dovcot sasl testen no auth in postfix

Günther J. Niederwimmer gjn at gjn.priv.at
Mi Feb 24 12:55:52 CET 2021


Hallo Liste,

ich habe einen neuen Mail Server aufgesetzt und habe dazu mal neueste Software 
genommen oracle-Linux 8.3 dovecot latest und pstfix 3.5.8

Jetzt die Frage an Euch Profis irgendwie findet postfix die sasl auth nicht 
mehr?

mit dovecot funktioniert das doveadm auth test gjn
postfix sagt aber unbekannter user ? ich habe die alte funktionierende config 
genommen aber anscheinend hat sich da was geändert?

wie kann man testen ob dovecot die Auth weitergibt an postfix oder ist ein 
Postfix Fehler vorhanden ich suche jetzt schon 3 Tage und im postfix buch oder 
dovecot buch habe ich auch nichts entdeckt auch in den logs nichts :-(

postconf -n
alias_database = hash:/etc/aliases
alias_maps = hash:/etc/aliases
bounce_template_file = /etc/postfix/bounce.de-DE.cf
broken_sasl_auth_clients = yes
command_directory = /usr/sbin
compatibility_level = 2
daemon_directory = /usr/libexec/postfix
data_directory = /var/lib/postfix
debug_peer_level = 2
debugger_command = PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin ddd 
$daemon_directory/$process_name $process_id & sleep 5
default_database_type = btree
html_directory = no
inet_interfaces = all
inet_protocols = all
lmtp_tls_mandatory_protocols = !SSLv2, !SSLv3, !TLSv1, !TLSv1.1
lmtp_tls_protocols = !SSLv2, !SSLv3, !TLSv1, !TLSv1.1
mail_owner = postfix
mailbox_size_limit = 0
mailq_path = /usr/bin/mailq.postfix
manpage_directory = /usr/share/man
message_size_limit = 104857600
meta_directory = /etc/postfix
milter_default_action = accept
milter_mail_macros = i {mail_addr} {client_addr} {client_name} {auth_authen}
milter_protocol = 6
mydestination = $myhostname, localhost.$mydomain, localhost, $mydomain
myhostname = mx01.4gjn.com
mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128 89.26.108.0/28 
192.168.0.0/16 [fe80::]/10 [fc00::]/7 [2001:470:1f0b:371::]/64
myorigin = $myhostname
newaliases_path = /usr/bin/newaliases.postfix
non_smtpd_milters = unix:/var/run/rspamd/rspamd.sock
postscreen_access_list = permit_mynetworks, cidr:/etc/postfix/
postscreen_access.cidr, cidr:/etc/postfix/postscreen_spf_whitelist.cidr,
postscreen_bare_newline_enable = no
postscreen_blacklist_action = drop
postscreen_cache_cleanup_interval = 72h
postscreen_cache_map = memcache:/etc/postfix/postscreen_cache
postscreen_dnsbl_action = enforce
postscreen_dnsbl_sites = b.barracudacentral.org=127.0.0.2*7 
dnsbl.inps.de=127.0.0.2*7 bl.mailspike.net=127.0.0.2*5 
bl.mailspike.net=127.0.0.[10;11;12]*4 dnsbl.sorbs.net=127.0.0.10*8 
dnsbl.sorbs.net=127.0.0.5*6 dnsbl.sorbs.net=127.0.0.7*3 
dnsbl.sorbs.net=127.0.0.8*2 dnsbl.sorbs.net=127.0.0.6*2 
dnsbl.sorbs.net=127.0.0.9*2 zen.spamhaus.org=127.0.0.[10;11]*8 
zen.spamhaus.org=127.0.0.[4..7]*6 zen.spamhaus.org=127.0.0.3*4 
zen.spamhaus.org=127.0.0.2*3 hostkarma.junkemailfilter.com=127.0.0.2*3 
hostkarma.junkemailfilter.com=127.0.0.4*1 
hostkarma.junkemailfilter.com=127.0.1.2*1 wl.mailspike.net=127.0.0.
[18;19;20]*-2 hostkarma.junkemailfilter.com=127.0.0.1*-2
postscreen_dnsbl_threshold = 8
postscreen_dnsbl_ttl = 5m
postscreen_greet_action = enforce
postscreen_greet_banner = $smtpd_banner
postscreen_greet_ttl = 2d
postscreen_greet_wait = 3s
postscreen_non_smtp_command_enable = no
postscreen_pipelining_enable = no
proxy_write_maps = proxy:btree:/var/lib/postfix/postscreen_cache
queue_directory = /var/spool/postfix
readme_directory = /usr/share/doc/postfix-3.5.6/README_FILES
recipient_delimiter = +
relay_domains = btree:/etc/postfix/relay_domains
sample_directory = /usr/share/doc/postfix-3.5.6/samples
sendmail_path = /usr/sbin/sendmail.postfix
setgid_group = postdrop
shlib_directory = /usr/lib/postfix
smtp_dns_support_level = dnssec
smtp_tls_CAfile = /etc/pki/tls/cert.pem
smtp_tls_cert_file = /etc/letsencrypt/live/mx01.4gjn.com/fullchain.pem
smtp_tls_eccert_file = /etc/letsencrypt/live/mx01.4gjn.com/fullchain-ecdsa.pem
smtp_tls_eckey_file = /etc/pki/tls/private/4gjn.com_ec.key
smtp_tls_key_file = /etc/pki/tls/private/4gjn.com.key
smtp_tls_loglevel = 1
smtp_tls_mandatory_protocols = !SSLv2, !SSLv3, !TLSv1, !TLSv1.1
smtp_tls_protocols = !SSLv2, !SSLv3
smtp_tls_security_level = dane
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
smtpd_banner = $myhostname ESMTP $mail_name
smtpd_milters = unix:/var/run/rspamd/rspamd.sock
smtpd_recipient_restrictions = permit_sasl_authenticated, permit_mynetworks, 
reject_invalid_helo_hostname, reject_unknown_reverse_client_hostname, 
reject_unauth_destination
smtpd_sasl_auth_enable = yes
smtpd_sasl_authenticated_header = yes
smtpd_sasl_path = private/auth
smtpd_sasl_type = dovecot
smtpd_tls_auth_only = yes
smtpd_tls_cert_file = /etc/letsencrypt/live/mx01.4gjn.com/fullchain.pem
smtpd_tls_dh1024_param_file = /etc/pki/tls/certs/dh_4096.pem
smtpd_tls_dh512_param_file = /etc/pki/tls/certs/dh_2048.pem
smtpd_tls_eccert_file = /etc/letsencrypt/live/mx01.4gjn.com/fullchain-
ecdsa.pem
smtpd_tls_eckey_file = /etc/pki/tls/private/4gjn.com_ec.key
smtpd_tls_eecdh_grade = auto
smtpd_tls_exclude_ciphers = ECDHE-RSA-RC4-SHA, RC4, aNULL, DES-CBC3-SHA, 
ECDHE-RSA-DES-CBC3-SHA, EDH-RSA-DES-CBC3-SHA, IDEA-CBC-SHA
smtpd_tls_key_file = /etc/pki/tls/private/4gjn.com.key
smtpd_tls_loglevel = 1
smtpd_tls_mandatory_ciphers = high
smtpd_tls_mandatory_protocols = !SSLv2, !SSLv3, !TLSv1, !TLSv1.1
smtpd_tls_protocols = !SSLv2, !SSLv3
smtpd_tls_received_header = yes
smtpd_tls_security_level = may
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
smtpd_use_tls = yes
smtputf8_enable = yes
tls_preempt_cipherlist = yes
tls_ssl_options = NO_COMPRESSION NO_RENEGOTIATION
transport_maps = btree:/etc/postfix/transport, $relay_domains
unknown_local_recipient_reject_code = 550
unverified_recipient_reject_code = 577
virtual_alias_maps = btree:/etc/postfix/virtual_aliases

postconf -M
smtp       inet  n       -       n       -       -       smtpd
submission inet  n       -       n       -       -       smtpd -o 
smtpd_client_restrictions=permit_mynetworks,permit_sasl_authenticated,reject -
o smtpd_enforce_tls=yes -o smtpd_tls_security_level=encrypt -o 
smtpd_tls_mandatory_protocols=!SSLv2,!SSLv3 -o tls_preempt_cipherlist=yes -o 
syslog_name=postfix/submission -o 
smtpd_relay_restrictions=permit_sasl_authenticated,reject -o 
milter_macro_daemon_name=ORIGINATING -o smtpd_sasl_auth_enable=yes
pickup     unix  n       -       n       60      1       pickup
cleanup    unix  n       -       n       -       0       cleanup
qmgr       unix  n       -       n       300     1       qmgr
tlsmgr     unix  -       -       n       1000?   1       tlsmgr
rewrite    unix  -       -       n       -       -       trivial-rewrite
bounce     unix  -       -       n       -       0       bounce
defer      unix  -       -       n       -       0       bounce
trace      unix  -       -       n       -       0       bounce
verify     unix  -       -       n       -       1       verify
flush      unix  n       -       n       1000?   0       flush
proxymap   unix  -       -       n       -       -       proxymap
proxywrite unix  -       -       n       -       1       proxymap
smtp       unix  -       -       n       -       -       smtp
relay      unix  -       -       n       -       -       smtp -o 
syslog_name=postfix/$service_name
showq      unix  n       -       n       -       -       showq
error      unix  -       -       n       -       -       error
retry      unix  -       -       n       -       -       error
discard    unix  -       -       n       -       -       discard
local      unix  -       n       n       -       -       local
virtual    unix  -       n       n       -       -       virtual
lmtp       unix  -       -       n       -       -       lmtp
anvil      unix  -       -       n       -       1       anvil
scache     unix  -       -       n       -       1       scache
postlog    unix-dgram n  -       n       -       1       postlogd

für jede Hilfe dankbar ;-)

-- 
mit freundlichen Grüßen / best regards

  Günther J. Niederwimmer




Mehr Informationen über die Mailingliste Postfixbuch-users