Thursday, October 30, 2008

wii day

apart from playing pool or fussball or ping-pong during after office hour, we also have our wii day once a week in the office.

what the projector & meeting room for?
yup, playing wii hehehehe

my colleagues enjoying themselves

syiokkkkkkkk ;)

p/s: we're playing wii boxing. letih gak main benda ni...

Monday, October 27, 2008

birthday celebrations

last week we celebrated our son 7th birthday

Happy Birthday Abang.
cam tak percaya jer dia dah 7 tahun. time really flies...

and a week before celebrated my 3xth birthday ;)

happy birthday to me!!!
thanks yang for the present & dinner luv u muahhhhss
ooo my 4yro daughter also bought me present
semoga panjang umur & murah rezeki hendaknya. amin

p/s: at my colleague open house, a lady from same office but different department said "eh i tot you're still single" when i introduce my wife and kids to her.
hehehehe still look young kot aku ni ;P

freebsd + postfix + sasl + openldap

a week ago a friend of mine asked me to help him (read: side income ;)) to reconfigure his mail server to support smtp authentication.
so, for the past 3 days I've been trying to reconfigure the above combination but with no success especially to make postfix + sasl to use openldap for authentication. but after a lotttttt of googling, countless try an errors, few mugs of nescafe tarik etc... I've finally managed to resolve the issue :)

here is the configurations:

[root@mail ~]# uname -a
FreeBSD mail.domain.com.my 6.2-RELEASE FreeBSD 6.2-RELEASE #0: Fri Jan 12 10:40:27 UTC 2007 root@dessler.cse.buffalo.edu:/usr/obj/usr/src/sys/GENERIC i386

recompile postfix with these options:
[root@mail ~]# cat /var/db/ports/postfix/options
# This file is auto-generated by 'make config'.
# No user-servicable parts inside!
# Options for postfix-2.5.1_2,1
_OPTIONS_READ=postfix-2.5.1_2,1
WITH_SASL2=true
WITH_TLS=true
WITH_OPENLDAP=true

cyrus-sasl:
[root@mail ~]# saslauthd -v
saslauthd 2.1.22
authentication mechanisms: sasldb getpwent kerberos5 pam rimap ldap httpform

openldap already compiled with these options:
[root@ldap ~]# cat /var/db/ports/openldap23/options
# This file is auto-generated by 'make config'.
# No user-servicable parts inside!
# Options for openldap-server-2.3.11
_OPTIONS_READ=openldap-server-2.3.11
WITH_SASL=true
WITH_PERL=true
WITH_SHELL=true
WITH_SLP=true
WITH_TCP_WRAPPERS=true
WITH_BDB=true
WITH_PROXYCACHE=true
WITH_PPOLICY=true
WITH_RWM=true
WITH_DYNAMIC_BACKENDS=true

ok 1st step is to configure the cyrus-sasl configuration files.
[root@mail ~]# cat /usr/local/lib/sasl2/smtpd.conf
pwcheck_method: saslauthd
mechlist: PLAIN LOGIN
log_level: 5


[root@mail ~]# cat /usr/local/etc/saslauthd.conf
ldap_servers: ldap://192.168.1.8/
ldap_auth_method: fastbind
ldap_filter: uid=%u,ou=Users,dc=domain,dc=com,dc=my
ldap_search_base: dc=domain,dc=com,dc=my
ldap_bind_dn: cn=Manager,dc=domain,dc=com,dc=my
ldap_password: secret

start the service with this flag "-cra ldap" (put -d for debugging)
[root@mail ~]# /usr/local/etc/rc.d/saslauthd start
Starting saslauthd.

[root@mail ~]# ps aux|grep sasl
root 39276 0.0 0.4 4840 2784 ?? Ss 3:25PM 0:00.00 /usr/local/sbin/saslauthd -cra ldap
root 39283 0.0 0.4 4840 2780 ?? S 3:25PM 0:00.00 /usr/local/sbin/saslauthd -cra ldap
root 39284 0.0 0.4 4840 2780 ?? S 3:25PM 0:00.00 /usr/local/sbin/saslauthd -cra ldap
root 39285 0.0 0.4 4840 2780 ?? S 3:25PM 0:00.00 /usr/local/sbin/saslauthd -cra ldap
root 39286 0.0 0.4 4840 2780 ?? S 3:25PM 0:00.00 /usr/local/sbin/saslauthd -cra ldap

test it out using testsaslauthd command
[root@mail ~]# testsaslauthd -u ashamril -p 1qaz2wsx
0: OK "Success."

this means the sasl can authenticates with your ldap server. yahoooo ;)

next configure the postfix. added these lines in /usr/local/etc/postfix/main.cf

smtpd_sasl_auth_enable = yes
smtpd_sasl_local_domain =
smtpd_sasl_authenticated_header = yes
broken_sasl_auth_clients = yes
smtpd_sasl_path = smtpd
smtp_sasl_type = cyrus
smtpd_sasl_security_options = noanonymous

smtpd_recipient_restrictions =
permit_mynetworks,
permit_sasl_authenticated,
reject_unauth_destination


restart the postfix & test it out:
[root@mail ~]# printf "ashamril" | mmencode
YXNoYW1yaWw=
[root@mail ~]# printf "1qaz2wsx" | mmencode
MXFhejJ3c3g=
[root@mail ~]# telnet localhost 25
Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'.
220 mail.domain.com.my ESMTP Postfix (By LinuxDotMy)
EHLO domain.com.my
250-mail.domain.com.my
250-PIPELINING
250-SIZE 512000000
250-VRFY
250-ETRN
250-STARTTLS
250-AUTH LOGIN PLAIN GSSAPI DIGEST-MD5 CRAM-MD5
250-AUTH=LOGIN PLAIN GSSAPI DIGEST-MD5 CRAM-MD5
250-ENHANCEDSTATUSCODES
250-8BITMIME
250 DSN
AUTH LOGIN
334 VXNlcm5hbWU6
YXNoYW1yaWw=
334 UGFzc3dvcmQ6
MXFhejJ3c3g=
235 2.7.0 Authentication successful


yahooooo setel.

p/s: man hours: 1st day till 4am, 2nd day till 2am. 3rd day baru setel... bape ek nak caj?
and
to all Hindu who celebrate Deepavali, A Very Happy Deepavali !