ispCP - Board - Support
SASLAUTH Problem - Printable Version

+- ispCP - Board - Support (http://www.isp-control.net/forum)
+-- Forum: ispCP Omega International Area (/forum-22.html)
+--- Forum: German Corner (/forum-26.html)
+--- Thread: SASLAUTH Problem (/thread-1406.html)

Pages: 1 2 3


SASLAUTH Problem - xatrix - 09-26-2007 06:31 PM

Hallo Leute.

Habe einen neuen root Server mit Debian Sarge bespielt gemietet. Habe ihn auf Etch aktualisiert und die entsprechenen Pakete für ispCP installiert.

Alles soweit kein Problem. Bei der installation von ispCP konnte ich nichts ungewöhnliches feststellen.

So jetzt zu meinem Problem:

Ich kann Mails empfangen aber nicht versenden. (Über Telnet und Webmail gehts).

Hier meine Logs:

Code:
# tail -f /var/log/mail.info

Sep 26 10:14:43 itcweb01 postfix/smtpd[29057]: connect from mail.domain.de[62.153.78.xxx]
Sep 26 10:14:43 itcweb01 postfix/smtpd[29057]: warning: mail.domain.de[62.153.78.130]: SASL LOGIN authentication failed: authentication failure

Meine main.cf:
Code:
# Postfix MTA Manager Main Configuration File;
#
# Please do NOT edit this file manually;
#

#
# Postfix directory settings; These are critical for normal Postfix MTA functionallity;
#

command_directory = /usr/sbin
daemon_directory  = /usr/lib/postfix
program_directory = /usr/lib/postfix

#
# Some common configuration parameters;
#

inet_interfaces  = all
mynetworks_style = host

myhostname = itcweb01.domain.info
mydomain   = itcweb01.domain.info.local
myorigin   = $mydomain

smtpd_banner = $myhostname
setgid_group = postdrop

#
# Receiving messages parameters;
#

mydestination       = $myhostname, $mydomain
append_dot_mydomain = no
append_at_myorigin  = yes
local_transport     = local
virtual_transport   = virtual
transport_maps      = hash:/etc/postfix/ispcp/transport

#
# Delivering local messages parameters;
#

mail_spool_directory = /var/mail

# Mailboxquota
# => 0 for unlimited
# => 104857600 for 100 MB
mailbox_size_limit = 0
mailbox_command    = procmail -a "$EXTENSION"

biff = no

alias_database                    = hash:/etc/aliases

local_destination_recipient_limit = 1
local_recipient_maps              = unix:passwd.byname $alias_database

#
# ISPCP Autoresponder parameters;
#

ispcp-arpl_destination_recipient_limit = 1

#
# Delivering virtual messages parameters;
#

virtual_mailbox_base    = /var/mail/virtual
virtual_mailbox_limit   = 0

virtual_mailbox_domains = hash:/etc/postfix/ispcp/domains
virtual_mailbox_maps    = hash:/etc/postfix/ispcp/mailboxes

virtual_alias_maps      = hash:/etc/postfix/ispcp/aliases

virtual_minimum_uid     = 1000
virtual_uid_maps        = static:1000
virtual_gid_maps        = static:8

#
# SASL paramters;
#

smtpd_sasl_auth_enable       = yes
smtpd_sasl2_auth_enable      = yes
smtpd_sasl_security_options  = noanonymous
smtpd_sasl_local_domain      =
broken_sasl_auth_clients     = yes
smtpd_sender_restrictions    = permit_mynetworks,
                               permit_sasl_authenticated,
                               reject_unauth_destination
smtpd_recipient_restrictions = permit_mynetworks,
                               permit_sasl_authenticated,
                               reject_unauth_destination
#                               check_policy_service inet:127.0.0.1:60000

#smtpd_sasl_authenticated_header = yes


#
# TLS parameters; activate, if avaible/used
#

#smtpd_tld_loglevel        = 2
#smtpd_tls_cert_file       = /etc/postfix/cert.pem
#smtpd_tls_key_file        = /etc/postfix/privkey.pem
#smtpd_use_tls             = yes
#smtpd_tls_auth_only       = no
#smtpd_tls_received_header = yes


#
# AMaViS parameters; activate, if avaible/used
#

#content_filter = amavis:[127.0.0.1]:10024

#
# Quota support; activate, if avaible/used
#

#virtual_create_maildirsize     = yes
#virtual_mailbox_extended       = yes
#virtual_mailbox_limit_maps     = mysql:/etc/postfix/mysql_virtual_mailbox_limit_maps.cf
#virtual_mailbox_limit_override = yes
#virtual_maildir_limit_message  = "The user you're trying to reach is over mailbox quota."
#virtual_overquota_bounce       = yes

Meine master.cf:
Code:
# Postfix master process configuration file.  For details on the format
# of the file, see the master(5) manual page (command: "man 5 master").
#
# ==========================================================================
# service type  private unpriv  chroot  wakeup  maxproc command + args
#               (yes)   (yes)   (yes)   (never) (100)
# ==========================================================================
smtp      inet   n       -       -       -       -       smtpd
#submission inet n       -       -       -       -       smtpd
#  -o smtpd_enforce_tls=yes
#  -o smtpd_sasl_auth_enable=yes
#  -o smtpd_client_restrictions=permit_sasl_authenticated,reject
#smtps     inet  n       -       -       -       -       smtpd
#  -o smtpd_tls_wrappermode=yes
#  -o smtpd_sasl_auth_enable=yes
#  -o smtpd_client_restrictions=permit_sasl_authenticated,reject
# For AOL-Accounts
587       inet  n       -       -       -       -       smtpd
   -o smtpd_client_restrictions=permit_sasl_authenticated,reject_unauth_destination
#628      inet  n       -       -       -       -       qmqpd
pickup    fifo  n       -       -       60      1       pickup
cleanup   unix  n       -       -       -       0       cleanup
qmgr      fifo  n       -       -       300     1       qmgr
#qmgr     fifo  n       -       -       300     1       oqmgr
tlsmgr    unix  -       -       -       1000?   1       tlsmgr
rewrite   unix  -       -       -       -       -       trivial-rewrite
bounce    unix  -       -       -       -       0       bounce
defer     unix  -       -       -       -       0       bounce
trace     unix  -       -       -       -       0       bounce
verify    unix  -       -       -       -       1       verify
flush     unix  n       -       -       1000?   0       flush
proxymap  unix  -       -       n       -       -       proxymap
smtp      unix  -       -       -       -       -       smtp
# When relaying mail as backup MX, disable fallback_relay to avoid MX loops
relay     unix  -       -       -       -       -       smtp
        -o fallback_relay=
#   -o smtp_helo_timeout=5 -o smtp_connect_timeout=5
showq     unix  n       -       -       -       -       showq
error     unix  -       -       -       -       -       error
discard   unix  -       -       -       -       -       discard
local     unix  -       n       n       -       -       local
virtual   unix  -       n       n       -       -       virtual
lmtp      unix  -       -       -       -       -       lmtp
anvil     unix  -       -       -       -       1       anvil
scache    unix  -       -       -       -       1       scache
# ====================================================================
# ISPCP Ï OMEGA configuration
# ====================================================================
# AMaViS => Antivir / Antispam
amavis    unix  -       -       n       -       2       smtp
   -o smtp_data_done_timeout=1200
   -o smtp_send_xforward_command=yes
   -o disable_dns_lookups=yes

localhost:10025 inet  n -       n       -      -        smtpd
   -o content_filter=
   -o local_recipient_maps=
   -o relay_recipient_maps=
   -o smtpd_restriction_classes=
   -o smtpd_client_restrictions=
   -o smtpd_helo_restrictions=
   -o smtpd_sender_restrictions=
   -o smtpd_recipient_restrictions=permit_mynetworks,reject
   -o smtpd_override_options=no_address_mappings
   -o mynetworks=127.0.0.0/8
   -o strict_rfc821_envelopes=yes



# ISPCP autoresponder
ispcp-arpl unix  -      n       n       -       -       pipe
  flags=O user=vmail argv=/var/www/ispcp/engine/messager/ispcp-arpl-msgr

# TSL - Activate, if TSL is avaiable/used
smtps     inet  n       -       -       -       -       smtpd
   -o smtpd_tls_wrappermode=yes
   -o smtpd_sasl_auth_enable=yes
#  -o smtpd_client_restrictions=permit_sasl_authenticated,reject
#
# ====================================================================
# Interfaces to non-Postfix software. Be sure to examine the manual
# pages of the non-Postfix software to find out what options it wants.
#
# Many of the following services use the Postfix pipe(8) delivery
# agent.  See the pipe(8) man page for information about ${recipient}
# and other message envelope options.
# ====================================================================
#
# maildrop. See the Postfix MAILDROP_README file for details.
# Also specify in main.cf: maildrop_destination_recipient_limit=1
#
maildrop  unix  -       n       n       -       -       pipe
  flags=DRhu user=vmail argv=/usr/local/bin/maildrop -d ${recipient}
#
# The Cyrus deliver program has changed incompatibly, multiple times.
#
old-cyrus unix  -       n       n       -       -       pipe
  flags=R user=cyrus argv=/cyrus/bin/deliver -e -m ${extension} ${user}
# Cyrus 2.1.5 (Amos Gouaux)
# Also specify in main.cf: cyrus_destination_recipient_limit=1
cyrus     unix  -       n       n       -       -       pipe
  user=cyrus argv=/cyrus/bin/deliver -e -r ${sender} -m ${extension} ${user}
#
# See the Postfix UUCP_README file for configuration details.
#
uucp      unix  -       n       n       -       -       pipe
  flags=Fqhu user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail ($recipient)
#
# Other external delivery methods.
#
ifmail    unix  -       n       n       -       -       pipe
  flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient)
bsmtp     unix  -       n       n       -       -       pipe
  flags=Fq. user=foo argv=/usr/local/sbin/bsmtp -f $sender $nexthop $recipient

Meine smtp.conf
Code:
pwcheck_method: saslauthd
mech_list: PLAIN LOGIN
autotransition:true

/default/saslauthd
Code:
# This needs to be uncommented before saslauthd will be run automatically
START=yes

# You must specify the authentication mechanisms you wish to use.
# This defaults to "pam" for PAM support, but may also include
# "shadow" or "sasldb", like this:
# MECHANISMS="pam shadow"

#MECHANISMS="pam"
#OPTIONS="-m /var/spool/postfix/var/run/saslauthd"
MECHANISMS="shadow"

Beide Dienste (Postfix/Saslauthd) bringen keinen Fehler beim neu starten.

Die Rechte sollten ebenfalls stimmen.

Mit testsaslauthd -u username -p password -f /var/spool/postfix/var/run/saslauthd/mux

Bekomme ich keinen erfolg. Bin solange am ende mit meinen Versuchen. Es scheint defenetiv am saslauthd selber zu liegen aber ich bekomme nicht raus wo der Fehler sein soll. Hab schon so viel getestet.

Z.B.: Diese Seite komplett: http://helpdesk.std-service.de/staticpages/index.php/2004111610415756

Dankbar für jede Hilfe


RE: SASLAUTH Problem - rbtux - 09-26-2007 06:39 PM

tried that?

http://postfix.state-of-mind.de/patrick.koetter/saslfinger/

helped me with all my sasl problems...


RE: SASLAUTH Problem - xatrix - 09-26-2007 06:44 PM

rbtux Wrote:tried that?

http://postfix.state-of-mind.de/patrick.koetter/saslfinger/

helped me with all my sasl problems...

Thx for quick reply ! I will directly test


RE: SASLAUTH Problem - xatrix - 09-26-2007 06:48 PM

Hier ist wohl das Problem :

Code:
itcweb01:~/install/saslfinger-1.0.2# saslfinger -c
saslfinger - postfix Cyrus sasl configuration Mi 26. Sep 10:46:13 CEST 2007
version: 1.0.2
mode: client-side SMTP AUTH

-- basics --
Postfix: 2.3.8
System: Debian GNU/Linux 4.0 \n \l

-- smtp is linked to --
        libsasl2.so.2 => /usr/lib/libsasl2.so.2 (0x00002ae66dfc2000)

-- active SMTP AUTH and TLS parameters for smtp --
No active SMTP AUTH and TLS parameters for smtp in main.cf!
SMTP AUTH can't work!
itcweb01:~/install/saslfinger-1.0.2#
itcweb01:~/install/saslfinger-1.0.2#

Also stimmt was nicht in der main.cf ! Nur was ? Die Parameter müssten doch stimmen ?!


RE: SASLAUTH Problem - rbtux - 09-26-2007 06:52 PM

kannst du mal ein postconf -n machen und die ausgabe posten?


RE: SASLAUTH Problem - xatrix - 09-26-2007 06:54 PM

rbtux Wrote:kannst du mal ein postconf -n machen und die ausgabe posten?

klar:
Code:
alias_database = hash:/etc/aliases
append_at_myorigin = yes
append_dot_mydomain = no
biff = no
broken_sasl_auth_clients = yes
command_directory = /usr/sbin
config_directory = /etc/postfix
daemon_directory = /usr/lib/postfix
inet_interfaces = all
local_destination_recipient_limit = 1
local_recipient_maps = unix:passwd.byname $alias_database
local_transport = local
mail_spool_directory = /var/mail
mailbox_command = procmail -a "$EXTENSION"
mailbox_size_limit = 0
mydestination = $myhostname, $mydomain
mydomain = itcweb01.xxx.info.local
myhostname = itcweb01.xxx.info
mynetworks_style = host
myorigin = $mydomain
setgid_group = postdrop
smtpd_banner = $myhostname
smtpd_recipient_restrictions = permit_mynetworks,                               permit_sasl_authenticated,                               reject_unauth_destination
smtpd_sasl_auth_enable = yes
smtpd_sasl_local_domain =
smtpd_sasl_security_options = noanonymous
smtpd_sender_restrictions = permit_mynetworks,                               permit_sasl_authenticated,                               reject_unauth_destination
transport_maps = hash:/etc/postfix/ispcp/transport
virtual_alias_maps = hash:/etc/postfix/ispcp/aliases
virtual_gid_maps = static:8
virtual_mailbox_base = /var/mail/virtual
virtual_mailbox_domains = hash:/etc/postfix/ispcp/domains
virtual_mailbox_limit = 0
virtual_mailbox_maps = hash:/etc/postfix/ispcp/mailboxes
virtual_minimum_uid = 1000
virtual_transport = virtual
virtual_uid_maps = static:1000



RE: SASLAUTH Problem - rbtux - 09-26-2007 07:10 PM

kannst du mal folgendes anpassen:


smtpd_sasl_local_domain = $myhostname
broken_sasl_auth_clients = yes


RE: SASLAUTH Problem - xatrix - 09-26-2007 07:22 PM

rbtux Wrote:kannst du mal folgendes anpassen:


smtpd_sasl_local_domain = $myhostname
broken_sasl_auth_clients = yes

Selber Fehler Sad und broken_sasl_auth_clients = yes stand schon drin !


RE: SASLAUTH Problem - rbtux - 09-26-2007 07:25 PM

ich schau es am nachmittag genauer an... OK?


RE: SASLAUTH Problem - xatrix - 09-26-2007 07:25 PM

rbtux Wrote:ich schau es am nachmittag genauer an... OK?

Ja vielen DANK !