[Postfixbuch-users] saslauthd II
erik.neuwirth at gmx.de
erik.neuwirth at gmx.de
Mo Apr 24 15:58:38 CEST 2006
hi @all,
ich "spiel" heut schon den ganzen tag mit der "saslauth" rum, aber irgendwie will die saslauthentifizierung einfach nicht klappen:
sasl läuft:
/opt/saslfinger-1.0# ps -ef | grep sasl
root 31046 1 0 15:12 ? 00:00:00 /usr/sbin/saslauthd -a rimap -O mail.testmob.de
root 31047 31046 0 15:12 ? 00:00:00 /usr/sbin/saslauthd -a rimap -O mail.testmob.de
root 31048 31046 0 15:12 ? 00:00:00 /usr/sbin/saslauthd -a rimap -O mail.testmob.de
root 31049 31046 0 15:12 ? 00:00:00 /usr/sbin/saslauthd -a rimap -O mail.testmob.de
root 31050 31046 0 15:12 ? 00:00:00 /usr/sbin/saslauthd -a rimap -O mail.testmob.de
die /etc/default/saslauthd sagt:
START=yes
MECHANISMS="rimap"
PARAMS="-a rimap -O mail.testmob.de -m /var/spool/postfix/var/run/saslauthd"
PWDIR="/var/spool/postfix/var/run/saslauthd"
PIDFILE="/var/spool/postfix/var/run/saslauthd/saslauthd.pid"
leider schreibt er dennoch die pid nicht nach $POSTFIXCHROOT/var/run/saslauthd sondern nach /var/run/saslauthd
keine ahnung warum!
smtpd.conf (egal ob die auskommentierte version, oder die andere):
#pwcheck_method: saslauthd
#log_level:7
#mech_list: PLAIN LOGIN
#saslauthd_path: /var/spool/postfix/var/run/saslauthd/mux
pwcheck_method: saslauthd
log_level:7
mech_list: PLAIN LOGIN
saslauthd_path: /var/run/saslauthd/mux
~$ telnet mail 25
Trying 10.1.40.4...
Connected to mail.testmob.de.
Escape character is '^]'.
220 mail.testmob.de ESMTP
ehlo testmob.de
250-mail.habkeine.de
250-PIPELINING
250-SIZE 10240000
250-VRFY
250-ETRN
250-STARTTLS
250 8BITMIME
quit
221 Bye
da fehlen eindeutig die 2 zeilen (welche ja lt. patrick's seite da sein müssten):
S: 250-AUTH PLAIN LOGIN DIGEST-MD5 CRAM-MD5 GSSAPI
S: 250-AUTH=PLAIN LOGIN DIGEST-MD5 CRAM-MD5 GSSAPI
saslfinger sagt:
saslfinger -s
saslfinger - postfix Cyrus sasl configuration Mo Apr 24 15:28:14 CEST 2006
version: 1.0
mode: server-side SMTP AUTH
-- basics --
Postfix: 2.2.10
System: Debian GNU/Linux testing/unstable \n \l
-- smtpd is linked to --
libsasl2.so.2 => /usr/lib/libsasl2.so.2 (0x00002aaaab4f1000)
-- active SMTP AUTH and TLS parameters for smtpd --
broken_sasl_auth_clients = yes
smtpd_sasl_auth_enable = yes
smtpd_sasl_local_domain = laber.blubb
smtpd_sasl_security_options = noanonymous, noplaintext
smtpd_tls_CAfile = /etc/postfix/CAcert.pem
smtpd_tls_auth_only = yes
smtpd_tls_cert_file = /etc/postfix/cert.pem
smtpd_tls_key_file = /etc/postfix/key.pem
smtpd_tls_loglevel = 3
smtpd_tls_received_header = no
smtpd_use_tls = yes
-- listing of /usr/lib/sasl2 --
insgesamt 983
drwxr-xr-x 2 root root 1392 2006-04-12 14:32 .
drwxr-xr-x 126 root root 46776 2006-04-20 10:25 ..
-rw-r--r-- 1 root root 19012 2006-04-06 02:50 libanonymous.a
-rw-r--r-- 1 root root 855 2006-04-06 02:50 libanonymous.la
-rw-r--r-- 1 root root 15712 2006-04-06 02:50 libanonymous.so
-rw-r--r-- 1 root root 15712 2006-04-06 02:50 libanonymous.so.2
-rw-r--r-- 1 root root 15712 2006-04-06 02:50 libanonymous.so.2.0.19
-rw-r--r-- 1 root root 21778 2006-04-06 02:50 libcrammd5.a
-rw-r--r-- 1 root root 841 2006-04-06 02:50 libcrammd5.la
-rw-r--r-- 1 root root 19104 2006-04-06 02:50 libcrammd5.so
-rw-r--r-- 1 root root 19104 2006-04-06 02:50 libcrammd5.so.2
-rw-r--r-- 1 root root 19104 2006-04-06 02:50 libcrammd5.so.2.0.19
-rw-r--r-- 1 root root 59768 2006-04-06 02:50 libdigestmd5.a
-rw-r--r-- 1 root root 864 2006-04-06 02:50 libdigestmd5.la
-rw-r--r-- 1 root root 46336 2006-04-06 02:50 libdigestmd5.so
-rw-r--r-- 1 root root 46336 2006-04-06 02:50 libdigestmd5.so.2
-rw-r--r-- 1 root root 46336 2006-04-06 02:50 libdigestmd5.so.2.0.19
-rw-r--r-- 1 root root 19238 2006-04-06 02:50 liblogin.a
-rw-r--r-- 1 root root 835 2006-04-06 02:50 liblogin.la
-rw-r--r-- 1 root root 16352 2006-04-06 02:50 liblogin.so
-rw-r--r-- 1 root root 16352 2006-04-06 02:50 liblogin.so.2
-rw-r--r-- 1 root root 16352 2006-04-06 02:50 liblogin.so.2.0.19
-rw-r--r-- 1 root root 38700 2006-04-06 02:50 libntlm.a
-rw-r--r-- 1 root root 829 2006-04-06 02:50 libntlm.la
-rw-r--r-- 1 root root 32264 2006-04-06 02:50 libntlm.so
-rw-r--r-- 1 root root 32264 2006-04-06 02:50 libntlm.so.2
-rw-r--r-- 1 root root 32264 2006-04-06 02:50 libntlm.so.2.0.19
-rw-r--r-- 1 root root 27118 2006-04-06 02:50 libotp.a
-rw-r--r-- 1 root root 829 2006-04-06 02:50 libotp.la
-rw-r--r-- 1 root root 48856 2006-04-06 02:50 libotp.so
-rw-r--r-- 1 root root 48856 2006-04-06 02:50 libotp.so.2
-rw-r--r-- 1 root root 48856 2006-04-06 02:50 libotp.so.2.0.19
-rw-r--r-- 1 root root 19318 2006-04-06 02:50 libplain.a
-rw-r--r-- 1 root root 835 2006-04-06 02:50 libplain.la
-rw-r--r-- 1 root root 16384 2006-04-06 02:50 libplain.so
-rw-r--r-- 1 root root 16384 2006-04-06 02:50 libplain.so.2
-rw-r--r-- 1 root root 16384 2006-04-06 02:50 libplain.so.2.0.19
-rw-r--r-- 1 root root 29132 2006-04-06 02:50 libsasldb.a
-rw-r--r-- 1 root root 856 2006-04-06 02:50 libsasldb.la
-rw-r--r-- 1 root root 21288 2006-04-06 02:50 libsasldb.so
-rw-r--r-- 1 root root 21288 2006-04-06 02:50 libsasldb.so.2
-rw-r--r-- 1 root root 21288 2006-04-06 02:50 libsasldb.so.2.0.19
-- content of /etc/postfix/sasl/smtpd.conf --
#pwcheck_method: saslauthd
#log_level:7
#mech_list: PLAIN LOGIN
#saslauthd_path: /var/spool/postfix/var/run/saslauthd/mux
pwcheck_method: saslauthd
log_level:7
mech_list: PLAIN LOGIN
saslauthd_path: /var/run/saslauthd/mux
-- active services in /etc/postfix/master.cf --
# service type private unpriv chroot wakeup maxproc command + args
# (yes) (yes) (yes) (never) (100)
smtp inet n - - - - smtpd -v
smtps inet n - - - - smtpd -v
-o smtpd_tls_wrappermode=yes -o smtpd_sasl_auth_enable=yes
submission inet n - - - - smtpd
-o smtpd_enforce_tls=yes -o smtpd_sasl_auth_enable=yes
pickup fifo n - - 60 1 pickup
cleanup unix n - - - 0 cleanup
qmgr fifo n - - 300 1 oqmgr
tlsmgr unix - - - 1000? 1 tlsmgr
rewrite unix - - n - - trivial-rewrite
bounce unix - - - - 0 bounce
defer unix - - - - 0 bounce
trace unix - - - - 0 bounce
verify unix - - - - 1 verify
flush unix n - - 1000? 0 flush
proxymap unix - - n - - proxymap
smtp unix - - - - - smtp
relay unix - - - - - smtp
-o fallback_relay=
showq unix n - - - - showq
error unix - - - - - error
discard unix - - - - - discard
local unix - n n - - local
virtual unix - n n - - virtual
lmtp unix - - - - - lmtp
anvil unix - - - - 1 anvil
scache unix - - - - 1 scache
maildrop unix - n n - - pipe
flags=DRhu user=vmail argv=/usr/bin/maildrop -d ${recipient}
uucp unix - n n - - pipe
flags=Fqhu user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail ($recipient)
ifmail unix - n n - - pipe
flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient)
bsmtp unix - n n - - pipe
flags=Fq. user=bsmtp argv=/usr/lib/bsmtp/bsmtp -t$nexthop -f$sender $recipient
scalemail-backend unix - n n - 2 pipe
flags=R user=scalemail argv=/usr/lib/scalemail/bin/scalemail-store ${nexthop} ${user} ${extension}
mailman unix - n n - - pipe
flags=FR user=list argv=/usr/lib/mailman/bin/postfix-to-mailman.py
${nexthop} ${user}
-- mechanisms on localhost --
(da sollte dann doch eigentlich auch was stehen, oder?)
root at server:/opt/saslfinger-1.0#
das log sagt dies:
[24/04/2006 15:43:39] info mail postfix/smtpd[356]: dict_eval: const permit_sasl_authenticated, permit_mynetworks, reject_unauth_destination
[24/04/2006 15:43:39] info mail postfix/smtpd[356]: dict_eval: expand ${smtpd_client_connection_limit_exceptions:$mynetworks} ->diverse netze
[24/04/2006 15:43:39] info mail postfix/smtpd[356]: dict_eval: const permit_inet_interfaces
[24/04/2006 15:43:39] info mail postfix/smtpd[356]: dict_eval: const
[24/04/2006 15:43:39] info mail postfix/smtpd[356]: dict_eval: const
[24/04/2006 15:43:39] info mail postfix/smtpd[356]: dict_eval: const
[24/04/2006 15:43:39] info mail postfix/smtpd[356]: dict_eval: expand $smtpd_sasl_security_options -> noanonymous, noplaintext
[24/04/2006 15:43:39] info mail postfix/smtpd[356]: match_string: mynetworks ~? debug_peer_list
[24/04/2006 15:43:39] info mail postfix/smtpd[356]: match_string: mynetworks ~? fast_flush_domains
[24/04/2006 15:43:39] info mail postfix/smtpd[356]: match_string: mynetworks ~? mynetworks
[24/04/2006 15:43:39] info mail postfix/smtpd[356]: match_string: relay_domains ~? debug_peer_list
[24/04/2006 15:43:39] info mail postfix/smtpd[356]: match_string: relay_domains ~? fast_flush_domains
[24/04/2006 15:43:39] info mail postfix/smtpd[356]: match_string: relay_domains ~? mynetworks
[24/04/2006 15:43:39] info mail postfix/smtpd[356]: match_string: relay_domains ~? permit_mx_backup_networks
[24/04/2006 15:43:39] info mail postfix/smtpd[356]: match_string: relay_domains ~? qmqpd_authorized_clients
[24/04/2006 15:43:39] info mail postfix/smtpd[356]: match_string: relay_domains ~? relay_domains
[24/04/2006 15:43:39] info mail postfix/smtpd[356]: match_string: permit_mx_backup_networks ~? debug_peer_list
[24/04/2006 15:43:39] info mail postfix/smtpd[356]: match_string: permit_mx_backup_networks ~? fast_flush_domains
[24/04/2006 15:43:39] info mail postfix/smtpd[356]: match_string: permit_mx_backup_networks ~? mynetworks
[24/04/2006 15:43:39] info mail postfix/smtpd[356]: match_string: permit_mx_backup_networks ~? permit_mx_backup_networks
[24/04/2006 15:43:39] info mail postfix/smtpd[356]: connect to subsystem private/proxymap
[24/04/2006 15:43:39] info mail postfix/smtpd[356]: send attr request = open
[24/04/2006 15:43:39] info mail postfix/smtpd[356]: send attr table = unix:passwd.byname
[24/04/2006 15:43:39] info mail postfix/smtpd[356]: send attr flags = 64
[24/04/2006 15:43:39] info mail postfix/smtpd[356]: private/proxymap socket: wanted attribute: status
[24/04/2006 15:43:39] info mail postfix/smtpd[356]: input attribute name: status
[24/04/2006 15:43:39] info mail postfix/smtpd[356]: input attribute value: 0
[24/04/2006 15:43:39] info mail postfix/smtpd[356]: private/proxymap socket: wanted attribute: flags
[24/04/2006 15:43:39] info mail postfix/smtpd[356]: input attribute name: flags
[24/04/2006 15:43:39] info mail postfix/smtpd[356]: input attribute value: 80
[24/04/2006 15:43:39] info mail postfix/smtpd[356]: private/proxymap socket: wanted attribute: (list terminator)
[24/04/2006 15:43:39] info mail postfix/smtpd[356]: input attribute name: (end)
[24/04/2006 15:43:39] info mail postfix/smtpd[356]: dict_proxy_open: connect to map=unix:passwd.byname status=0 server_flags=0120
[24/04/2006 15:43:39] info mail postfix/smtpd[356]: dict_open: proxy:unix:passwd.byname
[24/04/2006 15:43:39] info mail postfix/smtpd[356]: dict_open: hash:/etc/aliases
[24/04/2006 15:43:39] info mail postfix/smtpd[356]: dict_open: hash:/etc/postfix/canonical
[24/04/2006 15:43:39] info mail postfix/smtpd[356]: cfg_get_str: /etc/postfix/mailbox.mysql: user = postfix
[24/04/2006 15:43:39] info mail postfix/smtpd[356]: cfg_get_str: /etc/postfix/mailbox.mysql: password = passwort
[24/04/2006 15:43:39] info mail postfix/smtpd[356]: cfg_get_str: /etc/postfix/mailbox.mysql: dbname = mailbase
[24/04/2006 15:43:39] info mail postfix/smtpd[356]: cfg_get_str: /etc/postfix/mailbox.mysql: result_format = %s
[24/04/2006 15:43:39] info mail postfix/smtpd[356]: cfg_get_int: /etc/postfix/mailbox.mysql: expansion_limit = 0
[24/04/2006 15:43:39] info mail postfix/smtpd[356]: cfg_get_str: /etc/postfix/mailbox.mysql: query = SELECT maildir FROM mailusers WHERE account=\'%s\' AND active = 1;
[24/04/2006 15:43:39] info mail postfix/smtpd[356]: cfg_get_str: /etc/postfix/mailbox.mysql: domain =
[24/04/2006 15:43:39] info mail postfix/smtpd[356]: cfg_get_str: /etc/postfix/mailbox.mysql: hosts = localhost
[24/04/2006 15:43:39] info mail postfix/smtpd[356]: dict_open: mysql:/etc/postfix/mailbox.mysql
[24/04/2006 15:43:39] info mail postfix/smtpd[356]: match_string: smtpd_access_maps ~? debug_peer_list
[24/04/2006 15:43:39] info mail postfix/smtpd[356]: match_string: smtpd_access_maps ~? fast_flush_domains
[24/04/2006 15:43:39] info mail postfix/smtpd[356]: match_string: smtpd_access_maps ~? mynetworks
[24/04/2006 15:43:39] info mail postfix/smtpd[356]: match_string: smtpd_access_maps ~? permit_mx_backup_networks
[24/04/2006 15:43:39] info mail postfix/smtpd[356]: match_string: smtpd_access_maps ~? qmqpd_authorized_clients
[24/04/2006 15:43:39] info mail postfix/smtpd[356]: match_string: smtpd_access_maps ~? relay_domains
[24/04/2006 15:43:39] info mail postfix/smtpd[356]: match_string: smtpd_access_maps ~? smtpd_access_maps
[24/04/2006 15:43:39] info mail postfix/smtpd[356]: smtpd_sasl_initialize: SASL config file is smtpd.conf
[24/04/2006 15:43:39] info mail postfix/smtpd[356]: initializing the server-side TLS engine
[24/04/2006 15:43:39] info mail postfix/smtpd[356]: attr_clnt_create: transport=local endpoint=private/tlsmgr
[24/04/2006 15:43:39] info mail postfix/smtpd[356]: attr_clnt_connect: connected to private/tlsmgr
[24/04/2006 15:43:39] info mail postfix/smtpd[356]: send attr request = seed
[24/04/2006 15:43:39] info mail postfix/smtpd[356]: send attr size = 32
[24/04/2006 15:43:39] info mail postfix/smtpd[356]: private/tlsmgr: wanted attribute: status
[24/04/2006 15:43:39] info mail postfix/smtpd[356]: input attribute name: status
[24/04/2006 15:43:39] info mail postfix/smtpd[356]: input attribute value: 0
[24/04/2006 15:43:39] info mail postfix/smtpd[356]: private/tlsmgr: wanted attribute: seed
[24/04/2006 15:43:39] info mail postfix/smtpd[356]: input attribute name: seed
[24/04/2006 15:43:39] info mail postfix/smtpd[356]: input attribute value: k3eCQV3e5PJaRcxdKEBdDKXnkqCSZHxslXeLkEjTZ1c=
[24/04/2006 15:43:39] info mail postfix/smtpd[356]: private/tlsmgr: wanted attribute: (list terminator)
[24/04/2006 15:43:39] info mail postfix/smtpd[356]: input attribute name: (end)
[24/04/2006 15:43:39] info mail postfix/smtpd[356]: send attr request = policy
[24/04/2006 15:43:39] info mail postfix/smtpd[356]: private/tlsmgr: wanted attribute: status
[24/04/2006 15:43:39] info mail postfix/smtpd[356]: input attribute name: status
[24/04/2006 15:43:39] info mail postfix/smtpd[356]: input attribute value: 0
[24/04/2006 15:43:39] info mail postfix/smtpd[356]: private/tlsmgr: wanted attribute: policy
[24/04/2006 15:43:39] info mail postfix/smtpd[356]: input attribute name: policy
[24/04/2006 15:43:39] info mail postfix/smtpd[356]: input attribute value: 0
[24/04/2006 15:43:39] info mail postfix/smtpd[356]: private/tlsmgr: wanted attribute: (list terminator)
[24/04/2006 15:43:39] info mail postfix/smtpd[356]: input attribute name: (end)
[24/04/2006 15:43:39] info mail postfix/smtpd[356]: match_string: fast_flush_domains ~? debug_peer_list
[24/04/2006 15:43:39] info mail postfix/smtpd[356]: match_string: fast_flush_domains ~? fast_flush_domains
[24/04/2006 15:43:39] info mail postfix/smtpd[356]: attr_clnt_create: transport=local endpoint=private/anvil
[24/04/2006 15:43:39] info mail postfix/smtpd[356]: connection established
[24/04/2006 15:43:39] info mail postfix/smtpd[356]: master_notify: status 0
[24/04/2006 15:43:39] info mail postfix/smtpd[356]: name_mask: resource
[24/04/2006 15:43:39] info mail postfix/smtpd[356]: name_mask: software
[24/04/2006 15:43:39] info mail postfix/smtpd[356]: name_mask: noanonymous
[24/04/2006 15:43:39] info mail postfix/smtpd[356]: name_mask: noplaintext
[24/04/2006 15:43:39] crit mail postfix/smtpd[356]: fatal: no SASL authentication mechanisms
[24/04/2006 15:43:40] warning mail postfix/master[349]: warning: process /usr/lib/postfix/smtpd pid 356 exit status 1
[24/04/2006 15:43:40] warning mail postfix/master[349]: warning: /usr/lib/postfix/smtpd: bad command startup -- throttling
irgend ein tipp???
Mehr Informationen über die Mailingliste Postfixbuch-users