Logging problems

Andreas Winkelmann ml at awinkelmann.de
Sun Jan 7 18:36:11 EST 2007


On Sunday 07 January 2007 14:16, Herbert Muller wrote:

> > Cyrus-SASL's "loglevel" Setting is in relation to Postfix useless.
> > Did you restart or at least reload syslogd?
>
> Yes, syslogd was restarted.

Ok.

> > Oh and Postfix does not log to auth.*. Maybe you see something from
> > saslauthd.
>
> It may also be saslauthd who produces the messages. But, by the way, it can
> be defined in the configuration file of syslogd, which messages are written
> into auth.log. Or did I misunderstand that.

Applications use various Syslog-Facilities. Postfix uses $syslog_facility, per 
Default "mail". "auth" is a diffrent facility. You can filter in your 
syslog-Configuration for that facilities.

> Actually I do not know exactly who produces messages like
>
> Jan  7 13:59:25 szse postfix/smtpd[8786]: warning:
> pD95F72E4.dip.t-dialin.net[217.95.114.228]: SASL LOGIN authentication
> failed Jan  7 13:59:25 szse postfix/smtpd[8786]: >
> pD95F72E4.dip.t-dialin.net[217.95.114.228]: 535 Error: authentication
> failed
>
> But the problem is I do also not know, how to solve the problem which
> causes the messages.

> > Show your configuration, "postconf -n", smtpd.conf, master.cf.
>
> Ok, here comes my configuration:
> I'm using Microsoft Outlook as client.
>
> postconf -n:
>
> append_dot_mydomain = yes
> biff = no
> broken_sasl_auth_clients = yes
> command_directory = /usr/sbin
> config_directory = /etc/postfix
> daemon_directory = /usr/lib/postfix
> disable_vrfy_command = yes
> inet_interfaces = all
> mailbox_size_limit = 0
> mydestination = localhost.localdomain, localhost
> myhostname = clients.your-server.de
> mynetworks = 127.0.0.0/8
> recipient_delimiter = +
> setgid_group = postdrop
> smtpd_banner = $myhostname ESMTP $mail_name
> smtpd_delay_reject = yes
> smtpd_helo_required = yes
> smtpd_recipient_restrictions = permit_mynetworks,
> permit_sasl_authenticated, reject_unauth_destination, warn_if_reject,
> reject_unknown_client,
> reject_unknown_hostname, check_relay_domains
> smtpd_sasl_auth_enable = yes
> smtpd_sasl_local_domain =
> smtpd_sasl_security_options = noanonymous
> smtpd_tls_cert_file = /etc/postfix/smtpd.cert
> smtpd_tls_key_file = /etc/postfix/smtpd.key
> smtpd_use_tls = yes
> strict_rfc821_envelopes = yes
> virtual_alias_domains = virtual_alias_maps
> virtual_alias_maps = mysql:/etc/postfix/mysql-virtual_forwardings.cf
> mysql:/etc/postfix/mysql-virtual_email2email.cf
> virtual_gid_maps = static:5000
> virtual_mailbox_base = /home/vmail
> virtual_mailbox_domains = mysql:/etc/postfix/mysql-virtual_domains.cf
> virtual_mailbox_maps = mysql:/etc/postfix/mysql-virtual_mailboxes.cf
> virtual_uid_maps = static:5000
>
>
> smtpd.conf:
>
> pwcheck_method: auxprop
> auxprop_plugin: sql
> mech_list: plain login cram-md5 digest-md5
> sql_engine: mysql
> sql_hostnames: 127.0.0.1
> sql_user: user
> sql_password: password
> sql_database: database
> sql_select: select password from users where email='%u@%r'
> log_level: 7

Ok, is the sql-Auxprop Plugin (libsql.*) installed? Best to check that.

In which Directory is the smtpd.conf? Which OS is that?

In the Log of your previous Mail is nothing to see from libsql, either your 
smtpd.conf is in the wrong Directory, or the Plugin is not installed.

MySQL does listen on an inet-Socket? (AFAIR Port 3306)?

Hmm, Passwords are unencrypted in your SQL-DB?

> master.cf:
>
> # Postfix master process configuration file.  Each logical line
> # describes how a Postfix daemon program should be run.
> #
> #
> ==========================================================================
> # service type  private unpriv  chroot  wakeup  maxproc command + args #   
>            (yes)   (yes)   (yes)   (never) (100)
> #
> ==========================================================================
> smtp      inet  n       -       -       -       -       smtpd -v

The smtpd runs chroot()ed, but because of the inet-Socket of mySQL, this does 
not matter.

> #submission inet n      -       -       -       -       smtpd
> #       -o smtpd_etrn_restrictions=reject
> #628      inet  n       -       -       -       -       qmqpd
> pickup    fifo  n       -       -       60      1       pickup
> cleanup   unix  n       -       -       -       0       cleanup
> qmgr      fifo  n       -       -       300     1       qmgr
> #qmgr     fifo  n       -       -       300     1       oqmgr
> rewrite   unix  -       -       -       -       -       trivial-rewrite
> bounce    unix  -       -       -       -       0       bounce
> defer     unix  -       -       -       -       0       bounce
> trace     unix  -       -       -       -       0       bounce
> verify    unix  -       -       -       -       1       verify
> flush     unix  n       -       -       1000?   0       flush
> proxymap  unix  -       -       n       -       -       proxymap
> smtp      unix  -       -       -       -       -       smtp
> relay     unix  -       -       -       -       -       smtp
> #       -o smtp_helo_timeout=5 -o smtp_connect_timeout=5
> showq     unix  n       -       -       -       -       showq
> error     unix  -       -       -       -       -       error
> local     unix  -       n       n       -       -       local
> virtual   unix  -       n       n       -       -       virtual
> lmtp      unix  -       -       n       -       -       lmtp
> anvil     unix  -       -       n       -       1       anvil
> #
> # Interfaces to non-Postfix software. Be sure to examine the manual
> # pages of the non-Postfix software to find out what options it wants.
> #
> # maildrop. See the Postfix MAILDROP_README file for details.
> #
> maildrop  unix  -       n       n       -       -       pipe
>   flags=DRhu user=vmail argv=/usr/local/bin/maildrop -d ${recipient}
> uucp      unix  -       n       n       -       -       pipe
>   flags=Fqhu user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail
> ($recipient)
> ifmail    unix  -       n       n       -       -       pipe
>   flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient)
> bsmtp     unix  -       n       n       -       -       pipe
>   flags=Fq. user=bsmtp argv=/usr/lib/bsmtp/bsmtp -d -t$nexthop -f$sender
> $recipient
> scalemail-backend unix  -       n       n       -       2       pipe
>   flags=R user=scalemail argv=/usr/lib/scalemail/bin/scalemail-store
> ${nexthop} ${user} ${extension}
>
> # only used by postfix-tls
> #tlsmgr   fifo  -       -       n       300     1       tlsmgr
> #smtps    inet  n       -       n       -       -       smtpd -o
> smtpd_tls_wrappermode=yes -o smtpd_sasl_auth_enable=yes
> #587      inet  n       -       n       -       -       smtpd -o
> smtpd_enforce_tls=yes -o smtpd_sasl_auth_enable=yes

-- 
	Andreas


More information about the Cyrus-sasl mailing list