Topic: saslauth and iRedMail
==== REQUIRED BASIC INFO OF YOUR IREDMAIL SERVER ====
- iRedMail version (check /etc/iredmail-release): 0.9.9 OPENLDAP edition
- Deployed with iRedMail Easy or the downloadable installer? downloadable installer
- Linux/BSD distribution name and version: Ubuntu 18.04.02
- Store mail accounts in which backend (LDAP/MySQL/PGSQL): LDAP
- Web server (Apache or Nginx): NGINX
- Manage mail accounts with iRedAdmin-Pro? No
- [IMPORTANT] Related original log or error message is required if you're experiencing an issue.
====
Okay, so I have 2 test servers. 1 running iRedMail and 1 running proxmox mail gateway.
I have proxmox configured to allow iRedMail users send encrypted mail through port 587. The thing is that in order to do so I need to remove the following line from the proxmox server in /etc/postfix/master.cf;
-o smtpd_client_restrictions=permit_sasl_authenticated,reject
This is however not how it should be configured. I should be able to add this particular line.
On my proxmox server I have /etc/saslauthd.conf configured to the following:
ldap_servers: ldap://ip_address:389
ldap_start_tls: no
ldap_tls_check_peer: no
#ldap_tls_cacert_file: /etc/ssl/certs/ca-certificates.crt
ldap_search_base: o=domains,dc=domainnameg,dc=tld
ldap_filter: (&(objectClass=mailUser)(accountStatus=active)(!(domainStatus=disabled))(enabledService=mail)(enabledService=%Ls%Lc)(|(mail=%u)(&(enabledService=shadowaddress)(shadowAddress=%u))))
ldap_bind_dn: cn=vmail,dc=domainname,dc=tld
ldap_password: ldap_readonly_password
Instead of the ldap_search_base and ldap_filter like above I tried changing those to any and all I could find on the iRedMail server in the /etc/postfix/ldap folder. I also tried an empty ldap_filter. All without success.
I'm testing saslauth with the following command:
testsaslauthd -u email_address@iRedMail.user -p password -f /var/run/saslauthd/mux
after each change to /etc/saslauthd.conf I restarted the saslauthd daemon.
Each time however the command came back with:
0: NO "authentication failed"
I'm not sure how to continue debugging my error here. My knowledge of LDAP unfortunately is very limited.
Hopefully someone can point me in the right direction as to how to proceed debugging this. Or if you've done this show me the correct configuration.
Thanks in advance..
----
Spider Email Archiver: On-Premises, lightweight email archiving software developed by iRedMail team. Supports Amazon S3 compatible storage and custom branding.