Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- mose@postfix ~ $ cat /etc/redhat-release
- CentOS Linux release 7.4.1708 (Core)
- mose@postfix ~ $ postconf -v | grep 'mail_version = '
- postconf: $smtpd_tls_security_level in main.cf validates smtpd_tls_security_level=value in master.cf:submission.inet
- mail_version = 2.10.1
- mose@postfix ~ $ testsaslauthd -u mose@example.com -p password -s smtp
- 0: OK "Success."
- mose@postfix ~ $ openssl s_client -starttls smtp -crlf -connect postfix.example.com:587
- <SSL Output truncated for brevity>
- EHLO example.com
- 250-postfix.example.com
- 250-PIPELINING
- 250-SIZE 10240000
- 250-ETRN
- 250-AUTH PLAIN LOGIN CRAM-MD5 DIGEST-MD5
- 250-AUTH=PLAIN LOGIN CRAM-MD5 DIGEST-MD5
- 250-ENHANCEDSTATUSCODES
- 250-8BITMIME
- 250 DSN
- AUTH PLAIN bW9zZS5jb20AbW9zZS5jb20AcGFzc3dvcmQ=
- 535 5.7.8 Error: authentication failed: authentication failure
- mose@postfix ~ $ sudo tail /var/log/secure
- Jan 16 16:37:42 postfix saslauthd[5115]: pam_mysql - option verbose is set to "1"
- Jan 16 16:37:42 postfix saslauthd[5115]: pam_mysql - option users.host is set to "localhost"
- Jan 16 16:37:42 postfix saslauthd[5115]: pam_mysql - option users.database is set to "postfix"
- Jan 16 16:37:42 postfix saslauthd[5115]: pam_mysql - option users.db_user is set to "postfix"
- Jan 16 16:37:42 postfix saslauthd[5115]: pam_mysql - option users.db_passwd is set to "password"
- Jan 16 16:37:42 postfix saslauthd[5115]: pam_mysql - option users.password_crypt is set to "1"
- Jan 16 16:37:42 postfix saslauthd[5115]: pam_mysql - unknown option users.md5 on line 7
- Jan 16 16:37:42 postfix saslauthd[5115]: pam_mysql - option users.table is set to "mailboxes"
- Jan 16 16:37:42 postfix saslauthd[5115]: pam_mysql - option users.where_clause is set to "status = 1"
- Jan 16 16:37:42 postfix saslauthd[5115]: pam_mysql - option users.user_column is set to "login"
- Jan 16 16:37:42 postfix saslauthd[5115]: pam_mysql - option users.password_column is set to "password"
- Jan 16 16:37:42 postfix saslauthd[5115]: pam_mysql - pam_sm_authenticate() called.
- Jan 16 16:37:42 postfix saslauthd[5115]: pam_mysql - pam_mysql_open_db() called.
- Jan 16 16:37:42 postfix saslauthd[5115]: pam_mysql - pam_mysql_open_db() returning 0.
- Jan 16 16:37:42 postfix saslauthd[5115]: pam_mysql - pam_mysql_check_passwd() called.
- Jan 16 16:37:42 postfix saslauthd[5115]: pam_mysql - pam_mysql_format_string() called
- Jan 16 16:37:42 postfix saslauthd[5115]: pam_mysql - pam_mysql_quick_escape() called.
- Jan 16 16:37:42 postfix saslauthd[5115]: pam_mysql - SELECT password FROM mailboxes WHERE login = 'mose.com' AND (status = 1)
- Jan 16 16:37:42 postfix saslauthd[5115]: pam_mysql - SELECT returned no result.
- Jan 16 16:37:42 postfix saslauthd[5115]: pam_mysql - pam_mysql_check_passwd() returning 1.
- Jan 16 16:37:42 postfix saslauthd[5115]: pam_mysql - pam_mysql_sql_log() called.
- Jan 16 16:37:42 postfix saslauthd[5115]: pam_mysql - pam_mysql_sql_log() returning 0.
- Jan 16 16:37:42 postfix saslauthd[5115]: pam_mysql - pam_mysql_converse() called.
- Jan 16 16:37:42 postfix saslauthd[5115]: pam_mysql - pam_mysql_open_db() called.
- Jan 16 16:37:42 postfix saslauthd[5115]: pam_mysql - pam_mysql_check_passwd() called.
- Jan 16 16:37:42 postfix saslauthd[5115]: pam_mysql - pam_mysql_format_string() called
- Jan 16 16:37:42 postfix saslauthd[5115]: pam_mysql - pam_mysql_quick_escape() called.
- Jan 16 16:37:42 postfix saslauthd[5115]: pam_mysql - SELECT password FROM mailboxes WHERE login = 'mose.com' AND (status = 1)
- Jan 16 16:37:42 postfix saslauthd[5115]: pam_mysql - SELECT returned no result.
- Jan 16 16:37:42 postfix saslauthd[5115]: pam_mysql - pam_mysql_check_passwd() returning 1.
- Jan 16 16:37:42 postfix saslauthd[5115]: pam_mysql - pam_mysql_sql_log() called.
- Jan 16 16:37:42 postfix saslauthd[5115]: pam_mysql - pam_mysql_sql_log() returning 0.
- Jan 16 16:37:42 postfix saslauthd[5115]: pam_mysql - pam_sm_authenticate() returning 10.
- Jan 16 16:37:42 postfix saslauthd[5115]: pam_mysql - pam_mysql_release_ctx() called.
- Jan 16 16:37:42 postfix saslauthd[5115]: pam_mysql - pam_mysql_destroy_ctx() called.
- Jan 16 16:37:42 postfix saslauthd[5115]: pam_mysql - pam_mysql_close_db() called.
- mose@postfix ~ $ sudo grep -v # /etc/sysconfig/saslauthd
- SOCKETDIR=/run/saslauthd
- MECH=pam
- FLAGS=
- mose@postfix ~ $ ll /etc/postfix/sasl/smtpd.conf
- lrwxrwxrwx 1 root root 21 Jan 11 17:24 /etc/postfix/sasl/smtpd.conf -> /etc/sasl2/smtpd.conf
- mose@postfix ~ $ sudo cat /etc/sasl2/smtpd.conf
- pwcheck_method: saslauthd
- mech_list: plain login cram-md5 digest-md5
- allow_plaintext: true
- auxprop_plugin: sql
- sql_engine: mysql
- sql_hostnames: localhost
- sql_user: mysql
- sql_passwd: password
- sql_database: postfix
- sql_verbose: yes
- sql_select: select password from mailboxes where login = '%u@%r' and status='1'
- sql_usessl: no
- log_level: 3
- mose@postfix ~ $ sudo cat /etc/pam.d/smtp
- #%PAM-1.0
- auth required pam_nologin.so
- auth sufficient pam_mysql.so config_file=/etc/postfix/mysql/pam.conf
- account sufficient pam_mysql.so config_file=/etc/postfix/mysql/pam.conf
- password required pam_deny.so
- mose@postfix ~ $ sudo cat /etc/postfix/mysql/pam.conf
- verbose = 1;
- users.host = localhost;
- users.database = postfix;
- users.db_user = mysql;
- users.db_passwd = password;
- users.password_crypt = 1;
- users.table = postfix_mailboxes;
- users.where_clause = status = 1;
- users.user_column = login;
- users.password_column = password;
- mose@postfix ~ $ sudo postconf -n
- alias_database = hash:/etc/aliases
- alias_maps = hash:/etc/aliases
- append_dot_mydomain = no
- biff = no
- broken_sasl_auth_clients = yes
- command_directory = /usr/sbin
- config_directory = /etc/postfix
- daemon_directory = /usr/libexec/postfix
- data_directory = /var/lib/postfix
- debug_peer_level = 2
- debugger_command = PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin ddd $daemon_directory/$process_name $process_id & sleep 5
- disable_vrfy_command = yes
- html_directory = no
- inet_interfaces = $myhostname, localhost, 10.100.0.11
- inet_protocols = ipv4
- local_recipient_maps =
- mail_owner = postfix
- mailbox_command = procmail -a "$EXTENSION"
- mailq_path = /usr/bin/mailq.postfix
- manpage_directory = /usr/share/man
- mydestination =
- mydomain = example.com
- myhostname = postfix.example.com
- mynetworks = 127.0.0.0/8, 10.100.0.0/24
- myorigin = $mydomain
- newaliases_path = /usr/bin/newaliases.postfix
- postscreen_access_list = permit_mynetworks, cidr:/etc/postfix/postscreen/access.cidr
- postscreen_bare_newline_action = enforce
- postscreen_bare_newline_enable = no
- postscreen_blacklist_action = drop
- postscreen_dnsbl_action = enforce
- postscreen_dnsbl_reply_map = pcre:$config_directory/postscreen_dnsbl_reply_map.pcre
- postscreen_dnsbl_sites = zen.spamhaus.org*3 b.barracudacentral.org*2 bl.spameatingmonkey.net*2 bl.spamcop.net dnsbl.sorbs.net psbl.surriel.com bl.mailspike.net
- postscreen_dnsbl_threshold = 3
- postscreen_greet_action = enforce
- postscreen_greet_banner = $myhostname [POSTSCREEN] ESMTP $mail_name
- postscreen_non_smtp_command_enable = no
- postscreen_pipelining_enable = no
- postscreen_whitelist_interfaces = static:all
- proxy_read_maps = $virtual_mailbox_maps $virtual_alias_maps $virtual_mailbox_domains #$transport_maps
- queue_directory = /var/spool/postfix
- readme_directory = /usr/share/doc/postfix-2.10.1/README_FILES
- relay_domains =
- relayhost =
- sample_directory = /usr/share/doc/postfix-2.10.1/samples
- sendmail_path = /usr/sbin/sendmail.postfix
- setgid_group = postdrop
- smtp_helo_timeout = 5
- smtp_host_lookup = native
- smtp_sasl_auth_enable = yes
- smtpd_banner = $myhostname [SMTPD] ESMTP $mail_name
- smtpd_delay_reject = no
- smtpd_error_sleep_time = 30
- smtpd_hard_error_limit = 20
- smtpd_recipient_restrictions = permit_sasl_authenticated, permit_mynetworks, reject_unauth_destination, permit
- smtpd_sasl_auth_enable = yes
- smtpd_sasl_authenticated_header = no
- smtpd_sasl_exceptions_networks = $mynetworks
- smtpd_sasl_local_domain = $mydomain
- smtpd_sasl_security_options = noanonymous, noplaintext
- smtpd_sasl_tls_security_options = noanonymous
- smtpd_sasl_type = cyrus
- smtpd_sender_restrictions = reject_unknown_sender_domain
- smtpd_soft_error_limit = 10
- smtpd_tls_CAfile = /etc/postfix/gd_bundle-g2-g1.crt
- smtpd_tls_cert_file = /etc/postfix/smtpd.cert
- smtpd_tls_key_file = /etc/postfix/smtpd.key
- smtpd_tls_loglevel = 1
- smtpd_tls_received_header = yes
- smtpd_tls_security_level = may
- smtpd_tls_session_cache_database = btree:/var/lib/postfix/smtpd_scache
- smtpd_tls_session_cache_timeout = 10800s
- strict_rfc821_envelopes = yes
- tls_random_exchange_name = /var/lib/postfix/prng_exch
- tls_random_source = dev:/dev/urandom
- unknown_local_recipient_reject_code = 550
- virtual_alias_domains =
- virtual_alias_maps = proxy:mysql:/etc/postfix/mysql/autoreply.cf, proxy:mysql:/etc/postfix/mysql/aliases.cf, proxy:mysql:/etc/postfix/mysql/groups.cf
- virtual_gid_maps = static:101
- virtual_mailbox_base = /
- virtual_mailbox_domains = proxy:mysql:/etc/postfix/mysql/domains.cf
- virtual_mailbox_maps = proxy:mysql:/etc/postfix/mysql/mailboxes.cf
- virtual_minimum_uid = 110532
- virtual_uid_maps = static:110532
Add Comment
Please, Sign In to add comment