[Postfixbuch-users] SASL2 für lokale User
Alexander Gran
alex at zodiac.dnsalias.org
Di Nov 15 01:31:05 CET 2005
Hi,
ich migirere postfix von einem SASL1 server auf sasl2. Leider scheitere ich
daran, dass postfix die sasl bekannten user als lokale annimmt.
Hier ein wenig config kram:
www:/usr/lib/sasl2 # postconf -n
alias_maps = hash:/etc/aliases
biff = no
broken_sasl_auth_clients = yes
canonical_maps = hash:/etc/postfix/canonical
command_directory = /usr/sbin
config_directory = /etc/postfix
daemon_directory = /usr/lib/postfix
debug_peer_level = 5
debug_peer_list = 80.137.226.152
defer_transports =
disable_dns_lookups = no
html_directory = /usr/share/doc/packages/postfix/html
inet_interfaces = all
inet_protocols = all
mail_owner = postfix
mail_spool_directory = /var/mail
mailbox_command =
mailbox_size_limit = 52428800
mailbox_transport = lmtp:unix:/var/lib/imap/socket/lmtp
mailq_path = /usr/bin/mailq
manpage_directory = /usr/share/man
masquerade_classes = envelope_sender, header_sender, header_recipient
masquerade_exceptions = root
message_size_limit = 52428800
mydestination = $myhostname, localhost.$mydomain, $mydomain
mydomain = moduleworks.com
myhostname = www.moduleworks.com
mynetworks_style = host
newaliases_path = /usr/bin/newaliases
queue_directory = /var/spool/postfix
readme_directory = /usr/share/doc/packages/postfix/README_FILES
relay_domains =
relocated_maps = hash:/etc/postfix/relocated
sample_directory = /usr/share/doc/packages/postfix/samples
sender_canonical_maps = hash:/etc/postfix/sender_canonical
sendmail_path = /usr/sbin/sendmail
setgid_group = maildrop
smtp_use_tls = no
smtpd_helo_required = no
smtpd_helo_restrictions =
smtpd_recipient_restrictions =
permit_sasl_authenticated,permit_mynetworks,check_relay_domains
smtpd_sasl_auth_enable = yes
smtpd_sasl_security_options = noanonymous
smtpd_tls_CAfile = /etc/postfix/cacert.pem
smtpd_tls_cert_file = /etc/postfix/newcert.pem
smtpd_tls_key_file = /etc/postfix/newreq.pem
smtpd_tls_received_header = yes
smtpd_tls_session_cache_timeout = 3600s
smtpd_use_tls = yes
strict_rfc821_envelopes = no
tls_random_source = dev:/dev/urandom
transport_maps = hash:/etc/postfix/transport
unknown_local_recipient_reject_code = 450
www:/usr/lib/sasl2 # grep smtp /etc/postfix/master.cf | grep -v \#
smtp inet n - n - 2 smtpd -o
content_filter=smtp:[127.0.0.1]:10024
smtp unix - - n - - smtp
relay unix - - n - - smtp
localhost:10025 inet n - n - - smtpd -o
content_filter=
bsmtp unix - n n - - pipe
flags=Fq. user=foo argv=/usr/local/sbin/bsmtp -f $sender $nexthop $recipient
www:/usr/lib/sasl2 # cat smtpd.conf
#pwcheck_method: saslauthd
pwcheck_method: auxprop
auxprop_plugin: sasldb
www:/usr/lib/sasl2 # saslfinger -s
saslfinger - postfix Cyrus sasl configuration Di Nov 15 01:25:13 CET 2005
version: 0.9.9.1
mode: server-side SMTP AUTH
-- basics --
Postfix: 2.2.1
System:
Welcome to SuSE Linux 9.3 (i586) - Kernel \r (\l).
-- smtpd is linked to --
libsasl2.so.2 => /usr/lib/libsasl2.so.2 (0x4006b000)
-- active SMTP AUTH and TLS parameters for smtpd --
broken_sasl_auth_clients = yes
smtpd_sasl_auth_enable = yes
smtpd_sasl_security_options = noanonymous
smtpd_tls_CAfile = /etc/postfix/cacert.pem
smtpd_tls_cert_file = /etc/postfix/newcert.pem
smtpd_tls_key_file = /etc/postfix/newreq.pem
smtpd_tls_received_header = yes
smtpd_tls_session_cache_timeout = 3600s
smtpd_use_tls = yes
-- listing of /usr/lib/sasl2 --
insgesamt 313
drwxr-xr-x 2 root root 760 2005-11-15 01:09 .
drwxr-xr-x 43 root root 12904 2005-11-15 01:08 ..
-rwxr-xr-x 1 root root 695 2005-03-19 21:29 libanonymous.la
-rwxr-xr-x 1 root root 13560 2005-03-19 21:29 libanonymous.so
-rwxr-xr-x 1 root root 13560 2005-03-19 21:29 libanonymous.so.2
-rwxr-xr-x 1 root root 13560 2005-03-19 21:29 libanonymous.so.2.0.20
-rwxr-xr-x 1 root root 679 2005-03-19 21:29 liblogin.la
-rwxr-xr-x 1 root root 14420 2005-03-19 21:29 liblogin.so
-rwxr-xr-x 1 root root 14420 2005-03-19 21:29 liblogin.so.2
-rwxr-xr-x 1 root root 14420 2005-03-19 21:29 liblogin.so.2.0.20
-rwxr-xr-x 1 root root 679 2005-03-19 21:29 libplain.la
-rwxr-xr-x 1 root root 14420 2005-03-19 21:29 libplain.so
-rwxr-xr-x 1 root root 14420 2005-03-19 21:29 libplain.so.2
-rwxr-xr-x 1 root root 14420 2005-03-19 21:29 libplain.so.2.0.20
-rwxr-xr-x 1 root root 707 2005-03-19 21:29 libsasldb.la
-rwxr-xr-x 1 root root 18792 2005-03-19 21:29 libsasldb.so
-rwxr-xr-x 1 root root 18792 2005-03-19 21:29 libsasldb.so.2
-rwxr-xr-x 1 root root 18792 2005-03-19 21:29 libsasldb.so.2.0.20
-rwxr-xr-x 1 root root 706 2005-03-19 21:29 libsql.la
-rwxr-xr-x 1 root root 21928 2005-03-19 21:29 libsql.so
-rwxr-xr-x 1 root root 21928 2005-03-19 21:29 libsql.so.2
-rwxr-xr-x 1 root root 21928 2005-03-19 21:29 libsql.so.2.0.20
-rw-r--r-- 1 root root 74 2005-11-15 01:09 smtpd.conf
-- content of /usr/lib/sasl2/smtpd.conf --
#pwcheck_method: saslauthd
pwcheck_method: auxprop
auxprop_plugin: sasldb
-- active services in /etc/postfix/master.cf --
# service type private unpriv chroot wakeup maxproc command + args
# (yes) (yes) (yes) (never) (100)
smtp inet n - n - 2 smtpd -o
content_filter=smtp:[127.0.0.1]:10024
pickup fifo n - n 60 1 pickup
cleanup unix n - n - 0 cleanup
qmgr fifo n - n 300 1 qmgr
rewrite unix - - n - - trivial-rewrite
bounce unix - - n - 0 bounce
defer unix - - n - 0 bounce
trace unix - - n - 0 bounce
verify unix - - n - 1 verify
flush unix n - n 1000? 0 flush
proxymap unix - - n - - proxymap
smtp unix - - n - - smtp
relay unix - - n - - smtp
-o fallback_relay=
showq unix n - n - - showq
error unix - - n - - error
discard unix - - n - - discard
local unix - n n - - local
virtual unix - n n - - virtual
lmtp unix - - n - - lmtp
anvil unix - - n - 1 anvil
localhost:10025 inet n - n - - smtpd -o
content_filter=
scache unix - - n - 1 scache
maildrop unix - n n - - pipe
flags=DRhu user=vmail argv=/usr/local/bin/maildrop -d ${recipient}
cyrus unix - n n - - pipe
user=cyrus argv=/usr/lib/cyrus/bin/deliver -e -r ${sender} -m ${extension}
${user}
uucp unix - n n - - pipe
flags=Fqhu user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail
($recipient)
ifmail unix - n n - - pipe
flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient)
bsmtp unix - n n - - pipe
flags=Fq. user=foo argv=/usr/local/sbin/bsmtp -f $sender $nexthop $recipient
procmail unix - n n - - pipe
flags=R user=nobody argv=/usr/bin/procmail -t -m /etc/procmailrc ${sender}
${recipient}
tlsmgr unix - - n 1000? 1 tlsmgr
-- mechanisms on localhost --
Hoffe das reicht?
Problem ist einfach, dass die user nicht erkannt werden. Beispiel:
www:/usr/lib/sasl2 # sasldblistusers2 | grep alexg
alexg at www.moduleworks.com: cmusaslsecretDIGEST-MD5
alexg at www.moduleworks.com: cmusaslsecretPLAIN
alexg at www.moduleworks.com: cmusaslsecretCRAM-MD5
www:/usr/lib/sasl2 # telnet localhost smtp
Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'.
220 www.moduleworks.com ESMTP Postfix
mail from:a at web.de
250 Ok
rcpt to:alexg at moduleworks.com
450 <alexg at moduleworks.com>: Recipient address rejected: User unknown in local
recipient table
quit
221 Bye
Connection closed by foreign host.
Leider finde ich keine debug info, die mir sagt, warum nicht...
Grüße
Alex
--
Encrypted Mails welcome.
PGP-Key at http://zodiac.dnsalias.org/misc/pgpkey.asc | Key-ID: 0x6D7DD291
-------------- nächster Teil --------------
Ein Dateianhang mit Binärdaten wurde abgetrennt...
Dateiname : nicht verfügbar
Dateityp : application/pgp-signature
Dateigröße : 189 bytes
Beschreibung: nicht verfügbar
URL : <https://listi.jpberlin.de/pipermail/postfixbuch-users/attachments/20051115/52ef579d/attachment.sig>
Mehr Informationen über die Mailingliste Postfixbuch-users