[Postfixbuch-users] SMTP-Auth SQL

Mo Jul 18 22:04:11 CEST 2005

* Silvio Siefke <listen at silviosiefke.de>:
> saslfinger - postfix Cyrus sasl configuration Mo Jul 18 12:02:07 CEST 2005
> version: 0.9.9.1
> mode: server-side SMTP AUTH
> 
> -- basics --
> Postfix: 2.1.5
> System: Debian GNU/Linux testing/unstable \n \l
> 
> -- smtpd is linked to --
> 	libsasl2.so.2 => /usr/lib/libsasl2.so.2 (0x401a0000)
> 
> -- active SMTP AUTH and TLS parameters for smtpd --
> broken_sasl_auth_clients = yes
> smtpd_sasl_auth_enable = yes
> smtpd_sasl_local_domain =
> smtpd_sasl_security_options = noanonymous
> smtpd_tls_cert_file = /etc/postfix/smtpd.cert
> smtpd_tls_key_file = /etc/postfix/smtpd.key
> smtpd_use_tls = no
> 
> 
> -- listing of /usr/lib/sasl2 --
> insgesamt 952
> drwxr-xr-x   2 root root  4096 2005-07-18 09:38 .
> drwxr-xr-x  45 root root 12288 2005-07-11 15:30 ..
> -rw-r--r--   1 root root 13488 2004-10-16 23:02 libanonymous.a
> -rw-r--r--   1 root root   851 2004-10-16 23:02 libanonymous.la
> -rw-r--r--   1 root root 13824 2004-10-16 23:02 libanonymous.so
> -rw-r--r--   1 root root 13824 2004-10-16 23:02 libanonymous.so.2
> -rw-r--r--   1 root root 13824 2004-10-16 23:02 libanonymous.so.2.0.19
> -rw-r--r--   1 root root 16298 2004-10-16 23:02 libcrammd5.a
> -rw-r--r--   1 root root   837 2004-10-16 23:02 libcrammd5.la
> -rw-r--r--   1 root root 16180 2004-10-16 23:02 libcrammd5.so
> -rw-r--r--   1 root root 16180 2004-10-16 23:02 libcrammd5.so.2
> -rw-r--r--   1 root root 16180 2004-10-16 23:02 libcrammd5.so.2.0.19
> -rw-r--r--   1 root root 47516 2004-10-16 23:02 libdigestmd5.a
> -rw-r--r--   1 root root   860 2004-10-16 23:02 libdigestmd5.la
> -rw-r--r--   1 root root 43944 2004-10-16 23:02 libdigestmd5.so
> -rw-r--r--   1 root root 43944 2004-10-16 23:02 libdigestmd5.so.2
> -rw-r--r--   1 root root 43944 2004-10-16 23:02 libdigestmd5.so.2.0.19
> -rw-r--r--   1 root root 13726 2004-10-16 23:02 liblogin.a
> -rw-r--r--   1 root root   831 2004-10-16 23:02 liblogin.la
> -rw-r--r--   1 root root 14028 2004-10-16 23:02 liblogin.so
> -rw-r--r--   1 root root 14028 2004-10-16 23:02 liblogin.so.2
> -rw-r--r--   1 root root 14028 2004-10-16 23:02 liblogin.so.2.0.19
> -rw-r--r--   1 root root 31248 2004-10-16 23:02 libntlm.a
> -rw-r--r--   1 root root   825 2004-10-16 23:02 libntlm.la
> -rw-r--r--   1 root root 30660 2004-10-16 23:02 libntlm.so
> -rw-r--r--   1 root root 30660 2004-10-16 23:02 libntlm.so.2
> -rw-r--r--   1 root root 30660 2004-10-16 23:02 libntlm.so.2.0.19
> -rw-r--r--   1 root root 20142 2004-10-16 23:02 libotp.a
> -rw-r--r--   1 root root   825 2004-10-16 23:02 libotp.la
> -rw-r--r--   1 root root 43184 2004-10-16 23:02 libotp.so
> -rw-r--r--   1 root root 43184 2004-10-16 23:02 libotp.so.2
> -rw-r--r--   1 root root 43184 2004-10-16 23:02 libotp.so.2.0.19
> -rw-r--r--   1 root root 13886 2004-10-16 23:02 libplain.a
> -rw-r--r--   1 root root   831 2004-10-16 23:02 libplain.la
> -rw-r--r--   1 root root 14096 2004-10-16 23:02 libplain.so
> -rw-r--r--   1 root root 14096 2004-10-16 23:02 libplain.so.2
> -rw-r--r--   1 root root 14096 2004-10-16 23:02 libplain.so.2.0.19
> -rw-r--r--   1 root root 21798 2004-10-16 23:02 libsasldb.a
> -rw-r--r--   1 root root   852 2004-10-16 23:02 libsasldb.la
> -rw-r--r--   1 root root 18692 2004-10-16 23:02 libsasldb.so
> -rw-r--r--   1 root root 18692 2004-10-16 23:02 libsasldb.so.2
> -rw-r--r--   1 root root 18692 2004-10-16 23:02 libsasldb.so.2.0.19
> -rw-r--r--   1 root root 22168 2004-10-16 23:02 libsql.a
> -rw-r--r--   1 root root   874 2004-10-16 23:02 libsql.la
> -rw-r--r--   1 root root 22132 2004-10-16 23:02 libsql.so
> -rw-r--r--   1 root root 22132 2004-10-16 23:02 libsql.so.2
> -rw-r--r--   1 root root 22132 2004-10-16 23:02 libsql.so.2.0.19
> -rw-r--r--   1 root root   236 2005-07-18 09:38 smtpd.conf
> 
> 
> 
> 
> -- content of /usr/lib/sasl2/smtpd.conf --
Die kannste rauswerfen, weil das Debian Postfix package in /etc/postfix/sasl
nach der smtpd.con sucht. Wenn Du Postfix selber gebaut hast, dann allerdings
isr das die Richtige.

> -- content of /etc/postfix/sasl/smtpd.conf --
> pwcheck_method: auxprop
> auxprop_plugin: sql
> sql_engine: mysql
> mech_list: PLAIN LOGIN

Kannst Du mit auxprop:sql erweitern:

mech_list: PLAIN LOGIN CRAM-MD5 DIGEST-MD5

> sql_hostnames: 127.0.0.1
> sql_user: --- replaced ---
> sql_passwd: --- replaced ---
> sql_database: postfix
> sql_select: SELECT password FROM mailbox WHERE username = '%u@%r'
> 
> 
> -- active services in /etc/postfix/master.cf --
> # service type  private unpriv  chroot  wakeup  maxproc command + args
> #               (yes)   (yes)   (yes)   (never) (100)
> smtp      inet  n       -       n       -       -       smtpd
> 127.0.0.1:10025 inet n -        n       -       -       smtpd -o
> content_filter=
> pickup    fifo  n       -       -       60      1       pickup
> cleanup   unix  n       -       -       -       0       cleanup
> qmgr      fifo  n       -       -       300     1       qmgr
> rewrite   unix  -       -       -       -       -       trivial-rewrite
> bounce    unix  -       -       -       -       0       bounce
> defer     unix  -       -       -       -       0       bounce
> trace     unix  -       -       -       -       0       bounce
> verify    unix  -       -       -       -       1       verify
> flush     unix  n       -       -       1000?   0       flush
> proxymap  unix  -       -       n       -       -       proxymap
> smtp      unix  -       -       -       -       -       smtp
> smtp-amavis unix -	-           n       -       2       smtp
>     -o smtp_data_done_timeout=1800
>     -o disable_dns_lookups=yes
> relay     unix  -       -       -       -       -       smtp
> showq     unix  n       -       -       -       -       showq
> error     unix  -       -       -       -       -       error
> local     unix  -       n       n       -       -       local
> virtual   unix  -       n       n       -       -       virtual
> lmtp      unix  -       -       n       -       -       lmtp
> anvil     unix  -       -       n       -       1       anvil
> maildrop  unix  -       n       n       -       -       pipe
>   flags=DRhu user=vmail argv=/usr/local/bin/maildrop -d ${recipient}
> uucp      unix  -       n       n       -       -       pipe
>   flags=Fqhu user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail
> ($recipient)
> ifmail    unix  -       n       n       -       -       pipe
>   flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient)
> bsmtp     unix  -       n       n       -       -       pipe
>   flags=Fq. user=bsmtp argv=/usr/lib/bsmtp/bsmtp -d -t$nexthop -f$sender
> $recipient
> scalemail-backend unix	-	n	n	-	2	pipe
>   flags=R user=scalemail argv=/usr/lib/scalemail/bin/scalemail-store
> ${nexthop} ${user} ${extension}
> 
> -- mechanisms on localhost --
> 250-AUTH LOGIN PLAIN
> 250-AUTH=LOGIN PLAIN
> 
> -- end of saslfinger output --

Das sieht eigentlich alles ganz gut aus. Hast Du die Möglichkeit mit den
utilites "server" und "client" von SASL ohne Postfix einen Authentifizierung
zu testen? Was sagt denn Dein auth.* log; SASL loggt nach auth.*.
Wenn Du das noch nicht in /etc/syslog.conf eingerichtet hast, dann mach das
erst mal, probiere SMTP AUTH und check mal was im Log steht.
Außerdem: Wie hast Du denn die Passwörter in MySQL abgelegt? Ohne patch kann
SASL beispielsweise keine ge-cryteten Paswörter in MySQL lesen...

p at rick

-- 
The Book of Postfix
<http://www.postfix-book.com>
SMTP AUTH debug utility:
<http://postfix.state-of-mind.de/patrick.koetter/saslfinger/>