I try to configure postfix relay in kubernetes on Alpine using saslauthd.
Dockerfile:
FROM alpine:3.15
RUN apk update && \
apk add --no-cache postfix \
libsasl \
cyrus-sasl \
cyrus-sasl-login \
cyrus-sasl-plain \
openssl \
shadow \
ca-certificates \
bash \
rsyslog \
supervisor && \
/usr/bin/newaliases && \
cp /etc/passwd /etc/passwd_orig && \
# Clean up
(rm "/tmp/"* 2>/dev/null || true) && (rm -rf /var/cache/apk/* 2>/dev/null || true)
EXPOSE 25
COPY ./configs/supervisord.conf /etc/supervisor/supervisord.conf
supervisord.conf:
[supervisord]
nodaemon=true
logfile=/var/log/supervisord.log
logfile_maxbytes=0
[program:rsyslog]
command=/usr/sbin/rsyslogd -n
[program:postfix]
command=/usr/libexec/postfix/master -c /etc/postfix -d
[program:saslauthd]
command=/usr/sbin/saslauthd -a shadow
startsecs=0
server config settings are:
cat /etc/default/saslauthd
MECHANISMS="shadow"
cat /etc/postfix/sasl/smtpd.conf
pwcheck_method: saslauthd
mech_list: PLAIN LOGIN
cat /etc/postfix/mail.cf
compatibility_level = 2
queue_directory = /var/spool/postfix
command_directory = /usr/sbin
daemon_directory = /usr/libexec/postfix
data_directory = /var/lib/postfix
mail_owner = postfix
unknown_local_recipient_reject_code = 550
debug_peer_level = 2
debugger_command =
PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin
ddd $daemon_directory/$process_name $process_id & sleep 5
sendmail_path = /usr/sbin/sendmail
newaliases_path = /usr/bin/newaliases
mailq_path = /usr/bin/mailq
setgid_group = postdrop
html_directory = no
manpage_directory = /usr/share/man
sample_directory = /etc/postfix
readme_directory = /usr/share/doc/postfix/readme
inet_protocols = ipv4
meta_directory = /etc/postfix
shlib_directory = /usr/lib/postfix
biff = no
append_dot_mydomain = no
broken_sasl_auth_clients = yes
inet_interfaces = all
mailbox_size_limit = 0
mydestination = localhost
mydomain = example.com
myhostname = server.example.com
myorigin = server.example.com
relayhost = relayhostDNS
smtp_fallback_relay = relayhostDNS
smtp_sasl_auth_enable = yes
smtp_sasl_password_maps = lmdb:/etc/postfix/sasl_passwd
smtp_sasl_security_options = noanonymous
smtpd_recipient_restrictions =
permit_mynetworks,
permit_sasl_authenticated,
check_relay_domains
smtpd_sasl_auth_enable = yes
smtpd_sasl_local_domain = server.example.com
cyrus_sasl_config_path = /etc/postfix/sasl
smtpd_sasl_path = smtpd
smtpd_sasl_security_options = noanonymous
cat /etc/postfix/sasl_passwd
relayhostDNS relayUser:relayPassword
After specify the base64-encoded form of \0username\0password I use telnet to check connect and authentification.
AUTH LOGIN authentification wokrs correctly but AUTH PLATN not. I got error from my telnet client:
535 5.7.8 Error: authentification failed: bad protocol / cancel
and next logs from server side:
2022-03-04T08:07:49.626134+00:00 mailrelay-0 postfix/smtpd[56]:
warning: SASL authentication failure: Can only find author/en (no
password) 2022-03-04T08:07:49.626159+00:00 mailrelay-0
postfix/smtpd[56]: warning:
10-244-20-10.openvpn.openvpn.svc.cluster.local[10.244.20.10]: SASL
PLAIN authentication failed: bad protocol / cancel
Please could you tell me what the problem might be?
Thank you.
