I want to secure a relay with sasl.
saslauthd works
testsaslauthd -u weberjn -p ***
0: OK "Success."
Tried smtpd_relay_restrictions from the SMTPD_ACCESS_README:
# Relay control (Postfix 2.10 and later): local clients and
# authenticated clients may specify any destination domain.
smtpd_relay_restrictions = permit_mynetworks,
permit_sasl_authenticated,
reject_unauth_destination
This works, but unfortunately a mail is accepted even if the client password is deliberately wrong.
How can I fix this?
And I guess, status=0 is failed? because the client is not in mynetworks
postfix/smtpd[54754]: generic_checks: name=permit_mynetworks status=0
postfix/smtpd[54754]: generic_checks: name=permit_sasl_authenticated
postfix/smtpd[54754]: generic_checks: name=permit_sasl_authenticated status=0
Can I debug the communication between postfix and the saslauthd socket?
As requested:
cat smtpd.conf
pwcheck_method: saslauthd
mech_list: PLAIN LOGIN
log_level: 7
postconf -n | grep smtpd
smtpd_relay_restrictions = permit_mynetworks, permit_sasl_authenticated, defer_unauth_destination
smtpd_sasl_auth_enable = yes
smtpd_sasl_security_options = noanonymous
postconf -d | grep cyr
cyrus_sasl_config_path =
lmtp_sasl_type = cyrus
send_cyrus_sasl_authzid = no
smtp_sasl_type = cyrus
smtpd_sasl_type = cyrus
smtpd_sasl_typeis set tocyrus. Please, append/usr/lib/sasl2/smtpd.conf,/etc/sasl2/smtpd.conf, or whatever file is used in your environment (e.g. if you changedsmtpd_sasl_pathandcyrus_sasl_config_path, the name of the file will be different). It is reasonable to appendpostconf -ntoo for us to know your effective Postfix configuration.