[Postfixbuch-users] sasl problem
Patrick Ben Koetter
p at state-of-mind.de
Mo Feb 4 08:57:45 CET 2008
Schick bitte mal "saslfinger -s" anstatt "-c".
p at rick
* Carsten Henkel <postfixbuch-users at listi.jpberlin.de>:
> Hallo ich habe ein Problem mit suse 10.3 und sasl. Der Client fagt nach
> den Passwort und kommt dann nicht weiter.
> Anbei die Logs und Ausgaben der tools Postconf und Saslfinger.
>
> maillog:
> Feb 3 22:20:23 server postfix/smtpd[20023]: <
> p5492E808.dip.t-dialin.net[84.146.232.8]: AUTH CRAM-MD5
> Feb 3 22:20:23 server postfix/smtpd[20023]: xsasl_cyrus_server_first:
> sasl_method CRAM-MD5
> Feb 3 22:20:23 server postfix/smtpd[20023]:
> xsasl_cyrus_server_auth_response: uncoded server challenge:
> <3586957780.10891358 at server.wunschradio.de>
> Feb 3 22:20:23 server postfix/smtpd[20023]: >
> p5492E808.dip.t-dialin.net[84.146.232.8]: 334
> PDM1ODY5NTc3ODAuMTA4OTEzNThAc2VydmVyLnd1bnNjaHJhZGlvLmRlPg==
> Feb 3 22:20:24 server postfix/smtpd[20023]: <
> p5492E808.dip.t-dialin.net[84.146.232.8]:
> Y2FzaUBiaW9iaWVuY2hlbi5kZSAyM2FhNTA2YTc4MjRhNDFkOGI0YzczZDNjNjEyOTkwMQ==
> Feb 3 22:20:24 server postfix/smtpd[20023]: xsasl_cyrus_server_next:
> decoded response: casi at biobienchen.de 23aa506a7824a41d8b4c73d3c6129901
> Feb 3 22:20:24 server postfix/smtpd[20023]: warning: SASL
> authentication failure: incorrect digest response
> Feb 3 22:20:24 server postfix/smtpd[20023]: warning:
> p5492E808.dip.t-dialin.net[84.146.232.8]: SASL CRAM-MD5 authentication
> failed: authentication failure
> Feb 3 22:20:24 server postfix/smtpd[20023]: >
> p5492E808.dip.t-dialin.net[84.146.232.8]: 535 5.7.0 Error:
> authentication failed: authentication failure
>
>
> saslfinger -c:
> saslfinger - postfix Cyrus sasl configuration So 3. Feb 22:21:44 CET 2008
> version: 1.0.2
> mode: client-side SMTP AUTH
>
> -- basics --
> Postfix: 2.4.5
> System:
> Welcome to openSUSE 10.3 (i586) - Kernel \r (\l).
>
> -- smtp is linked to --
> libsasl2.so.2 => /usr/lib/libsasl2.so.2 (0xb7ee1000)
>
> -- active SMTP AUTH and TLS parameters for smtp --
> relayhost =
> smtp_sasl_auth_enable = no
> smtp_use_tls = no
>
>
> -- listing of /usr/lib/sasl2 --
> insgesamt 464
> drwxr-xr-x 2 root root 4096 3. Feb 21:48 .
> drwxr-xr-x 63 root root 24576 3. Feb 21:48 ..
> -rwxr-xr-x 1 root root 14088 22. Sep 02:03 libanonymous.so
> -rwxr-xr-x 1 root root 14088 22. Sep 02:03 libanonymous.so.2
> -rwxr-xr-x 1 root root 14088 22. Sep 02:03 libanonymous.so.2.0.22
> -rwxr-xr-x 1 root root 18180 22. Sep 02:03 libcrammd5.so
> -rwxr-xr-x 1 root root 18180 22. Sep 02:03 libcrammd5.so.2
> -rwxr-xr-x 1 root root 18180 22. Sep 02:03 libcrammd5.so.2.0.22
> -rwxr-xr-x 1 root root 47200 22. Sep 02:03 libdigestmd5.so
> -rwxr-xr-x 1 root root 47200 22. Sep 02:03 libdigestmd5.so.2
> -rwxr-xr-x 1 root root 47200 22. Sep 02:03 libdigestmd5.so.2.0.22
> -rwxr-xr-x 1 root root 14084 22. Sep 02:03 liblogin.so
> -rwxr-xr-x 1 root root 14084 22. Sep 02:03 liblogin.so.2
> -rwxr-xr-x 1 root root 14084 22. Sep 02:03 liblogin.so.2.0.22
> -rwxr-xr-x 1 root root 18180 22. Sep 02:03 libplain.so
> -rwxr-xr-x 1 root root 18180 22. Sep 02:03 libplain.so.2
> -rwxr-xr-x 1 root root 18180 22. Sep 02:03 libplain.so.2.0.22
> -rwxr-xr-x 1 root root 22228 22. Sep 02:03 libsasldb.so
> -rwxr-xr-x 1 root root 22228 22. Sep 02:03 libsasldb.so.2
> -rwxr-xr-x 1 root root 22228 22. Sep 02:03 libsasldb.so.2.0.22
> -rw-r--r-- 1 root root 129 3. Feb 21:36 smtpd.conf
>
> -- listing of /etc/sasl2 --
> insgesamt 20
> drwxr-xr-x 2 root root 4096 3. Feb 22:19 .
> drwxr-xr-x 69 root root 4096 3. Feb 22:02 ..
> -rw------- 1 root root 128 3. Feb 22:19 smtpd.conf
> -rw------- 1 root root 49 3. Feb 00:49 smtpd.conf.old
> -rw------- 1 root root 104 3. Feb 17:33 smtpd.conf.rpmsave
>
>
> Cannot find the smtp_sasl_password_maps parameter in main.cf.
> Client-side SMTP AUTH cannot work without this parameter!
>
> /etc/sals2/smtpd.conf:
> log_level: 7
> pwcheck_method: auxprop
> mech_list: PLAIN LOGIN CRAM-MD5 DIGEST-MD5
> auxprop_plugin: sasldb
> sasldb_path: /etc/sasldb2
>
> postconf -n:
> alias_database = hash:/etc/aliases
> alias_maps = hash:/etc/aliases
> biff = no
> broken_sasl_auth_clients = yes
> canonical_maps = hash:/etc/postfix/canonical
> command_directory = /usr/sbin
> config_directory = /etc/postfix
> content_filter = amavisd-new:[127.0.0.1]:10024
> daemon_directory = /usr/lib/postfix
> debug_peer_level = 7
> defer_transports =
> disable_dns_lookups = no
> disable_mime_output_conversion = no
> header_checks = regexp:/etc/postfix/header_checks
> html_directory = /usr/share/doc/packages/postfix/html
> inet_interfaces = localhost
> inet_protocols = all
> mail_owner = postfix
> mail_spool_directory = /var/mail
> mailbox_command =
> mailbox_size_limit = 0
> mailbox_transport =
> mailq_path = /usr/bin/mailq
> manpage_directory = /usr/share/man
> masquerade_classes = envelope_sender, header_sender, header_recipient
> masquerade_domains =
> masquerade_exceptions = root
> message_size_limit = 10240000
> mydestination = $myhostname, localhost.$mydomain
> mydomain = server.wunschradio.de
> myhostname = server.wunschradio.de
> mynetworks = 85.214.63.178, 127.0.0.0/8
> mynetworks_style = subnet
> newaliases_path = /usr/bin/newaliases
> queue_directory = /var/spool/postfix
> readme_directory = /usr/share/doc/packages/postfix/README_FILES
> relayhost =
> relocated_maps = hash:/etc/postfix/relocated
> sample_directory = /usr/share/doc/packages/postfix/samples
> sender_canonical_maps = hash:/etc/postfix/sender_canonical
> sendmail_path = /usr/sbin/sendmail
> setgid_group = maildrop
> smtp_sasl_auth_enable = no
> smtp_use_tls = no
> smtpd_banner = $myhostname ESMTP $mail_name
> smtpd_client_restrictions =
> smtpd_helo_required = no
> smtpd_helo_restrictions =
> smtpd_recipient_restrictions = reject_non_fqdn_recipient
> reject_non_fqdn_sender permit_sasl_authenticated permit_mynetworks
> reject_unauth_destination check_client_access
> hash:/etc/postfix/client_access reject_non_fqdn_hostname
> reject_invalid_hostname reject_rbl_client sbl-xbl.spamhaus.org,
> reject_rbl_client dul.dnsbl.sorbs.net, reject_rhsbl_client
> blackhole.securitysage.com, reject_rhsbl_sender
> blackhole.securitysage.com, reject_rhsbl_sender rhsbl.sorbs.n permit
> smtpd_sasl_auth_enable = yes
> smtpd_sasl_local_domain = $myhostname
> smtpd_sasl_security_options = noanonymous, noplaintext
> smtpd_sender_restrictions = hash:/etc/postfix/access
> smtpd_use_tls = no
> strict_8bitmime = no
> strict_rfc821_envelopes = no
> transport_maps = hash:/etc/postfix/transport
> unknown_local_recipient_reject_code = 550
> virtual_alias_domains = hash:/etc/postfix/virtual
> virtual_alias_maps = hash:/etc/postfix/virtual_users
>
> Kann mir bitte jemand auf die Sprünge helfen ?
>
> Gruß und Danke
> --
> _______________________________________________
> Postfixbuch-users -- http://www.postfixbuch.de
> Heinlein Professional Linux Support GmbH
>
> Postfixbuch-users at listi.jpberlin.de
> https://listi.jpberlin.de/mailman/listinfo/postfixbuch-users
--
Postfix - Einrichtung, Betrieb und Wartung
<http://www.postfix-buch.com>
saslfinger (debugging SMTP AUTH):
<http://postfix.state-of-mind.de/patrick.koetter/saslfinger/>
Mehr Informationen über die Mailingliste Postfixbuch-users