Home > computers > mail > postfix > TestSASLAuthentication | About
Home > computers > mail > TestSASLAuthentication | About
Home > computers > mail > Cyrus |TestSASLAuthentication | About

Testing with testsaslauthd (Cyrus)

In chroot mode

Here's how to test the SASL authentication when postfix runs in chroot mode

root@messagerie-secours[10.10.10.19] ~ # testsaslauthd -u a.chaouche -r algerian-radio.dz -p password 
-f /var/spool/postfix/var/run/saslauthd/mux -s smtp
0: OK "Success."
root@messagerie-secours[10.10.10.19] ~ # 

non chroot mode

use /var/run/saslauthd/mux instead of /var/spool/postfix (chroot folder).

the options

  • -u : the user without the realm part. For example if you login with a.chaouche@mydomain.tld, then just ust a.chaouche and put mydomain.tld in the realm part (-r)
  • -r : the realm, basically the domain part of your email address.
  • -p : password
  • -s : by specifying smtp you're making sure that sasl authentication will use the smtp framework (PAM is used by default)
  • -f : that's the most important part, path to the socket. By giving the exact path to the mux file you're sure that testsaslauthd will correctly talk to the backend through the configured unix socket (might fail otherwise).

—-

why -f is capital

if you fail to put a correct path to the socket than you will keep on having this error :

root@messagerie-test[10.10.10.26]~ #  testsaslauthd -u chaine2 -p PASS  -r DOMAIN -s smtp
connect() : No such file or directory 0: 
root@messagerie-test[10.10.10.26]~ #

That's because testsalsauthd is expecting the socket to be in one place, but the installation has put it in another place. Here's how I've found out (jump to the HERE mark) :

root@messagerie-test[10.10.10.26]~ # strace testsaslauthd -u a.chaouche -p PASSWORD -r DOMAIN
execve("/usr/sbin/testsaslauthd", ["testsaslauthd", "-u", "a.chaouche", "-p", "PASSWORD", "-r", "DOMAIN"], [/* 32 vars */]) = 0
brk(0)                                  = 0x1592000
access("/etc/ld.so.nohwcap", F_OK)      = -1 ENOENT (No such file or directory)
mmap(NULL, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7feb6e7d2000
access("/etc/ld.so.preload", R_OK)      = -1 ENOENT (No such file or directory)
open("/etc/ld.so.cache", O_RDONLY)      = 3
fstat(3, {st_mode=S_IFREG|0644, st_size=23221, ...}) = 0
mmap(NULL, 23221, PROT_READ, MAP_PRIVATE, 3, 0) = 0x7feb6e7cc000
close(3)                                = 0
access("/etc/ld.so.nohwcap", F_OK)      = -1 ENOENT (No such file or directory)
open("/lib/libresolv.so.2", O_RDONLY)   = 3
read(3, "\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0\3008\0\0\0\0\0\0"..., 832) = 832
fstat(3, {st_mode=S_IFREG|0644, st_size=80712, ...}) = 0
mmap(NULL, 2185864, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x7feb6e3a1000
mprotect(0x7feb6e3b4000, 2093056, PROT_NONE) = 0
mmap(0x7feb6e5b3000, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x12000) = 0x7feb6e5b3000
mmap(0x7feb6e5b5000, 6792, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x7feb6e5b5000
close(3)                                = 0
access("/etc/ld.so.nohwcap", F_OK)      = -1 ENOENT (No such file or directory)
open("/lib/libc.so.6", O_RDONLY)        = 3
read(3, "\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0\240\355\1\0\0\0\0\0"..., 832) = 832
fstat(3, {st_mode=S_IFREG|0755, st_size=1437064, ...}) = 0
mmap(NULL, 3545160, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x7feb6e03f000
mprotect(0x7feb6e198000, 2093056, PROT_NONE) = 0
mmap(0x7feb6e397000, 20480, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x158000) = 0x7feb6e397000
mmap(0x7feb6e39c000, 18504, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x7feb6e39c000
close(3)                                = 0
mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7feb6e7cb000
mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7feb6e7ca000
mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7feb6e7c9000
arch_prctl(ARCH_SET_FS, 0x7feb6e7ca700) = 0
mprotect(0x7feb6e397000, 16384, PROT_READ) = 0
mprotect(0x7feb6e5b3000, 4096, PROT_READ) = 0
mprotect(0x7feb6e7d4000, 4096, PROT_READ) = 0
munmap(0x7feb6e7cc000, 23221)           = 0
fstat(1, {st_mode=S_IFCHR|0620, st_rdev=makedev(136, 1), ...}) = 0
mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7feb6e7d1000
socket(PF_FILE, SOCK_STREAM, 0)         = 3



# HERE ----------------------------------------v
connect(3, {sa_family=AF_FILE, path="/var/run/saslauthd/mux"}, 110) = -1 ENOENT (No such file or directory)




dup(2)                                  = 4
fcntl(4, F_GETFL)                       = 0x8002 (flags O_RDWR|O_LARGEFILE)
brk(0)                                  = 0x1592000
brk(0x15b3000)                          = 0x15b3000
fstat(4, {st_mode=S_IFCHR|0620, st_rdev=makedev(136, 1), ...}) = 0
mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7feb6e7d0000
lseek(4, 0, SEEK_CUR)                   = -1 ESPIPE (Illegal seek)
write(4, "connect() : No such file or dire"..., 38connect() : No such file or directory
) = 38
close(4)                                = 0
munmap(0x7feb6e7d0000, 4096)            = 0
write(1, "0: ", 30: )                      = 3
exit_group(-1)                          = ?
root@messagerie-test[10.10.10.26]~ #

So by reading the output of strace on testsaslauthd, I saw that it was looking for a file in /var/run/saslauthd/mux, that really didn't exist. What I did was to look for what that file was, and after finding it (simply used find /var/ -name saslauthd then appended mux to it) I have provided it with -f (you have to read the manual page to figure this out).

why -s is also important

this is also very important, if you fail to pass smtp to this option then it will try to login to the wrong mechanisme (PAM by default)

Testing with telnet

This is testing against postfix itself, so it should work whether you're using Cyrus or Dovecot.

use base64 to convert \0username\0password to a base64 form, then telnet and use AUTH PLAIN base64-encoded-username-password-string after EHLO yourhost.com, and you should be good. Here's how to use telnet to connect to a mail server

source : http://www.postfix.org/SASL_README.html#server_test


contact : @ychaouche yacinechaouche at yahoocom


QR Code
QR Code Testing with testsaslauthd (Cyrus) (generated for current page)