[tclug-list] Postfix, sasl, mysql authentication problem after migrating from Ubuntu to Debian

Thu May 17 17:59:23 CDT 2007

I am in the process of migrating my mail server from Ubuntu Dapper to Debian
Etch (Ubuntu dropped PPC support and I just got a G4 to play with, so
switching architectures too). For the most part everything has been as
painless as copying the appropriate configuration files and installing the
requisite packages. One thing I'm having trouble with is getting postfix to
authenticate users using sasl reading from a mysql backend when they send
mail (using squirrelmail to send).

When I try to send from squirrelmail I get the following error:
Authentication failed
Server replied: 535 5.7.0 Error: authentication failed: authentication
failure

Checking the log files says the same thing:
May 17 17:33:48 g4 postfix/smtpd[3286]: warning: SASL authentication
problem: unable to open Berkeley db /etc/sasldb2: No such file or directory
May 17 17:33:48 g4 postfix/smtpd[3286]: warning: SASL authentication
problem: unable to open Berkeley db /etc/sasldb2: No such file or directory

I've been digging around the Internet looking for an answer all afternoon
and comparing the configuration between the two systems. The configuration
for the pieces of the mail system is almost identical (by virtue of having
copied the files directly w/ minimal modification). The configuration works
flawlessly on the old system; Squirrelmail authenticates with postfix, which
uses sasl to query mysql. Judging from the error messages that show up in
the mail logs, it makes me think that sasl is trying to authenticate against
its own (non-existent) user database rather than sql. The sasl bits of the
/etc/postfix/main.cf are as follows:

# sasl stuff (per the howto)
smtpd_sasl_auth_enable = yes
broken_sasl_auth_clients = yes
# below line was previous working config, changed to see if there is any
effect.
#smtpd_sasl_path = /etc/postfix/sasl:/usr/lib/sasl2
smtpd_sasl_path = /etc/postfix/sasl
smtpd_sasl_security_options = noanonymous
smtpd_sasl_local_domain =

/etc/postfix/sasl/smtpd.conf is the file that should be referenced by the
smtpd_sasl_path in main.cf. It's contents are as follows:

pwcheck_method: auxprop
auxprop_plugin: sql
mech_list: plain login cram-md5 digest-md5
sql_engine: mysql
sql_hostnames: 127.0.0.1
sql_user: xyzuser
sql_passwd: xyzpass
sql_database: maildb
sql_select: select clear from users where id='%u@%r' and enabled = 1

FWIW, Squirrelmail is attempting to authenticate with DIGEST-MD5. I believe
I have the required packages installed on the new system, the relevant
version numbers are:

new: libsasl2-2 2.1.22
old: libsasl2 2.1.19

new: libsasl2-modules-sql 2.1.22
old: libsasl2-modules-sql 2.1.19

new: postfix 2.3.8
old: postfix 2.2.10

If anyone has any thoughts on this, i would really love to hear them as I'd
really like to be able to send mail again.

Cheers,

Tom Johnson
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.mn-linux.org/pipermail/tclug-list/attachments/20070517/70a8dde6/attachment.htm 