[Postfixbuch-users] sasl Problem

Mo Jan 16 15:11:02 CET 2006

Hallo miteinander,

ich hatte ja bereits die smtp-authentifizierung bereits gegenüber 
unserer LDAP-Schnittstelle am laufren. Nun hab ich weiter konfiguriert 
und hab irgend was ziemlcih zerschossen. Leider sehe ich vor lauter 
Bäumen den Wald nicht mehr.

Nun die Bitte. Kann da mal jemand auf mein "saslfinger" schauen was bei 
mir schief läuft. So wie es aussieht findet keine Übergabe von postfix 
an sasl statt, denn ich sehe nicht einmal einen Zugriff auf den LDAP-Server.

Herzlichen Dank schon mal

cu @ndy

--snip--
saslfinger - postfix Cyrus sasl configuration Mo Jan 16 15:09:42 CET 2006
version: 1.0
mode: server-side SMTP AUTH

-- basics --
Postfix: 2.2.4
System: Debian GNU/Linux testing/unstable \n \l

-- smtpd is linked to --
         libsasl2.so.2 => /usr/lib/libsasl2.so.2 (0xb7d44000)

-- active SMTP AUTH and TLS parameters for smtpd --
broken_sasl_auth_clients = yes
smtpd_sasl_application_name = smtp
smtpd_sasl_auth_enable = yes
smtpd_sasl_local_domain = $myhostname
smtpd_sasl_security_options = noanonymous
smtpd_tls_CAfile = /etc/postfix/certs/cacert.pem
smtpd_tls_cert_file = /etc/postfix/certs/postfix-test-crt.pem
smtpd_tls_key_file = /etc/postfix/certs/postfix-test-privkey.pem
smtpd_tls_loglevel = 3
smtpd_tls_session_cache_timeout = 3600s
smtpd_use_tls = yes

-- listing of /usr/lib/sasl2 --
insgesamt 884
drwxr-xr-x   2 root root  4096 2005-12-29 12:26 .
drwxr-xr-x  36 root root  8192 2006-01-16 13:28 ..
-rw-r--r--   1 root root 12492 2005-11-05 20:18 libanonymous.a
-rw-r--r--   1 root root   855 2005-11-05 20:18 libanonymous.la
-rw-r--r--   1 root root 11960 2005-11-05 20:18 libanonymous.so
-rw-r--r--   1 root root 11960 2005-11-05 20:18 libanonymous.so.2
-rw-r--r--   1 root root 11960 2005-11-05 20:18 libanonymous.so.2.0.19
-rw-r--r--   1 root root 14682 2005-11-05 20:18 libcrammd5.a
-rw-r--r--   1 root root   841 2005-11-05 20:18 libcrammd5.la
-rw-r--r--   1 root root 14160 2005-11-05 20:18 libcrammd5.so
-rw-r--r--   1 root root 14160 2005-11-05 20:18 libcrammd5.so.2
-rw-r--r--   1 root root 14160 2005-11-05 20:18 libcrammd5.so.2.0.19
-rw-r--r--   1 root root 43380 2005-11-05 20:18 libdigestmd5.a
-rw-r--r--   1 root root   864 2005-11-05 20:18 libdigestmd5.la
-rw-r--r--   1 root root 40432 2005-11-05 20:18 libdigestmd5.so
-rw-r--r--   1 root root 40432 2005-11-05 20:18 libdigestmd5.so.2
-rw-r--r--   1 root root 40432 2005-11-05 20:18 libdigestmd5.so.2.0.19
-rw-r--r--   1 root root 21644 2005-11-05 20:18 libgssapiv2.a
-rw-r--r--   1 root root  1054 2005-11-05 20:18 libgssapiv2.la
-rw-r--r--   1 root root 20988 2005-11-05 20:18 libgssapiv2.so
-rw-r--r--   1 root root 20988 2005-11-05 20:18 libgssapiv2.so.2
-rw-r--r--   1 root root 20988 2005-11-05 20:18 libgssapiv2.so.2.0.19
-rw-r--r--   1 root root 12762 2005-11-05 20:18 liblogin.a
-rw-r--r--   1 root root   835 2005-11-05 20:18 liblogin.la
-rw-r--r--   1 root root 12536 2005-11-05 20:18 liblogin.so
-rw-r--r--   1 root root 12536 2005-11-05 20:18 liblogin.so.2
-rw-r--r--   1 root root 12536 2005-11-05 20:18 liblogin.so.2.0.19
-rw-r--r--   1 root root 27312 2005-11-05 20:18 libntlm.a
-rw-r--r--   1 root root   829 2005-11-05 20:18 libntlm.la
-rw-r--r--   1 root root 26748 2005-11-05 20:18 libntlm.so
-rw-r--r--   1 root root 26748 2005-11-05 20:18 libntlm.so.2
-rw-r--r--   1 root root 26748 2005-11-05 20:18 libntlm.so.2.0.19
-rw-r--r--   1 root root 18494 2005-11-05 20:18 libotp.a
-rw-r--r--   1 root root   829 2005-11-05 20:18 libotp.la
-rw-r--r--   1 root root 40640 2005-11-05 20:18 libotp.so
-rw-r--r--   1 root root 40640 2005-11-05 20:18 libotp.so.2
-rw-r--r--   1 root root 40640 2005-11-05 20:18 libotp.so.2.0.19
-rw-r--r--   1 root root 13010 2005-11-05 20:18 libplain.a
-rw-r--r--   1 root root   835 2005-11-05 20:18 libplain.la
-rw-r--r--   1 root root 12664 2005-11-05 20:18 libplain.so
-rw-r--r--   1 root root 12664 2005-11-05 20:18 libplain.so.2
-rw-r--r--   1 root root 12664 2005-11-05 20:18 libplain.so.2.0.19
-rw-r--r--   1 root root 20004 2005-11-05 20:18 libsasldb.a
-rw-r--r--   1 root root   856 2005-11-05 20:18 libsasldb.la
-rw-r--r--   1 root root 16748 2005-11-05 20:18 libsasldb.so
-rw-r--r--   1 root root 16748 2005-11-05 20:18 libsasldb.so.2
-rw-r--r--   1 root root 16748 2005-11-05 20:18 libsasldb.so.2.0.19

-- content of /etc/postfix/sasl/smtpd.conf --
# Globale Parameters
log_level: 3
pwcheck_method: saslauthd
mech_list: PLAIN LOGIN
#ldap_servers: ldaps://ibo-xml-01.drsintra.de
ldap_servers: ldap://10.2.1.79
ldap_bind_dn: cn=ldap-hylafax,ou=LDAP-Kontext fuer Proxy user - nicht 
loeschen,ou=Server,ou=Intra,o=Dioezese
ldap_search_base: o=DIOEZESE
ldap_bind_pw: *****
ldap_auth_method: bind
ldap_filter: cn=%u
ldap_timeount: 10
ldap_time_limit: 10
ldap_scope: sub
ldap_debug: 4
ldap_verbose: on
#ldap_ssl: off
#ldap_start_tls: off
#ldap_tls_check_peer: no
#ldap_tls_cacert_dir: /etc/postfix/certs/
#ldap_tls_cacert_files: /etc/postfix/certs/cacert.pem
#ldap_tls_cert: /etc/postfix/certs/postfix-test-crt.pem
#ldap_tls_key: /etc/postfix/certs/postfix-test-privkey.pem

-- active services in /etc/postfix/master.cf --
# service type  private unpriv  chroot  wakeup  maxproc command + args
#               (yes)   (yes)   (yes)   (never) (100)
smtp      inet  n       -       n       -       20       smtpd
pickup    fifo  n       -       -       60      1       pickup
cleanup   unix  n       -       -       -       0       cleanup
qmgr      fifo  n       -       -       300     1       qmgr
rewrite   unix  -       -       -       -       -       trivial-rewrite
bounce    unix  -       -       -       -       0       bounce
defer     unix  -       -       -       -       0       bounce
trace     unix  -       -       -       -       0       bounce
verify    unix  -       -       -       -       1       verify
flush     unix  n       -       -       1000   0       flush
proxymap  unix  -       -       n       -       -       proxymap
smtp      unix  -       -       -       -       -       smtp
relay     unix  -       -       -       -       -       smtp
showq     unix  n       -       -       -       -       showq
error     unix  -       -       -       -       -       error
local     unix  -       n       n       -       -       local
virtual   unix  -       n       n       -       -       virtual
lmtp      unix  -       -       n       -       -       lmtp
anvil     unix  -       -       n       -       1       anvil
smtp-amavis     unix    -       -       n       -      4      smtp -o 
smtp_data_done_timeout=1800 -o disable_dns_lookups=no
maildrop  unix  -       n       n       -       -       pipe
   flags=DRhu user=vmail argv=/usr/local/bin/maildrop -d ${recipient}
uucp      unix  -       n       n       -       -       pipe
   flags=Fqhu user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail 
($recipient)
ifmail    unix  -       n       n       -       -       pipe
   flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient)
bsmtp     unix  -       n       n       -       -       pipe
   flags=Fq. user=bsmtp argv=/usr/lib/bsmtp/bsmtp -d -t$nexthop 
-f$sender $recipient
scalemail-backend unix  -       n       n       -       2       pipe
   flags=R user=scalemail argv=/usr/lib/scalemail/bin/scalemail-store 
${nexthop} ${user} ${extension}
smtp    inet    n       -       n       -       -       smtpd
localhost:10025 inet    n       -       n       -       -       smtpd 
-o content_filter=
submission inet n       -       y       -       -       smtpd -o 
smtpd_enforce_tls=yes -o smtpd_sasl_auth_enable=yes
tlsmgr    unix  -       -       -       1000?   1       tlsmgr
scache    unix  -       -       -       -       1       scache
discard   unix  -       -       -       -       -       discard

-- mechanisms on localhost --
250-AUTH GSSAPI NTLM LOGIN PLAIN OTP DIGEST-MD5 CRAM-MD5
250-AUTH=GSSAPI NTLM LOGIN PLAIN OTP DIGEST-MD5 CRAM-MD5

-- end of saslfinger output --