[Postfixbuch-users] sasl problem
Carsten Henkel
casi-franzi at gmx.net
Mo Feb 4 09:22:42 CET 2008
saslfinger -s
saslfinger - postfix Cyrus sasl configuration Mo 4. Feb 09:17:38 CET 2008
version: 1.0.2
mode: server-side SMTP AUTH
-- basics --
Postfix: 2.4.5
System:
Welcome to openSUSE 10.3 (i586) - Kernel \r (\l).
-- smtpd is linked to --
libsasl2.so.2 => /usr/lib/libsasl2.so.2 (0xb7eb9000)
-- active SMTP AUTH and TLS parameters for smtpd --
broken_sasl_auth_clients = yes
smtpd_sasl_auth_enable = yes
smtpd_sasl_local_domain = $myhostname
smtpd_sasl_security_options = noanonymous, noplaintext
smtpd_use_tls = no
-- listing of /usr/lib/sasl2 --
insgesamt 464
drwxr-xr-x 2 root root 4096 3. Feb 21:48 .
drwxr-xr-x 63 root root 24576 3. Feb 21:48 ..
-rwxr-xr-x 1 root root 14088 22. Sep 02:03 libanonymous.so
-rwxr-xr-x 1 root root 14088 22. Sep 02:03 libanonymous.so.2
-rwxr-xr-x 1 root root 14088 22. Sep 02:03 libanonymous.so.2.0.22
-rwxr-xr-x 1 root root 18180 22. Sep 02:03 libcrammd5.so
-rwxr-xr-x 1 root root 18180 22. Sep 02:03 libcrammd5.so.2
-rwxr-xr-x 1 root root 18180 22. Sep 02:03 libcrammd5.so.2.0.22
-rwxr-xr-x 1 root root 47200 22. Sep 02:03 libdigestmd5.so
-rwxr-xr-x 1 root root 47200 22. Sep 02:03 libdigestmd5.so.2
-rwxr-xr-x 1 root root 47200 22. Sep 02:03 libdigestmd5.so.2.0.22
-rwxr-xr-x 1 root root 14084 22. Sep 02:03 liblogin.so
-rwxr-xr-x 1 root root 14084 22. Sep 02:03 liblogin.so.2
-rwxr-xr-x 1 root root 14084 22. Sep 02:03 liblogin.so.2.0.22
-rwxr-xr-x 1 root root 18180 22. Sep 02:03 libplain.so
-rwxr-xr-x 1 root root 18180 22. Sep 02:03 libplain.so.2
-rwxr-xr-x 1 root root 18180 22. Sep 02:03 libplain.so.2.0.22
-rwxr-xr-x 1 root root 22228 22. Sep 02:03 libsasldb.so
-rwxr-xr-x 1 root root 22228 22. Sep 02:03 libsasldb.so.2
-rwxr-xr-x 1 root root 22228 22. Sep 02:03 libsasldb.so.2.0.22
-rw-r--r-- 1 root root 129 3. Feb 21:36 smtpd.conf
-- listing of /etc/sasl2 --
insgesamt 20
drwxr-xr-x 2 root root 4096 3. Feb 22:19 .
drwxr-xr-x 69 root root 4096 3. Feb 22:02 ..
-rw------- 1 root root 128 3. Feb 22:19 smtpd.conf
-rw------- 1 root root 49 3. Feb 00:49 smtpd.conf.old
-rw------- 1 root root 104 3. Feb 17:33 smtpd.conf.rpmsave
-- content of /usr/lib/sasl2/smtpd.conf --
log_level: 7
pwcheck_method: auxprop
mech_list: PLAIN LOGIN CRAM-MD5 DIGEST-MD5
auxprop_plugin: sasldb
#sasldb_path: /etc/sasldb2
-- content of /etc/sasl2/smtpd.conf --
log_level: 7
pwcheck_method: auxprop
mech_list: PLAIN LOGIN CRAM-MD5 DIGEST-MD5
auxprop_plugin: sasldb
sasldb_path: /etc/sasldb2
-- active services in /etc/postfix/master.cf --
# service type private unpriv chroot wakeup maxproc command + args
# (yes) (yes) (yes) (never) (100)
smtp inet n - n - - smtpd -v
pickup fifo n - n 60 1 pickup
cleanup unix n - n - 0 cleanup
qmgr fifo n - n 300 1 qmgr
rewrite unix - - n - - trivial-rewrite
bounce unix - - n - 0 bounce
defer unix - - n - 0 bounce
trace unix - - n - 0 bounce
verify unix - - n - 1 verify
flush unix n - n 1000? 0 flush
proxymap unix - - n - - proxymap
smtp unix - - n - - smtp
amavisd-new unix - - n - 2 smtp
-o smtp_data_done_timeout=1200s
-o disable_dns_lookups=yes
127.0.0.1:10025 inet n - n - - smtpd
-o content_filter=
-o local_recipient_maps=
-o relay_recipient_maps=
-o smtpd_restriction_classes=
-o smtpd_client_restrictions=
-o smtpd_helo_restrictions=
-o smtpd_sender_restrictions=
-o smtpd_recipient_restrictions=permit_mynetworks,reject
-o mynetworks=127.0.0.0/8
relay unix - - n - - smtp
-o fallback_relay=
showq unix n - n - - showq
error unix - - n - - error
discard unix - - n - - discard
local unix - n n - - local
virtual unix - n n - - virtual
lmtp unix - - n - - lmtp
anvil unix - - n - 1 anvil
scache unix - - n - 1 scache
maildrop unix - n n - - pipe
flags=DRhu user=vmail argv=/usr/local/bin/maildrop -d ${recipient}
cyrus unix - n n - - pipe
user=cyrus argv=/usr/lib/cyrus/bin/deliver -e -r ${sender} -m
${extension} ${user}
uucp unix - n n - - pipe
flags=Fqhu user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail
($recipient)
ifmail unix - n n - - pipe
flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient)
bsmtp unix - n n - - pipe
flags=Fq. user=foo argv=/usr/local/sbin/bsmtp -f $sender $nexthop
$recipient
procmail unix - n n - - pipe
flags=R user=nobody argv=/usr/bin/procmail -t -m /etc/procmailrc
${sender} ${recipient}
retry unix - - n - - error
-- mechanisms on localhost --
250-AUTH DIGEST-MD5 CRAM-MD5
250-AUTH=DIGEST-MD5 CRAM-MD5
-- end of saslfinger output --
Mich wundert, das hier nur IGEST-MD5 CRAM-MD5 auftauchen, Plain ist auch
installiert.
Gruß
Patrick Ben Koetter schrieb:
> Schick bitte mal "saslfinger -s" anstatt "-c".
>
> p at rick
>
>
>
> * Carsten Henkel <postfixbuch-users at listi.jpberlin.de>:
>
>> Hallo ich habe ein Problem mit suse 10.3 und sasl. Der Client fagt nach
>> den Passwort und kommt dann nicht weiter.
>> Anbei die Logs und Ausgaben der tools Postconf und Saslfinger.
>>
>> maillog:
>> Feb 3 22:20:23 server postfix/smtpd[20023]: <
>> p5492E808.dip.t-dialin.net[84.146.232.8]: AUTH CRAM-MD5
>> Feb 3 22:20:23 server postfix/smtpd[20023]: xsasl_cyrus_server_first:
>> sasl_method CRAM-MD5
>> Feb 3 22:20:23 server postfix/smtpd[20023]:
>> xsasl_cyrus_server_auth_response: uncoded server challenge:
>> <3586957780.10891358 at server.wunschradio.de>
>> Feb 3 22:20:23 server postfix/smtpd[20023]: >
>> p5492E808.dip.t-dialin.net[84.146.232.8]: 334
>> PDM1ODY5NTc3ODAuMTA4OTEzNThAc2VydmVyLnd1bnNjaHJhZGlvLmRlPg==
>> Feb 3 22:20:24 server postfix/smtpd[20023]: <
>> p5492E808.dip.t-dialin.net[84.146.232.8]:
>> Y2FzaUBiaW9iaWVuY2hlbi5kZSAyM2FhNTA2YTc4MjRhNDFkOGI0YzczZDNjNjEyOTkwMQ==
>> Feb 3 22:20:24 server postfix/smtpd[20023]: xsasl_cyrus_server_next:
>> decoded response: casi at biobienchen.de 23aa506a7824a41d8b4c73d3c6129901
>> Feb 3 22:20:24 server postfix/smtpd[20023]: warning: SASL
>> authentication failure: incorrect digest response
>> Feb 3 22:20:24 server postfix/smtpd[20023]: warning:
>> p5492E808.dip.t-dialin.net[84.146.232.8]: SASL CRAM-MD5 authentication
>> failed: authentication failure
>> Feb 3 22:20:24 server postfix/smtpd[20023]: >
>> p5492E808.dip.t-dialin.net[84.146.232.8]: 535 5.7.0 Error:
>> authentication failed: authentication failure
>>
>>
>> saslfinger -c:
>> saslfinger - postfix Cyrus sasl configuration So 3. Feb 22:21:44 CET 2008
>> version: 1.0.2
>> mode: client-side SMTP AUTH
>>
>> -- basics --
>> Postfix: 2.4.5
>> System:
>> Welcome to openSUSE 10.3 (i586) - Kernel \r (\l).
>>
>> -- smtp is linked to --
>> libsasl2.so.2 => /usr/lib/libsasl2.so.2 (0xb7ee1000)
>>
>> -- active SMTP AUTH and TLS parameters for smtp --
>> relayhost =
>> smtp_sasl_auth_enable = no
>> smtp_use_tls = no
>>
>>
>> -- listing of /usr/lib/sasl2 --
>> insgesamt 464
>> drwxr-xr-x 2 root root 4096 3. Feb 21:48 .
>> drwxr-xr-x 63 root root 24576 3. Feb 21:48 ..
>> -rwxr-xr-x 1 root root 14088 22. Sep 02:03 libanonymous.so
>> -rwxr-xr-x 1 root root 14088 22. Sep 02:03 libanonymous.so.2
>> -rwxr-xr-x 1 root root 14088 22. Sep 02:03 libanonymous.so.2.0.22
>> -rwxr-xr-x 1 root root 18180 22. Sep 02:03 libcrammd5.so
>> -rwxr-xr-x 1 root root 18180 22. Sep 02:03 libcrammd5.so.2
>> -rwxr-xr-x 1 root root 18180 22. Sep 02:03 libcrammd5.so.2.0.22
>> -rwxr-xr-x 1 root root 47200 22. Sep 02:03 libdigestmd5.so
>> -rwxr-xr-x 1 root root 47200 22. Sep 02:03 libdigestmd5.so.2
>> -rwxr-xr-x 1 root root 47200 22. Sep 02:03 libdigestmd5.so.2.0.22
>> -rwxr-xr-x 1 root root 14084 22. Sep 02:03 liblogin.so
>> -rwxr-xr-x 1 root root 14084 22. Sep 02:03 liblogin.so.2
>> -rwxr-xr-x 1 root root 14084 22. Sep 02:03 liblogin.so.2.0.22
>> -rwxr-xr-x 1 root root 18180 22. Sep 02:03 libplain.so
>> -rwxr-xr-x 1 root root 18180 22. Sep 02:03 libplain.so.2
>> -rwxr-xr-x 1 root root 18180 22. Sep 02:03 libplain.so.2.0.22
>> -rwxr-xr-x 1 root root 22228 22. Sep 02:03 libsasldb.so
>> -rwxr-xr-x 1 root root 22228 22. Sep 02:03 libsasldb.so.2
>> -rwxr-xr-x 1 root root 22228 22. Sep 02:03 libsasldb.so.2.0.22
>> -rw-r--r-- 1 root root 129 3. Feb 21:36 smtpd.conf
>>
>> -- listing of /etc/sasl2 --
>> insgesamt 20
>> drwxr-xr-x 2 root root 4096 3. Feb 22:19 .
>> drwxr-xr-x 69 root root 4096 3. Feb 22:02 ..
>> -rw------- 1 root root 128 3. Feb 22:19 smtpd.conf
>> -rw------- 1 root root 49 3. Feb 00:49 smtpd.conf.old
>> -rw------- 1 root root 104 3. Feb 17:33 smtpd.conf.rpmsave
>>
>>
>> Cannot find the smtp_sasl_password_maps parameter in main.cf.
>> Client-side SMTP AUTH cannot work without this parameter!
>>
>> /etc/sals2/smtpd.conf:
>> log_level: 7
>> pwcheck_method: auxprop
>> mech_list: PLAIN LOGIN CRAM-MD5 DIGEST-MD5
>> auxprop_plugin: sasldb
>> sasldb_path: /etc/sasldb2
>>
>> postconf -n:
>> alias_database = hash:/etc/aliases
>> alias_maps = hash:/etc/aliases
>> biff = no
>> broken_sasl_auth_clients = yes
>> canonical_maps = hash:/etc/postfix/canonical
>> command_directory = /usr/sbin
>> config_directory = /etc/postfix
>> content_filter = amavisd-new:[127.0.0.1]:10024
>> daemon_directory = /usr/lib/postfix
>> debug_peer_level = 7
>> defer_transports =
>> disable_dns_lookups = no
>> disable_mime_output_conversion = no
>> header_checks = regexp:/etc/postfix/header_checks
>> html_directory = /usr/share/doc/packages/postfix/html
>> inet_interfaces = localhost
>> inet_protocols = all
>> mail_owner = postfix
>> mail_spool_directory = /var/mail
>> mailbox_command =
>> mailbox_size_limit = 0
>> mailbox_transport =
>> mailq_path = /usr/bin/mailq
>> manpage_directory = /usr/share/man
>> masquerade_classes = envelope_sender, header_sender, header_recipient
>> masquerade_domains =
>> masquerade_exceptions = root
>> message_size_limit = 10240000
>> mydestination = $myhostname, localhost.$mydomain
>> mydomain = server.wunschradio.de
>> myhostname = server.wunschradio.de
>> mynetworks = 85.214.63.178, 127.0.0.0/8
>> mynetworks_style = subnet
>> newaliases_path = /usr/bin/newaliases
>> queue_directory = /var/spool/postfix
>> readme_directory = /usr/share/doc/packages/postfix/README_FILES
>> relayhost =
>> relocated_maps = hash:/etc/postfix/relocated
>> sample_directory = /usr/share/doc/packages/postfix/samples
>> sender_canonical_maps = hash:/etc/postfix/sender_canonical
>> sendmail_path = /usr/sbin/sendmail
>> setgid_group = maildrop
>> smtp_sasl_auth_enable = no
>> smtp_use_tls = no
>> smtpd_banner = $myhostname ESMTP $mail_name
>> smtpd_client_restrictions =
>> smtpd_helo_required = no
>> smtpd_helo_restrictions =
>> smtpd_recipient_restrictions = reject_non_fqdn_recipient
>> reject_non_fqdn_sender permit_sasl_authenticated permit_mynetworks
>> reject_unauth_destination check_client_access
>> hash:/etc/postfix/client_access reject_non_fqdn_hostname
>> reject_invalid_hostname reject_rbl_client sbl-xbl.spamhaus.org,
>> reject_rbl_client dul.dnsbl.sorbs.net, reject_rhsbl_client
>> blackhole.securitysage.com, reject_rhsbl_sender
>> blackhole.securitysage.com, reject_rhsbl_sender rhsbl.sorbs.n permit
>> smtpd_sasl_auth_enable = yes
>> smtpd_sasl_local_domain = $myhostname
>> smtpd_sasl_security_options = noanonymous, noplaintext
>> smtpd_sender_restrictions = hash:/etc/postfix/access
>> smtpd_use_tls = no
>> strict_8bitmime = no
>> strict_rfc821_envelopes = no
>> transport_maps = hash:/etc/postfix/transport
>> unknown_local_recipient_reject_code = 550
>> virtual_alias_domains = hash:/etc/postfix/virtual
>> virtual_alias_maps = hash:/etc/postfix/virtual_users
>>
>> Kann mir bitte jemand auf die Sprünge helfen ?
>>
>> Gruß und Danke
>> --
>> _______________________________________________
>> Postfixbuch-users -- http://www.postfixbuch.de
>> Heinlein Professional Linux Support GmbH
>>
>> Postfixbuch-users at listi.jpberlin.de
>> https://listi.jpberlin.de/mailman/listinfo/postfixbuch-users
>>
>
>
Mehr Informationen über die Mailingliste Postfixbuch-users