[ERLEDIGT] Problem mit NTLM beim senden von Mails

[Nuxwin]

Ok, but you have not fixed the smtpd.conf problem here. This file should look like this:

Code:

log_level: 3
pwcheck_method: auxprop
auxprop_plugin : sasldb
mech_list: PLAIN LOGIN CRAM-MD5 DIGEST-MD5

Edit: If you want, I can check your conf (For free of course) now. Send me a PM
Normally, your postfix should not propose NTLM authentication.

[Rafioso]

Ah damn, ok I've delete the file some days ago, because with this file, noone can send mails (all domains with NTLM-Auth).

This is with the smtpd.conf:

Code:

Trying 127.0.0.1...
Connected to localhost.localdomain.
Escape character is '^]'.
220 muh.muhmuhmuh.de
EHLO mail.muhmuhmuh.de
250-muh.muhmuhmuh.de
250-PIPELINING
250-SIZE
250-VRFY
250-ETRN
250-AUTH DIGEST-MD5 CRAM-MD5 PLAIN LOGIN
250-AUTH=DIGEST-MD5 CRAM-MD5 PLAIN LOGIN
250-ENHANCEDSTATUSCODES
250-8BITMIME
250 DSN
AUTH PLAIN
334
****cHBv******G9tZXz************************Rhc**ci5**ZU***
235 2.7.0 Authentication successful

Log is the same as the last try.

[Nuxwin]

Ok so it should work correctly. NTLM is not available now, and so, no one client can choose it.

Microsoft clients will choose another now (such as LOGIN...)

[Rafioso]

Ok thank you, but i create this topic, because i want to use NTLM

[Nuxwin]

Ah ok, sorry, I've not understood that. Wait... I check one thing.

[Nuxwin]

Edit:

Ok, work fine :

Code:

smtp:~# perl gen-auth NTLM
username: l.declercq@nuxwin.com
password:
domain: nuxwin.com
Auth Request: TlRMTVNTUAABAAAAB6IAAAAAAAAAAAAAAAAAAAAAAAA=
challenge: TlRMTVNTUAACAAAAGgAaADAAAAAFogIAA8ut/B67fF4AAAAAAAAAAAAAAAAAAAAAUwBNAFQAUAAuAEkAUwBQAEMAUAAuAEYAUgA=
Auth Response: TlRMTVNTUAADAAAAGAAYAEAAAAAYABgAWAAAABoAGgBwAAAAKgAqAIoAAAAqACoAtAAAAAAAAACeAAAA​BaICAA4C6zkvjXKYUFfwmXhTMPLWstfDJvMDXwgt+KtADeIPndxmbyZwGWLmX+kh9VmpRlMATQBUAFAA​LgBJAFMAUABDAFAALgBGAFIAbAAuAGQAZQBjAGwAZQByAGMAcQBAAG4AdQB4AHcAaQBuAC4AYwBvAG0A​bAAuAGQAZQBjAGwAZQByAGMAcQBAAG4AdQB4AHcAaQBuAC4AYwBvAG0A

Code:

smtp:~# telnet localhost 25
Trying 127.0.0.1...
Connected to localhost.localdomain.
Escape character is '^]'.
220 smtp.ispcp.fr ESMTP
ehlo test
250-smtp.ispcp.fr
250-PIPELINING
250-SIZE 10240000
250-ETRN
250-AUTH LOGIN PLAIN NTLM
250-AUTH=LOGIN PLAIN NTLM
250-ENHANCEDSTATUSCODES
250-8BITMIME
250 DSN
AUTH NTLM TlRMTVNTUAABAAAAB6IAAAAAAAAAAAAAAAAAAAAAAAA=
334 TlRMTVNTUAACAAAAGgAaADAAAAAFogIAA8ut/B67fF4AAAAAAAAAAAAAAAAAAAAAUwBNAFQAUAAuAEkAUwBQAEMAUAAuAEYAUgA=
TlRMTVNTUAADAAAAGAAYAEAAAAAYABgAWAAAABoAGgBwAAAAKgAqAIoAAAAqACoAtAAAAAAAAACeAAAA​BaICAA4C6zkvjXKYUFfwmXhTMPLWstfDJvMDXwgt+KtADeIPndxmbyZwGWLmX+kh9VmpRlMATQBUAFAA​LgBJAFMAUABDAFAALgBGAFIAbAAuAGQAZQBjAGwAZQByAGMAcQBAAG4AdQB4AHcAaQBuAC4AYwBvAG0A​bAAuAGQAZQBjAGwAZQByAGMAcQBAAG4AdQB4AHcAaQBuAC4AYwBvAG0A
235 2.7.0 Authentication successful
quit
221 2.0.0 Bye
Connection closed by foreign host.

I'll provide howto for you and also, I'll open ticket to fix this issue in next ispCP release.

[Rafioso]

Thank you very much So, i've to wait for the next release of ispCP?

[Nuxwin]

No ;

I'll perform some other tests and provide a howto

[Rafioso]

Ok merci

[Nuxwin]

Re ;

I've installed latest trunk on Debian Lenny, and I've manually created the following file:

/etc/postfix/sasl/smtpd.conf:

Code:

log_level: 6
pwcheck_method: auxprop
auxprop_plugin: sasldb
mech_list: PLAIN LOGIN NTLM

After this, I've created new reseller and domain account and then, I've created the mail account 'test@nuxwin.net'.

Finally, I've tested the NTLM authentication like this:

Code:

ispcp:~# perl gen-auth
encryption type: NTLM
username: test@nuxwin.net
password:
domain: nuxwin.net
Auth Request: TlRMTVNTUAABAAAAB6IAAAAAAAAAAAAAAAAAAAAAAAA=
challenge: TlRMTVNTUAACAAAAIAAgADAAAAAFogIAf5UpCuXF4wwAAAAAAAAAAAAAAAAAAAAASQBTAFAAQwBQAC4A​TgBVAFgAVwBJAE4ALgBDAE8ATQA=
Auth Response: TlRMTVNTUAADAAAAGAAYAEAAAAAYABgAWAAAACAAIABwAAAAHgAeAJAAAAAeAB4ArgAAAAAAAACMAAAA​BaICAA+jlXe/YoIoIiU5RhWXFHvfcJlSjzWwrt7n149VWVB+JDPfBv6kg2wd35Msmr00O0kAUwBQAEMAUAAuAE4AVQBY​AFcASQBOAC4AQwBPAE0AdABlAHMAdABAAG4AdQB4AHcAaQBuAC4AbgBlAHQAdABlAHMAdABAAG4AdQB4​AHcAaQBuAC4AbgBlAHQA

Note: Here, the challenge was provided by postfix.

Code:

ispcp:~# telnet localhost 25
Trying 127.0.0.1...
Connected to ispcp.nuxwin.com.local.
Escape character is '^]'.
220 ispcp.nuxwin.com ESMTP ispCP 1.0.7 OMEGA Managed
EHLO testing.tld
250-ispcp.nuxwin.com
250-PIPELINING
250-SIZE
250-VRFY
250-ETRN
250-AUTH NTLM PLAIN LOGIN
250-AUTH=NTLM PLAIN LOGIN
250-ENHANCEDSTATUSCODES
250-8BITMIME
250 DSN
AUTH NTLM TlRMTVNTUAABAAAAB6IAAAAAAAAAAAAAAAAAAAAAAAA=
334 TlRMTVNTUAACAAAAIAAgADAAAAAFogIAf5UpCuXF4wwAAAAAAAAAAAAAAAAAAAAASQBTAFAAQwBQAC4A​TgBVAFgAVwBJAE4ALgBDAE8ATQA=
TlRMTVNTUAADAAAAGAAYAEAAAAAYABgAWAAAACAAIABwAAAAHgAeAJAAAAAeAB4ArgAAAAAAAACMAAAA​BaICAA+jlXe/YoIoIiU5RhWXFHvfcJlSjzWwrt7n149VWVB+JDPfBv6kg2wd35Msmr00O0kAUwBQAEMAUAAuAE4AVQBY​AFcASQBOAC4AQwBPAE0AdABlAHMAdABAAG4AdQB4AHcAaQBuAC4AbgBlAHQAdABlAHMAdABAAG4AdQB4​AHcAaQBuAC4AbgBlAHQA
235 2.7.0 Authentication successful
quit

Note: Here, the AUTH request 'TlRMTVNTUAABAAAAB6IAAAAAAAAAAAAAAAAAAAAAAAA=' was provided by the gen-auth script. The response:

Code:

TlRMTVNTUAADAAAAGAAYAEAAAAAYABgAWAAAACAAIABwAAAAHgAeAJAAAAAeAB4ArgAAAAAAAACMAAAA​BaICAA+jlXe/YoIoIiU5RhWXFHvfcJlSjzWwrt7n149VWVB+JDPfBv6kg2wd35Msmr00O0kAUwBQAEMAUAAuAE4AVQBY​AFcASQBOAC4AQwBPAE0AdABlAHMAdABAAG4AdQB4AHcAaQBuAC4AbgBlAHQAdABlAHMAdABAAG4AdQB4​AHcAaQBuAC4AbgBlAHQA

was provided by the gen-auth script :

Code:

TlRMTVNTUAACAAAAIAAgADAAAAAFogIAf5UpCuXF4wwAAAAAAAAAAAAAAAAAAAAASQBTAFAAQwBQAC4A​TgBVAFgAVwBJAE4ALgBDAE8ATQA=

that was provided by postfix after the authentication request.

---

I've also tested NTLM authentication from mail client (Evolution):

           

The relevant mail log:

Code:

ispcp:~# tail -f -n0 /var/log/mail.log
Oct 28 15:11:24 ispcp postfix/smtpd[31411]: connect from unknown[192.168.1.100]
Oct 28 15:11:24 ispcp postfix/smtpd[31411]: 34650369BE: client=unknown[192.168.1.100], sasl_method=NTLM, sasl_username=test@nuxwin.net
Oct 28 15:11:24 ispcp postfix/cleanup[31413]: 34650369BE: message-id=<1288271522.14861.1.camel@mdev.nuxwin.com>
Oct 28 15:11:24 ispcp postfix/qmgr[29929]: 34650369BE: from=<test@nuxwin.net>, size=527, nrcpt=1 (queue active)
Oct 28 15:11:24 ispcp postfix/virtual[31421]: 34650369BE: to=<test@nuxwin.net>, relay=virtual, delay=0.11, delays=0.07/0.03/0/0.01, dsn=2.0.0, status=sent (delivered to maildir)
Oct 28 15:11:24 ispcp postfix/qmgr[29929]: 34650369BE: removed
Oct 28 15:11:24 ispcp postfix/smtpd[31411]: disconnect from unknown[192.168.1.100]

Conclusion: All works fine.

Note: For the record:

Code:

ispcp:~# uname -a
Linux ispcp 2.6.26-2-amd64 #1 SMP Thu Sep 16 15:56:38 UTC 2010 x86_64 GNU/Linux

Code:

ispcp:~# lsb_release -a
No LSB modules are available.
Distributor ID:    Debian
Description:    Debian GNU/Linux 5.0.6 (lenny)
Release:    5.0.6
Codename:    lenny
ispcp:~#

Code:

ispcp:~# cat /etc/ispcp/ispcp.conf |grep '^Version'
Version = 1.0.7 OMEGA
ispcp:~#