[tclug-list] Postfix, sasl, mysql authentication problem after migrating from Ubuntu to Debian

Sat May 19 00:46:11 CDT 2007

Thomas Johnson wrote:
> I am in the process of migrating my mail server from Ubuntu Dapper to Debian
> Etch (Ubuntu dropped PPC support and I just got a G4 to play with, so
> switching architectures too). For the most part everything has been as
> painless as copying the appropriate configuration files and installing the
> requisite packages. One thing I'm having trouble with is getting postfix to
> authenticate users using sasl reading from a mysql backend when they send
> mail (using squirrelmail to send).
> 
> When I try to send from squirrelmail I get the following error:
> Authentication failed
> Server replied: 535 5.7.0 Error: authentication failed: authentication
> failure
> 
> Checking the log files says the same thing:
> May 17 17:33:48 g4 postfix/smtpd[3286]: warning: SASL authentication
> problem: unable to open Berkeley db /etc/sasldb2: No such file or directory
> May 17 17:33:48 g4 postfix/smtpd[3286]: warning: SASL authentication
> problem: unable to open Berkeley db /etc/sasldb2: No such file or directory
> 
> I've been digging around the Internet looking for an answer all afternoon
> and comparing the configuration between the two systems. The configuration
> for the pieces of the mail system is almost identical (by virtue of having
> copied the files directly w/ minimal modification). The configuration works
> flawlessly on the old system; Squirrelmail authenticates with postfix, which
> uses sasl to query mysql. Judging from the error messages that show up in
> the mail logs, it makes me think that sasl is trying to authenticate against
> its own (non-existent) user database rather than sql. The sasl bits of the
> /etc/postfix/main.cf are as follows:
> 
> # sasl stuff (per the howto)
> smtpd_sasl_auth_enable = yes
> broken_sasl_auth_clients = yes
> # below line was previous working config, changed to see if there is any
> effect.
> #smtpd_sasl_path = /etc/postfix/sasl:/usr/lib/sasl2
> smtpd_sasl_path = /etc/postfix/sasl
> smtpd_sasl_security_options = noanonymous
> smtpd_sasl_local_domain =
> 
> /etc/postfix/sasl/smtpd.conf is the file that should be referenced by the
> smtpd_sasl_path in main.cf. It's contents are as follows:
> 
> pwcheck_method: auxprop
> auxprop_plugin: sql
> mech_list: plain login cram-md5 digest-md5
> sql_engine: mysql
> sql_hostnames: 127.0.0.1
> sql_user: xyzuser
> sql_passwd: xyzpass
> sql_database: maildb
> sql_select: select clear from users where id='%u@%r' and enabled = 1
> 
> FWIW, Squirrelmail is attempting to authenticate with DIGEST-MD5. I believe
> I have the required packages installed on the new system, the relevant
> version numbers are:
> 
> new: libsasl2-2 2.1.22
> old: libsasl2 2.1.19
> 
> new: libsasl2-modules-sql 2.1.22
> old: libsasl2-modules-sql 2.1.19
> 
> new: postfix 2.3.8
> old: postfix 2.2.10
> 
> If anyone has any thoughts on this, i would really love to hear them as I'd
> really like to be able to send mail again.
> 
> Cheers,
> 
> Tom Johnson
> 
> 

The name of the parameter is a bit misleading, but if you set it to
/etc/postfix/sasl/smtpd.conf it will be much happier.

-- 
Thanks,

Josh Paetzel