SASL + postfixadmin - SMTP authentication with hashed password

Posted by mateo on Server Fault See other posts from Server Fault or by mateo
Published on 2011-02-07T13:56:12Z Indexed on 2011/02/07 15:27 UTC
Read the original article Hit count: 400

Filed under:

postfix

|

sasl

|

postfixadmin

Hi all,

I'm trying to set up the mail server. I have problem with my SMTP authentication using sasl. I'm using postfixadmin to create my mailboxes, the password is in some kind of md5, postfixadmin config.inc.php:

$CONF['encrypt'] = 'md5crypt';
$CONF['authlib_default_flavor'] = 'md5raw';

the sasl is configured like that (/etc/postfix/sasl/smtpd.conf):

pwcheck_method: auxprop
auxprop_plugin: sql
sql_engine: mysql
mech_list: plain login cram-md5 digest-md5
sql_hostnames: 127.0.0.1
sql_user: postfix
sql_passwd: ****
sql_database: postfix
sql_select: SELECT password FROM mailbox WHERE username = '%u@%r'
log_level: 7

If I want to authenticate (let's say from Thunderbird) with my password, I can't. If I use hashed password from MySQL I can authenticate and send an email. So I think the problem is with hash algorithm. Do you know how to set up the SASL (or postfixadmin) to work fine together. I don't want to store my passwords in plain text...

© Server Fault or respective owner

Related posts about postfix

postfix: Temporary lookup failure

as seen on Ask Ubuntu - Search for 'Ask Ubuntu'
I have followed the tutorials step by step for installing and configuring postfix https://help.ubuntu.com/community/Postfix https://help.ubuntu.com/community/PostfixBasicSetupHowto I am trying to test the services to whether Temporary lookup failure error telnet localhost 25 250 2.1.0 Ok rcpt to:… >>> More
postfix with mailman

as seen on Server Fault - Search for 'Server Fault'
What should happen is that [email protected] should be delivered to that users inbox on localhost, user@localhost. Thunderbird works fine at reading user@localhost. I'm just using a small portion of postfix-dovecot with Ubuntu mailman. How can I get postfix to recognize the FQDN and deliver… >>> More
saslauthd + PostFix producing password verification and authentication errors

as seen on Server Fault - Search for 'Server Fault'
So I'm trying to setup PostFix while using SASL (Cyrus variety preferred, I was using dovecot earlier but I'm switching from dovecot to courier so I want to use cyrus instead of dovecot) but I seem to be having issues. Here are the errors I'm receiving: ==> mail.log <== Aug 10 05:11:49 crazyinsanoman… >>> More
centos postfix send email problem

as seen on Server Fault - Search for 'Server Fault'
Hello. I have a big problem with postfix. I can receive mail in webmin and outlook but I can't send (only on local I can - user to user). Dovecot is working just fine. Sendmail is disable. Please help me. postfix -n postfix: invalid option -- n postfix: fatal: usage: postfix [-c config_dir] [-Dv]… >>> More
Migrating users and mailboxes from postfix / Maildir to Postfix with Mysql backend

as seen on Server Fault - Search for 'Server Fault'
So I've got 60 or so users on a hand rolled postfix installation on openbsd and I'd like to move their mailboxes to our new mail server running iRedMail (postfix, vmail/mysql back end) Does anyone know of a good way to do this? Preferably a script I can run to keep syncing the users mailboxes as… >>> More

Related posts about sasl

cyrus-sasl-lib issue on CentOS 5.3 (while installing GUI)

as seen on Server Fault - Search for 'Server Fault'
I am attempting to install gnome on a CentOS 5.3 Server install so that I can speed up the process that I am working on. I ran a yum groupinstall for the x window system and gnome but I keep getting the following error. Package cyrus-sasl-plain needs cyrus-sasl-lib = 2.1.22-4, this is not available… >>> More
Postfix (SASL) / MySQL: Use MD5 Encryption?

as seen on Server Fault - Search for 'Server Fault'
Is it possible to use MD5 password encryption to encrypt passwords when using Postfix / SASL and MySQL? Currently, my setup is using the MySQL CRYPT() function, which for various reasons isn't ideal. >>> More
In SASL authentication, are the messages between a particular client and server the same every time

as seen on Server Fault - Search for 'Server Fault'
I wrote a test client and server using the Cyrus SASL library, and I'm manually forcing it to select GSSAPI as the mechanism. While debugging, I printed the md5sum of each message as it was passed between the two. I noticed that the sequence seems to be the same every time I connect. That is, if the… >>> More
What is SASL/GSSAPI?

as seen on Server Fault - Search for 'Server Fault'
Numerous times i have met the expression SASL/GSSAPI. I have searched Google many times, but i simply do no understand what it is and how it relate to Kerberos. Anybody that have a simple explanation on this? >>> More
PHP SASL(PECL) sasl_server_init(app) works with CLI but not with ApacheModule

as seen on Stack Overflow - Search for 'Stack Overflow'
I have written a simple auth script so that Webusers can type in their username and password and my PHP script verifies them by SASL. The SASL Library is initialized by php function sasl_server_init("phpfoo"). So phpfoo.conf in /etc/sasl2/ is used. phpfoo.conf: pwcheck_method: saslauthd mech_list:… >>> More