dovecot - Dec 2009 - Openbsd Postfix-Dovecot-SASL

Greetings all,

I have a OpenBSD /Dovecot server at home running and sending / receiving
email "internally" without issue..
Recently, I set up the same at our Parish, but one of our users wants to get
their email externally.

The user can read their email but has to "send" via the local ISP
server..

The problem
After much searching I have not found an answer to my question.
I would like the user to authenticate to be able to "send" email
"through"
the server..
OpenBSD uses bsdauth by default in Dovecot.
After reading the Postfix
http://www.postfix.org/SASL_README.html
and the Dovecot Wiki
http://wiki.dovecot.org/HowTo/PostfixAndDovecotSASL

I have tried multiple configurations but I can't seem to get this to work..
It may be something very simple that I am missing..

All users on the Server have accounts in /etc/passwd (just no shell)

Postfix - main.cf
mailbox_command = /usr/local/libexec/dovecot/deliver
mynetworks = 127.0.0.0/8
smtpd_sasl_type = dovecot
smtpd_sasl_path = private/auth
smtpd_sasl_auth_enable = yes
smtpd_recipient_restrictions =  permit_mynetworks, 
    permit_sasl_authenticated, reject_unauth_destination

dovecot --version
1.1.16

dovecot -n
# OS: OpenBSD 4.6 i386  
base_dir: /var/dovecot/
protocols: imaps
listen: *, [::]
ssl_cert_file: /etc/ssl/dovecotcert.pem
disable_plaintext_auth: no
login_dir: /var/dovecot/login
login_executable: /usr/local/libexec/dovecot/imap-login
login_user: _dovecot
login_max_processes_count: 256
max_mail_processes: 32
mail_location: maildir:~/Maildir
mbox_write_locks: fcntl
imap_client_workarounds: delay-newmail netscape-eoh tb-extra-mailbox-sep
auth default:
  cache_size: 1024
  passdb:
    driver: bsdauth
    args: cache_key=%u
  userdb:
    driver: passwd
  socket:
    type: listen
    client:
      path: /var/run/auth-client
      mode: 432
      user: _postfix
    master:
      path: /var/run/auth-master
      mode: 384
      user: _postfix

Error using bsdauth
Dec 21 15:07:09 aml000t3 dovecot: dovecot v1.1.16 starting up
Dec 21 15:07:09 aml000t3 dovecot: Panic: auth(default): file passdb.c: line
190 (passdb_init): assertion failed: (passdb->passdb->default_pass_scheme
!NULL || passdb->passdb->cache_key == NULL)
Dec 21 15:07:09 aml000t3 dovecot: child 18954 (auth) killed with signal 6
(core not dumped)
Dec 21 15:07:09 aml000t3 dovecot: Fatal: Auth process died too early -
shutting down

It looks like bsdauth has a bug and even though this thread "lists" a
patch,
I haven't been able 
to find it..
http://old.nabble.com/bsdauth-with-cache_key-failed-ts25800484.html#a25800484

so I guess I am looking for an alternative to be able to allow users to
"send through the server"

Thx for any pointers
tk





-- 
View this message in context:
http://old.nabble.com/Openbsd-Postfix-Dovecot-SASL-tp26890148p26890148.html
Sent from the Dovecot mailing list archive at Nabble.com.

On 12/22/2009 04:37 PM thekat wrote:
> ?
> The user can read their email but has to "send" via the local ISP
server..
> 
> The problem
> After much searching I have not found an answer to my question.
> I would like the user to authenticate to be able to "send" email
"through"
> the server..
> OpenBSD uses bsdauth by default in Dovecot.
> After reading the Postfix
> http://www.postfix.org/SASL_README.html
> and the Dovecot Wiki
> http://wiki.dovecot.org/HowTo/PostfixAndDovecotSASL
> 
> I have tried multiple configurations but I can't seem to get this to
work..
> It may be something very simple that I am missing..
> 
> All users on the Server have accounts in /etc/passwd (just no shell)
> 
> Postfix - main.cf
> mailbox_command = /usr/local/libexec/dovecot/deliver
> mynetworks = 127.0.0.0/8
> smtpd_sasl_type = dovecot
> smtpd_sasl_path = private/auth
                  ^^^^^^^^^^^^^^
> smtpd_sasl_auth_enable = yes
> smtpd_recipient_restrictions =  permit_mynetworks, 
>     permit_sasl_authenticated, reject_unauth_destination
> 
> dovecot --version
> 1.1.16
> 
> dovecot -n
> ?
>   socket:
>     type: listen
>     client:
>       path: /var/run/auth-client
       ^^^^^^^^^^^^^^^^^^^^^^^^^^^^
>       mode: 432
>       user: _postfix
>     master:
>       path: /var/run/auth-master
>       mode: 384
>       user: _postfix
Check your logs. I think Postfix should have logged something, because
it was unable to find $(postconf -h queue_directory)/private/auth
Please read http://wiki.dovecot.org/HowTo/PostfixAndDovecotSASL again.
Then check path setting of the client auth socket.


Regards,
Pascal
-- 
The trapper recommends today: fabaceae.0935616 at localdomain.org

On 12/22/2009 04:37 PM thekat wrote:
> ?
> Error using bsdauth
> Dec 21 15:07:09 aml000t3 dovecot: Panic: auth(default): file passdb.c: line
> 190 (passdb_init): assertion failed:
(passdb->passdb->default_pass_scheme !> NULL ||
passdb->passdb->cache_key == NULL)
> 
> It looks like bsdauth has a bug and even though this thread
"lists" a patch,
> I haven't been able 
> to find it..
>
http://old.nabble.com/bsdauth-with-cache_key-failed-ts25800484.html#a25800484
> 
> so I guess I am looking for an alternative to be able to allow users to
> "send through the server"
Sorry, I misread this part. My reply
<http://old.nabble.com/bsdauth-with-cache_key-failed-ts25800484.html#a25845782>
includes the patch. The patch is also available in the official Dovecot
repository: http://hg.dovecot.org/dovecot-1.1/rev/b521d13ea89e

But the best alternative would be to update to v1.1.20 or even better to
v1.2.9


Regards,
Pascal
-- 
The trapper recommends today: deadbeef.0935617 at localdomain.org

Pascal Volk-3 wrote:
> 
> Sorry, I misread this part. My reply
>
<http://old.nabble.com/bsdauth-with-cache_key-failed-ts25800484.html#a25845782>
> includes the patch. The patch is also available in the official Dovecot
> repository: http://hg.dovecot.org/dovecot-1.1/rev/b521d13ea89e
> 
> But the best alternative would be to update to v1.1.20 or even better to
> v1.2.9
> 
> Regards,
> Pascal
> 
Thx for the reply...
OpenBSD is one of the systems that I have never done a "third party"
patch
on.. 
and my guess is that v1.1.20 will not be available until 4.7 ..
v1.1.20 is available in 4.6 -current 

That being said can you provide the  configure and compile options for
OpenBSD ?
Or would a better route be to use a "different" authentication other
than
bsdauth ?

Thx
tk 
-- 
View this message in context:
http://old.nabble.com/Openbsd-Postfix-Dovecot-SASL-tp26890148p26893055.html
Sent from the Dovecot mailing list archive at Nabble.com.

On 12/22/2009 08:30 PM thekat wrote:
> Thx for the reply...
> OpenBSD is one of the systems that I have never done a "third
party" patch
> on.. 
> and my guess is that v1.1.20 will not be available until 4.7 ..
> v1.1.20 is available in 4.6 -current 
> 
> That being said can you provide the  configure and compile options for
> OpenBSD ?
My config.log contains:
 $ ./configure --prefix=/usr/local --build=i386-unknown-openbsd
--host=i386-unknown-openbsd --with-bsdauth --with-checkpassword
--with-libiconv-prefix --with-passwd --with-passwd-file --with-pgsql
--with-ssl=openssl --with-zlib --without-db --without-gssapi
--without-ldap --without-mysql --without-nss --without-pam
--without-shadow --without-sqlite --without-static-userdb --without-vpopmail

When configured use gmake, not make.
> Or would a better route be to use a "different" authentication
other than
> bsdauth ?
Depends on your demands.


Regards,
Pascal
-- 
The trapper recommends today: c01dcofe.0935621 at localdomain.org