[Postfixbuch-users] Authentifizierung an Strato-Mailserver schlägt fehl

Di Sep 16 20:34:43 CEST 2008

Hallo Gemeinde,

> relayhost = [smtp.strato.de]:25
dank der vielen hilfreichen Ratschläge hier in der Newsgroup ich bin 
zwei große Schritte weitergekommen.

1. Postfix spricht mit dem richtigen Server bei Strato; der Tipp von SW 
war goldrichtig. Mit den eckigen Klammern um den Hostnamen wird der 
Server smtp.strato.de direkt angesprochen.

2. Mein Mailversand klappt jetzt, es werden wieder Mails ausgeliefert.

Allerdings spricht Postfix auch nach Installation des Pakets 
cyrus-sasl-md5 nur AUTH PLAIN, und nicht CRAM-MD5

81.169.145.133        192.168.192.200       169   SMTP     Response: 220 
post.webmailer.de [klopstock mo12] ESMTP RZmta 17.4 ready; Tue, 16 Sep 
2008 20:06:55 +0200 (MEST)
192.168.192.200       81.169.145.133        66    TCP      55484 > smtp 
[ACK] Seq=1 Ack=104 Win=5856 Len=0 TSV=3752384320 TSER=2577258148
192.168.192.200       81.169.145.133        94    SMTP     Command: EHLO 
marmolada.klettern.de
81.169.145.133        192.168.192.200       66    TCP      smtp > 55484 
[ACK] Seq=104 Ack=29 Win=50400 Len=0 TSV=2577258154 TSER=3752384320
81.169.145.133        192.168.192.200       280   SMTP     Response: 
250-post.webmailer.de [klopstock mo12] greets marmolada.klettern.de
192.168.192.200       81.169.145.133        167   SMTP     Command: AUTH 
PLAIN dfKJHkjhkjuJUnn......................sZXR0ZXJuLW1hZ2F6aW4uZGUAc==
81.169.145.133        192.168.192.200       66    TCP      smtp > 55484 
[ACK] Seq=318 Ack=130 Win=50400 Len=0 TSV=2577258159 TSER=3752384373
81.169.145.133        192.168.192.200       94    SMTP     Response: 235 
2.0.0 OK Authenticated
192.168.192.200       81.169.145.133        166   SMTP     Command: MAIL 
FROM:<root at marmolada.klettern.de> SIZE=374 AUTH=<>

Gibts es eine Möglichkeit Postfix zu zwingen CRAM-MD5 zu verwenden, oder 
ist AUTH PLAIN das Maximum was die beiden Partner an Verschlüsselung 
aushandeln können ?

ciao, Stefan

PS Hier kommt noch saslfinger -c:

saslfinger - postfix Cyrus sasl configuration Tue Sep 16 20:32:50 CEST 2008
version: 1.0.2
mode: client-side SMTP AUTH

-- basics --
Postfix: 2.3.3
System: Fedora Core release 6 (Zod)

-- smtp is linked to --
    libsasl2.so.2 => /usr/lib/libsasl2.so.2 (0x002a1000)

-- active SMTP AUTH and TLS parameters for smtp --
relayhost = [smtp.strato.de]:25
smtp_sasl_auth_enable = yes
smtp_sasl_password_maps = hash:/etc/postfix/smtp_auth
smtp_sasl_security_options = noanonymous

-- listing of /usr/lib/sasl --
total 88
drwxr-xr-x  2 root root  4096 Jun 13  2007 .
drwxr-xr-x 85 root root 65536 May 20  2007 ..
-rw-r--r--  1 root root    47 Sep  1  2006 smtpd.conf

-- listing of /usr/lib/sasl2 --
total 3188
drwxr-xr-x  2 root root   4096 Sep 16 15:01 .
drwxr-xr-x 85 root root  65536 May 20  2007 ..
-rwxr-xr-x  1 root root    884 Sep 29  2006 libanonymous.la
-rwxr-xr-x  1 root root  14596 Sep 29  2006 libanonymous.so
-rwxr-xr-x  1 root root  14596 Sep 29  2006 libanonymous.so.2
-rwxr-xr-x  1 root root  14596 Sep 29  2006 libanonymous.so.2.0.22
-rwxr-xr-x  1 root root    870 Sep 29  2006 libcrammd5.la
-rwxr-xr-x  1 root root  17056 Sep 29  2006 libcrammd5.so
-rwxr-xr-x  1 root root  17056 Sep 29  2006 libcrammd5.so.2
-rwxr-xr-x  1 root root  17056 Sep 29  2006 libcrammd5.so.2.0.22
-rwxr-xr-x  1 root root    893 Sep 29  2006 libdigestmd5.la
-rwxr-xr-x  1 root root  47204 Sep 29  2006 libdigestmd5.so
-rwxr-xr-x  1 root root  47204 Sep 29  2006 libdigestmd5.so.2
-rwxr-xr-x  1 root root  47204 Sep 29  2006 libdigestmd5.so.2.0.22
-rwxr-xr-x  1 root root    856 Sep 29  2006 liblogin.la
-rwxr-xr-x  1 root root  14976 Sep 29  2006 liblogin.so
-rwxr-xr-x  1 root root  14976 Sep 29  2006 liblogin.so.2
-rwxr-xr-x  1 root root  14976 Sep 29  2006 liblogin.so.2.0.22
-rwxr-xr-x  1 root root    856 Sep 29  2006 libplain.la
-rwxr-xr-x  1 root root  15072 Sep 29  2006 libplain.so
-rwxr-xr-x  1 root root  15072 Sep 29  2006 libplain.so.2
-rwxr-xr-x  1 root root  15072 Sep 29  2006 libplain.so.2.0.22
-rwxr-xr-x  1 root root    930 Sep 29  2006 libsasldb.la
-rwxr-xr-x  1 root root 905200 Sep 29  2006 libsasldb.so
-rwxr-xr-x  1 root root 905200 Sep 29  2006 libsasldb.so.2
-rwxr-xr-x  1 root root 905200 Sep 29  2006 libsasldb.so.2.0.22
-rw-r--r--  1 root root     26 Sep  1  2006 smtpd.conf

-- listing of /etc/sasl2 --
total 24
drwxr-xr-x  2 root root  4096 Sep 29  2006 .
drwxr-xr-x 96 root root 12288 Sep 16 14:51 ..

-- permissions for /etc/postfix/smtp_auth --
-rw-r--r-- 1 root root 50 Sep 15 21:10 /etc/postfix/smtp_auth

-- permissions for /etc/postfix/smtp_auth.db --
-rw-r--r-- 1 root root 12288 Sep 15 21:10 /etc/postfix/smtp_auth.db

/etc/postfix/smtp_auth.db is up to date.

-- active services in /etc/postfix/master.cf --
# service type  private unpriv  chroot  wakeup  maxproc command + args
#               (yes)   (yes)   (yes)   (never) (100)
smtp      inet  n       -       n       -       -       smtpd
pickup    fifo  n       -       n       60      1       pickup
cleanup   unix  n       -       n       -       0       cleanup
qmgr      fifo  n       -       n       300     1       qmgr
tlsmgr    unix  -       -       n       1000?   1       tlsmgr
rewrite   unix  -       -       n       -       -       trivial-rewrite
bounce    unix  -       -       n       -       0       bounce
defer     unix  -       -       n       -       0       bounce
trace     unix  -       -       n       -       0       bounce
verify    unix  -       -       n       -       1       verify
flush     unix  n       -       n       1000?   0       flush
proxymap  unix  -       -       n       -       -       proxymap
smtp      unix  -       -       n       -       -       smtp
relay     unix  -       -       n       -       -       smtp
    -o fallback_relay=
showq     unix  n       -       n       -       -       showq
error     unix  -       -       n       -       -       error
discard   unix  -       -       n       -       -       discard
local     unix  -       n       n       -       -       local
virtual   unix  -       n       n       -       -       virtual
lmtp      unix  -       -       n       -       -       lmtp
anvil     unix  -       -       n       -       1       anvil
scache      unix    -    -    n    -    1    scache
maildrop  unix  -       n       n       -       -       pipe
  flags=DRhu user=vmail argv=/usr/local/bin/maildrop -d ${recipient}
old-cyrus unix  -       n       n       -       -       pipe
  flags=R user=cyrus argv=/usr/lib/cyrus-imapd/deliver -e -m 
${extension} ${user}
cyrus     unix  -       n       n       -       -       pipe
  user=cyrus argv=/usr/lib/cyrus-imapd/deliver -e -r ${sender} -m 
${extension} ${user}
uucp      unix  -       n       n       -       -       pipe
  flags=Fqhu user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail 
($recipient)
ifmail    unix  -       n       n       -       -       pipe
  flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient)
bsmtp     unix  -       n       n       -       -       pipe
  flags=Fq. user=foo argv=/usr/local/sbin/bsmtp -f $sender $nexthop 
$recipient

-- mechanisms on smtp.strato.de --
250-AUTH PLAIN LOGIN CRAM-MD5

-- end of saslfinger output --