Logging problems
Andreas Winkelmann
ml at awinkelmann.de
Sun Jan 7 18:36:11 EST 2007
On Sunday 07 January 2007 14:16, Herbert Muller wrote:
> > Cyrus-SASL's "loglevel" Setting is in relation to Postfix useless.
> > Did you restart or at least reload syslogd?
>
> Yes, syslogd was restarted.
Ok.
> > Oh and Postfix does not log to auth.*. Maybe you see something from
> > saslauthd.
>
> It may also be saslauthd who produces the messages. But, by the way, it can
> be defined in the configuration file of syslogd, which messages are written
> into auth.log. Or did I misunderstand that.
Applications use various Syslog-Facilities. Postfix uses $syslog_facility, per
Default "mail". "auth" is a diffrent facility. You can filter in your
syslog-Configuration for that facilities.
> Actually I do not know exactly who produces messages like
>
> Jan 7 13:59:25 szse postfix/smtpd[8786]: warning:
> pD95F72E4.dip.t-dialin.net[217.95.114.228]: SASL LOGIN authentication
> failed Jan 7 13:59:25 szse postfix/smtpd[8786]: >
> pD95F72E4.dip.t-dialin.net[217.95.114.228]: 535 Error: authentication
> failed
>
> But the problem is I do also not know, how to solve the problem which
> causes the messages.
> > Show your configuration, "postconf -n", smtpd.conf, master.cf.
>
> Ok, here comes my configuration:
> I'm using Microsoft Outlook as client.
>
> postconf -n:
>
> append_dot_mydomain = yes
> biff = no
> broken_sasl_auth_clients = yes
> command_directory = /usr/sbin
> config_directory = /etc/postfix
> daemon_directory = /usr/lib/postfix
> disable_vrfy_command = yes
> inet_interfaces = all
> mailbox_size_limit = 0
> mydestination = localhost.localdomain, localhost
> myhostname = clients.your-server.de
> mynetworks = 127.0.0.0/8
> recipient_delimiter = +
> setgid_group = postdrop
> smtpd_banner = $myhostname ESMTP $mail_name
> smtpd_delay_reject = yes
> smtpd_helo_required = yes
> smtpd_recipient_restrictions = permit_mynetworks,
> permit_sasl_authenticated, reject_unauth_destination, warn_if_reject,
> reject_unknown_client,
> reject_unknown_hostname, check_relay_domains
> smtpd_sasl_auth_enable = yes
> smtpd_sasl_local_domain =
> smtpd_sasl_security_options = noanonymous
> smtpd_tls_cert_file = /etc/postfix/smtpd.cert
> smtpd_tls_key_file = /etc/postfix/smtpd.key
> smtpd_use_tls = yes
> strict_rfc821_envelopes = yes
> virtual_alias_domains = virtual_alias_maps
> virtual_alias_maps = mysql:/etc/postfix/mysql-virtual_forwardings.cf
> mysql:/etc/postfix/mysql-virtual_email2email.cf
> virtual_gid_maps = static:5000
> virtual_mailbox_base = /home/vmail
> virtual_mailbox_domains = mysql:/etc/postfix/mysql-virtual_domains.cf
> virtual_mailbox_maps = mysql:/etc/postfix/mysql-virtual_mailboxes.cf
> virtual_uid_maps = static:5000
>
>
> smtpd.conf:
>
> pwcheck_method: auxprop
> auxprop_plugin: sql
> mech_list: plain login cram-md5 digest-md5
> sql_engine: mysql
> sql_hostnames: 127.0.0.1
> sql_user: user
> sql_password: password
> sql_database: database
> sql_select: select password from users where email='%u@%r'
> log_level: 7
Ok, is the sql-Auxprop Plugin (libsql.*) installed? Best to check that.
In which Directory is the smtpd.conf? Which OS is that?
In the Log of your previous Mail is nothing to see from libsql, either your
smtpd.conf is in the wrong Directory, or the Plugin is not installed.
MySQL does listen on an inet-Socket? (AFAIR Port 3306)?
Hmm, Passwords are unencrypted in your SQL-DB?
> master.cf:
>
> # Postfix master process configuration file. Each logical line
> # describes how a Postfix daemon program should be run.
> #
> #
> ==========================================================================
> # service type private unpriv chroot wakeup maxproc command + args #
> (yes) (yes) (yes) (never) (100)
> #
> ==========================================================================
> smtp inet n - - - - smtpd -v
The smtpd runs chroot()ed, but because of the inet-Socket of mySQL, this does
not matter.
> #submission inet n - - - - smtpd
> # -o smtpd_etrn_restrictions=reject
> #628 inet n - - - - qmqpd
> pickup fifo n - - 60 1 pickup
> cleanup unix n - - - 0 cleanup
> qmgr fifo n - - 300 1 qmgr
> #qmgr fifo n - - 300 1 oqmgr
> rewrite unix - - - - - trivial-rewrite
> bounce unix - - - - 0 bounce
> defer unix - - - - 0 bounce
> trace unix - - - - 0 bounce
> verify unix - - - - 1 verify
> flush unix n - - 1000? 0 flush
> proxymap unix - - n - - proxymap
> smtp unix - - - - - smtp
> relay unix - - - - - smtp
> # -o smtp_helo_timeout=5 -o smtp_connect_timeout=5
> showq unix n - - - - showq
> error unix - - - - - error
> local unix - n n - - local
> virtual unix - n n - - virtual
> lmtp unix - - n - - lmtp
> anvil unix - - n - 1 anvil
> #
> # Interfaces to non-Postfix software. Be sure to examine the manual
> # pages of the non-Postfix software to find out what options it wants.
> #
> # maildrop. See the Postfix MAILDROP_README file for details.
> #
> maildrop unix - n n - - pipe
> flags=DRhu user=vmail argv=/usr/local/bin/maildrop -d ${recipient}
> uucp unix - n n - - pipe
> flags=Fqhu user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail
> ($recipient)
> ifmail unix - n n - - pipe
> flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient)
> bsmtp unix - n n - - pipe
> flags=Fq. user=bsmtp argv=/usr/lib/bsmtp/bsmtp -d -t$nexthop -f$sender
> $recipient
> scalemail-backend unix - n n - 2 pipe
> flags=R user=scalemail argv=/usr/lib/scalemail/bin/scalemail-store
> ${nexthop} ${user} ${extension}
>
> # only used by postfix-tls
> #tlsmgr fifo - - n 300 1 tlsmgr
> #smtps inet n - n - - smtpd -o
> smtpd_tls_wrappermode=yes -o smtpd_sasl_auth_enable=yes
> #587 inet n - n - - smtpd -o
> smtpd_enforce_tls=yes -o smtpd_sasl_auth_enable=yes
--
Andreas
More information about the Cyrus-sasl
mailing list