domain =
broken_sasl_auth_clients = yes
smtpd_sasl_exceptions_networks =
smtpd_recipient_restrictions =
permit_sasl_authenticated,
permit_mynetworks,
reject_unauth_destination,
check_policy_service unix:/var/spool/postfix/postgrey/socket
Finally, /etc/sasl2/smtpd.conf has:
pwcheck_method: saslauthd
mech_list: PLAIN LOGIN
saslauthd_path: /var/run/saslauthd/
allow_plaintext: true
Any pointers? I am stumped...
Most of the docs I find online seem to point to chrooted postfix configs or more complicated auth methods.
Thanks!
No comments:
Post a Comment