<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<meta content="text/html;charset=ISO-8859-1" http-equiv="Content-Type">
</head>
<body bgcolor="#ffffff" text="#000000">
Hallo Leute!<br>
Ich habe einen root server, über den sollen mehrere Domains verwaltet
werden. Nun bin ich bin ein Anfänger, was Mailserver angeht, jedoch
habe ich mir das Postfix Buch von Ralf Hildebrandt und Patrick Ben
Koetter gekauft und mehrmals durchgelesen und parallel dazu den Server
aufgesetzt. <br>
Nun dachte ich mir, dass aus Sicherheitsgründen und
verwaltungstechnischer Bequemlichkeit die Postfächer virtuell sein
sollten. Bevor ich allerdings die Schnittstelle zum cyrus imapd
herstellen will, möchte ich erst mal das smtp auth hinbekommen. Die
Benutzerdaten sind in einer Datenbank hinterlegt, der postfix user kann
auch auf die db und die Einträge zugreifen. Wenn ich mich verbinde,
sagt der mir allerdings immer, dass das Zugangspasswort falsch ist.
Ich poste mal den Print von saslfinger, und die Fehlermeldung,
vielleicht kann mir ja jemand tipps geben!<br>
<br>
saslfinger - postfix Cyrus sasl configuration Sa 8. Dez 20:58:32 CET
2007<br>
version: 1.0.5<br>
mode: server-side SMTP AUTH<br>
<br>
-- basics --<br>
Postfix: 2.4.5<br>
System: Ubuntu 7.10 \n \l<br>
<br>
-- smtpd is linked to --<br>
libsasl2.so.2 => /usr/lib/libsasl2.so.2 (0xb7d1e000)<br>
<br>
-- active SMTP AUTH and TLS parameters for smtpd --<br>
broken_sasl_auth_clients = yes<br>
smtpd_sasl_auth_enable = yes<br>
smtpd_sasl_local_domain = $myhostname<br>
smtpd_sasl_security_options = noanonymous<br>
<br>
<br>
-- listing of /usr/lib/sasl2 --<br>
total 792<br>
drwxr-xr-x 2 root root 4096 2007-12-04 21:51 .<br>
drwxr-xr-x 50 root root 12288 2007-12-08 20:56 ..<br>
-rw-r--r-- 1 root root 13640 2007-10-02 15:58 libanonymous.a<br>
-rw-r--r-- 1 root root 862 2007-10-02 15:58 libanonymous.la<br>
-rw-r--r-- 1 root root 13208 2007-10-02 15:58 libanonymous.so<br>
-rw-r--r-- 1 root root 13208 2007-10-02 15:58 libanonymous.so.2<br>
-rw-r--r-- 1 root root 13208 2007-10-02 15:58 libanonymous.so.2.0.22<br>
-rw-r--r-- 1 root root 15974 2007-10-02 15:58 libcrammd5.a<br>
-rw-r--r-- 1 root root 848 2007-10-02 15:58 libcrammd5.la<br>
-rw-r--r-- 1 root root 15672 2007-10-02 15:58 libcrammd5.so<br>
-rw-r--r-- 1 root root 15672 2007-10-02 15:58 libcrammd5.so.2<br>
-rw-r--r-- 1 root root 15672 2007-10-02 15:58 libcrammd5.so.2.0.22<br>
-rw-r--r-- 1 root root 47348 2007-10-02 15:58 libdigestmd5.a<br>
-rw-r--r-- 1 root root 871 2007-10-02 15:58 libdigestmd5.la<br>
-rw-r--r-- 1 root root 43916 2007-10-02 15:58 libdigestmd5.so<br>
-rw-r--r-- 1 root root 43916 2007-10-02 15:58 libdigestmd5.so.2<br>
-rw-r--r-- 1 root root 43916 2007-10-02 15:58 libdigestmd5.so.2.0.22<br>
-rw-r--r-- 1 root root 13650 2007-10-02 15:58 liblogin.a<br>
-rw-r--r-- 1 root root 842 2007-10-02 15:58 liblogin.la<br>
-rw-r--r-- 1 root root 14036 2007-10-02 15:58 liblogin.so<br>
-rw-r--r-- 1 root root 14036 2007-10-02 15:58 liblogin.so.2<br>
-rw-r--r-- 1 root root 14036 2007-10-02 15:58 liblogin.so.2.0.22<br>
-rw-r--r-- 1 root root 30516 2007-10-02 15:58 libntlm.a<br>
-rw-r--r-- 1 root root 836 2007-10-02 15:58 libntlm.la<br>
-rw-r--r-- 1 root root 29876 2007-10-02 15:58 libntlm.so<br>
-rw-r--r-- 1 root root 29876 2007-10-02 15:58 libntlm.so.2<br>
-rw-r--r-- 1 root root 29876 2007-10-02 15:58 libntlm.so.2.0.22<br>
-rw-r--r-- 1 root root 13938 2007-10-02 15:58 libplain.a<br>
-rw-r--r-- 1 root root 842 2007-10-02 15:58 libplain.la<br>
-rw-r--r-- 1 root root 14036 2007-10-02 15:58 libplain.so<br>
-rw-r--r-- 1 root root 14036 2007-10-02 15:58 libplain.so.2<br>
-rw-r--r-- 1 root root 14036 2007-10-02 15:58 libplain.so.2.0.22<br>
-rw-r--r-- 1 root root 22150 2007-10-02 15:58 libsasldb.a<br>
-rw-r--r-- 1 root root 863 2007-10-02 15:58 libsasldb.la<br>
-rw-r--r-- 1 root root 18356 2007-10-02 15:58 libsasldb.so<br>
-rw-r--r-- 1 root root 18356 2007-10-02 15:58 libsasldb.so.2<br>
-rw-r--r-- 1 root root 18356 2007-10-02 15:58 libsasldb.so.2.0.22<br>
-rw-r--r-- 1 root root 23812 2007-10-02 15:58 libsql.a<br>
-rw-r--r-- 1 root root 971 2007-10-02 15:58 libsql.la<br>
-rw-r--r-- 1 root root 23352 2007-10-02 15:58 libsql.so<br>
-rw-r--r-- 1 root root 23352 2007-10-02 15:58 libsql.so.2<br>
-rw-r--r-- 1 root root 23352 2007-10-02 15:58 libsql.so.2.0.22<br>
<br>
-- listing of /etc/postfix/sasl --<br>
total 12<br>
drwxr-xr-x 2 root root 4096 2007-12-08 20:52 .<br>
drwxr-xr-x 4 root root 4096 2007-12-08 20:55 ..<br>
-rw-r--r-- 1 root root 390 2007-12-08 20:25 smtpd.conf<br>
<br>
<br>
<br>
<br>
-- content of /etc/postfix/sasl/smtpd.conf --<br>
log_level: 7<br>
pwcheck_method: auxprop<br>
#neu:<br>
auxprop_plugin: sql<br>
allowplaintext: yes<br>
allowanonymouslogin: no<br>
mech_list: PLAIN LOGIN<br>
# LOGIN CRAM-MD5 DIGEST-MD5<br>
sql_engine: mysql<br>
sql_hostnames: localhost<br>
sql_database: mail<br>
sql_user: --- replaced ---<br>
sql_passwd: --- replaced ---<br>
sql_select: SELECT userpassword FROM virtual_users WHERE username = '%u'<br>
#AND auth = '1' AND active = '1'<br>
sql_usessl: no<br>
<br>
-- content of /etc/postfix/sasl/smtpd.conf --<br>
log_level: 7<br>
pwcheck_method: auxprop<br>
#neu:<br>
auxprop_plugin: sql<br>
allowplaintext: yes<br>
allowanonymouslogin: no<br>
mech_list: PLAIN LOGIN<br>
# LOGIN CRAM-MD5 DIGEST-MD5<br>
sql_engine: mysql<br>
sql_hostnames: localhost<br>
sql_database: mail<br>
sql_user: --- replaced ---<br>
sql_passwd: --- replaced ---<br>
sql_select: SELECT userpassword FROM virtual_users WHERE username = '%u'<br>
#AND auth = '1' AND active = '1'<br>
sql_usessl: no<br>
<br>
<br>
-- active services in /etc/postfix/master.cf --<br>
# service type private unpriv chroot wakeup maxproc command + args<br>
# (yes) (yes) (yes) (never) (100)<br>
smtp inet n - - - - smtpd -v<br>
pickup fifo n - - 60 1 pickup -v<br>
cleanup unix n - - - 0 cleanup -v<br>
qmgr fifo n - n 300 1 qmgr -v<br>
tlsmgr unix - - - 1000? 1 tlsmgr -v<br>
rewrite unix - - - - - trivial-rewrite
-v<br>
bounce unix - - - - 0 bounce -v<br>
defer unix - - - - 0 bounce -v<br>
trace unix - - - - 0 bounce -v<br>
verify unix - - - - 1 verify -v<br>
flush unix n - - 1000? 0 flush -v<br>
proxymap unix - - n - - proxymap -v<br>
smtp unix - - - - - smtp -v<br>
relay unix - - - - - smtp -v<br>
-o smtp_fallback_relay=<br>
showq unix n - - - - showq -v<br>
error unix - - - - - error -v<br>
retry unix - - - - - error -v<br>
discard unix - - - - - discard -v<br>
local unix - n n - - local -v<br>
virtual unix - n n - - virtual -v<br>
lmtp unix - - - - - lmtp -v<br>
anvil unix - - - - 1 anvil -v<br>
scache unix - - - - 1 scache -v<br>
maildrop unix - n n - - pipe<br>
flags=DRhu user=vmail argv=/usr/bin/maildrop -d ${recipient}<br>
uucp unix - n n - - pipe<br>
flags=Fqhu user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail
($recipient)<br>
ifmail unix - n n - - pipe<br>
flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient)<br>
bsmtp unix - n n - - pipe<br>
flags=Fq. user=bsmtp argv=/usr/lib/bsmtp/bsmtp -t$nexthop -f$sender
$recipient<br>
scalemail-backend unix - n n - 2 pipe<br>
flags=R user=scalemail argv=/usr/lib/scalemail/bin/scalemail-store
${nexthop} ${user} ${extension}<br>
mailman unix - n n - - pipe<br>
flags=FR user=list argv=/usr/lib/mailman/bin/postfix-to-mailman.py<br>
${nexthop} ${user}<br>
<br>
-- mechanisms on localhost --<br>
250-AUTH PLAIN LOGIN<br>
250-AUTH=PLAIN LOGIN<br>
<br>
<br>
-- end of saslfinger output --<br>
<br>
softice@noise:~$ saslfinger -s >out.put<br>
softice@noise:~$ vim out.put<br>
verify unix - - - - 1 verify -v<br>
flush unix n - - 1000? 0 flush -v<br>
proxymap unix - - n - - proxymap -v<br>
smtp unix - - - - - smtp -v<br>
relay unix - - - - - smtp -v<br>
-o smtp_fallback_relay=<br>
showq unix n - - - - showq -v<br>
error unix - - - - - error -v<br>
retry unix - - - - - error -v<br>
discard unix - - - - - discard -v<br>
local unix - n n - - local -v<br>
virtual unix - n n - - virtual -v<br>
lmtp unix - - - - - lmtp -v<br>
anvil unix - - - - 1 anvil -v<br>
scache unix - - - - 1 scache -v<br>
maildrop unix - n n - - pipe<br>
flags=DRhu user=vmail argv=/usr/bin/maildrop -d ${recipient}<br>
uucp unix - n n - - pipe<br>
flags=Fqhu user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail
($recipient)<br>
ifmail unix - n n - - pipe<br>
flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient)<br>
bsmtp unix - n n - - pipe<br>
flags=Fq. user=bsmtp argv=/usr/lib/bsmtp/bsmtp -t$nexthop -f$sender
$recipient<br>
scalemail-backend unix - n n - 2 pipe<br>
flags=R user=scalemail argv=/usr/lib/scalemail/bin/scalemail-store
${nexthop} ${user} ${extension}<br>
mailman unix - n n - - pipe<br>
flags=FR user=list argv=/usr/lib/mailman/bin/postfix-to-mailman.py<br>
${nexthop} ${user}<br>
<br>
-- mechanisms on localhost --<br>
250-AUTH PLAIN LOGIN^M<br>
250-AUTH=PLAIN LOGIN^M<br>
<br>
<br>
-- end of saslfinger output --<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
Auszug aus der main.cf:<br>
<br>
<br>
# Debian specific: Specifying a file name will cause the first<br>
# line of that file to be used as the name. The Debian default<br>
# is /etc/mailname.<br>
#myorigin = /etc/mailname<br>
<br>
smtpd_banner = $myhostname ESMTP $mail_name<br>
biff = no<br>
<br>
# appending .domain is the MUA's job.<br>
append_dot_mydomain = no<br>
<br>
# Uncomment the next line to generate "delayed mail" warnings<br>
#delay_warning_time = 4h<br>
<br>
# TLS parameters kommt noch!<br>
#smtpd_tls_cert_file=/etc/ssl/certs/ssl-cert-snakeoil.pem<br>
#smtpd_tls_key_file=/etc/ssl/private/ssl-cert-snakeoil.key<br>
#smtpd_use_tls=yes<br>
#smtpd_tls_session_cache_database =
btree:${queue_directory}/smtpd_scache<br>
#smtp_tls_session_cache_database = btree:${queue_directory}/smtp_scache<br>
<br>
# SASL parameters<br>
#smtpd_sasl_path = smtpd<br>
smtpd_sasl_application_name = smtpd<br>
smtpd_sasl_auth_enable = yes<br>
smtpd_sasl_security_options = noanonymous<br>
broken_sasl_auth_clients = yes<br>
<br>
# Realm (domain) festlegen, unter dem ein Benutzer ohne angegebenen
Realm behandelt werden soll, map erstellen,z bsp mit sql, oder foo-
domain angeben?<br>
smtpd_sasl_local_domain = $myhostname<br>
<br>
#Einschraenkungen<br>
smtpd_helo_required = yes<br>
<br>
# See /usr/share/doc/postfix/TLS_README.gz in the postfix-doc package
for<br>
# information on enabling SSL in the smtp client.<br>
mydomain = localhost<br>
myhostname = noise.domain1<br>
myorigin = $mydomain<br>
mydestination = noise.localhost<br>
localhost<br>
relayhost =<br>
mynetworks = 127.0.0.0/8<br>
mailbox_size_limit = 0<br>
recipient_delimiter = +<br>
inet_interfaces = all<br>
address_verify_sender = postmaster@domain1<br>
address_verify_negative_cache = no<br>
#RESTRICTIONS<br>
smtpd_recipient_restrictions =<br>
.<br>
permit_mynetworks,<br>
permit_sasl_authenticated,<br>
.<br>
permit<br>
<br>
smtpd_data_restrictions =<br>
reject_multi_recipient_bounce<br>
<br>
virtual_mailbox_base = /var/spool/virtual_mailboxes<br>
virtual_mailbox_maps =
mysql:/etc/postfix/sql/virtual_mailbox_recipients.cf<br>
virtual_mailbox_domains = domain1<br>
domain2<br>
domain3<br>
domain4<br>
domain5<br>
domain6<br>
domain7<br>
virtual_uid_maps = hash:/etc/postfix/virtual_mailbox_uid_map<br>
virtual_gid_maps = $virtual_uid_maps<br>
virtual_transport = virtual<br>
<br>
<br>
Was im mail.log drinne steht ist leider nur folgendes, ich hab keine
Ahnung, wie ich an mehr Infos kommen kann:<br>
<br>
<br>
Dec 8 21:09:00 noise postfix/smtpd[4335]: < unknown[10.10.10.13]:
EHLO [127.0.0.1]<br>
Dec 8 21:09:00 noise postfix/smtpd[4335]: > unknown[10.10.10.13]:
250-<font color="#33cc00">!SERVERNAME!</font><br>
Dec 8 21:09:00 noise postfix/smtpd[4335]: > unknown[10.10.10.13]:
250-PIPELINING<br>
Dec 8 21:09:00 noise postfix/smtpd[4335]: > unknown[10.10.10.13]:
250-SIZE 10240000<br>
Dec 8 21:09:00 noise postfix/smtpd[4335]: > unknown[10.10.10.13]:
250-VRFY<br>
Dec 8 21:09:00 noise postfix/smtpd[4335]: > unknown[10.10.10.13]:
250-ETRN<br>
Dec 8 21:09:00 noise postfix/smtpd[4335]: > unknown[10.10.10.13]:
250-AUTH PLAIN LOGIN<br>
Dec 8 21:09:00 noise postfix/smtpd[4335]: match_list_match: unknown:
no match<br>
Dec 8 21:09:00 noise postfix/smtpd[4335]: match_list_match:
10.10.10.13: no match<br>
Dec 8 21:09:00 noise postfix/smtpd[4335]: > unknown[10.10.10.13]:
250-AUTH=PLAIN LOGIN<br>
Dec 8 21:09:00 noise postfix/smtpd[4335]: > unknown[10.10.10.13]:
250-ENHANCEDSTATUSCODES<br>
Dec 8 21:09:00 noise postfix/smtpd[4335]: > unknown[10.10.10.13]:
250-8BITMIME<br>
Dec 8 21:09:00 noise postfix/smtpd[4335]: > unknown[10.10.10.13]:
250 DSN<br>
Dec 8 21:09:04 noise postfix/smtpd[4335]: < unknown[10.10.10.13]:
AUTH PLAIN <font color="#33cc00">!CRYPTED!</font><br>
Dec 8 21:09:04 noise postfix/smtpd[4335]: xsasl_cyrus_server_first:
sasl_method PLAIN, init_response <font color="#33cc00">!CRYPTED!</font><br>
Dec 8 21:09:04 noise postfix/smtpd[4335]: xsasl_cyrus_server_first:
decoded initial response<br>
Dec 8 21:09:04 noise postfix/smtpd[4335]: warning: SASL authentication
failure: Password verification failed<br>
Dec 8 21:09:04 noise postfix/smtpd[4335]: warning:
unknown[10.10.10.13]: SASL PLAIN authentication failed: authentication
failure<br>
Dec 8 21:09:04 noise postfix/smtpd[4335]: > unknown[10.10.10.13]:
535 5.7.0 Error: authentication failed: authentication failure<br>
Dec 8 21:09:04 noise postfix/smtpd[4335]: < unknown[10.10.10.13]:
AUTH LOGIN<br>
Dec 8 21:09:04 noise postfix/smtpd[4335]: xsasl_cyrus_server_first:
sasl_method LOGIN<br>
Dec 8 21:09:04 noise postfix/smtpd[4335]:
xsasl_cyrus_server_auth_response: uncoded server challenge: Username:<br>
Dec 8 21:09:04 noise postfix/smtpd[4335]: > unknown[10.10.10.13]:
334 <font color="#33cc00">!CRYPTED!</font><br>
Dec 8 21:09:04 noise postfix/smtpd[4335]: < unknown[10.10.10.13]:<font
color="#33cc00">!CRYPTED!</font><br>
Dec 8 21:09:04 noise postfix/smtpd[4335]: xsasl_cyrus_server_next:
decoded response: <font color="#33cc00">!USERNAME!</font><br>
Dec 8 21:09:04 noise postfix/smtpd[4335]:
xsasl_cyrus_server_auth_response: uncoded server challenge: Password:<br>
Dec 8 21:09:04 noise postfix/smtpd[4335]: > unknown[10.10.10.13]:
334 <font color="#33cc00">!CRYPTED!</font><br>
Dec 8 21:09:04 noise postfix/smtpd[4335]: < unknown[10.10.10.13]: <font
color="#33cc00">!CRYPTED!</font><br>
Dec 8 21:09:04 noise postfix/smtpd[4335]: xsasl_cyrus_server_next:
decoded response: <font color="#33cc00">!PASSWORT!</font><br>
Dec 8 21:09:04 noise postfix/smtpd[4335]: warning:
unknown[10.10.10.13]: SASL LOGIN authentication failed: authentication
failure<br>
Dec 8 21:09:04 noise postfix/smtpd[4335]: > unknown[10.10.10.13]:
535 5.7.0 Error: authentication failed: authentication failure<br>
<br>
<br>
Die Zugangsdaten, die in der Datenbank stehen, sind auf jeden fall
identisch mit den Zugangsdaten die im Log im Klartext angezeigt werden,
im Mailclient sind sie definitiv auch übereinstimment mit den aus der
Datenbank..<br>
Ich hoffe, damit kann jemand was anfangen, ich freu mich auf Eure Hilfe!<br>
<br>
Vielen Dank,<br>
<br>
Markus K.
</body>
</html>