[Postfixbuch-users] Postfix, TLS, SASL und MySQL
Thomas Grieder
suse.liste at freesurf.ch
Do Apr 8 09:25:38 CEST 2004
Guten Morgen
Während mehreren Stunden versuchte ich Postfix mit TLS zum Laufen zu bringen.
Auf Seite Postfix war das kein Problem (gemäss c't 8/04). Das Problem liegt bei
SASL. Ich schaffe es nicht, dass SASL die Benutzerdaten in der MySQL-Datenbank
abfragt. In mysql.err habe ich keine Fehler. In mysql.log sind keine Einträge
betreffend SASL. In mail.log habe ich folgende Fehler:
Apr 8 00:39:23 moon postfix/smtpd[1528]: warning: SASL authentication failure:
Password verification failed
Apr 8 00:39:23 moon postfix/smtpd[1528]: warning:
mars.domain1.ch[192.168.0.12]: SASL PLAIN authentication failed
Apr 8 00:39:24 moon postfix/smtpd[1528]: warning: SASL authentication problem:
unable to open Berkeley db /etc/sasldb2:
So wie es aussieht wird MySQL nicht verwendet. Wer kann mir da weiterhelfen? Da
ich inzwischen den Überblick verloren habe, sind einige Dateien völlig
verkonfiguriert... :-(
System: debian unstable
Postfix: 2.0.19
MySQL: 4.0.18
SASL: 2.1.18
libpam-mysql: 0.5.0
Falls jemand noch irgendwelche Sicherheitslücken findet, währe ich froh um jeden
Hinweis.
Danke
Thomas
moon:/etc/postfix/sasl# postconf -m
static
nis
dbm
regexp
environ
proxy
btree
unix
hash
tcp
mysql
sdbm
moon:~# postconf -n
alias_database = hash:/etc/aliases
alias_maps = hash:/etc/aliases
biff = no
command_directory = /usr/sbin
config_directory = /etc/postfix
content_filter = vscan:localhost:10024
daemon_directory = /usr/lib/postfix
delay_warning_time = 4h
home_mailbox = Maildir/
local_recipient_maps =
mailbox_command =
mailbox_size_limit = 0
maximal_queue_lifetime = 3d
message_size_limit = 20480000
mydestination = $myhostname localhost.$myhostname $mydomain
localhost
mydomain = domain1.ch
myhostname = mail.domain1.ch
mynetworks = 127.0.0.0/8,192.168.0.0/24
myorigin = /etc/mailname
program_directory = /usr/lib/postfix
recipient_canonical_maps = hash:/etc/postfix/recipient_canonical
recipient_delimiter = +
relayhost =
sender_canonical_maps = hash:/etc/postfix/sender_canonical
setgid_group = postdrop
smtpd_banner = $myhostname ESMTP $mail_name
smtpd_enforce_tls = yes
smtpd_recipient_restrictions = permit_sasl_authenticated
reject_unknown_sender_domain reject_non_fqdn_sender permit_mynetworks
permit_sasl_authenticated check_recipient_maps
reject_unauth_destination reject_unauth_destination
permit_auth_destination permit
smtpd_sasl_auth_enable = yes
smtpd_sasl_local_domain =
smtpd_sasl_security_options = noanonymous
smtpd_tls_auth_only = yes
smtpd_tls_cert_file = /etc/postfix/ssl/smtpd.crt
smtpd_tls_key_file = /etc/postfix/ssl/smtpd.key
smtpd_use_tls = yes
transport_maps = hash:/etc/postfix/transport
virtual_gid_maps = mysql:/etc/postfix/ids.mysql
virtual_mailbox_base = /home/mail
virtual_mailbox_domains = domain2.ch domain3.ch
virtual_mailbox_maps = mysql:/etc/postfix/mailbox.mysql
virtual_minimum_uid = 5000
virtual_uid_maps = mysql:/etc/postfix/ids.mysql
moon:/etc/postfix/sasl# cat smtpd.conf
pwcheck_mathod: saslauthd
mech_list: plain login
moon:/var/spool/postfix/etc/pam.d# cat smtp
auth required pam_mysql.so user=username passwd=pw host=mail.domain1.ch
db=mailbase table=mailbase usercolumn=id passwdcolumn=password crypt=1
account sufficient pam_mysql.so user=username passwd=pw host=mail.domain1.ch
db=mailbase table=mailbase usercolumn=id passwdcolumn=password crypt=1
moon:/etc/default# cat saslauthd
# This needs to be uncommented before saslauthd will be run automatically
START=yes
# You must specify the authentication mechanisms you wish to use.
# This defaults to "pam" for PAM support, but may also include
# "shadow" or "sasldb", like this:
# MECHANISMS="pam shadow"
MECHANISMS="rimap"
Mehr Informationen über die Mailingliste Postfixbuch-users