Hallo zusammen,
ich bin dabei ein Mailservers mit Postfix und Cyrus zu testen.
Die User sollen in der sasldb sein und alles mit virtuellen Usern
und Domains abgebildet werden.
Als erstes habe ich das Problem das bei:
- testsaslauthd -u test@bla.fasel -p test
ein 0: NO "authentication failed" kommt
- telnet localhost 25
nach dem ehlo kein AUTH... angezeigt wird
Was ist eigentlich der Unterschied zwischen sasl_pwcheck_method
und pwcheck_method ...?
Probiert habe ich beides.
Auch habe ich mit lokalen Usern probiert.
Dabei hatte ich folgende Einträge anders:
/etc/default/saslauthd
MECHANISMS="shadow"
/etc/postfix/sasl/smtpd.conf
mech_list: PLAIN
#sasl_auxprop_plugin: sasldb
pwcheck_method: saslauthd
#sasl_pwcheck_method: auxprop
Hier die aktuellen Meldungen/Einträge:
uname -a
Linux mail.bla.fasel 4.9.0-6-amd64 #1 SMP Debian 4.9.88-1
(2018-04-29) x86_64 GNU/Linux
aptitude show cyrus-imapd
Paket: cyrus-imapd
Version: 2.5.10-3
telnet:
250-mail.bla.fasel
250-PIPELINING
250-SIZE 10240000
250-ETRN
250-STARTTLS
250-ENHANCEDSTATUSCODES
250-8BITMIME
250-DSN
250 SMTPUTF8
/var/log/mail.warn:
Aug 9 12:37:25 mail cyrus/master[27164]: process type:SERVICE
name:imap path:/usr/lib/cyrus/bin/imapd age:51.100s pid:27880
exited, status 75
Aug 9 13:36:14 mail postfix/postfix-script[28636]: warning:
symlink leaves directory: /etc/postfix/./sasl/smtpd.conf
Aug 9 13:36:24 mail cyrus/master[28682]: unable to
setsocketopt(IP_TOS) service lmtpunix/unix: Operation not
supported
postconf -n
alias_database = hahs:/etc/aliases
alias_maps = hash:/etc/aliases
append_dot_mydomain = no
biff = no
compatibility_level = 2
disable_vrfy_command = yes
inet_interfaces = all
inet_protocols = ipv4
mydestination = $myhostname, localhost, localhost.localdomain
myhostname = mail.bla.fasel
mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128
192.168.146.0/24
myorigin = /etc/hostname
readme_directory = no
recipient_delimiter = +
relayhost = mailrelay.bla.fasel
smtp_sasl_password_maps = /etc/sasldb2
smtp_tls_session_cache_database =
btree:${data_directory}/smtp_scache
smtpd_banner = $myhostname ESMTP $mail_name (Debian/GNU)
smtpd_helo_required = yes
smtpd_recipient_restrictions = permit_mynetworks,
permit_sasl_authenticated, reject_unauth_destination
smtpd_relay_restrictions = permit_mynetworks
reject_unauth_destination
smtpd_sasl_auth_enable = yes
smtpd_sasl_path = smtpd
smtpd_sasl_type = cyrus
smtpd_tls_auth_only = yes
smtpd_tls_cert_file = /etc/ssl/certs/ssl-cert-snakeoil.pem
smtpd_tls_key_file = /etc/ssl/private/ssl-cert-snakeoil.key
smtpd_tls_session_cache_database =
btree:${data_directory}/smtpd_scache
smtpd_use_tls = yes
virtual_alias_maps = hash:/etc/postfix/virtual-alias
virtual_gid_maps = static:5000
virtual_mailbox_domains = test.fasel
virtual_minimum_uid = 1000
virtual_transport = lmtp:[1.2.3.4]:24
virtual_uid_maps = static:5000
saslfinger -s
saslfinger - postfix Cyrus sasl configuration Do 9. Aug 13:55:24
CEST 2018
version: 1.0.4
mode: server-side SMTP AUTH
-- basics --
Postfix: 3.1.8
System: Debian GNU/Linux 9 \n \l
-- smtpd is linked to --
libsasl2.so.2 => /usr/lib/x86_64-linux-gnu/libsasl2.so.2
(0x00007fe3455a2000)
-- active SMTP AUTH and TLS parameters for smtpd --
smtpd_sasl_auth_enable = yes
smtpd_sasl_path = smtpd
smtpd_sasl_type = cyrus
smtpd_tls_auth_only = yes
smtpd_tls_cert_file = /etc/ssl/certs/ssl-cert-snakeoil.pem
smtpd_tls_key_file = /etc/ssl/private/ssl-cert-snakeoil.key
smtpd_tls_session_cache_database =
btree:${data_directory}/smtpd_scache
smtpd_use_tls = yes
-- listing of /usr/lib/sasl2 --
insgesamt 16
drwxr-xr-x 2 root root 4096 Jul 9 10:12 .
drwxr-xr-x 34 root root 4096 Jul 19 11:58 ..
-rw-r--r-- 1 root root 4 Jul 9 10:12 berkeley_db.active
-rw-r--r-- 1 root root 4 Mär 19 2017 berkeley_db.txt
-- listing of /etc/sasl2 --
insgesamt 8
drwxr-xr-x 2 root root 4096 Aug 9 11:38 .
drwxr-xr-x 72 root root 4096 Aug 9 13:54 ..
-- listing of /etc/postfix/sasl --
insgesamt 24
drwxr-xr-x 2 root root 4096 Jul 25 17:16 .
drwxr-xr-x 5 root root 4096 Aug 9 12:31 ..
-rw-r--r-- 1 root sasl 12929 Aug 9 12:47 smtpd.conf
-- content of /etc/postfix/sasl/smtpd.conf --
# Debian Cyrus imapd.conf
# See imapd.conf(5) for more information and more options
# Configuration directory
configdirectory: /var/lib/cyrus
# Directories for proc and lock files
proc_path: /run/cyrus/proc
mboxname_lockpath: /run/cyrus/lock
# Which partition to use for default mailboxes
defaultpartition: default
partition-default: /var/spool/cyrus/mail
# News setup
partition-news: /var/spool/cyrus/news
newsspool: /var/spool/news
altnamespace: no
unixhierarchysep: no
lmtp_downcase_rcpt: yes
admins: cyrus
allowanonymouslogin: no
popminpoll: 1
autocreate_quota: 0
umask: 077
sieveusehomedir: false
sievedir: /var/spool/sieve
httpmodules: caldav carddav
hashimapspool: true
allowplaintext: yes
sasl_mech_list: PLAIN
sasl_pwcheck_method: auxprop
log_level: 7
sasl_auxprop_plugin: sasldb
sasl_saslauthd_path: /var/run/saslauthd/mux
autotransition:true
tls_client_ca_dir: /etc/ssl/certs
tls_session_timeout: 1440
lmtpsocket: /run/cyrus/socket/lmtp
idlesocket: /run/cyrus/socket/idle
notifysocket: /run/cyrus/socket/notify
syslog_prefix: cyrus
-- active services in /etc/postfix/master.cf --
# service type private unpriv chroot wakeup maxproc command +
args
# (yes) (yes) (no) (never) (100)
smtp inet n - y - - smtpd
submission inet n - y - - smtpd
-o syslog_name=postfix/submission
-o smtpd_tls_security_level=encrypt
-o smtpd_sasl_auth_enable=yes
-o smtpd_reject_unlisted_recipient=no
-o smtpd_recipient_restrictions=
-o smtpd_relay_restrictions=permit_sasl_authenticated,reject
-o milter_macro_daemon_name=ORIGINATING
pickup unix n - y 60 1 pickup
cleanup unix n - y - 0 cleanup
qmgr unix n - n 300 1 qmgr
tlsmgr unix - - y 1000? 1 tlsmgr
rewrite unix - - y - -
trivial-rewrite
bounce unix - - y - 0 bounce
defer unix - - y - 0 bounce
trace unix - - y - 0 bounce
verify unix - - y - 1 verify
flush unix n - y 1000? 0 flush
proxymap unix - - n - - proxymap
proxywrite unix - - n - 1 proxymap
smtp unix - - y - - smtp
relay unix - - y - - smtp
showq unix n - y - - showq
error unix - - y - - error
retry unix - - y - - error
discard unix - - y - - discard
local unix - n n - - local
virtual unix - n n - - virtual
lmtp unix - - y - - lmtp
anvil unix - - y - 1 anvil
scache unix - - y - 1 scache
maildrop unix - n n - - pipe
flags=DRhu user=vmail argv=/usr/bin/maildrop -d ${recipient}
lmtp cmd="lmtpd -a" listen="localhost:lmtp" proto=tcp4
uucp unix - n n - - pipe
flags=Fqhu user=uucp argv=uux -r -n -z -a$sender -
$nexthop!rmail ($recipient)
ifmail unix - n n - - pipe
flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop
($recipient)
bsmtp unix - n n - - pipe
flags=Fq. user=bsmtp argv=/usr/lib/bsmtp/bsmtp -t$nexthop
-f$sender $recipient
scalemail-backend unix - n n - 2 pipe
flags=R user=scalemail
argv=/usr/lib/scalemail/bin/scalemail-store ${nexthop} ${user}
${extension}
mailman unix - n n - - pipe
flags=FR user=list
argv=/usr/lib/mailman/bin/postfix-to-mailman.py
${nexthop} ${user}
-- mechanisms on localhost --
-- end of saslfinger output --
Hat jemand eine Idee was ich falsch gemacht habe?
Dank und Gruß
Mario