[Postfixbuch-users] SUSE 9.3 Postfix & SASL PAM

bednarz-hannover at web.de bednarz-hannover at web.de
Mo Nov 7 08:14:34 CET 2005


Hi Andreas,

danke für die schnelle Hilfe. Hier die vergessenen Angaben:

#postconf -n
alias_maps = hash:/etc/aliases
biff = no
broken_sasl_auth_clients = yes
canonical_maps = hash:/etc/postfix/canonical
command_directory = /usr/sbin
config_directory = /etc/postfix
daemon_directory = /usr/lib/postfix
debug_peer_level = 2
defer_transports =
disable_dns_lookups = no
html_directory = /usr/share/doc/packages/postfix/html
inet_interfaces = all
inet_protocols = all
mail_owner = postfix
mail_spool_directory = /var/mail
mailbox_command =
mailbox_size_limit = 0
mailbox_transport =
mailq_path = /usr/bin/mailq
manpage_directory = /usr/share/man
masquerade_classes = envelope_sender, header_sender, header_recipient
masquerade_domains =
masquerade_exceptions = root
message_size_limit = 10240000
mydestination = $myhostname, localhost.$mydomain
mydomain = literadix.de
myhostname = literadix.de
myorigin = $mydomain
newaliases_path = /usr/bin/newaliases
queue_directory = /var/spool/postfix
readme_directory = /usr/share/doc/packages/postfix/README_FILES
relayhost =
relocated_maps = hash:/etc/postfix/relocated
sample_directory = /usr/share/doc/packages/postfix/samples
sender_canonical_maps = hash:/etc/postfix/sender_canonical
sendmail_path = /usr/sbin/sendmail
setgid_group = maildrop
smtp_sasl_auth_enable = no
smtp_use_tls = no
smtpd_banner = $myhostname ESMTP LITERADIX MTA (7.6)
smtpd_client_restrictions =
smtpd_helo_required = no
smtpd_helo_restrictions =
smtpd_recipient_restrictions = permit_mynetworks,permit_sasl_authenticated,reject
smtpd_sasl_application_name = smtpd
smtpd_sasl_auth_enable = yes
smtpd_sasl_security_options = noanonymous, noplaintext
smtpd_sender_restrictions = hash:/etc/postfix/access
smtpd_use_tls = no
strict_rfc821_envelopes = no
transport_maps = hash:/etc/postfix/transport
unknown_local_recipient_reject_code = 550


# grep smtpd /etc/postfix/master.cf
smtp      inet  n       -       n       -       -       smtpd
#submission inet n      -       n       -       -       smtpd
#       -o smtpd_etrn_restrictions=reject
#       -o smtpd_client_restrictions=permit_sasl_authenticated,reject
#smtps    inet  n       -       n       -       -       smtpd -o smtpd_tls_wrappermode=yes
#  -o smtpd_tls_wrappermode=yes -o smtpd_sasl_auth_enable=yes
#submission   inet    n       -       n       -       -       smtpd
#  -o smtpd_etrn_restrictions=reject
#  -o smtpd_enforce_tls=yes -o smtpd_sasl_auth_enable=yes
#localhost:10025 inet   n       -       n       -       -       smtpd -o content_filter=

Hilft das weiter?

Danke im Voraus,

Andreas





Andreas Winkelmann <ml at awinkelmann.de> schrieb am 07.11.2005 07:50:56:

Am Monday 07 November 2005 07:12 schrieb bednarz-hannover at web.de:

http://de.wikipedia.org/wiki/TOFU

> meine Konfiguration sieht wie folgt aus. Stimmt das so? Insbesondere bin
> ich mir bei /etc/pam.d/smtp nicht so ganz sicher:
>
> # grep smtpd /etc/postfix/master.cf
>
> smtpd_recipient_restrictions = permit_mynetworks permit_sasl_authenticated
> reject_unauth_destination smtpd_sasl_auth_enable = yes
> smtpd_sasl_local_domain = $myhostname
> smtpd_sasl_security_options = noanonymous
> broken_sasl_auth_clients = yes

Das ist die main.cf, nicht die master.cf.

Dort würde ich smtpd_sasl_local_domain leer machen, bzw. da es eh der default 
ist, komplett rauslöschen.

> # cat /usr/lib/sasl2/smtpd.conf
>
> pwcheck_method: saslauthd
> mech_list: plain login cram-md5 digest-md5

"cram-md5 digest-md5" kannst Du rauslöschen, das unterstüzt saslauthd nicht.

mech_list: plain login

> # ps aux | grep saslauthd
>
> root     13631  0.0  0.2   4060  1132 ?        Ss   Nov06   0:00
> /usr/sbin/saslauthd -a pam root     13632  0.0  0.2   4060  1132 ?        S
>    Nov06   0:00 /usr/sbin/saslauthd -a pam root     13633  0.0  0.2   4060 
> 1132 ?        S    Nov06   0:00 /usr/sbin/saslauthd -a pam root     13634 
> 0.0  0.2   4060  1132 ?        S    Nov06   0:00 /usr/sbin/saslauthd -a pam
> root     13635  0.0  0.2   4060  1132 ?        S    Nov06   0:00
> /usr/sbin/saslauthd -a pam

ok.

> # cat /etc/pam.d/smtp
>
> auth     include        common-auth
> account  include        common-account
> password include        common-password
> session  include        common-session

"password" und "session" wird nicht unterstüzt, ist aber auch kein Problem das 
drin stehen zu lassen.

> # rpm -qa| grep sasl
>
> cyrus-sasl-2.1.20-7
> cyrus-sasl-crammd5-2.1.20-7
> cyrus-sasl-plain-2.1.20-7
> cyrus-sasl-saslauthd-2.1.20-7
> cyrus-sasl-digestmd5-2.1.20-7

ok.

"postconf -n" und "grep smtpd /etc/postfix/master.cf" fehlt.

-- 
	Andreas
-- 
_______________________________________________
Postfixbuch-users mailingliste
Heinlein Professional Linux Support GmbH

Postfixbuch-users at listi.jpberlin.de
http://listi.jpberlin.de/mailman/listinfo/postfixbuch-users



Mehr Informationen über die Mailingliste Postfixbuch-users