0

So i have been building a mail server and i have setted up postfix and a database now what i want is that cyrus should authenticate my users of mail server from a database i have setted up a database and now i am having some issue

yum -y install cyrus-sasl*

my postfix -n looks like this

alias_database = hash:/etc/aliases
alias_maps = hash:/etc/aliases
broken_sasl_auth_clients = yes
command_directory = /usr/sbin
config_directory = /etc/postfix
cyrus_sasl_config_path = /etc/sasl2/
daemon_directory = /usr/libexec/postfix
data_directory = /var/lib/postfix
debug_peer_level = 2
debugger_command = PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin ddd $daemon_directory/$process_name $process_id & sleep 5
html_directory = no
inet_interfaces = localhost, 192.168.1.1
inet_protocols = ipv4
local_recipient_maps = mysql:/etc/postfix/mysql-local.cf
mail_owner = postfix
mailq_path = /usr/bin/mailq.postfix
manpage_directory = /usr/share/man
mydestination = $myhostname, localhost.$mydomain, localhost, $mydomain
mydomain = domain.com
myhostname = my.domain.com
myorigin = $mydomain
newaliases_path = /usr/bin/newaliases.postfix
queue_directory = /var/spool/postfix
readme_directory = /usr/share/doc/postfix-2.10.1/README_FILES
sample_directory = /usr/share/doc/postfix-2.10.1/samples
sendmail_path = /usr/sbin/sendmail.postfix
setgid_group = postdrop
smtp_tls_security_level = may
smtpd_sasl_auth_enable = yes
smtpd_sasl_security_options = noanonymous, noplaintext
smtpd_sasl_tls_security_options = noanonymous
smtpd_sasl_type = cyrus
smtpd_tls_auth_only = no
smtpd_tls_cert_file = /etc/postfix/ssl/server.crt
smtpd_tls_key_file = /etc/postfix/ssl/server.key
smtpd_tls_security_level = may
smtpd_use_tls = yes
unknown_local_recipient_reject_code = 550
virtual_alias_maps = mysql:/etc/postfix/mysql-virtual-aliases.cf
virtual_mailbox_domains = mysql:/etc/postfix/mysql-virtual-domains.cf
virtual_mailbox_maps = mysql:/etc/postfix/mysql-virtual-users.cf

my postconf -M looks like this

smtp       inet  n       -       n       -       -       smtpd
submission inet  n       -       n       -       -       smtpd 
-o smtpd_sasl_security_options=noanonymous
 -o smtpd_sasl_auth_enable=yes 
-o broken_sasl_auth_clients=yes 
-o smtpd_recipient_restrictions=permit_sasl_authenticated,reject 
-o milter_macro_daemon_name=ORIGINATING
smtps      inet  n       -       n       -       -       smtpd
 -o smtpd_sasl_security_options=noanonymous 
-o smtpd_sasl_auth_enable=yes 
-o broken_sasl_auth_clients=yes 
-o syslog_name=postfix/smtps 
-o smtpd_recipient_restrictions=permit_sasl_authenticated,reject 
-o milter_macro_daemon_name=ORIGINATING
pickup     unix  n       -       n       60      1       pickup
cleanup    unix  n       -       n       -       0       cleanup
qmgr       unix  n       -       n       300     1       qmgr
tlsmgr     unix  -       -       n       1000?   1       tlsmgr
rewrite    unix  -       -       n       -       -       trivial-rewrite
bounce     unix  -       -       n       -       0       bounce
defer      unix  -       -       n       -       0       bounce
trace      unix  -       -       n       -       0       bounce
verify     unix  -       -       n       -       1       verify
flush      unix  n       -       n       1000?   0       flush
proxymap   unix  -       -       n       -       -       proxymap
proxywrite unix  -       -       n       -       1       proxymap
smtp       unix  -       -       n       -       -       smtp
relay      unix  -       -       n       -       -       smtp
showq      unix  n       -       n       -       -       showq
error      unix  -       -       n       -       -       error
retry      unix  -       -       n       -       -       error
discard    unix  -       -       n       -       -       discard
local      unix  -       n       n       -       -       local
virtual    unix  -       n       n       -       -       virtual
lmtp       unix  -       -       n       -       -       lmtp
anvil      unix  -       -       n       -       1       anvil
scache     unix  -       -       n       -       1       scache

}

cat /etc/sasl2/smtpd.conf

{

pwcheck_method: saslauthd
auxprop_plugin: mysql
mech_list: PLAIN LOGIN
sql_engine: mysql
sql_hostnames: 127.0.0.1, localhost
sql_user: postfix
sql_passwd: password
sql_database: server
sql_select: SELECT password FROM users WHERE email = '%u'

}

Now the problem is i cant authenticate the user of database when i try to from mysql

cat /etc/imapd.conf

configdirectory: /var/lib/imap
partition-default: /var/spool/imap
admins: cyrus
sievedir: /var/lib/imap/sieve
sendmail: /usr/sbin/sendmail
hashimapspool: true
sasl_pwcheck_method: saslauthd
sasl_mech_list: PLAIN LOGIN
allowplaintext: no
defaultdomain: mail
tls_cert_file: /etc/pki/cyrus-imapd/cyrus-imapd.pem
tls_key_file: /etc/pki/cyrus-imapd/cyrus-imapd.pem
tls_ca_file: /etc/pki/tls/certs/ca-bundle.crt
# uncomment this if you're operating in a DSCP environment (RFC-4594)
# qosmarking: af13

cat /etc/cyrus.conf

# standard standalone server implementation

START {
  # do not delete this entry!
  recover       cmd="ctl_cyrusdb -r"

  # this is only necessary if using idled for IMAP IDLE
  idled         cmd="idled"
}

# UNIX sockets start with a slash and are put into /var/lib/imap/sockets
SERVICES {
  # add or remove based on preferences
  imap          cmd="imapd" listen="imap" prefork=5
  imaps         cmd="imapd -s" listen="imaps" prefork=1
  pop3          cmd="pop3d" listen="pop3" prefork=3
  pop3s         cmd="pop3d -s" listen="pop3s" prefork=1
  sieve         cmd="timsieved" listen="sieve" prefork=0

  # these are only necessary if receiving/exporting usenet via NNTP
#  nntp         cmd="nntpd" listen="nntp" prefork=3
#  nntps                cmd="nntpd -s" listen="nntps" prefork=1

  # at least one LMTP is required for delivery
#  lmtp         cmd="lmtpd" listen="lmtp" prefork=0
  lmtpunix      cmd="lmtpd" listen="/var/lib/imap/socket/lmtp" prefork=1

  # this is only necessary if using notifications
#  notify       cmd="notifyd" listen="/var/lib/imap/socket/notify" proto="udp" prefork=1
}

EVENTS {
  # this is required
  checkpoint    cmd="ctl_cyrusdb -c" period=30

  # this is only necessary if using duplicate delivery suppression,
  # Sieve or NNTP
  delprune      cmd="cyr_expire -E 3" at=0400

  # this is only necessary if caching TLS sessions
  tlsprune      cmd="tls_prune" at=0400
}

so can anyone get me out of this problem Thanks ....

ram khanal
  • 23
  • 1
  • 4
  • 1
    Do not delete questions where people have helped you. It confuses people who might want to help you and throws away their work. Also you should [format](/help/formatting) your post so that it is readable. I did this with your last post (which you deleted) but I am not inclined to do it again. – Michael Hampton Feb 07 '21 at 18:39
  • i deleted the post because i was trying to do so it with cyrus and postfix i had to install dovecot and i was just trying to do it with cyrus i still havent fixed it any ways but i deleted the post because it is not possible to do it with cyrus and postfix thought that the post didnt mae anny sense so i deleted it thinking that it was not helpful to anyone sorry that it offended you But i seriously thought that it useless for any one i can repost it if you want – ram khanal Feb 08 '21 at 02:30
  • I have edited the question the reason i deleted was i think that its not possible without dovecot so if you have any idea about how to do it without dovecot and to do it with only cyrus and postfix Than it will be very helpful as my senior still want mw to do it without dovecot – ram khanal Feb 08 '21 at 02:39
  • Your question is about cyrus, but only you showed postfix configs. We don't need them, we need your imapd.conf and cyrus.conf – Nikita Kipriyanov Feb 08 '21 at 06:12
  • Hello @NikitaKipriyanov i have edited my question please have a review – ram khanal Feb 08 '21 at 06:47
  • Now I see you have configured cyrus to use `saslauthd`. We need it's configfile too. And, *exactly how* it doesn't work? Are there any failure log records whey you try to authenticate? – Nikita Kipriyanov Feb 08 '21 at 08:48

1 Answers1

0

The issue might be in the /etc/sasl2/smtpd.conf

pwcheck_method = auxprop

If saslauthd is used then it will look at the pam method database and ignore all other settings that point to sql. Also if you are just trying to send mail without setting up imap than you can't connect from mail client as mail client need full setup of mailserver so you need to manually setup mail client and give the smtp as using StartTLS port 587, standard password authentication make sure you give the right password when the mail client asks you.

Basically if you want to go with saslauthd mechanism better install the pam_mysql module and setup /etc.pam.d/smtp to look up the mysql database.

Hope this helps

Nikita Kipriyanov
  • 10,947
  • 2
  • 24
  • 45
sanjib
  • 63
  • 7
  • Thanks it working just had the change the pwcheck_method first i had placed it as aux prop then i saw posts like putting saslauthd for the authentication which diverted my mind But its working now thanks for the answer Also dont know how the cyrus-sasl-mysql package was missing also instealled that and now its working – ram khanal Feb 09 '21 at 05:02
  • This is useful answer, but it contains a factual error. MUA (mail client) doen't need "a full setup of mailserver" to send mail. You can configure e.g. Thunderbird so it wouldn't be able to receive any mail via either POP3 or IMAP, but it will be able to submit it via SMTP. And for that you only need to configure submission part of MTA; you even don't need relaying part (the one which is listening on port 25) to be running. – Nikita Kipriyanov Feb 19 '21 at 17:30