[Postfixbuch-users] Postfix/SASL: no SASL authentication mechanisms
Patrick Ben Koetter
p at state-of-mind.de
So Jul 23 15:14:34 CEST 2006
* Henryk Menzel <blue_pride at web.de>:
> Hi,
>
> hab da ein kleines (naja eher großes) Problem mit der Authentifizierung beim
> eMail senden. Mail empfangen per Pop3 funktioniert. Hab schon mehrfach
> gegoogelt und probiert, aber nichts gefunden, was mein Problem behebt ...
> :((
Dann google mal nach "saslfinger", lade es herunter und generiere mit
"saslfinger -s" output, den man zum debuggen gebrauchen kann.
p at rick
>
> ------------------------------------- main.cf -------------------------------------
>
> smtpd_banner = $myhostname ESMTP
> biff = no
>
> append_dot_mydomain = no
>
> # Uncomment the next line to generate "delayed mail" warnings
> #delay_warning_time = 4h
> myhostname = mail.meinedomain.de
> mydomain = meinedomain.de
> mydestination = $myhostname, $mydomain, loalhost, localhost.$mydomain
> mynetworks = 127.0.0.0/8
> mail_owner = postfix
>
> alias_maps = hash:/etc/aliases
> virtual_maps = hash:/etc/postfix/virtual
> sender_canonical_maps = hash:/etc/postfix/sender_canonical
> recipient_canonical_maps = hash:/etc/postfix/recipient_canonical
>
> virtual_uid_maps = static:5000
> virtual_gid_maps = static:5000
> smtpd_sasl_auth_enable = yes
> #smtpd_sasl_security_options = noanonymous, noplaintext
> broken_sasl_auth_clients = yes
> #smtpd_tls_auth_only = no
> smtpd_sasl_local_domain =
> smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination
> smtpd_use_tls = yes
> smtpd_tls_cert_file = /etc/postfix/smtpd.cert
> smtpd_tls_key_file = /etc/postfix/smtpd.key
>
> # umstellung auf maildir
> home_mailbox = Maildir/
> ---------------------------------------------------------------------------------------------------------------
>
> ------------------------------------- master.cf -------------------------------------
> ==========================================================================
> # service type private unpriv chroot wakeup maxproc command + args
> # (yes) (yes) (yes) (never) (100)
> # ==========================================================================
> smtp inet n - - - - smtpd
> #submission inet n - - - - smtpd
> # -o smtpd_etrn_restrictions=reject
> #628 inet n - - - - qmqpd
> pickup fifo n - - 60 1 pickup
> cleanup unix n - - - 0 cleanup
> qmgr fifo n - - 300 1 qmgr
> #qmgr fifo n - - 300 1 oqmgr
> rewrite unix - - - - - trivial-rewrite
> bounce unix - - - - 0 bounce
> defer unix - - - - 0 bounce
> trace unix - - - - 0 bounce
> verify unix - - - - 1 verify
> flush unix n - - 1000? 0 flush
> proxymap unix - - n - - proxymap
> smtp unix - - - - - smtp
> relay unix - - - - - smtp
> # -o smtp_helo_timeout=5 -o smtp_connect_timeout=5
> showq unix n - - - - showq
> error unix - - - - - error
> local unix - n n - - local
> virtual unix - n n - - virtual
> lmtp unix - - n - - lmtp
> anvil unix - - n - 1 anvil
> #
> # Interfaces to non-Postfix software. Be sure to examine the manual
> # pages of the non-Postfix software to find out what options it wants.
> #
> # maildrop. See the Postfix MAILDROP_README file for details.
> #
> maildrop unix - n n - - pipe
> flags=DRhu user=vmail argv=/usr/local/bin/maildrop -d ${recipient}
> uucp unix - n n - - pipe
> flags=Fqhu user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail ($recipient)
> ifmail unix - n n - - pipe
> flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient)
> bsmtp unix - n n - - pipe
> flags=Fq. user=bsmtp argv=/usr/lib/bsmtp/bsmtp -d -t$nexthop -f$sender $recipient
> scalemail-backend unix - n n - 2 pipe
> flags=R user=scalemail argv=/usr/lib/scalemail/bin/scalemail-store ${nexthop} ${user} ${extension}
>
> # only used by postfix-tls
> #tlsmgr fifo - - n 300 1 tlsmgr
> #smtps inet n - n - - smtpd -o smtpd_tls_wrappermode=yes -o smtpd_sasl_auth_enable=yes
> #587 inet n - n - - smtpd -o smtpd_enforce_tls=yes -o smtpd_sasl_auth_enable=yes
> ---------------------------------------------------------------------------------------------------------------
>
> ------------------------------------- saslfinger -------------------------------------
> saslfinger - postfix Cyrus sasl configuration Sun Jul 23 13:52:54 CEST 2006
> version: 1.0
> mode: server-side SMTP AUTH
>
> -- basics --
> Postfix: 2.1.5
> System: Debian GNU/Linux 3.1 \n \l
>
> -- smtpd is linked to --
> libsasl2.so.2 => /usr/lib/libsasl2.so.2 (0x0000002a95e40000)
>
> -- active SMTP AUTH and TLS parameters for smtpd --
> broken_sasl_auth_clients = yes
> smtpd_sasl_auth_enable = yes
> smtpd_sasl_local_domain =
> smtpd_tls_cert_file = /etc/postfix/smtpd.cert
> smtpd_tls_key_file = /etc/postfix/smtpd.key
> smtpd_use_tls = yes
>
>
> -- listing of /usr/lib/sasl2 --
> total 1120
> drwxr-xr-x 2 root root 4096 2006-07-16 11:48 .
> drwxr-xr-x 29 root root 8192 2006-07-16 11:48 ..
> -rw-r--r-- 1 root root 18892 2006-04-24 19:40 libanonymous.a
> -rw-r--r-- 1 root root 851 2006-04-24 19:40 libanonymous.la
> -rw-r--r-- 1 root root 16496 2006-04-24 19:40 libanonymous.so
> -rw-r--r-- 1 root root 16496 2006-04-24 19:40 libanonymous.so.2
> -rw-r--r-- 1 root root 16496 2006-04-24 19:40 libanonymous.so.2.0.19
> -rw-r--r-- 1 root root 22402 2006-04-24 19:40 libcrammd5.a
> -rw-r--r-- 1 root root 837 2006-04-24 19:40 libcrammd5.la
> -rw-r--r-- 1 root root 20344 2006-04-24 19:40 libcrammd5.so
> -rw-r--r-- 1 root root 20344 2006-04-24 19:40 libcrammd5.so.2
> -rw-r--r-- 1 root root 20344 2006-04-24 19:40 libcrammd5.so.2.0.19
> -rw-r--r-- 1 root root 63424 2006-04-24 19:40 libdigestmd5.a
> -rw-r--r-- 1 root root 860 2006-04-24 19:40 libdigestmd5.la
> -rw-r--r-- 1 root root 47552 2006-04-24 19:40 libdigestmd5.so
> -rw-r--r-- 1 root root 47552 2006-04-24 19:40 libdigestmd5.so.2
> -rw-r--r-- 1 root root 47552 2006-04-24 19:40 libdigestmd5.so.2.0.19
> -rw-r--r-- 1 root root 19166 2006-04-24 19:40 liblogin.a
> -rw-r--r-- 1 root root 831 2006-04-24 19:40 liblogin.la
> -rw-r--r-- 1 root root 17064 2006-04-24 19:40 liblogin.so
> -rw-r--r-- 1 root root 17064 2006-04-24 19:40 liblogin.so.2
> -rw-r--r-- 1 root root 17064 2006-04-24 19:40 liblogin.so.2.0.19
> -rw-r--r-- 1 root root 40524 2006-04-24 19:40 libntlm.a
> -rw-r--r-- 1 root root 825 2006-04-24 19:40 libntlm.la
> -rw-r--r-- 1 root root 34112 2006-04-24 19:40 libntlm.so
> -rw-r--r-- 1 root root 34112 2006-04-24 19:40 libntlm.so.2
> -rw-r--r-- 1 root root 34112 2006-04-24 19:40 libntlm.so.2.0.19
> -rw-r--r-- 1 root root 27198 2006-04-24 19:40 libotp.a
> -rw-r--r-- 1 root root 825 2006-04-24 19:40 libotp.la
> -rw-r--r-- 1 root root 48144 2006-04-24 19:40 libotp.so
> -rw-r--r-- 1 root root 48144 2006-04-24 19:40 libotp.so.2
> -rw-r--r-- 1 root root 48144 2006-04-24 19:40 libotp.so.2.0.19
> -rw-r--r-- 1 root root 19270 2006-04-24 19:40 libplain.a
> -rw-r--r-- 1 root root 831 2006-04-24 19:40 libplain.la
> -rw-r--r-- 1 root root 17048 2006-04-24 19:40 libplain.so
> -rw-r--r-- 1 root root 17048 2006-04-24 19:40 libplain.so.2
> -rw-r--r-- 1 root root 17048 2006-04-24 19:40 libplain.so.2.0.19
> -rw-r--r-- 1 root root 28620 2006-07-16 13:41 libsasldb.a
> -rw-r--r-- 1 root root 852 2006-07-16 13:41 libsasldb.la
> -rw-r--r-- 1 root root 21632 2006-07-16 13:41 libsasldb.so
> -rw-r--r-- 1 root root 21632 2006-07-16 13:41 libsasldb.so.2
> -rw-r--r-- 1 root root 21632 2006-07-16 13:41 libsasldb.so.2.0.19
> -rw-r--r-- 1 root root 30608 2006-04-24 19:40 libsql.a
> -rw-r--r-- 1 root root 874 2006-04-24 19:40 libsql.la
> -rw-r--r-- 1 root root 25112 2006-04-24 19:40 libsql.so
> -rw-r--r-- 1 root root 25112 2006-04-24 19:40 libsql.so.2
> -rw-r--r-- 1 root root 25112 2006-04-24 19:40 libsql.so.2.0.19
>
>
>
>
> -- content of /etc/postfix/sasl/smtpd.conf --
> pwcheck_method: saslauthd
> mech_list: plain login
> allow_plaintext: true
> # saslauthd_path: /var/run/saslauthd/mux
> # autotransition:true
>
>
> -- active services in /etc/postfix/master.cf --
> # service type private unpriv chroot wakeup maxproc command + args
> # (yes) (yes) (yes) (never) (100)
> smtp inet n - - - - smtpd
> pickup fifo n - - 60 1 pickup
> cleanup unix n - - - 0 cleanup
> qmgr fifo n - - 300 1 qmgr
> rewrite unix - - - - - trivial-rewrite
> bounce unix - - - - 0 bounce
> defer unix - - - - 0 bounce
> trace unix - - - - 0 bounce
> verify unix - - - - 1 verify
> flush unix n - - 1000? 0 flush
> proxymap unix - - n - - proxymap
> smtp unix - - - - - smtp
> relay unix - - - - - smtp
> showq unix n - - - - showq
> error unix - - - - - error
> local unix - n n - - local
> virtual unix - n n - - virtual
> lmtp unix - - n - - lmtp
> anvil unix - - n - 1 anvil
> maildrop unix - n n - - pipe
> flags=DRhu user=vmail argv=/usr/local/bin/maildrop -d ${recipient}
> uucp unix - n n - - pipe
> flags=Fqhu user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail ($recipient)
> ifmail unix - n n - - pipe
> flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient)
> bsmtp unix - n n - - pipe
> flags=Fq. user=bsmtp argv=/usr/lib/bsmtp/bsmtp -d -t$nexthop -f$sender $recipient
> scalemail-backend unix - n n - 2 pipe
> flags=R user=scalemail argv=/usr/lib/scalemail/bin/scalemail-store ${nexthop} ${user} ${extension}
>
> -- mechanisms on localhost --
> 250-AUTH LOGIN PLAIN
> 250-AUTH=LOGIN PLAIN
>
> -- end of saslfinger output --
> ---------------------------------------------------------------------------------------------------------------
>
> ------------------------------------- /var/mail.log -------------------------------------
> Jul 23 14:09:25 localhost courierpop3login: Connection, ip=[::ffff:84.184.209.115]
> Jul 23 14:09:25 localhost courierpop3login: Connection, ip=[::ffff:84.184.209.115]
> Jul 23 14:09:25 localhost courierpop3login: LOGIN, user=web7p1, ip=[::ffff:84.184.209.115]
> Jul 23 14:09:26 localhost courierpop3login: LOGOUT, user=web7p1, ip=[::ffff:84.184.209.115], top=0, retr=4858, time=1
> Jul 23 14:10:29 localhost postfix/smtpd[21985]: connect from p54B8D173.dip.t-dialin.net[84.184.209.115]
> Jul 23 14:10:29 localhost postfix/smtpd[21985]: lost connection after CONNECT from p54B8D173.dip.t-dialin.net[84.184.209.115]
> Jul 23 14:10:29 localhost postfix/smtpd[21985]: disconnect from p54B8D173.dip.t-dialin.net[84.184.209.115]
> Jul 23 14:10:29 localhost postfix/smtpd[21985]: connect from p54B8D173.dip.t-dialin.net[84.184.209.115]
> Jul 23 14:10:29 localhost postfix/smtpd[21985]: warning: SASL authentication failure: cannot connect to saslauthd server: Permission denied
> Jul 23 14:10:29 localhost postfix/smtpd[21985]: warning: p54B8D173.dip.t-dialin.net[84.184.209.115]: SASL LOGIN authentication failed
> Jul 23 14:10:29 localhost postfix/smtpd[21985]: lost connection after AUTH from p54B8D173.dip.t-dialin.net[84.184.209.115]
> Jul 23 14:10:29 localhost postfix/smtpd[21985]: disconnect from p54B8D173.dip.t-dialin.net[84.184.209.115]
> Jul 23 14:10:31 localhost postfix/smtpd[21985]: connect from p54B8D173.dip.t-dialin.net[84.184.209.115]
> Jul 23 14:10:31 localhost postfix/smtpd[21985]: lost connection after CONNECT from p54B8D173.dip.t-dialin.net[84.184.209.115]
> Jul 23 14:10:31 localhost postfix/smtpd[21985]: disconnect from p54B8D173.dip.t-dialin.net[84.184.209.115]
> Jul 23 14:10:31 localhost postfix/smtpd[21985]: connect from p54B8D173.dip.t-dialin.net[84.184.209.115]
> Jul 23 14:10:31 localhost postfix/smtpd[21985]: warning: SASL authentication failure: cannot connect to saslauthd server: Permission denied
> Jul 23 14:10:31 localhost postfix/smtpd[21985]: warning: p54B8D173.dip.t-dialin.net[84.184.209.115]: SASL LOGIN authentication failed
> Jul 23 14:10:31 localhost postfix/smtpd[21985]: lost connection after AUTH from p54B8D173.dip.t-dialin.net[84.184.209.115]
> Jul 23 14:10:31 localhost postfix/smtpd[21985]: disconnect from p54B8D173.dip.t-dialin.net[84.184.209.115]
> Jul 23 14:10:32 localhost postfix/smtpd[21985]: connect from p54B8D173.dip.t-dialin.net[84.184.209.115]
> Jul 23 14:10:32 localhost postfix/smtpd[21985]: lost connection after CONNECT from p54B8D173.dip.t-dialin.net[84.184.209.115]
> Jul 23 14:10:32 localhost postfix/smtpd[21985]: disconnect from p54B8D173.dip.t-dialin.net[84.184.209.115]
> Jul 23 14:10:32 localhost postfix/smtpd[21985]: connect from p54B8D173.dip.t-dialin.net[84.184.209.115]
> Jul 23 14:10:32 localhost postfix/smtpd[21985]: warning: SASL authentication failure: cannot connect to saslauthd server: Permission denied
> Jul 23 14:10:32 localhost postfix/smtpd[21985]: warning: p54B8D173.dip.t-dialin.net[84.184.209.115]: SASL LOGIN authentication failed
> Jul 23 14:10:32 localhost postfix/smtpd[21985]: lost connection after AUTH from p54B8D173.dip.t-dialin.net[84.184.209.115]
> Jul 23 14:10:32 localhost postfix/smtpd[21985]: disconnect from p54B8D173.dip.t-dialin.net[84.184.209.115]
> ---------------------------------------------------------------------------------------------------------------
>
> ------------------------------------- /etc/pam.d/smtp -------------------------------------
> auth required /lib/security/pam_unix_auth.so
> account required /lib/security/pam_unix_acct.so
> password required /lib/security/pam_unix_passwd.so
> session required /lib/security/pam_unix_session.so
> ---------------------------------------------------------------------------------------------------------------
>
> ------------------------------------- /etc/postfix/sasl/smtpd.conf -------------------------------------
> pwcheck_method: saslauthd
> mech_list: plain login
> allow_plaintext: true
> ---------------------------------------------------------------------------------------------------------------
>
> Der saslauthd läuft ...
>
> Vielleicht kann mir ja jemand von Euch helfen !
>
> Henryk
>
> PS: OS = Debian 3.1 Sarge, kein Confixx o.ä.
> _____________________________________________________________________
> Der WEB.DE SmartSurfer hilft bis zu 70% Ihrer Onlinekosten zu sparen!
> http://smartsurfer.web.de/?mc=100071&distributionid=000000000071
>
> --
> _______________________________________________
> Postfixbuch-users mailingliste
> Heinlein Professional Linux Support GmbH
>
> Postfixbuch-users at listi.jpberlin.de
> http://listi.jpberlin.de/mailman/listinfo/postfixbuch-users
--
Das Postfix-Buch
<http://www.postfix-buch.com>
saslfinger (debugging SMTP AUTH):
<http://postfix.state-of-mind.de/patrick.koetter/saslfinger/>
Mehr Informationen über die Mailingliste Postfixbuch-users