[Postfixbuch-users] Sasl ... wie immer

Jan Scholten Jammer at gmx.de
Mi Apr 25 12:25:19 CEST 2007 

Guten Tag Postfixbuch-users,

Ich hänge ein bischen zwischen den Seilen.

1. es geht wenn postfix nicht im chroot läuft
2. sasl geht nicht wenn postfix im chroot läuft, aber ich weiß nicht warum.
3. userdaten stehen im mysql (nach workaround.org)
4. Es handelt sich um ein Debian Etch
5. Ich dachte wenn ich mysql über tcp anspreche muß ich keine Sockets in das chroot legen.
6. courier-pop/imap über courier-authdaemon geht

Meine Config:
saslfinger -s

saslfinger - postfix Cyrus sasl configuration Wed Apr 25 12:21:01 CEST 2007
version: 1.0.1
mode: server-side SMTP AUTH

-- basics --
Postfix: 2.3.8
System: Debian GNU/Linux 4.0 \n \l

-- smtpd is linked to --
        libsasl2.so.2 => /usr/lib/libsasl2.so.2 (0x00002b079ed0b000)

-- active SMTP AUTH and TLS parameters for smtpd --
broken_sasl_auth_clients = yes
smtpd_sasl_auth_enable = yes
smtpd_sasl_security_options = noanonymous
smtpd_tls_cert_file = /etc/ssl/certs/ssl-cert-snakeoil.pem
smtpd_tls_key_file = /etc/ssl/private/ssl-cert-snakeoil.key
smtpd_tls_session_cache_database = btree:${queue_directory}/smtpd_scache
smtpd_use_tls = yes


-- listing of /usr/lib/sasl2 --
total 924
drwxr-xr-x  2 root root  4096 2007-04-24 15:08 .
drwxr-xr-x 39 root root  8192 2007-04-24 15:08 ..
-rw-r--r--  1 root root 18868 2006-12-13 22:52 libanonymous.a
-rw-r--r--  1 root root   855 2006-12-13 22:52 libanonymous.la
-rw-r--r--  1 root root 15792 2006-12-13 22:52 libanonymous.so
-rw-r--r--  1 root root 15792 2006-12-13 22:52 libanonymous.so.2
-rw-r--r--  1 root root 15792 2006-12-13 22:52 libanonymous.so.2.0.22
-rw-r--r--  1 root root 21754 2006-12-13 22:52 libcrammd5.a
-rw-r--r--  1 root root   841 2006-12-13 22:52 libcrammd5.la
-rw-r--r--  1 root root 19184 2006-12-13 22:52 libcrammd5.so
-rw-r--r--  1 root root 19184 2006-12-13 22:52 libcrammd5.so.2
-rw-r--r--  1 root root 19184 2006-12-13 22:52 libcrammd5.so.2.0.22
-rw-r--r--  1 root root 60216 2006-12-13 22:52 libdigestmd5.a
-rw-r--r--  1 root root   864 2006-12-13 22:52 libdigestmd5.la
-rw-r--r--  1 root root 48504 2006-12-13 22:52 libdigestmd5.so
-rw-r--r--  1 root root 48504 2006-12-13 22:52 libdigestmd5.so.2
-rw-r--r--  1 root root 48504 2006-12-13 22:52 libdigestmd5.so.2.0.22
-rw-r--r--  1 root root 19094 2006-12-13 22:52 liblogin.a
-rw-r--r--  1 root root   835 2006-12-13 22:52 liblogin.la
-rw-r--r--  1 root root 16424 2006-12-13 22:52 liblogin.so
-rw-r--r--  1 root root 16424 2006-12-13 22:52 liblogin.so.2
-rw-r--r--  1 root root 16424 2006-12-13 22:52 liblogin.so.2.0.22
-rw-r--r--  1 root root 38700 2006-12-13 22:52 libntlm.a
-rw-r--r--  1 root root   829 2006-12-13 22:52 libntlm.la
-rw-r--r--  1 root root 32520 2006-12-13 22:52 libntlm.so
-rw-r--r--  1 root root 32520 2006-12-13 22:52 libntlm.so.2
-rw-r--r--  1 root root 32520 2006-12-13 22:52 libntlm.so.2.0.22
-rw-r--r--  1 root root 19134 2006-12-13 22:52 libplain.a
-rw-r--r--  1 root root   835 2006-12-13 22:52 libplain.la
-rw-r--r--  1 root root 16392 2006-12-13 22:52 libplain.so
-rw-r--r--  1 root root 16392 2006-12-13 22:52 libplain.so.2
-rw-r--r--  1 root root 16392 2006-12-13 22:52 libplain.so.2.0.22
-rw-r--r--  1 root root 29100 2007-02-07 16:32 libsasldb.a
-rw-r--r--  1 root root   856 2007-02-07 16:32 libsasldb.la
-rw-r--r--  1 root root 21456 2007-02-07 16:32 libsasldb.so
-rw-r--r--  1 root root 21456 2007-02-07 16:32 libsasldb.so.2
-rw-r--r--  1 root root 21456 2007-02-07 16:32 libsasldb.so.2.0.22
-rw-r--r--  1 root root 33056 2006-12-13 22:52 libsql.a
-rw-r--r--  1 root root   964 2006-12-13 22:52 libsql.la
-rw-r--r--  1 root root 27872 2006-12-13 22:52 libsql.so
-rw-r--r--  1 root root 27872 2006-12-13 22:52 libsql.so.2
-rw-r--r--  1 root root 27872 2006-12-13 22:52 libsql.so.2.0.22




-- content of /etc/postfix/sasl/smtpd.conf --
log_level: 7
pwcheck_method: auxprop
auxprop_plugin: sql
mech_list: plain login cram-md5 digest-md5
sql_engine: mysql
sql_hostnames: localhost
sql_user: --- replaced ---
sql_passwd: --- replaced ---
sql_database: mail
sql_select: select password from users where email='%u@%r'


-- active services in /etc/postfix/master.cf --
# service type  private unpriv  chroot  wakeup  maxproc command + args
#               (yes)   (yes)   (yes)   (never) (100)
smtp      inet  n       -       -       -       -       smtpd
pickup    fifo  n       -       -       60      1       pickup
cleanup   unix  n       -       -       -       0       cleanup
qmgr      fifo  n       -       n       300     1       qmgr
tlsmgr    unix  -       -       -       1000?   1       tlsmgr
rewrite   unix  -       -       -       -       -       trivial-rewrite
bounce    unix  -       -       -       -       0       bounce
defer     unix  -       -       -       -       0       bounce
trace     unix  -       -       -       -       0       bounce
verify    unix  -       -       -       -       1       verify
flush     unix  n       -       -       1000?   0       flush
proxymap  unix  -       -       n       -       -       proxymap
smtp      unix  -       -       -       -       -       smtp
relay     unix  -       -       -       -       -       smtp
        -o fallback_relay=
showq     unix  n       -       -       -       -       showq
error     unix  -       -       -       -       -       error
discard   unix  -       -       -       -       -       discard
local     unix  -       n       n       -       -       local
virtual   unix  -       n       n       -       -       virtual
lmtp      unix  -       -       -       -       -       lmtp
anvil     unix  -       -       -       -       1       anvil
scache    unix  -       -       -       -       1       scache
maildrop  unix  -       n       n       -       -       pipe
  flags=DRhu user=vmail argv=/usr/bin/maildrop -d ${recipient}
uucp      unix  -       n       n       -       -       pipe
  flags=Fqhu user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail ($recipient)
ifmail    unix  -       n       n       -       -       pipe
  flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient)
bsmtp     unix  -       n       n       -       -       pipe
  flags=Fq. user=bsmtp argv=/usr/lib/bsmtp/bsmtp -t$nexthop -f$sender $recipient
scalemail-backend unix  -       n       n       -       2       pipe
  flags=R user=scalemail argv=/usr/lib/scalemail/bin/scalemail-store ${nexthop} ${user} ${extension}
mailman   unix  -       n       n       -       -       pipe
  flags=FR user=list argv=/usr/lib/mailman/bin/postfix-to-mailman.py
  ${nexthop} ${user}

-- mechanisms on localhost --
250-AUTH DIGEST-MD5 CRAM-MD5 LOGIN PLAIN
250-AUTH=DIGEST-MD5 CRAM-MD5 LOGIN PLAIN


-- end of saslfinger output --



Warum gibt es probleme mit dem chroot, sollte das mittel 127.0.0.1 nicht automatisch (über das an
localhost lauschende) mysql gehen?

Logs sagen:
Apr 25 12:23:27 localhost postfix/smtpd[1627]: sql auxprop plugin using mysql engine
Apr 25 12:23:27 localhost postfix/smtpd[1627]: sql plugin Parse the username
test at testserver.server.mine
Apr 25 12:23:27 localhost postfix/smtpd[1627]: sql plugin try and connect to a host
Apr 25 12:23:27 localhost postfix/smtpd[1627]: sql plugin trying to open db 'mail' on host 'localhost'
Apr 25 12:23:27 localhost postfix/smtpd[1627]: sql plugin could not connect to host localhost
Apr 25 12:23:27 localhost postfix/smtpd[1627]: sql plugin couldn't connect to any host


mysql.log hat garnichts von auxprop.

Wo/was fehlt mir im chroot.. und warum?

Über Tipps bin ich dankbar.

Jan


-- 
"Das Ganze ist mehr als die Summe seiner Teile." 
(Aristoteles)

Mit freundlichen Grüßen
Jan Scholten
mailto:Jammer at gmx.de

Mehr Informationen über die Mailingliste Postfixbuch-users