[Postfixbuch-users] Authentication Problem mit sasl
Patrick Ben Koetter
p at state-of-mind.de
Sa Mär 19 09:45:30 CET 2005
* Thoralf Liersch <thliersch at web-eagles.de>:
> >Ist Postfix in der SASL Gruppe? Bei Debian darf es sonst den socket von
> >saslauthd nicht anlangen. Außerdem: Läuft Postfix chrooted? Wenn ja, dann
> >erst mal raus aus dem chroot.
> >
> >
> Ja postfix befindet sich in der sasl gruppe.
> Postfix läuft bereits auserhalb von chroot, zumindest wenn ich die
> /etc/postfix/master.cf richtig interpretiert habe. zumindest steht dort
> überall ein "n"
>
> >Wenn Du weiterhin Probleme hast, nutze bitte saslfinger zum debuggen und
> >schicke den Output an die Liste.
> >
> >p at rick
> >
> >
> ich habe den output von saslfinger -c (1) und saslfinger -s (2) als
> attachment an diese mail mal drangehangen da ich immernoch hilfe benötige.
> saslfinger - postfix Cyrus sasl configuration Fri Mar 18 21:09:11 CET 2005
> version: 0.9.9.1
> mode: server-side SMTP AUTH
>
> -- basics --
> Postfix: 1.1.11
> System: Debian GNU/\s 3.0 \n \l
Seit letzter Woche gibt es Postfix 2.1.1.
Das Postfix das Du jetzt verwendest kann die meisten interessanten Anti-Spam
features nicht. Auf lange Zeit wirst Du damit nicht glücklich werden.
> -- smtpd is linked to --
> libsasl.so.7 => /usr/lib/libsasl.so.7 (0x40145000)
Dein Postfix ist gegen Cyrus-SASL.1.x gelinkt. Das ist steinalt. Du solltest
definitiv upgraden. Wie das aber bei Debian genau geht, kann ich Dir nicht
sagen.
SMTP AUTH für Cyrus-SASL.1.x und Cyrus-SASL.2.x wird unterschiedlich
konfiguriert. Überleg Dir mal, ob Du upgraden willst und dann entscheiden wir
uns für die passende Konfiguration.
p at rick
>
> -- active SMTP AUTH and TLS parameters for smtpd --
> broken_sasl_auth_clients = yes
> smtpd_sasl_auth_enable = yes
> smtpd_sasl_local_domain = $myhostname
> smtpd_sasl_security_options = noanonymous
>
>
> -- listing of /usr/lib/sasl --
> total 208
> drwxr-xr-x 2 root root 4096 Mar 11 15:40 .
> drwxr-xr-x 37 root root 8192 Mar 15 21:14 ..
> -rw-r--r-- 1 root root 5520 Oct 13 16:12 libanonymous.so
> -rw-r--r-- 1 root root 5520 Oct 13 16:12 libanonymous.so.1
> -rw-r--r-- 1 root root 5520 Oct 13 16:12 libanonymous.so.1.0.16
> -rw-r--r-- 1 root root 9988 Oct 13 16:12 libcrammd5.so
> -rw-r--r-- 1 root root 9988 Oct 13 16:12 libcrammd5.so.1
> -rw-r--r-- 1 root root 9988 Oct 13 16:12 libcrammd5.so.1.0.17
> -rw-r--r-- 1 root root 28492 Sep 20 2001 libdigestmd5.so
> -rw-r--r-- 1 root root 28492 Sep 20 2001 libdigestmd5.so.0
> -rw-r--r-- 1 root root 28492 Sep 20 2001 libdigestmd5.so.0.0.17
> -rw-r--r-- 1 root root 7776 Oct 13 16:12 liblogin.so
> -rw-r--r-- 1 root root 7776 Oct 13 16:12 liblogin.so.0
> -rw-r--r-- 1 root root 7776 Oct 13 16:12 liblogin.so.0.0.6
> -rw-r--r-- 1 root root 7428 Oct 13 16:12 libplain.so
> -rw-r--r-- 1 root root 7428 Oct 13 16:12 libplain.so.1
> -rw-r--r-- 1 root root 7428 Oct 13 16:12 libplain.so.1.0.15
> -rw-r--r-- 1 root root 20 Mar 11 15:40 smtpd.conf
>
> -- listing of /usr/lib/sasl2 --
> total 780
> drwxr-xr-x 2 root root 4096 Mar 15 21:14 .
> drwxr-xr-x 37 root root 8192 Mar 15 21:14 ..
> -rw-r--r-- 1 root root 12030 Oct 8 20:19 libanonymous.a
> -rw-r--r-- 1 root root 851 Oct 8 20:19 libanonymous.la
> -rw-r--r-- 1 root root 12092 Oct 8 20:19 libanonymous.so
> -rw-r--r-- 1 root root 12092 Oct 8 20:19 libanonymous.so.2
> -rw-r--r-- 1 root root 12092 Oct 8 20:19 libanonymous.so.2.0.19
> -rw-r--r-- 1 root root 14660 Oct 8 20:19 libcrammd5.a
> -rw-r--r-- 1 root root 837 Oct 8 20:19 libcrammd5.la
> -rw-r--r-- 1 root root 14596 Oct 8 20:19 libcrammd5.so
> -rw-r--r-- 1 root root 14596 Oct 8 20:19 libcrammd5.so.2
> -rw-r--r-- 1 root root 14596 Oct 8 20:19 libcrammd5.so.2.0.19
> -rw-r--r-- 1 root root 42534 Oct 8 20:19 libdigestmd5.a
> -rw-r--r-- 1 root root 860 Oct 8 20:19 libdigestmd5.la
> -rw-r--r-- 1 root root 39704 Oct 8 20:19 libdigestmd5.so
> -rw-r--r-- 1 root root 39704 Oct 8 20:19 libdigestmd5.so.2
> -rw-r--r-- 1 root root 39704 Oct 8 20:19 libdigestmd5.so.2.0.19
> -rw-r--r-- 1 root root 12524 Oct 8 20:19 liblogin.a
> -rw-r--r-- 1 root root 831 Oct 8 20:19 liblogin.la
> -rw-r--r-- 1 root root 12776 Oct 8 20:19 liblogin.so
> -rw-r--r-- 1 root root 12776 Oct 8 20:19 liblogin.so.2
> -rw-r--r-- 1 root root 12776 Oct 8 20:19 liblogin.so.2.0.19
> -rw-r--r-- 1 root root 28646 Oct 8 20:19 libntlm.a
> -rw-r--r-- 1 root root 825 Oct 8 20:19 libntlm.la
> -rw-r--r-- 1 root root 28456 Oct 8 20:19 libntlm.so
> -rw-r--r-- 1 root root 28456 Oct 8 20:19 libntlm.so.2
> -rw-r--r-- 1 root root 28456 Oct 8 20:19 libntlm.so.2.0.19
> -rw-r--r-- 1 root root 17988 Oct 8 20:19 libotp.a
> -rw-r--r-- 1 root root 825 Oct 8 20:19 libotp.la
> -rw-r--r-- 1 root root 40200 Oct 8 20:19 libotp.so
> -rw-r--r-- 1 root root 40200 Oct 8 20:19 libotp.so.2
> -rw-r--r-- 1 root root 40200 Oct 8 20:19 libotp.so.2.0.19
> -rw-r--r-- 1 root root 12472 Oct 8 20:19 libplain.a
> -rw-r--r-- 1 root root 831 Oct 8 20:19 libplain.la
> -rw-r--r-- 1 root root 12620 Oct 8 20:19 libplain.so
> -rw-r--r-- 1 root root 12620 Oct 8 20:19 libplain.so.2
> -rw-r--r-- 1 root root 12620 Oct 8 20:19 libplain.so.2.0.19
> -rw-r--r-- 1 root root 18734 Oct 8 20:19 libsasldb.a
> -rw-r--r-- 1 root root 837 Oct 8 20:19 libsasldb.la
> -rw-r--r-- 1 root root 16604 Oct 8 20:19 libsasldb.so
> -rw-r--r-- 1 root root 16604 Oct 8 20:19 libsasldb.so.2
> -rw-r--r-- 1 root root 16604 Oct 8 20:19 libsasldb.so.2.0.19
>
>
>
>
> -- content of /usr/lib/sasl/smtpd.conf --
> pwcheck_method: pam
>
> -- content of /etc/postfix/sasl/smtpd.conf --
> pwcheck_method: saslauthd
> mech_list: PLAIN LOGIN
> saslauthd_path: /var/run/saslauthd/mux
> autotransition: true
> log_level: 3
>
>
> -- active services in /etc/postfix/master.cf --
> # service type private unpriv chroot wakeup maxproc command + args
> # (yes) (yes) (yes) (never) (50)
> smtp inet n - n - - smtpd
Ja, smtpd ist nicht chrooted.
> pickup fifo n - n 60 1 pickup
> cleanup unix n - n - 0 cleanup
> qmgr fifo n - n 300 1 qmgr
> rewrite unix - - n - - trivial-rewrite
> bounce unix - - n - 0 bounce
> defer unix - - n - 0 bounce
> flush unix n - n 1000? 0 flush
> smtp unix - - n - - smtp
> showq unix n - n - - showq
> error unix - - n - - error
> local unix - n n - - local
> virtual unix - n n - - virtual
> lmtp unix - - n - - lmtp
> cyrus unix - n n - - pipe
> flags=R user=cyrus argv=/usr/sbin/cyrdeliver -e -m ${extension} ${user}
> uucp unix - n n - - pipe
> flags=Fqhu user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail ($recipient)
> ifmail unix - n n - - pipe
> flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient)
> bsmtp unix - n n - - pipe
> flags=Fq. user=bsmtp argv=/usr/lib/bsmtp/bsmtp -d -t$nexthop -f$sender $recipient
> scalemail-backend unix - n n - 2 pipe
> flags=R user=scalemail argv=/usr/lib/scalemail/bin/scalemail-store ${nexthop} ${user} ${extension}
>
> smtp-amavis unix - - n - 2 smtp -o smtp_data_done_timeout=1200
> 127.0.0.1:10025 inet n - n - - smtpd -o content_filter= -o local_recipient_maps= -o relay_recipient_maps= -o smtpd_restriction_classes= -o smtpd_client_restrictions= -o smtpd_helo_restrictions= -o smtpd_sender_restrictions= -o smtpd_recipient_restrictions=permit_mynetworks,reject -o mynetworks=127.0.0.0/8 -o strict_rfc821_envelopes=yes -o smtpd_error_sleep_time=0 -o smtpd_soft_error_limit=1001 -o smtpd_hard_error_limit=1000
>
> -- mechanisms on localhost --
> 250-AUTH LOGIN PLAIN
> 250-AUTH=LOGIN PLAIN
>
> -- end of saslfinger output --
>
> saslfinger - postfix Cyrus sasl configuration Fri Mar 18 18:57:01 CET 2005
> version: 0.9.9.1
> mode: client-side SMTP AUTH
>
> -- basics --
> Postfix: 1.1.11
> System: Debian GNU/\s 3.0 \n \l
>
> -- smtp is linked to --
> libsasl.so.7 => /usr/lib/libsasl.so.7 (0x40145000)
>
> -- active SMTP AUTH and TLS parameters for smtp --
> relayhost =
>
>
> -- listing of /usr/lib/sasl --
> total 208
> drwxr-xr-x 2 root root 4096 Mar 11 15:40 .
> drwxr-xr-x 37 root root 8192 Mar 15 21:14 ..
> -rw-r--r-- 1 root root 5520 Oct 13 16:12 libanonymous.so
> -rw-r--r-- 1 root root 5520 Oct 13 16:12 libanonymous.so.1
> -rw-r--r-- 1 root root 5520 Oct 13 16:12 libanonymous.so.1.0.16
> -rw-r--r-- 1 root root 9988 Oct 13 16:12 libcrammd5.so
> -rw-r--r-- 1 root root 9988 Oct 13 16:12 libcrammd5.so.1
> -rw-r--r-- 1 root root 9988 Oct 13 16:12 libcrammd5.so.1.0.17
> -rw-r--r-- 1 root root 28492 Sep 20 2001 libdigestmd5.so
> -rw-r--r-- 1 root root 28492 Sep 20 2001 libdigestmd5.so.0
> -rw-r--r-- 1 root root 28492 Sep 20 2001 libdigestmd5.so.0.0.17
> -rw-r--r-- 1 root root 7776 Oct 13 16:12 liblogin.so
> -rw-r--r-- 1 root root 7776 Oct 13 16:12 liblogin.so.0
> -rw-r--r-- 1 root root 7776 Oct 13 16:12 liblogin.so.0.0.6
> -rw-r--r-- 1 root root 7428 Oct 13 16:12 libplain.so
> -rw-r--r-- 1 root root 7428 Oct 13 16:12 libplain.so.1
> -rw-r--r-- 1 root root 7428 Oct 13 16:12 libplain.so.1.0.15
> -rw-r--r-- 1 root root 20 Mar 11 15:40 smtpd.conf
>
> -- listing of /usr/lib/sasl2 --
> total 780
> drwxr-xr-x 2 root root 4096 Mar 15 21:14 .
> drwxr-xr-x 37 root root 8192 Mar 15 21:14 ..
> -rw-r--r-- 1 root root 12030 Oct 8 20:19 libanonymous.a
> -rw-r--r-- 1 root root 851 Oct 8 20:19 libanonymous.la
> -rw-r--r-- 1 root root 12092 Oct 8 20:19 libanonymous.so
> -rw-r--r-- 1 root root 12092 Oct 8 20:19 libanonymous.so.2
> -rw-r--r-- 1 root root 12092 Oct 8 20:19 libanonymous.so.2.0.19
> -rw-r--r-- 1 root root 14660 Oct 8 20:19 libcrammd5.a
> -rw-r--r-- 1 root root 837 Oct 8 20:19 libcrammd5.la
> -rw-r--r-- 1 root root 14596 Oct 8 20:19 libcrammd5.so
> -rw-r--r-- 1 root root 14596 Oct 8 20:19 libcrammd5.so.2
> -rw-r--r-- 1 root root 14596 Oct 8 20:19 libcrammd5.so.2.0.19
> -rw-r--r-- 1 root root 42534 Oct 8 20:19 libdigestmd5.a
> -rw-r--r-- 1 root root 860 Oct 8 20:19 libdigestmd5.la
> -rw-r--r-- 1 root root 39704 Oct 8 20:19 libdigestmd5.so
> -rw-r--r-- 1 root root 39704 Oct 8 20:19 libdigestmd5.so.2
> -rw-r--r-- 1 root root 39704 Oct 8 20:19 libdigestmd5.so.2.0.19
> -rw-r--r-- 1 root root 12524 Oct 8 20:19 liblogin.a
> -rw-r--r-- 1 root root 831 Oct 8 20:19 liblogin.la
> -rw-r--r-- 1 root root 12776 Oct 8 20:19 liblogin.so
> -rw-r--r-- 1 root root 12776 Oct 8 20:19 liblogin.so.2
> -rw-r--r-- 1 root root 12776 Oct 8 20:19 liblogin.so.2.0.19
> -rw-r--r-- 1 root root 28646 Oct 8 20:19 libntlm.a
> -rw-r--r-- 1 root root 825 Oct 8 20:19 libntlm.la
> -rw-r--r-- 1 root root 28456 Oct 8 20:19 libntlm.so
> -rw-r--r-- 1 root root 28456 Oct 8 20:19 libntlm.so.2
> -rw-r--r-- 1 root root 28456 Oct 8 20:19 libntlm.so.2.0.19
> -rw-r--r-- 1 root root 17988 Oct 8 20:19 libotp.a
> -rw-r--r-- 1 root root 825 Oct 8 20:19 libotp.la
> -rw-r--r-- 1 root root 40200 Oct 8 20:19 libotp.so
> -rw-r--r-- 1 root root 40200 Oct 8 20:19 libotp.so.2
> -rw-r--r-- 1 root root 40200 Oct 8 20:19 libotp.so.2.0.19
> -rw-r--r-- 1 root root 12472 Oct 8 20:19 libplain.a
> -rw-r--r-- 1 root root 831 Oct 8 20:19 libplain.la
> -rw-r--r-- 1 root root 12620 Oct 8 20:19 libplain.so
> -rw-r--r-- 1 root root 12620 Oct 8 20:19 libplain.so.2
> -rw-r--r-- 1 root root 12620 Oct 8 20:19 libplain.so.2.0.19
> -rw-r--r-- 1 root root 18734 Oct 8 20:19 libsasldb.a
> -rw-r--r-- 1 root root 837 Oct 8 20:19 libsasldb.la
> -rw-r--r-- 1 root root 16604 Oct 8 20:19 libsasldb.so
> -rw-r--r-- 1 root root 16604 Oct 8 20:19 libsasldb.so.2
> -rw-r--r-- 1 root root 16604 Oct 8 20:19 libsasldb.so.2.0.19
>
>
> Cannot find the smtp_sasl_password_maps parameter in main.cf.
> Client-side SMTP AUTH cannot work without this parameter!
> --
> _______________________________________________
> Postfixbuch-users mailingliste
> Heinlein Professional Linux Support GmbH
>
> Postfixbuch-users at listi.jpberlin.de
> http://listi.jpberlin.de/mailman/listinfo/postfixbuch-users
--
SMTP AUTH
Howto: <http://postfix.state-of-mind.de/patrick.koetter/smtpauth/>
Debug: <http://postfix.state-of-mind.de/patrick.koetter/saslfinger/>
Mehr Informationen über die Mailingliste Postfixbuch-users