[Postfixbuch-users] Authentication Problem mit sasl

Patrick Ben Koetter p at state-of-mind.de
Sa Mär 19 09:45:30 CET 2005


* Thoralf Liersch <thliersch at web-eagles.de>:
> >Ist Postfix in der SASL Gruppe? Bei Debian darf es sonst den socket von
> >saslauthd nicht anlangen. Außerdem: Läuft Postfix chrooted? Wenn ja, dann
> >erst mal raus aus dem chroot.
> > 
> >
> Ja postfix befindet sich in der sasl gruppe.
> Postfix läuft bereits auserhalb von chroot, zumindest wenn ich die 
> /etc/postfix/master.cf richtig interpretiert habe. zumindest steht dort 
> überall ein "n"
> 
> >Wenn Du weiterhin Probleme hast, nutze bitte saslfinger zum debuggen und
> >schicke den Output an die Liste.
> >
> >p at rick
> > 
> >
> ich habe den output von saslfinger -c (1) und saslfinger -s (2) als 
> attachment an diese mail mal drangehangen da ich immernoch hilfe benötige.

> saslfinger - postfix Cyrus sasl configuration Fri Mar 18 21:09:11 CET 2005
> version: 0.9.9.1
> mode: server-side SMTP AUTH
> 
> -- basics --
> Postfix: 1.1.11
> System: Debian GNU/\s 3.0 \n \l

Seit letzter Woche gibt es Postfix 2.1.1.
Das Postfix das Du jetzt verwendest kann die meisten interessanten Anti-Spam
features nicht. Auf lange Zeit wirst Du damit nicht glücklich werden.

> -- smtpd is linked to --
> 	libsasl.so.7 => /usr/lib/libsasl.so.7 (0x40145000)

Dein Postfix ist gegen Cyrus-SASL.1.x gelinkt. Das ist steinalt. Du solltest
definitiv upgraden. Wie das aber bei Debian genau geht, kann ich Dir nicht
sagen.

SMTP AUTH für Cyrus-SASL.1.x und Cyrus-SASL.2.x wird unterschiedlich
konfiguriert. Überleg Dir mal, ob Du upgraden willst und dann entscheiden wir
uns für die passende Konfiguration.

p at rick


> 
> -- active SMTP AUTH and TLS parameters for smtpd --
> broken_sasl_auth_clients = yes
> smtpd_sasl_auth_enable = yes
> smtpd_sasl_local_domain = $myhostname
> smtpd_sasl_security_options = noanonymous
> 
> 
> -- listing of /usr/lib/sasl --
> total 208
> drwxr-xr-x    2 root     root         4096 Mar 11 15:40 .
> drwxr-xr-x   37 root     root         8192 Mar 15 21:14 ..
> -rw-r--r--    1 root     root         5520 Oct 13 16:12 libanonymous.so
> -rw-r--r--    1 root     root         5520 Oct 13 16:12 libanonymous.so.1
> -rw-r--r--    1 root     root         5520 Oct 13 16:12 libanonymous.so.1.0.16
> -rw-r--r--    1 root     root         9988 Oct 13 16:12 libcrammd5.so
> -rw-r--r--    1 root     root         9988 Oct 13 16:12 libcrammd5.so.1
> -rw-r--r--    1 root     root         9988 Oct 13 16:12 libcrammd5.so.1.0.17
> -rw-r--r--    1 root     root        28492 Sep 20  2001 libdigestmd5.so
> -rw-r--r--    1 root     root        28492 Sep 20  2001 libdigestmd5.so.0
> -rw-r--r--    1 root     root        28492 Sep 20  2001 libdigestmd5.so.0.0.17
> -rw-r--r--    1 root     root         7776 Oct 13 16:12 liblogin.so
> -rw-r--r--    1 root     root         7776 Oct 13 16:12 liblogin.so.0
> -rw-r--r--    1 root     root         7776 Oct 13 16:12 liblogin.so.0.0.6
> -rw-r--r--    1 root     root         7428 Oct 13 16:12 libplain.so
> -rw-r--r--    1 root     root         7428 Oct 13 16:12 libplain.so.1
> -rw-r--r--    1 root     root         7428 Oct 13 16:12 libplain.so.1.0.15
> -rw-r--r--    1 root     root           20 Mar 11 15:40 smtpd.conf
> 
> -- listing of /usr/lib/sasl2 --
> total 780
> drwxr-xr-x    2 root     root         4096 Mar 15 21:14 .
> drwxr-xr-x   37 root     root         8192 Mar 15 21:14 ..
> -rw-r--r--    1 root     root        12030 Oct  8 20:19 libanonymous.a
> -rw-r--r--    1 root     root          851 Oct  8 20:19 libanonymous.la
> -rw-r--r--    1 root     root        12092 Oct  8 20:19 libanonymous.so
> -rw-r--r--    1 root     root        12092 Oct  8 20:19 libanonymous.so.2
> -rw-r--r--    1 root     root        12092 Oct  8 20:19 libanonymous.so.2.0.19
> -rw-r--r--    1 root     root        14660 Oct  8 20:19 libcrammd5.a
> -rw-r--r--    1 root     root          837 Oct  8 20:19 libcrammd5.la
> -rw-r--r--    1 root     root        14596 Oct  8 20:19 libcrammd5.so
> -rw-r--r--    1 root     root        14596 Oct  8 20:19 libcrammd5.so.2
> -rw-r--r--    1 root     root        14596 Oct  8 20:19 libcrammd5.so.2.0.19
> -rw-r--r--    1 root     root        42534 Oct  8 20:19 libdigestmd5.a
> -rw-r--r--    1 root     root          860 Oct  8 20:19 libdigestmd5.la
> -rw-r--r--    1 root     root        39704 Oct  8 20:19 libdigestmd5.so
> -rw-r--r--    1 root     root        39704 Oct  8 20:19 libdigestmd5.so.2
> -rw-r--r--    1 root     root        39704 Oct  8 20:19 libdigestmd5.so.2.0.19
> -rw-r--r--    1 root     root        12524 Oct  8 20:19 liblogin.a
> -rw-r--r--    1 root     root          831 Oct  8 20:19 liblogin.la
> -rw-r--r--    1 root     root        12776 Oct  8 20:19 liblogin.so
> -rw-r--r--    1 root     root        12776 Oct  8 20:19 liblogin.so.2
> -rw-r--r--    1 root     root        12776 Oct  8 20:19 liblogin.so.2.0.19
> -rw-r--r--    1 root     root        28646 Oct  8 20:19 libntlm.a
> -rw-r--r--    1 root     root          825 Oct  8 20:19 libntlm.la
> -rw-r--r--    1 root     root        28456 Oct  8 20:19 libntlm.so
> -rw-r--r--    1 root     root        28456 Oct  8 20:19 libntlm.so.2
> -rw-r--r--    1 root     root        28456 Oct  8 20:19 libntlm.so.2.0.19
> -rw-r--r--    1 root     root        17988 Oct  8 20:19 libotp.a
> -rw-r--r--    1 root     root          825 Oct  8 20:19 libotp.la
> -rw-r--r--    1 root     root        40200 Oct  8 20:19 libotp.so
> -rw-r--r--    1 root     root        40200 Oct  8 20:19 libotp.so.2
> -rw-r--r--    1 root     root        40200 Oct  8 20:19 libotp.so.2.0.19
> -rw-r--r--    1 root     root        12472 Oct  8 20:19 libplain.a
> -rw-r--r--    1 root     root          831 Oct  8 20:19 libplain.la
> -rw-r--r--    1 root     root        12620 Oct  8 20:19 libplain.so
> -rw-r--r--    1 root     root        12620 Oct  8 20:19 libplain.so.2
> -rw-r--r--    1 root     root        12620 Oct  8 20:19 libplain.so.2.0.19
> -rw-r--r--    1 root     root        18734 Oct  8 20:19 libsasldb.a
> -rw-r--r--    1 root     root          837 Oct  8 20:19 libsasldb.la
> -rw-r--r--    1 root     root        16604 Oct  8 20:19 libsasldb.so
> -rw-r--r--    1 root     root        16604 Oct  8 20:19 libsasldb.so.2
> -rw-r--r--    1 root     root        16604 Oct  8 20:19 libsasldb.so.2.0.19
> 
> 
> 
> 
> -- content of /usr/lib/sasl/smtpd.conf --
> pwcheck_method: pam

> 
> -- content of /etc/postfix/sasl/smtpd.conf --
> pwcheck_method: saslauthd
> mech_list: PLAIN LOGIN
> saslauthd_path: /var/run/saslauthd/mux
> autotransition: true
> log_level: 3
> 
> 
> -- active services in /etc/postfix/master.cf --
> # service type	private	unpriv	chroot	wakeup	maxproc	command + args
> # 		(yes)	(yes)	(yes)	(never)	(50)
> smtp	  inet	n	-	n	-	-	smtpd

Ja, smtpd ist nicht chrooted.


> pickup	  fifo	n	-	n	60	1	pickup
> cleanup	  unix	n	-	n	-	0	cleanup
> qmgr	  fifo	n	-	n	300	1	qmgr
> rewrite	  unix	-	-	n	-	-	trivial-rewrite
> bounce	  unix	-	-	n	-	0	bounce
> defer	  unix	-	-	n	-	0	bounce
> flush	  unix	n	-	n	1000?	0	flush
> smtp	  unix	-	-	n	-	-	smtp
> showq     unix	n	-	n	-	-	showq
> error     unix	-	-	n	-	-	error
> local	  unix	-	n	n	-	-	local
> virtual	  unix	-	n	n	-	-	virtual
> lmtp	  unix	-	-	n	-	-	lmtp
> cyrus	  unix	-	n	n	-	-	pipe
>   flags=R user=cyrus argv=/usr/sbin/cyrdeliver -e -m ${extension} ${user}
> uucp	  unix	-	n	n	-	-	pipe
>   flags=Fqhu user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail ($recipient)
> ifmail    unix  -       n       n       -       -       pipe
>   flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient)
> bsmtp     unix  -       n       n       -       -       pipe
>   flags=Fq. user=bsmtp argv=/usr/lib/bsmtp/bsmtp -d -t$nexthop -f$sender $recipient
> scalemail-backend unix	-	n	n	-	2	pipe
>   flags=R user=scalemail argv=/usr/lib/scalemail/bin/scalemail-store ${nexthop} ${user} ${extension}
> 
> smtp-amavis unix -	-	n	-	2	smtp -o smtp_data_done_timeout=1200
> 127.0.0.1:10025 inet n	-	n	-	-  	smtpd -o content_filter= -o local_recipient_maps= -o relay_recipient_maps= -o smtpd_restriction_classes= -o smtpd_client_restrictions= -o smtpd_helo_restrictions= -o smtpd_sender_restrictions= -o smtpd_recipient_restrictions=permit_mynetworks,reject -o mynetworks=127.0.0.0/8 -o strict_rfc821_envelopes=yes -o smtpd_error_sleep_time=0 -o smtpd_soft_error_limit=1001 -o smtpd_hard_error_limit=1000
> 
> -- mechanisms on localhost --
> 250-AUTH LOGIN PLAIN
> 250-AUTH=LOGIN PLAIN
> 
> -- end of saslfinger output --
> 

> saslfinger - postfix Cyrus sasl configuration Fri Mar 18 18:57:01 CET 2005
> version: 0.9.9.1
> mode: client-side SMTP AUTH
> 
> -- basics --
> Postfix: 1.1.11
> System: Debian GNU/\s 3.0 \n \l
> 
> -- smtp is linked to --
> 	libsasl.so.7 => /usr/lib/libsasl.so.7 (0x40145000)
> 
> -- active SMTP AUTH and TLS parameters for smtp --
> relayhost = 
> 
> 
> -- listing of /usr/lib/sasl --
> total 208
> drwxr-xr-x    2 root     root         4096 Mar 11 15:40 .
> drwxr-xr-x   37 root     root         8192 Mar 15 21:14 ..
> -rw-r--r--    1 root     root         5520 Oct 13 16:12 libanonymous.so
> -rw-r--r--    1 root     root         5520 Oct 13 16:12 libanonymous.so.1
> -rw-r--r--    1 root     root         5520 Oct 13 16:12 libanonymous.so.1.0.16
> -rw-r--r--    1 root     root         9988 Oct 13 16:12 libcrammd5.so
> -rw-r--r--    1 root     root         9988 Oct 13 16:12 libcrammd5.so.1
> -rw-r--r--    1 root     root         9988 Oct 13 16:12 libcrammd5.so.1.0.17
> -rw-r--r--    1 root     root        28492 Sep 20  2001 libdigestmd5.so
> -rw-r--r--    1 root     root        28492 Sep 20  2001 libdigestmd5.so.0
> -rw-r--r--    1 root     root        28492 Sep 20  2001 libdigestmd5.so.0.0.17
> -rw-r--r--    1 root     root         7776 Oct 13 16:12 liblogin.so
> -rw-r--r--    1 root     root         7776 Oct 13 16:12 liblogin.so.0
> -rw-r--r--    1 root     root         7776 Oct 13 16:12 liblogin.so.0.0.6
> -rw-r--r--    1 root     root         7428 Oct 13 16:12 libplain.so
> -rw-r--r--    1 root     root         7428 Oct 13 16:12 libplain.so.1
> -rw-r--r--    1 root     root         7428 Oct 13 16:12 libplain.so.1.0.15
> -rw-r--r--    1 root     root           20 Mar 11 15:40 smtpd.conf
> 
> -- listing of /usr/lib/sasl2 --
> total 780
> drwxr-xr-x    2 root     root         4096 Mar 15 21:14 .
> drwxr-xr-x   37 root     root         8192 Mar 15 21:14 ..
> -rw-r--r--    1 root     root        12030 Oct  8 20:19 libanonymous.a
> -rw-r--r--    1 root     root          851 Oct  8 20:19 libanonymous.la
> -rw-r--r--    1 root     root        12092 Oct  8 20:19 libanonymous.so
> -rw-r--r--    1 root     root        12092 Oct  8 20:19 libanonymous.so.2
> -rw-r--r--    1 root     root        12092 Oct  8 20:19 libanonymous.so.2.0.19
> -rw-r--r--    1 root     root        14660 Oct  8 20:19 libcrammd5.a
> -rw-r--r--    1 root     root          837 Oct  8 20:19 libcrammd5.la
> -rw-r--r--    1 root     root        14596 Oct  8 20:19 libcrammd5.so
> -rw-r--r--    1 root     root        14596 Oct  8 20:19 libcrammd5.so.2
> -rw-r--r--    1 root     root        14596 Oct  8 20:19 libcrammd5.so.2.0.19
> -rw-r--r--    1 root     root        42534 Oct  8 20:19 libdigestmd5.a
> -rw-r--r--    1 root     root          860 Oct  8 20:19 libdigestmd5.la
> -rw-r--r--    1 root     root        39704 Oct  8 20:19 libdigestmd5.so
> -rw-r--r--    1 root     root        39704 Oct  8 20:19 libdigestmd5.so.2
> -rw-r--r--    1 root     root        39704 Oct  8 20:19 libdigestmd5.so.2.0.19
> -rw-r--r--    1 root     root        12524 Oct  8 20:19 liblogin.a
> -rw-r--r--    1 root     root          831 Oct  8 20:19 liblogin.la
> -rw-r--r--    1 root     root        12776 Oct  8 20:19 liblogin.so
> -rw-r--r--    1 root     root        12776 Oct  8 20:19 liblogin.so.2
> -rw-r--r--    1 root     root        12776 Oct  8 20:19 liblogin.so.2.0.19
> -rw-r--r--    1 root     root        28646 Oct  8 20:19 libntlm.a
> -rw-r--r--    1 root     root          825 Oct  8 20:19 libntlm.la
> -rw-r--r--    1 root     root        28456 Oct  8 20:19 libntlm.so
> -rw-r--r--    1 root     root        28456 Oct  8 20:19 libntlm.so.2
> -rw-r--r--    1 root     root        28456 Oct  8 20:19 libntlm.so.2.0.19
> -rw-r--r--    1 root     root        17988 Oct  8 20:19 libotp.a
> -rw-r--r--    1 root     root          825 Oct  8 20:19 libotp.la
> -rw-r--r--    1 root     root        40200 Oct  8 20:19 libotp.so
> -rw-r--r--    1 root     root        40200 Oct  8 20:19 libotp.so.2
> -rw-r--r--    1 root     root        40200 Oct  8 20:19 libotp.so.2.0.19
> -rw-r--r--    1 root     root        12472 Oct  8 20:19 libplain.a
> -rw-r--r--    1 root     root          831 Oct  8 20:19 libplain.la
> -rw-r--r--    1 root     root        12620 Oct  8 20:19 libplain.so
> -rw-r--r--    1 root     root        12620 Oct  8 20:19 libplain.so.2
> -rw-r--r--    1 root     root        12620 Oct  8 20:19 libplain.so.2.0.19
> -rw-r--r--    1 root     root        18734 Oct  8 20:19 libsasldb.a
> -rw-r--r--    1 root     root          837 Oct  8 20:19 libsasldb.la
> -rw-r--r--    1 root     root        16604 Oct  8 20:19 libsasldb.so
> -rw-r--r--    1 root     root        16604 Oct  8 20:19 libsasldb.so.2
> -rw-r--r--    1 root     root        16604 Oct  8 20:19 libsasldb.so.2.0.19
> 
> 
> Cannot find the smtp_sasl_password_maps parameter in main.cf.
> Client-side SMTP AUTH cannot work without this parameter!

> -- 
> _______________________________________________
> Postfixbuch-users mailingliste
> Heinlein Professional Linux Support GmbH
> 
> Postfixbuch-users at listi.jpberlin.de
> http://listi.jpberlin.de/mailman/listinfo/postfixbuch-users

-- 
SMTP AUTH
Howto: <http://postfix.state-of-mind.de/patrick.koetter/smtpauth/>
Debug: <http://postfix.state-of-mind.de/patrick.koetter/saslfinger/>




Mehr Informationen über die Mailingliste Postfixbuch-users