[Postfixbuch-users] reject_unauthenticated_sender_login_mismatchignored no SASL support

Holm Kapschitzki holm at x-provi.de
Do Jul 30 11:05:15 CEST 2009


Uwe Driessen schrieb:
> On Behalf Of Holm Kapschitzki
>> Ich bekomme beim aktivieren von reject_sender_login_mismatch folgende
>> Fehlermeldung im Log:
>>
>> Jul 30 09:04:32 srv18 postfix/smtpd[6708]: warning: restriction
>> `reject_unauthenticated_sender_login_mismatch' ignored: no SASL support
> 
> Logauszug bitte komplett. Daran ist jetzt nicht erkennbar ob das ein eigener User war. 

Jul 30 10:50:18 srv18 postfix/smtpd[11938]: connect from unknown[IP]
Jul 30 10:50:18 srv18 postfix/smtpd[12073]: connect from
localhost.localdomain[127.0.0.1]
Jul 30 10:50:18 srv18 postfix/smtpd[12073]: D5F8E15A496F:
client=localhost.localdomain[127.0.0.1]
Jul 30 10:50:18 srv18 postfix/cleanup[12000]: D5F8E15A496F:
message-id=<4a439592a5b41fd6a404bae301ed50a3.squirrel at webmail.srv18.example.de>
Jul 30 10:50:18 srv18 postfix/qmgr[12001]: D5F8E15A496F:
from=<dsfdsfs at google.de>, size=1070, nrcpt=1 (queue active)
Jul 30 10:50:18 srv18 postfix/smtpd[12073]: disconnect from
localhost.localdomain[127.0.0.1]
Jul 30 10:50:18 srv18 cyrus/imap[11190]: accepted connection
Jul 30 10:50:18 srv18 cyrus/imap[11190]: login: localhost.localdomain
[127.0.0.1] web0p1 plaintext User logged in
Jul 30 10:50:18 srv18 cyrus/imap[11190]: seen_db: user web0p1 opened
/var/lib/cyrus/user/w/web0p1.seen
Jul 30 10:50:19 srv18 cyrus/imap[11903]: accepted connection
Jul 30 10:50:19 srv18 cyrus/imap[11903]: login: localhost.localdomain
[127.0.0.1] web0p1 plaintext User logged in
Jul 30 10:50:19 srv18 cyrus/imap[11903]: seen_db: user web0p1 opened
/var/lib/cyrus/user/w/web0p1.seen
Jul 30 10:50:19 srv18 cyrus/imap[11903]: open: user web0p1 opened INBOX
Jul 30 10:50:19 srv18 cyrus/imap[11903]: open: user web0p1 opened INBOX
Jul 30 10:50:19 srv18 cyrus/imap[11903]: open: user web0p1 opened INBOX
Jul 30 10:50:19 srv18 cyrus/imap[11903]: SQUAT returned 1 messages
Jul 30 10:50:19 srv18 postfix/smtp[12002]: D5F8E15A496F:
to=<hk at example.com>, relay=mail.example.com[IP]:25, delay=0.83,
delays=0.1/0/0.22/0.5, dsn=2.0.0, status=sent (250 2.0.0 Ok: queued as
CD9EC8082A4)
Jul 30 10:50:19 srv18 postfix/qmgr[12001]: D5F8E15A496F: removed
Jul 30 10:50:20 srv18 postfix/smtpd[11938]: warning: restriction
`reject_authenticated_sender_login_mismatch' ignored: no SASL support
Jul 30 10:50:20 srv18 postfix/smtpd[11938]: warning: restriction
`reject_unauthenticated_sender_login_mismatch' ignored: no SASL support
Jul 30 10:50:20 srv18 postfix/smtpd[11938]: NOQUEUE: reject: RCPT from
unknown[andere-IP]: 554 5.7.1 <alias at example.net>: Relay access denied;
from=<alias2 at example.org> to=<alias at example.net> proto=ESMTP
helo=<[andere-IP]>
Jul 30 10:50:20 srv18 postfix/smtpd[11938]: warning: restriction
`reject_authenticated_sender_login_mismatch' ignored: no SASL support
Jul 30 10:50:20 srv18 postfix/smtpd[11938]: warning: restriction
`reject_unauthenticated_sender_login_mismatch' ignored: no SASL support
Jul 30 10:50:20 srv18 postfix/smtpd[11938]: NOQUEUE: reject: RCPT from
unknown[IP]: 554 5.7.1 <alias at example.net>: Relay access denied;
from=<alias2 at example.org> to=<alias at example.net> proto=ESMTP
helo=<[andere-IP]>


> 
>> os: debian etch
>> postfix version: 2.5.5-1.1
>>
>> main.conf:
>>
>> smtpd_sender_login_maps = hash:/etc/postfix/sender_login_mismatch_map
> 
> smtpd_sender_login_maps (default: empty)
> Optional lookup table with the SASL login names that own sender (MAIL FROM) addresses. 
> 
> Specify zero or more "type:table" lookup tables. With lookups from indexed files such as
> DB or DBM, or from networked tables such as NIS, LDAP or SQL, the following search
> operations are done with a sender address of user at domain: 
> 
> 1) user at domain 
> This table lookup is always done and has the highest precedence. 
> 2) user 
> This table lookup is done only when the domain part of the sender address matches
> $myorigin, $mydestination, $inet_interfaces or $proxy_interfaces. 
> 3) @domain 
> This table lookup is done last and has the lowest precedence. 
> In all cases the result of table lookup must be either "not found" or a list of SASL login
> names separated by comma and/or whitespace. 
> 
> 
> Da sollten alle mailkonten drin aufgeführt sein. 


Daran habe ich mich "eigentlich" gerichtet. Was ist wenn ein paar
Mailadressen fehlen? Die Mailadresse stehen ansonsten in virtuser. Ist
ein Confixxsystem, aber ist eigentlich in dem Sinne egal. In der
virtuser stehen einmal

user at domain user at domain
user at domain  SASL_Benutzer
user at domain  irgendwas


virtual_maps = hash:/etc/postfix/confixx_virtualUsers,
hash:/etc/postfix/confixx_localDomains

sender_login_mismatch_map:

abuse at expample.de	web0p1
abuse at expample.de       web0p2
achim at expample.net	web999p1
achim at expample.net	web999p10
....


Ich habe das einmal so probiert das die confixx_virtualUsers die
kopmplette  sender_login_mismatch_map und einmal selber eine aufgebaut,
in der Art siehee oberhalb.

Holm




Mehr Informationen über die Mailingliste Postfixbuch-users