[Postfixbuch-users] sasl mit Postfix 2.2

postfix at moonsmile.ch postfix at moonsmile.ch
Di Apr 19 09:53:13 CEST 2005


Guten Morgen

Gestern habe ich Postfix 2.2 aus debian unstable installiert. Funktioniert
soweit einwandfrei, ausser die Identifikation der Clients mit sasl funktioniert
nicht mehr.

Die Daten zur Identifikation liegen in einer MySQL DB. An der Konfiguration von
Postfix und MySQL habe ich nichts geändert.

Ich hoffe mir kann jemand weiterhelfen.

/var/log/mail.log:

Apr 19 09:48:39 moon postfix/smtpd[6949]: warning: SASL authentication failure:
no secret in database
Apr 19 09:48:39 moon postfix/smtpd[6949]: warning:
moon.moonsmile.ch[192.168.0.1]: SASL CRAM-MD5 authentication failed
Apr 19 09:48:39 moon postfix/smtpd[6949]: warning: SASL authentication failure:
no secret in database
Apr 19 09:48:39 moon postfix/smtpd[6949]: warning:
moon.moonsmile.ch[192.168.0.1]: SASL NTLM authentication failed
Apr 19 09:48:39 moon postfix/smtpd[6949]: warning: SASL authentication failure:
Password verification failed
Apr 19 09:48:39 moon postfix/smtpd[6949]: warning:
moon.moonsmile.ch[192.168.0.1]: SASL PLAIN authentication failed
Apr 19 09:48:43 moon postfix/smtpd[6949]: warning:
moon.moonsmile.ch[192.168.0.1]: SASL LOGIN authentication failed
Apr 19 09:48:48 moon postfix/smtpd[6949]: lost connection after AUTH from
moon.moonsmile.ch[192.168.0.1]
Apr 19 09:48:48 moon postfix/smtpd[6949]: disconnect from
moon.moonsmile.ch[192.168.0.1]

Kann es sein das mit dem sql-plugin von sasl etwas nicht stimmt?

saslfinger -s:

saslfinger - postfix Cyrus sasl configuration Tue Apr 19 09:21:12 CEST 2005
version: 0.9.9.1
mode: server-side SMTP AUTH

-- basics --
Postfix: 2.2.2
System: Debian GNU/Linux testing/unstable \n \l

-- smtpd is linked to --
        libsasl2.so.2 => /usr/lib/libsasl2.so.2 (0x401b5000)

-- active SMTP AUTH and TLS parameters for smtpd --
smtpd_sasl_auth_enable = yes
smtpd_sasl_local_domain =
smtpd_sasl_security_options = noanonymous
smtpd_tls_CAfile = /etc/postfix/ssl/capub.crt
smtpd_tls_cert_file = /etc/postfix/ssl/smtpd.crt
smtpd_tls_key_file = /etc/postfix/ssl/smtpd.key
smtpd_use_tls = yes


-- listing of /usr/lib/sasl2 --
total 956
drwxr-xr-x   2 root root  4096 2004-12-19 08:41 .
drwxr-xr-x  57 root root 20480 2005-04-18 09:50 ..
-rw-r--r--   1 root root 13488 2004-10-16 23:02 libanonymous.a
-rw-r--r--   1 root root   851 2004-10-16 23:02 libanonymous.la
-rwxrwxrwx   1 root root 13824 2004-10-16 23:02 libanonymous.so
-rwxrwxrwx   1 root root 13824 2004-10-16 23:02 libanonymous.so.2
-rwxrwxrwx   1 root root 13824 2004-10-16 23:02 libanonymous.so.2.0.19
-rw-r--r--   1 root root 16298 2004-10-16 23:02 libcrammd5.a
-rw-r--r--   1 root root   837 2004-10-16 23:02 libcrammd5.la
-rwxrwxrwx   1 root root 16180 2004-10-16 23:02 libcrammd5.so
-rwxrwxrwx   1 root root 16180 2004-10-16 23:02 libcrammd5.so.2
-rwxrwxrwx   1 root root 16180 2004-10-16 23:02 libcrammd5.so.2.0.19
-rw-r--r--   1 root root 47516 2004-10-16 23:02 libdigestmd5.a
-rw-r--r--   1 root root   860 2004-10-16 23:02 libdigestmd5.la
-rwxrwxrwx   1 root root 43944 2004-10-16 23:02 libdigestmd5.so
-rwxrwxrwx   1 root root 43944 2004-10-16 23:02 libdigestmd5.so.2
-rwxrwxrwx   1 root root 43944 2004-10-16 23:02 libdigestmd5.so.2.0.19
-rw-r--r--   1 root root 13726 2004-10-16 23:02 liblogin.a
-rw-r--r--   1 root root   831 2004-10-16 23:02 liblogin.la
-rwxrwxrwx   1 root root 14028 2004-10-16 23:02 liblogin.so
-rwxrwxrwx   1 root root 14028 2004-10-16 23:02 liblogin.so.2
-rwxrwxrwx   1 root root 14028 2004-10-16 23:02 liblogin.so.2.0.19
-rw-r--r--   1 root root 31248 2004-10-16 23:02 libntlm.a
-rw-r--r--   1 root root   825 2004-10-16 23:02 libntlm.la
-rwxrwxrwx   1 root root 30660 2004-10-16 23:02 libntlm.so
-rwxrwxrwx   1 root root 30660 2004-10-16 23:02 libntlm.so.2
-rwxrwxrwx   1 root root 30660 2004-10-16 23:02 libntlm.so.2.0.19
-rw-r--r--   1 root root 20142 2004-10-16 23:02 libotp.a
-rw-r--r--   1 root root   825 2004-10-16 23:02 libotp.la
-rwxrwxrwx   1 root root 43184 2004-10-16 23:02 libotp.so
-rwxrwxrwx   1 root root 43184 2004-10-16 23:02 libotp.so.2
-rwxrwxrwx   1 root root 43184 2004-10-16 23:02 libotp.so.2.0.19
-rw-r--r--   1 root root 13886 2004-10-16 23:02 libplain.a
-rw-r--r--   1 root root   831 2004-10-16 23:02 libplain.la
-rwxrwxrwx   1 root root 14096 2004-10-16 23:02 libplain.so
-rwxrwxrwx   1 root root 14096 2004-10-16 23:02 libplain.so.2
-rwxrwxrwx   1 root root 14096 2004-10-16 23:02 libplain.so.2.0.19
-rw-r--r--   1 root root 21798 2004-10-16 23:02 libsasldb.a
-rw-r--r--   1 root root   852 2004-10-16 23:02 libsasldb.la
-rwxrwxrwx   1 root root 18692 2004-10-16 23:02 libsasldb.so
-rwxrwxrwx   1 root root 18692 2004-10-16 23:02 libsasldb.so.2
-rwxrwxrwx   1 root root 18692 2004-10-16 23:02 libsasldb.so.2.0.19
-rw-r--r--   1 root root 22168 2004-10-16 23:02 libsql.a
-rw-r--r--   1 root root   874 2004-10-16 23:02 libsql.la
-rw-r--r--   1 root root 22132 2004-10-16 23:02 libsql.so
-rw-r--r--   1 root root 22132 2004-10-16 23:02 libsql.so.2
-rw-r--r--   1 root root 22132 2004-10-16 23:02 libsql.so.2.0.19




-- content of /etc/postfix/sasl/smtpd.conf --
log_level: 3
pwcheck_mathod: auxprop
mech_list: PLAIN LOGIN CRAM-MD5 DIGEST-MD5

auxprop_plugin: sql
sql_engine: mysql
sql_hostnames: moon
sql_database: mailbase
sql_user: --- replaced ---
sql_passwd: --- replaced ---
sql_select: SELECT pw FROM mailbase WHERE mail = '%u@%r'
sql_usessl: no



-- active services in /etc/postfix/master.cf --
# service type  private unpriv  chroot  wakeup  maxproc command + args
#               (yes)   (yes)   (yes)   (never) (100)
smtp      inet  n       -       -       -       30      smtpd
pickup    fifo  n       -       -       60      1       pickup
cleanup   unix  n       -       -       -       0       cleanup
qmgr      fifo  n       -       -       300     1       qmgr
rewrite   unix  -       -       -       -       -       trivial-rewrite
bounce    unix  -       -       -       -       0       bounce
defer     unix  -       -       -       -       0       bounce
flush     unix  n       -       -       1000?   0       flush
proxymap  unix  -       -       n       -       -       proxymap
smtp      unix  -       -       -       -       30      smtp
relay     unix  -       -       -       -       -       smtp
showq     unix  n       -       -       -       -       showq
error     unix  -       -       -       -       -       error
local     unix  -       n       n       -       -       local
virtual   unix  -       n       n       -       -       virtual
lmtp      unix  -       -       n       -       -       lmtp
vscan     unix  -       -       n       -       10      smtp

maildrop  unix  -       n       n       -       -       pipe
  flags=R user=vmail argv=/usr/bin/maildrop -d ${recipient}
cyrus     unix  -       n       n       -       -       pipe
  flags=R user=cyrus argv=/usr/sbin/cyrdeliver -e -m ${extension} ${user}
uucp      unix  -       n       n       -       -       pipe
  flags=Fqhu user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail ($recipient)
ifmail    unix  -       n       n       -       -       pipe
  flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient)
bsmtp     unix  -       n       n       -       -       pipe
  flags=Fq. user=bsmtp argv=/usr/lib/bsmtp/bsmtp -d -t$nexthop -f$sender
$recipient
scalemail-backend unix  -       n       n       -       2       pipe
  flags=R user=scalemail argv=/usr/lib/scalemail/bin/scalemail-store ${nexthop}
${user} ${extension}


localhost:10025 inet    n       n       n       -       10      smtpd
  -o content_filter=
  -o local_recipient_maps=
  -o relay_recipient_maps=
  -o smtpd_restriction_classes=
  -o smtpd_client_restrictions=
  -o smtpd_helo_restricitons=
  -o smtpd_sender_restrictions=
  -o smtpd_recipient_restrictions=permit_mynetworks,reject
  -o mynetworks=127.0.0.0/8
  -o strict_rfc821_envelopes=yes
trace     unix  -       -       -       -       0       bounce
verify    unix  -       -       -       -       1       verify
tlsmgr    unix  -       -       -       1000?   1       tlsmgr
anvil     unix  -       -       -       -       1       anvil
scache    unix  -       -       -       -       1       scache
discard   unix  -       -       -       -       -       discard

-- mechanisms on localhost --
250-AUTH NTLM LOGIN PLAIN DIGEST-MD5 CRAM-MD5


-- end of saslfinger output --

postconf -n:

alias_database = hash:/etc/aliases, hash:/var/lib/mailman/data/aliases
alias_maps = hash:/etc/aliases, hash:/var/lib/mailman/data/aliases
biff = no
config_directory = /etc/postfix
content_filter = vscan:localhost:10024
header_checks = pcre:/etc/postfix/header_checks.pcre
home_mailbox = Maildir/
local_recipient_maps = $alias_maps $virtual_uid_maps
mailbox_size_limit = 0
message_size_limit = 20480000
mydestination = $myhostname     localhost.$myhostname   $mydomain      
localhost       lists.moonsmile.ch
mydomain = moonsmile.ch
myhostname = mail.moonsmile.ch
mynetworks = 127.0.0.0/8,192.168.0.0/24
myorigin = /etc/mailname
recipient_canonical_maps = hash:/etc/postfix/recipient_canonical,
hash:/etc/postfix/lummerland/recipient_canonical
recipient_delimiter = +
sender_canonical_maps = hash:/etc/postfix/sender_canonical,
hash:/etc/postfix/lummerland/sender_canonical
smtp_sasl_auth_enable = yes
smtp_sasl_password_maps = hash:/etc/postfix/saslpasswd
smtp_sasl_security_options = noanonymous
smtp_tls_CAfile = /etc/postfix/ssl/capub.crt
smtp_tls_cert_file = /etc/postfix/ssl/smtpd.crt
smtp_tls_key_file = /etc/postfix/ssl/smtpd.key
smtp_use_tls = yes
smtpd_banner = $myhostname ESMTP
smtpd_recipient_restrictions = permit_mynetworks,   reject_non_fqdn_recipient,  
reject_non_fqdn_sender,   reject_non_fqdn_hostname,   reject_invalid_hostname,  
reject_unknown_sender_domain,   reject_unknown_recipient_domain,  
check_helo_access hash:/etc/postfix/helo_access,   check_sender_access
hash:/etc/postfix/access,   permit_sasl_authenticated,   permit_mynetworks,  
check_policy_service inet:127.0.0.1:60000,   permit_mx_backup,  
reject_unauth_destination,   permit
smtpd_sasl_auth_enable = yes
smtpd_sasl_local_domain =
smtpd_sasl_security_options = noanonymous
smtpd_tls_CAfile = /etc/postfix/ssl/capub.crt
smtpd_tls_cert_file = /etc/postfix/ssl/smtpd.crt
smtpd_tls_key_file = /etc/postfix/ssl/smtpd.key
smtpd_use_tls = yes
soft_bounce = no
transport_maps = hash:/etc/postfix/transport,
hash:/etc/postfix/transport_mailbase
virtual_gid_maps = static:5001
virtual_mailbox_base = /srv
virtual_mailbox_domains = klumpfuss-info.ch, lummerland.ch
virtual_mailbox_maps = hash:/etc/postfix/mailbox
virtual_minimum_uid = 5000
virtual_uid_maps = static:5001

Gruss und Danke
Thomas

----------------------------------------------------------------
This message was sent using IMP, the Internet Messaging Program.



Mehr Informationen über die Mailingliste Postfixbuch-users