[Postfixbuch-users] postfix/smtpd:?SASLLOGINauthenticationfailed: authentication failure
Christopher Dove
dove at sim-hiorg.de
Di Jan 15 09:34:04 CET 2008
EHLO mail.sim-hiorg.de
250-mail.sim-hiorg.de
250-PIPELINING
250-SIZE 10240000
250-VRFY
250-ETRN
250-AUTH DIGEST-MD5 CRAM-MD5 LOGIN PLAIN
250-AUTH=DIGEST-MD5 CRAM-MD5 LOGIN PLAIN
250-ENHANCEDSTATUSCODES
250-8BITMIME
250 DSN
AUTH PLAIN AHRlc3RAc2ltLWhpb3JnLmRlAHRlc3Q=
535 5.7.0 Error: authentication failed: authentication failure
QUIT
221 2.0.0 Bye
Connection closed by foreign host.
Das kam dabei raus
On Tue, 15 Jan 2008 08:50:34 +0100, Patrick Ben Koetter
<p at state-of-mind.de> wrote:
>
> * Christopher Dove <dove at sim-hiorg.de>:
>>
>> saslfinger - postfix Cyrus sasl configuration Tue Jan 15 07:17:03 CET
> 2008
>> version: 1.0.5
>> mode: server-side SMTP AUTH
>>
>> -- basics --
>> Postfix: 2.3.8
>> System: Debian GNU/Linux 4.0 \n \l
>>
>> -- smtpd is linked to --
>> libsasl2.so.2 => /usr/lib/libsasl2.so.2 (0x00002b23525c8000)
>>
>> -- active SMTP AUTH and TLS parameters for smtpd --
>> broken_sasl_auth_clients = yes
>> smtpd_sasl_auth_enable = yes
>> smtpd_sasl_local_domain = $myhostname
>> smtpd_sasl_security_options = noanonymous
>>
>>
>> -- listing of /usr/lib64/sasl2 --
>
> okay
>
>>
>> -- listing of /usr/lib/sasl2 --
> okay
>
>
>> -- listing of /etc/postfix/sasl --
>> total 12
>> drwxr-xr-x 2 root root 4096 2007-11-08 21:20 .
>> drwxr-xr-x 4 root root 4096 2008-01-03 23:58 ..
>> -rw-r--r-- 1 root root 632 2008-01-14 11:28 smtpd.conf
>>
>>
>>
>>
>> -- content of /etc/postfix/sasl/smtpd.conf --
>
> aufräumen!
>
>> #pwcheck_method: auxprop
>> #saslauthd_path: /var/run/saslauthd/mux
>> #mech_list: plain login
>> #log_level: 3
>> #auxprop_plugin: mysql
>> #allow_plaintext: true
>> #srp_mda: md5
>> #password_format: md5
>> #sql_engine: mysql
>> #sql_hostnames: 127.0.0.1
>> sql_user: --- replaced ---
>> sql_passwd: --- replaced ---
>> #sql_database: postfix
>> #sql_select: select password from mailbox where username='%u@%r'
>>
>> pwcheck_method: auxprop
>> mech_list: PLAIN LOGIN CRAM-MD5 DIGEST-MD5
>> auxprop_plugin: sql
>> sql_engine: mysql
>> sql_hostnames: 127.0.0.1
>> sql_user: --- replaced ---
>> sql_passwd: --- replaced ---
>> sql_database: postfix
>> sql_select: select password from mailbox where username='%u@%r'
>> -- content of /etc/postfix/sasl/smtpd.conf --
>> #pwcheck_method: auxprop
>> #saslauthd_path: /var/run/saslauthd/mux
>> #mech_list: plain login
>> #log_level: 3
>> #auxprop_plugin: mysql
>> #allow_plaintext: true
>> #srp_mda: md5
>> #password_format: md5
>> #sql_engine: mysql
>> #sql_hostnames: 127.0.0.1
>> sql_user: --- replaced ---
>> sql_passwd: --- replaced ---
>> #sql_database: postfix
>> #sql_select: select password from mailbox where username='%u@%r'
>>
>> pwcheck_method: auxprop
>> mech_list: PLAIN LOGIN CRAM-MD5 DIGEST-MD5
>> auxprop_plugin: sql
>> sql_engine: mysql
>> sql_hostnames: 127.0.0.1
>> sql_user: --- replaced ---
>> sql_passwd: --- replaced ---
>> sql_database: postfix
>> sql_select: select password from mailbox where username='%u@%r'
>>
>> -- active services in /etc/postfix/master.cf --
>> # service type private unpriv chroot wakeup maxproc command + args
>> # (yes) (yes) (yes) (never) (100)
>> smtp inet n - n - - smtpd
>> pickup fifo n - - 60 1 pickup
>> cleanup unix n - - - 0 cleanup
>> qmgr fifo n - - 300 1 qmgr
>> rewrite unix - - - - - trivial-rewrite
>> bounce unix - - - - 0 bounce
>> defer unix - - - - 0 bounce
>> trace unix - - - - 0 bounce
>> verify unix - - - - 1 verify
>> flush unix n - - 1000? 0 flush
>> proxymap unix - - n - - proxymap
>> smtp unix - - n - - smtp
>> relay unix - - - - - smtp
>> showq unix n - - - - showq
>> error unix - - - - - error
>> local unix - n n - - local
>> virtual unix - n n - - virtual
>> lmtp unix - - n - - lmtp
>> anvil unix - - n - 1 anvil
>> amavis unix - - - - 2 smtp
>> -o smtp_data_done_timeout=1200
>> -o smtp_send_xforward_command=yes
>> amavisd unix - - - - 2 smtp
>> -o smtp_data_done_timeout=1200
>> -o smtp_send_xforward_command=yes
>> 127.0.0.1:10025 inet n - - - - smtpd
>> -o content_filter=
>> -o local_recipient_maps=
>> -o relay_recipient_maps=
>> -o smtpd_restriction_classes=
>> -o smtpd_client_restrictions=
>> -o smtpd_helo_restrictions=
>> -o smtpd_sender_restrictions=
>> -o smtpd_recipient_restrictions=permit_mynetworks,reject
>> -o mynetworks=127.0.0.0/8
>> -o strict_rfc821_envelopes=yes
>> -o
>>
>
receive_override_options=no_unknown_recipient_checks,no_header_body_checks
>> maildrop unix - n n - - pipe
>> flags=DRhu user=vmail argv=/usr/local/bin/maildrop -d ${recipient}
>> uucp unix - n n - - pipe
>> flags=Fqhu user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail
>> ($recipient)
>> ifmail unix - n n - - pipe
>> flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient)
>> bsmtp unix - n n - - pipe
>> flags=Fq. user=bsmtp argv=/usr/lib/bsmtp/bsmtp -d -t$nexthop -f$sender
>> $recipient
>> scalemail-backend unix - n n - 2 pipe
>> flags=R user=scalemail argv=/usr/lib/scalemail/bin/scalemail-store
>> ${nexthop} ${user} ${extension}
>>
>> scache unix - - - - 1 scache
>> discard unix - - - - - discard
>>
>> -- mechanisms on localhost --
>> 250-AUTH DIGEST-MD5 CRAM-MD5 LOGIN PLAIN
>> 250-AUTH=DIGEST-MD5 CRAM-MD5 LOGIN PLAIN
>
> okay.
>
> Lad Dir gen-auth <http://www.jetmore.org/john/code/gen-auth> runter, und
> führe
> es aus, um Dir einen Authentifizierungsstring zu bauen:
>
> $ gen-auth plain
> username: foo at example.de
> password:
> Auth String: AGZvb0BleGFtcGxlLmRlAGJhcg==
>
> Dann telnet auf Deinen Server, sage EHLO und dann "AUTH PLAIN
> AGZvb0BleGFtcGxlLmRlAGJhcg==". Was sagt er dann?
>
> $ telnet localhost 25
> 220 mail.state-of-mind.de ESMTP Postfix (2.5-20071006)
> EHLO foo
> 250-mail.state-of-mind.de
> 250-PIPELINING
> 250-SIZE 40960000
> 250-ETRN
> 250-STARTTLS
> 250-AUTH PLAIN CRAM-MD5 LOGIN DIGEST-MD5
> 250-AUTH=PLAIN CRAM-MD5 LOGIN DIGEST-MD5
> 250-ENHANCEDSTATUSCODES
> 250-8BITMIME
> 250 DSN
> AUTH PLAIN AGZvb0BleGFtcGxlLmRlAGJhcg==
> 535 5.7.8 Error: authentication failed: authentication failure
> QUIT
> 221 2.0.0 Bye
> Connection closed by foreign host.
>
> p at rick
>
>
>>
>>
>> -- end of saslfinger output --
>>
>>
>>
>> On Mon, 14 Jan 2008 21:15:04 +0100, Patrick Ben Koetter
>> <p at state-of-mind.de> wrote:
>> >
>> > Bitte aktuellen config-Stand mit saslfinger -s ausgeben.
>> >
>> > p at rick
>> >
>> > --
>> > Postfix - Einrichtung, Betrieb und Wartung
>> > <http://www.postfix-buch.com>
>> > saslfinger (debugging SMTP AUTH):
>> > <http://postfix.state-of-mind.de/patrick.koetter/saslfinger/>
>> > --
>> > _______________________________________________
>> > Postfixbuch-users -- http://www.postfixbuch.de
>> > Heinlein Professional Linux Support GmbH
>> >
>> > Postfixbuch-users at listi.jpberlin.de
>> > https://listi.jpberlin.de/mailman/listinfo/postfixbuch-users
>> --
>> Mit freundlichen Grüßen
>> Christopher Dove
>>
>> www.Sim-Hiorg.de
>>
>> --
>> _______________________________________________
>> Postfixbuch-users -- http://www.postfixbuch.de
>> Heinlein Professional Linux Support GmbH
>>
>> Postfixbuch-users at listi.jpberlin.de
>> https://listi.jpberlin.de/mailman/listinfo/postfixbuch-users
>
> --
> Postfix - Einrichtung, Betrieb und Wartung
> <http://www.postfix-buch.com>
> saslfinger (debugging SMTP AUTH):
> <http://postfix.state-of-mind.de/patrick.koetter/saslfinger/>
> --
> _______________________________________________
> Postfixbuch-users -- http://www.postfixbuch.de
> Heinlein Professional Linux Support GmbH
>
> Postfixbuch-users at listi.jpberlin.de
> https://listi.jpberlin.de/mailman/listinfo/postfixbuch-users
--
Mit freundlichen Grüßen
Christopher Dove
www.Sim-Hiorg.de
Mehr Informationen über die Mailingliste Postfixbuch-users