[postfix-users] Postfix 2.9.3 und Cyrus SASL2 lmtp Problem

Joerg Streckfuss joerg.streckfuss at FernUni-Hagen.de
So Feb 24 14:53:50 CET 2013 

Inzwischen klappt die Zustellung per lmtp wieder. Die Lösung bestand
allerdings darin die alte Postfix-Version 2.8.8 einzuspielen. Nun gilt
es herauszufinden, was sich zwischen Version 2.8.8 und 2.9.3 geändert
hat. Hat jemand eine Idee?

Gruß Jörg.



Am 23.02.2013 20:07, schrieb Joerg Streckfuss:
> Hallo liebe Leute,
>
> nachdem ich meinen Mailserver von OpenBSD 5.1 auf 5.2 aktualisiert habe, 
> möchte der local Daemon keine Mails an den Cyrus-IMAP abliefern. Postfix 
> beschwert sich dann mit der folgenden Fehlermeldung:
>
> <snip>
> postman postfix/smtpd[26245]: warning: SASL authentication failure: no 
> user in db
> postman postfix/smtpd[26245]: NOQUEUE: 
> client=xxx.xxx.xxx.xxx.net[xxx.xxx.xxx.xxx], sasl_method=PLAIN, 
> sasl_username=foobar at domain.org
> ...
> postman postfix/local[2037]: warning: error looking up passwd info for 
> foobar: Operation not permitted
> ...
> postman postfix/local[2037]: 8BF9B51480F: 
> to=<foobar at mailserver.domain.org>, orig_to=<foobar at domain.org>, 
> relay=local, delay=0.07,
> delays=0.05/0.01/0/0.01, dsn=4.0.0, status=deferred (user lookup error)
> ...
> <snap>
>
> Die Meldung "SASL authentication failure: no user in db" vom smtpd kann 
> ich nicht so recht einordnen. Denn der folgende Test ist erfolgreich:
>
> <snip>
> # openssl s_client -connect <meinmailserver>:25 -starttls smtp
> verify error:num=18:self signed certificate
> ...
> ---
> 250 8BITMIME
> AUTH PLAIN DASGEHEIMEPASSWORT
> 235 2.7.0 Authentication successful
> <snap>
>
> Meine Konfiguration sieht wie folgt aussieht. Klienten authentifizieren 
> sich per sasl2db. Die scheint wie oben zu sehen auch zu klappen. Mails 
> werden per lmtp (unix socket) an den cyrus-imap abgeliefert. Und hier 
> scheint es dann zu klemmen. Der Socket befindet sich in 
> /var/spool/postfix/public/ und hat die korrekten Rechte root:_postdrop. 
> Da ich an der Konfiguration nichts geändert habe, außer eben ein Update 
> von Postfix 2.8.8 auf Postfix 2.9.3, cyrus-imap-2.4.13 auf 
> cyrus-imapd-2.4.16p0 sowie cyrus-sasl-2.2.25p2 auf cyrus-sasl-2.1.25p3 
> vermute ich eine Inkompatibilität zwischen den neuen Versionen.
> Gibt es eine Möglichkeit wie ich lmtp zwischen Postfix und Cyrus 
> sinnvoll testen kann, bzw. weiß vielleicht jemand woran es hapern könnte?
>
> Vielen Dank im Voraus,
>
> Gruß Jörg
>
> Anbei Details zu meiner Konfiguration
>
> OpenBSD-5.2
> postfix-2.9.3-sasl2
> cyrus-imapd-2.4.16p0 Cyrus IMAP serverr
> cyrus-sasl-2.1.25p3
>
> main.cf:
> <snip>
> queue_directory = /var/spool/postfix
> command_directory = /usr/local/sbin
> daemon_directory = /usr/local/libexec/postfix
> mail_owner = _postfix
> myhostname = hostname.domain
> inet_interfaces = 127.0.0.1, xxx.xxx.xxx.xxx
> inet_protocols = ipv4
> unknown_local_recipient_reject_code = 550
> mydomain = streckfuss.org
> mynetworks = 127.0.0.0/8
> mydestination = $myhostname, localhost.$mydomain
> smtpd_banner = $myhostname ESMTP
> alias_maps = hash:/etc/mail/aliases
> debug_peer_level = 2
> debugger_command =
>           PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin
>           xxgdb $daemon_directory/$process_name $process_id & sleep 5
> sendmail_path = /usr/local/sbin/sendmail
> newaliases_path = /usr/local/sbin/newaliases
> mailq_path = /usr/local/sbin/mailq
> setgid_group = _postdrop
> html_directory = /usr/local/share/doc/postfix/html
> manpage_directory = /usr/local/man
> sample_directory = /etc/postfix
> readme_directory = /usr/local/share/doc/postfix/readme
>
> # SSL/TLS server
> tls_random_source = dev:/dev/arandom
> #smtpd_tls_security_level = may
> smtpd_tls_loglevel = 2
> smtpd_tls_received_header = yes
> smtpd_use_tls = yes
> smtpd_tls_key_file = /etc/ssl/private/tlskeyfile
> smtpd_tls_cert_file = /etc/ssl/private/tlscertfile
> smtpd_tls_CAfile = /etc/ssl/private/tlscafile
> # SSL/TLS client
> smtp_use_tls = yes
> smtp_tls_key_file = /etc/ssl/private/tlskeyfile
> smtp_tls_cert_file = /etc/ssl/private/tlscertfile
>
> # SASL
> smtpd_sasl_security_options = noanonymous
> smtpd_sasl_authenticated_header = yes
> smtpd_sasl_auth_enable = yes
> smtpd_sasl_path = smtpd
> smtpd_sasl_local_domain = $mydomain
> smtpd_sasl_type = cyrus
>
> # restrictions
> smtpd_recipient_restrictions =  permit_sasl_authenticated,
>                                  permit_mynetworks,
>                                  reject_unauth_destination,
>                                  reject_non_fqdn_recipient,
>                                  reject_unknown_recipient_domain,
>                                  reject_rbl_client sbl-xbl.spamhaus.org
>
> # discard dsn support because amavis doesn't know this command
> # we have to wait for version 2.4
> smtpd_discard_ehlo_keywords = silent-discard, dsn
>
> # virtual domains
> virtual_alias_maps =    hash:/etc/postfix/domain1.txt,
>                                     hash:/etc/postfix/domain2e.txt
> virtual_uid_maps = static:1001
> virtual_gid_maps = static:1001
> mailbox_transport = lmtp:unix:public/lmtp
> masquerade_exceptions = root
> <snap>
>
> master.cf:
> <snip>
> smtp      inet  n       -       y       -       16      smtpd
>          -o smtpd_proxy_filter=127.0.0.1:10024
>          -o smtpd_client_connection_count_limit=4
> #This is the after-filter smtpd, it receives mail from amavisd to port 10025
> 127.0.0.1:10025    inet  n       -       y       -       - smtpd
> submission inet n       -       y       -       -       smtpd
>    -o smtpd_enforce_tls=yes
> #  -o smtpd_sasl_auth_enable=yes
>    -o smtpd_client_restrictions=permit_sasl_authenticated,reject
> smtps     inet  n       -       y       -       -       smtpd
>    -o smtpd_tls_wrappermode=yes
> #  -o smtpd_sasl_auth_enable=yes
>    -o smtpd_client_restrictions=permit_sasl_authenticated,reject
> #628      inet  n       -       y       -       -       qmqpd
> pickup    fifo  n       -       y       60      1       pickup
> cleanup   unix  n       -       y       -       0       cleanup
> qmgr      fifo  n       -       y       300     1       qmgr
> #qmgr     fifo  n       -       y       300     1       oqmgr
> tlsmgr    unix  -       -       y       1000?   1       tlsmgr
> rewrite   unix  -       -       y       -       - trivial-rewrite
> bounce    unix  -       -       y       -       0       bounce
> defer     unix  -       -       y       -       0       bounce
> trace     unix  -       -       y       -       0       bounce
> verify    unix  -       -       y       -       1       verify
> flush     unix  n       -       y       1000?   0       flush
> proxymap  unix  -       -       n       -       -       proxymap
> smtp      unix  -       -       y       -       -       smtp
> # When relaying mail as backup MX, disable fallback_relay to avoid MX loops
> relay     unix  -       -       y       -       -       smtp
> #       -o fallback_relay=
> #       -o smtp_helo_timeout=5 -o smtp_connect_timeout=5
> showq     unix  n       -       y       -       -       showq
> error     unix  -       -       y       -       -       error
> discard   unix  -       -       y       -       -       discard
> local     unix  -       n       n       -       -       local
> virtual   unix  -       n       n       -       -       virtual
> lmtp      unix  -       -       y       -       -       lmtp
> anvil     unix  -       -       y       -       1       anvil
> scache    unix  -       -       y       -       1       scache
> #
> # ====================================================================
> # Interfaces to non-Postfix software. Be sure to examine the manual
> # pages of the non-Postfix software to find out what options it wants.
> #
> # Many of the following services use the Postfix pipe(8) delivery
> # agent.  See the pipe(8) man page for information about ${recipient}
> # and other message envelope options.
> # ====================================================================
> #
> # maildrop. See the Postfix MAILDROP_README file for details.
> # Also specify in main.cf: maildrop_destination_recipient_limit=1
> #
> maildrop  unix  -       n       n       -       -       pipe
>    flags=DRhu user=vmail argv=/usr/local/bin/maildrop -d ${recipient}
> #
> # The Cyrus deliver program has changed incompatibly, multiple times.
> #
> old-cyrus unix  -       n       n       -       -       pipe
>    flags=R user=cyrus argv=/cyrus/bin/deliver -e -m ${extension} ${user}
> # Cyrus 2.1.5 (Amos Gouaux)
> # Also specify in main.cf: cyrus_destination_recipient_limit=1
> cyrus     unix  -       n       n       -       -       pipe
>    user=cyrus argv=/cyrus/bin/deliver -e -r ${sender} -m ${extension} 
> ${user}
> #
> # See the Postfix UUCP_README file for configuration details.
> #
> uucp      unix  -       n       n       -       -       pipe
>    flags=Fqhu user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail 
> ($recipient)
> #
> # Other external delivery methods.
> #
> ifmail    unix  -       n       n       -       -       pipe
>    flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient)
> bsmtp     unix  -       n       n       -       -       pipe
>    flags=Fq. user=foo argv=/usr/local/sbin/bsmtp -f $sender $nexthop 
> $recipient
> retry     unix  -       -       n       -       -       error
> proxywrite unix -       -       n       -       1       proxymap
> #smtp     inet  n       -       n       -       1       postscreen
> #smtpd     pass  -       -       n       -       -       smtpd
> #dnsblog  unix  -       -       n       -       0       dnsblog
> #tlsproxy  unix  -       -       n       -       0       tlsproxy
> <snap>
> _______________________________________________
> postfix-users mailing list
> postfix-users at de.postfix.org
> http://de.postfix.org/cgi-bin/mailman/listinfo/postfix-users

Mehr Informationen über die Mailingliste postfix-users