[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

OpenBSD 3.6, SASL2, Postfix, MySQL, Courier-IMAP, TLS

To: misc_(_at_)_openbsd_(_dot_)_org
Subject: OpenBSD 3.6, SASL2, Postfix, MySQL, Courier-IMAP, TLS
From: Bill Strosberg <bill_(_at_)_strosberg_(_dot_)_com>
Date: Sat, 05 Feb 2005 16:28:18 -0500

First post, so be kind!

This is my first real thrash with OpenBSD for use in production situations. I have built a box using all of the above (OpenBSD 3.6, SASL2, Postfix, MySQL, Courier-IMAP, TLS) to act as a virtual mail handler for a bunch of domains. I really want to get SASL working for authenticated smtp access from remote locations.

First, OpenBSD installed painlessly, and I had zero trouble - less than getting a Debian Woody (stable) box running. As I have played with OpenBSD before, and had some Gentoo experience, using the ports tree to build the components was quick and painless. Flavors rock.

I have everything working as expected ... except SASL2.

I am using the auxprop method of authentication, and using the sql engine with MySQL. Built SASL2 from the ports tree, and set FLAVOR for mysql. Package built and installed fine. Database works fine. Imap-ssl and imap authenticate fine using virtual domains and Postfix. I know the database backend is right because it already works in production elsewhere.

I have this exact configuration running on another O/S (cough .. Linux), so I know that SASL2 works fine in this configuration.

After extensive testing, googling and days of tweaking and fiddling, I have concluded (and confirmed via other web-based accounts) that there must be a problem with the SASL2 implementation in the ports tree. I contacted the maintainer, and he kindly indicated that I could try removing a patch someone else had committed. I did so, but no joy. I t really seems like SASL is trying to authenticate using sql, but it fails to communicate properly to MySQL, while configured properly to do so. Digging through logs and increasing debugging levels all tells the same story.

My first and most important question is:

Does anyone have these things in this configuration (libsasl2, auxprop, mysql) working? If I get someone to say yes, I'll keep on applying my head to cement wall until one of the two things is soft and compliant (probably my head).

I really want this to work, but I'm at a bit of an impasse here. I will not allow unauthenticated smtp relaying, so sasl needs to work.

--
Bill Strosberg, CISSP

Prev by Date: Re: New Wallpaper.
Next by Date: Bad tape, drive or controller?
Previous by thread: Confused by nat rules on ipsec/vpn bridge
Next by thread: Bad tape, drive or controller?
Index(es):
- Date
- Thread

Visit your host, monkey.org