Re: [postfix-users] postfix - postfixadmin - dovecot - sasl_aut

Am 02.02.2010 23:28, schrieb tg:

Hallo allerseits,

Ich hoffe ich benutze das jetzt richtig und produzier hier kein OT, mache sonst wem unnötige Arbeit oder müll "unsere" Mailinglist zu. Wenn das schon gelöst ist bitte ein Hinweis!

Ausgangssituation: Postfix als SMTP und Dovecot als deliver, IMAP und POP3, keine lokalen Konten und PostfixAdmin zur Verwaltung, nur Virtual. TLS wird noch nachgerüstet. Lokal klappt das Anlgen der Mailboxen beim Senden per echo... an ein recipient ohne Probleme und Mailboxen werden bei Bedarf angelegt. Alle mysql_maps geben bei Nachfrage die richtigen Informationen aus. Dovecot und Postfix Logs zeigen keine Mängel, bis auf Postfix bei Telnet 25 Versuch > "Authentication failed".

Nun folgende Fragen Ist die smtp_sasl_password_map erforderlich wenn per dovecot auth wird? error bei smtp_sasl... mit mysql --> keine smtp_...cf.db --> anscheinend kann sasl nichts mit meiner map anfangen! error bei disable --> kein AUTH oder TLS konfiguriert (siehe saslfinger -c) Verwende PostfixAdmin --> welche Passwordmethode soll verwendet werden? Brauche ich die alias_maps aus der main.conf noch?

Ich habe folgende Informationen per postfinger und saslfinger -s & -c:

<postfinger> postfinger - postfix configuration on Tue Feb 2 14:39:48 CET 2010 version: 1.30 --System Parameters-- mail_version = 2.3.3 hostname = host_xy uname = Linux host_xy 2.6.18-128.4.1.el5xen #1 SMP Tue Aug 4 20:51:12 EDT 2009 x86_64 x86_64 x86_64 GNU/Linux

--Packaging information-- looks like this postfix comes from RPM package: postfix-2.3.3-2.1.centos.mysql_pgsql

--main.cf non-default parameters-- alias_maps = hash:/etc/aliases broken_sasl_auth_clients = yes home_mailbox = Maildir/ mailq_path = /usr/bin/mailq.postfix manpage_directory = /usr/share/man mydomain = domain.xy myhostname = mail.domain.xy.com myorigin = $mydomain newaliases_path = /usr/bin/newaliases.postfix readme_directory = /usr/share/doc/postfix-2.3.3/README_FILES relay_domains = sendmail_path = /usr/sbin/sendmail.postfix smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination smtpd_sasl_auth_enable = yes smtpd_sasl_path = /var/spool/postfix/private/auth smtpd_sasl_type = dovecot virtual_alias_maps = mysql:/etc/postfix/sql/mysql_virtual_alias_maps.cf, mysql:/etc/postfix/sql/mysql_virtual_alias_domain_maps.cf, mysql:/etc/postfix/sql/mysql_virtual_alias_domain_catchall_maps.cf virtual_mailbox_domains = mysql:/etc/postfix/sql/mysql_virtual_domains_maps.cf virtual_mailbox_maps = mysql:/etc/postfix/sql/mysql_virtual_mailbox_maps.cf, mysql:/etc/postfix/sql/mysql_virtual_alias_domain_mailbox_maps.cf virtual_transport = dovecot

--master.cf-- smtp inet n - n - - smtpd -v pickup fifo n - n 60 1 pickup cleanup unix n - n - 0 cleanup qmgr fifo n - n 300 1 qmgr tlsmgr unix - - n 1000? 1 tlsmgr rewrite unix - - n - - trivial-rewrite bounce unix - - n - 0 bounce defer unix - - n - 0 bounce trace unix - - n - 0 bounce verify unix - - n - 1 verify flush unix n - n 1000? 0 flush proxymap unix - - n - - proxymap smtp unix - - n - - smtp relay unix - - n - - smtp -o fallback_relay= showq unix n - n - - showq error unix - - n - - error discard unix - - n - - discard local unix - n n - - local virtual unix - n n - - virtual lmtp unix - - n - - lmtp anvil unix - - n - 1 anvil scache unix - - n - 1 scache maildrop unix - n n - - pipe flags=DRhu user=vmail argv=/usr/local/bin/maildrop -d ${recipient} # flags=R user=cyrus argv=/usr/lib/cyrus-imapd/deliver -e -m ${extension} ${user} # user=cyrus argv=/usr/lib/cyrus-imapd/deliver -e -r ${sender} -m ${extension} ${user} uucp unix - n n - - pipe flags=Fqhu user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail ($recipient) ifmail unix - n n - - pipe flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient) bsmtp unix - n n - - pipe flags=Fq. user=foo argv=/usr/local/sbin/bsmtp -f $sender $nexthop $recipient dovecot unix - n n - - pipe flags=ODRhu user=vmail:vmail argv=/usr/libexec/dovecot/deliver -e -f ${sender} -d ${recipient}

-- end of postfinger output --

<saslfinger -s> saslfinger - postfix Cyrus sasl configuration Tue Feb 2 14:40:59 CET 2010 version: 1.0.2 mode: server-side SMTP AUTH

-- basics -- Postfix: 2.3.3 System: CentOS release 5.4 (Final)

-- smtpd is linked to -- libsasl2.so.2 => /usr/lib64/libsasl2.so.2 (0x00002b27d9008000)

-- active SMTP AUTH and TLS parameters for smtpd -- broken_sasl_auth_clients = yes smtpd_sasl_auth_enable = yes smtpd_sasl_local_domain = smtpd_sasl_path = /var/spool/postfix/private/auth smtpd_sasl_security_options = noanonymous smtpd_sasl_type = dovecot

hab ich anders ( was nicht unbedingt was heissen mag * )

virtual_alias_maps = mysql:/etc/postfix/mysql_virtual_alias_maps.cf virtual_mailbox_domains = mysql:/etc/postfix//mysql_virtual_domains_maps.cf virtual_mailbox_maps = mysql:/etc/postfix/mysql_virtual_mailbox_maps.cf

smtpd_sasl_type = dovecot smtpd_sasl_path = private/auth

dovecot_destination_recipient_limit = 1 virtual_transport = dovecot

dovecot unix - n n - - pipe flags=DRhu user=vmail:vmail argv=/usr/lib/dovecot/deliver -f ${sender} -d ${recipient}

# It's possible to export the authentication interface to other programs: socket listen { master { # Master socket provides access to userdb information. It's typically # used to give Dovecot's local delivery agent access to userdb so it # can find mailbox locations. path = /var/run/dovecot/auth-master mode = 0600 # Default user/group is the one who started dovecot-auth (root) user = vmail group = vmail } client { # The client socket is generally safe to export to everyone. Typical use # is to export it to your SMTP server so it can do SMTP AUTH lookups # using it. path = /var/spool/postfix/private/auth mode = 0660 user = postfix group = postfix } }

-- listing of /usr/lib64/sasl2 -- total 3064 drwxr-xr-x 2 root root 4096 Feb 2 01:28 . drwxr-xr-x 46 root root 20480 Jan 27 19:38 .. -rwxr-xr-x 1 root root 890 Sep 4 02:04 libanonymous.la -rwxr-xr-x 1 root root 15880 Sep 4 02:05 libanonymous.so -rwxr-xr-x 1 root root 15880 Sep 4 02:05 libanonymous.so.2 -rwxr-xr-x 1 root root 15880 Sep 4 02:05 libanonymous.so.2.0.22 -rwxr-xr-x 1 root root 876 Sep 4 02:04 libcrammd5.la -rwxr-xr-x 1 root root 19264 Sep 4 02:05 libcrammd5.so -rwxr-xr-x 1 root root 19264 Sep 4 02:05 libcrammd5.so.2 -rwxr-xr-x 1 root root 19264 Sep 4 02:05 libcrammd5.so.2.0.22 -rwxr-xr-x 1 root root 899 Sep 4 02:04 libdigestmd5.la -rwxr-xr-x 1 root root 48520 Sep 4 02:05 libdigestmd5.so -rwxr-xr-x 1 root root 48520 Sep 4 02:05 libdigestmd5.so.2 -rwxr-xr-x 1 root root 48520 Sep 4 02:05 libdigestmd5.so.2.0.22 -rwxr-xr-x 1 root root 862 Sep 4 02:04 liblogin.la -rwxr-xr-x 1 root root 16448 Sep 4 02:05 liblogin.so -rwxr-xr-x 1 root root 16448 Sep 4 02:05 liblogin.so.2 -rwxr-xr-x 1 root root 16448 Sep 4 02:05 liblogin.so.2.0.22 -rwxr-xr-x 1 root root 862 Sep 4 02:04 libplain.la -rwxr-xr-x 1 root root 16416 Sep 4 02:05 libplain.so -rwxr-xr-x 1 root root 16416 Sep 4 02:05 libplain.so.2 -rwxr-xr-x 1 root root 16416 Sep 4 02:05 libplain.so.2.0.22 -rwxr-xr-x 1 root root 936 Sep 4 02:04 libsasldb.la -rwxr-xr-x 1 root root 893304 Sep 4 02:05 libsasldb.so -rwxr-xr-x 1 root root 893304 Sep 4 02:05 libsasldb.so.2 -rwxr-xr-x 1 root root 893304 Sep 4 02:05 libsasldb.so.2.0.22 -rw-r----- 1 root root 329 Feb 2 00:57 smtpd.conf

-- listing of /usr/lib/sasl2 -- total 172 drwxr-xr-x 2 root root 4096 Dec 28 13:58 . drwxr-xr-x 27 root root 12288 Jan 24 22:10 .. -rwxr-xr-x 1 root root 884 Sep 4 02:04 libanonymous.la -rwxr-xr-x 1 root root 14372 Sep 4 02:04 libanonymous.so -rwxr-xr-x 1 root root 14372 Sep 4 02:04 libanonymous.so.2 -rwxr-xr-x 1 root root 14372 Sep 4 02:04 libanonymous.so.2.0.22 -rwxr-xr-x 1 root root 856 Sep 4 02:04 liblogin.la -rwxr-xr-x 1 root root 14752 Sep 4 02:04 liblogin.so -rwxr-xr-x 1 root root 14752 Sep 4 02:04 liblogin.so.2 -rwxr-xr-x 1 root root 14752 Sep 4 02:04 liblogin.so.2.0.22 -rwxr-xr-x 1 root root 856 Sep 4 02:04 libplain.la -rwxr-xr-x 1 root root 14848 Sep 4 02:04 libplain.so -rwxr-xr-x 1 root root 14848 Sep 4 02:04 libplain.so.2 -rwxr-xr-x 1 root root 14848 Sep 4 02:04 libplain.so.2.0.22

-- listing of /etc/sasl2 -- total 8 drwxr-xr-x 2 root root 4096 Feb 1 20:33 . drwxr-xr-x 78 root root 4096 Feb 2 14:04 ..

-- content of /usr/lib64/sasl2/smtpd.conf -- pwcheck_method: auxprop mech_list: PLAIN LOGIN CRAM-MD5 DIGEST-MD5 log_level: 3 auxprop_plugin: sql sql_engine: mysql sql_hostnames: localhost sql_database = db sql_user = user sql_password = password sql_select = SELECT password FROM `mailbox` WHERE user = '%u' AND domain = '%r' AND active = '1'

-- active services in /etc/postfix/master.cf -- # service type private unpriv chroot wakeup maxproc command + args # (yes) (yes) (yes) (never) (100) smtp inet n - n - - smtpd -v pickup fifo n - n 60 1 pickup cleanup unix n - n - 0 cleanup qmgr fifo n - n 300 1 qmgr tlsmgr unix - - n 1000? 1 tlsmgr rewrite unix - - n - - trivial-rewrite bounce unix - - n - 0 bounce defer unix - - n - 0 bounce trace unix - - n - 0 bounce verify unix - - n - 1 verify flush unix n - n 1000? 0 flush proxymap unix - - n - - proxymap smtp unix - - n - - smtp relay unix - - n - - smtp -o fallback_relay= showq unix n - n - - showq error unix - - n - - error discard unix - - n - - discard local unix - n n - - local virtual unix - n n - - virtual lmtp unix - - n - - lmtp anvil unix - - n - 1 anvil scache unix - - n - 1 scache maildrop unix - n n - - pipe flags=DRhu user=vmail argv=/usr/local/bin/maildrop -d ${recipient} # flags=R user=cyrus argv=/usr/lib/cyrus-imapd/deliver -e -m ${extension} ${user} # user=cyrus argv=/usr/lib/cyrus-imapd/deliver -e -r ${sender} -m ${extension} ${user} uucp unix - n n - - pipe flags=Fqhu user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail ($recipient) ifmail unix - n n - - pipe flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient) bsmtp unix - n n - - pipe flags=Fq. user=foo argv=/usr/local/sbin/bsmtp -f $sender $nexthop $recipient

dovecot unix - n n - - pipe flags=ODRhu user=vmail:vmail argv=/usr/libexec/dovecot/deliver -e -f ${sender} -d ${recipient}

-- mechanisms on localhost --

-- end of saslfinger output --

...

saslfinger -c>

saslfinger - postfix Cyrus sasl configuration Tue Feb 2 14:41:16 CET 2010 version: 1.0.2 mode: client-side SMTP AUTH

-- basics -- Postfix: 2.3.3 System: CentOS release 5.4 (Final)

-- smtp is linked to -- libsasl2.so.2 => /usr/lib64/libsasl2.so.2 (0x00002b912bbca000)

-- active SMTP AUTH and TLS parameters for smtp -- No active SMTP AUTH and TLS parameters for smtp in main.cf! SMTP AUTH can't work!

PS: Der Server ist noch keine 2 Wochen am Netz und schon wollen hinet Mails relayen und Danke für das 1A Buch!

Gruß Tino _______________________________________________ postfix-users mailing list postfix-users@de.postfix.org http://de.postfix.org/cgi-bin/mailman/listinfo/postfix-users