dbmail

Download the latest Cyrus SASL2 package.

Edit “configure” and look for all places which contain the phrase ”-lmysqlclient”. There should be 2 places (4 if you count echo statements but you can ignore those). Replace ”-lmysqlcient” with ”-lmysqlclient -lz”. This is important to compile cyrus with the lastest mysql libs as the default install does not include the zip lib which -lmysqlclient requires.

% ./configure --enable-sql=yes --with-mysql=/usr/local --enable-login

Scroll backwards through the configure messages/output and make sure mysqlcient is recognized and accepted.

make
make install

Now make sure sure /usr/lib/sasl2 contains libsql.so file.

Link /usr/local/lib/sasl2 to /usr/lib/sasl2. If /usr/lib/sasl2 already exists, rename it to something like /usr/lib/sasl2old with mv.

Create this file with appropriate username/password/database.

/usr/lib/sasl2/smtpd.conf

pwcheck_method: auxprop
auxprop_plugin: sql
sql_engine: mysql
mech_list: DIGEST-MD5 CRAM-MD5 PLAIN LOGIN
sql_hostnames: localhost
sql_user: USER
sql_passwd: PASS
sql_database: dbmail
sql_verbose: yes
sql_select: SELECT passwd FROM dbmail_users WHERE userid = '%u@%r'

But remember, that this will work only with 'plain' passwords in database. Or if you have patched cyrus-sasl package.

Another way to authenticate users against the dbmail database is via IMAP. Run saslauthd with these parameters:

saslauthd -a rimap -O 127.0.0.1[/port]

saslauthd will make an additional IMAP connection to local IMAP server every time postfix attempts to authenticate a user. On Redhat-like systems the saslauthd config is done via /etc/sysconfig/saslauthd :

SOCKETDIR=/var/run/saslauthd
MECH=rimap
FLAGS="-O 127.0.0.1"

./configure --with-mysql

If dbmail can't find mysql and ask for mysql_config, link /usr/local/bin/mysql_config to [your mysql folder]/bin/mysql_config, and reconfigure. Dbmail needs to be able to find mysql_config and it looks for /usr/local/bin by default.

make
make install

Configure:

make -f Makefile.init makefiles \
CCARGS='-DUSE_SASL_AUTH -I/usr/local/include/sasl -DHAS_PCRE \
-DHAS_MYSQL -I/usr/local/mysql/include/ -I/usr/include/pcre' \
AUXLIBS='-L/usr/lib -lldap -L/usr/lib -llber -L/usr/lib -lsasl2 -L/lib -lpcre\
-L/usr/local/mysql/lib -lmysqlclient -lz -lm'

make
make install

Edit /etc/postfix/main.cf

broken_sasl_auth_clients = yes
smtpd_sasl_auth_enable = yes
smtpd_sasl_security_options = noanonymous
smtpd_recipient_restrictions =
                            permit_mynetworks,
                            reject_invalid_hostname,
                            reject_non_fqdn_sender,
                            reject_non_fqdn_recipient,
                            reject_unknown_recipient_domain,
                            reject_unauth_pipelining,
                            reject_unknown_sender_domain,
                            permit_sasl_authenticated,
                            check_helo_access hash:/etc/postfix/helo_access,
                            reject_unauth_destination

The above code will make sure that smtp authentication works: when a client want to send email throgh postfix, postfix will check the dbmail db to make sure only authorized account holder can send mail.

relay_domains =
        mydomain.com,
        mydomain.net,
        mydomain.org

Above will tell postfix that it will “only” accept emails addressed to the above domains. All other destinations are rejected.

relay_recipient_maps = mysql:/etc/postfix/dbmail_alias.cf

The above code will let postfix check delivery destination (full email address) to make sure it doesn't blindly hand off emails to dbmail when there are no such user in the db.

Create /etc/postfix/dbmail_alias.cf:

user = mysqluser
password = mysqlpassword
dbname = dbmail
hosts = localhost

#postfix 2.2.X version only
query = SELECT alias FROM dbmail_aliases WHERE alias='%s'

Edit /etc/postfix/master.cf:

dbmail    unix  -       n       n       -       -       pipe
        flags= user=dbmail argv=/usr/local/sbin/dbmail-smtp -d ${recipient}

The above will make sure that dbmail injection is assigned to the proper dbmail binary.

Now edit /etc/postfix/transport:

Add all the domains assigned to your postix machine like follow. “dbmail:” tells postfix to use the dbmail injection method we just added to master.cf for email delivery to that domain.

mydomin.com         dbmail:
mydomain.net        dbmail:
mydomain.org        dbmail:

Create a helo_access file if you don't already have one:

touch /etc/postfix/helo_access

Then rehash/update the transport db and the helo_access db. Everytime you edit these files you need to rehash/update and reload postfix.

postmap /etc/postfix/transport
postmap /etc/postfix/helo_access
postfix reload

dbmail-pop3d &
dbmail-imapd &

What are these two lines supposed to tell you?

Any debug steps you can take along the way?

I get no output in my Postfix log file and in debug.conf I set [IMAP]TRACE_LEVEL=5, still nothing…I can login/logout/send/recieve no problem, there's just no authentication via SASL going on.

Use email program to check that dbmail is working correctly.

postfix start

Check smtp authentication and delivery.

Now you are really to rock and roll!

What step can you take if it doesn't work?

I get this in my auth log, sql auxprop plugin using mysql engine But it never authenticates like it does successfully with telnet.

Troubleshoot tips would be greatly appreciated…