[Postfixbuch-users] Postfix. smtpd-auth mit sasl

Patrick Ben Koetter p at state-of-mind.de
Do Aug 17 15:57:29 CEST 2006


* Axel Schmidat <axel.schmidat at lsg.nrw.de>:
> hi,
> so nachdem ich es also mit hinbekommen habe, eine verschlüsselte Verbindung
> (TLS/SSL) vom Mail-Clienten aufzubauen, fehlt mir jetzt nur noch die
> Anbindung mittels smtp-auth über sasl.  Ich habe dazu einmal das programm
> saslfinger installiert und aufgerufen.  Das Ergebnis sieht wie folgt aus:
> 
> saslfinger - postfix Cyrus sasl configuration Do 17 Aug 15:36:24 CEST 2006
> version: 1.0
> mode: server-side SMTP AUTH
> 
> -- basics --
> Postfix: 2.2.10
> System: Ubuntu 6.06.1 LTS \n \l
> 
> -- smtpd is linked to --
>     libsasl2.so.2 => /usr/lib/libsasl2.so.2 (0x00002aaaab4f0000)
> 
> -- active SMTP AUTH and TLS parameters for smtpd --
> broken_sasl_auth_clients = yes
> smtpd_sasl_auth_enable = yes
> smtpd_sasl_local_domain =
> smtpd_sasl_security_options = noanonymous
> smtpd_tls_CAfile = /etc/postfix/cacert.pem
> smtpd_tls_cert_file = /etc/postfix/imap-cert.pem
> smtpd_tls_key_file = /etc/postfix/imap-key.pem
> smtpd_tls_session_cache_database = btree:${queue_directory}/smtpd_scache
> smtpd_use_tls = yes
> 
> 
> -- listing of /usr/lib/sasl2 --
> total 1068
> drwxr-xr-x  2 root root     1576 2006-08-17 14:40 .
> drwxr-xr-x 33 root root     6576 2006-08-17 12:00 ..
> -rw-r--r--  1 root root    19036 2006-04-24 13:38 libanonymous.a
> -rw-r--r--  1 root root      855 2006-04-24 13:38 libanonymous.la
> -rw-r--r--  1 root root    15712 2006-04-24 13:38 libanonymous.so
> -rw-r--r--  1 root root    15712 2006-04-24 13:38 libanonymous.so.2
> -rw-r--r--  1 root root    15712 2006-04-24 13:38 libanonymous.so.2.0.19
> -rw-r--r--  1 root root    21802 2006-04-24 13:38 libcrammd5.a
> -rw-r--r--  1 root root      841 2006-04-24 13:38 libcrammd5.la
> -rw-r--r--  1 root root    19104 2006-04-24 13:38 libcrammd5.so
> -rw-r--r--  1 root root    19104 2006-04-24 13:38 libcrammd5.so.2
> -rw-r--r--  1 root root    19104 2006-04-24 13:38 libcrammd5.so.2.0.19
> -rw-r--r--  1 root root    59792 2006-04-24 13:38 libdigestmd5.a
> -rw-r--r--  1 root root      864 2006-04-24 13:38 libdigestmd5.la
> -rw-r--r--  1 root root    46336 2006-04-24 13:38 libdigestmd5.so
> -rw-r--r--  1 root root    46336 2006-04-24 13:38 libdigestmd5.so.2
> -rw-r--r--  1 root root    46336 2006-04-24 13:38 libdigestmd5.so.2.0.19
> -rw-r--r--  1 root root    19262 2006-04-24 13:38 liblogin.a
> -rw-r--r--  1 root root      835 2006-04-24 13:38 liblogin.la
> -rw-r--r--  1 root root    16352 2006-04-24 13:38 liblogin.so
> -rw-r--r--  1 root root    16352 2006-04-24 13:38 liblogin.so.2
> -rw-r--r--  1 root root    16352 2006-04-24 13:38 liblogin.so.2.0.19
> -rw-r--r--  1 root root    38724 2006-04-24 13:38 libntlm.a
> -rw-r--r--  1 root root      829 2006-04-24 13:38 libntlm.la
> -rw-r--r--  1 root root    32264 2006-04-24 13:38 libntlm.so
> -rw-r--r--  1 root root    32264 2006-04-24 13:38 libntlm.so.2
> -rw-r--r--  1 root root    32264 2006-04-24 13:38 libntlm.so.2.0.19
> -rw-r--r--  1 root root    27142 2006-04-24 13:38 libotp.a
> -rw-r--r--  1 root root      829 2006-04-24 13:38 libotp.la
> -rw-r--r--  1 root root    48856 2006-04-24 13:38 libotp.so
> -rw-r--r--  1 root root    48856 2006-04-24 13:38 libotp.so.2
> -rw-r--r--  1 root root    48856 2006-04-24 13:38 libotp.so.2.0.19
> -rw-r--r--  1 root root    19342 2006-04-24 13:38 libplain.a
> -rw-r--r--  1 root root      835 2006-04-24 13:38 libplain.la
> -rw-r--r--  1 root root    16384 2006-04-24 13:38 libplain.so
> -rw-r--r--  1 root root    16384 2006-04-24 13:38 libplain.so.2
> -rw-r--r--  1 root root    16384 2006-04-24 13:38 libplain.so.2.0.19
> -rw-r--r--  1 root root    29164 2006-04-24 13:38 libsasldb.a
> -rw-r--r--  1 root root      856 2006-04-24 13:38 libsasldb.la
> -rw-r--r--  1 root root    21288 2006-04-24 13:38 libsasldb.so
> -rw-r--r--  1 root root    21288 2006-04-24 13:38 libsasldb.so.2
> -rw-r--r--  1 root root    21288 2006-04-24 13:38 libsasldb.so.2.0.19
> -rw-r--r--  1 root root    30856 2006-04-24 13:38 libsql.a
> -rw-r--r--  1 root root      895 2006-04-24 13:38 libsql.la
> -rw-r--r--  1 root root    24848 2006-04-24 13:38 libsql.so
> -rw-r--r--  1 root root    24848 2006-04-24 13:38 libsql.so.2
> -rw-r--r--  1 root root    24848 2006-04-24 13:38 libsql.so.2.0.19
> -rw-r--r--  1 root postfix   265 2006-08-17 15:35 smtpd.conf
> 
> 
> 
> 
> -- content of /usr/lib/sasl2/smtpd.conf --
> pwcheck_method: auxprop
> auxprop_plugin: sql
> mech_list: plain login
> allow_plaintext: true
> sql_engine: mysql
> sql_hostnames: 127.0.0.1
> sql_user: --- replaced ---
> sql_passwd: --- replaced ---
> sql_database: mailbase
> sql_select: select password from mailbase where id="%u@%r"
> log_level: 7
> 
> -- content of /etc/postfix/sasl/smtpd.conf --
> pwcheck_method: auxprop
> auxprop_plugin: sql
> mech_list: plain login
> allow_plaintext: true
> sql_engine: mysql
> sql_hostnames: 127.0.0.1
> sql_user: --- replaced ---
> sql_passwd: --- replaced ---
> sql_database: mailbase
> sql_select: select password from mailbase where id="%u@%r"
> log_level: 7
> 
> 
> -- active services in /etc/postfix/master.cf --
> # service type  private unpriv  chroot  wakeup  maxproc command + args
> #               (yes)   (yes)   (yes)   (never) (100)
> smtp      inet  n       -       -       -       -       smtpd
> smtps     inet  n       -       y       -       -       smtpd
>   -o smtpd_tls_wrappermode=yes -o smtpd_sasl_auth_enable=yes
> submission inet n      -       y       -       -       smtpd
>   -o smtpd_enforce_tls=yes -o smtpd_sasl_auth_enable=yes
> pickup    fifo  n       -       -       60      1       pickup
> cleanup   unix  n       -       -       -       0       cleanup
> qmgr      fifo  n       -       n       300     1       qmgr
> tlsmgr    unix  -       -       -       1000?   1       tlsmgr
> rewrite   unix  -       -       n       -       -       trivial-rewrite
> bounce    unix  -       -       -       -       0       bounce
> defer     unix  -       -       -       -       0       bounce
> trace     unix  -       -       -       -       0       bounce
> verify    unix  -       -       -       -       1       verify
> flush     unix  n       -       -       1000?   0       flush
> proxymap  unix  -       -       n       -       -       proxymap
> smtp      unix  -       -       -       -       -       smtp
> relay     unix  -       -       -       -       -       smtp
>     -o fallback_relay=
> showq     unix  n       -       -       -       -       showq
> error     unix  -       -       -       -       -       error
> discard   unix  -       -       -       -       -       discard
> local     unix  -       n       n       -       -       local
> virtual   unix  -       n       n       -       -       virtual
> lmtp      unix  -       -       -       -       -       lmtp
> anvil     unix  -       -       -       -       1       anvil
> scache      unix    -    -    -    -    1    scache
> maildrop  unix  -       n       n       -       -       pipe
>   flags=DRhu user=vmail argv=/usr/bin/maildrop -d ${recipient}
> uucp      unix  -       n       n       -       -       pipe
>   flags=Fqhu user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail 
> ($recipient)
> ifmail    unix  -       n       n       -       -       pipe
>   flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient)
> bsmtp     unix  -       n       n       -       -       pipe
>   flags=Fq. user=bsmtp argv=/usr/lib/bsmtp/bsmtp -t$nexthop -f$sender 
> $recipient
> scalemail-backend unix    -    n    n    -    2    pipe
>   flags=R user=scalemail argv=/usr/lib/scalemail/bin/scalemail-store 
> ${nexthop} ${user} ${extension}
> mailman   unix  -       n       n       -       -       pipe
>   flags=FR user=list argv=/usr/lib/mailman/bin/postfix-to-mailman.py
>   ${nexthop} ${user}
> 
> -- mechanisms on localhost --
> 250-AUTH LOGIN PLAIN
> 250-AUTH=LOGIN PLAIN
> 
> 
> -- end of saslfinger output --
> 
> Wenn noch jemand den entscheidenden Tipp hat, wäre super.

Ja: Was ist der Fehler?

p at rick

-- 
Das Postfix-Buch
<http://www.postfix-buch.com>
saslfinger (debugging SMTP AUTH):
<http://postfix.state-of-mind.de/patrick.koetter/saslfinger/>



Mehr Informationen über die Mailingliste Postfixbuch-users