[Postfixbuch-users] Re
Patrick Ben Koetter
p at state-of-mind.de
Fr Jun 3 17:51:04 CEST 2005
* Stefan G. Weichinger <monitor at oops.co.at>:
>
> Hello again, p at rick
>
> heute (am 03.06.2005 um 14:40 Uhr) hast du geschrieben:
>
> PBK>> Wenn Du mit der Konfiguration nicht
> PBK>> weiterkommst, schick die Ausgabe von "saslfinger -c".
>
> Ok, kann ja nix schaden, oder?
Schaden kann es nichts, darauf habe ich beim Schreiben von saslfinger drauf
geachtet. Geholfen hat es aber auch nichts, denn ich war so dumm, Dich zu
bitten "saslfinger -c" zu schicken und nicht "saslfinger -s", sorry!
Wenn Du sasldb mit einbinden willst, dann mach folgendes:
in /usr/lib/sasl2/smtpd.conf:
pwcheck_method: auxprop
mech_list: PLAIN LOGIN CRAM-MD5 DIGEST-MD5
auxprop_plugin: sasldb
in main.cf:
smtpd_sasl_auth_enable = yes
smtpd_sasl_security_options = noanonymous
broken_sasl_auth_clients = yes
# smtpd_sasl_local_domain =
WICHTIG Deine Mailclients müssen sich mit dem usernamen "username at domain"
anmelden, wobei der Domain entspricht, die Du den usern in der sasldb gegeben
hast. Das findest Du mit sasldblistusers2 raus.
p at rick
>
> root at mail01:~ # saslfinger -c
> saslfinger - postfix Cyrus sasl configuration Fri Jun 3 15:35:26 CEST 2005
> version: 0.9.9.1
> mode: client-side SMTP AUTH
>
> -- basics --
> Postfix: 2.2.1
> System:
> Welcome to SuSE Linux 9.3 (i586) - Kernel \r (\l).
>
> -- smtp is linked to --
> libsasl2.so.2 => /usr/lib/libsasl2.so.2 (0x4006a000)
>
> -- active SMTP AUTH and TLS parameters for smtp --
> relayhost =
> smtp_sasl_auth_enable = yes
> smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd
> smtp_use_tls = no
>
>
> -- listing of /usr/lib/sasl2 --
> total 656
> drwxr-xr-x 2 root root 4096 Jun 2 20:12 .
> drwxr-xr-x 43 root root 12288 Jun 2 20:08 ..
> -rwxr-xr-x 1 root root 695 Mar 19 21:29 libanonymous.la
> -rwxr-xr-x 1 root root 13560 Mar 19 21:29 libanonymous.so
> -rwxr-xr-x 1 root root 13560 Mar 19 21:29 libanonymous.so.2
> -rwxr-xr-x 1 root root 13560 Mar 19 21:29 libanonymous.so.2.0.20
> -rwxr-xr-x 1 root root 683 Mar 19 21:29 libcrammd5.la
> -rwxr-xr-x 1 root root 15828 Mar 19 21:29 libcrammd5.so
> -rwxr-xr-x 1 root root 15828 Mar 19 21:29 libcrammd5.so.2
> -rwxr-xr-x 1 root root 15828 Mar 19 21:29 libcrammd5.so.2.0.20
> -rwxr-xr-x 1 root root 713 Mar 19 21:29 libdigestmd5.la
> -rwxr-xr-x 1 root root 43544 Mar 19 21:29 libdigestmd5.so
> -rwxr-xr-x 1 root root 43544 Mar 19 21:29 libdigestmd5.so.2
> -rwxr-xr-x 1 root root 43544 Mar 19 21:29 libdigestmd5.so.2.0.20
> -rwxr-xr-x 1 root root 749 Mar 19 21:29 libgssapiv2.la
> -rwxr-xr-x 1 root root 25912 Mar 19 21:29 libgssapiv2.so
> -rwxr-xr-x 1 root root 25912 Mar 19 21:29 libgssapiv2.so.2
> -rwxr-xr-x 1 root root 25912 Mar 19 21:29 libgssapiv2.so.2.0.20
> -rwxr-xr-x 1 root root 679 Mar 19 21:29 liblogin.la
> -rwxr-xr-x 1 root root 14420 Mar 19 21:29 liblogin.so
> -rwxr-xr-x 1 root root 14420 Mar 19 21:29 liblogin.so.2
> -rwxr-xr-x 1 root root 14420 Mar 19 21:29 liblogin.so.2.0.20
> -rwxr-xr-x 1 root root 675 Mar 19 21:29 libotp.la
> -rwxr-xr-x 1 root root 44924 Mar 19 21:29 libotp.so
> -rwxr-xr-x 1 root root 44924 Mar 19 21:29 libotp.so.2
> -rwxr-xr-x 1 root root 44924 Mar 19 21:29 libotp.so.2.0.20
> -rwxr-xr-x 1 root root 679 Mar 19 21:29 libplain.la
> -rwxr-xr-x 1 root root 14420 Mar 19 21:29 libplain.so
> -rwxr-xr-x 1 root root 14420 Mar 19 21:29 libplain.so.2
> -rwxr-xr-x 1 root root 14420 Mar 19 21:29 libplain.so.2.0.20
> -rwxr-xr-x 1 root root 707 Mar 19 21:29 libsasldb.la
> -rwxr-xr-x 1 root root 18792 Mar 19 21:29 libsasldb.so
> -rwxr-xr-x 1 root root 18792 Mar 19 21:29 libsasldb.so.2
> -rwxr-xr-x 1 root root 18792 Mar 19 21:29 libsasldb.so.2.0.20
> -rw-r--r-- 1 root root 108 Jun 2 20:11 sample.conf
> -rw-r--r-- 1 root root 108 Jun 2 20:11 smtpd.conf
>
>
> -- permissions for /etc/postfix/sasl_passwd --
> -rw------- 1 root root 172 Jun 3 15:28 /etc/postfix/sasl_passwd
>
> -- permissions for /etc/postfix/sasl_passwd.db --
> -rw------- 1 root root 12288 Jun 3 15:29 /etc/postfix/sasl_passwd.db
>
> /etc/postfix/sasl_passwd.db is up to date.
>
> -- active services in /etc/postfix/master.cf --
> # service type private unpriv chroot wakeup maxproc command + args
> # (yes) (yes) (yes) (never) (100)
> smtp inet n - n - 10 smtpd
> localhost:10025 inet n - n - - smtpd -o content_filter=
> pickup fifo n - n 60 1 pickup
> cleanup unix n - n - 0 cleanup
> qmgr fifo n - n 300 1 qmgr
> rewrite unix - - n - - trivial-rewrite
> bounce unix - - n - 0 bounce
> defer unix - - n - 0 bounce
> trace unix - - n - 0 bounce
> verify unix - - n - 1 verify
> flush unix n - n 1000? 0 flush
> proxymap unix - - n - - proxymap
> smtp unix - - n - - smtp
> relay unix - - n - - smtp
> -o fallback_relay=
> showq unix n - n - - showq
> error unix - - n - - error
> discard unix - - n - - discard
> local unix - n n - - local
> virtual unix - n n - - virtual
> lmtp unix - - n - - lmtp
> anvil unix - - n - 1 anvil
> scache unix - - n - 1 scache
> maildrop unix - n n - - pipe
> flags=DRhu user=vmail argv=/usr/local/bin/maildrop -d ${recipient}
> cyrus unix - n n - - pipe
> user=cyrus argv=/usr/lib/cyrus/bin/deliver -e -r ${sender} -m ${extension} ${user}
> uucp unix - n n - - pipe
> flags=Fqhu user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail ($recipient)
> ifmail unix - n n - - pipe
> flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient)
> bsmtp unix - n n - - pipe
> flags=Fq. user=foo argv=/usr/local/sbin/bsmtp -f $sender $nexthop $recipient
> procmail unix - n n - - pipe
> flags=R user=nobody argv=/usr/bin/procmail -t -m /etc/procmailrc ${sender} ${recipient}
>
>
> smtp-amavis unix - - n - 2 smtp
> -o smtp_data_done_timeout=1800
> -o disable_dns_lookups=yes
>
>
> -- end of saslfinger output --
>
>
> Und das mit dieser Konfiguration:
>
> root at mail01:~ # postconf -n
> alias_maps = hash:/etc/aliases
> biff = no
> broken_sasl_auth_clients = yes
> canonical_maps = hash:/etc/postfix/canonical
> command_directory = /usr/sbin
> config_directory = /etc/postfix
> content_filter = smtp-amavis:[127.0.0.1]:10024
> daemon_directory = /usr/lib/postfix
> debug_peer_level = 2
> defer_transports =
> disable_dns_lookups = no
> disable_vrfy_command = yes
> html_directory = /usr/share/doc/packages/postfix/html
> inet_protocols = all
> local_recipient_maps = proxy:unix:passwd.byname $alias_maps hash:/etc/postfix/cyrus_user_list
> mail_owner = postfix
> mail_spool_directory = /var/mail
> mailbox_command =
> mailbox_size_limit = 0
> mailbox_transport = lmtp:unix:public/lmtp
> mailq_path = /usr/bin/mailq
> manpage_directory = /usr/share/man
> masquerade_classes = envelope_sender, header_sender, header_recipient
> masquerade_domains =
> masquerade_exceptions = root
> message_size_limit = 10240000
> mydestination = $myhostname, localhost.$mydomain, localhost, $mydomain
> myhostname = <myhostname>
> mynetworks = x.y.z.a/8, 127.0.0.0/8
> mynetworks_style = subnet
> myorigin = $myhostname
> newaliases_path = /usr/bin/newaliases
> proxy_interfaces = x.y.z.250
> queue_directory = /var/spool/postfix
> readme_directory = /usr/share/doc/packages/postfix/README_FILES
> relayhost =
> relocated_maps = hash:/etc/postfix/relocated
> sample_directory = /usr/share/doc/packages/postfix/samples
> sender_canonical_maps = hash:/etc/postfix/sender_canonical
> sendmail_path = /usr/sbin/sendmail
> setgid_group = maildrop
> smtp_sasl_auth_enable = yes
> smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd
> smtp_use_tls = no
> smtpd_banner = $myhostname ESMTP
> smtpd_client_restrictions =
> smtpd_data_restrictions = reject_unauth_pipelining, permit
> smtpd_helo_required = yes
> smtpd_helo_restrictions =
> smtpd_recipient_restrictions = reject_non_fqdn_sender, reject_unknown_sender_domain, reject_unknown_recipient_domain, permit_sasl_authenticated, permit_mynetworks, reject_unauth_destination, check_recipient_access hash:/etc/postfix/roleaccount_exceptions, check_sender_access hash:/etc/postfix/sender_checks, check_helo_access pcre:/etc/postfix/helo_checks, reject_invalid_hostname, reject_non_fqdn_hostname, reject_rbl_client sbl-xbl.spamhaus.org, reject_rbl_client list.dsbl.org, reject_rbl_client relays.ordb.org, check_policy_service inet:127.0.0.1:10026, permit
> smtpd_sasl_auth_enable = yes
> smtpd_sasl_local_domain = mail01
> smtpd_sasl_security_options = noanonymous
> smtpd_sender_restrictions = hash:/etc/postfix/access
> smtpd_tls_auth_only = no
> smtpd_use_tls = no
> strict_rfc821_envelopes = no
> transport_maps = hash:/etc/postfix/transport
> unknown_local_recipient_reject_code = 450
>
>
> ----
>
> Ich habe mir erstmal so beholfen:
>
> sasldblistusers2 > /etc/postfix/cyrus_user_list
>
> (da drinnen händisch die ":" entfernt :) )
>
> postmap /etc/postfix/cyrus_user_list
>
> und das in die local_recipient_maps eingebunden.
>
> Meine Suche in den postfix-users-Archiven haben mich noch nicht
> erleuchtet ....
>
> Es ist mir klar, daß das keine Dauerlösung so ist ...
>
> --
> Bis bald,
> Stefan
>
> --
> _______________________________________________
> Postfixbuch-users mailingliste
> Heinlein Professional Linux Support GmbH
>
> Postfixbuch-users at listi.jpberlin.de
> http://listi.jpberlin.de/mailman/listinfo/postfixbuch-users
--
The Book of Postfix
<http://www.postfix-book.com>
SMTP AUTH debug utility:
<http://postfix.state-of-mind.de/patrick.koetter/saslfinger/>
Mehr Informationen über die Mailingliste Postfixbuch-users