[Postfixbuch-users] sasl mit Postfix 2.2

Patrick Ben Koetter p at state-of-mind.de
Di Apr 19 10:31:44 CEST 2005


* postfix at moonsmile.ch <postfix at moonsmile.ch>:
> Guten Morgen
> 
> Gestern habe ich Postfix 2.2 aus debian unstable installiert. Funktioniert
> soweit einwandfrei, ausser die Identifikation der Clients mit sasl funktioniert
> nicht mehr.
> 
> Die Daten zur Identifikation liegen in einer MySQL DB. An der Konfiguration von
> Postfix und MySQL habe ich nichts geändert.

Dein smtpd daemon läuft chrooted. Hast Du den MySQL socket im chroot? Wenn
nicht, dann nimm smtpd mal aus dem chroot und teste nochmal.

p at rick




> 
> Ich hoffe mir kann jemand weiterhelfen.
> 
> /var/log/mail.log:
> 
> Apr 19 09:48:39 moon postfix/smtpd[6949]: warning: SASL authentication failure:
> no secret in database
> Apr 19 09:48:39 moon postfix/smtpd[6949]: warning:
> moon.moonsmile.ch[192.168.0.1]: SASL CRAM-MD5 authentication failed
> Apr 19 09:48:39 moon postfix/smtpd[6949]: warning: SASL authentication failure:
> no secret in database
> Apr 19 09:48:39 moon postfix/smtpd[6949]: warning:
> moon.moonsmile.ch[192.168.0.1]: SASL NTLM authentication failed
> Apr 19 09:48:39 moon postfix/smtpd[6949]: warning: SASL authentication failure:
> Password verification failed
> Apr 19 09:48:39 moon postfix/smtpd[6949]: warning:
> moon.moonsmile.ch[192.168.0.1]: SASL PLAIN authentication failed
> Apr 19 09:48:43 moon postfix/smtpd[6949]: warning:
> moon.moonsmile.ch[192.168.0.1]: SASL LOGIN authentication failed
> Apr 19 09:48:48 moon postfix/smtpd[6949]: lost connection after AUTH from
> moon.moonsmile.ch[192.168.0.1]
> Apr 19 09:48:48 moon postfix/smtpd[6949]: disconnect from
> moon.moonsmile.ch[192.168.0.1]
> 
> Kann es sein das mit dem sql-plugin von sasl etwas nicht stimmt?
> 
> saslfinger -s:
> 
> saslfinger - postfix Cyrus sasl configuration Tue Apr 19 09:21:12 CEST 2005
> version: 0.9.9.1
> mode: server-side SMTP AUTH
> 
> -- basics --
> Postfix: 2.2.2
> System: Debian GNU/Linux testing/unstable \n \l
> 
> -- smtpd is linked to --
>         libsasl2.so.2 => /usr/lib/libsasl2.so.2 (0x401b5000)
> 
> -- active SMTP AUTH and TLS parameters for smtpd --
> smtpd_sasl_auth_enable = yes
> smtpd_sasl_local_domain =
> smtpd_sasl_security_options = noanonymous
> smtpd_tls_CAfile = /etc/postfix/ssl/capub.crt
> smtpd_tls_cert_file = /etc/postfix/ssl/smtpd.crt
> smtpd_tls_key_file = /etc/postfix/ssl/smtpd.key
> smtpd_use_tls = yes
> 
> 
> -- listing of /usr/lib/sasl2 --
> total 956
> drwxr-xr-x   2 root root  4096 2004-12-19 08:41 .
> drwxr-xr-x  57 root root 20480 2005-04-18 09:50 ..
> -rw-r--r--   1 root root 13488 2004-10-16 23:02 libanonymous.a
> -rw-r--r--   1 root root   851 2004-10-16 23:02 libanonymous.la
> -rwxrwxrwx   1 root root 13824 2004-10-16 23:02 libanonymous.so
> -rwxrwxrwx   1 root root 13824 2004-10-16 23:02 libanonymous.so.2
> -rwxrwxrwx   1 root root 13824 2004-10-16 23:02 libanonymous.so.2.0.19
> -rw-r--r--   1 root root 16298 2004-10-16 23:02 libcrammd5.a
> -rw-r--r--   1 root root   837 2004-10-16 23:02 libcrammd5.la
> -rwxrwxrwx   1 root root 16180 2004-10-16 23:02 libcrammd5.so
> -rwxrwxrwx   1 root root 16180 2004-10-16 23:02 libcrammd5.so.2
> -rwxrwxrwx   1 root root 16180 2004-10-16 23:02 libcrammd5.so.2.0.19
> -rw-r--r--   1 root root 47516 2004-10-16 23:02 libdigestmd5.a
> -rw-r--r--   1 root root   860 2004-10-16 23:02 libdigestmd5.la
> -rwxrwxrwx   1 root root 43944 2004-10-16 23:02 libdigestmd5.so
> -rwxrwxrwx   1 root root 43944 2004-10-16 23:02 libdigestmd5.so.2
> -rwxrwxrwx   1 root root 43944 2004-10-16 23:02 libdigestmd5.so.2.0.19
> -rw-r--r--   1 root root 13726 2004-10-16 23:02 liblogin.a
> -rw-r--r--   1 root root   831 2004-10-16 23:02 liblogin.la
> -rwxrwxrwx   1 root root 14028 2004-10-16 23:02 liblogin.so
> -rwxrwxrwx   1 root root 14028 2004-10-16 23:02 liblogin.so.2
> -rwxrwxrwx   1 root root 14028 2004-10-16 23:02 liblogin.so.2.0.19
> -rw-r--r--   1 root root 31248 2004-10-16 23:02 libntlm.a
> -rw-r--r--   1 root root   825 2004-10-16 23:02 libntlm.la
> -rwxrwxrwx   1 root root 30660 2004-10-16 23:02 libntlm.so
> -rwxrwxrwx   1 root root 30660 2004-10-16 23:02 libntlm.so.2
> -rwxrwxrwx   1 root root 30660 2004-10-16 23:02 libntlm.so.2.0.19
> -rw-r--r--   1 root root 20142 2004-10-16 23:02 libotp.a
> -rw-r--r--   1 root root   825 2004-10-16 23:02 libotp.la
> -rwxrwxrwx   1 root root 43184 2004-10-16 23:02 libotp.so
> -rwxrwxrwx   1 root root 43184 2004-10-16 23:02 libotp.so.2
> -rwxrwxrwx   1 root root 43184 2004-10-16 23:02 libotp.so.2.0.19
> -rw-r--r--   1 root root 13886 2004-10-16 23:02 libplain.a
> -rw-r--r--   1 root root   831 2004-10-16 23:02 libplain.la
> -rwxrwxrwx   1 root root 14096 2004-10-16 23:02 libplain.so
> -rwxrwxrwx   1 root root 14096 2004-10-16 23:02 libplain.so.2
> -rwxrwxrwx   1 root root 14096 2004-10-16 23:02 libplain.so.2.0.19
> -rw-r--r--   1 root root 21798 2004-10-16 23:02 libsasldb.a
> -rw-r--r--   1 root root   852 2004-10-16 23:02 libsasldb.la
> -rwxrwxrwx   1 root root 18692 2004-10-16 23:02 libsasldb.so
> -rwxrwxrwx   1 root root 18692 2004-10-16 23:02 libsasldb.so.2
> -rwxrwxrwx   1 root root 18692 2004-10-16 23:02 libsasldb.so.2.0.19
> -rw-r--r--   1 root root 22168 2004-10-16 23:02 libsql.a
> -rw-r--r--   1 root root   874 2004-10-16 23:02 libsql.la
> -rw-r--r--   1 root root 22132 2004-10-16 23:02 libsql.so
> -rw-r--r--   1 root root 22132 2004-10-16 23:02 libsql.so.2
> -rw-r--r--   1 root root 22132 2004-10-16 23:02 libsql.so.2.0.19
> 
> 
> 
> 
> -- content of /etc/postfix/sasl/smtpd.conf --
> log_level: 3
> pwcheck_mathod: auxprop
> mech_list: PLAIN LOGIN CRAM-MD5 DIGEST-MD5
> 
> auxprop_plugin: sql
> sql_engine: mysql
> sql_hostnames: moon
> sql_database: mailbase
> sql_user: --- replaced ---
> sql_passwd: --- replaced ---
> sql_select: SELECT pw FROM mailbase WHERE mail = '%u@%r'
> sql_usessl: no
> 
> 
> 
> -- active services in /etc/postfix/master.cf --
> # service type  private unpriv  chroot  wakeup  maxproc command + args
> #               (yes)   (yes)   (yes)   (never) (100)
> smtp      inet  n       -       -       -       30      smtpd
> pickup    fifo  n       -       -       60      1       pickup
> cleanup   unix  n       -       -       -       0       cleanup
> qmgr      fifo  n       -       -       300     1       qmgr
> rewrite   unix  -       -       -       -       -       trivial-rewrite
> bounce    unix  -       -       -       -       0       bounce
> defer     unix  -       -       -       -       0       bounce
> flush     unix  n       -       -       1000?   0       flush
> proxymap  unix  -       -       n       -       -       proxymap
> smtp      unix  -       -       -       -       30      smtp
> relay     unix  -       -       -       -       -       smtp
> showq     unix  n       -       -       -       -       showq
> error     unix  -       -       -       -       -       error
> local     unix  -       n       n       -       -       local
> virtual   unix  -       n       n       -       -       virtual
> lmtp      unix  -       -       n       -       -       lmtp
> vscan     unix  -       -       n       -       10      smtp
> 
> maildrop  unix  -       n       n       -       -       pipe
>   flags=R user=vmail argv=/usr/bin/maildrop -d ${recipient}
> cyrus     unix  -       n       n       -       -       pipe
>   flags=R user=cyrus argv=/usr/sbin/cyrdeliver -e -m ${extension} ${user}
> uucp      unix  -       n       n       -       -       pipe
>   flags=Fqhu user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail ($recipient)
> ifmail    unix  -       n       n       -       -       pipe
>   flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient)
> bsmtp     unix  -       n       n       -       -       pipe
>   flags=Fq. user=bsmtp argv=/usr/lib/bsmtp/bsmtp -d -t$nexthop -f$sender
> $recipient
> scalemail-backend unix  -       n       n       -       2       pipe
>   flags=R user=scalemail argv=/usr/lib/scalemail/bin/scalemail-store ${nexthop}
> ${user} ${extension}
> 
> 
> localhost:10025 inet    n       n       n       -       10      smtpd
>   -o content_filter=
>   -o local_recipient_maps=
>   -o relay_recipient_maps=
>   -o smtpd_restriction_classes=
>   -o smtpd_client_restrictions=
>   -o smtpd_helo_restricitons=
>   -o smtpd_sender_restrictions=
>   -o smtpd_recipient_restrictions=permit_mynetworks,reject
>   -o mynetworks=127.0.0.0/8
>   -o strict_rfc821_envelopes=yes
> trace     unix  -       -       -       -       0       bounce
> verify    unix  -       -       -       -       1       verify
> tlsmgr    unix  -       -       -       1000?   1       tlsmgr
> anvil     unix  -       -       -       -       1       anvil
> scache    unix  -       -       -       -       1       scache
> discard   unix  -       -       -       -       -       discard
> 
> -- mechanisms on localhost --
> 250-AUTH NTLM LOGIN PLAIN DIGEST-MD5 CRAM-MD5
> 
> 
> -- end of saslfinger output --
> 
> postconf -n:
> 
> alias_database = hash:/etc/aliases, hash:/var/lib/mailman/data/aliases
> alias_maps = hash:/etc/aliases, hash:/var/lib/mailman/data/aliases
> biff = no
> config_directory = /etc/postfix
> content_filter = vscan:localhost:10024
> header_checks = pcre:/etc/postfix/header_checks.pcre
> home_mailbox = Maildir/
> local_recipient_maps = $alias_maps $virtual_uid_maps
> mailbox_size_limit = 0
> message_size_limit = 20480000
> mydestination = $myhostname     localhost.$myhostname   $mydomain      
> localhost       lists.moonsmile.ch
> mydomain = moonsmile.ch
> myhostname = mail.moonsmile.ch
> mynetworks = 127.0.0.0/8,192.168.0.0/24
> myorigin = /etc/mailname
> recipient_canonical_maps = hash:/etc/postfix/recipient_canonical,
> hash:/etc/postfix/lummerland/recipient_canonical
> recipient_delimiter = +
> sender_canonical_maps = hash:/etc/postfix/sender_canonical,
> hash:/etc/postfix/lummerland/sender_canonical
> smtp_sasl_auth_enable = yes
> smtp_sasl_password_maps = hash:/etc/postfix/saslpasswd
> smtp_sasl_security_options = noanonymous
> smtp_tls_CAfile = /etc/postfix/ssl/capub.crt
> smtp_tls_cert_file = /etc/postfix/ssl/smtpd.crt
> smtp_tls_key_file = /etc/postfix/ssl/smtpd.key
> smtp_use_tls = yes
> smtpd_banner = $myhostname ESMTP
> smtpd_recipient_restrictions = permit_mynetworks,   reject_non_fqdn_recipient,  
> reject_non_fqdn_sender,   reject_non_fqdn_hostname,   reject_invalid_hostname,  
> reject_unknown_sender_domain,   reject_unknown_recipient_domain,  
> check_helo_access hash:/etc/postfix/helo_access,   check_sender_access
> hash:/etc/postfix/access,   permit_sasl_authenticated,   permit_mynetworks,  
> check_policy_service inet:127.0.0.1:60000,   permit_mx_backup,  
> reject_unauth_destination,   permit
> smtpd_sasl_auth_enable = yes
> smtpd_sasl_local_domain =
> smtpd_sasl_security_options = noanonymous
> smtpd_tls_CAfile = /etc/postfix/ssl/capub.crt
> smtpd_tls_cert_file = /etc/postfix/ssl/smtpd.crt
> smtpd_tls_key_file = /etc/postfix/ssl/smtpd.key
> smtpd_use_tls = yes
> soft_bounce = no
> transport_maps = hash:/etc/postfix/transport,
> hash:/etc/postfix/transport_mailbase
> virtual_gid_maps = static:5001
> virtual_mailbox_base = /srv
> virtual_mailbox_domains = klumpfuss-info.ch, lummerland.ch
> virtual_mailbox_maps = hash:/etc/postfix/mailbox
> virtual_minimum_uid = 5000
> virtual_uid_maps = static:5001
> 
> Gruss und Danke
> Thomas
> 
> ----------------------------------------------------------------
> This message was sent using IMP, the Internet Messaging Program.
> -- 
> _______________________________________________
> Postfixbuch-users mailingliste
> Heinlein Professional Linux Support GmbH
> 
> Postfixbuch-users at listi.jpberlin.de
> http://listi.jpberlin.de/mailman/listinfo/postfixbuch-users

-- 
The Book of Postfix
<http://www.postfix-book.com>
SMTP AUTH debug utility:
<http://postfix.state-of-mind.de/patrick.koetter/saslfinger/>



Mehr Informationen über die Mailingliste Postfixbuch-users