[Postfixbuch-users] postfix sasl mysql

Andreas Braun andreas.braun at staderschulen.de
Mi Mär 12 11:08:48 CET 2008


hallo daniel,

wenn du über pam authentifizieren möchtest, brauchst du die sql-anweisungen
in deiner smtpd.conf für postfix nicht. (sollte aber keinen fehler
verursachen, falls sie trotzdem angegeben werden) 

hast du in der main.cf auch die restrictions permit_sasl_authenticated
hinzugefügt?

grüße

andreas


"Daniel Gompf" <tech at kdmails.de> schrieb:
> Hallo,
> 
> ich habe hier ein Problem mit der Authetifizierung mit postfix sasl und 
> mysql. Ich habe im Grunde diese Konfiguration schon auf anderen Systemen 
> laufen tadellos laufen nur auf dem hier will er die Nutzer nicht 
> authentifizieren.
> 
> Der Zugriff von postfix auf mysql funktioniert, er fragt die diversen 
> maps ab und liefert auch richitge Ergebnisse.
> 
> Mit
>   # testsaslauthd -u User -p parole -s smtp
> bekomme ich auch ein
>   0: OK "Success."
> als Antwort.
> 
> Wenn ich es jedoch über telnet versuche kommt folgendes dabei raus.
> 
> 220 mx01.meineDomain.de ESMTP Postfix
> auth login
> 334 VXNlcm5hbWU6
> BASE64-User
> 334 UGFzc3dvcmQ6
> BASE64-pass
> 535 5.7.8 Error: authentication failed: authentication failure
> quit
> 
> und im Log steht
>   warning: localhost[127.0.0.1]: SASL login authentication failed: 
> authentication failure
> und im mysql.log steht keine Abfrage drin.
> 
> Kann mir hier jemand weiterhelfen ich habe folgendes angehängt
> 
> output von saslfinger, postconf -a, postconf -m, cat 
> /etc/default/saslauthd, cat /etc/pam.d/smtp, cat /etc/pam.d/smtp, ls -ls 
> /var/run/, ls -la /var/run/saslauthd, grep sasl /etc/group
> 
> 
> Danke Daniel
> 
> ##########################
> 
> saslfinger - postfix Cyrus sasl configuration Wed Mar 12 08:15:05 CET
2008
> version: 1.0.2
> mode: server-side SMTP AUTH
> 
> -- basics --
> Postfix: 2.5.1
> System: Ubuntu 6.06.2 LTS  \l
> 
> -- smtpd is linked to --
>          libsasl2.so.2 => /usr/lib/libsasl2.so.2 (0x00002aaaab1f1000)
> 
> -- active SMTP AUTH and TLS parameters for smtpd --
> broken_sasl_auth_clients = yes
> smtpd_sasl_auth_enable = yes
> smtpd_sasl_local_domain = $myhostname
> smtpd_sasl_path = /usr/lib/sasl2/smtpd
> smtpd_sasl_security_options = noanonymous
> 
> 
> -- listing of /usr/lib64/sasl2 --
> total 1320
> drwxr-xr-x  2 root root  4096 2008-03-10 23:19 .
> drwxr-xr-x 48 root root 12288 2008-03-05 22:22 ..
> -rw-r--r--  1 root root 19036 2007-08-30 21:31 libanonymous.a
> -rw-r--r--  1 root root   855 2007-08-30 21:31 libanonymous.la
> -rw-r--r--  1 root root 15712 2007-08-30 21:31 libanonymous.so
> -rw-r--r--  1 root root 15712 2007-08-30 21:31 libanonymous.so.2
> -rw-r--r--  1 root root 15712 2007-08-30 21:31 libanonymous.so.2.0.19
> -rw-r--r--  1 root root 21802 2007-08-30 21:31 libcrammd5.a
> -rw-r--r--  1 root root   841 2007-08-30 21:31 libcrammd5.la
> -rw-r--r--  1 root root 19104 2007-08-30 21:31 libcrammd5.so
> -rw-r--r--  1 root root 19104 2007-08-30 21:31 libcrammd5.so.2
> -rw-r--r--  1 root root 19104 2007-08-30 21:31 libcrammd5.so.2.0.19
> -rw-r--r--  1 root root 59792 2007-08-30 21:31 libdigestmd5.a
> -rw-r--r--  1 root root   864 2007-08-30 21:31 libdigestmd5.la
> -rw-r--r--  1 root root 46336 2007-08-30 21:31 libdigestmd5.so
> -rw-r--r--  1 root root 46336 2007-08-30 21:31 libdigestmd5.so.2
> -rw-r--r--  1 root root 46336 2007-08-30 21:31 libdigestmd5.so.2.0.19
> -rw-r--r--  1 root root 31532 2006-04-24 13:38 libgssapiv2.a
> -rw-r--r--  1 root root  1029 2006-04-24 13:38 libgssapiv2.la
> -rw-r--r--  1 root root 27528 2006-04-24 13:38 libgssapiv2.so
> -rw-r--r--  1 root root 27528 2006-04-24 13:38 libgssapiv2.so.2
> -rw-r--r--  1 root root 27528 2006-04-24 13:38 libgssapiv2.so.2.0.19
> -rw-r--r--  1 root root 31300 2005-12-22 04:26 libkerberos4.a
> -rw-r--r--  1 root root   862 2005-12-22 04:26 libkerberos4.la
> -rw-r--r--  1 root root 25280 2005-12-22 04:26 libkerberos4.so
> -rw-r--r--  1 root root 25280 2005-12-22 04:26 libkerberos4.so.2
> -rw-r--r--  1 root root 25280 2005-12-22 04:26 libkerberos4.so.2.0.19
> -rw-r--r--  1 root root 19262 2007-08-30 21:31 liblogin.a
> -rw-r--r--  1 root root   835 2007-08-30 21:31 liblogin.la
> -rw-r--r--  1 root root 16352 2007-08-30 21:31 liblogin.so
> -rw-r--r--  1 root root 16352 2007-08-30 21:31 liblogin.so.2
> -rw-r--r--  1 root root 16352 2007-08-30 21:31 liblogin.so.2.0.19
> -rw-r--r--  1 root root 38724 2007-08-30 21:31 libntlm.a
> -rw-r--r--  1 root root   829 2007-08-30 21:31 libntlm.la
> -rw-r--r--  1 root root 32264 2007-08-30 21:31 libntlm.so
> -rw-r--r--  1 root root 32264 2007-08-30 21:31 libntlm.so.2
> -rw-r--r--  1 root root 32264 2007-08-30 21:31 libntlm.so.2.0.19
> -rw-r--r--  1 root root 27142 2007-08-30 21:31 libotp.a
> -rw-r--r--  1 root root   829 2007-08-30 21:31 libotp.la
> -rw-r--r--  1 root root 48856 2007-08-30 21:31 libotp.so
> -rw-r--r--  1 root root 48856 2007-08-30 21:31 libotp.so.2
> -rw-r--r--  1 root root 48856 2007-08-30 21:31 libotp.so.2.0.19
> -rw-r--r--  1 root root 19342 2007-08-30 21:31 libplain.a
> -rw-r--r--  1 root root   835 2007-08-30 21:31 libplain.la
> -rw-r--r--  1 root root 16384 2007-08-30 21:31 libplain.so
> -rw-r--r--  1 root root 16384 2007-08-30 21:31 libplain.so.2
> -rw-r--r--  1 root root 16384 2007-08-30 21:31 libplain.so.2.0.19
> -rw-r--r--  1 root root 29164 2007-08-30 21:31 libsasldb.a
> -rw-r--r--  1 root root   856 2007-08-30 21:31 libsasldb.la
> -rw-r--r--  1 root root 21288 2007-08-30 21:31 libsasldb.so
> -rw-r--r--  1 root root 21288 2007-08-30 21:31 libsasldb.so.2
> -rw-r--r--  1 root root 21288 2007-08-30 21:31 libsasldb.so.2.0.19
> -rw-r--r--  1 root root 30856 2006-04-24 13:38 libsql.a
> -rw-r--r--  1 root root   895 2006-04-24 13:38 libsql.la
> -rw-r--r--  1 root root 24848 2006-04-24 13:38 libsql.so
> -rw-r--r--  1 root root 24848 2006-04-24 13:38 libsql.so.2
> -rw-r--r--  1 root root 24848 2006-04-24 13:38 libsql.so.2.0.19
> -rw-------  1 root root   299 2008-03-10 23:19 smtpd.conf
> 
> -- listing of /usr/lib/sasl2 --
> total 1320
> drwxr-xr-x  2 root root  4096 2008-03-10 23:19 .
> drwxr-xr-x 48 root root 12288 2008-03-05 22:22 ..
> -rw-r--r--  1 root root 19036 2007-08-30 21:31 libanonymous.a
> -rw-r--r--  1 root root   855 2007-08-30 21:31 libanonymous.la
> -rw-r--r--  1 root root 15712 2007-08-30 21:31 libanonymous.so
> -rw-r--r--  1 root root 15712 2007-08-30 21:31 libanonymous.so.2
> -rw-r--r--  1 root root 15712 2007-08-30 21:31 libanonymous.so.2.0.19
> -rw-r--r--  1 root root 21802 2007-08-30 21:31 libcrammd5.a
> -rw-r--r--  1 root root   841 2007-08-30 21:31 libcrammd5.la
> -rw-r--r--  1 root root 19104 2007-08-30 21:31 libcrammd5.so
> -rw-r--r--  1 root root 19104 2007-08-30 21:31 libcrammd5.so.2
> -rw-r--r--  1 root root 19104 2007-08-30 21:31 libcrammd5.so.2.0.19
> -rw-r--r--  1 root root 59792 2007-08-30 21:31 libdigestmd5.a
> -rw-r--r--  1 root root   864 2007-08-30 21:31 libdigestmd5.la
> -rw-r--r--  1 root root 46336 2007-08-30 21:31 libdigestmd5.so
> -rw-r--r--  1 root root 46336 2007-08-30 21:31 libdigestmd5.so.2
> -rw-r--r--  1 root root 46336 2007-08-30 21:31 libdigestmd5.so.2.0.19
> -rw-r--r--  1 root root 31532 2006-04-24 13:38 libgssapiv2.a
> -rw-r--r--  1 root root  1029 2006-04-24 13:38 libgssapiv2.la
> -rw-r--r--  1 root root 27528 2006-04-24 13:38 libgssapiv2.so
> -rw-r--r--  1 root root 27528 2006-04-24 13:38 libgssapiv2.so.2
> -rw-r--r--  1 root root 27528 2006-04-24 13:38 libgssapiv2.so.2.0.19
> -rw-r--r--  1 root root 31300 2005-12-22 04:26 libkerberos4.a
> -rw-r--r--  1 root root   862 2005-12-22 04:26 libkerberos4.la
> -rw-r--r--  1 root root 25280 2005-12-22 04:26 libkerberos4.so
> -rw-r--r--  1 root root 25280 2005-12-22 04:26 libkerberos4.so.2
> -rw-r--r--  1 root root 25280 2005-12-22 04:26 libkerberos4.so.2.0.19
> -rw-r--r--  1 root root 19262 2007-08-30 21:31 liblogin.a
> -rw-r--r--  1 root root   835 2007-08-30 21:31 liblogin.la
> -rw-r--r--  1 root root 16352 2007-08-30 21:31 liblogin.so
> -rw-r--r--  1 root root 16352 2007-08-30 21:31 liblogin.so.2
> -rw-r--r--  1 root root 16352 2007-08-30 21:31 liblogin.so.2.0.19
> -rw-r--r--  1 root root 38724 2007-08-30 21:31 libntlm.a
> -rw-r--r--  1 root root   829 2007-08-30 21:31 libntlm.la
> -rw-r--r--  1 root root 32264 2007-08-30 21:31 libntlm.so
> -rw-r--r--  1 root root 32264 2007-08-30 21:31 libntlm.so.2
> -rw-r--r--  1 root root 32264 2007-08-30 21:31 libntlm.so.2.0.19
> -rw-r--r--  1 root root 27142 2007-08-30 21:31 libotp.a
> -rw-r--r--  1 root root   829 2007-08-30 21:31 libotp.la
> -rw-r--r--  1 root root 48856 2007-08-30 21:31 libotp.so
> -rw-r--r--  1 root root 48856 2007-08-30 21:31 libotp.so.2
> -rw-r--r--  1 root root 48856 2007-08-30 21:31 libotp.so.2.0.19
> -rw-r--r--  1 root root 19342 2007-08-30 21:31 libplain.a
> -rw-r--r--  1 root root   835 2007-08-30 21:31 libplain.la
> -rw-r--r--  1 root root 16384 2007-08-30 21:31 libplain.so
> -rw-r--r--  1 root root 16384 2007-08-30 21:31 libplain.so.2
> -rw-r--r--  1 root root 16384 2007-08-30 21:31 libplain.so.2.0.19
> -rw-r--r--  1 root root 29164 2007-08-30 21:31 libsasldb.a
> -rw-r--r--  1 root root   856 2007-08-30 21:31 libsasldb.la
> -rw-r--r--  1 root root 21288 2007-08-30 21:31 libsasldb.so
> -rw-r--r--  1 root root 21288 2007-08-30 21:31 libsasldb.so.2
> -rw-r--r--  1 root root 21288 2007-08-30 21:31 libsasldb.so.2.0.19
> -rw-r--r--  1 root root 30856 2006-04-24 13:38 libsql.a
> -rw-r--r--  1 root root   895 2006-04-24 13:38 libsql.la
> -rw-r--r--  1 root root 24848 2006-04-24 13:38 libsql.so
> -rw-r--r--  1 root root 24848 2006-04-24 13:38 libsql.so.2
> -rw-r--r--  1 root root 24848 2006-04-24 13:38 libsql.so.2.0.19
> -rw-------  1 root root   299 2008-03-10 23:19 smtpd.conf
> 
> 
> 
> 
> -- content of /usr/lib64/sasl2/smtpd.conf --
> #pwcheck_method: auxprop
> #auxprop_plugin: sql
> pwcheck_method: saslauthd
> log_level: 3
> mech_list: plain login cram-md5 digest-md5
> sql_engine: mysql
> sql_hostnames: 127.0.0.1
> sql_user: --- replaced ---
> sql_passwd: --- replaced ---
> sql_database: mail
> sql_select: select smtp_pw_clear from popbox where smtp_login='%u'
> 
> -- content of /usr/lib/sasl2/smtpd.conf --
> #pwcheck_method: auxprop
> #auxprop_plugin: sql
> pwcheck_method: saslauthd
> log_level: 3
> mech_list: plain login cram-md5 digest-md5
> sql_engine: mysql
> sql_hostnames: 127.0.0.1
> sql_user: --- replaced ---
> sql_passwd: --- replaced ---
> sql_database: mail
> sql_select: select smtp_pw_clear from popbox where smtp_login='%u'
> 
> 
> -- active services in /etc/postfix/master.cf --
> # service type  private unpriv  chroot  wakeup  maxproc command + args
> #               (yes)   (yes)   (yes)   (never) (100)
> smtp    inet    n       -       n       -       20      smtpd
>          -o smtpd_proxy_filter=127.0.0.1:10024
>          -o smtpd_client_connection_count_limit=10
> 
> pickup    fifo  n       -       n       60      1       pickup
> cleanup   unix  n       -       n       -       0       cleanup
> qmgr      fifo  n       -       n       300     1       qmgr
> tlsmgr    unix  -       -       n       1000?   1       tlsmgr
> rewrite   unix  -       -       n       -       -       trivial-rewrite
> bounce    unix  -       -       n       -       0       bounce
> defer     unix  -       -       n       -       0       bounce
> trace     unix  -       -       n       -       0       bounce
> verify    unix  -       -       n       -       1       verify
> flush     unix  n       -       n       1000?   0       flush
> proxymap  unix  -       -       n       -       -       proxymap
> proxywrite unix -       -       n       -       1       proxymap
> smtp      unix  -       -       n       -       -       smtp
> relay     unix  -       -       n       -       -       smtp
>          -o smtp_fallback_relay=
> showq     unix  n       -       n       -       -       showq
> error     unix  -       -       n       -       -       error
> retry     unix  -       -       n       -       -       error
> discard   unix  -       -       n       -       -       discard
> local     unix  -       n       n       -       -       local
> virtual   unix  -       n       n       -       -       virtual
> lmtp      unix  -       -       n       -       -       lmtp
> anvil     unix  -       -       n       -       1       anvil
> scache    unix  -       -       n       -       1       scache
> 
> -- mechanisms on localhost --
> 250-AUTH GSSAPI NTLM LOGIN PLAIN DIGEST-MD5 CRAM-MD5
> 250-AUTH=GSSAPI NTLM LOGIN PLAIN DIGEST-MD5 CRAM-MD5
> 
> 
> -- end of saslfinger output --
> 
> # postconf -a
> cyrus
> dovecot
> 
> # postconf -m
> btree
> cidr
> environ
> hash
> mysql
> nis
> pcre
> proxy
> regexp
> static
> unix
> 
> # cat /etc/default/saslauthd
> START=yes
> MECHANISMS="pam"
> 
> # cat /etc/pam.d/smtp
> auth required pam_mysql.so user=xxx passwd=xxx host=127.0.0.1 db=mail 
> table=popbox usercolumn=smtp_login passwdcolumn=smtp_pw_clear
> account sufficient pam_mysql.so user=xxx passwd=xxx host=127.0.0.1 
> db=mail table=popbox usercolumn=smtp_login passwdcolumn=smtp_pw_clear
> 
> # ls -ls /var/run/
> ...
> drwxr-x---  2 root    sasl     100 2008-03-10 23:19 saslauthd
> ...
> 
> # ls -la /var/run/saslauthd
> srwxrwxrwx  1 root root   0 2008-03-10 23:19 mux
> -rw-------  1 root root   0 2008-03-10 23:19 mux.accept
> -rw-------  1 root root   6 2008-03-10 23:19 saslauthd.pid
> 
> # grep sasl /etc/group
> sasl:x:45:postfix
> -- 
> _______________________________________________
> Postfixbuch-users -- http://www.postfixbuch.de
> Heinlein Professional Linux Support GmbH
> 
> Postfixbuch-users at listi.jpberlin.de
> https://listi.jpberlin.de/mailman/listinfo/postfixbuch-users
> 






Mehr Informationen über die Mailingliste Postfixbuch-users