[Postfixbuch-users] postfix und sasldb funktioniert nicht

Steffen Diehl st.diehl at gmx.de
Mo Jul 23 23:20:05 CEST 2007


So, habe sasl jetzt aus den chroot-jail rausgenommen. Leider
funktioniert es immer noch nicht mit testsaslauthd funktioniert die
Authentifizierung. Also scheint sasl prinzipiell ja zu funktionieren.
Hier mal der output von postconf -n

alias_maps = hash:/etc/postfix/aliases
broken_sasl_auth_clients = yes
config_directory = /etc/postfix
home_mailbox = Maildir/
mydestination = $mydomain,   $myhostname,   localhost,
localhost.$mydomain
myhostname = mail.localdomain.de
myorigin = $mydomain
smtpd_recipient_restrictions = permit_sasl_authenticated, mynetworks,
reject_unauth_destination
smtpd_sasl_auth_enable = yes
smtpd_sasl_local_domain =
smtpd_sasl_security_options = noanonymous

und hier der output von saslfinger

-- basics --
Postfix: 2.3.8
System: Ubuntu 7.04 \n \l

-- smtpd is linked to --
        libsasl2.so.2 => /usr/lib/libsasl2.so.2 (0xb7d80000)

-- active SMTP AUTH and TLS parameters for smtpd --
broken_sasl_auth_clients = yes
smtpd_sasl_auth_enable = yes
smtpd_sasl_local_domain =
smtpd_sasl_security_options = noanonymous


-- listing of /usr/lib/sasl2 --
insgesamt 740
drwxr-xr-x   2 root root  4096 2007-07-23 23:05 .
drwxr-xr-x 180 root root 53248 2007-07-22 00:40 ..
-rw-r--r--   1 root root 13640 2007-01-09 11:33 libanonymous.a
-rw-r--r--   1 root root   855 2007-01-09 11:33 libanonymous.la
-rw-r--r--   1 root root 13240 2007-01-09 11:33 libanonymous.so
-rw-r--r--   1 root root 13240 2007-01-09 11:33 libanonymous.so.2
-rw-r--r--   1 root root 13240 2007-01-09 11:33 libanonymous.so.2.0.22
-rw-r--r--   1 root root 15942 2007-01-09 11:33 libcrammd5.a
-rw-r--r--   1 root root   841 2007-01-09 11:33 libcrammd5.la
-rw-r--r--   1 root root 15704 2007-01-09 11:33 libcrammd5.so
-rw-r--r--   1 root root 15704 2007-01-09 11:33 libcrammd5.so.2
-rw-r--r--   1 root root 15704 2007-01-09 11:33 libcrammd5.so.2.0.22
-rw-r--r--   1 root root 47348 2007-01-09 11:33 libdigestmd5.a
-rw-r--r--   1 root root   864 2007-01-09 11:33 libdigestmd5.la
-rw-r--r--   1 root root 43884 2007-01-09 11:33 libdigestmd5.so
-rw-r--r--   1 root root 43884 2007-01-09 11:33 libdigestmd5.so.2
-rw-r--r--   1 root root 43884 2007-01-09 11:33 libdigestmd5.so.2.0.22
-rw-r--r--   1 root root 13650 2007-01-09 11:33 liblogin.a
-rw-r--r--   1 root root   835 2007-01-09 11:33 liblogin.la
-rw-r--r--   1 root root 14036 2007-01-09 11:33 liblogin.so
-rw-r--r--   1 root root 14036 2007-01-09 11:33 liblogin.so.2
-rw-r--r--   1 root root 14036 2007-01-09 11:33 liblogin.so.2.0.22
-rw-r--r--   1 root root 30516 2007-01-09 11:33 libntlm.a
-rw-r--r--   1 root root   829 2007-01-09 11:33 libntlm.la
-rw-r--r--   1 root root 29876 2007-01-09 11:33 libntlm.so
-rw-r--r--   1 root root 29876 2007-01-09 11:33 libntlm.so.2
-rw-r--r--   1 root root 29876 2007-01-09 11:33 libntlm.so.2.0.22
-rw-r--r--   1 root root 13938 2007-01-09 11:33 libplain.a
-rw-r--r--   1 root root   835 2007-01-09 11:33 libplain.la
-rw-r--r--   1 root root 14036 2007-01-09 11:33 libplain.so
-rw-r--r--   1 root root 14036 2007-01-09 11:33 libplain.so.2
-rw-r--r--   1 root root 14036 2007-01-09 11:33 libplain.so.2.0.22
-rw-r--r--   1 root root 22150 2007-01-09 11:33 libsasldb.a
-rw-r--r--   1 root root   856 2007-01-09 11:33 libsasldb.la
-rw-r--r--   1 root root 18372 2007-01-09 11:33 libsasldb.so
-rw-r--r--   1 root root 18372 2007-01-09 11:33 libsasldb.so.2
-rw-r--r--   1 root root 18372 2007-01-09 11:33 libsasldb.so.2.0.22
-rw-r--r--   1 root root   291 2007-07-23 23:05 smtpd.conf




-- content of /usr/lib/sasl2/smtpd.conf --
#smtpd.conf for use with sasl2

#set level of logging
log_level: 7


#set authentification details
pwcheck_method: auxprop
#mechanism which are offered for the exchange of authorization data
mech_list: PLAIN LOGIN CRAM-MD5 DIGEST-MD5
#Plugin for password verification
auxprop_plugin: sasldb

-- content of /etc/postfix/sasl/smtpd.conf --
#smtpd.conf for use with sasl2

#set level of logging
log_level: 7

#set authentification details
pwcheck_method: auxprop
#mechanism which are offered for the exchange of authorization data
mech_list: PLAIN LOGIN CRAM-MD5 DIGEST-MD5
#Plugin for password verification
auxprop_plugin: sasldb


-- active services in /etc/postfix/master.cf --
# service type  private unpriv  chroot  wakeup  maxproc command + args
#               (yes)   (yes)   (yes)   (never) (100)
smtp      inet  n       -       n       -       -       smtpd
pickup    fifo  n       -       n       60      1       pickup
cleanup   unix  n       -       n       -       0       cleanup
qmgr      fifo  n       -       n       300     1       qmgr
tlsmgr    unix  -       -       n       1000?   1       tlsmgr
rewrite   unix  -       -       n       -       -       trivial-rewrite
bounce    unix  -       -       n       -       0       bounce
defer     unix  -       -       n       -       0       bounce
trace     unix  -       -       n       -       0       bounce
verify    unix  -       -       n       -       1       verify
flush     unix  n       -       n       1000?   0       flush
proxymap  unix  -       -       n       -       -       proxymap
smtp      unix  -       -       n       -       -       smtp
relay     unix  -       -       n       -       -       smtp
        -o fallback_relay=
showq     unix  n       -       n       -       -       showq
error     unix  -       -       n       -       -       error
discard   unix  -       -       n       -       -       discard
local     unix  -       n       n       -       -       local
virtual   unix  -       n       n       -       -       virtual
lmtp      unix  -       -       n       -       -       lmtp
anvil     unix  -       -       n       -       1       anvil
scache    unix  -       -       n       -       1       scache
maildrop  unix  -       n       n       -       -       pipe
  flags=DRhu user=vmail argv=/usr/bin/maildrop -d ${recipient}
uucp      unix  -       n       n       -       -       pipe
  flags=Fqhu user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail
($recipient)
ifmail    unix  -       n       n       -       -       pipe
  flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient)
bsmtp     unix  -       n       n       -       -       pipe
  flags=Fq. user=bsmtp argv=/usr/lib/bsmtp/bsmtp -t$nexthop -f$sender
$recipient
scalemail-backend unix  -       n       n       -       2       pipe
  flags=R user=scalemail argv=/usr/lib/scalemail/bin/scalemail-store
${nexthop} ${user} ${extension}
mailman   unix  -       n       n       -       -       pipe
  flags=FR user=list argv=/usr/lib/mailman/bin/postfix-to-mailman.py
  ${nexthop} ${user}

-- mechanisms on localhost --
250-AUTH PLAIN LOGIN DIGEST-MD5 CRAM-MD5
250-AUTH=PLAIN LOGIN DIGEST-MD5 CRAM-MD5


-- end of saslfinger output --

Postfix allein läuft übrigens auch..zumindest ohne sasl

wenn ich jetzt über ne telnet-Verbindung ein AUTH-PLAIN starte, bekomme
ich folgende Meldung:
535 5.7.0 Error: authentication failed: bad protocol / cancel

Wo liegt mein Fehler...hatte ja bisher das chroot im Verdacht, aber
nachdem der Postfix da raus ist, kann ich es ausschließen.

Danke schon mal für die Hilfe!

Gruß

Steffen








Mehr Informationen über die Mailingliste Postfixbuch-users