Home > computers > mail > postfix > TestSASLAuthentication | About
Home > computers > mail > TestSASLAuthentication | About
Home > computers > mail > Cyrus |TestSASLAuthentication | About
Testing with testsaslauthd (Cyrus)
In chroot mode
Here's how to test the SASL authentication when postfix runs in chroot mode
root@messagerie-secours[10.10.10.19] ~ # testsaslauthd -u a.chaouche -r algerian-radio.dz -p password -f /var/spool/postfix/var/run/saslauthd/mux -s smtp 0: OK "Success." root@messagerie-secours[10.10.10.19] ~ #
non chroot mode
use /var/run/saslauthd/mux instead of /var/spool/postfix (chroot folder).
the options
- -u : the user without the realm part. For example if you login with a.chaouche@mydomain.tld, then just ust a.chaouche and put mydomain.tld in the realm part (-r)
- -r : the realm, basically the domain part of your email address.
- -p : password
- -s : by specifying smtp you're making sure that sasl authentication will use the smtp framework (PAM is used by default)
- -f : that's the most important part, path to the socket. By giving the exact path to the mux file you're sure that testsaslauthd will correctly talk to the backend through the configured unix socket (might fail otherwise).
—-
why -f is capital
if you fail to put a correct path to the socket than you will keep on having this error :
root@messagerie-test[10.10.10.26]~ # testsaslauthd -u chaine2 -p PASS -r DOMAIN -s smtp connect() : No such file or directory 0: root@messagerie-test[10.10.10.26]~ #
That's because testsalsauthd is expecting the socket to be in one place, but the installation has put it in another place. Here's how I've found out (jump to the HERE mark) :
root@messagerie-test[10.10.10.26]~ # strace testsaslauthd -u a.chaouche -p PASSWORD -r DOMAIN execve("/usr/sbin/testsaslauthd", ["testsaslauthd", "-u", "a.chaouche", "-p", "PASSWORD", "-r", "DOMAIN"], [/* 32 vars */]) = 0 brk(0) = 0x1592000 access("/etc/ld.so.nohwcap", F_OK) = -1 ENOENT (No such file or directory) mmap(NULL, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7feb6e7d2000 access("/etc/ld.so.preload", R_OK) = -1 ENOENT (No such file or directory) open("/etc/ld.so.cache", O_RDONLY) = 3 fstat(3, {st_mode=S_IFREG|0644, st_size=23221, ...}) = 0 mmap(NULL, 23221, PROT_READ, MAP_PRIVATE, 3, 0) = 0x7feb6e7cc000 close(3) = 0 access("/etc/ld.so.nohwcap", F_OK) = -1 ENOENT (No such file or directory) open("/lib/libresolv.so.2", O_RDONLY) = 3 read(3, "\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0\3008\0\0\0\0\0\0"..., 832) = 832 fstat(3, {st_mode=S_IFREG|0644, st_size=80712, ...}) = 0 mmap(NULL, 2185864, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x7feb6e3a1000 mprotect(0x7feb6e3b4000, 2093056, PROT_NONE) = 0 mmap(0x7feb6e5b3000, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x12000) = 0x7feb6e5b3000 mmap(0x7feb6e5b5000, 6792, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x7feb6e5b5000 close(3) = 0 access("/etc/ld.so.nohwcap", F_OK) = -1 ENOENT (No such file or directory) open("/lib/libc.so.6", O_RDONLY) = 3 read(3, "\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0\240\355\1\0\0\0\0\0"..., 832) = 832 fstat(3, {st_mode=S_IFREG|0755, st_size=1437064, ...}) = 0 mmap(NULL, 3545160, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x7feb6e03f000 mprotect(0x7feb6e198000, 2093056, PROT_NONE) = 0 mmap(0x7feb6e397000, 20480, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x158000) = 0x7feb6e397000 mmap(0x7feb6e39c000, 18504, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x7feb6e39c000 close(3) = 0 mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7feb6e7cb000 mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7feb6e7ca000 mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7feb6e7c9000 arch_prctl(ARCH_SET_FS, 0x7feb6e7ca700) = 0 mprotect(0x7feb6e397000, 16384, PROT_READ) = 0 mprotect(0x7feb6e5b3000, 4096, PROT_READ) = 0 mprotect(0x7feb6e7d4000, 4096, PROT_READ) = 0 munmap(0x7feb6e7cc000, 23221) = 0 fstat(1, {st_mode=S_IFCHR|0620, st_rdev=makedev(136, 1), ...}) = 0 mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7feb6e7d1000 socket(PF_FILE, SOCK_STREAM, 0) = 3 # HERE ----------------------------------------v connect(3, {sa_family=AF_FILE, path="/var/run/saslauthd/mux"}, 110) = -1 ENOENT (No such file or directory) dup(2) = 4 fcntl(4, F_GETFL) = 0x8002 (flags O_RDWR|O_LARGEFILE) brk(0) = 0x1592000 brk(0x15b3000) = 0x15b3000 fstat(4, {st_mode=S_IFCHR|0620, st_rdev=makedev(136, 1), ...}) = 0 mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7feb6e7d0000 lseek(4, 0, SEEK_CUR) = -1 ESPIPE (Illegal seek) write(4, "connect() : No such file or dire"..., 38connect() : No such file or directory ) = 38 close(4) = 0 munmap(0x7feb6e7d0000, 4096) = 0 write(1, "0: ", 30: ) = 3 exit_group(-1) = ? root@messagerie-test[10.10.10.26]~ #
So by reading the output of strace on testsaslauthd, I saw that it was looking for a file in /var/run/saslauthd/mux, that really didn't exist. What I did was to look for what that file was, and after finding it (simply used find /var/ -name saslauthd then appended mux to it) I have provided it with -f (you have to read the manual page to figure this out).
why -s is also important
this is also very important, if you fail to pass smtp to this option then it will try to login to the wrong mechanisme (PAM by default)
Testing with telnet
This is testing against postfix itself, so it should work whether you're using Cyrus or Dovecot.
use base64 to convert \0username\0password
to a base64
form, then telnet and use AUTH PLAIN base64-encoded-username-password-string
after EHLO yourhost.com
, and you should be good. Here's how to use telnet to connect to a mail server
source : http://www.postfix.org/SASL_README.html#server_test
contact : @ychaouche yacinechaouche at yahoocom