[Postfixbuch-users] postfix sasl mysql
Andreas Braun
andreas.braun at staderschulen.de
Mi Mär 12 11:08:48 CET 2008
hallo daniel,
wenn du über pam authentifizieren möchtest, brauchst du die sql-anweisungen
in deiner smtpd.conf für postfix nicht. (sollte aber keinen fehler
verursachen, falls sie trotzdem angegeben werden)
hast du in der main.cf auch die restrictions permit_sasl_authenticated
hinzugefügt?
grüße
andreas
"Daniel Gompf" <tech at kdmails.de> schrieb:
> Hallo,
>
> ich habe hier ein Problem mit der Authetifizierung mit postfix sasl und
> mysql. Ich habe im Grunde diese Konfiguration schon auf anderen Systemen
> laufen tadellos laufen nur auf dem hier will er die Nutzer nicht
> authentifizieren.
>
> Der Zugriff von postfix auf mysql funktioniert, er fragt die diversen
> maps ab und liefert auch richitge Ergebnisse.
>
> Mit
> # testsaslauthd -u User -p parole -s smtp
> bekomme ich auch ein
> 0: OK "Success."
> als Antwort.
>
> Wenn ich es jedoch über telnet versuche kommt folgendes dabei raus.
>
> 220 mx01.meineDomain.de ESMTP Postfix
> auth login
> 334 VXNlcm5hbWU6
> BASE64-User
> 334 UGFzc3dvcmQ6
> BASE64-pass
> 535 5.7.8 Error: authentication failed: authentication failure
> quit
>
> und im Log steht
> warning: localhost[127.0.0.1]: SASL login authentication failed:
> authentication failure
> und im mysql.log steht keine Abfrage drin.
>
> Kann mir hier jemand weiterhelfen ich habe folgendes angehängt
>
> output von saslfinger, postconf -a, postconf -m, cat
> /etc/default/saslauthd, cat /etc/pam.d/smtp, cat /etc/pam.d/smtp, ls -ls
> /var/run/, ls -la /var/run/saslauthd, grep sasl /etc/group
>
>
> Danke Daniel
>
> ##########################
>
> saslfinger - postfix Cyrus sasl configuration Wed Mar 12 08:15:05 CET
2008
> version: 1.0.2
> mode: server-side SMTP AUTH
>
> -- basics --
> Postfix: 2.5.1
> System: Ubuntu 6.06.2 LTS \l
>
> -- smtpd is linked to --
> libsasl2.so.2 => /usr/lib/libsasl2.so.2 (0x00002aaaab1f1000)
>
> -- active SMTP AUTH and TLS parameters for smtpd --
> broken_sasl_auth_clients = yes
> smtpd_sasl_auth_enable = yes
> smtpd_sasl_local_domain = $myhostname
> smtpd_sasl_path = /usr/lib/sasl2/smtpd
> smtpd_sasl_security_options = noanonymous
>
>
> -- listing of /usr/lib64/sasl2 --
> total 1320
> drwxr-xr-x 2 root root 4096 2008-03-10 23:19 .
> drwxr-xr-x 48 root root 12288 2008-03-05 22:22 ..
> -rw-r--r-- 1 root root 19036 2007-08-30 21:31 libanonymous.a
> -rw-r--r-- 1 root root 855 2007-08-30 21:31 libanonymous.la
> -rw-r--r-- 1 root root 15712 2007-08-30 21:31 libanonymous.so
> -rw-r--r-- 1 root root 15712 2007-08-30 21:31 libanonymous.so.2
> -rw-r--r-- 1 root root 15712 2007-08-30 21:31 libanonymous.so.2.0.19
> -rw-r--r-- 1 root root 21802 2007-08-30 21:31 libcrammd5.a
> -rw-r--r-- 1 root root 841 2007-08-30 21:31 libcrammd5.la
> -rw-r--r-- 1 root root 19104 2007-08-30 21:31 libcrammd5.so
> -rw-r--r-- 1 root root 19104 2007-08-30 21:31 libcrammd5.so.2
> -rw-r--r-- 1 root root 19104 2007-08-30 21:31 libcrammd5.so.2.0.19
> -rw-r--r-- 1 root root 59792 2007-08-30 21:31 libdigestmd5.a
> -rw-r--r-- 1 root root 864 2007-08-30 21:31 libdigestmd5.la
> -rw-r--r-- 1 root root 46336 2007-08-30 21:31 libdigestmd5.so
> -rw-r--r-- 1 root root 46336 2007-08-30 21:31 libdigestmd5.so.2
> -rw-r--r-- 1 root root 46336 2007-08-30 21:31 libdigestmd5.so.2.0.19
> -rw-r--r-- 1 root root 31532 2006-04-24 13:38 libgssapiv2.a
> -rw-r--r-- 1 root root 1029 2006-04-24 13:38 libgssapiv2.la
> -rw-r--r-- 1 root root 27528 2006-04-24 13:38 libgssapiv2.so
> -rw-r--r-- 1 root root 27528 2006-04-24 13:38 libgssapiv2.so.2
> -rw-r--r-- 1 root root 27528 2006-04-24 13:38 libgssapiv2.so.2.0.19
> -rw-r--r-- 1 root root 31300 2005-12-22 04:26 libkerberos4.a
> -rw-r--r-- 1 root root 862 2005-12-22 04:26 libkerberos4.la
> -rw-r--r-- 1 root root 25280 2005-12-22 04:26 libkerberos4.so
> -rw-r--r-- 1 root root 25280 2005-12-22 04:26 libkerberos4.so.2
> -rw-r--r-- 1 root root 25280 2005-12-22 04:26 libkerberos4.so.2.0.19
> -rw-r--r-- 1 root root 19262 2007-08-30 21:31 liblogin.a
> -rw-r--r-- 1 root root 835 2007-08-30 21:31 liblogin.la
> -rw-r--r-- 1 root root 16352 2007-08-30 21:31 liblogin.so
> -rw-r--r-- 1 root root 16352 2007-08-30 21:31 liblogin.so.2
> -rw-r--r-- 1 root root 16352 2007-08-30 21:31 liblogin.so.2.0.19
> -rw-r--r-- 1 root root 38724 2007-08-30 21:31 libntlm.a
> -rw-r--r-- 1 root root 829 2007-08-30 21:31 libntlm.la
> -rw-r--r-- 1 root root 32264 2007-08-30 21:31 libntlm.so
> -rw-r--r-- 1 root root 32264 2007-08-30 21:31 libntlm.so.2
> -rw-r--r-- 1 root root 32264 2007-08-30 21:31 libntlm.so.2.0.19
> -rw-r--r-- 1 root root 27142 2007-08-30 21:31 libotp.a
> -rw-r--r-- 1 root root 829 2007-08-30 21:31 libotp.la
> -rw-r--r-- 1 root root 48856 2007-08-30 21:31 libotp.so
> -rw-r--r-- 1 root root 48856 2007-08-30 21:31 libotp.so.2
> -rw-r--r-- 1 root root 48856 2007-08-30 21:31 libotp.so.2.0.19
> -rw-r--r-- 1 root root 19342 2007-08-30 21:31 libplain.a
> -rw-r--r-- 1 root root 835 2007-08-30 21:31 libplain.la
> -rw-r--r-- 1 root root 16384 2007-08-30 21:31 libplain.so
> -rw-r--r-- 1 root root 16384 2007-08-30 21:31 libplain.so.2
> -rw-r--r-- 1 root root 16384 2007-08-30 21:31 libplain.so.2.0.19
> -rw-r--r-- 1 root root 29164 2007-08-30 21:31 libsasldb.a
> -rw-r--r-- 1 root root 856 2007-08-30 21:31 libsasldb.la
> -rw-r--r-- 1 root root 21288 2007-08-30 21:31 libsasldb.so
> -rw-r--r-- 1 root root 21288 2007-08-30 21:31 libsasldb.so.2
> -rw-r--r-- 1 root root 21288 2007-08-30 21:31 libsasldb.so.2.0.19
> -rw-r--r-- 1 root root 30856 2006-04-24 13:38 libsql.a
> -rw-r--r-- 1 root root 895 2006-04-24 13:38 libsql.la
> -rw-r--r-- 1 root root 24848 2006-04-24 13:38 libsql.so
> -rw-r--r-- 1 root root 24848 2006-04-24 13:38 libsql.so.2
> -rw-r--r-- 1 root root 24848 2006-04-24 13:38 libsql.so.2.0.19
> -rw------- 1 root root 299 2008-03-10 23:19 smtpd.conf
>
> -- listing of /usr/lib/sasl2 --
> total 1320
> drwxr-xr-x 2 root root 4096 2008-03-10 23:19 .
> drwxr-xr-x 48 root root 12288 2008-03-05 22:22 ..
> -rw-r--r-- 1 root root 19036 2007-08-30 21:31 libanonymous.a
> -rw-r--r-- 1 root root 855 2007-08-30 21:31 libanonymous.la
> -rw-r--r-- 1 root root 15712 2007-08-30 21:31 libanonymous.so
> -rw-r--r-- 1 root root 15712 2007-08-30 21:31 libanonymous.so.2
> -rw-r--r-- 1 root root 15712 2007-08-30 21:31 libanonymous.so.2.0.19
> -rw-r--r-- 1 root root 21802 2007-08-30 21:31 libcrammd5.a
> -rw-r--r-- 1 root root 841 2007-08-30 21:31 libcrammd5.la
> -rw-r--r-- 1 root root 19104 2007-08-30 21:31 libcrammd5.so
> -rw-r--r-- 1 root root 19104 2007-08-30 21:31 libcrammd5.so.2
> -rw-r--r-- 1 root root 19104 2007-08-30 21:31 libcrammd5.so.2.0.19
> -rw-r--r-- 1 root root 59792 2007-08-30 21:31 libdigestmd5.a
> -rw-r--r-- 1 root root 864 2007-08-30 21:31 libdigestmd5.la
> -rw-r--r-- 1 root root 46336 2007-08-30 21:31 libdigestmd5.so
> -rw-r--r-- 1 root root 46336 2007-08-30 21:31 libdigestmd5.so.2
> -rw-r--r-- 1 root root 46336 2007-08-30 21:31 libdigestmd5.so.2.0.19
> -rw-r--r-- 1 root root 31532 2006-04-24 13:38 libgssapiv2.a
> -rw-r--r-- 1 root root 1029 2006-04-24 13:38 libgssapiv2.la
> -rw-r--r-- 1 root root 27528 2006-04-24 13:38 libgssapiv2.so
> -rw-r--r-- 1 root root 27528 2006-04-24 13:38 libgssapiv2.so.2
> -rw-r--r-- 1 root root 27528 2006-04-24 13:38 libgssapiv2.so.2.0.19
> -rw-r--r-- 1 root root 31300 2005-12-22 04:26 libkerberos4.a
> -rw-r--r-- 1 root root 862 2005-12-22 04:26 libkerberos4.la
> -rw-r--r-- 1 root root 25280 2005-12-22 04:26 libkerberos4.so
> -rw-r--r-- 1 root root 25280 2005-12-22 04:26 libkerberos4.so.2
> -rw-r--r-- 1 root root 25280 2005-12-22 04:26 libkerberos4.so.2.0.19
> -rw-r--r-- 1 root root 19262 2007-08-30 21:31 liblogin.a
> -rw-r--r-- 1 root root 835 2007-08-30 21:31 liblogin.la
> -rw-r--r-- 1 root root 16352 2007-08-30 21:31 liblogin.so
> -rw-r--r-- 1 root root 16352 2007-08-30 21:31 liblogin.so.2
> -rw-r--r-- 1 root root 16352 2007-08-30 21:31 liblogin.so.2.0.19
> -rw-r--r-- 1 root root 38724 2007-08-30 21:31 libntlm.a
> -rw-r--r-- 1 root root 829 2007-08-30 21:31 libntlm.la
> -rw-r--r-- 1 root root 32264 2007-08-30 21:31 libntlm.so
> -rw-r--r-- 1 root root 32264 2007-08-30 21:31 libntlm.so.2
> -rw-r--r-- 1 root root 32264 2007-08-30 21:31 libntlm.so.2.0.19
> -rw-r--r-- 1 root root 27142 2007-08-30 21:31 libotp.a
> -rw-r--r-- 1 root root 829 2007-08-30 21:31 libotp.la
> -rw-r--r-- 1 root root 48856 2007-08-30 21:31 libotp.so
> -rw-r--r-- 1 root root 48856 2007-08-30 21:31 libotp.so.2
> -rw-r--r-- 1 root root 48856 2007-08-30 21:31 libotp.so.2.0.19
> -rw-r--r-- 1 root root 19342 2007-08-30 21:31 libplain.a
> -rw-r--r-- 1 root root 835 2007-08-30 21:31 libplain.la
> -rw-r--r-- 1 root root 16384 2007-08-30 21:31 libplain.so
> -rw-r--r-- 1 root root 16384 2007-08-30 21:31 libplain.so.2
> -rw-r--r-- 1 root root 16384 2007-08-30 21:31 libplain.so.2.0.19
> -rw-r--r-- 1 root root 29164 2007-08-30 21:31 libsasldb.a
> -rw-r--r-- 1 root root 856 2007-08-30 21:31 libsasldb.la
> -rw-r--r-- 1 root root 21288 2007-08-30 21:31 libsasldb.so
> -rw-r--r-- 1 root root 21288 2007-08-30 21:31 libsasldb.so.2
> -rw-r--r-- 1 root root 21288 2007-08-30 21:31 libsasldb.so.2.0.19
> -rw-r--r-- 1 root root 30856 2006-04-24 13:38 libsql.a
> -rw-r--r-- 1 root root 895 2006-04-24 13:38 libsql.la
> -rw-r--r-- 1 root root 24848 2006-04-24 13:38 libsql.so
> -rw-r--r-- 1 root root 24848 2006-04-24 13:38 libsql.so.2
> -rw-r--r-- 1 root root 24848 2006-04-24 13:38 libsql.so.2.0.19
> -rw------- 1 root root 299 2008-03-10 23:19 smtpd.conf
>
>
>
>
> -- content of /usr/lib64/sasl2/smtpd.conf --
> #pwcheck_method: auxprop
> #auxprop_plugin: sql
> pwcheck_method: saslauthd
> log_level: 3
> mech_list: plain login cram-md5 digest-md5
> sql_engine: mysql
> sql_hostnames: 127.0.0.1
> sql_user: --- replaced ---
> sql_passwd: --- replaced ---
> sql_database: mail
> sql_select: select smtp_pw_clear from popbox where smtp_login='%u'
>
> -- content of /usr/lib/sasl2/smtpd.conf --
> #pwcheck_method: auxprop
> #auxprop_plugin: sql
> pwcheck_method: saslauthd
> log_level: 3
> mech_list: plain login cram-md5 digest-md5
> sql_engine: mysql
> sql_hostnames: 127.0.0.1
> sql_user: --- replaced ---
> sql_passwd: --- replaced ---
> sql_database: mail
> sql_select: select smtp_pw_clear from popbox where smtp_login='%u'
>
>
> -- active services in /etc/postfix/master.cf --
> # service type private unpriv chroot wakeup maxproc command + args
> # (yes) (yes) (yes) (never) (100)
> smtp inet n - n - 20 smtpd
> -o smtpd_proxy_filter=127.0.0.1:10024
> -o smtpd_client_connection_count_limit=10
>
> pickup fifo n - n 60 1 pickup
> cleanup unix n - n - 0 cleanup
> qmgr fifo n - n 300 1 qmgr
> tlsmgr unix - - n 1000? 1 tlsmgr
> rewrite unix - - n - - trivial-rewrite
> bounce unix - - n - 0 bounce
> defer unix - - n - 0 bounce
> trace unix - - n - 0 bounce
> verify unix - - n - 1 verify
> flush unix n - n 1000? 0 flush
> proxymap unix - - n - - proxymap
> proxywrite unix - - n - 1 proxymap
> smtp unix - - n - - smtp
> relay unix - - n - - smtp
> -o smtp_fallback_relay=
> showq unix n - n - - showq
> error unix - - n - - error
> retry unix - - n - - error
> discard unix - - n - - discard
> local unix - n n - - local
> virtual unix - n n - - virtual
> lmtp unix - - n - - lmtp
> anvil unix - - n - 1 anvil
> scache unix - - n - 1 scache
>
> -- mechanisms on localhost --
> 250-AUTH GSSAPI NTLM LOGIN PLAIN DIGEST-MD5 CRAM-MD5
> 250-AUTH=GSSAPI NTLM LOGIN PLAIN DIGEST-MD5 CRAM-MD5
>
>
> -- end of saslfinger output --
>
> # postconf -a
> cyrus
> dovecot
>
> # postconf -m
> btree
> cidr
> environ
> hash
> mysql
> nis
> pcre
> proxy
> regexp
> static
> unix
>
> # cat /etc/default/saslauthd
> START=yes
> MECHANISMS="pam"
>
> # cat /etc/pam.d/smtp
> auth required pam_mysql.so user=xxx passwd=xxx host=127.0.0.1 db=mail
> table=popbox usercolumn=smtp_login passwdcolumn=smtp_pw_clear
> account sufficient pam_mysql.so user=xxx passwd=xxx host=127.0.0.1
> db=mail table=popbox usercolumn=smtp_login passwdcolumn=smtp_pw_clear
>
> # ls -ls /var/run/
> ...
> drwxr-x--- 2 root sasl 100 2008-03-10 23:19 saslauthd
> ...
>
> # ls -la /var/run/saslauthd
> srwxrwxrwx 1 root root 0 2008-03-10 23:19 mux
> -rw------- 1 root root 0 2008-03-10 23:19 mux.accept
> -rw------- 1 root root 6 2008-03-10 23:19 saslauthd.pid
>
> # grep sasl /etc/group
> sasl:x:45:postfix
> --
> _______________________________________________
> Postfixbuch-users -- http://www.postfixbuch.de
> Heinlein Professional Linux Support GmbH
>
> Postfixbuch-users at listi.jpberlin.de
> https://listi.jpberlin.de/mailman/listinfo/postfixbuch-users
>
Mehr Informationen über die Mailingliste Postfixbuch-users