warum wird noch nach dem auxporp plugin gesucht?<br>Ich habe das sasl-sql deinstalliert und alles auf saslauth umgestellt?<br><br>Jan 23 23:58:58 frontend imap[3499]: sql plugin could not connect to host<br>Jan 23 23:58:58 frontend imap[3499]: sql plugin couldn't connect to any host<br>
Jan 24 00:02:42 frontend postfix/smtpd[3582]: sql_select option missing<br>Jan 24 00:02:42 frontend postfix/smtpd[3582]: auxpropfunc error no mechanism available<br><br>danke:<br><br><br>rupertt<br><br>hier mal die ausgabe von saslfinger.<br>
<br>saslfinger - postfix Cyrus sasl configuration Thu Jan 24 00:03:13 PST 2008<br>version: 1.0.2<br>mode: server-side SMTP AUTH<br><br>-- basics --<br>Postfix: 2.4.5<br>System: Fedora release 8 (Werewolf)<br><br>-- smtpd is linked to --<br>
libsasl2.so.2 => /usr/lib/libsasl2.so.2 (0x0032b000)<br><br>-- active SMTP AUTH and TLS parameters for smtpd --<br>broken_sasl_auth_clients = yes<br>smtpd_sasl_auth_enable = yes<br>smtpd_sasl_local_domain = $myhostname<br>
smtpd_sasl_security_options = noanonymous<br>smtpd_tls_CAfile = /var/lib/server.pem<br>smtpd_tls_auth_only = yes<br>smtpd_tls_cert_file = /var/lib/server.pem<br>smtpd_tls_key_file = /var/lib/server.pem<br>smtpd_tls_loglevel = 3<br>
smtpd_tls_received_header = yes<br>smtpd_tls_session_cache_timeout = 3600s<br>smtpd_use_tls = yes<br><br><br>-- listing of /usr/lib/sasl --<br>total 76<br>drwxr-xr-x 3 root root 4096 2008-01-23 06:01 .<br>drwxr-xr-x 122 root root 53248 2008-01-23 23:35 ..<br>
drwxr-xr-x 2 root root 4096 2008-01-23 05:51 sasl2_test<br>-rw-r--r-- 1 root root 70 2008-01-23 04:57 smtpd.conf<br>-rw-r--r-- 1 root root 70 2008-01-23 04:57 smtpd.conf~<br><br>-- listing of /usr/lib/sasl2 --<br>
total 4044<br>drwxr-xr-x 2 root root 4096 2008-01-23 23:35 .<br>drwxr-xr-x 122 root root 53248 2008-01-23 23:35 ..<br>-rwxr-xr-x 1 root root 870 2008-01-23 06:03 <a href="http://libanonymous.la">libanonymous.la</a><br>
-rwxr-xr-x 1 root root 14464 2008-01-23 06:03 libanonymous.so<br>-rwxr-xr-x 1 root root 14464 2008-01-23 06:03 libanonymous.so.2<br>-rwxr-xr-x 1 root root 14464 2008-01-23 06:03 libanonymous.so.2.0.22<br>-rwxr-xr-x 1 root root 858 2008-01-23 06:03 <a href="http://libcrammd5.la">libcrammd5.la</a><br>
-rwxr-xr-x 1 root root 16924 2008-01-23 06:03 libcrammd5.so<br>-rwxr-xr-x 1 root root 16924 2008-01-23 06:03 libcrammd5.so.2<br>-rwxr-xr-x 1 root root 16924 2008-01-23 06:03 libcrammd5.so.2.0.22<br>-rwxr-xr-x 1 root root 879 2008-01-23 06:03 <a href="http://libdigestmd5.la">libdigestmd5.la</a><br>
-rwxr-xr-x 1 root root 47232 2008-01-23 06:03 libdigestmd5.so<br>-rwxr-xr-x 1 root root 47232 2008-01-23 06:03 libdigestmd5.so.2<br>-rwxr-xr-x 1 root root 47232 2008-01-23 06:03 libdigestmd5.so.2.0.22<br>-rwxr-xr-x 1 root root 846 2008-01-23 06:03 <a href="http://liblogin.la">liblogin.la</a><br>
-rwxr-xr-x 1 root root 14876 2008-01-23 06:03 liblogin.so<br>-rwxr-xr-x 1 root root 14876 2008-01-23 06:03 liblogin.so.2<br>-rwxr-xr-x 1 root root 14876 2008-01-23 06:03 liblogin.so.2.0.22<br>-rwxr-xr-x 1 root root 846 2008-01-23 06:03 <a href="http://libplain.la">libplain.la</a><br>
-rwxr-xr-x 1 root root 14972 2008-01-23 06:03 libplain.so<br>-rwxr-xr-x 1 root root 14972 2008-01-23 06:03 libplain.so.2<br>-rwxr-xr-x 1 root root 14972 2008-01-23 06:03 libplain.so.2.0.22<br>-rwxr-xr-x 1 root root 915 2008-01-23 06:03 <a href="http://libsasldb.la">libsasldb.la</a><br>
-rwxr-xr-x 1 root root 1193248 2008-01-23 06:03 libsasldb.so<br>-rwxr-xr-x 1 root root 1193248 2008-01-23 06:03 libsasldb.so.2<br>-rwxr-xr-x 1 root root 1193248 2008-01-23 06:03 libsasldb.so.2.0.22<br>-rwxr-xr-x 1 root root 870 2008-01-23 06:03 <a href="http://libsql.la">libsql.la</a><br>
-rwxr-xr-x 1 root root 23204 2008-01-23 06:03 libsql.so<br>-rwxr-xr-x 1 root root 23204 2008-01-23 06:03 libsql.so.2<br>-rwxr-xr-x 1 root root 23204 2008-01-23 06:03 libsql.so.2.0.22<br>drwxrwxrwx 2 root root 4096 2008-01-23 04:54 sasl2<br>
-rw-r--r-- 1 root root 380 2008-01-23 07:19 smtpd.conf<br>-rw-r--r-- 1 root root 385 2008-01-23 07:19 smtpd.conf~<br>-rw-r--r-- 1 root root 69 2008-01-23 06:03 smtpd.conf.default<br><br>-- listing of /usr/local/lib/sasl2 --<br>
total 16<br>drwxrwxrwx 2 root root 4096 2008-01-23 04:54 .<br>drwxrwxrwx 3 root root 4096 2008-01-23 05:54 ..<br>-rwxrwxrwx 1 root root 435 2008-01-23 04:54 smtpd.conf<br>-rwxrwxrwx 1 root root 410 2008-01-23 04:54 smtpd.conf~<br>
<br>-- listing of /etc/sasl2 --<br>total 24<br>drwxr-xr-x 2 root root 4096 2007-11-07 12:44 .<br>drwxr-xr-x 102 root root 12288 2008-01-23 23:50 ..<br><br><br><br><br>-- content of /usr/lib/sasl/smtpd.conf --<br>pwcheck_method: saslauthd<br>
mech_list: PLAIN LOGIN<br>saslauthd_version: 2<br><br>-- content of /usr/lib/sasl2/smtpd.conf --<br>#pwcheck_method: auxprop<br>#auxprop_plugin: sql<br># CRAM-MD5 DIGEST-MD5<br>#sql_engine: mysql<br>#sql_hostnames: localhost<br>
sql_user: --- replaced ---<br>sql_passwd: --- replaced ---<br>#sql_database: mail<br>#sql_select: SELECT password FROM users WHERE email='%u@%r'<br>#srp_mda: md5<br>#srvtab: /dev/null<br>#opiekeys: /dev/null<br>#password_format: crypt<br>
mech_list: PLAIN <br>pwcheck_methog: saslauthd<br>saslauthd_version: 2<br>-- content of /usr/local/lib/sasl2/smtpd.conf --<br>#pwcheck_method: auxprop<br>#auxprop_plugin: sql<br>#mech_list: PLAIN LOGIN<br># CRAM-MD5 DIGEST-MD5<br>
#sql_engine: mysql<br>#sql_hostnames: localhost<br>sql_user: --- replaced ---<br>sql_passwd: --- replaced ---<br>#sql_database: mail<br>#sql_select: SELECT password FROM users WHERE email='%u@%r'<br>#srp_mda: md5<br>
#srvtab: /dev/null<br>#opiekeys: /dev/null<br>#password_format: crypt<br><br>#######<br># PAM #<br>#######<br>pwcheck_method: saslauthd<br>mech_list: PLAIN LOGIN<br>saslauthd_version: 2<br><br><br>-- active services in /etc/postfix/master.cf --<br>
# service type private unpriv chroot wakeup maxproc command + args<br># (yes) (yes) (yes) (never) (100)<br>smtp inet n - n - - smtpd -v<br>pickup fifo n - n 60 1 pickup<br>
cleanup unix n - n - 0 cleanup<br>qmgr fifo n - n 300 1 qmgr<br>tlsmgr unix - - n 1000? 1 tlsmgr<br>rewrite unix - - n - - trivial-rewrite<br>
bounce unix - - n - 0 bounce<br>defer unix - - n - 0 bounce<br>trace unix - - n - 0 bounce<br>verify unix - - n - 1 verify<br>
flush unix n - n 1000? 0 flush<br>proxymap unix - - n - - proxymap<br>smtp unix - - n - - smtp<br>relay unix - - n - - smtp<br>
-o fallback_relay=<br>showq unix n - n - - showq<br>error unix - - n - - error<br>retry unix - - n - - error<br>
discard unix - - n - - discard<br>local unix - n n - - local<br>virtual unix - n n - - virtual<br>lmtp unix n - n - - lmtp<br>
anvil unix - - n - 1 anvil<br>scache unix - - n - 1 scache<br>cyrus unix - n n - - pipe<br> user=cyrus argv=/usr/lib/cyrus-imapd/deliver -r ${sender} -m ${extension} ${recipient}<br>
<br><br>smtp-amavis unix - - y - 2 smtp <br> -o smtp_data_done_timeout=1200<br> -o disable_dns_lookups=yes<br><br><a href="http://127.0.0.1:10025">127.0.0.1:10025</a> inet n - n - - smtpd<br> -o content_filter=<br>
-o local_recipient_maps=<br> -o relay_recipient_maps=<br> -o smtpd_restriction_classes=<br> -o smtpd_client_restrictions=<br> -o smtpd_helo_restrictions=<br> -o smtpd_sender_restrictions=<br> -o smtpd_recipient_restrictions=permit_mynetworks,reject<br>
-o mynetworks=<a href="http://127.0.0.0/8">127.0.0.0/8</a><br> -o strict_rfc821_envelopes=yes<br> -o smtpd_error_sleep_time=0<br> -o smtpd_soft_error_limit=1001<br> -o smtpd_hard_error_limit=1000<br><br>-- mechanisms on localhost --<br>
<br>-- end of saslfinger output --<br><br><br><br><br><div class="gmail_quote">On Jan 23, 2008 4:23 PM, rupert <<a href="mailto:rupertt@gmail.com">rupertt@gmail.com</a>> wrote:<br><blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">
<br><br><div class="gmail_quote">2008/1/23 Alexander Dalloz <<a href="mailto:ad+lists@uni-x.org" target="_blank">ad+lists@uni-x.org</a>>:<div><div></div><div class="Wj3C7c"><br><blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">
rupert schrieb:<br><div>> Hallo,<br>> ich musste aufgrund der plaintext passwörter in meiner DB auf PAM<br>> umsteigen, der cyrus server läuft soweit und ich kann mit meinen<br>> clients connecten.<br>
> Wenn ich jetzt per postfix eine Mail verschicken möchte taucht in den<br>> logfiles auf das er keine Mechanismus finde kann<br>><br>> Jan 23 05:50:21 frontend postfix/smtpd[12945]: warning: SASL<br>> authentication failure: no secret in database<br>
> Jan 23 05:50:21 frontend postfix/smtpd[12945]: warning:<br></div>> unknown[<a href="http://192.168.247.1" target="_blank">192.168.247.1</a> <<a href="http://192.168.247.1" target="_blank">http://192.168.247.1</a>>]: SASL CRAM-MD5<br>
<div>> authentication failed: authentication failure<br>> Jan 23 05:50:21 frontend postfix/smtpd[12945]: warning: SASL<br>> authentication failure: Password verification failed<br>> Jan 23 05:50:21 frontend postfix/smtpd[12945]: warning:<br>
</div>> unknown[<a href="http://192.168.247.1" target="_blank">192.168.247.1</a> <<a href="http://192.168.247.1" target="_blank">http://192.168.247.1</a>>]: SASL PLAIN<br><div>> authentication failed: authentication failure<br>
> Jan 23 05:50:21 frontend postfix/smtpd[12945]: warning:<br></div>> unknown[<a href="http://192.168.247.1" target="_blank">192.168.247.1</a> <<a href="http://192.168.247.1" target="_blank">http://192.168.247.1</a>>]: SASL LOGIN<br>
<div>> authentication failed: authentication failure<br>><br>> Es findet auch klein zugriff auf die Datenbank(mysql) statt, wenn ich<br>> auf versenden klicke.<br>><br>> Ich hatte erst probiert cyrus-sasl zu patchen und hab da einige ordner<br>
> verschoben, bzw neu gelinkt, aber nachher die betreffende packete neu<br>> installiert,<br>> er hat komischerweise aber nicht /usr/local/lib/sasl2 neu erstellt.<br></div>Würde mich wundern, wenn Binary Pakete nach /usr/local/ installieren.<br>
><br>> Wie gehts weiter?<br>Dein Postfix SASL Setup überprüfen und korrigieren.<br><br><a href="http://www.postfix.org/SASL_README.html" target="_blank">http://www.postfix.org/SASL_README.html</a><br>><br>> danke<br>
Wenn wir hier nicht rumraten sollen, dann wäre es gut, wenn Du präzise<br>Angaben zu Deiner Konfiguration machst. Z.B. bediene Dich Patricks<br>saslfinger.<br><br>Alexander<br><font color="#888888"></font></blockquote></div>
</div><div>
Mein Mailclient verschickt jetzt die emauil und postfix reicht sie an den lmtp weiter.<br>Auf dem mupdateserver sehe ich wie nach dem postfach gesucht wird<br><br>cmd_find(fd:17, blub.local!user.lotte)<br>Jan 23 07:07:47 mupdate mupdate[2128]: accepted connection<br>
Jan 23 07:07:47 mupdate mupdate[2128]: login: frontend [<a href="http://192.168.247.128" target="_blank">192.168.247.128</a>] cyrus-backend DIGEST-MD5 User logged in<br><br>auf dem frontend findet jetzt der query nach dem useraccount statt <br>
SELECT 0, password FROM users WHERE email = '<a href="mailto:lotte@blub.local" target="_blank">lotte@blub.local</a>'<br><br>nun versucht das frontend die mail an das backend weiterzureichen und hier findet eine Authentification statt die fehlschlägt.<br>
backend lmtp[32168]: badlogin: <a href="http://192.168.247.128" target="_blank">192.168.247.128</a> PLAIN SASL(-13): authentication failure: Password verification failed<br><br> frontend postfix/pipe[4259]: 9D5B41200BB: to=<<a href="mailto:lotte@blub.local" target="_blank">lotte@blub.local</a>>, relay=cyrus, delay=1555, delays=1549/0.03/0/5.6, dsn=4.3.0, status=deferred (temporary failure) <br>
<br>Auf dem backend wird aber lein query ausgeführt?<br>lokaler login am imap geht aber und am frontend klappt der login des client ja auch.<br>Irgentetwas klappt am backend nicht, ohne PAM lief der Cluster, da hatte ich diese situation auch, nur das ein query ausgeführt wurde und nu nicht<br>
<br><br>auszug aus der <a href="http://main.cf" target="_blank">main.cf</a><br><br>#################<br># virtual stuff #<br>#################<br><br>virtual_alias_maps = proxy:mysql:/etc/postfix/mysql-virtual_forwardings.cf, proxy:mysql:/etc/postfix/mysql-virtual_email2email.cf<br>
virtual_mailbox_domains = blub.local<br>virtual_mailbox_maps = proxy:mysql:/etc/postfix/mysql-virtual_mailboxes.cf<br>virtual_transport = cyrus:unix:/var/lib/imap/socket/lmtp<br>mailbox_transport = cyrus:unix:/var/lib/imap/socket/lmtp<br>
#virtual_transport = cyrus<br>#mailbox_transport = cyrus<br><br>################################<br># security & antispam settings #<br>################################<br><br>smtpd_helo_required = yes<br>smtpd_sasl_auth_enable = yes<br>
smtpd_sasl_security_options = noanonymous<br>smtpd_sasl_local_domain = $myhostname<br>broken_sasl_auth_clients = yes<br><br>smtp_sasl_path = smtpd<br><br>smtpd_delay_reject = yes<br>smtpd_recipient_restrictions = permit_sasl_authenticated, permit_mynetworks, reject_unauth_destination<br>
smtpd_helo_restrictions = permit_sasl_authenticated, permit_mynetworks, reject_unauth_destination<br>mime_header_checks=pcre:/etc/postfix/body_checks<br>default_rbl_reply = $rbl_code RBLTRAP: You can't send us a E-mail today!!!<br>
<br>##################<br># TLS Zertifikat #<br>##################<br><br>smtpd_use_tls = yes<br>smtpd_tls_auth_only = yes<br>smtpd_tls_key_file = /var/lib/server.pem<br>smtpd_tls_cert_file = /var/lib/server.pem<br>smtpd_tls_CAfile = /var/lib/server.pem<br>
smtpd_tls_loglevel = 3<br>smtpd_tls_received_header = yes<br>smtpd_tls_session_cache_timeout = 3600s<br>tls_random_source = dev:/dev/urandom<br><br>#############<br># lmtp kram #<br>#############<br><br>#lmtp_sasl_auth_enable = yes<br>
#lmtp_sasl_password_maps=hash:/etc/postfix/lmtp_passwd<br>#lmtp_sasl_security_options = noanonymous<br><br>auszug aus der <a href="http://master.cf" target="_blank">master.cf</a><br>cyrus unix - n n - - pipe<br>
user=cyrus argv=/usr/lib/cyrus-imapd/deliver -r ${sender} -m ${extension} ${recipient}<br><br>und die /etc/pam.d/imap<br><br><br>auth sufficient pam_mysql.so user=mail_admin passwd=pwd_mail host=localhost db=mail crypt=1 table=users passwdcolumn=password usercolumn=email<br>
auth sufficient pam_unix_auth.so<br><br>account required pam_mysql.so user=mail_admin passwd=pwd_mail host=localhost db=mail crypt=1 table=users passwdcolumn=password usercolumn=email<br>account sufficient pam_unix_acct.so<br>
<br>sowie die smtpd.conf<br><br><b>mech_list: PLAIN<br>pwcheck_methog: saslauthd<br>saslauthd_version: 2<br></b><br><br><br></div><blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">
<font color="#888888"><br>--<div class="Ih2E3d"><br>_______________________________________________<br>Postfixbuch-users -- <a href="http://www.postfixbuch.de" target="_blank">http://www.postfixbuch.de</a><br>Heinlein Professional Linux Support GmbH<br>
<br><a href="mailto:Postfixbuch-users@listi.jpberlin.de" target="_blank">Postfixbuch-users@listi.jpberlin.de</a><br><a href="https://listi.jpberlin.de/mailman/listinfo/postfixbuch-users" target="_blank">https://listi.jpberlin.de/mailman/listinfo/postfixbuch-users</a><br>
</div></font></blockquote></div><br>
</blockquote></div><br>