[Postfixbuch-users] Zum Xten Relay access denied

Patrick Ben Koetter p at state-of-mind.de
Do Apr 6 14:57:58 CEST 2006


* Jim Knuth <jk at jkart.de>:
> kann mir mal einer die Tomaten von den Augen nehmen? Danke.
> 
> Ich habe hier nen Server am Wickel und der will mich nicht
> relayen lassen.
> 
> postconf -n sieht gut aus, saslauthd läuft auch, saslfinger ist
> ok, aber ..
> 
> alias_maps = hash:/etc/aliases
> broken_sasl_auth_clients = yes
> command_directory = /usr/sbin
> config_directory = /etc/postfix
> daemon_directory = /usr/lib/postfix
> debug_peer_level = 2
> inet_interfaces = all
> mail_owner = postfix
> mail_spool_directory = /var/mail
> mailbox_command = /usr/bin/procmail
> mailbox_size_limit = 0
> mailbox_transport =
> mailq_path = /usr/bin/mailq
> masquerade_classes = envelope_sender, header_sender, header_recipient
> masquerade_domains =
> masquerade_exceptions = root
> message_size_limit = 10240000
> mydestination = $myhostname, localhost.$mydomain
> myhostname = h67117.serverkompetenz.net
> mynetworks = 127.0.0.0/8
> newaliases_path = /usr/bin/newaliases
> queue_directory = /var/spool/postfix
> relayhost =
> sendmail_path = /usr/sbin/sendmail
> setgid_group = maildrop
> smtpd_recipient_restrictions = permit_sasl_authenticated        permit_mynetworks               reject_unauth_destination
> smtpd_sasl_auth_enable = yes
> smtpd_sasl_local_domain =
> smtpd_sasl_security_options = noanonymous
> unknown_local_recipient_reject_code = 450
> 
> h67117:~ # ps wax | grep saslauthd
>  4619 ?        Ss     0:00 saslauthd -a pam
>  4620 ?        S      0:00 saslauthd -a pam
>  4621 ?        S      0:00 saslauthd -a pam
>  4622 ?        S      0:00 saslauthd -a pam
>  4623 ?        S      0:00 saslauthd -a pam
> 
> 
> Apr  6 13:46:46 h67117 postfix/smtpd[29218]: > p54B7CDB7.dip.t-dialin.net[84.183.205.183]: 250-ETRN
> Apr  6 13:46:46 h67117 postfix/smtpd[29218]: > p54B7CDB7.dip.t-dialin.net[84.183.205.183]: 250-AUTH PLAIN LOGIN
> Apr  6 13:46:46 h67117 postfix/smtpd[29218]: match_list_match: p54B7CDB7.dip.t-dialin.net: no match
> Apr  6 13:46:46 h67117 postfix/smtpd[29218]: match_list_match: 84.183.205.183: no match
> Apr  6 13:46:46 h67117 postfix/smtpd[29218]: > p54B7CDB7.dip.t-dialin.net[84.183.205.183]: 250-AUTH=PLAIN LOGIN
> Apr  6 13:46:46 h67117 postfix/smtpd[29218]: > p54B7CDB7.dip.t-dialin.net[84.183.205.183]: 250 8BITMIME
> Apr  6 13:46:46 h67117 postfix/smtpd[29218]: < p54B7CDB7.dip.t-dialin.net[84.183.205.183]: AUTH PLAIN
> Apr  6 13:46:46 h67117 postfix/smtpd[29218]: smtpd_sasl_authenticate: sasl_method PLAIN
> Apr  6 13:46:46 h67117 postfix/smtpd[29218]: smtpd_sasl_authenticate: uncoded challenge:
> Apr  6 13:46:46 h67117 postfix/smtpd[29218]: > p54B7CDB7.dip.t-dialin.net[84.183.205.183]: 334
> Apr  6 13:46:46 h67117 postfix/smtpd[29218]: < p54B7CDB7.dip.t-dialin.net[84.183.205.183]: AHdlYjFwMQB3aW5uZXIxMjM0
> Apr  6 13:46:46 h67117 postfix/smtpd[29218]: smtpd_sasl_authenticate: decoded response:
> Apr  6 13:46:46 h67117 postfix/smtpd[29218]: warning: SASL authentication failure: Password verification failed

Mag ja sein, dass saslauthd läuft, aber kann es auch erfolgreich
authentifizieren? Was sagt denn testsaslauthd?

# testsaslauthd -s smtp -u username -p password


> Das PW wurde mehrfach geprüft, stimmt.

4-Augen-Vergleich? Telefonisch? Baum-Trommlen? Womit hast Du denn geprüft? ;)

p at rick


-- 
Das Postfix-Buch
<http://www.postfix-buch.com>
saslfinger (debugging SMTP AUTH):
<http://postfix.state-of-mind.de/patrick.koetter/saslfinger/>



Mehr Informationen über die Mailingliste Postfixbuch-users