[Postfixbuch-users] sasl problem

Patrick Ben Koetter p at state-of-mind.de
Mo Feb 4 08:57:45 CET 2008


Schick bitte mal "saslfinger -s" anstatt "-c".

p at rick



* Carsten Henkel <postfixbuch-users at listi.jpberlin.de>:
> Hallo ich habe ein Problem mit suse 10.3 und sasl. Der Client fagt nach 
> den Passwort und kommt dann nicht weiter.
> Anbei die Logs und Ausgaben der tools Postconf und Saslfinger.
> 
> maillog:
> Feb  3 22:20:23 server postfix/smtpd[20023]: < 
> p5492E808.dip.t-dialin.net[84.146.232.8]: AUTH CRAM-MD5
> Feb  3 22:20:23 server postfix/smtpd[20023]: xsasl_cyrus_server_first: 
> sasl_method CRAM-MD5
> Feb  3 22:20:23 server postfix/smtpd[20023]: 
> xsasl_cyrus_server_auth_response: uncoded server challenge: 
> <3586957780.10891358 at server.wunschradio.de>
> Feb  3 22:20:23 server postfix/smtpd[20023]: > 
> p5492E808.dip.t-dialin.net[84.146.232.8]: 334 
> PDM1ODY5NTc3ODAuMTA4OTEzNThAc2VydmVyLnd1bnNjaHJhZGlvLmRlPg==
> Feb  3 22:20:24 server postfix/smtpd[20023]: < 
> p5492E808.dip.t-dialin.net[84.146.232.8]: 
> Y2FzaUBiaW9iaWVuY2hlbi5kZSAyM2FhNTA2YTc4MjRhNDFkOGI0YzczZDNjNjEyOTkwMQ==
> Feb  3 22:20:24 server postfix/smtpd[20023]: xsasl_cyrus_server_next: 
> decoded response: casi at biobienchen.de 23aa506a7824a41d8b4c73d3c6129901
> Feb  3 22:20:24 server postfix/smtpd[20023]: warning: SASL 
> authentication failure: incorrect digest response
> Feb  3 22:20:24 server postfix/smtpd[20023]: warning: 
> p5492E808.dip.t-dialin.net[84.146.232.8]: SASL CRAM-MD5 authentication 
> failed: authentication failure
> Feb  3 22:20:24 server postfix/smtpd[20023]: > 
> p5492E808.dip.t-dialin.net[84.146.232.8]: 535 5.7.0 Error: 
> authentication failed: authentication failure
> 
> 
> saslfinger -c:
> saslfinger - postfix Cyrus sasl configuration So 3. Feb 22:21:44 CET 2008
> version: 1.0.2
> mode: client-side SMTP AUTH
> 
> -- basics --
> Postfix: 2.4.5
> System:
> Welcome to openSUSE 10.3 (i586) - Kernel \r (\l).
> 
> -- smtp is linked to --
>          libsasl2.so.2 => /usr/lib/libsasl2.so.2 (0xb7ee1000)
> 
> -- active SMTP AUTH and TLS parameters for smtp --
> relayhost =
> smtp_sasl_auth_enable = no
> smtp_use_tls = no
> 
> 
> -- listing of /usr/lib/sasl2 --
> insgesamt 464
> drwxr-xr-x  2 root root  4096  3. Feb 21:48 .
> drwxr-xr-x 63 root root 24576  3. Feb 21:48 ..
> -rwxr-xr-x  1 root root 14088 22. Sep 02:03 libanonymous.so
> -rwxr-xr-x  1 root root 14088 22. Sep 02:03 libanonymous.so.2
> -rwxr-xr-x  1 root root 14088 22. Sep 02:03 libanonymous.so.2.0.22
> -rwxr-xr-x  1 root root 18180 22. Sep 02:03 libcrammd5.so
> -rwxr-xr-x  1 root root 18180 22. Sep 02:03 libcrammd5.so.2
> -rwxr-xr-x  1 root root 18180 22. Sep 02:03 libcrammd5.so.2.0.22
> -rwxr-xr-x  1 root root 47200 22. Sep 02:03 libdigestmd5.so
> -rwxr-xr-x  1 root root 47200 22. Sep 02:03 libdigestmd5.so.2
> -rwxr-xr-x  1 root root 47200 22. Sep 02:03 libdigestmd5.so.2.0.22
> -rwxr-xr-x  1 root root 14084 22. Sep 02:03 liblogin.so
> -rwxr-xr-x  1 root root 14084 22. Sep 02:03 liblogin.so.2
> -rwxr-xr-x  1 root root 14084 22. Sep 02:03 liblogin.so.2.0.22
> -rwxr-xr-x  1 root root 18180 22. Sep 02:03 libplain.so
> -rwxr-xr-x  1 root root 18180 22. Sep 02:03 libplain.so.2
> -rwxr-xr-x  1 root root 18180 22. Sep 02:03 libplain.so.2.0.22
> -rwxr-xr-x  1 root root 22228 22. Sep 02:03 libsasldb.so
> -rwxr-xr-x  1 root root 22228 22. Sep 02:03 libsasldb.so.2
> -rwxr-xr-x  1 root root 22228 22. Sep 02:03 libsasldb.so.2.0.22
> -rw-r--r--  1 root root   129  3. Feb 21:36 smtpd.conf
> 
> -- listing of /etc/sasl2 --
> insgesamt 20
> drwxr-xr-x  2 root root 4096  3. Feb 22:19 .
> drwxr-xr-x 69 root root 4096  3. Feb 22:02 ..
> -rw-------  1 root root  128  3. Feb 22:19 smtpd.conf
> -rw-------  1 root root   49  3. Feb 00:49 smtpd.conf.old
> -rw-------  1 root root  104  3. Feb 17:33 smtpd.conf.rpmsave
> 
> 
> Cannot find the smtp_sasl_password_maps parameter in main.cf.
> Client-side SMTP AUTH cannot work without this parameter!
> 
> /etc/sals2/smtpd.conf:
> log_level: 7
> pwcheck_method: auxprop
> mech_list: PLAIN LOGIN CRAM-MD5 DIGEST-MD5
> auxprop_plugin: sasldb
> sasldb_path: /etc/sasldb2
> 
> postconf -n:
> alias_database = hash:/etc/aliases
> alias_maps = hash:/etc/aliases
> biff = no
> broken_sasl_auth_clients = yes
> canonical_maps = hash:/etc/postfix/canonical
> command_directory = /usr/sbin
> config_directory = /etc/postfix
> content_filter = amavisd-new:[127.0.0.1]:10024
> daemon_directory = /usr/lib/postfix
> debug_peer_level = 7
> defer_transports =
> disable_dns_lookups = no
> disable_mime_output_conversion = no
> header_checks = regexp:/etc/postfix/header_checks
> html_directory = /usr/share/doc/packages/postfix/html
> inet_interfaces = localhost
> inet_protocols = all
> mail_owner = postfix
> mail_spool_directory = /var/mail
> mailbox_command =
> mailbox_size_limit = 0
> mailbox_transport =
> mailq_path = /usr/bin/mailq
> manpage_directory = /usr/share/man
> masquerade_classes = envelope_sender, header_sender, header_recipient
> masquerade_domains =
> masquerade_exceptions = root
> message_size_limit = 10240000
> mydestination = $myhostname, localhost.$mydomain
> mydomain = server.wunschradio.de
> myhostname = server.wunschradio.de
> mynetworks = 85.214.63.178, 127.0.0.0/8
> mynetworks_style = subnet
> newaliases_path = /usr/bin/newaliases
> queue_directory = /var/spool/postfix
> readme_directory = /usr/share/doc/packages/postfix/README_FILES
> relayhost =
> relocated_maps = hash:/etc/postfix/relocated
> sample_directory = /usr/share/doc/packages/postfix/samples
> sender_canonical_maps = hash:/etc/postfix/sender_canonical
> sendmail_path = /usr/sbin/sendmail
> setgid_group = maildrop
> smtp_sasl_auth_enable = no
> smtp_use_tls = no
> smtpd_banner = $myhostname ESMTP $mail_name
> smtpd_client_restrictions =
> smtpd_helo_required = no
> smtpd_helo_restrictions =
> smtpd_recipient_restrictions = reject_non_fqdn_recipient 
> reject_non_fqdn_sender    permit_sasl_authenticated    permit_mynetworks 
>     reject_unauth_destination    check_client_access 
> hash:/etc/postfix/client_access    reject_non_fqdn_hostname 
> reject_invalid_hostname    reject_rbl_client sbl-xbl.spamhaus.org, 
> reject_rbl_client dul.dnsbl.sorbs.net,    reject_rhsbl_client 
> blackhole.securitysage.com,    reject_rhsbl_sender 
> blackhole.securitysage.com,    reject_rhsbl_sender rhsbl.sorbs.n    permit
> smtpd_sasl_auth_enable = yes
> smtpd_sasl_local_domain = $myhostname
> smtpd_sasl_security_options = noanonymous, noplaintext
> smtpd_sender_restrictions = hash:/etc/postfix/access
> smtpd_use_tls = no
> strict_8bitmime = no
> strict_rfc821_envelopes = no
> transport_maps = hash:/etc/postfix/transport
> unknown_local_recipient_reject_code = 550
> virtual_alias_domains = hash:/etc/postfix/virtual
> virtual_alias_maps = hash:/etc/postfix/virtual_users
> 
> Kann mir bitte jemand auf die Sprünge helfen ?
> 
> Gruß und Danke
> -- 
> _______________________________________________
> Postfixbuch-users -- http://www.postfixbuch.de
> Heinlein Professional Linux Support GmbH
> 
> Postfixbuch-users at listi.jpberlin.de
> https://listi.jpberlin.de/mailman/listinfo/postfixbuch-users

-- 
Postfix - Einrichtung, Betrieb und Wartung
<http://www.postfix-buch.com>
saslfinger (debugging SMTP AUTH):
<http://postfix.state-of-mind.de/patrick.koetter/saslfinger/>



Mehr Informationen über die Mailingliste Postfixbuch-users