vtigerCRM - 503 5.5.1 Error: authentication not enabled

André Peters andre.peters at debinux.de
Mi Jan 20 09:03:43 CET 2016


Hi,

laut Doku:

tls://mail.example.org:587

Wenn der Sender in mynetworks ist, brauchst du - je nach Konfiguration - 
gar kein AUTH mehr. Vielleicht stört es Postfix, dass du es trotzdem 
versuchst. Angenommen immer, dass permit_mynetworks an entsprechender 
Stelle steht.

Grüße,
André P.

Am 20.01.2016 um 08:59 schrieb Andre Pirot:
> Guten Morgen,
>
> ich versuche in vtigerCRM meinen Postfix/Dovecot-Server als SMTP-Server einzurichten. In vtigerCRM habe ich die Möglichkeit, "Server Name", "User Name", "Password", "From Email" und "Requires Authentication" anzugeben, aber keinen Port 25, 465 oder 587. Mein Postfix erwartet die Authentifizierung auf 587. Jetzt habe ich unter mynetworks explizit 192.168.1.0/24 angegeben, weil der crm-Server auf 192.168.1.7 liegt, währende Postfix auf 192.168.1.3.
> Wenn ich in vtigerCRM die Mailserver-Einstellungen abschicken sehe ich:
>
>
> 	Jan 20 08:34:01 mail postfix/smtpd[17231]: input attribute name: (end)
> Jan 20 08:34:01 mail postfix/smtpd[17231]: connection established
> Jan 20 08:34:01 mail postfix/smtpd[17231]: master_notify: status 0
> Jan 20 08:34:01 mail postfix/smtpd[17231]: name_mask: resource
> Jan 20 08:34:01 mail postfix/smtpd[17231]: name_mask: software
> Jan 20 08:34:01 mail postfix/smtpd[17231]: connect from unknown[192.168.1.7]
> Jan 20 08:34:01 mail postfix/smtpd[17231]: match_list_match: unknown: no match
> Jan 20 08:34:01 mail postfix/smtpd[17231]: match_list_match: 192.168.1.7: no match
> Jan 20 08:34:01 mail postfix/smtpd[17231]: match_list_match: unknown: no match
> Jan 20 08:34:01 mail postfix/smtpd[17231]: match_list_match: 192.168.1.7: no match
> Jan 20 08:34:01 mail postfix/smtpd[17231]: smtp_stream_setup: maxtime=300 enable_deadline=0
> Jan 20 08:34:01 mail postfix/smtpd[17231]: match_hostname: unknown ~? 127.0.0.0/8
> Jan 20 08:34:01 mail postfix/smtpd[17231]: match_hostaddr: 192.168.1.7 ~? 127.0.0.0/8
> Jan 20 08:34:01 mail postfix/smtpd[17231]: match_hostname: unknown ~? [::ffff:127.0.0.0]/104
> Jan 20 08:34:01 mail postfix/smtpd[17231]: match_hostaddr: 192.168.1.7 ~? [::ffff:127.0.0.0]/104
> Jan 20 08:34:01 mail postfix/smtpd[17231]: match_hostname: unknown ~? [::1]/128
> Jan 20 08:34:01 mail postfix/smtpd[17231]: match_hostaddr: 192.168.1.7 ~? [::1]/128
> Jan 20 08:34:01 mail postfix/smtpd[17231]: match_hostname: unknown ~? 192.168.1.0/24
> Jan 20 08:34:01 mail postfix/smtpd[17231]: match_hostaddr: 192.168.1.7 ~? 192.168.1.0/24
> Jan 20 08:34:01 mail postfix/smtpd[17231]: > unknown[192.168.1.7]: 220 mail.example.com
> Jan 20 08:34:01 mail postfix/smtpd[17231]: < unknown[192.168.1.7]: EHLO 192.168.1.7
> Jan 20 08:34:01 mail postfix/smtpd[17231]: match_list_match: unknown: no match
> Jan 20 08:34:01 mail postfix/smtpd[17231]: match_list_match: 192.168.1.7: no match
> Jan 20 08:34:01 mail postfix/smtpd[17231]: > unknown[192.168.1.7]: 250-mail.example.com
> Jan 20 08:34:01 mail postfix/smtpd[17231]: > unknown[192.168.1.7]: 250-PIPELINING
> Jan 20 08:34:01 mail postfix/smtpd[17231]: > unknown[192.168.1.7]: 250-SIZE 26214400
> Jan 20 08:34:01 mail postfix/smtpd[17231]: > unknown[192.168.1.7]: 250-ETRN
> Jan 20 08:34:01 mail postfix/smtpd[17231]: > unknown[192.168.1.7]: 250-STARTTLS
> Jan 20 08:34:01 mail postfix/smtpd[17231]: > unknown[192.168.1.7]: 250-ENHANCEDSTATUSCODES
> Jan 20 08:34:01 mail postfix/smtpd[17231]: > unknown[192.168.1.7]: 250-8BITMIME
> Jan 20 08:34:01 mail postfix/smtpd[17231]: > unknown[192.168.1.7]: 250 DSN
> Jan 20 08:34:01 mail postfix/smtpd[17231]: < unknown[192.168.1.7]: AUTH LOGIN
> Jan 20 08:34:01 mail postfix/smtpd[17231]: > unknown[192.168.1.7]: 503 5.5.1 Error: authentication not enabled
> Jan 20 08:34:01 mail postfix/smtpd[17231]: < unknown[192.168.1.7]: quit
> Jan 20 08:34:01 mail postfix/smtpd[17231]: > unknown[192.168.1.7]: 221 2.0.0 Bye
> Jan 20 08:34:01 mail postfix/smtpd[17231]: match_hostname: unknown ~? 127.0.0.0/8
> Jan 20 08:34:01 mail postfix/smtpd[17231]: match_hostaddr: 192.168.1.7 ~? 127.0.0.0/8
> Jan 20 08:34:01 mail postfix/smtpd[17231]: match_hostname: unknown ~? [::ffff:127.0.0.0]/104
> Jan 20 08:34:01 mail postfix/smtpd[17231]: match_hostaddr: 192.168.1.7 ~? [::ffff:127.0.0.0]/104
> Jan 20 08:34:01 mail postfix/smtpd[17231]: match_hostname: unknown ~? [::1]/128
> Jan 20 08:34:01 mail postfix/smtpd[17231]: match_hostaddr: 192.168.1.7 ~? [::1]/128
> Jan 20 08:34:01 mail postfix/smtpd[17231]: match_hostname: unknown ~? 192.168.1.0/24
> Jan 20 08:34:01 mail postfix/smtpd[17231]: match_hostaddr: 192.168.1.7 ~? 192.168.1.0/24
> Jan 20 08:34:01 mail postfix/smtpd[17231]: disconnect from unknown[192.168.1.7]
> Jan 20 08:34:01 mail postfix/smtpd[17231]: master_notify: status 1
> Jan 20 08:34:01 mail postfix/smtpd[17231]: connection closed
>
> alias_database = hash:/etc/aliases
> alias_maps = hash:/etc/aliases
> append_dot_mydomain = no
> biff = no
> bounce_queue_lifetime = 1d
> broken_sasl_auth_clients = yes
> config_directory = /etc/postfix
> disable_vrfy_command = yes
> html_directory = /usr/share/doc/postfix/html
> inet_interfaces = all
> inet_protocols = all
> mailbox_size_limit = 0
> maximal_backoff_time = 1800s
> maximal_queue_lifetime = 1d
> message_size_limit = 26214400
> milter_default_action = accept
> milter_protocol = 6
> minimal_backoff_time = 300s
> mydestination = mail.example.com, localhost.example.com, localhost
> myhostname = mail.example.com
> mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128, 192.168.1.0/24
> myorigin = /etc/mailname
> postscreen_access_list = permit_mynetworks, cidr:/etc/postfix/postscreen_access.cidr
> postscreen_bare_newline_enable = no
> postscreen_blacklist_action = drop
> postscreen_cache_cleanup_interval = 24h
> postscreen_cache_map = proxy:btree:$data_directory/postscreen_cache
> postscreen_dnsbl_action = enforce
> postscreen_dnsbl_sites = b.barracudacentral.org=127.0.0.2*7 dnsbl.inps.de=127.0.0.2*7 bl.mailspike.net=127.0.0.2*5 bl.mailspike.net=127.0.0.[10;11;12]*4 dnsbl.sorbs.net=127.0.0.10*8 dnsbl.sorbs.net=127.0.0.5*6 dnsbl.sorbs.net=127.0.0.7*3 dnsbl.sorbs.net=127.0.0.8*2 dnsbl.sorbs.net=127.0.0.6*2 dnsbl.sorbs.net=127.0.0.9*2 zen.spamhaus.org=127.0.0.[10;11]*8 zen.spamhaus.org=127.0.0.[4..7]*6 zen.spamhaus.org=127.0.0.3*4 zen.spamhaus.org=127.0.0.2*3 hostkarma.junkemailfilter.com=127.0.0.2*3 hostkarma.junkemailfilter.com=127.0.0.4*1 hostkarma.junkemailfilter.com=127.0.1.2*1 wl.mailspike.net=127.0.0.[18;19;20]*-2 hostkarma.junkemailfilter.com=127.0.0.1*-2
> postscreen_dnsbl_threshold = 8
> postscreen_dnsbl_ttl = 5m
> postscreen_greet_action = enforce
> postscreen_greet_banner = $smtpd_banner
> postscreen_greet_ttl = 2d
> postscreen_greet_wait = 3s
> postscreen_non_smtp_command_enable = no
> postscreen_pipelining_enable = no
> proxy_read_maps = $local_recipient_maps $mydestination $virtual_alias_maps $virtual_alias_domains $virtual_mailbox_maps $virtual_mailbox_domains $relay_recipient_maps $relay_domains $canonical_maps $sender_canonical_maps $recipient_canonical_maps $relocated_maps $transport_maps $mynetworks $smtpd_sender_login_maps
> queue_run_delay = 300s
> readme_directory = /usr/share/doc/postfix
> recipient_delimiter = +
> relay_domains = proxy:mysql:/etc/postfix/sql/mysql_virtual_mxdomain_maps.cf
> relay_recipient_maps = proxy:mysql:/etc/postfix/sql/mysql_virtual_alias_maps.cf
> relayhost =
> smtp_header_checks = pcre:/etc/postfix/mailcow_anonymize_headers.pcre
> smtp_tls_CAfile = /etc/ssl/certs/ca-certificates.crt
> smtp_tls_cert_file = /etc/ssl/mail/mail.crt
> smtp_tls_key_file = /etc/ssl/mail/mail.key
> smtp_tls_loglevel = 1
> smtp_tls_security_level = may
> smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
> smtpd_banner = $myhostname
> smtpd_data_restrictions = reject_unauth_pipelining, permit
> smtpd_delay_reject = yes
> smtpd_error_sleep_time = 10s
> smtpd_hard_error_limit = ${stress?1}${stress:5}
> smtpd_helo_required = yes
> smtpd_proxy_timeout = 600s
> smtpd_recipient_restrictions = permit_sasl_authenticated, permit_mynetworks, reject_non_fqdn_helo_hostname, reject_invalid_helo_hostname, reject_unknown_reverse_client_hostname, reject_unauth_destination
> smtpd_restriction_classes = z1_greylisting
> smtpd_sasl_auth_enable = yes
> smtpd_sasl_authenticated_header = yes
> smtpd_sasl_path = private/auth_dovecot
> smtpd_sasl_type = dovecot
> smtpd_sender_login_maps = proxy:mysql:/etc/postfix/sql/mysql_virtual_sender_acl.cf, proxy:mysql:/etc/postfix/sql/mysql_virtual_alias_maps.cf
> smtpd_sender_restrictions = reject_authenticated_sender_login_mismatch, permit_mynetworks, reject_sender_login_mismatch, permit_sasl_authenticated, reject_unlisted_sender, reject_unknown_sender_domain
> smtpd_soft_error_limit = 3
> smtpd_tls_auth_only = yes
> smtpd_tls_cert_file = /etc/ssl/mail/mail.crt
> smtpd_tls_dh1024_param_file = /etc/ssl/mail/dhparams.pem
> smtpd_tls_eecdh_grade = strong
> smtpd_tls_exclude_ciphers = ECDHE-RSA-RC4-SHA
> smtpd_tls_key_file = /etc/ssl/mail/mail.key
> smtpd_tls_loglevel = 1
> smtpd_tls_mandatory_ciphers = high
> smtpd_tls_mandatory_exclude_ciphers = ECDHE-RSA-RC4-SHA
> smtpd_tls_mandatory_protocols = !SSLv2, !SSLv3
> smtpd_tls_security_level = may
> smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
> tls_high_cipherlist = EDH+CAMELLIA:EDH+aRSA:EECDH+aRSA+AESGCM:EECDH+aRSA+SHA384:EECDH+aRSA+SHA256:EECDH:+CAMELLIA256:+AES256:+CAMELLIA128:+AES128:+SSLv3:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!DSS:!RC4:!SEED:!ECDSA:CAMELLIA256-SHA:AES256-SHA:CAMELLIA128-SHA:AES128-SHA
> virtual_alias_maps = proxy:mysql:/etc/postfix/sql/mysql_virtual_alias_maps.cf, proxy:mysql:/etc/postfix/sql/mysql_virtual_spamalias_maps.cf, proxy:mysql:/etc/postfix/sql/mysql_virtual_alias_domain_maps.cf, proxy:mysql:/etc/postfix/sql/mysql_virtual_alias_domain_catchall_maps.cf
> virtual_gid_maps = static:5000
> virtual_mailbox_base = /var/vmail/
> virtual_mailbox_domains = proxy:mysql:/etc/postfix/sql/mysql_virtual_domains_maps.cf
> virtual_mailbox_maps = proxy:mysql:/etc/postfix/sql/mysql_virtual_mailbox_maps.cf, proxy:mysql:/etc/postfix/sql/mysql_virtual_alias_domain_mailbox_maps.cf
> virtual_minimum_uid = 104
> virtual_transport = lmtp:unix:private/dovecot-lmtp
> virtual_uid_maps = static:5000
> z1_greylisting = permit_dnswl_client list.dnswl.org, check_policy_service inet:127.0.0.1:10023
>
>
> Liegt die Unfähigkeit des Authentifizierens daran, dass 587 nicht angesprochen wird? Deswegen hatte ich eigentlich mynetworks entsprechend erweitert, damit Port 25 gilt. Oder liegt das an der Verschlüsselung des Passwortes? Ich trage das Passwort in vtigerCRM im Klartext ein und nutze als Benutzernamen die Form user at example.com.
>
> Wie sähe die Authenfitierung auf einem Postfix auf 192.168.1.7 aus, wenn dieser nur als SMTP-Relay an mail.example.com (192.168.1.2) senden können soll? Hier würde ich einen spartanische Postfix-Konfiguration einrichten.
>
> Grüße
>
> Andre


-------------- nächster Teil --------------
Ein Dateianhang mit Binärdaten wurde abgetrennt...
Dateiname   : smime.p7s
Dateityp    : application/pkcs7-signature
Dateigröße  : 5642 bytes
Beschreibung: S/MIME Cryptographic Signature
URL         : <https://listi.jpberlin.de/pipermail/postfixbuch-users/attachments/20160120/4484659f/attachment.p7s>


Mehr Informationen über die Mailingliste Postfixbuch-users