[Postfixbuch-users] postfix mails per lmtp an cyrus uebergeben - authentification required - und wie?
Stefan G. Weichinger
lists at xunil.at
So Aug 6 19:27:55 CEST 2006
Andreas Winkelmann schrieb:
>> Ich glaube, mir fehlt ein zu lmtpd passendes PAM-file, saslauthd
>> verwendet nämlich PAM ... und momentan erkennt der Cyrus-Server den User
>> in der sasldb nicht ...
>>
>> saslauthd verwendet PAM ...
>
> saslauthd != sasldb
Du hast natürlich recht, da hab ich was vermischt ...
> Das hört sich aucheher nach der Cyrus-Config an. Die hast Du nicht gezeigt.
> Ausserdem zeig mal die genaue Fehlermeldung aus dem Log.
# /etc/cyrus.conf
[...]
# UNIX sockets start with a slash and are put into /var/lib/imap/socket
SERVICES {
# add or remove based on preferences
#imap cmd="imapd" listen="imap" prefork=0
imap cmd="imapd -C /etc/cyrus-imapd.conf"
listen="127.0.0.1:imap" prefork=0
#imaplocal cmd="imapd -C /etc/imapd-local.conf"
listen="127.0.0.1:imap" prefork=0
imaps cmd="imapd -C /etc/cyrus-imapd.conf -s" listen="imaps"
prefork=0
# imapslocal cmd="imapd -C /etc/imapd-local.conf"
listen="127.0.0.1:imaps" prefork=0
# pop3 cmd="pop3d" listen="pop3" prefork=0
pop3s cmd="pop3d -C /etc/cyrus-popd.conf -s" listen="pop3s"
prefork=0
sieve cmd="timsieved" listen="sieve" prefork=0
# sievelocal cmd="timsieved -C /etc/imapd-local.conf
listen="127.0.0.1:sieve" prefork=0
# at least one LMTP is required for delivery
lmtp cmd="lmtpd" listen="lmtp" prefork=1
#lmtp cmd="lmtpd -a" listen="lmtp" prefork=1
lmtpunix cmd="lmtpd" listen="/var/spool/postfix/public/lmtp"
prefork=1
# this is only necessary if using notifications
# notify cmd="notifyd" listen="/var/lib/imap/socket/notify"
proto="udp" prefork=1
}
---
#/etc/cyrus-imapd.conf
postmaster: postmaster
admins: cyrus
# allowplaintext: yes
servername: imap.tld
autocreatequota: 10000
quotawarn: 90
timeout: 30
poptimeout: 10
dracinterval: 0
drachost: localhost
sasl_pwcheck_method: saslauthd
sasl_mech_list: plain login
sasl_log_level: 1
sieve_maxscriptsize: 32
sieve_maxscripts: 5
#unixhierarchysep: yes
configdirectory: /var/lib/imap
partition-default: /var/spool/imap
sievedir: /var/lib/sieve
allowanonymouslogin: no
reject8bit: no
lmtp_overquota_perm_failure: no
lmtp_allowplaintext: no
lmtp_admins: lmtpuser
#
# if you want TLS, you have to generate certificates and keys
#
tls_cert_file: [...]
---
# cat /etc/sysconfig/saslauthd
## Path: System/Security/SASL
## Type: list(getpwent,kerberos5,pam,rimap,shadow,ldap)
## Default: pam
## ServiceRestart: saslauthd
#
# Authentication mechanism to use by saslauthd.
# See man 8 saslauthd for available mechanisms.
#
SASLAUTHD_AUTHMECH="pam"
---
# ls -1 /etc/pam.d
.
..
chage
chfn
chsh
cups
imap
imaps
login
netatalk
other
passwd
pop
radiusd
rpasswd
shadow
sieve
smtp
sshd
su
useradd
vsftpd
xdm
---
Absendender Server:
/etc/postfix/main.cf:
mailbox_transport = lmtp:imap.tld:2003
lmtp_sasl_auth_enable = yes
lmtp_sasl_password_maps = hash:/etc/postfix/lmtp_sasl_pass
lmtp_sasl_security_options = noanonymous
#, noplaintext
cat /etc/postfix/lmtp_sasl_pass
imap.tld:2003 lmtpuser:geheim
/var/log/mail:
Aug 6 15:43:16 srvb postfix/lmtp[12449]: D2BD36C064: to=<xy at tld>,
orig_to=<yz at other.tld>, relay=imap.tld[ip.ad.dr.ess]:2003, delay=74,
delays=74/0.02/0.03/0, dsn=4.7.0, status=deferred (SASL authentication
failed; cannot authenticate to server imap.tld[ip.ad.dr.ess]: no
mechanism available)
---
Momentan fahre ich wieder mit "lmtpd -a", für detailliertere Logs von
einem aktuellen Vorgang würde ich natürlich wieder umstellen ...
Danke, Stefan.
Mehr Informationen über die Mailingliste Postfixbuch-users