[Postfixbuch-users] Kein SMTP-Auth bei ausschließlich lokalen Domains

Patrick Westenberg pw at wk-serv.de
Mo Mai 24 20:42:34 CEST 2010


Hallo zusammen,

ich habe ein Postfixsystem mit virtuellen Domains inkl. SASL über
Dovecot und mit Pgsql-Backend aufgesetzt.

Wenn ich über dieses System eine E-Mail verschicke, bei der sowohl
die MAIL FROM als auch die RCPT TO Domain bzw. Mailbox als virtuelle
Domain angelegt sind, dann ist ein Versand ohne SMTP AUTH möglich!

Ist eine der beiden Adresse nicht im System angelegt, funktioniert
SMTP-AUTH hervorragend.

Habe ich etwas elementares übersehen?

Gruß
Patrick


main.cf
-----------
alias_database = hash:/etc/aliases
alias_maps = hash:/etc/aliases
append_dot_mydomain = no
biff = no
broken_sasl_auth_clients = yes
config_directory = /etc/postfix
home_mailbox = Maildir/
inet_interfaces = all
mailbox_size_limit = 0
mydestination = smtp02.serverfreak.net, localhost.serverfreak.net, localhost
myhostname = smtp02.serverfreak.net
mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128
myorigin = /etc/mailname
readme_directory = no
recipient_delimiter = +
relayhost =
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
smtpd_banner = $myhostname ESMTP $mail_name $mail_version (Debian/GNU)
smtpd_recipient_restrictions = permit_mynetworks, 
          permit_sasl_authenticated, 
reject_unverified_recipient, 
reject_non_fqdn_sender, 
reject_unauth_destination, 
reject_invalid_helo_hostname, 
reject_unknown_sender_domain
smtpd_sasl_auth_enable = yes
smtpd_sasl_path = private/auth
smtpd_sasl_type = dovecot
smtpd_tls_CAfile = /etc/postfix/class3.crt
smtpd_tls_cert_file = /etc/postfix/smtp_serverfreak_net.crt
smtpd_tls_key_file = /etc/postfix/smtp_serverfreak_net.key
smtpd_tls_loglevel = 2
smtpd_tls_received_header = yes
smtpd_tls_security_level = encrypt
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
tls_random_source = dev:/dev/urandom
virtual_gid_maps = static:5000
virtual_mailbox_base = /var/mail/vhosts
virtual_mailbox_domains = pgsql:/etc/postfix/virtual_mailbox_domains
virtual_mailbox_maps = pgsql:/etc/postfix/virtual_mailbox_maps
virtual_minimum_uid = 5000
virtual_uid_maps = static:5000


master.cf
----------

smtp      inet  n       -       -       -       -       smtpd

smtps     inet  n       -       -       -       -       smtpd -v
   -o smtpd_tls_wrappermode=yes
   -o smtpd_sasl_auth_enable=yes
#  -o smtpd_client_restrictions=permit_sasl_authenticated,reject
#  -o milter_macro_daemon_name=ORIGINATING
#628      inet  n       -       -       -       -       qmqpd
pickup    fifo  n       -       -       60      1       pickup
cleanup   unix  n       -       -       -       0       cleanup
qmgr      fifo  n       -       n       300     1       qmgr
#qmgr     fifo  n       -       -       300     1       oqmgr
tlsmgr    unix  -       -       -       1000?   1       tlsmgr
rewrite   unix  -       -       -       -       -       trivial-rewrite
bounce    unix  -       -       -       -       0       bounce
defer     unix  -       -       -       -       0       bounce
trace     unix  -       -       -       -       0       bounce
verify    unix  -       -       -       -       1       verify
flush     unix  n       -       -       1000?   0       flush
proxymap  unix  -       -       n       -       -       proxymap
proxywrite unix -       -       n       -       1       proxymap
smtp      unix  -       -       -       -       -       smtp
# When relaying mail as backup MX, disable fallback_relay to avoid MX loops
relay     unix  -       -       -       -       -       smtp
         -o smtp_fallback_relay=
#       -o smtp_helo_timeout=5 -o smtp_connect_timeout=5
showq     unix  n       -       -       -       -       showq
error     unix  -       -       -       -       -       error
retry     unix  -       -       -       -       -       error
discard   unix  -       -       -       -       -       discard
local     unix  -       n       n       -       -       local
virtual   unix  -       n       n       -       -       virtual
lmtp      unix  -       -       -       -       -       lmtp
anvil     unix  -       -       -       -       1       anvil
scache    unix  -       -       -       -       1       scache

maildrop  unix  -       n       n       -       -       pipe
   flags=DRhu user=vmail argv=/usr/bin/maildrop -d ${recipient}
uucp      unix  -       n       n       -       -       pipe
   flags=Fqhu user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail 
($recipient)
ifmail    unix  -       n       n       -       -       pipe
   flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient)
bsmtp     unix  -       n       n       -       -       pipe
   flags=Fq. user=bsmtp argv=/usr/lib/bsmtp/bsmtp -t$nexthop -f$sender 
$recipient
scalemail-backend unix  -       n       n       -       2       pipe
   flags=R user=scalemail argv=/usr/lib/scalemail/bin/scalemail-store 
${nexthop} ${user} ${extension}
mailman   unix  -       n       n       -       -       pipe
   flags=FR user=list argv=/usr/lib/mailman/bin/postfix-to-mailman.py
   ${nexthop} ${user}


Auszug aus dem Log bei lokalem Versender und Empfänger
------------------------------------------------------
May 24 20:29:49 smtp02 postfix/smtpd[1521]: initializing the server-side 
TLS engine
May 24 20:29:49 smtp02 postfix/smtpd[1521]: connect from unknown[10.5.29.31]
May 24 20:29:49 smtp02 postfix/smtpd[1521]: setting up TLS connection 
from unknown[10.5.29.31]
May 24 20:29:49 smtp02 postfix/smtpd[1521]: unknown[10.5.29.31]: TLS 
cipher list "ALL:!EXPORT:!LOW:+RC4:@STRENGTH"
May 24 20:29:49 smtp02 postfix/smtpd[1521]: SSL_accept:before/accept 
initialization
May 24 20:29:49 smtp02 postfix/smtpd[1521]: SSL_accept:SSLv3 read client 
hello B
May 24 20:29:49 smtp02 postfix/smtpd[1521]: SSL_accept:SSLv3 write 
server hello A
May 24 20:29:49 smtp02 postfix/smtpd[1521]: SSL_accept:SSLv3 write 
certificate A
May 24 20:29:49 smtp02 postfix/smtpd[1521]: SSL_accept:SSLv3 write key 
exchange A
May 24 20:29:49 smtp02 postfix/smtpd[1521]: SSL_accept:SSLv3 write 
server done A
May 24 20:29:49 smtp02 postfix/smtpd[1521]: SSL_accept:SSLv3 flush data
May 24 20:29:49 smtp02 postfix/smtpd[1521]: SSL_accept:SSLv3 read client 
key exchange A
May 24 20:29:49 smtp02 postfix/smtpd[1521]: SSL_accept:SSLv3 read finished A
May 24 20:29:49 smtp02 postfix/smtpd[1521]: SSL_accept:SSLv3 write 
session ticket A
May 24 20:29:49 smtp02 postfix/smtpd[1521]: SSL_accept:SSLv3 write 
change cipher spec A
May 24 20:29:49 smtp02 postfix/smtpd[1521]: SSL_accept:SSLv3 write 
finished A
May 24 20:29:49 smtp02 postfix/smtpd[1521]: SSL_accept:SSLv3 flush data
May 24 20:29:49 smtp02 postfix/smtpd[1521]: Anonymous TLS connection 
established from unknown[10.5.29.31]: TLSv1 with cipher 
DHE-RSA-AES256-SHA (256/256 bits)
May 24 20:29:49 smtp02 postfix/smtpd[1521]: 75DFD51FEF: 
client=unknown[10.5.29.31]
May 24 20:29:49 smtp02 postfix/cleanup[1526]: 75DFD51FEF: 
message-id=<4BFAC59C.1000604 at jasbafliesen.de>
May 24 20:29:49 smtp02 postfix/qmgr[1496]: 75DFD51FEF: 
from=<mail at jasbafliesen.de>, size=685, nrcpt=1 (queue active)
May 24 20:29:49 smtp02 postfix/smtpd[1521]: disconnect from 
unknown[10.5.29.31]
May 24 20:29:49 smtp02 postfix/virtual[1527]: 75DFD51FEF: 
to=<post at grohnfliesen.de>, relay=virtual, delay=0.13, 
delays=0.09/0.01/0/0.02, dsn=2.0.0, status=sent (delivered to maildir)
May 24 20:29:49 smtp02 postfix/qmgr[1496]: 75DFD51FEF: removed


Auszug aus dem Log bei einem externen Empfänger
-----------------------------------------------
May 24 20:40:25 smtp02 postfix/smtpd[1763]: initializing the server-side 
TLS engine
May 24 20:40:25 smtp02 postfix/tlsmgr[1765]: open smtpd TLS cache 
btree:/var/lib/postfix/smtpd_scache
May 24 20:40:25 smtp02 postfix/tlsmgr[1765]: tlsmgr_cache_run_event: 
start TLS smtpd session cache cleanup
May 24 20:40:25 smtp02 postfix/smtpd[1763]: connect from unknown[10.5.29.31]
May 24 20:40:25 smtp02 postfix/smtpd[1763]: setting up TLS connection 
from unknown[10.5.29.31]
May 24 20:40:25 smtp02 postfix/smtpd[1763]: unknown[10.5.29.31]: TLS 
cipher list "ALL:!EXPORT:!LOW:+RC4:@STRENGTH"
May 24 20:40:25 smtp02 postfix/smtpd[1763]: SSL_accept:before/accept 
initialization
May 24 20:40:25 smtp02 postfix/smtpd[1763]: SSL_accept:SSLv3 read client 
hello B
May 24 20:40:25 smtp02 postfix/smtpd[1763]: SSL_accept:SSLv3 write 
server hello A
May 24 20:40:25 smtp02 postfix/smtpd[1763]: SSL_accept:SSLv3 write 
certificate A
May 24 20:40:25 smtp02 postfix/smtpd[1763]: SSL_accept:SSLv3 write key 
exchange A
May 24 20:40:25 smtp02 postfix/smtpd[1763]: SSL_accept:SSLv3 write 
server done A
May 24 20:40:25 smtp02 postfix/smtpd[1763]: SSL_accept:SSLv3 flush data
May 24 20:40:25 smtp02 postfix/smtpd[1763]: SSL_accept:SSLv3 read client 
key exchange A
May 24 20:40:25 smtp02 postfix/smtpd[1763]: SSL_accept:SSLv3 read finished A
May 24 20:40:25 smtp02 postfix/smtpd[1763]: SSL_accept:SSLv3 write 
session ticket A
May 24 20:40:25 smtp02 postfix/smtpd[1763]: SSL_accept:SSLv3 write 
change cipher spec A
May 24 20:40:25 smtp02 postfix/smtpd[1763]: SSL_accept:SSLv3 write 
finished A
May 24 20:40:25 smtp02 postfix/smtpd[1763]: SSL_accept:SSLv3 flush data
May 24 20:40:25 smtp02 postfix/smtpd[1763]: Anonymous TLS connection 
established from unknown[10.5.29.31]: TLSv1 with cipher 
DHE-RSA-AES256-SHA (256/256 bits)
May 24 20:40:26 smtp02 postfix/cleanup[1769]: 0360E51FEF: 
message-id=<20100524184026.0360E51FEF at smtp02.serverfreak.net>
May 24 20:40:26 smtp02 postfix/qmgr[1760]: 0360E51FEF: 
from=<double-bounce at smtp02.serverfreak.net>, size=287, nrcpt=1 (queue 
active)
May 24 20:40:26 smtp02 postfix/smtp[1770]: 0360E51FEF: 
to=<pw at wk-serv.de>, relay=mail.wk-serv.de[83.149.68.7]:25, delay=0.44, 
delays=0/0.01/0.08/0.34, dsn=2.0.0, status=deliverable (250 ok)
May 24 20:40:26 smtp02 postfix/qmgr[1760]: 0360E51FEF: removed
May 24 20:40:29 smtp02 postfix/smtpd[1763]: NOQUEUE: reject: RCPT from 
unknown[10.5.29.31]: 554 5.7.1 <pw at wk-serv.de>: Relay access denied; 
from=<mail at jasbafliesen.de> to=<pw at wk-serv.de> proto=ESMTP 
helo=<[10.5.29.31]>
May 24 20:40:32 smtp02 postfix/smtpd[1763]: disconnect from 
unknown[10.5.29.31]




Mehr Informationen über die Mailingliste Postfixbuch-users