[Postfixbuch-users] Postfixadmin

Patrick Ben Koetter p at state-of-mind.de
Mi Nov 3 07:59:37 CET 2004


* Silvio Siefke <listen at silvio-siefke.de> [041102 23:40]:
> h1908:/usr/local/src/saslfinger-0.9.7# saslfinger -s
> saslfinger - postfix Cyrus sasl configuration Di Nov  2 23:30:20 CET 2004
> version: 0.9.7
> mode: server-side SMTP AUTH
> 
> -- basics --
> Postfix: 2.1.4
> System: Debian GNU/Linux 3.1 \n \l
> 
> -- smtpd is linked to --
>         libsasl2.so.2 => /usr/lib/libsasl2.so.2 (0x4019c000)

SASL2

> 
> -- listing of /usr/lib/sasl2 --
> insgesamt 1160
> drwxr-xr-x   2 root root  4096 2004-11-01 23:28 .
> drwxr-xr-x  38 root root  8192 2004-11-02 21:53 ..
> -rw-r--r--   1 root root 13488 2004-10-16 23:02 libanonymous.a
> -rw-r--r--   1 root root   851 2004-10-16 23:02 libanonymous.la
> -rw-r--r--   1 root root 13824 2004-10-16 23:02 libanonymous.so
> -rw-r--r--   1 root root 13824 2004-10-16 23:02 libanonymous.so.2
> -rw-r--r--   1 root root 13824 2004-10-16 23:02 libanonymous.so.2.0.19
> -rw-r--r--   1 root root 16298 2004-10-16 23:02 libcrammd5.a
> -rw-r--r--   1 root root   837 2004-10-16 23:02 libcrammd5.la
> -rw-r--r--   1 root root 16180 2004-10-16 23:02 libcrammd5.so
> -rw-r--r--   1 root root 16180 2004-10-16 23:02 libcrammd5.so.2
> -rw-r--r--   1 root root 16180 2004-10-16 23:02 libcrammd5.so.2.0.19
> -rw-r--r--   1 root root 47516 2004-10-16 23:02 libdigestmd5.a
> -rw-r--r--   1 root root   860 2004-10-16 23:02 libdigestmd5.la
> -rw-r--r--   1 root root 43944 2004-10-16 23:02 libdigestmd5.so
> -rw-r--r--   1 root root 43944 2004-10-16 23:02 libdigestmd5.so.2
> -rw-r--r--   1 root root 43944 2004-10-16 23:02 libdigestmd5.so.2.0.19
> -rw-r--r--   1 root root 26884 2004-10-17 06:22 libgssapiv2.a
> -rw-r--r--   1 root root   886 2004-10-17 06:22 libgssapiv2.la
> -rw-r--r--   1 root root 26264 2004-10-17 06:22 libgssapiv2.so
> -rw-r--r--   1 root root 26264 2004-10-17 06:22 libgssapiv2.so.2
> -rw-r--r--   1 root root 26264 2004-10-17 06:22 libgssapiv2.so.2.0.19
> -rw-r--r--   1 root root 23644 2004-10-17 06:22 libkerberos4.a
> -rw-r--r--   1 root root   858 2004-10-17 06:22 libkerberos4.la
> -rw-r--r--   1 root root 23228 2004-10-17 06:22 libkerberos4.so
> -rw-r--r--   1 root root 23228 2004-10-17 06:22 libkerberos4.so.2
> -rw-r--r--   1 root root 23228 2004-10-17 06:22 libkerberos4.so.2.0.19
> -rw-r--r--   1 root root 13726 2004-10-16 23:02 liblogin.a
> -rw-r--r--   1 root root   831 2004-10-16 23:02 liblogin.la
> -rw-r--r--   1 root root 14028 2004-10-16 23:02 liblogin.so
> -rw-r--r--   1 root root 14028 2004-10-16 23:02 liblogin.so.2
> -rw-r--r--   1 root root 14028 2004-10-16 23:02 liblogin.so.2.0.19
> -rw-r--r--   1 root root 31248 2004-10-16 23:02 libntlm.a
> -rw-r--r--   1 root root   825 2004-10-16 23:02 libntlm.la
> -rw-r--r--   1 root root 30660 2004-10-16 23:02 libntlm.so
> -rw-r--r--   1 root root 30660 2004-10-16 23:02 libntlm.so.2
> -rw-r--r--   1 root root 30660 2004-10-16 23:02 libntlm.so.2.0.19
> -rw-r--r--   1 root root 20142 2004-10-16 23:02 libotp.a
> -rw-r--r--   1 root root   825 2004-10-16 23:02 libotp.la
> -rw-r--r--   1 root root 43184 2004-10-16 23:02 libotp.so
> -rw-r--r--   1 root root 43184 2004-10-16 23:02 libotp.so.2
> -rw-r--r--   1 root root 43184 2004-10-16 23:02 libotp.so.2.0.19
> -rw-r--r--   1 root root 13886 2004-10-16 23:02 libplain.a
> -rw-r--r--   1 root root   831 2004-10-16 23:02 libplain.la
> -rw-r--r--   1 root root 14096 2004-10-16 23:02 libplain.so
> -rw-r--r--   1 root root 14096 2004-10-16 23:02 libplain.so.2
> -rw-r--r--   1 root root 14096 2004-10-16 23:02 libplain.so.2.0.19
> -rw-r--r--   1 root root 21798 2004-10-16 23:02 libsasldb.a
> -rw-r--r--   1 root root   852 2004-10-16 23:02 libsasldb.la
> -rw-r--r--   1 root root 18692 2004-10-16 23:02 libsasldb.so
> -rw-r--r--   1 root root 18692 2004-10-16 23:02 libsasldb.so.2
> -rw-r--r--   1 root root 18692 2004-10-16 23:02 libsasldb.so.2.0.19
> -rw-r--r--   1 root root 22168 2004-10-16 23:02 libsql.a
> -rw-r--r--   1 root root   874 2004-10-16 23:02 libsql.la
> -rw-r--r--   1 root root 22132 2004-10-16 23:02 libsql.so
> -rw-r--r--   1 root root 22132 2004-10-16 23:02 libsql.so.2
> -rw-r--r--   1 root root 22132 2004-10-16 23:02 libsql.so.2.0.19

Cyrus-SASL.2.x libs

> -- mechanisms on localhost --
> /usr/bin/saslfinger: line 100: nc: command not found
> 250-AUTH LOGIN PLAIN
> 250-AUTH=LOGIN PLAIN

Postfix liest und befolgt /etc/postfix/sasl/smtpd.conf

> -- content of /etc/postfix/sasl/smtpd.conf --
> pwcheck_method: saslauthd
> mech_list: PLAIN LOGIN


Mechs sind richtig limitiert für saslauthd.

> -- active services in /etc/postfix/master.cf --
> # service type  private unpriv  chroot  wakeup  maxproc command + args
> #               (yes)   (yes)   (yes)   (never) (100)
> 
> smtp      inet  n       -       n       -       -       smtpd

chroot ist auch nicht an. gut.

> 127.0.0.1:10025 inet n -             n       -  -        smtpd -o
> content_filter=
> pickup    fifo  n       -       -       60      1       pickup
> cleanup   unix  n       -       -       -       0       cleanup
> qmgr      fifo  n       -       -       300     1       qmgr
> rewrite   unix  -       -       -       -       -       trivial-rewrite
> bounce    unix  -       -       -       -       0       bounce
> defer     unix  -       -       -       -       0       bounce
> trace     unix  -       -       -       -       0       bounce
> verify    unix  -       -       -       -       1       verify
> flush     unix  n       -       -       1000?   0       flush
> proxymap  unix  -       -       n       -       -       proxymap
> smtp      unix  -       -       -       -       -       smtp
> smtp-amavis unix -      -            n        - 2        smtp
>     -o smtp_data_done_timeout=1800
>     -o disable_dns_lookups=yes
> relay     unix  -       -       -       -       -       smtp
> showq     unix  n       -       -       -       -       showq
> error     unix  -       -       -       -       -       error
> local     unix  -       n       n       -       -       local
> virtual   unix  -       n       n       -       -       virtual
> lmtp      unix  -       -       n       -       -       lmtp
> anvil     unix  -       -       n       -       1       anvil
> 
> maildrop  unix  -       n       n       -       -       pipe
>   flags=DRhu user=vmail argv=/usr/bin/maildrop -d ${recipient}
> uucp      unix  -       n       n       -       -       pipe
>   flags=Fqhu user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail
> ($recipient)
> ifmail    unix  -       n       n       -       -       pipe
>   flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient)
> bsmtp     unix  -       n       n       -       -       pipe
>   flags=Fq. user=bsmtp argv=/usr/lib/bsmtp/bsmtp -d -t$nexthop -f$sender
> $recipient
> scalemail-backend unix  -       n       n       -       2       pipe
>   flags=R user=scalemail argv=/usr/lib/scalemail/bin/scalemail-store
> ${nexthop} ${user} ${extension}
> 
> -- end of saslfinger output --
> 
> h1908:~# saslauthd -v
> saslauthd 2.1.19
> authentication mechanisms: sasldb getpwent kerberos4 kerberos5 pam rimap
> shadow ldap

saslauthd kann rimap

> 
> h1908:~# ps ax | grep sasl
>  3898 ?        Ss     0:00 /usr/sbin/saslauthd -a rimap -O localhost
>  3899 ?        S      0:00 /usr/sbin/saslauthd -a rimap -O localhost
>  3900 ?        S      0:00 /usr/sbin/saslauthd -a rimap -O localhost
>  3901 ?        S      0:00 /usr/sbin/saslauthd -a rimap -O localhost
>  3902 ?        S      0:00 /usr/sbin/saslauthd -a rimap -O localhost


saslauthd läuft und nutzt rimap.

> Keine Fehler in den Dateien, ich habe es dreimal gecheckt.
> Liegt das vielleicht daran, das die paßwörter crypt in der Datenbank liegen.

Nö, denn saslauthd verhält sich wie ein IMAP client, der sich einfach
beim IMAP server einloggt. Wie der Server an das
Authentifizierungsergebnis kommt, ist saslauthd egal.


1. Wo legt saslauthd den socket ab? Darf Postfix da rein? Wenn nicht,
   dann Postfix in die SASL Gruppe aufnehmen.

2. Welche usernamen nutzt du? Wenn username at domain dann saslauthd mit
   "-r" starten

p at rick


-- 
SMTP AUTH
Howto: <http://postfix.state-of-mind.de/patrick.koetter/smtpauth/>
Debug: <http://postfix.state-of-mind.de/patrick.koetter/saslfinger/>




Mehr Informationen über die Mailingliste Postfixbuch-users