From owner-freebsd-questions@FreeBSD.ORG  Sun Apr 24 22:59:43 2005
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
Delivered-To: freebsd-questions@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id BA5E916A4CE
	for <freebsd-questions@freebsd.org>;
	Sun, 24 Apr 2005 22:59:43 +0000 (GMT)
Received: from o9.88.net (o9.88.net [217.155.165.26])
	by mx1.FreeBSD.org (Postfix) with ESMTP id BA78043D3F
	for <freebsd-questions@freebsd.org>;
	Sun, 24 Apr 2005 22:59:40 +0000 (GMT)	(envelope-from john@zog.net)
Received: from localhost (localhost [127.0.0.1])
	by o9.88.net (Postfix) with ESMTP id 4CB85430008
	for <freebsd-questions@freebsd.org>;
	Sun, 24 Apr 2005 23:59:39 +0100 (BST)
Received: from o9.88.net ([127.0.0.1])
	by localhost (o9 [127.0.0.1]) (amavisd-new, port 10024) with ESMTP
	id 29014-06 for <freebsd-questions@freebsd.org>;
	Sun, 24 Apr 2005 23:59:38 +0100 (BST)
Received: from [172.16.100.200] (84-72-20-42.dclient.hispeed.ch [84.72.20.42])
	(using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits))
	(No client certificate requested)
	by o9.88.net (Postfix) with ESMTP id B9B68430007
	for <freebsd-questions@freebsd.org>;
	Sun, 24 Apr 2005 23:59:37 +0100 (BST)
Message-ID: <426C24D7.8000503@zog.net>
Date: Mon, 25 Apr 2005 00:59:35 +0200
From: John Morgan Salomon <john@zog.net>
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US;
	rv:1.7.6) Gecko/20050319
X-Accept-Language: en-us, en
MIME-Version: 1.0
To: freebsd-questions@freebsd.org
X-Enigmail-Version: 0.91.0.0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
X-Virus-Scanned: by amavisd-new-20030616-p10 (Debian) at 88.net
Subject: Postfix with SASL2 Problem
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>,
	<mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>,
	<mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sun, 24 Apr 2005 22:59:43 -0000

Hi there, sorry if this is offtopic, but I'm a bit lost as to where
else to ask.

I have cyrus-sasl2, cyrus-sasl2-saslauthd and Postfix installed
from ports on a FreeBSD 5.3-R system.  I'm trying to get SASL2
getpwent auth working with Postfix.  Unfortunately, I keep getting
the following error:

Apr 25 00:12:46 shiva postfix/smtpd[2430]: warning: SASL
authentication failure: cannot connect to saslauthd server: No such
file or directory

All the mails I've seen with this error were related to chrooting
postfix and it not finding the sasl2 mux stuff.  I'm not
doing any chrooting (yet).  I'd be very grateful for any hints for
stupid stuff that I might be missing.

saslauthd is running (I use it to authenticate Apache2 users), and
testsaslauthd works.  TLS with Postfix is also OK, as I see TLS
negotiations with other mail servers.  Debug level 10 in Postfix
only shows me smtpd receiving the password, then the above error.
Postfix receives mail nicely,

Thanks for any help, I'm thoroughly confused at this point.

-John

----------------

Here's some info on my system:

shiva# pkg_info|grep -i sasl
cyrus-sasl-2.1.20_1 RFC 2222 SASL (Simple Authentication and
Security Layer)
cyrus-sasl-saslauthd-2.1.20_1 SASL authentication server for cyrus-sasl2
p5-Authen-SASL-2.08 Perl5 module for SASL authentication

shiva# pkg_info|grep -i postfix
postfix-2.2.1,1     A secure alternative to widely-used Sendmail

------------

shiva# uname -a
FreeBSD shiva 5.3-RELEASE-p6 FreeBSD 5.3-RELEASE-p6 #3: Mon Apr  4
14:50:36 CEST 2005     root@shiva:/usr/obj/usr/src/sys/SHIVA  i386

shiva# cat /usr/local/lib/sasl2/smtpd.conf
pwcheck_method: saslauthd
mech_list: plain login
saslauthd_path: /var/state/saslauthd

shiva# grep -i sasl /etc/rc.conf
# SASL2
saslauthd_enable="YES"                          # Enable saslauthd
saslauthd_flags="-a getpwent"                   # Flags to saslauthd
program
saslauthd_runpath="/var/state/saslauthd"        # Working directory
saslauthd_program="/usr/local/sbin/saslauthd"   # Location of saslauthd

------------

>From Postfix master.cf:

smtp      inet  n       -       n       -       -       smtpd

(not chrooted)

-------------

SASL and TLS bits from my Postfix main.cf (I've tried using
both sasl and sasl2 in all the sasl-related directives, to
the same result):

# SASL stuff

enable_sasl_authentication = yes
broken_sasl_auth_clients = yes
smtpd_sasl_auth_enable = yes
smtpd_sasl_local_domain =
smtp_sasl_security_options = noanonymous
smtpd_sasl_application_name = smtpd

smtpd_sender_restrictions =
        permit_sasl_authenticated
        permit_mynetworks

smtpd_sender_login_maps = hash:/usr/local/etc/postfix/sender_login_maps

smtpd_client_restrictions =
        permit_sasl_authenticated,
        permit_mynetworks,
        permit_auth_destination,
        accept

smtpd_recipient_restrictions =
        permit_sasl_authenticated,
        permit_mynetworks

# TLS Stuff
#
# This will only allow authentication of users once TLS has been
# started and information being transferred is encrypted.
#
smtp_use_tls = yes
smtp_tls_note_starttls_offer = yes
smtp_enforce_tls = no
smtpd_use_tls = yes
smtpd_enforce_tls = no
smtp_tls_loglevel = 1
smtpd_tls_received_header = yes

# keys
smtpd_tls_key_file = /usr/local/shiva/CA/smtpd.pem
smtpd_tls_cert_file = /usr/local/shiva/CA/smtpd.pem
smtpd_tls_CAfile = /usr/local/shiva/CA/cacert.pem

# session cache
sdbm:/usr/local/etc/postfix/smtp_scache
sdbm:/usr/local/etc/postfix/smtpd_scache
smtpd_tls_session_cache_timeout = 3600s

tls_random_source = dev:/dev/urandom
html_directory = no