[Postfixbuch-users] postfix mails per lmtp an cyrus uebergeben - authentification required - und wie?

Stefan G. Weichinger lists at xunil.at
So Aug 6 19:27:55 CEST 2006


Andreas Winkelmann schrieb:

>> Ich glaube, mir fehlt ein zu lmtpd passendes PAM-file, saslauthd
>> verwendet nämlich PAM ... und momentan erkennt der Cyrus-Server den User
>> in der sasldb nicht ...
>>
>> saslauthd verwendet PAM ...
> 
> saslauthd != sasldb

Du hast natürlich recht, da hab ich was vermischt ...

> Das hört sich aucheher nach der Cyrus-Config an. Die hast Du nicht gezeigt. 
> Ausserdem zeig mal die genaue Fehlermeldung aus dem Log.

# /etc/cyrus.conf

[...]
# UNIX sockets start with a slash and are put into /var/lib/imap/socket
SERVICES {
  # add or remove based on preferences
  #imap         cmd="imapd" listen="imap" prefork=0
  imap          cmd="imapd -C /etc/cyrus-imapd.conf"
listen="127.0.0.1:imap" prefork=0
  #imaplocal     cmd="imapd -C /etc/imapd-local.conf"
listen="127.0.0.1:imap" prefork=0
  imaps         cmd="imapd -C /etc/cyrus-imapd.conf -s" listen="imaps"
prefork=0
#  imapslocal    cmd="imapd -C /etc/imapd-local.conf"
listen="127.0.0.1:imaps" prefork=0
#  pop3         cmd="pop3d" listen="pop3" prefork=0
  pop3s         cmd="pop3d -C /etc/cyrus-popd.conf -s" listen="pop3s"
prefork=0
  sieve         cmd="timsieved" listen="sieve" prefork=0
#  sievelocal    cmd="timsieved -C /etc/imapd-local.conf
listen="127.0.0.1:sieve" prefork=0

  # at least one LMTP is required for delivery
  lmtp         cmd="lmtpd" listen="lmtp" prefork=1
  #lmtp          cmd="lmtpd -a" listen="lmtp" prefork=1
  lmtpunix      cmd="lmtpd" listen="/var/spool/postfix/public/lmtp"
prefork=1

  # this is only necessary if using notifications
#  notify       cmd="notifyd" listen="/var/lib/imap/socket/notify"
proto="udp" prefork=1
}

---

#/etc/cyrus-imapd.conf
postmaster: postmaster
admins: cyrus
# allowplaintext: yes
servername: imap.tld
autocreatequota: 10000
quotawarn: 90
timeout: 30
poptimeout: 10
dracinterval: 0
drachost: localhost
sasl_pwcheck_method: saslauthd
sasl_mech_list: plain login
sasl_log_level: 1
sieve_maxscriptsize: 32
sieve_maxscripts: 5
#unixhierarchysep: yes

configdirectory: /var/lib/imap
partition-default: /var/spool/imap
sievedir: /var/lib/sieve
allowanonymouslogin: no
reject8bit: no
lmtp_overquota_perm_failure: no
lmtp_allowplaintext: no
lmtp_admins: lmtpuser
#
# if you want TLS, you have to generate certificates and keys
#
tls_cert_file: [...]

---

# cat /etc/sysconfig/saslauthd
## Path:           System/Security/SASL
## Type:           list(getpwent,kerberos5,pam,rimap,shadow,ldap)
## Default:        pam
## ServiceRestart: saslauthd
#
# Authentication mechanism to use by saslauthd.
# See man 8 saslauthd for available mechanisms.
#
SASLAUTHD_AUTHMECH="pam"

---

# ls -1 /etc/pam.d
.
..
chage
chfn
chsh
cups
imap
imaps
login
netatalk
other
passwd
pop
radiusd
rpasswd
shadow
sieve
smtp
sshd
su
useradd
vsftpd
xdm



---

Absendender Server:

/etc/postfix/main.cf:

mailbox_transport = lmtp:imap.tld:2003
lmtp_sasl_auth_enable = yes
lmtp_sasl_password_maps = hash:/etc/postfix/lmtp_sasl_pass
lmtp_sasl_security_options = noanonymous
#, noplaintext

cat /etc/postfix/lmtp_sasl_pass
imap.tld:2003 lmtpuser:geheim

/var/log/mail:

Aug  6 15:43:16 srvb postfix/lmtp[12449]: D2BD36C064: to=<xy at tld>,
orig_to=<yz at other.tld>, relay=imap.tld[ip.ad.dr.ess]:2003, delay=74,
delays=74/0.02/0.03/0, dsn=4.7.0, status=deferred (SASL authentication
failed; cannot authenticate to server imap.tld[ip.ad.dr.ess]: no
mechanism available)

---


Momentan fahre ich wieder mit "lmtpd -a", für detailliertere Logs von
einem aktuellen Vorgang würde ich natürlich wieder umstellen ...

Danke, Stefan.



Mehr Informationen über die Mailingliste Postfixbuch-users