Hello, I'm trying to set up a sendmail server on 4.8 that supports auth-based relaying. I followed the procedures at http://puresimplicity.net/~hemi/freebsd/sendmail.html, and aside from having to run makes manually in the library directories, I had no difficulty. I did not use the rebuild world recommendation, though. Everything is up and running, but whenever I try to send mail through it, I always get a mismatch on the user/pass, even though they are correct. Any recommendations? Thanks!
Hi,>>>>> On Fri, 18 Jul 2003 11:01:27 -0500 >>>>> Chris Boyd <cboyd@gizmopartners.com> said:cboyd> I'm trying to set up a sendmail server on 4.8 that supports auth-based cboyd> relaying. I followed the procedures at cboyd> http://puresimplicity.net/~hemi/freebsd/sendmail.html, and aside from cboyd> having to run makes manually in the library directories, I had no cboyd> difficulty. I did not use the rebuild world recommendation, though. cboyd> Everything is up and running, but whenever I try to send mail through cboyd> it, I always get a mismatch on the user/pass, even though they are cboyd> correct. Any recommendations? The page explains the setup of using saslauthd. Recently, saslauthd was separated from cyrus-sasl2 port for some reason. If you don't have /usr/local/sbin/saslauthd installed in your system, you need to install it from ports/security/cyrus-sasl2-saslauthd, too. In addition, you need to change /usr/local/lib/sasl2/Sendmail.conf to use saslauthd like: pwcheck_method: saslauthd Sincerely, -- Hajimu UMEMOTO @ Internet Mutual Aid Society Yokohama, Japan ume@mahoroba.org ume@bisd.hitachi.co.jp ume@{,jp.}FreeBSD.org http://www.imasy.org/~ume/
----- Original Message ----- From: "Scot W. Hetzel" <hetzels@westbend.net> To: "Drew Tomlinson" <drew@mykitchentable.net>; "Hajimu UMEMOTO" <ume@mahoroba.org> Cc: <freebsd-security@freebsd.org> Sent: Monday, July 21, 2003 11:02 AM> From: "Drew Tomlinson" <drew@mykitchentable.net> > > I have also tried "pwcheck_method: pam" but then /var/log/maillogshows:> > > > Jul 21 09:38:34 blacklamb postfix/smtpd[66269]: warning: SASL > > authentication problem: unknown password verifier > > Jul 21 09:38:34 blacklamb postfix/smtpd[66269]: warning: > > unknown[165.107.42.110]: SASL LOGIN authentication failed > > > > If you want to use PAM, you need to set the pwcheck_method tosaslauthd, and> then add the following to either /etc/rc.conf or /etc/rc.conf.local: > > sasl_saslauthd_enable="YES" > sasl_saslauthd_flags="-a pam"Thanks for your help but I'm still having trouble. :( The contents of /usr/local/lib/sasl2/smtpd.conf are: pwcheck_method: saslauthd And it's permissions are: -rw-r--r-- 1 root wheel 47 Jul 23 10:40 smtpd.conf I've also verified correct permissions on /var/state/saslauthd: drwxrwx--- 2 cyrus mail 512 Jul 23 10:46 saslauthd I've verified that Postfix is a member of the mail group as this line is in /etc/group: mail:*:6:postfix I manually started saslauthd for testing with this command line: blacklamb# saslauthd -a pam -d> Then you need to make sure PAM is configured correctly on your system: > > FreeBSD <=4.x: > 1. Check /etc/pam.conf for entries for imap, pop3, and other(?) > 2. Add an entry for sieve and cyrus, similar to your imap and pop3 > entries > > FreeBSD >=5.x > 1. Check the /etc/pam.d directroy for imap, pop3 and other(?)files> a. Make sure they are correctly configured > 2. Copy /etc/pam.d/imap to /etc/pam.d/sieve > 3. Copy /etc/pam.d/imap to /etc/pam.d/cyrusI'm using FBSD 4.8. /etc/pam.conf has the following entries: #Mail services imap auth required pam_unix.so try_first_pass imap account required pam_unix.so imap session required pam_permit.so pop3 auth required pam_unix.so try_first_pass pop3 account required pam_unix.so pop3 session required pam_permit.so smtp auth required pam_unix.so try_first_pass smtp account required pam_unix.so smtp session required pam_permit.so sieve auth required pam_unix.so try_first_pass sieve account required pam_unix.so sieve account required pam_unix.so sieve session required pam_permit.so cyrus auth required pam_unix.so try_first_pass cyrus account required pam_unix.so cyrus session required pam_permit.so # If we don't match anything else, default to using getpwnam(). other auth sufficient pam_skey.so other auth required pam_unix.so try_first_pass other account required pam_unix.so try_first_pass I included the "other" entries because in one of Hajimu's messages he stated he didn't have to add anything to /etc/pam.conf as the "other" entries took care of the request. Anyway, I started saslauthd in debug mode and this is what it reports when I attempt to authenticate: saslauthd[67502] :get_accept_lock : acquired accept lock saslauthd[67501] :rel_accept_lock : released accept lock saslauthd[67501] :do_auth : auth failure: [user=<username>@blacklamb.mykitchentable.net] [service=smtp] [realm=blacklamb.mykitchentable.net] [mech=pam] [reason=PAM auth error] Please know that I replaced my real username with "<username>" in the output. I get this message whether I am attempting to authenticate with MS Outlook, Evolution, and even from a direct telnet session with Postfix. I've double-checked my Postfix config with examples I've found on the Net. I think it's OK as it's advertising AUTH services: Connected to blacklamb.mykitchentable.net. Escape character is '^]'. 220 blacklamb.mykitchentable.net NO UCE ESMTP ehlo test 250-blacklamb.mykitchentable.net 250-PIPELINING 250-SIZE 5120000 250-ETRN 250-AUTH NTLM LOGIN PLAIN DIGEST-MD5 CRAM-MD5 250-AUTH=NTLM LOGIN PLAIN DIGEST-MD5 CRAM-MD5 250-XVERP 250 8BITMIME I assume I don't have something configured right with PAM? Do you have any other ideas as to what I'm doing wrong? Everything I've read indicates this shouldn't be this hard but I don't know what else to check. Thanks again for your help! Drew P.S. My web server is running great after your help with FP extensions. :)