[Postfixbuch-users] Sasl Auth Problem Relay access denied
mail at sb-webdesign.de
mail at sb-webdesign.de
Mi Jun 20 14:02:52 CEST 2007
Hallo Patrick
Der Genwünachte auszug aus saslfinger -s
saslfinger - postfix Cyrus sasl configuration Wed Jun 20 13:43:28 CEST 2007
version: 1.0.2
mode: server-side SMTP AUTH
-- basics --
Postfix: 2.2.5
System:
Welcome to SUSE LINUX 10.0 (i586) - Kernel \r (\l).
-- smtpd is linked to --
libsasl2.so.2 => /usr/lib/libsasl2.so.2 (0x400ec000)
-- active SMTP AUTH and TLS parameters for smtpd --
broken_sasl_auth_clients = yes
smtpd_sasl_auth_enable = yes
smtpd_sasl_local_domain = box79146
smtpd_sasl_security_options = noanonymous
smtpd_tls_auth_only = no
smtpd_use_tls = no
-- listing of /usr/lib/sasl2 --
total 704
drwxr-xr-x 2 root root 4096 Jun 20 08:15 .
drwxr-xr-x 69 root root 20480 Jun 20 07:58 ..
-rwxr-xr-x 1 root root 13592 Sep 9 2005 libanonymous.so
-rwxr-xr-x 1 root root 13592 Sep 9 2005 libanonymous.so.2
-rwxr-xr-x 1 root root 13592 Sep 9 2005 libanonymous.so.2.0.21
-rwxr-xr-x 1 root root 15796 Sep 9 2005 libcrammd5.so
-rwxr-xr-x 1 root root 15796 Sep 9 2005 libcrammd5.so.2
-rwxr-xr-x 1 root root 15796 Sep 9 2005 libcrammd5.so.2.0.21
-rwxr-xr-x 1 root root 43416 Sep 9 2005 libdigestmd5.so
-rwxr-xr-x 1 root root 43416 Sep 9 2005 libdigestmd5.so.2
-rwxr-xr-x 1 root root 43416 Sep 9 2005 libdigestmd5.so.2.0.21
-rwxr-xr-x 1 root root 25336 Sep 9 2005 libgssapiv2.so
-rwxr-xr-x 1 root root 25336 Sep 9 2005 libgssapiv2.so.2
-rwxr-xr-x 1 root root 25336 Sep 9 2005 libgssapiv2.so.2.0.21
-rwxr-xr-x 1 root root 14420 Sep 9 2005 liblogin.so
-rwxr-xr-x 1 root root 14420 Sep 9 2005 liblogin.so.2
-rwxr-xr-x 1 root root 14420 Sep 9 2005 liblogin.so.2.0.21
-rwxr-xr-x 1 root root 45020 Sep 9 2005 libotp.so
-rwxr-xr-x 1 root root 45020 Sep 9 2005 libotp.so.2
-rwxr-xr-x 1 root root 45020 Sep 9 2005 libotp.so.2.0.21
-rwxr-xr-x 1 root root 14420 Sep 9 2005 libplain.so
-rwxr-xr-x 1 root root 14420 Sep 9 2005 libplain.so.2
-rwxr-xr-x 1 root root 14420 Sep 9 2005 libplain.so.2.0.21
-rwxr-xr-x 1 root root 18756 Sep 9 2005 libsasldb.so
-rwxr-xr-x 1 root root 18756 Sep 9 2005 libsasldb.so.2
-rwxr-xr-x 1 root root 18756 Sep 9 2005 libsasldb.so.2.0.21
-rwxr-xr-x 1 root root 21932 Sep 9 2005 libsql.so
-rwxr-xr-x 1 root root 21932 Sep 9 2005 libsql.so.2
-rwxr-xr-x 1 root root 21932 Sep 9 2005 libsql.so.2.0.21
-rw------- 1 root root 127 Jun 20 08:15 smtpd.conf
-rw------- 1 root root 58 Jun 20 08:15 smtpd.conf~
-- content of /usr/lib/sasl2/smtpd.conf --
#pwcheck_method:auxprob
# saslauthd
mech_list: plain
# login
# erunen nach sandy
pwcheck_method: auxprop
auxprop_plugin: sasldb
-- active services in /etc/postfix/master.cf --
# service type private unpriv chroot wakeup maxproc command + args
# (yes) (yes) (yes) (never) (100)
smtp inet n - n - - smtpd
pickup fifo n - n 60 1 pickup
cleanup unix n - n - 0 cleanup
qmgr fifo n - n 300 1 qmgr
rewrite unix - - n - - trivial-rewrite
bounce unix - - n - 0 bounce
defer unix - - n - 0 bounce
trace unix - - n - 0 bounce
verify unix - - n - 1 verify
flush unix n - n 1000? 0 flush
proxymap unix - - n - - proxymap
smtp unix - - n - - smtp
relay unix - - n - - smtp
-o fallback_relay=
showq unix n - n - - showq
error unix - - n - - error
discard unix - - n - - discard
local unix - n n - - local
virtual unix - n n - - virtual
lmtp unix - - n - - lmtp
anvil unix - - n - 1 anvil
scache unix - - n - 1 scache
maildrop unix - n n - - pipe
flags=DRhu user=vmail argv=/usr/local/bin/maildrop -d ${recipient}
cyrus unix - n n - - pipe
user=cyrus argv=/usr/lib/cyrus/bin/deliver -e -r ${sender} -m ${extension} ${user}
uucp unix - n n - - pipe
flags=Fqhu user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail ($recipient)
ifmail unix - n n - - pipe
flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient)
bsmtp unix - n n - - pipe
flags=Fq. user=foo argv=/usr/local/sbin/bsmtp -f $sender $nexthop $recipient
procmail unix - n n - - pipe
flags=R user=nobody argv=/usr/bin/procmail -t -m /etc/procmailrc ${sender} ${recipient}
-- mechanisms on localhost --
-- end of saslfinger output --
>* mail at sb-webdesign.de <mail at sb-webdesign.de>:
>> Hallo Liste ich habe versucht mein ostfix zu sasl auth zu bewergen nur
>bekomme ich immer die meldung relay acces
>>
>> 554 <schneider at skanwood.com>: Relay access denied
>> logauszug
>> :
>>
>>
>> Jun 20 08:38:35 box79146 postfix/smtpd[965]: connect from
>F956d.f.strato-dslnet.de[195.4.149.109]
>> Jun 20 08:38:37 box79146 postfix/smtpd[965]: NOQUEUE: reject: RCPT from
>F956d.f.strato-dslnet.de[195.4.149.109]: 554 <schneider at skanwood.com>: Relay
>access denied; from=<test at b-schneider.de> to=<schneider at skanwood.com>
>proto=ESMTP helo=<test>
>> Jun 20 08:38:39 box79146 postfix/smtpd[965]: disconnect from
>F956d.f.strato-dslnet.de[195.4.149.109]
>>
>> Kurioserweise geht das einloggen in die Mailboxen per Imap
>
>Wieso ist das kurios? IMAP und SMTP haben nichts miteinander zu tun. ;)
>
>
>> Mfg
>> Bernhard Schneider
>>
>> postconf -n :
>>
>> alias_maps = hash:/etc/aliases
>> broken_sasl_auth_clients = yes
>> canonical_maps = hash:/etc/postfix/canonical
>> command_directory = /usr/sbin
>> config_directory = /etc/postfix
>> daemon_directory = /usr/lib/postfix
>> debug_peer_level = 2
>> default_destination_concurrency_limit = 10
>> defer_transports =
>> disable_dns_lookups = no
>> header_checks = regexp:/etc/postfix/header_checks
>> html_directory = /usr/share/doc/packages/postfix/html
>> in_flow_delay = 2s
>> inet_interfaces = all
>> inet_protocols = all
>> local_destination_concurrency_limit = 2
>> mail_owner = postfix
>> mail_spool_directory = /var/mail
>> mailbox_command =
>> mailbox_size_limit = 151200000
>> mailbox_transport = cyrus
>> mailq_path = /usr/bin/mailq
>> manpage_directory = /usr/share/man
>> masquerade_classes = envelope_sender, header_sender, header_recipient
>> masquerade_exceptions = root
>> message_size_limit = 50240000
>> mydestination = $myhostname, localhost.$mydomain, boerny.org
>,test.boerny.org, rak.servgame.org
>
>Raus mit der Domain rak.servgame.org aus mydestination. Du solltest daraus
>eine virtual_alias_domain oder virtual_mailbox_domain machen. Entsprechende
>Beschwerden wirst Du im maillog finden...
>
>
>> mydomain = boerny.org
>> myhostname = box79146.elkhouse.de
>> mynetworks = 213.9.79.146, 127.0.0.0/8
>
>
>mynetworks = 213.9.79.146/32, 127.0.0.0/8
>
>> myorigin = $mydomain
>> newaliases_path = /usr/bin/newaliases
>> queue_directory = /var/spool/postfix
>> readme_directory = /usr/share/doc/packages/postfix/README_FILES
>> relayhost =
>> relocated_maps = hash:/etc/postfix/relocated
>> sample_directory = /usr/share/doc/packages/postfix/samples
>> sender_canonical_maps = hash:/etc/postfix/sender_canonical
>> sendmail_path = /usr/sbin/sendmail
>> setgid_group = maildrop
>> smtp_sasl_auth_enable = no
>> smtp_use_tls = no
>> smtpd_banner = $myhostname ESMTP $mail_name
>> smtpd_client_restrictions = hash:/etc/postfix/access
>> smtpd_helo_required = yes
>> smtpd_helo_restrictions =
>>
>> smtpd_recipient_restrictions = permit_mynetworks,
> reject_non_fqdn_recipient, reject_unknown_sender_domain,
> reject_unknown_recipient_domain,
> permit_sasl_authenticated,
>reject_unauth_destination,
>reject_unauth_pipelining, reject_invalid_hostname,
> reject_non_fqdn_hostname,
>> reject_rhsbl_sender dsn.rfc-gnorant.org,
>> reject_rbl_client cbl.abuseat.org,
>> reject_rbl_client list.dsbl.org, reject_rbl_client
>sbl-xbl.spamhaus.org, reject_rhsbl_client black
>hole.securitysage.com,
>> reject_rhsbl_sender blackhole.securitysage.com,
>> reject_rbl_client bl.spamcop.net,
>reject_rbl_client ix.dnsbl.manitu.net, reject_rbl_client
>relays.mail-abuse.org, reject_rbl_client
>whois.rfc-ignorant.org reject_rbl_client dun.dsnrbl.net,
> reject_rbl_client dynablock.njabel.org,
> reject_rbl_client rbl.tu-berlin.de,
>> permit
>>
>
>> smtpd_sasl_auth_enable = yes
>> smtpd_sasl_local_domain = boerny.org
>> smtpd_sasl_security_options = noanonymous
>
>Das sieht ganz sauber aus. Wie sieht denn Deine smtpd.conf aus?
>Lad Dir mal saslfinger (siehe meine Signatur) und poste mal "saslfinger -s".
>
>p at rick
>
>
>
>
>> smtpd_sender_restrictions = hash:/etc/postfix/access
>>
>> smtpd_tls_auth_only = no
>> smtpd_use_tls = no
>> soft_bounce = no
>> strict_rfc821_envelopes = no
>> transport_maps = hash:/etc/postfix/transport
>> unknown_local_recipient_reject_code = 550
>>
>> master cf:
>>
>> #
>> # Postfix master process configuration file. For details on the format
>> # of the file, see the Postfix master(5) manual page.
>> #
>> #
>==========================================================================
>> # service type private unpriv chroot wakeup maxproc command + args
>> # (yes) (yes) (yes) (never) (100)
>> #
>==========================================================================
>> smtp inet n - n - - smtpd
>> #submission inet n - n - - smtpd
>> # -o smtpd_etrn_restrictions=reject
>> # -o smtpd_client_restrictions=permit_sasl_authenticated,reject
>> #smtps inet n - n - - smtpd -o
>smtpd_tls_wrappermode=yes
>> # -o smtpd_tls_wrappermode=yes -o smtpd_sasl_auth_enable=yes
>> #submission inet n - n - - smtpd
>> # -o smtpd_etrn_restrictions=reject
>> # -o smtpd_enforce_tls=yes -o smtpd_sasl_auth_enable=yes
>> #628 inet n - n - - qmqpd
>> pickup fifo n - n 60 1 pickup
>> cleanup unix n - n - 0 cleanup
>> qmgr fifo n - n 300 1 qmgr
>> #qmgr fifo n - n 300 1 oqmgr
>> #tlsmgr unix - - n 1000? 1 tlsmgr
>> rewrite unix - - n - - trivial-rewrite
>> bounce unix - - n - 0 bounce
>> defer unix - - n - 0 bounce
>> trace unix - - n - 0 bounce
>> verify unix - - n - 1 verify
>> flush unix n - n 1000? 0 flush
>> proxymap unix - - n - - proxymap
>> smtp unix - - n - - smtp
>> # When relaying mail as backup MX, disable fallback_relay to avoid MX loops
>> relay unix - - n - - smtp
>> -o fallback_relay=
>> # -o smtp_helo_timeout=5 -o smtp_connect_timeout=5
>> showq unix n - n - - showq
>> error unix - - n - - error
>> discard unix - - n - - discard
>> local unix - n n - - local
>> virtual unix - n n - - virtual
>> lmtp unix - - n - - lmtp
>> anvil unix - - n - 1 anvil
>> #localhost:10025 inet n - n - - smtpd -o
>content_filter=
>> scache unix - - n - 1 scache
>> #
>> # ====================================================================
>> # Interfaces to non-Postfix software. Be sure to examine the manual
>> # pages of the non-Postfix software to find out what options it wants.
>> #
>> # Many of the following services use the Postfix pipe(8) delivery
>> # agent. See the pipe(8) man page for information about ${recipient}
>> # and other message envelope options.
>> # ====================================================================
>> #
>> # maildrop. See the Postfix MAILDROP_README file for details.
>> # Also specify in main.cf: maildrop_destination_recipient_limit=1
>> #
>> maildrop unix - n n - - pipe
>> flags=DRhu user=vmail argv=/usr/local/bin/maildrop -d ${recipient}
>> cyrus unix - n n - - pipe
>> user=cyrus argv=/usr/lib/cyrus/bin/deliver -e -r ${sender} -m ${extension}
>${user}
>> uucp unix - n n - - pipe
>> flags=Fqhu user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail
>($recipient)
>> ifmail unix - n n - - pipe
>> flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient)
>> bsmtp unix - n n - - pipe
>> flags=Fq. user=foo argv=/usr/local/sbin/bsmtp -f $sender $nexthop
>$recipient
>> procmail unix - n n - - pipe
>> flags=R user=nobody argv=/usr/bin/procmail -t -m /etc/procmailrc ${sender}
>${recipient}
>> --
>> _______________________________________________
>> Postfixbuch-users -- http://www.postfixbuch.de
>> Heinlein Professional Linux Support GmbH
>>
>> Postfixbuch-users at listi.jpberlin.de
>> https://listi.jpberlin.de/mailman/listinfo/postfixbuch-users
>
>--
>Postfix - Einrichtung, Betrieb und Wartung
><http://www.postfix-buch.com>
>saslfinger (debugging SMTP AUTH):
><http://postfix.state-of-mind.de/patrick.koetter/saslfinger/>
>--
>_______________________________________________
>Postfixbuch-users -- http://www.postfixbuch.de
>Heinlein Professional Linux Support GmbH
>
>Postfixbuch-users at listi.jpberlin.de
>https://listi.jpberlin.de/mailman/listinfo/postfixbuch-users
Mehr Informationen über die Mailingliste Postfixbuch-users