[Postfixbuch-users] Porblem mit dem Senden von Nachrichten (Postfix, Debian, Thunderbird)
Metin Özkan
metin.oezkan at web.de
Di Mai 2 20:25:20 CEST 2006
Hallo Liste!
Ich bin ja schon einige Schritte weiter. Immerhin kann ich nun schon die
Pop3 - Fächer abrufen.
Nur mit dieser besch... Smtp-Auth Geschichte komm' ich einfach nihct klar.
Ich hangele mich schon seit mehreren Stunden von einem Thread zum anderen,
und kopiere hier was rein, nehme da was raus...
Meine main.cf sieht jetzt so aus:
# /etc/postfix/main.cf
smtpd_banner = $myhostname ESMTP $mail_name (Debian/GNU)
biff = no
command_directory = /usr/sbin
mail_owner = postfix
default_privs = nobody
mydomain = domain.de
myhostname = mail.domain.de
myorigin = $mydomain
alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases
inet_interfaces = all
mydestination = $mydomain, $myhostname, localhost.$mydomain
mynetworks_style = subnet
home_mailbox = Maildir/
mail_spool_directory = /var/mail
mtpd_banner = $myhostname ESMTP $mail_name
mailbox_size_limit = 0
recipient_delimiter = +
smtp_sasl_auth_enable = yes
smtp_use_tls = yes
smtp_tls_key_file = /etc/postfix/newreq.pem
smtp_tls_cert_file = /etc/postfix/newcert.pem
smtp_tls_CAfile = /etc/postfix/cacert.pem
smtp_sasl_password_maps = hash:/etc/postfix/smtp_auth
smtpd_sasl_auth_enable = yes
smtpd_sasl2_auth_enable = yes
smtpd_sasl_security_options = noanonymous
broken_sasl_auth_clients = yes
smtpd_sasl_local_domain = $mydomain
smtpd_recipient_restrictions = permit_sasl_authenticated,
permit_mynetworks, reject_unauth_destination
smtpd_use_tls = yes
smtpd_tls_auth_only = yes
smtpd_tls_key_file = /etc/postfix/newreq.pem
smtpd_tls_cert_file = /etc/postfix/newcert.pem
smtpd_tls_CAfile = /etc/postfix/cacert.pem
smtpd_tls_loglevel = 3
smtpd_tls_received_header = yes
smtpd_tls_session_cached_timeout = 3600s
tls_random_source = dev:/dev/urandom
Wenn ich mit Thunderbird versuche eine Mail abzusenden, kommt die
Passworteingabe, in die ich
brav mein Passwort eingebe. Aber immer und immer wieder.
Im mail.log steht folgendes:
May 2 17:51:49 h123456 postfix/smtpd[5448]: starting TLS engine
May 2 17:51:49 h123456 postfix/smtpd[5448]: connect from
unknown[xxx.xxx.xxx.xxx]
May 2 17:51:49 h123456 postfix/smtpd[5448]: setting up TLS connection
from unknown[xxx.xxx.xxx.xxx]
May 2 17:51:49 h123456 postfix/smtpd[5448]: SSL_accept:before/accept
initialization
May 2 17:51:49 h123456 postfix/smtpd[5448]: read from 08089DB8
[080934A8] (11 bytes => -1 (0xFFFFFFFF))
May 2 17:51:49 h123456 postfix/smtpd[5448]: SSL_accept:error in SSLv2/v3
read client hello A
May 2 17:51:49 h123456 postfix/smtpd[5448]: read from 08089DB8
[080934A8] (11 bytes => 11 (0xB))
May 2 17:51:49 h123456 postfix/smtpd[5448]: 0000 16 03 01 00 73 01 00
00|6f 03 01 ....s... o..
May 2 17:51:49 h123456 postfix/smtpd[5448]: read from 08089DB8
[080934B3] (109 bytes => -1 (0xFFFFFFFF))
May 2 17:51:49 h123456 postfix/smtpd[5448]: SSL_accept:error in SSLv3
read client hello B
May 2 17:51:49 h123456 postfix/smtpd[5448]: SSL_accept:error in SSLv3
read client hello B
May 2 17:51:49 h123456 postfix/smtpd[5448]: read from 08089DB8
[080934B3] (109 bytes => 109 (0x6D)) # - sonstwas - #
May 2 17:51:49 h123456 postfix/smtpd[5448]: 0060 fe 00 09 00 64 00 62
00|03 00 06 01 ....d.b. ....
May 2 17:51:49 h123456 postfix/smtpd[5448]: 006d - <SPACES/NULS>?
May 2 17:51:49 h123456 postfix/smtpd[5448]: SSL_accept:SSLv3 read client
hello B
May 2 17:51:49 h123456 postfix/smtpd[5448]: SSL_accept:SSLv3 write
server hello A
May 2 17:51:49 h123456 postfix/smtpd[5448]: SSL_accept:SSLv3 write
certificate A
May 2 17:51:49 h123456 postfix/smtpd[5448]: SSL_accept:SSLv3 write key
exchange A
May 2 17:51:49 h123456 postfix/smtpd[5448]: SSL_accept:SSLv3 write
server done A
May 2 17:51:49 h123456 postfix/smtpd[5448]: write to 08089DB8 [080A15F8]
(1431 bytes => 1431 (0x597))
May 2 17:51:49 h123456 postfix/smtpd[5448]: 0000 16 03 01 00 4a 02 00
00|46 03 01 44 57 80 15 f3 ....J... F..DW...
May 2 17:51:49 h123456 postfix/smtpd[5448]: 0010 ed 31 f7 c1 a3 66 4f
75|95 87 ae 6c 8e 2c e7 ef .1...fOu ...l.,..
May 2 17:51:49 h123456 postfix/smtpd[5448]: 0020 df f7 e2 17 47 a6 6a
22|07 58 74 20 cc 19 f7 6f ....G.j" .Xt ...o
May 2 17:51:49 h123456 postfix/smtpd[5448]: 0030 92 e4 00 05 30 e5 a5
c8|01 f4 a6 c3 9a f3 ff de ....0... ........ # - zertifikat - #
May 2 17:51:49 h123456 postfix/smtpd[5448]: 0580 7a 68 3a 4a 00 52 c3
67|87 e6 3f 95 a4 d6 16 03 zh:J.R.g ..?.....
May 2 17:51:49 h123456 postfix/smtpd[5448]: 0590 01 00 04 0e ....
May 2 17:51:49 h123456 postfix/smtpd[5448]: 0597 - <SPACES/NULS>?
May 2 17:51:49 h123456 postfix/smtpd[5448]: SSL_accept:SSLv3 flush data
May 2 17:51:49 h123456 postfix/smtpd[5448]: read from 08089DB8
[080934A8] (5 bytes => -1 (0xFFFFFFFF))
May 2 17:51:49 h123456 postfix/smtpd[5448]: SSL_accept:error in SSLv3
read client certificate A
May 2 17:51:49 h123456 postfix/smtpd[5448]: read from 08089DB8
[080934A8] (5 bytes => 5 (0x5))
May 2 17:51:49 h123456 postfix/smtpd[5448]: 0000 16 03 01 00 86 .....
May 2 17:51:49 h123456 postfix/smtpd[5448]: read from 08089DB8
[080934AD] (134 bytes => -1 (0xFFFFFFFF))
May 2 17:51:49 h123456 postfix/smtpd[5448]: SSL_accept:error in SSLv3
read client certificate A
May 2 17:51:49 h123456 postfix/smtpd[5448]: read from 08089DB8
[080934AD] (134 bytes => 134 (0x86))
May 2 17:51:49 h123456 postfix/smtpd[5448]: 0000 10 00 00 82 00 80 5b
5f|8a c2 6b ca c2 2c 64 b1 ......[_ ..k..,d. # - sonstwas - #
May 2 17:51:49 h123456 postfix/smtpd[5448]: 0070 56 02 50 9f a1 7d 38
c8|c1 a6 f6 05 88 53 9c 41 V.P..}8. .....S.A
May 2 17:51:49 h123456 postfix/smtpd[5448]: 0080 c8 50 6b 15 21 f5 .Pk.!.
May 2 17:51:49 h123456 postfix/smtpd[5448]: SSL_accept:SSLv3 read client
key exchange A
May 2 17:51:49 h123456 postfix/smtpd[5448]: read from 08089DB8
[080934A8] (5 bytes => -1 (0xFFFFFFFF))
May 2 17:51:49 h123456 postfix/smtpd[5448]: SSL_accept:error in SSLv3
read certificate verify A
May 2 17:51:49 h123456 postfix/smtpd[5448]: read from 08089DB8
[080934A8] (5 bytes => 5 (0x5))
May 2 17:51:49 h123456 postfix/smtpd[5448]: 0000 14 03 01 00 01 .....
May 2 17:51:49 h123456 postfix/smtpd[5448]: read from 08089DB8
[080934AD] (1 bytes => -1 (0xFFFFFFFF))
May 2 17:51:49 h123456 postfix/smtpd[5448]: SSL_accept:error in SSLv3
read certificate verify A
May 2 17:51:49 h123456 postfix/smtpd[5448]: read from 08089DB8
[080934AD] (1 bytes => 1 (0x1))
May 2 17:51:49 h123456 postfix/smtpd[5448]: 0000 01 .
May 2 17:51:49 h123456 postfix/smtpd[5448]: read from 08089DB8
[080934A8] (5 bytes => -1 (0xFFFFFFFF))
May 2 17:51:49 h123456 postfix/smtpd[5448]: SSL_accept:error in SSLv3
read certificate verify A
May 2 17:51:49 h123456 postfix/smtpd[5448]: read from 08089DB8
[080934A8] (5 bytes => 5 (0x5))
May 2 17:51:49 h123456 postfix/smtpd[5448]: 0000 16 03 01 00 30 ....0
May 2 17:51:49 h123456 postfix/smtpd[5448]: read from 08089DB8
[080934AD] (48 bytes => -1 (0xFFFFFFFF))
May 2 17:51:49 h123456 postfix/smtpd[5448]: SSL_accept:error in SSLv3
read certificate verify A
May 2 17:51:49 h123456 postfix/smtpd[5448]: read from 08089DB8
[080934AD] (48 bytes => 48 (0x30))
May 2 17:51:49 h123456 postfix/smtpd[5448]: 0000 42 a4 71 27 e8 3b a4
f4|71 6b 89 ac 88 ac cb 2f B.q'.;.. qk...../
May 2 17:51:49 h123456 postfix/smtpd[5448]: 0010 25 21 55 14 89 b5 41
e0|fe 51 33 4d b0 d8 cc bd %!U...A. .Q3M....
May 2 17:51:49 h123456 postfix/smtpd[5448]: 0020 88 bb 42 81 45 77 d9
1b|21 de 49 a4 35 0f 51 7c ..B.Ew.. !.I.5.Q|
May 2 17:51:49 h123456 postfix/smtpd[5448]: SSL_accept:SSLv3 read
finished A
May 2 17:51:49 h123456 postfix/smtpd[5448]: SSL_accept:SSLv3 write
change cipher spec A
May 2 17:51:49 h123456 postfix/smtpd[5448]: SSL_accept:SSLv3 write
finished A
May 2 17:51:49 h123456 postfix/smtpd[5448]: write to 08089DB8 [080A15F8]
(59 bytes => 59 (0x3B))
May 2 17:51:49 h123456 postfix/smtpd[5448]: 0000 14 03 01 00 01 01 16
03|01 00 30 24 e3 d9 3a 12 ........ ..0$..:.
May 2 17:51:49 h123456 postfix/smtpd[5448]: 0010 e8 1a 16 11 61 58 43
4b|e5 21 42 53 56 72 6a 69 ....aXCK .!BSVrji
May 2 17:51:49 h123456 postfix/smtpd[5448]: 0020 f0 bc c4 3f 21 1c fe
3a|a6 69 21 f5 68 38 53 c2 ...?!..: .i!.h8S.
May 2 17:51:49 h123456 postfix/smtpd[5448]: 0030 cc 8d 37 42 15 2b 8a
7a|59 f3 47 ..7B.+.z Y.G
May 2 17:51:49 h123456 postfix/smtpd[5448]: SSL_accept:SSLv3 flush data
May 2 17:51:49 h123456 postfix/smtpd[5448]: TLS connection established
from unknown[xxx.xxx.xxx.xxx]: TLSv1 with cipher DHE-RSA-AES256-SHA
(256/256 bits)
May 2 17:51:53 h123456 postfix/smtpd[5448]: warning: SASL authentication
failure: no secret in database
May 2 17:51:53 h123456 postfix/smtpd[5448]: warning:
unknown[xxx.xxx.xxx.xxx]: SASL CRAM-MD5 authentication failed
May 2 17:51:53 h123456 postfix/smtpd[5448]: warning: SASL authentication
failure: no secret in database
May 2 17:51:53 h123456 postfix/smtpd[5448]: warning:
unknown[xxx.xxx.xxx.xxx]: SASL NTLM authentication failed
May 2 17:51:53 h123456 postfix/smtpd[5448]: warning: SASL authentication
problem: unknown password verifier
May 2 17:51:53 h123456 postfix/smtpd[5448]: warning: SASL authentication
failure: Password verification failed
May 2 17:51:53 h123456 postfix/smtpd[5448]: warning:
unknown[xxx.xxx.xxx.xxx]: SASL PLAIN authentication failed
May 2 17:51:54 h123456 postfix/smtpd[5448]: warning: SASL authentication
problem: unknown password verifier
May 2 17:51:54 h123456 postfix/smtpd[5448]: warning:
unknown[xxx.xxx.xxx.xxx]: SASL LOGIN authentication failed
May 2 17:51:56 h123456 postfix/smtpd[5448]: lost connection after AUTH
from unknown[xxx.xxx.xxx.xxx]
May 2 17:51:56 h123456 postfix/smtpd[5448]: disconnect from
unknown[xxx.xxx.xxx.xxx]
# saslfinger -c
saslfinger - postfix Cyrus sasl configuration Di Mai 2 17:55:39 CEST 2006
version: 1.0
mode: client-side SMTP AUTH
-- basics --
Postfix: 2.1.5
System: Debian GNU/Linux 3.1 \n \l
-- smtp is linked to --
libsasl2.so.2 => /usr/lib/libsasl2.so.2 (0x4019e000)
-- active SMTP AUTH and TLS parameters for smtp --
smtp_sasl_auth_enable = yes
smtp_sasl_password_maps = hash:/etc/postfix/smtp_auth
smtp_tls_CAfile = /etc/postfix/cacert.pem
smtp_tls_cert_file = /etc/postfix/newcert.pem
smtp_tls_key_file = /etc/postfix/newreq.pem
smtp_use_tls = yes
-- listing of /usr/lib/sasl2 --
insgesamt 840
drwxr-xr-x 2 root root 4096 2006-05-02 14:08 .
drwxr-xr-x 25 root root 4096 2006-05-02 17:41 ..
-rw-r--r-- 1 root root 13492 2006-04-24 19:27 libanonymous.a
-rw-r--r-- 1 root root 851 2006-04-24 19:26 libanonymous.la
-rw-r--r-- 1 root root 13824 2006-04-24 19:27 libanonymous.so
-rw-r--r-- 1 root root 13824 2006-04-24 19:27 libanonymous.so.2
-rw-r--r-- 1 root root 13824 2006-04-24 19:27 libanonymous.so.2.0.19
-rw-r--r-- 1 root root 16298 2006-04-24 19:27 libcrammd5.a
-rw-r--r-- 1 root root 837 2006-04-24 19:26 libcrammd5.la
-rw-r--r-- 1 root root 16180 2006-04-24 19:27 libcrammd5.so
-rw-r--r-- 1 root root 16180 2006-04-24 19:27 libcrammd5.so.2
-rw-r--r-- 1 root root 16180 2006-04-24 19:27 libcrammd5.so.2.0.19
-rw-r--r-- 1 root root 47520 2006-04-24 19:27 libdigestmd5.a
-rw-r--r-- 1 root root 860 2006-04-24 19:26 libdigestmd5.la
-rw-r--r-- 1 root root 43944 2006-04-24 19:27 libdigestmd5.so
-rw-r--r-- 1 root root 43944 2006-04-24 19:27 libdigestmd5.so.2
-rw-r--r-- 1 root root 43944 2006-04-24 19:27 libdigestmd5.so.2.0.19
-rw-r--r-- 1 root root 13726 2006-04-24 19:27 liblogin.a
-rw-r--r-- 1 root root 831 2006-04-24 19:26 liblogin.la
-rw-r--r-- 1 root root 14028 2006-04-24 19:27 liblogin.so
-rw-r--r-- 1 root root 14028 2006-04-24 19:27 liblogin.so.2
-rw-r--r-- 1 root root 14028 2006-04-24 19:27 liblogin.so.2.0.19
-rw-r--r-- 1 root root 31248 2006-04-24 19:27 libntlm.a
-rw-r--r-- 1 root root 825 2006-04-24 19:26 libntlm.la
-rw-r--r-- 1 root root 30692 2006-04-24 19:27 libntlm.so
-rw-r--r-- 1 root root 30692 2006-04-24 19:27 libntlm.so.2
-rw-r--r-- 1 root root 30692 2006-04-24 19:27 libntlm.so.2.0.19
-rw-r--r-- 1 root root 20142 2006-04-24 19:27 libotp.a
-rw-r--r-- 1 root root 825 2006-04-24 19:26 libotp.la
-rw-r--r-- 1 root root 43184 2006-04-24 19:27 libotp.so
-rw-r--r-- 1 root root 43184 2006-04-24 19:27 libotp.so.2
-rw-r--r-- 1 root root 43184 2006-04-24 19:27 libotp.so.2.0.19
-rw-r--r-- 1 root root 13886 2006-04-24 19:27 libplain.a
-rw-r--r-- 1 root root 831 2006-04-24 19:26 libplain.la
-rw-r--r-- 1 root root 14096 2006-04-24 19:27 libplain.so
-rw-r--r-- 1 root root 14096 2006-04-24 19:27 libplain.so.2
-rw-r--r-- 1 root root 14096 2006-04-24 19:27 libplain.so.2.0.19
-rw-r--r-- 1 root root 21810 2006-04-24 19:27 libsasldb.a
-rw-r--r-- 1 root root 852 2006-04-24 19:26 libsasldb.la
-rw-r--r-- 1 root root 18692 2006-04-24 19:27 libsasldb.so
-rw-r--r-- 1 root root 18692 2006-04-24 19:27 libsasldb.so.2
-rw-r--r-- 1 root root 18692 2006-04-24 19:27 libsasldb.so.2.0.19
Ich hab auch mal saslfinger installiert. Ausgabe:
-- permissions for /etc/postfix/smtp_auth --
-rw-r--r-- 1 root root 33 2006-05-02 16:32 /etc/postfix/smtp_auth
-- permissions for /etc/postfix/smtp_auth.db --
-rw-r--r-- 1 root root 12288 2006-05-02 17:33 /etc/postfix/smtp_auth.db
/etc/postfix/smtp_auth.db is up to date.
-- active services in /etc/postfix/master.cf --
# service type private unpriv chroot wakeup maxproc command + args
# (yes) (yes) (yes) (never) (100)
smtp inet n - - - - smtpd
pickup fifo n - - 60 1 pickup
cleanup unix n - - - 0 cleanup
qmgr fifo n - - 300 1 qmgr
rewrite unix - - - - - trivial-rewrite
bounce unix - - - - 0 bounce
defer unix - - - - 0 bounce
trace unix - - - - 0 bounce
verify unix - - - - 1 verify
flush unix n - - 1000? 0 flush
proxymap unix - - n - - proxymap
smtp inet n - n - - smtpd
relay unix - - - - - smtp
showq unix n - - - - showq
error unix - - - - - error
local unix - n n - - local
virtual unix - n n - - virtual
lmtp unix - - n - - lmtp
anvil unix - - n - 1 anvil
maildrop unix - n n - - pipe
flags=DRhu user=vmail argv=/usr/local/bin/maildrop -d ${recipient}
uucp unix - n n - - pipe
flags=Fqhu user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail
($recipient)
ifmail unix - n n - - pipe
flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient)
bsmtp unix - n n - - pipe
flags=Fq. user=bsmtp argv=/usr/lib/bsmtp/bsmtp -d -t$nexthop -f$sender
$recipient
scalemail-backend unix - n n - 2 pipe
flags=R user=scalemail argv=/usr/lib/scalemail/bin/scalemail-store
${nexthop} ${user} ${extension}
-- mechanisms on mail.domain.de --
Eine /etc/postfix/sasl/smptd.conf hat ganz gefehlt. Die hab ich dann mal
angelegt und "pwcheck_method: PAM" hinein geschrieben.
HIIILLLFFFFEEEEE!!!
Vielen Dank für die Mühe
Metin
Mehr Informationen über die Mailingliste Postfixbuch-users