[postfix-users] postfix - postfixadmin - dovecot - sasl_aut
Robert Schetterer
robert at schetterer.org
Mi Feb 3 11:06:37 CET 2010
Am 02.02.2010 23:28, schrieb tg:
> Hallo allerseits,
>
> Ich hoffe ich benutze das jetzt richtig und produzier hier kein OT,
> mache sonst wem unnötige Arbeit oder müll "unsere" Mailinglist zu. Wenn
> das schon gelöst ist bitte ein Hinweis!
>
> Ausgangssituation:
> Postfix als SMTP und Dovecot als deliver, IMAP und POP3, keine lokalen
> Konten und PostfixAdmin zur Verwaltung, nur Virtual. TLS wird noch
> nachgerüstet.
> Lokal klappt das Anlgen der Mailboxen beim Senden per echo... an ein
> recipient ohne Probleme und Mailboxen werden bei Bedarf angelegt. Alle
> mysql_maps geben bei Nachfrage die richtigen Informationen aus. Dovecot
> und Postfix Logs zeigen keine Mängel, bis auf Postfix bei Telnet 25
> Versuch > "Authentication failed".
>
> Nun folgende Fragen
> Ist die smtp_sasl_password_map erforderlich wenn per dovecot auth wird?
> error bei smtp_sasl... mit mysql --> keine smtp_...cf.db --> anscheinend
> kann sasl nichts mit meiner map anfangen!
> error bei disable --> kein AUTH oder TLS konfiguriert (siehe saslfinger -c)
> Verwende PostfixAdmin --> welche Passwordmethode soll verwendet werden?
> Brauche ich die alias_maps aus der main.conf noch?
>
> Ich habe folgende Informationen per postfinger und saslfinger -s & -c:
>
> <postfinger>
> postfinger - postfix configuration on Tue Feb 2 14:39:48 CET 2010
> version: 1.30
> --System Parameters--
> mail_version = 2.3.3
> hostname = host_xy
> uname = Linux host_xy 2.6.18-128.4.1.el5xen #1 SMP Tue Aug 4 20:51:12
> EDT 2009 x86_64 x86_64 x86_64 GNU/Linux
>
> --Packaging information--
> looks like this postfix comes from RPM package:
> postfix-2.3.3-2.1.centos.mysql_pgsql
>
> --main.cf non-default parameters--
> alias_maps = hash:/etc/aliases
> broken_sasl_auth_clients = yes
> home_mailbox = Maildir/
> mailq_path = /usr/bin/mailq.postfix
> manpage_directory = /usr/share/man
> mydomain = domain.xy
> myhostname = mail.domain.xy.com
> myorigin = $mydomain
> newaliases_path = /usr/bin/newaliases.postfix
> readme_directory = /usr/share/doc/postfix-2.3.3/README_FILES
> relay_domains =
> sendmail_path = /usr/sbin/sendmail.postfix
> smtpd_recipient_restrictions = permit_mynetworks,
> permit_sasl_authenticated, reject_unauth_destination
> smtpd_sasl_auth_enable = yes
> smtpd_sasl_path = /var/spool/postfix/private/auth
> smtpd_sasl_type = dovecot
> virtual_alias_maps = mysql:/etc/postfix/sql/mysql_virtual_alias_maps.cf,
> mysql:/etc/postfix/sql/mysql_virtual_alias_domain_maps.cf,
> mysql:/etc/postfix/sql/mysql_virtual_alias_domain_catchall_maps.cf
> virtual_mailbox_domains =
> mysql:/etc/postfix/sql/mysql_virtual_domains_maps.cf
> virtual_mailbox_maps =
> mysql:/etc/postfix/sql/mysql_virtual_mailbox_maps.cf,
> mysql:/etc/postfix/sql/mysql_virtual_alias_domain_mailbox_maps.cf
> virtual_transport = dovecot
>
> --master.cf--
> smtp inet n - n - - smtpd -v
> pickup fifo n - n 60 1 pickup
> cleanup unix n - n - 0 cleanup
> qmgr fifo n - n 300 1 qmgr
> tlsmgr unix - - n 1000? 1 tlsmgr
> rewrite unix - - n - - trivial-rewrite
> bounce unix - - n - 0 bounce
> defer unix - - n - 0 bounce
> trace unix - - n - 0 bounce
> verify unix - - n - 1 verify
> flush unix n - n 1000? 0 flush
> proxymap unix - - n - - proxymap
> smtp unix - - n - - smtp
> relay unix - - n - - smtp
> -o fallback_relay=
> showq unix n - n - - showq
> error unix - - n - - error
> discard unix - - n - - discard
> local unix - n n - - local
> virtual unix - n n - - virtual
> lmtp unix - - n - - lmtp
> anvil unix - - n - 1 anvil
> scache unix - - n - 1 scache
> maildrop unix - n n - - pipe
> flags=DRhu user=vmail argv=/usr/local/bin/maildrop -d ${recipient}
> # flags=R user=cyrus argv=/usr/lib/cyrus-imapd/deliver -e -m
> ${extension} ${user}
> # user=cyrus argv=/usr/lib/cyrus-imapd/deliver -e -r ${sender} -m
> ${extension} ${user}
> uucp unix - n n - - pipe
> flags=Fqhu user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail
> ($recipient)
> ifmail unix - n n - - pipe
> flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient)
> bsmtp unix - n n - - pipe
> flags=Fq. user=foo argv=/usr/local/sbin/bsmtp -f $sender $nexthop
> $recipient
> dovecot unix - n n - - pipe
> flags=ODRhu user=vmail:vmail argv=/usr/libexec/dovecot/deliver -e -f
> ${sender} -d ${recipient}
>
> -- end of postfinger output --
>
>
> <saslfinger -s>
> saslfinger - postfix Cyrus sasl configuration Tue Feb 2 14:40:59 CET 2010
> version: 1.0.2
> mode: server-side SMTP AUTH
>
> -- basics --
> Postfix: 2.3.3
> System: CentOS release 5.4 (Final)
>
> -- smtpd is linked to --
> libsasl2.so.2 => /usr/lib64/libsasl2.so.2 (0x00002b27d9008000)
>
> -- active SMTP AUTH and TLS parameters for smtpd --
> broken_sasl_auth_clients = yes
> smtpd_sasl_auth_enable = yes
> smtpd_sasl_local_domain =
> smtpd_sasl_path = /var/spool/postfix/private/auth
> smtpd_sasl_security_options = noanonymous
> smtpd_sasl_type = dovecot
hab ich anders
( was nicht unbedingt was heissen mag * )
virtual_alias_maps = mysql:/etc/postfix/mysql_virtual_alias_maps.cf
virtual_mailbox_domains = mysql:/etc/postfix//mysql_virtual_domains_maps.cf
virtual_mailbox_maps = mysql:/etc/postfix/mysql_virtual_mailbox_maps.cf
smtpd_sasl_type = dovecot
smtpd_sasl_path = private/auth
dovecot_destination_recipient_limit = 1
virtual_transport = dovecot
dovecot unix - n n - - pipe
flags=DRhu user=vmail:vmail argv=/usr/lib/dovecot/deliver -f ${sender}
-d ${recipient}
# It's possible to export the authentication interface to other programs:
socket listen {
master {
# Master socket provides access to userdb information. It's typically
# used to give Dovecot's local delivery agent access to userdb so it
# can find mailbox locations.
path = /var/run/dovecot/auth-master
mode = 0600
# Default user/group is the one who started dovecot-auth (root)
user = vmail
group = vmail
}
client {
# The client socket is generally safe to export to everyone.
Typical use
# is to export it to your SMTP server so it can do SMTP AUTH lookups
# using it.
path = /var/spool/postfix/private/auth
mode = 0660
user = postfix
group = postfix
}
}
>
>
> -- listing of /usr/lib64/sasl2 --
> total 3064
> drwxr-xr-x 2 root root 4096 Feb 2 01:28 .
> drwxr-xr-x 46 root root 20480 Jan 27 19:38 ..
> -rwxr-xr-x 1 root root 890 Sep 4 02:04 libanonymous.la
> -rwxr-xr-x 1 root root 15880 Sep 4 02:05 libanonymous.so
> -rwxr-xr-x 1 root root 15880 Sep 4 02:05 libanonymous.so.2
> -rwxr-xr-x 1 root root 15880 Sep 4 02:05 libanonymous.so.2.0.22
> -rwxr-xr-x 1 root root 876 Sep 4 02:04 libcrammd5.la
> -rwxr-xr-x 1 root root 19264 Sep 4 02:05 libcrammd5.so
> -rwxr-xr-x 1 root root 19264 Sep 4 02:05 libcrammd5.so.2
> -rwxr-xr-x 1 root root 19264 Sep 4 02:05 libcrammd5.so.2.0.22
> -rwxr-xr-x 1 root root 899 Sep 4 02:04 libdigestmd5.la
> -rwxr-xr-x 1 root root 48520 Sep 4 02:05 libdigestmd5.so
> -rwxr-xr-x 1 root root 48520 Sep 4 02:05 libdigestmd5.so.2
> -rwxr-xr-x 1 root root 48520 Sep 4 02:05 libdigestmd5.so.2.0.22
> -rwxr-xr-x 1 root root 862 Sep 4 02:04 liblogin.la
> -rwxr-xr-x 1 root root 16448 Sep 4 02:05 liblogin.so
> -rwxr-xr-x 1 root root 16448 Sep 4 02:05 liblogin.so.2
> -rwxr-xr-x 1 root root 16448 Sep 4 02:05 liblogin.so.2.0.22
> -rwxr-xr-x 1 root root 862 Sep 4 02:04 libplain.la
> -rwxr-xr-x 1 root root 16416 Sep 4 02:05 libplain.so
> -rwxr-xr-x 1 root root 16416 Sep 4 02:05 libplain.so.2
> -rwxr-xr-x 1 root root 16416 Sep 4 02:05 libplain.so.2.0.22
> -rwxr-xr-x 1 root root 936 Sep 4 02:04 libsasldb.la
> -rwxr-xr-x 1 root root 893304 Sep 4 02:05 libsasldb.so
> -rwxr-xr-x 1 root root 893304 Sep 4 02:05 libsasldb.so.2
> -rwxr-xr-x 1 root root 893304 Sep 4 02:05 libsasldb.so.2.0.22
> -rw-r----- 1 root root 329 Feb 2 00:57 smtpd.conf
>
> -- listing of /usr/lib/sasl2 --
> total 172
> drwxr-xr-x 2 root root 4096 Dec 28 13:58 .
> drwxr-xr-x 27 root root 12288 Jan 24 22:10 ..
> -rwxr-xr-x 1 root root 884 Sep 4 02:04 libanonymous.la
> -rwxr-xr-x 1 root root 14372 Sep 4 02:04 libanonymous.so
> -rwxr-xr-x 1 root root 14372 Sep 4 02:04 libanonymous.so.2
> -rwxr-xr-x 1 root root 14372 Sep 4 02:04 libanonymous.so.2.0.22
> -rwxr-xr-x 1 root root 856 Sep 4 02:04 liblogin.la
> -rwxr-xr-x 1 root root 14752 Sep 4 02:04 liblogin.so
> -rwxr-xr-x 1 root root 14752 Sep 4 02:04 liblogin.so.2
> -rwxr-xr-x 1 root root 14752 Sep 4 02:04 liblogin.so.2.0.22
> -rwxr-xr-x 1 root root 856 Sep 4 02:04 libplain.la
> -rwxr-xr-x 1 root root 14848 Sep 4 02:04 libplain.so
> -rwxr-xr-x 1 root root 14848 Sep 4 02:04 libplain.so.2
> -rwxr-xr-x 1 root root 14848 Sep 4 02:04 libplain.so.2.0.22
>
> -- listing of /etc/sasl2 --
> total 8
> drwxr-xr-x 2 root root 4096 Feb 1 20:33 .
> drwxr-xr-x 78 root root 4096 Feb 2 14:04 ..
>
>
>
>
> -- content of /usr/lib64/sasl2/smtpd.conf --
> pwcheck_method: auxprop
> mech_list: PLAIN LOGIN CRAM-MD5 DIGEST-MD5
> log_level: 3
> auxprop_plugin: sql
> sql_engine: mysql
> sql_hostnames: localhost
> sql_database = db
> sql_user = user
> sql_password = password
> sql_select = SELECT password FROM `mailbox` WHERE user = '%u' AND domain
> = '%r' AND active = '1'
>
>
> -- active services in /etc/postfix/master.cf --
> # service type private unpriv chroot wakeup maxproc command + args
> # (yes) (yes) (yes) (never) (100)
> smtp inet n - n - - smtpd -v
> pickup fifo n - n 60 1 pickup
> cleanup unix n - n - 0 cleanup
> qmgr fifo n - n 300 1 qmgr
> tlsmgr unix - - n 1000? 1 tlsmgr
> rewrite unix - - n - - trivial-rewrite
> bounce unix - - n - 0 bounce
> defer unix - - n - 0 bounce
> trace unix - - n - 0 bounce
> verify unix - - n - 1 verify
> flush unix n - n 1000? 0 flush
> proxymap unix - - n - - proxymap
> smtp unix - - n - - smtp
> relay unix - - n - - smtp
> -o fallback_relay=
> showq unix n - n - - showq
> error unix - - n - - error
> discard unix - - n - - discard
> local unix - n n - - local
> virtual unix - n n - - virtual
> lmtp unix - - n - - lmtp
> anvil unix - - n - 1 anvil
> scache unix - - n - 1 scache
> maildrop unix - n n - - pipe
> flags=DRhu user=vmail argv=/usr/local/bin/maildrop -d ${recipient}
> # flags=R user=cyrus argv=/usr/lib/cyrus-imapd/deliver -e -m
> ${extension} ${user}
> # user=cyrus argv=/usr/lib/cyrus-imapd/deliver -e -r ${sender} -m
> ${extension} ${user}
> uucp unix - n n - - pipe
> flags=Fqhu user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail
> ($recipient)
> ifmail unix - n n - - pipe
> flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient)
> bsmtp unix - n n - - pipe
> flags=Fq. user=foo argv=/usr/local/sbin/bsmtp -f $sender $nexthop
> $recipient
>
> dovecot unix - n n - - pipe
> flags=ODRhu user=vmail:vmail argv=/usr/libexec/dovecot/deliver -e -f
> ${sender} -d ${recipient}
>
> -- mechanisms on localhost --
>
> -- end of saslfinger output --
>
>
>> saslfinger -c>
> saslfinger - postfix Cyrus sasl configuration Tue Feb 2 14:41:16 CET 2010
> version: 1.0.2
> mode: client-side SMTP AUTH
>
> -- basics --
> Postfix: 2.3.3
> System: CentOS release 5.4 (Final)
>
> -- smtp is linked to --
> libsasl2.so.2 => /usr/lib64/libsasl2.so.2 (0x00002b912bbca000)
>
> -- active SMTP AUTH and TLS parameters for smtp --
> �No active SMTP AUTH and TLS parameters for smtp in main.cf!
> SMTP AUTH can't work!
>
> PS: Der Server ist noch keine 2 Wochen am Netz und schon wollen hinet
> Mails relayen und Danke für das 1A Buch!
>
>
> Gruß Tino
> _______________________________________________
> postfix-users mailing list
> postfix-users at de.postfix.org
> http://de.postfix.org/cgi-bin/mailman/listinfo/postfix-users
--
Best Regards
MfG Robert Schetterer
Germany/Munich/Bavaria
Mehr Informationen über die Mailingliste postfix-users