[Postfixbuch-users] Re

Patrick Ben Koetter p at state-of-mind.de
Fr Jun 3 17:51:04 CEST 2005


* Stefan G. Weichinger <monitor at oops.co.at>:
> 
> Hello again, p at rick
> 
> heute (am 03.06.2005 um 14:40 Uhr) hast du geschrieben:
> 
> PBK>> Wenn Du mit der Konfiguration nicht
> PBK>> weiterkommst, schick die Ausgabe von "saslfinger -c".
> 
> Ok, kann ja nix schaden, oder?

Schaden kann es nichts, darauf habe ich beim Schreiben von saslfinger drauf
geachtet. Geholfen hat es aber auch nichts, denn ich war so dumm, Dich zu
bitten "saslfinger -c" zu schicken und nicht "saslfinger -s", sorry!

Wenn Du sasldb mit einbinden willst, dann mach folgendes:

in /usr/lib/sasl2/smtpd.conf:

pwcheck_method: auxprop
mech_list: PLAIN LOGIN CRAM-MD5 DIGEST-MD5
auxprop_plugin: sasldb


in main.cf:

smtpd_sasl_auth_enable = yes
smtpd_sasl_security_options = noanonymous
broken_sasl_auth_clients = yes
# smtpd_sasl_local_domain =


WICHTIG Deine Mailclients müssen sich mit dem usernamen "username at domain"
anmelden, wobei der Domain entspricht, die Du den usern in der sasldb gegeben
hast. Das findest Du mit sasldblistusers2 raus.

p at rick







> 
> root at mail01:~ # saslfinger -c
> saslfinger - postfix Cyrus sasl configuration Fri Jun  3 15:35:26 CEST 2005
> version: 0.9.9.1
> mode: client-side SMTP AUTH
> 
> -- basics --
> Postfix: 2.2.1
> System:
> Welcome to SuSE Linux 9.3 (i586) - Kernel \r (\l).
> 
> -- smtp is linked to --
>         libsasl2.so.2 => /usr/lib/libsasl2.so.2 (0x4006a000)
> 
> -- active SMTP AUTH and TLS parameters for smtp --
> relayhost =
> smtp_sasl_auth_enable = yes
> smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd
> smtp_use_tls = no
> 
> 
> -- listing of /usr/lib/sasl2 --
> total 656
> drwxr-xr-x   2 root root  4096 Jun  2 20:12 .
> drwxr-xr-x  43 root root 12288 Jun  2 20:08 ..
> -rwxr-xr-x   1 root root   695 Mar 19 21:29 libanonymous.la
> -rwxr-xr-x   1 root root 13560 Mar 19 21:29 libanonymous.so
> -rwxr-xr-x   1 root root 13560 Mar 19 21:29 libanonymous.so.2
> -rwxr-xr-x   1 root root 13560 Mar 19 21:29 libanonymous.so.2.0.20
> -rwxr-xr-x   1 root root   683 Mar 19 21:29 libcrammd5.la
> -rwxr-xr-x   1 root root 15828 Mar 19 21:29 libcrammd5.so
> -rwxr-xr-x   1 root root 15828 Mar 19 21:29 libcrammd5.so.2
> -rwxr-xr-x   1 root root 15828 Mar 19 21:29 libcrammd5.so.2.0.20
> -rwxr-xr-x   1 root root   713 Mar 19 21:29 libdigestmd5.la
> -rwxr-xr-x   1 root root 43544 Mar 19 21:29 libdigestmd5.so
> -rwxr-xr-x   1 root root 43544 Mar 19 21:29 libdigestmd5.so.2
> -rwxr-xr-x   1 root root 43544 Mar 19 21:29 libdigestmd5.so.2.0.20
> -rwxr-xr-x   1 root root   749 Mar 19 21:29 libgssapiv2.la
> -rwxr-xr-x   1 root root 25912 Mar 19 21:29 libgssapiv2.so
> -rwxr-xr-x   1 root root 25912 Mar 19 21:29 libgssapiv2.so.2
> -rwxr-xr-x   1 root root 25912 Mar 19 21:29 libgssapiv2.so.2.0.20
> -rwxr-xr-x   1 root root   679 Mar 19 21:29 liblogin.la
> -rwxr-xr-x   1 root root 14420 Mar 19 21:29 liblogin.so
> -rwxr-xr-x   1 root root 14420 Mar 19 21:29 liblogin.so.2
> -rwxr-xr-x   1 root root 14420 Mar 19 21:29 liblogin.so.2.0.20
> -rwxr-xr-x   1 root root   675 Mar 19 21:29 libotp.la
> -rwxr-xr-x   1 root root 44924 Mar 19 21:29 libotp.so
> -rwxr-xr-x   1 root root 44924 Mar 19 21:29 libotp.so.2
> -rwxr-xr-x   1 root root 44924 Mar 19 21:29 libotp.so.2.0.20
> -rwxr-xr-x   1 root root   679 Mar 19 21:29 libplain.la
> -rwxr-xr-x   1 root root 14420 Mar 19 21:29 libplain.so
> -rwxr-xr-x   1 root root 14420 Mar 19 21:29 libplain.so.2
> -rwxr-xr-x   1 root root 14420 Mar 19 21:29 libplain.so.2.0.20
> -rwxr-xr-x   1 root root   707 Mar 19 21:29 libsasldb.la
> -rwxr-xr-x   1 root root 18792 Mar 19 21:29 libsasldb.so
> -rwxr-xr-x   1 root root 18792 Mar 19 21:29 libsasldb.so.2
> -rwxr-xr-x   1 root root 18792 Mar 19 21:29 libsasldb.so.2.0.20
> -rw-r--r--   1 root root   108 Jun  2 20:11 sample.conf
> -rw-r--r--   1 root root   108 Jun  2 20:11 smtpd.conf
> 
> 
> -- permissions for /etc/postfix/sasl_passwd --
> -rw-------  1 root root 172 Jun  3 15:28 /etc/postfix/sasl_passwd
> 
> -- permissions for /etc/postfix/sasl_passwd.db --
> -rw-------  1 root root 12288 Jun  3 15:29 /etc/postfix/sasl_passwd.db
> 
> /etc/postfix/sasl_passwd.db is up to date.
> 
> -- active services in /etc/postfix/master.cf --
> # service type  private unpriv  chroot  wakeup  maxproc command + args
> #               (yes)   (yes)   (yes)   (never) (100)
> smtp      inet  n       -       n       -       10       smtpd
> localhost:10025 inet    n       -       n       -       -       smtpd -o content_filter=
> pickup    fifo  n       -       n       60      1       pickup
> cleanup   unix  n       -       n       -       0       cleanup
> qmgr      fifo  n       -       n       300     1       qmgr
> rewrite   unix  -       -       n       -       -       trivial-rewrite
> bounce    unix  -       -       n       -       0       bounce
> defer     unix  -       -       n       -       0       bounce
> trace     unix  -       -       n       -       0       bounce
> verify    unix  -       -       n       -       1       verify
> flush     unix  n       -       n       1000?   0       flush
> proxymap  unix  -       -       n       -       -       proxymap
> smtp      unix  -       -       n       -       -       smtp
> relay     unix  -       -       n       -       -       smtp
>         -o fallback_relay=
> showq     unix  n       -       n       -       -       showq
> error     unix  -       -       n       -       -       error
> discard   unix  -       -       n       -       -       discard
> local     unix  -       n       n       -       -       local
> virtual   unix  -       n       n       -       -       virtual
> lmtp      unix  -       -       n       -       -       lmtp
> anvil     unix  -       -       n       -       1       anvil
> scache    unix  -       -       n       -       1       scache
> maildrop  unix  -       n       n       -       -       pipe
>   flags=DRhu user=vmail argv=/usr/local/bin/maildrop -d ${recipient}
> cyrus     unix  -       n       n       -       -       pipe
>   user=cyrus argv=/usr/lib/cyrus/bin/deliver -e -r ${sender} -m ${extension} ${user}
> uucp      unix  -       n       n       -       -       pipe
>   flags=Fqhu user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail ($recipient)
> ifmail    unix  -       n       n       -       -       pipe
>   flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient)
> bsmtp     unix  -       n       n       -       -       pipe
>   flags=Fq. user=foo argv=/usr/local/sbin/bsmtp -f $sender $nexthop $recipient
> procmail  unix  -       n       n       -       -       pipe
>   flags=R user=nobody argv=/usr/bin/procmail -t -m /etc/procmailrc ${sender} ${recipient}
> 
> 
> smtp-amavis unix - - n - 2 smtp
>     -o smtp_data_done_timeout=1800
>     -o disable_dns_lookups=yes
> 
> 
> -- end of saslfinger output --
> 
> 
> Und das mit dieser Konfiguration:
> 
> root at mail01:~ # postconf -n
> alias_maps = hash:/etc/aliases
> biff = no
> broken_sasl_auth_clients = yes
> canonical_maps = hash:/etc/postfix/canonical
> command_directory = /usr/sbin
> config_directory = /etc/postfix
> content_filter = smtp-amavis:[127.0.0.1]:10024
> daemon_directory = /usr/lib/postfix
> debug_peer_level = 2
> defer_transports =
> disable_dns_lookups = no
> disable_vrfy_command = yes
> html_directory = /usr/share/doc/packages/postfix/html
> inet_protocols = all
> local_recipient_maps = proxy:unix:passwd.byname $alias_maps hash:/etc/postfix/cyrus_user_list
> mail_owner = postfix
> mail_spool_directory = /var/mail
> mailbox_command =
> mailbox_size_limit = 0
> mailbox_transport = lmtp:unix:public/lmtp
> mailq_path = /usr/bin/mailq
> manpage_directory = /usr/share/man
> masquerade_classes = envelope_sender, header_sender, header_recipient
> masquerade_domains =
> masquerade_exceptions = root
> message_size_limit = 10240000
> mydestination = $myhostname, localhost.$mydomain, localhost, $mydomain
> myhostname = <myhostname>
> mynetworks = x.y.z.a/8, 127.0.0.0/8
> mynetworks_style = subnet
> myorigin = $myhostname
> newaliases_path = /usr/bin/newaliases
> proxy_interfaces = x.y.z.250
> queue_directory = /var/spool/postfix
> readme_directory = /usr/share/doc/packages/postfix/README_FILES
> relayhost =
> relocated_maps = hash:/etc/postfix/relocated
> sample_directory = /usr/share/doc/packages/postfix/samples
> sender_canonical_maps = hash:/etc/postfix/sender_canonical
> sendmail_path = /usr/sbin/sendmail
> setgid_group = maildrop
> smtp_sasl_auth_enable = yes
> smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd
> smtp_use_tls = no
> smtpd_banner = $myhostname ESMTP
> smtpd_client_restrictions =
> smtpd_data_restrictions = reject_unauth_pipelining,   permit
> smtpd_helo_required = yes
> smtpd_helo_restrictions =
> smtpd_recipient_restrictions = reject_non_fqdn_sender,   reject_unknown_sender_domain,   reject_unknown_recipient_domain,   permit_sasl_authenticated,   permit_mynetworks,   reject_unauth_destination,   check_recipient_access hash:/etc/postfix/roleaccount_exceptions,   check_sender_access    hash:/etc/postfix/sender_checks, check_helo_access pcre:/etc/postfix/helo_checks,   reject_invalid_hostname,   reject_non_fqdn_hostname,   reject_rbl_client      sbl-xbl.spamhaus.org,   reject_rbl_client      list.dsbl.org,   reject_rbl_client      relays.ordb.org,   check_policy_service inet:127.0.0.1:10026,   permit
> smtpd_sasl_auth_enable = yes
> smtpd_sasl_local_domain = mail01
> smtpd_sasl_security_options = noanonymous
> smtpd_sender_restrictions = hash:/etc/postfix/access
> smtpd_tls_auth_only = no
> smtpd_use_tls = no
> strict_rfc821_envelopes = no
> transport_maps = hash:/etc/postfix/transport
> unknown_local_recipient_reject_code = 450
> 
> 
> ----
> 
> Ich habe mir erstmal so beholfen:
> 
> sasldblistusers2 > /etc/postfix/cyrus_user_list
> 
> (da drinnen händisch die ":" entfernt :) )
> 
> postmap /etc/postfix/cyrus_user_list
> 
> und das in die local_recipient_maps eingebunden.
> 
> Meine Suche in den postfix-users-Archiven haben mich noch nicht
> erleuchtet ....
> 
> Es ist mir klar, daß das keine Dauerlösung so ist ...
> 
> -- 
> Bis bald,
> Stefan
> 
> -- 
> _______________________________________________
> Postfixbuch-users mailingliste
> Heinlein Professional Linux Support GmbH
> 
> Postfixbuch-users at listi.jpberlin.de
> http://listi.jpberlin.de/mailman/listinfo/postfixbuch-users

-- 
The Book of Postfix
<http://www.postfix-book.com>
SMTP AUTH debug utility:
<http://postfix.state-of-mind.de/patrick.koetter/saslfinger/>



Mehr Informationen über die Mailingliste Postfixbuch-users