[Postfixbuch-users] postfix mit sasl/auxprop: SASL authentication failure: Password verification failed

MK at-entertainment at gmx.net
Sa Dez 8 21:41:54 CET 2007


Hallo Leute!
Ich habe einen root server, über den sollen mehrere Domains verwaltet 
werden. Nun bin ich bin ein Anfänger, was Mailserver angeht, jedoch habe 
ich mir das Postfix Buch von Ralf Hildebrandt und Patrick Ben Koetter 
gekauft und mehrmals durchgelesen und parallel dazu den Server aufgesetzt.
Nun dachte ich mir, dass aus Sicherheitsgründen und 
verwaltungstechnischer Bequemlichkeit die Postfächer virtuell sein 
sollten.  Bevor ich allerdings die Schnittstelle zum cyrus imapd 
herstellen will, möchte ich erst mal das smtp auth hinbekommen.  Die 
Benutzerdaten sind in einer Datenbank hinterlegt, der postfix user kann 
auch auf die db und die Einträge zugreifen.  Wenn ich mich verbinde, 
sagt der mir allerdings immer, dass das Zugangspasswort falsch ist.  Ich 
poste mal den Print von saslfinger, und die Fehlermeldung, vielleicht 
kann mir ja jemand tipps geben!

saslfinger - postfix Cyrus sasl configuration Sa 8. Dez 20:58:32 CET 2007
version: 1.0.5
mode: server-side SMTP AUTH

-- basics --
Postfix: 2.4.5
System: Ubuntu 7.10 \n \l

-- smtpd is linked to --
        libsasl2.so.2 => /usr/lib/libsasl2.so.2 (0xb7d1e000)

-- active SMTP AUTH and TLS parameters for smtpd --
broken_sasl_auth_clients = yes
smtpd_sasl_auth_enable = yes
smtpd_sasl_local_domain = $myhostname
smtpd_sasl_security_options = noanonymous


-- listing of /usr/lib/sasl2 --
total 792
drwxr-xr-x  2 root root  4096 2007-12-04 21:51 .
drwxr-xr-x 50 root root 12288 2007-12-08 20:56 ..
-rw-r--r--  1 root root 13640 2007-10-02 15:58 libanonymous.a
-rw-r--r--  1 root root   862 2007-10-02 15:58 libanonymous.la
-rw-r--r--  1 root root 13208 2007-10-02 15:58 libanonymous.so
-rw-r--r--  1 root root 13208 2007-10-02 15:58 libanonymous.so.2
-rw-r--r--  1 root root 13208 2007-10-02 15:58 libanonymous.so.2.0.22
-rw-r--r--  1 root root 15974 2007-10-02 15:58 libcrammd5.a
-rw-r--r--  1 root root   848 2007-10-02 15:58 libcrammd5.la
-rw-r--r--  1 root root 15672 2007-10-02 15:58 libcrammd5.so
-rw-r--r--  1 root root 15672 2007-10-02 15:58 libcrammd5.so.2
-rw-r--r--  1 root root 15672 2007-10-02 15:58 libcrammd5.so.2.0.22
-rw-r--r--  1 root root 47348 2007-10-02 15:58 libdigestmd5.a
-rw-r--r--  1 root root   871 2007-10-02 15:58 libdigestmd5.la
-rw-r--r--  1 root root 43916 2007-10-02 15:58 libdigestmd5.so
-rw-r--r--  1 root root 43916 2007-10-02 15:58 libdigestmd5.so.2
-rw-r--r--  1 root root 43916 2007-10-02 15:58 libdigestmd5.so.2.0.22
-rw-r--r--  1 root root 13650 2007-10-02 15:58 liblogin.a
-rw-r--r--  1 root root   842 2007-10-02 15:58 liblogin.la
-rw-r--r--  1 root root 14036 2007-10-02 15:58 liblogin.so
-rw-r--r--  1 root root 14036 2007-10-02 15:58 liblogin.so.2
-rw-r--r--  1 root root 14036 2007-10-02 15:58 liblogin.so.2.0.22
-rw-r--r--  1 root root 30516 2007-10-02 15:58 libntlm.a
-rw-r--r--  1 root root   836 2007-10-02 15:58 libntlm.la
-rw-r--r--  1 root root 29876 2007-10-02 15:58 libntlm.so
-rw-r--r--  1 root root 29876 2007-10-02 15:58 libntlm.so.2
-rw-r--r--  1 root root 29876 2007-10-02 15:58 libntlm.so.2.0.22
-rw-r--r--  1 root root 13938 2007-10-02 15:58 libplain.a
-rw-r--r--  1 root root   842 2007-10-02 15:58 libplain.la
-rw-r--r--  1 root root 14036 2007-10-02 15:58 libplain.so
-rw-r--r--  1 root root 14036 2007-10-02 15:58 libplain.so.2
-rw-r--r--  1 root root 14036 2007-10-02 15:58 libplain.so.2.0.22
-rw-r--r--  1 root root 22150 2007-10-02 15:58 libsasldb.a
-rw-r--r--  1 root root   863 2007-10-02 15:58 libsasldb.la
-rw-r--r--  1 root root 18356 2007-10-02 15:58 libsasldb.so
-rw-r--r--  1 root root 18356 2007-10-02 15:58 libsasldb.so.2
-rw-r--r--  1 root root 18356 2007-10-02 15:58 libsasldb.so.2.0.22
-rw-r--r--  1 root root 23812 2007-10-02 15:58 libsql.a
-rw-r--r--  1 root root   971 2007-10-02 15:58 libsql.la
-rw-r--r--  1 root root 23352 2007-10-02 15:58 libsql.so
-rw-r--r--  1 root root 23352 2007-10-02 15:58 libsql.so.2
-rw-r--r--  1 root root 23352 2007-10-02 15:58 libsql.so.2.0.22

-- listing of /etc/postfix/sasl --
total 12
drwxr-xr-x 2 root root 4096 2007-12-08 20:52 .
drwxr-xr-x 4 root root 4096 2007-12-08 20:55 ..
-rw-r--r-- 1 root root  390 2007-12-08 20:25 smtpd.conf




-- content of /etc/postfix/sasl/smtpd.conf --
log_level: 7
pwcheck_method: auxprop
#neu:
auxprop_plugin: sql
allowplaintext: yes
allowanonymouslogin: no
mech_list: PLAIN LOGIN
# LOGIN CRAM-MD5 DIGEST-MD5
sql_engine: mysql
sql_hostnames: localhost
sql_database: mail
sql_user: --- replaced ---
sql_passwd: --- replaced ---
sql_select: SELECT userpassword FROM virtual_users WHERE username = '%u'
#AND auth = '1' AND active = '1'
sql_usessl: no

-- content of /etc/postfix/sasl/smtpd.conf --
log_level: 7
pwcheck_method: auxprop
#neu:
auxprop_plugin: sql
allowplaintext: yes
allowanonymouslogin: no
mech_list: PLAIN LOGIN
# LOGIN CRAM-MD5 DIGEST-MD5
sql_engine: mysql
sql_hostnames: localhost
sql_database: mail
sql_user: --- replaced ---
sql_passwd: --- replaced ---
sql_select: SELECT userpassword FROM virtual_users WHERE username = '%u'
#AND auth = '1' AND active = '1'
sql_usessl: no


-- active services in /etc/postfix/master.cf --
# service type  private unpriv  chroot  wakeup  maxproc command + args
#               (yes)   (yes)   (yes)   (never) (100)
smtp      inet  n       -       -       -       -       smtpd -v
pickup    fifo  n       -       -       60      1       pickup -v
cleanup   unix  n       -       -       -       0       cleanup -v
qmgr      fifo  n       -       n       300     1       qmgr -v
tlsmgr    unix  -       -       -       1000?   1       tlsmgr -v
rewrite   unix  -       -       -       -       -       trivial-rewrite -v
bounce    unix  -       -       -       -       0       bounce -v
defer     unix  -       -       -       -       0       bounce -v
trace     unix  -       -       -       -       0       bounce -v
verify    unix  -       -       -       -       1       verify -v
flush     unix  n       -       -       1000?   0       flush -v
proxymap  unix  -       -       n       -       -       proxymap -v
smtp      unix  -       -       -       -       -       smtp -v
relay     unix  -       -       -       -       -       smtp -v
        -o smtp_fallback_relay=
showq     unix  n       -       -       -       -       showq -v
error     unix  -       -       -       -       -       error -v
retry     unix  -       -       -       -       -       error -v
discard   unix  -       -       -       -       -       discard -v
local     unix  -       n       n       -       -       local -v
virtual   unix  -       n       n       -       -       virtual -v
lmtp      unix  -       -       -       -       -       lmtp -v
anvil     unix  -       -       -       -       1       anvil -v
scache    unix  -       -       -       -       1       scache -v
maildrop  unix  -       n       n       -       -       pipe
  flags=DRhu user=vmail argv=/usr/bin/maildrop -d ${recipient}
uucp      unix  -       n       n       -       -       pipe
  flags=Fqhu user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail 
($recipient)
ifmail    unix  -       n       n       -       -       pipe
  flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient)
bsmtp     unix  -       n       n       -       -       pipe
  flags=Fq. user=bsmtp argv=/usr/lib/bsmtp/bsmtp -t$nexthop -f$sender 
$recipient
scalemail-backend unix  -       n       n       -       2       pipe
  flags=R user=scalemail argv=/usr/lib/scalemail/bin/scalemail-store 
${nexthop} ${user} ${extension}
mailman   unix  -       n       n       -       -       pipe
  flags=FR user=list argv=/usr/lib/mailman/bin/postfix-to-mailman.py
  ${nexthop} ${user}

-- mechanisms on localhost --
250-AUTH PLAIN LOGIN
250-AUTH=PLAIN LOGIN


-- end of saslfinger output --

softice at noise:~$ saslfinger -s >out.put
softice at noise:~$ vim out.put
verify    unix  -       -       -       -       1       verify -v
flush     unix  n       -       -       1000?   0       flush -v
proxymap  unix  -       -       n       -       -       proxymap -v
smtp      unix  -       -       -       -       -       smtp -v
relay     unix  -       -       -       -       -       smtp -v
        -o smtp_fallback_relay=
showq     unix  n       -       -       -       -       showq -v
error     unix  -       -       -       -       -       error -v
retry     unix  -       -       -       -       -       error -v
discard   unix  -       -       -       -       -       discard -v
local     unix  -       n       n       -       -       local -v
virtual   unix  -       n       n       -       -       virtual -v
lmtp      unix  -       -       -       -       -       lmtp -v
anvil     unix  -       -       -       -       1       anvil -v
scache    unix  -       -       -       -       1       scache -v
maildrop  unix  -       n       n       -       -       pipe
  flags=DRhu user=vmail argv=/usr/bin/maildrop -d ${recipient}
uucp      unix  -       n       n       -       -       pipe
  flags=Fqhu user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail 
($recipient)
ifmail    unix  -       n       n       -       -       pipe
  flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient)
bsmtp     unix  -       n       n       -       -       pipe
  flags=Fq. user=bsmtp argv=/usr/lib/bsmtp/bsmtp -t$nexthop -f$sender 
$recipient
scalemail-backend unix  -       n       n       -       2       pipe
  flags=R user=scalemail argv=/usr/lib/scalemail/bin/scalemail-store 
${nexthop} ${user} ${extension}
mailman   unix  -       n       n       -       -       pipe
  flags=FR user=list argv=/usr/lib/mailman/bin/postfix-to-mailman.py
  ${nexthop} ${user}

-- mechanisms on localhost --
250-AUTH PLAIN LOGIN^M
250-AUTH=PLAIN LOGIN^M


-- end of saslfinger output --









Auszug aus der main.cf:


# Debian specific:  Specifying a file name will cause the first
# line of that file to be used as the name.  The Debian default
# is /etc/mailname.
#myorigin = /etc/mailname

smtpd_banner = $myhostname ESMTP $mail_name
biff = no

# appending .domain is the MUA's job.
append_dot_mydomain = no

# Uncomment the next line to generate "delayed mail" warnings
#delay_warning_time = 4h

# TLS parameters kommt noch!
#smtpd_tls_cert_file=/etc/ssl/certs/ssl-cert-snakeoil.pem
#smtpd_tls_key_file=/etc/ssl/private/ssl-cert-snakeoil.key
#smtpd_use_tls=yes
#smtpd_tls_session_cache_database = btree:${queue_directory}/smtpd_scache
#smtp_tls_session_cache_database = btree:${queue_directory}/smtp_scache

# SASL parameters
#smtpd_sasl_path             = smtpd
smtpd_sasl_application_name = smtpd
smtpd_sasl_auth_enable      = yes
smtpd_sasl_security_options = noanonymous
broken_sasl_auth_clients    = yes

# Realm (domain) festlegen, unter dem ein Benutzer ohne angegebenen 
Realm behandelt werden soll, map erstellen,z bsp mit sql, oder foo- 
domain angeben?
smtpd_sasl_local_domain = $myhostname

#Einschraenkungen
smtpd_helo_required = yes

# See /usr/share/doc/postfix/TLS_README.gz in the postfix-doc package for
# information on enabling SSL in the smtp client.
mydomain            = localhost
myhostname          = noise.domain1
myorigin            = $mydomain
mydestination       = noise.localhost
                      localhost
relayhost           =
mynetworks          = 127.0.0.0/8
mailbox_size_limit  = 0
recipient_delimiter = +
inet_interfaces     = all
address_verify_sender         = postmaster at domain1
address_verify_negative_cache = no
#RESTRICTIONS
smtpd_recipient_restrictions  =
   .
   permit_mynetworks,
   permit_sasl_authenticated,
   .
   permit

smtpd_data_restrictions =
    reject_multi_recipient_bounce

virtual_mailbox_base    = /var/spool/virtual_mailboxes
virtual_mailbox_maps    = 
mysql:/etc/postfix/sql/virtual_mailbox_recipients.cf
virtual_mailbox_domains = domain1
                          domain2
                          domain3
                          domain4
                          domain5
                          domain6
                          domain7
virtual_uid_maps        = hash:/etc/postfix/virtual_mailbox_uid_map
virtual_gid_maps        = $virtual_uid_maps
virtual_transport       = virtual


Was im mail.log drinne steht ist leider nur folgendes, ich hab keine 
Ahnung, wie ich an mehr Infos kommen kann:


Dec  8 21:09:00 noise postfix/smtpd[4335]: < unknown[10.10.10.13]: EHLO 
[127.0.0.1]
Dec  8 21:09:00 noise postfix/smtpd[4335]: > unknown[10.10.10.13]: 
250-!SERVERNAME!
Dec  8 21:09:00 noise postfix/smtpd[4335]: > unknown[10.10.10.13]: 
250-PIPELINING
Dec  8 21:09:00 noise postfix/smtpd[4335]: > unknown[10.10.10.13]: 
250-SIZE 10240000
Dec  8 21:09:00 noise postfix/smtpd[4335]: > unknown[10.10.10.13]: 250-VRFY
Dec  8 21:09:00 noise postfix/smtpd[4335]: > unknown[10.10.10.13]: 250-ETRN
Dec  8 21:09:00 noise postfix/smtpd[4335]: > unknown[10.10.10.13]: 
250-AUTH PLAIN LOGIN
Dec  8 21:09:00 noise postfix/smtpd[4335]: match_list_match: unknown: no 
match
Dec  8 21:09:00 noise postfix/smtpd[4335]: match_list_match: 
10.10.10.13: no match
Dec  8 21:09:00 noise postfix/smtpd[4335]: > unknown[10.10.10.13]: 
250-AUTH=PLAIN LOGIN
Dec  8 21:09:00 noise postfix/smtpd[4335]: > unknown[10.10.10.13]: 
250-ENHANCEDSTATUSCODES
Dec  8 21:09:00 noise postfix/smtpd[4335]: > unknown[10.10.10.13]: 
250-8BITMIME
Dec  8 21:09:00 noise postfix/smtpd[4335]: > unknown[10.10.10.13]: 250 DSN
Dec  8 21:09:04 noise postfix/smtpd[4335]: < unknown[10.10.10.13]: AUTH 
PLAIN !CRYPTED!
Dec  8 21:09:04 noise postfix/smtpd[4335]: xsasl_cyrus_server_first: 
sasl_method PLAIN, init_response !CRYPTED!
Dec  8 21:09:04 noise postfix/smtpd[4335]: xsasl_cyrus_server_first: 
decoded initial response
Dec  8 21:09:04 noise postfix/smtpd[4335]: warning: SASL authentication 
failure: Password verification failed
Dec  8 21:09:04 noise postfix/smtpd[4335]: warning: 
unknown[10.10.10.13]: SASL PLAIN authentication failed: authentication 
failure
Dec  8 21:09:04 noise postfix/smtpd[4335]: > unknown[10.10.10.13]: 535 
5.7.0 Error: authentication failed: authentication failure
Dec  8 21:09:04 noise postfix/smtpd[4335]: < unknown[10.10.10.13]: AUTH 
LOGIN
Dec  8 21:09:04 noise postfix/smtpd[4335]: xsasl_cyrus_server_first: 
sasl_method LOGIN
Dec  8 21:09:04 noise postfix/smtpd[4335]: 
xsasl_cyrus_server_auth_response: uncoded server challenge: Username:
Dec  8 21:09:04 noise postfix/smtpd[4335]: > unknown[10.10.10.13]: 334 
!CRYPTED!
Dec  8 21:09:04 noise postfix/smtpd[4335]: < unknown[10.10.10.13]:!CRYPTED!
Dec  8 21:09:04 noise postfix/smtpd[4335]: xsasl_cyrus_server_next: 
decoded response: !USERNAME!
Dec  8 21:09:04 noise postfix/smtpd[4335]: 
xsasl_cyrus_server_auth_response: uncoded server challenge: Password:
Dec  8 21:09:04 noise postfix/smtpd[4335]: > unknown[10.10.10.13]: 334 
!CRYPTED!
Dec  8 21:09:04 noise postfix/smtpd[4335]: < unknown[10.10.10.13]: !CRYPTED!
Dec  8 21:09:04 noise postfix/smtpd[4335]: xsasl_cyrus_server_next: 
decoded response: !PASSWORT!
Dec  8 21:09:04 noise postfix/smtpd[4335]: warning: 
unknown[10.10.10.13]: SASL LOGIN authentication failed: authentication 
failure
Dec  8 21:09:04 noise postfix/smtpd[4335]: > unknown[10.10.10.13]: 535 
5.7.0 Error: authentication failed: authentication failure


Die Zugangsdaten, die in der Datenbank stehen, sind auf jeden fall 
identisch mit den Zugangsdaten die im Log im Klartext angezeigt werden, 
im Mailclient sind sie definitiv auch übereinstimment mit den aus der 
Datenbank..
Ich hoffe, damit kann jemand was anfangen, ich freu mich auf Eure Hilfe!

Vielen Dank,

Markus K.
-------------- nächster Teil --------------
Ein Dateianhang mit HTML-Daten wurde abgetrennt...
URL: <https://listi.jpberlin.de/pipermail/postfixbuch-users/attachments/20071208/c68deb86/attachment.html>


Mehr Informationen über die Mailingliste Postfixbuch-users