[Postfixbuch-users] mal wieder smth-auth
Patrick Ben Koetter
p at state-of-mind.de
Do Jun 12 23:06:55 CEST 2008
* usenet at deiszner.de <postfixbuch-users at listi.jpberlin.de>:
> Hallo,
>
> ich probiere grade mal wieder an debian-etch smtp-auth zu installieren.
>
> mail.log
>
> Jun 12 22:22:10 stock postfix/smtpd[8492]: connect from
> dslb-092-078-007-141.pools.arcor-ip.net[92.78.7.141]
> Jun 12 22:22:10 stock postfix/smtpd[8492]: warning: SASL authentication failure: cannot connect to
> saslauthd server: Permission denied
> Jun 12 22:22:10 stock postfix/smtpd[8492]: warning:
> dslb-092-078-007-141.pools.arcor-ip.net[92.78.7.141]: SASL LOGIN authentication failed: generic failure
> Jun 12 22:22:10 stock postfix/smtpd[8492]: lost connection after AUTH from
> dslb-092-078-007-141.pools.arcor-ip.net[92.78.7.141]
> Jun 12 22:22:10 stock postfix/smtpd[8492]: disconnect from
> dslb-092-078-007-141.pools.arcor-ip.net[92.78.7.141]
>
>
> main.cf [ausschnitt]
>
> smtpd_sasl_auth_enable = yes
> smtpd_sasl_security_options = noanonymous
> broken_sasl_auth_clients = yes
> smtpd_recipient_restrictions =
> permit_mynetworks,
> permit_sasl_authenticated,
> reject_unknown_sender_domain,
> reject_unknown_recipient_domain,
> reject_non_fqdn_sender,
> reject_unauth_pipelining,
> reject_non_fqdn_recipient,
> reject_unauth_destination,
> reject_unlisted_recipient,
> reject_invalid_hostname,
> reject_non_fqdn_hostname,
> reject_unknown_reverse_client_hostname,
> reject_unknown_client_hostname
>
> smtpd_sasl_local_domain = $myhostname
>
>
> master.cf [ausschnitt]
>
> smtp inet n - n - - smtpd
> #submission inet n - - - - smtpd
> # -o smtpd_enforce_tls=yes
> # -o smtpd_sasl_auth_enable=yes
> # -o smtpd_client_restrictions=permit_sasl_authenticated,reject
> #smtps inet n - - - - smtpd
> # -o smtpd_tls_wrappermode=yes
> # -o smtpd_sasl_auth_enable=yes
> # -o smtpd_client_restrictions=permit_sasl_authenticated,reject
> #628 inet n - - - - qmqpd
> pickup fifo n - - 60 1 pickup
> cleanup unix n - - - 0 cleanup
> qmgr fifo n - n 300 1 qmgr
> #qmgr fifo n - - 300 1 oqmgr
> tlsmgr unix - - - 1000? 1 tlsmgr
> rewrite unix - - - - - trivial-rewrite
> bounce unix - - - - 0 bounce
> defer unix - - - - 0 bounce
> trace unix - - - - 0 bounce
> verify unix - - - - 1 verify
> flush unix n - - 1000? 0 flush
> proxymap unix - - n - - proxymap
> smtp unix - - n - - smtp
> # When relaying mail as backup MX, disable fallback_relay to avoid MX loops
> relay unix - - n - - smtp
> -o fallback_relay=
> # -o smtp_helo_timeout=5 -o smtp_connect_timeout=5
> showq unix n - - - - showq
> error unix - - - - - error
> discard unix - - - - - discard
> local unix - n n - - local
> virtual unix - n n - - virtual
> lmtp unix - - n - - lmtp
> anvil unix - - n - 1 anvil
> scache unix - - - - 1 scache
>
>
>
>
> /etc/postfix/sasl/smtpd.conf
> log_level: 3
> pwcheck_method: saslauthd
> mech_list: PLAIN LOGIN
> saslauthd_path:/var/run/saslauthd/mux
Mit sasldb:
/etc/postfix/sasl/smtpd.conf
pwcheck_method: auxprop
auxprop_plugin: sasldb
mech_list: PLAIN LOGIN CRAM-MD5 DIGEST-MD5 NTLM
Check in /usr/lib/sasl2, ob Du wirklich alle libs für die lange $mech_list
hast und passe ggf. an.
> Das Programm testsaslauthd ergab:
>
> 0: NO "authentication failed"
>
>
> Hinweise ?
> Ideen ?
>
> Zielstellung ist, dass sich die Postfix-User über die sasldb im Verzeichnis
> /etc/postfix authentifizieren.
Das ist nicht die default-location. Du meinst /etc/sasldb2, ja?
Ausserdem muss postfix in der Gruppe sasl sein.
p at rick
>
> gruß
>
> Sebastian
> --
> _______________________________________________
> Postfixbuch-users -- http://www.postfixbuch.de
> Heinlein Professional Linux Support GmbH
>
> Postfixbuch-users at listi.jpberlin.de
> https://listi.jpberlin.de/mailman/listinfo/postfixbuch-users
--
Postfix - Einrichtung, Betrieb und Wartung
<http://www.postfix-buch.com>
saslfinger (debugging SMTP AUTH):
<http://postfix.state-of-mind.de/patrick.koetter/saslfinger/>
Mehr Informationen über die Mailingliste Postfixbuch-users