saslauthd stops working

classic Classic list List threaded Threaded
5 messages Options
Reply | Threaded
Open this post in threaded view
|

saslauthd stops working

Michael Moritz
Hi

we have recently changed to using saslauthd for authentication on sending with
postfix. Now, for some reason this stops working after a while (~5 days) and
we have to restart the service. Now, I dont have very much more information,
I cant see any way to generate logging output fom it. Just wondered if anyone
had had this problem before.

Regards,

mimo


--
To UNSUBSCRIBE, email to [hidden email]
with a subject of "unsubscribe". Trouble? Contact [hidden email]

Reply | Threaded
Open this post in threaded view
|

Re: saslauthd stops working

Emmanuel Halbwachs
Hello,

Michael Moritz a écrit :
> we have recently changed to using saslauthd for authentication on sending with
> postfix. Now, for some reason this stops working after a while (~5 days) and
> we have to restart the service. Now, I dont have very much more information,
> I cant see any way to generate logging output fom it. Just wondered if anyone
> had had this problem before.

I've been using postfix + saslauthd on a test machine with only
one account (me). I first ran woody with sarge packages (postfix
et al.) and then full sarge for several weeks and did not notice any
problem.

Unfortunately, I don't have yet any production experience. More on
this (~ 200 users) in some monthes :-\

Shure this doesn't help much, but feel free to exchange about
settings/configuration.

--
Emmanuel Halbwachs              Labo. de Photonique et Nanostructures
tel      : (+33)1 69 63 61 34                             CNRS UPR 20
fax      : (+33)1 69 63 60 06       Route de Nozay F 91460 Marcoussis


--
To UNSUBSCRIBE, email to [hidden email]
with a subject of "unsubscribe". Trouble? Contact [hidden email]

Reply | Threaded
Open this post in threaded view
|

Re: saslauthd stops working

Matt Collier
In reply to this post by Michael Moritz
Hi,

On Wednesday 01 June 2005 10:00, Michael Moritz wrote:

> Hi
>
> we have recently changed to using saslauthd for authentication on sending
> with postfix. Now, for some reason this stops working after a while (~5
> days) and we have to restart the service. Now, I dont have very much more
> information, I cant see any way to generate logging output fom it. Just
> wondered if anyone had had this problem before.
>
> Regards,
>
> mimo

I have 9 machines, each with about 1300 users that are using exim4 with
saslauthd for auth in production for about 6 months now, and haven't had a
single problem.  Most are woody, with a few sarge packages, and 2 machines
are full sarge.

--
Matt Collier
Switch Media Ltd
 
T: 0151 236 9111 ext 223
F: 0151 236 9911
E: [hidden email]


--------------------------------------------------------------
17-19 Fenwick Street, Liverpool L2 7LS
Company registered in England & Wales No. 3977089
--------------------------------------------------------------
This communication contains information which is confidential.
It is for the exclusive use of the intended recipient. If you
are not the intended recipient, please note that any
distribution, copying or use of this communication or the
information in it is prohibited. If you have received this
communication in error, please notify us by email or by
telephone on 0151 236 9111 and then delete the email and any
copies of it.
--------------------------------------------------------------


--
To UNSUBSCRIBE, email to [hidden email]
with a subject of "unsubscribe". Trouble? Contact [hidden email]

Reply | Threaded
Open this post in threaded view
|

Re: saslauthd stops working

Michael Moritz
In reply to this post by Emmanuel Halbwachs
Hi Emmanuel

This is my /etc/default/saslauthd

# This needs to be uncommented before saslauthd will be run automatically
START=yes

# You must specify the authentication mechanisms you wish to use.
# This defaults to "pam" for PAM support, but may also include
# "shadow" or "sasldb", like this:
# MECHANISMS="pam shadow"

MECHANISMS="pam"
#PARAMS=" -d "

/etc/postfix/sasl/smtpd.conf

mech_list: LOGIN PLAIN
minimum_layer: 0
pwcheck_method: saslauthd
auto_transition: no

/etc/pam.d/smtp

auth       required     /lib/security/pam_listfile.so item=user sense=deny
file=/etc/frozen.users onerr=succeed
auth       required     /lib/security/pam_mysql.so user=syspwdread passwd=XXXX
db=mailusers crypt=7 sqllog=1 logtable=authlog logmsgcolumn=msg logpi
dcolumn=pid logusercolumn=user loghostcolumn=host logtimecolumn=time
account    sufficient   /lib/security/pam_mysql.so user=syspwdread passwd=XXXX
db=mailusers crypt=7 sqllog=1 logtable=authlog logmsgcolumn=msg logpi
dcolumn=pid logusercolumn=user loghostcolumn=host logtimecolumn=time
password   required     /lib/security/pam_mysql.so user=syspwdread passwd=XXXX
db=mailusers crypt=7 sqllog=1 logtable=authlog logmsgcolumn=msg logpi
dcolumn=pid logusercolumn=user loghostcolumn=host logtimecolumn=time
session    sufficient   /lib/security/pam_mysql.so user=syspwdread passwd=XXXX
db=mailusers crypt=7 sqllog=1 logtable=authlog logmsgcolumn=msg logpi
dcolumn=pid logusercolumn=user loghostcolumn=host logtimecolumn=time

BTW, just realised that the pam_mysql is our own hack. So maybe it's just
that. Any suggestions still appreciated...

Best regards,

mimo

On Wednesday 01 June 2005 11:25, Emmanuel Halbwachs wrote:

> Hello,
>
> Michael Moritz a écrit :
> > we have recently changed to using saslauthd for authentication on sending
> > with postfix. Now, for some reason this stops working after a while (~5
> > days) and we have to restart the service. Now, I dont have very much more
> > information, I cant see any way to generate logging output fom it. Just
> > wondered if anyone had had this problem before.
>
> I've been using postfix + saslauthd on a test machine with only
> one account (me). I first ran woody with sarge packages (postfix
> et al.) and then full sarge for several weeks and did not notice any
> problem.
>
> Unfortunately, I don't have yet any production experience. More on
> this (~ 200 users) in some monthes :-\
>
> Shure this doesn't help much, but feel free to exchange about
> settings/configuration.
>
> --
> Emmanuel Halbwachs              Labo. de Photonique et Nanostructures
> tel      : (+33)1 69 63 61 34                             CNRS UPR 20
> fax      : (+33)1 69 63 60 06       Route de Nozay F 91460 Marcoussis

Reply | Threaded
Open this post in threaded view
|

Re: saslauthd stops working

Emmanuel Halbwachs
Hi again,

Here are the config files I modified concerning saslauthd:

vieuxbleu:/# diff /etc/default/saslauthd{,.orig}
2c2
< START=yes
---
 > # START=yes
10d9
< PARAMS="-m /var/spool/postfix/var/run/saslauthd"

Comment: same as yours, unless the last line which is to have
the the sasl authentication daemon listening
where the chrooted Postfix will be looking for.


vieuxbleu:/# cat /etc/postfix/sasl/smtpd.conf
pwcheck_method: saslauthd
mech_list: PLAIN LOGIN


In /etc/postfix/main.cf :

smtpd_recipient_restrictions =
     permit_mynetworks
     permit_sasl_authenticated
     reject_unauth_destination
     reject_invalid_hostname
     reject_unknown_sender_domain

smtpd_sasl_auth_enable = yes
smtpd_sasl_security_options = noanonymous
broken_sasl_auth_clients = yes

My authentication is against /etc/passwd,shadow, not against
a database. I didn't tweak pam (anyway it's dark science for
me ;-) )

That works for me (TM) so far, but *not* yet in production.

My inspiration was this (very pedagogic IMHO) documentation :
http://www.fatofthelan.com/articles/articles.php?pid=22

My 2 cents,

--
Emmanuel Halbwachs              Labo. de Photonique et Nanostructures
tel      : (+33)1 69 63 61 34                             CNRS UPR 20
fax      : (+33)1 69 63 60 06       Route de Nozay F 91460 Marcoussis


--
To UNSUBSCRIBE, email to [hidden email]
with a subject of "unsubscribe". Trouble? Contact [hidden email]