[Postfixbuch-users] SASL funktioniert - mit TLS nicht
Ronny Seffner
ronny at seffner.de
Di Sep 1 16:12:02 CEST 2009
Hallo,
ein Problem, das ich mit dem Buch nicht klären kann:
Ich nutzt kürzlich noch "auxprop" für sasl, möchte nun aber verschlüsselte Passwörter aus einer mysql Datenbank verwenden und wechselte somit zu "saslauthd".
Mit nahezu der selben Konfiguration kalppt nun sasl über SMTP weiterhin, nur über SMTPS/SSMTP (was stimmt hier eigentlich) nicht. Ich hoffe nachfolgend alle nötigen Informationen zu geben um mir den mit dem richtgen Hinweis zu helfen:
ns2:~# saslfinger -s
saslfinger - postfix Cyrus sasl configuration Fr 28. Aug 14:54:29 CEST
2009
version: 1.0.4
mode: server-side SMTP AUTH
-- basics --
Postfix: 2.5.5
System: Debian GNU/Linux 5.0 \n \l
-- smtpd is linked to --
libsasl2.so.2 => /usr/lib/libsasl2.so.2 (0xb7d50000)
-- active SMTP AUTH and TLS parameters for smtpd --
broken_sasl_auth_clients = yes
smtpd_sasl_auth_enable = yes
smtpd_sasl_local_domain =
smtpd_sasl_security_options = noanonymous
smtpd_tls_cert_file = /etc/postfix/ssl/smtpd.crt
smtpd_tls_key_file = /etc/postfix/ssl/smtpd.key
smtpd_tls_loglevel = 0
smtpd_tls_received_header = yes
smtpd_tls_session_cache_timeout = 3600s
smtpd_use_tls = yes
-- listing of /usr/lib/sasl --
insgesamt 40
drwxr-xr-x 2 root root 4096 9. Jun 2005 .
drwxr-xr-x 75 root root 32768 20. Aug 08:42 ..
-rw-r--r-- 1 root root 43 17. Nov 2003 smtpd.conf
-- listing of /usr/lib/sasl2 --
insgesamt 804
drwxr-xr-x 2 root root 4096 31. Mai 22:37 .
drwxr-xr-x 75 root root 32768 20. Aug 08:42 ..
-rw-r--r-- 1 root root 13476 24. Mai 12:20 libanonymous.a
-rw-r--r-- 1 root root 855 24. Mai 12:20 libanonymous.la
-rw-r--r-- 1 root root 13016 24. Mai 12:20 libanonymous.so
-rw-r--r-- 1 root root 13016 24. Mai 12:20 libanonymous.so.2
-rw-r--r-- 1 root root 13016 24. Mai 12:20 libanonymous.so.2.0.22
-rw-r--r-- 1 root root 15814 24. Mai 12:20 libcrammd5.a
-rw-r--r-- 1 root root 841 24. Mai 12:20 libcrammd5.la
-rw-r--r-- 1 root root 15352 24. Mai 12:20 libcrammd5.so
-rw-r--r-- 1 root root 15352 24. Mai 12:20 libcrammd5.so.2
-rw-r--r-- 1 root root 15352 24. Mai 12:20 libcrammd5.so.2.0.22
-rw-r--r-- 1 root root 46420 24. Mai 12:20 libdigestmd5.a
-rw-r--r-- 1 root root 864 24. Mai 12:20 libdigestmd5.la
-rw-r--r-- 1 root root 43500 24. Mai 12:20 libdigestmd5.so
-rw-r--r-- 1 root root 43500 24. Mai 12:20 libdigestmd5.so.2
-rw-r--r-- 1 root root 43500 24. Mai 12:20 libdigestmd5.so.2.0.22
-rw-r--r-- 1 root root 13650 24. Mai 12:20 liblogin.a
-rw-r--r-- 1 root root 835 24. Mai 12:20 liblogin.la
-rw-r--r-- 1 root root 13460 24. Mai 12:20 liblogin.so
-rw-r--r-- 1 root root 13460 24. Mai 12:20 liblogin.so.2
-rw-r--r-- 1 root root 13460 24. Mai 12:20 liblogin.so.2.0.22
-rw-r--r-- 1 root root 29076 24. Mai 12:20 libntlm.a
-rw-r--r-- 1 root root 829 24. Mai 12:20 libntlm.la
-rw-r--r-- 1 root root 28532 24. Mai 12:20 libntlm.so
-rw-r--r-- 1 root root 28532 24. Mai 12:20 libntlm.so.2
-rw-r--r-- 1 root root 28532 24. Mai 12:20 libntlm.so.2.0.22
-rw-r--r-- 1 root root 13970 24. Mai 12:20 libplain.a
-rw-r--r-- 1 root root 835 24. Mai 12:20 libplain.la
-rw-r--r-- 1 root root 14036 24. Mai 12:20 libplain.so
-rw-r--r-- 1 root root 14036 24. Mai 12:20 libplain.so.2
-rw-r--r-- 1 root root 14036 24. Mai 12:20 libplain.so.2.0.22
-rw-r--r-- 1 root root 21710 24. Mai 12:20 libsasldb.a
-rw-r--r-- 1 root root 866 24. Mai 12:20 libsasldb.la
-rw-r--r-- 1 root root 18080 24. Mai 12:20 libsasldb.so
-rw-r--r-- 1 root root 18080 24. Mai 12:20 libsasldb.so.2
-rw-r--r-- 1 root root 18080 24. Mai 12:20 libsasldb.so.2.0.22
-rw-r--r-- 1 root root 23804 24. Mai 12:20 libsql.a
-rw-r--r-- 1 root root 964 24. Mai 12:20 libsql.la
-rw-r--r-- 1 root root 23312 24. Mai 12:20 libsql.so
-rw-r--r-- 1 root root 23312 24. Mai 12:20 libsql.so.2
-rw-r--r-- 1 root root 23312 24. Mai 12:20 libsql.so.2.0.22
-rw-r--r-- 1 root root 26 30. Dez 2003 smtpd.conf
-- listing of /etc/postfix/sasl --
insgesamt 12
drwxr-xr-x 2 root root 4096 28. Aug 14:35 .
drwxr-xr-x 4 root root 4096 28. Aug 14:45 ..
-r-------- 1 root root 425 28. Aug 14:35 smtpd.conf
-- content of /usr/lib/sasl/smtpd.conf --
pwcheck_method: pam
mech_list: plain login
-- content of /usr/lib/sasl2/smtpd.conf --
pwcheck_method: saslauthd
-- content of /etc/postfix/sasl/smtpd.conf --
#pwcheck_method: auxprop
pwcheck_method: saslauthd
#auxprop_plugin: sql
#auxprop_plugin: mysql
#mech_list: plain login cram-md5 digest-md5
mech_list: plain login
sql_engine: mysql
sql_hostnames: 127.0.0.1
sql_user: --- replaced ---
sql_passwd: --- replaced ---
sql_database: syscp
#sql_select: select password from mail_users where username='%u@%r'
sql_select: select password_enc from mail_users where username='%u@%r'
or email='%u@%r'
-- active services in /etc/postfix/master.cf --
# service type private unpriv chroot wakeup maxproc command + args
# (yes) (yes) (yes) (never) (100)
smtp inet n - - - - smtpd
pickup fifo n - - 60 1 pickup
cleanup unix n - - - 0 cleanup
qmgr fifo n - - 300 1 qmgr
rewrite unix - - - - - trivial-
rewrite
bounce unix - - - - 0 bounce
defer unix - - - - 0 bounce
flush unix n - - 1000? 0 flush
proxymap unix - - n - - proxymap
smtp unix - - - - - smtp
relay unix - - - - - smtp
showq unix n - - - - showq
error unix - - - - - error
local unix - n n - - local
virtual unix - n n - - virtual
lmtp unix - - n - - lmtp
maildrop unix - n n - 20 pipe
flags=ORh user=vmail:www-data argv=/usr/bin/maildrop -d ${recipient}
${extension} ${recipient} ${user} ${nexthop} ${sender}
cyrus unix - n n - - pipe
flags=R user=cyrus argv=/usr/sbin/cyrdeliver -e -m "${extension}" $
{user}
uucp unix - n n - - pipe
flags=Fqhu user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail
($recipient)
ifmail unix - n n - - pipe
flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop
($recipient)
bsmtp unix - n n - - pipe
flags=Fq. user=bsmtp argv=/usr/lib/bsmtp/bsmtp -d -t$nexthop -f
$sender $recipient
scalemail-backend unix - n n - 2 pipe
flags=R user=scalemail argv=/usr/lib/scalemail/bin/scalemail-store $
{nexthop} ${user} ${extension}
spamassassin unix - n n - - pipe
user=vmail argv=/usr/bin/spamc -u ${recipient} -f -e /usr/sbin/
sendmail -oi -f ${sender} -- ${recipient}
spamd unix - n n - - pipe
user=vmail argv=/usr/bin/spamc -u ${recipient} -f -e /usr/sbin/
sendmail -oi -f ${sender} -- ${recipient}
tlsmgr unix - - n 300 1 tlsmgr
smtps inet n - n - - smtpd -o
smtpd_tls_wrappermode=yes -o smtpd_sasl_auth_enable=yes
587 inet n - n - - smtpd -o
smtpd_enforce_tls=yes -o smtpd_sasl_auth_enable=yes
trace unix - - - - 0 bounce
verify unix - - - - 1 verify
anvil unix - - - - 1 anvil
scache unix - - - - 1 scache
discard unix - - - - - discard
mailman unix - n n - - pipe
flags=FR user=list
argv=/var/lib/mailman/bin/postfix-to-mailman.py ${nexthop} ${user}
retry unix - - - - - error
-- mechanisms on localhost --
250-AUTH LOGIN PLAIN
250-AUTH=LOGIN PLAIN
-- end of saslfinger output --
Und hier noch ein Stück vom mail.log dazu:
Aug 28 15:00:54 ns2 postfix/smtpd[23674]: warning: SASL authentication
failure: incorrect digest response
Aug 28 15:00:54 ns2 postfix/smtpd[23674]: warning: ipxXXXXX.ipx-
server.de[8x.1xx.2xx.9x]: SASL CRAM-MD5 authentication failed:
authentication failure
Aug 28 15:00:54 ns2 postfix/smtpd[23674]: warning: SASL authentication
failure: cannot connect to saslauthd server: No such file or directory
Aug 28 15:00:54 ns2 postfix/smtpd[23674]: warning: ipxXXXXX.ipx-
server.de[8x.1xx.2xx.9x]: SASL LOGIN authentication failed: generic
failure
Aug 28 15:00:54 ns2 postfix/smtpd[23674]: warning: SASL authentication
failure: cannot connect to saslauthd server: No such file or directory
Aug 28 15:00:54 ns2 postfix/smtpd[23674]: warning: SASL authentication
failure: Password verification failed
Aug 28 15:00:54 ns2 postfix/smtpd[23674]: warning: ipxXXXXX.ipx-
server.de[8x.1xx.2xx.9x]: SASL PLAIN authentication failed: generic
failure
Mit freundlichen Grüßen / With kind regards
Ronny Seffner
Mehr Informationen über die Mailingliste Postfixbuch-users