Logging problems + authentication problems

Herbert Muller HerbiM at gmx.de
Sat Jan 20 13:39:34 EST 2007


Some more information. Saslfinger -c gives the following output:

/--------------------------------------------------------------------------\
saslfinger - postfix Cyrus sasl configuration Sa Jan 20 19:16:52 CET 2007
version: 1.0
mode: client-side SMTP AUTH

-- basics --
Postfix: 2.1.5
System: Debian GNU/Linux 3.1 \n \l

-- smtp is linked to --
        libsasl2.so.2 => /usr/lib/libsasl2.so.2 (0x401a0000)

-- active SMTP AUTH and TLS parameters for smtp --
No active SMTP AUTH and TLS parameters for smtp in main.cf!
SMTP AUTH can't work!
\--------------------------------------------------------------------------/

And here's my main.cf again:

/--------------------------------------------------------------------------\
inet_interfaces = all

command_directory = /usr/sbin
daemon_directory = /usr/lib/postfix
program_directory = /usr/lib/postfix
setgid_group = postdrop
biff = no
smtpd_banner = $myhostname ESMTP $mail_name (Mein Mailserver)

myhostname = 213-239-197-14.clients.your-server.de

append_dot_mydomain = yes
#virtual_maps = hash:/etc/postfix/virtual
#alias_maps = hash:/etc/aliases
#alias_database = hash:/etc/aliases
#transport_maps = hash:/etc/postfix/transport
#myorigin = /etc/mailname

mydestination = localhost.localdomain, localhost

mynetworks = 127.0.0.0/8
#mailbox_command = procmail -a "$EXTENSION"
mailbox_size_limit = 0
recipient_delimiter = +

virtual_alias_domains = virtual_alias_maps
virtual_alias_maps = mysql:/etc/postfix/mysql-virtual_forwardings.cf
mysql:/etc/postfix/mysql-virtual_email2email.cf
virtual_mailbox_domains = mysql:/etc/postfix/mysql-virtual_domains.cf
virtual_mailbox_maps = mysql:/etc/postfix/mysql-virtual_mailboxes.cf
virtual_mailbox_base = /home/vmail
virtual_uid_maps = static:5000
virtual_gid_maps = static:5000

smtpd_helo_required = yes
strict_rfc821_envelopes = yes
disable_vrfy_command = yes
smtpd_delay_reject = yes
smtpd_sasl_auth_enable = yes
broken_sasl_auth_clients = yes
smtpd_sasl_local_domain =
smtpd_sasl_security_options = noanonymous
smtpd_recipient_restrictions = permit_sasl_authenticated, permit_mynetworks,
reject_unauth_destination, warn_if_reject, reject_unknown_client,
reject_unknown_hostname, check_relay_domains
smtpd_use_tls = yes
smtpd_tls_cert_file = /etc/postfix/smtpd.cert
smtpd_tls_key_file = /etc/postfix/smtpd.key
\--------------------------------------------------------------------------/

Actually I don't know what "sasl parameters" means in the saslfinger output.
Maybe the client side output doesn't play any role? If the statement " SMTP
AUTH can't work!" is true why do I get error messages from the sql-plugin.
Because of these it must be enabled, mustn't it?
saslfinger -s seems to confirm that. So what's the use of this -c (client)
option for a smtp-server(!)-addon?

/--------------------------------------------------------------------------\
saslfinger - postfix Cyrus sasl configuration Sa Jan 20 19:25:33 CET 2007
version: 1.0
mode: server-side SMTP AUTH

-- basics --
Postfix: 2.1.5
System: Debian GNU/Linux 3.1 \n \l

-- smtpd is linked to --
        libsasl2.so.2 => /usr/lib/libsasl2.so.2 (0x401a0000)

-- active SMTP AUTH and TLS parameters for smtpd --
broken_sasl_auth_clients = yes
smtpd_sasl_auth_enable = yes
smtpd_sasl_local_domain = 
smtpd_sasl_security_options = noanonymous
smtpd_tls_cert_file = /etc/postfix/smtpd.cert
smtpd_tls_key_file = /etc/postfix/smtpd.key
smtpd_use_tls = yes


-- listing of /usr/lib/sasl2 --
insgesamt 952
drwxr-xr-x   2 root root  4096 2007-01-18 19:12 .
drwxr-xr-x  45 root root 12288 2006-12-22 08:20 ..
-rw-r--r--   1 root root 13492 2006-08-08 00:40 libanonymous.a
-rw-r--r--   1 root root   851 2006-08-08 00:40 libanonymous.la
-rw-r--r--   1 root root 13824 2006-08-08 00:40 libanonymous.so
-rw-r--r--   1 root root 13824 2006-08-08 00:40 libanonymous.so.2
-rw-r--r--   1 root root 13824 2006-08-08 00:40 libanonymous.so.2.0.19
-rw-r--r--   1 root root 16298 2006-08-08 00:40 libcrammd5.a
-rw-r--r--   1 root root   837 2006-08-08 00:40 libcrammd5.la
-rw-r--r--   1 root root 16180 2006-08-08 00:40 libcrammd5.so
-rw-r--r--   1 root root 16180 2006-08-08 00:40 libcrammd5.so.2
-rw-r--r--   1 root root 16180 2006-08-08 00:40 libcrammd5.so.2.0.19
-rw-r--r--   1 root root 47520 2006-08-08 00:40 libdigestmd5.a
-rw-r--r--   1 root root   860 2006-08-08 00:40 libdigestmd5.la
-rw-r--r--   1 root root 43944 2006-08-08 00:40 libdigestmd5.so
-rw-r--r--   1 root root 43944 2006-08-08 00:40 libdigestmd5.so.2
-rw-r--r--   1 root root 43944 2006-08-08 00:40 libdigestmd5.so.2.0.19
-rw-r--r--   1 root root 13726 2006-08-08 00:40 liblogin.a
-rw-r--r--   1 root root   831 2006-08-08 00:40 liblogin.la
-rw-r--r--   1 root root 14028 2006-08-08 00:40 liblogin.so
-rw-r--r--   1 root root 14028 2006-08-08 00:40 liblogin.so.2
-rw-r--r--   1 root root 14028 2006-08-08 00:40 liblogin.so.2.0.19
-rw-r--r--   1 root root 31248 2006-08-08 00:40 libntlm.a
-rw-r--r--   1 root root   825 2006-08-08 00:40 libntlm.la
-rw-r--r--   1 root root 30692 2006-08-08 00:40 libntlm.so
-rw-r--r--   1 root root 30692 2006-08-08 00:40 libntlm.so.2
-rw-r--r--   1 root root 30692 2006-08-08 00:40 libntlm.so.2.0.19
-rw-r--r--   1 root root 20142 2006-08-08 00:40 libotp.a
-rw-r--r--   1 root root   825 2006-08-08 00:40 libotp.la
-rw-r--r--   1 root root 43184 2006-08-08 00:40 libotp.so
-rw-r--r--   1 root root 43184 2006-08-08 00:40 libotp.so.2
-rw-r--r--   1 root root 43184 2006-08-08 00:40 libotp.so.2.0.19
-rw-r--r--   1 root root 13886 2006-08-08 00:40 libplain.a
-rw-r--r--   1 root root   831 2006-08-08 00:40 libplain.la
-rw-r--r--   1 root root 14096 2006-08-08 00:40 libplain.so
-rw-r--r--   1 root root 14096 2006-08-08 00:40 libplain.so.2
-rw-r--r--   1 root root 14096 2006-08-08 00:40 libplain.so.2.0.19
-rw-r--r--   1 root root 21810 2006-08-08 00:40 libsasldb.a
-rw-r--r--   1 root root   852 2006-08-08 00:40 libsasldb.la
-rw-r--r--   1 root root 18692 2006-08-08 00:40 libsasldb.so
-rw-r--r--   1 root root 18692 2006-08-08 00:40 libsasldb.so.2
-rw-r--r--   1 root root 18692 2006-08-08 00:40 libsasldb.so.2.0.19
-rw-r--r--   1 root root 22168 2006-08-08 00:40 libsql.a
-rw-r--r--   1 root root   874 2006-08-08 00:40 libsql.la
-rw-r--r--   1 root root 22132 2006-08-08 00:40 libsql.so
-rw-r--r--   1 root root 22132 2006-08-08 00:40 libsql.so.2
-rw-r--r--   1 root root 22132 2006-08-08 00:40 libsql.so.2.0.19
-rw-r--r--   1 root root   273 2007-01-06 18:41 smtpd.conf




-- content of /usr/lib/sasl2/smtpd.conf --
pwcheck_method: auxprop
auxprop_plugin: sql
mech_list: plain login cram-md5 digest-md5
sql_engine: mysql
sql_hostnames: 127.0.0.1
sql_user: --- replaced ---
sql_password: --- replaced ---
sql_database: --- replaced ---
sql_select: select password from users where email='%u@%r'
log_level: 7

-- content of /etc/postfix/sasl/smtpd.conf --
pwcheck_method: auxprop
auxprop_plugin: sql
mech_list: plain login cram-md5 digest-md5
sql_engine:mysql
sql_hostnames: 127.0.0.1
sql_user: --- replaced ---
sql_password: --- replaced ---
sql_database: --- replaced ---
sql_select: select password from users where email='%u@%r'
log_level: 3


-- active services in /etc/postfix/master.cf --
# service type  private unpriv  chroot  wakeup  maxproc command + args
#               (yes)   (yes)   (yes)   (never) (100)
smtp      inet  n       -       -       -       -       smtpd -vvv
pickup    fifo  n       -       -       60      1       pickup
cleanup   unix  n       -       -       -       0       cleanup
qmgr      fifo  n       -       -       300     1       qmgr
rewrite   unix  -       -       -       -       -       trivial-rewrite
bounce    unix  -       -       -       -       0       bounce
defer     unix  -       -       -       -       0       bounce
trace     unix  -       -       -       -       0       bounce
verify    unix  -       -       -       -       1       verify
flush     unix  n       -       -       1000?   0       flush
proxymap  unix  -       -       n       -       -       proxymap
smtp      unix  -       -       -       -       -       smtp
relay     unix  -       -       -       -       -       smtp
showq     unix  n       -       -       -       -       showq
error     unix  -       -       -       -       -       error
local     unix  -       n       n       -       -       local
virtual   unix  -       n       n       -       -       virtual
lmtp      unix  -       -       n       -       -       lmtp
anvil     unix  -       -       n       -       1       anvil
maildrop  unix  -       n       n       -       -       pipe
  flags=DRhu user=vmail argv=/usr/local/bin/maildrop -d ${recipient}
uucp      unix  -       n       n       -       -       pipe
  flags=Fqhu user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail
($recipient)
ifmail    unix  -       n       n       -       -       pipe
  flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient)
bsmtp     unix  -       n       n       -       -       pipe
  flags=Fq. user=bsmtp argv=/usr/lib/bsmtp/bsmtp -d -t$nexthop -f$sender
$recipient
scalemail-backend unix  -       n       n       -       2       pipe
  flags=R user=scalemail argv=/usr/lib/scalemail/bin/scalemail-store
${nexthop} ${user} ${extension}

-- mechanisms on localhost --
250-AUTH LOGIN PLAIN DIGEST-MD5 CRAM-MD5
250-AUTH=LOGIN PLAIN DIGEST-MD5 CRAM-MD5

-- end of saslfinger output --
\--------------------------------------------------------------------------/

I'm quite confused about the two different smtpd.conf - files. Which one is
actually used? Should I replace one by a symbolic link?
I already spent months with the whole sasl-database-thing. I really need to
solve it soon, otherwise I'll be carried to the loony bin or something like
that.

--
Herbert



More information about the Cyrus-sasl mailing list