SASLAUTH Problem - xatrix - 09-26-2007 06:31 PM
Hallo Leute.
Habe einen neuen root Server mit Debian Sarge bespielt gemietet. Habe ihn auf Etch aktualisiert und die entsprechenen Pakete für ispCP installiert.
Alles soweit kein Problem. Bei der installation von ispCP konnte ich nichts ungewöhnliches feststellen.
So jetzt zu meinem Problem:
Ich kann Mails empfangen aber nicht versenden. (Über Telnet und Webmail gehts).
Hier meine Logs:
Code:
# tail -f /var/log/mail.info
Sep 26 10:14:43 itcweb01 postfix/smtpd[29057]: connect from mail.domain.de[62.153.78.xxx]
Sep 26 10:14:43 itcweb01 postfix/smtpd[29057]: warning: mail.domain.de[62.153.78.130]: SASL LOGIN authentication failed: authentication failure
Meine main.cf:
Code:
# Postfix MTA Manager Main Configuration File;
#
# Please do NOT edit this file manually;
#
#
# Postfix directory settings; These are critical for normal Postfix MTA functionallity;
#
command_directory = /usr/sbin
daemon_directory = /usr/lib/postfix
program_directory = /usr/lib/postfix
#
# Some common configuration parameters;
#
inet_interfaces = all
mynetworks_style = host
myhostname = itcweb01.domain.info
mydomain = itcweb01.domain.info.local
myorigin = $mydomain
smtpd_banner = $myhostname
setgid_group = postdrop
#
# Receiving messages parameters;
#
mydestination = $myhostname, $mydomain
append_dot_mydomain = no
append_at_myorigin = yes
local_transport = local
virtual_transport = virtual
transport_maps = hash:/etc/postfix/ispcp/transport
#
# Delivering local messages parameters;
#
mail_spool_directory = /var/mail
# Mailboxquota
# => 0 for unlimited
# => 104857600 for 100 MB
mailbox_size_limit = 0
mailbox_command = procmail -a "$EXTENSION"
biff = no
alias_database = hash:/etc/aliases
local_destination_recipient_limit = 1
local_recipient_maps = unix:passwd.byname $alias_database
#
# ISPCP Autoresponder parameters;
#
ispcp-arpl_destination_recipient_limit = 1
#
# Delivering virtual messages parameters;
#
virtual_mailbox_base = /var/mail/virtual
virtual_mailbox_limit = 0
virtual_mailbox_domains = hash:/etc/postfix/ispcp/domains
virtual_mailbox_maps = hash:/etc/postfix/ispcp/mailboxes
virtual_alias_maps = hash:/etc/postfix/ispcp/aliases
virtual_minimum_uid = 1000
virtual_uid_maps = static:1000
virtual_gid_maps = static:8
#
# SASL paramters;
#
smtpd_sasl_auth_enable = yes
smtpd_sasl2_auth_enable = yes
smtpd_sasl_security_options = noanonymous
smtpd_sasl_local_domain =
broken_sasl_auth_clients = yes
smtpd_sender_restrictions = permit_mynetworks,
permit_sasl_authenticated,
reject_unauth_destination
smtpd_recipient_restrictions = permit_mynetworks,
permit_sasl_authenticated,
reject_unauth_destination
# check_policy_service inet:127.0.0.1:60000
#smtpd_sasl_authenticated_header = yes
#
# TLS parameters; activate, if avaible/used
#
#smtpd_tld_loglevel = 2
#smtpd_tls_cert_file = /etc/postfix/cert.pem
#smtpd_tls_key_file = /etc/postfix/privkey.pem
#smtpd_use_tls = yes
#smtpd_tls_auth_only = no
#smtpd_tls_received_header = yes
#
# AMaViS parameters; activate, if avaible/used
#
#content_filter = amavis:[127.0.0.1]:10024
#
# Quota support; activate, if avaible/used
#
#virtual_create_maildirsize = yes
#virtual_mailbox_extended = yes
#virtual_mailbox_limit_maps = mysql:/etc/postfix/mysql_virtual_mailbox_limit_maps.cf
#virtual_mailbox_limit_override = yes
#virtual_maildir_limit_message = "The user you're trying to reach is over mailbox quota."
#virtual_overquota_bounce = yes
Meine master.cf:
Code:
# Postfix master process configuration file. For details on the format
# of the file, see the master(5) manual page (command: "man 5 master").
#
# ==========================================================================
# service type private unpriv chroot wakeup maxproc command + args
# (yes) (yes) (yes) (never) (100)
# ==========================================================================
smtp inet n - - - - smtpd
#submission inet n - - - - smtpd
# -o smtpd_enforce_tls=yes
# -o smtpd_sasl_auth_enable=yes
# -o smtpd_client_restrictions=permit_sasl_authenticated,reject
#smtps inet n - - - - smtpd
# -o smtpd_tls_wrappermode=yes
# -o smtpd_sasl_auth_enable=yes
# -o smtpd_client_restrictions=permit_sasl_authenticated,reject
# For AOL-Accounts
587 inet n - - - - smtpd
-o smtpd_client_restrictions=permit_sasl_authenticated,reject_unauth_destination
#628 inet n - - - - qmqpd
pickup fifo n - - 60 1 pickup
cleanup unix n - - - 0 cleanup
qmgr fifo n - - 300 1 qmgr
#qmgr fifo n - - 300 1 oqmgr
tlsmgr unix - - - 1000? 1 tlsmgr
rewrite unix - - - - - trivial-rewrite
bounce unix - - - - 0 bounce
defer unix - - - - 0 bounce
trace unix - - - - 0 bounce
verify unix - - - - 1 verify
flush unix n - - 1000? 0 flush
proxymap unix - - n - - proxymap
smtp unix - - - - - smtp
# When relaying mail as backup MX, disable fallback_relay to avoid MX loops
relay unix - - - - - smtp
-o fallback_relay=
# -o smtp_helo_timeout=5 -o smtp_connect_timeout=5
showq unix n - - - - showq
error unix - - - - - error
discard unix - - - - - discard
local unix - n n - - local
virtual unix - n n - - virtual
lmtp unix - - - - - lmtp
anvil unix - - - - 1 anvil
scache unix - - - - 1 scache
# ====================================================================
# ISPCP Ï OMEGA configuration
# ====================================================================
# AMaViS => Antivir / Antispam
amavis unix - - n - 2 smtp
-o smtp_data_done_timeout=1200
-o smtp_send_xforward_command=yes
-o disable_dns_lookups=yes
localhost:10025 inet n - n - - smtpd
-o content_filter=
-o local_recipient_maps=
-o relay_recipient_maps=
-o smtpd_restriction_classes=
-o smtpd_client_restrictions=
-o smtpd_helo_restrictions=
-o smtpd_sender_restrictions=
-o smtpd_recipient_restrictions=permit_mynetworks,reject
-o smtpd_override_options=no_address_mappings
-o mynetworks=127.0.0.0/8
-o strict_rfc821_envelopes=yes
# ISPCP autoresponder
ispcp-arpl unix - n n - - pipe
flags=O user=vmail argv=/var/www/ispcp/engine/messager/ispcp-arpl-msgr
# TSL - Activate, if TSL is avaiable/used
smtps inet n - - - - smtpd
-o smtpd_tls_wrappermode=yes
-o smtpd_sasl_auth_enable=yes
# -o smtpd_client_restrictions=permit_sasl_authenticated,reject
#
# ====================================================================
# Interfaces to non-Postfix software. Be sure to examine the manual
# pages of the non-Postfix software to find out what options it wants.
#
# Many of the following services use the Postfix pipe(8) delivery
# agent. See the pipe(8) man page for information about ${recipient}
# and other message envelope options.
# ====================================================================
#
# maildrop. See the Postfix MAILDROP_README file for details.
# Also specify in main.cf: maildrop_destination_recipient_limit=1
#
maildrop unix - n n - - pipe
flags=DRhu user=vmail argv=/usr/local/bin/maildrop -d ${recipient}
#
# The Cyrus deliver program has changed incompatibly, multiple times.
#
old-cyrus unix - n n - - pipe
flags=R user=cyrus argv=/cyrus/bin/deliver -e -m ${extension} ${user}
# Cyrus 2.1.5 (Amos Gouaux)
# Also specify in main.cf: cyrus_destination_recipient_limit=1
cyrus unix - n n - - pipe
user=cyrus argv=/cyrus/bin/deliver -e -r ${sender} -m ${extension} ${user}
#
# See the Postfix UUCP_README file for configuration details.
#
uucp unix - n n - - pipe
flags=Fqhu user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail ($recipient)
#
# Other external delivery methods.
#
ifmail unix - n n - - pipe
flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient)
bsmtp unix - n n - - pipe
flags=Fq. user=foo argv=/usr/local/sbin/bsmtp -f $sender $nexthop $recipient
Meine smtp.conf
Code:
pwcheck_method: saslauthd
mech_list: PLAIN LOGIN
autotransition:true
/default/saslauthd
Code:
# This needs to be uncommented before saslauthd will be run automatically
START=yes
# You must specify the authentication mechanisms you wish to use.
# This defaults to "pam" for PAM support, but may also include
# "shadow" or "sasldb", like this:
# MECHANISMS="pam shadow"
#MECHANISMS="pam"
#OPTIONS="-m /var/spool/postfix/var/run/saslauthd"
MECHANISMS="shadow"
Beide Dienste (Postfix/Saslauthd) bringen keinen Fehler beim neu starten.
Die Rechte sollten ebenfalls stimmen.
Mit testsaslauthd -u username -p password -f /var/spool/postfix/var/run/saslauthd/mux
Bekomme ich keinen erfolg. Bin solange am ende mit meinen Versuchen. Es scheint defenetiv am saslauthd selber zu liegen aber ich bekomme nicht raus wo der Fehler sein soll. Hab schon so viel getestet.
Z.B.: Diese Seite komplett: http://helpdesk.std-service.de/staticpages/index.php/2004111610415756
Dankbar für jede Hilfe
RE: SASLAUTH Problem - rbtux - 09-26-2007 06:39 PM
tried that?
http://postfix.state-of-mind.de/patrick.koetter/saslfinger/
helped me with all my sasl problems...
RE: SASLAUTH Problem - xatrix - 09-26-2007 06:44 PM
rbtux Wrote:tried that?
http://postfix.state-of-mind.de/patrick.koetter/saslfinger/
helped me with all my sasl problems...
Thx for quick reply ! I will directly test
RE: SASLAUTH Problem - xatrix - 09-26-2007 06:48 PM
Hier ist wohl das Problem :
Code:
itcweb01:~/install/saslfinger-1.0.2# saslfinger -c
saslfinger - postfix Cyrus sasl configuration Mi 26. Sep 10:46:13 CEST 2007
version: 1.0.2
mode: client-side SMTP AUTH
-- basics --
Postfix: 2.3.8
System: Debian GNU/Linux 4.0 \n \l
-- smtp is linked to --
libsasl2.so.2 => /usr/lib/libsasl2.so.2 (0x00002ae66dfc2000)
-- active SMTP AUTH and TLS parameters for smtp --
No active SMTP AUTH and TLS parameters for smtp in main.cf!
SMTP AUTH can't work!
itcweb01:~/install/saslfinger-1.0.2#
itcweb01:~/install/saslfinger-1.0.2#
Also stimmt was nicht in der main.cf ! Nur was ? Die Parameter müssten doch stimmen ?!
RE: SASLAUTH Problem - rbtux - 09-26-2007 06:52 PM
kannst du mal ein postconf -n machen und die ausgabe posten?
RE: SASLAUTH Problem - xatrix - 09-26-2007 06:54 PM
rbtux Wrote:kannst du mal ein postconf -n machen und die ausgabe posten?
klar:
Code:
alias_database = hash:/etc/aliases
append_at_myorigin = yes
append_dot_mydomain = no
biff = no
broken_sasl_auth_clients = yes
command_directory = /usr/sbin
config_directory = /etc/postfix
daemon_directory = /usr/lib/postfix
inet_interfaces = all
local_destination_recipient_limit = 1
local_recipient_maps = unix:passwd.byname $alias_database
local_transport = local
mail_spool_directory = /var/mail
mailbox_command = procmail -a "$EXTENSION"
mailbox_size_limit = 0
mydestination = $myhostname, $mydomain
mydomain = itcweb01.xxx.info.local
myhostname = itcweb01.xxx.info
mynetworks_style = host
myorigin = $mydomain
setgid_group = postdrop
smtpd_banner = $myhostname
smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination
smtpd_sasl_auth_enable = yes
smtpd_sasl_local_domain =
smtpd_sasl_security_options = noanonymous
smtpd_sender_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination
transport_maps = hash:/etc/postfix/ispcp/transport
virtual_alias_maps = hash:/etc/postfix/ispcp/aliases
virtual_gid_maps = static:8
virtual_mailbox_base = /var/mail/virtual
virtual_mailbox_domains = hash:/etc/postfix/ispcp/domains
virtual_mailbox_limit = 0
virtual_mailbox_maps = hash:/etc/postfix/ispcp/mailboxes
virtual_minimum_uid = 1000
virtual_transport = virtual
virtual_uid_maps = static:1000
RE: SASLAUTH Problem - rbtux - 09-26-2007 07:10 PM
kannst du mal folgendes anpassen:
smtpd_sasl_local_domain = $myhostname
broken_sasl_auth_clients = yes
RE: SASLAUTH Problem - xatrix - 09-26-2007 07:22 PM
rbtux Wrote:kannst du mal folgendes anpassen:
smtpd_sasl_local_domain = $myhostname
broken_sasl_auth_clients = yes
Selber Fehler und broken_sasl_auth_clients = yes stand schon drin !
RE: SASLAUTH Problem - rbtux - 09-26-2007 07:25 PM
ich schau es am nachmittag genauer an... OK?
RE: SASLAUTH Problem - xatrix - 09-26-2007 07:25 PM
rbtux Wrote:ich schau es am nachmittag genauer an... OK?
Ja vielen DANK !
|