Logging problems + authentication problems
Herbert Muller
HerbiM at gmx.de
Sat Jan 20 13:39:34 EST 2007
Some more information. Saslfinger -c gives the following output:
/--------------------------------------------------------------------------\
saslfinger - postfix Cyrus sasl configuration Sa Jan 20 19:16:52 CET 2007
version: 1.0
mode: client-side SMTP AUTH
-- basics --
Postfix: 2.1.5
System: Debian GNU/Linux 3.1 \n \l
-- smtp is linked to --
libsasl2.so.2 => /usr/lib/libsasl2.so.2 (0x401a0000)
-- active SMTP AUTH and TLS parameters for smtp --
No active SMTP AUTH and TLS parameters for smtp in main.cf!
SMTP AUTH can't work!
\--------------------------------------------------------------------------/
And here's my main.cf again:
/--------------------------------------------------------------------------\
inet_interfaces = all
command_directory = /usr/sbin
daemon_directory = /usr/lib/postfix
program_directory = /usr/lib/postfix
setgid_group = postdrop
biff = no
smtpd_banner = $myhostname ESMTP $mail_name (Mein Mailserver)
myhostname = 213-239-197-14.clients.your-server.de
append_dot_mydomain = yes
#virtual_maps = hash:/etc/postfix/virtual
#alias_maps = hash:/etc/aliases
#alias_database = hash:/etc/aliases
#transport_maps = hash:/etc/postfix/transport
#myorigin = /etc/mailname
mydestination = localhost.localdomain, localhost
mynetworks = 127.0.0.0/8
#mailbox_command = procmail -a "$EXTENSION"
mailbox_size_limit = 0
recipient_delimiter = +
virtual_alias_domains = virtual_alias_maps
virtual_alias_maps = mysql:/etc/postfix/mysql-virtual_forwardings.cf
mysql:/etc/postfix/mysql-virtual_email2email.cf
virtual_mailbox_domains = mysql:/etc/postfix/mysql-virtual_domains.cf
virtual_mailbox_maps = mysql:/etc/postfix/mysql-virtual_mailboxes.cf
virtual_mailbox_base = /home/vmail
virtual_uid_maps = static:5000
virtual_gid_maps = static:5000
smtpd_helo_required = yes
strict_rfc821_envelopes = yes
disable_vrfy_command = yes
smtpd_delay_reject = yes
smtpd_sasl_auth_enable = yes
broken_sasl_auth_clients = yes
smtpd_sasl_local_domain =
smtpd_sasl_security_options = noanonymous
smtpd_recipient_restrictions = permit_sasl_authenticated, permit_mynetworks,
reject_unauth_destination, warn_if_reject, reject_unknown_client,
reject_unknown_hostname, check_relay_domains
smtpd_use_tls = yes
smtpd_tls_cert_file = /etc/postfix/smtpd.cert
smtpd_tls_key_file = /etc/postfix/smtpd.key
\--------------------------------------------------------------------------/
Actually I don't know what "sasl parameters" means in the saslfinger output.
Maybe the client side output doesn't play any role? If the statement " SMTP
AUTH can't work!" is true why do I get error messages from the sql-plugin.
Because of these it must be enabled, mustn't it?
saslfinger -s seems to confirm that. So what's the use of this -c (client)
option for a smtp-server(!)-addon?
/--------------------------------------------------------------------------\
saslfinger - postfix Cyrus sasl configuration Sa Jan 20 19:25:33 CET 2007
version: 1.0
mode: server-side SMTP AUTH
-- basics --
Postfix: 2.1.5
System: Debian GNU/Linux 3.1 \n \l
-- smtpd is linked to --
libsasl2.so.2 => /usr/lib/libsasl2.so.2 (0x401a0000)
-- active SMTP AUTH and TLS parameters for smtpd --
broken_sasl_auth_clients = yes
smtpd_sasl_auth_enable = yes
smtpd_sasl_local_domain =
smtpd_sasl_security_options = noanonymous
smtpd_tls_cert_file = /etc/postfix/smtpd.cert
smtpd_tls_key_file = /etc/postfix/smtpd.key
smtpd_use_tls = yes
-- listing of /usr/lib/sasl2 --
insgesamt 952
drwxr-xr-x 2 root root 4096 2007-01-18 19:12 .
drwxr-xr-x 45 root root 12288 2006-12-22 08:20 ..
-rw-r--r-- 1 root root 13492 2006-08-08 00:40 libanonymous.a
-rw-r--r-- 1 root root 851 2006-08-08 00:40 libanonymous.la
-rw-r--r-- 1 root root 13824 2006-08-08 00:40 libanonymous.so
-rw-r--r-- 1 root root 13824 2006-08-08 00:40 libanonymous.so.2
-rw-r--r-- 1 root root 13824 2006-08-08 00:40 libanonymous.so.2.0.19
-rw-r--r-- 1 root root 16298 2006-08-08 00:40 libcrammd5.a
-rw-r--r-- 1 root root 837 2006-08-08 00:40 libcrammd5.la
-rw-r--r-- 1 root root 16180 2006-08-08 00:40 libcrammd5.so
-rw-r--r-- 1 root root 16180 2006-08-08 00:40 libcrammd5.so.2
-rw-r--r-- 1 root root 16180 2006-08-08 00:40 libcrammd5.so.2.0.19
-rw-r--r-- 1 root root 47520 2006-08-08 00:40 libdigestmd5.a
-rw-r--r-- 1 root root 860 2006-08-08 00:40 libdigestmd5.la
-rw-r--r-- 1 root root 43944 2006-08-08 00:40 libdigestmd5.so
-rw-r--r-- 1 root root 43944 2006-08-08 00:40 libdigestmd5.so.2
-rw-r--r-- 1 root root 43944 2006-08-08 00:40 libdigestmd5.so.2.0.19
-rw-r--r-- 1 root root 13726 2006-08-08 00:40 liblogin.a
-rw-r--r-- 1 root root 831 2006-08-08 00:40 liblogin.la
-rw-r--r-- 1 root root 14028 2006-08-08 00:40 liblogin.so
-rw-r--r-- 1 root root 14028 2006-08-08 00:40 liblogin.so.2
-rw-r--r-- 1 root root 14028 2006-08-08 00:40 liblogin.so.2.0.19
-rw-r--r-- 1 root root 31248 2006-08-08 00:40 libntlm.a
-rw-r--r-- 1 root root 825 2006-08-08 00:40 libntlm.la
-rw-r--r-- 1 root root 30692 2006-08-08 00:40 libntlm.so
-rw-r--r-- 1 root root 30692 2006-08-08 00:40 libntlm.so.2
-rw-r--r-- 1 root root 30692 2006-08-08 00:40 libntlm.so.2.0.19
-rw-r--r-- 1 root root 20142 2006-08-08 00:40 libotp.a
-rw-r--r-- 1 root root 825 2006-08-08 00:40 libotp.la
-rw-r--r-- 1 root root 43184 2006-08-08 00:40 libotp.so
-rw-r--r-- 1 root root 43184 2006-08-08 00:40 libotp.so.2
-rw-r--r-- 1 root root 43184 2006-08-08 00:40 libotp.so.2.0.19
-rw-r--r-- 1 root root 13886 2006-08-08 00:40 libplain.a
-rw-r--r-- 1 root root 831 2006-08-08 00:40 libplain.la
-rw-r--r-- 1 root root 14096 2006-08-08 00:40 libplain.so
-rw-r--r-- 1 root root 14096 2006-08-08 00:40 libplain.so.2
-rw-r--r-- 1 root root 14096 2006-08-08 00:40 libplain.so.2.0.19
-rw-r--r-- 1 root root 21810 2006-08-08 00:40 libsasldb.a
-rw-r--r-- 1 root root 852 2006-08-08 00:40 libsasldb.la
-rw-r--r-- 1 root root 18692 2006-08-08 00:40 libsasldb.so
-rw-r--r-- 1 root root 18692 2006-08-08 00:40 libsasldb.so.2
-rw-r--r-- 1 root root 18692 2006-08-08 00:40 libsasldb.so.2.0.19
-rw-r--r-- 1 root root 22168 2006-08-08 00:40 libsql.a
-rw-r--r-- 1 root root 874 2006-08-08 00:40 libsql.la
-rw-r--r-- 1 root root 22132 2006-08-08 00:40 libsql.so
-rw-r--r-- 1 root root 22132 2006-08-08 00:40 libsql.so.2
-rw-r--r-- 1 root root 22132 2006-08-08 00:40 libsql.so.2.0.19
-rw-r--r-- 1 root root 273 2007-01-06 18:41 smtpd.conf
-- content of /usr/lib/sasl2/smtpd.conf --
pwcheck_method: auxprop
auxprop_plugin: sql
mech_list: plain login cram-md5 digest-md5
sql_engine: mysql
sql_hostnames: 127.0.0.1
sql_user: --- replaced ---
sql_password: --- replaced ---
sql_database: --- replaced ---
sql_select: select password from users where email='%u@%r'
log_level: 7
-- content of /etc/postfix/sasl/smtpd.conf --
pwcheck_method: auxprop
auxprop_plugin: sql
mech_list: plain login cram-md5 digest-md5
sql_engine:mysql
sql_hostnames: 127.0.0.1
sql_user: --- replaced ---
sql_password: --- replaced ---
sql_database: --- replaced ---
sql_select: select password from users where email='%u@%r'
log_level: 3
-- active services in /etc/postfix/master.cf --
# service type private unpriv chroot wakeup maxproc command + args
# (yes) (yes) (yes) (never) (100)
smtp inet n - - - - smtpd -vvv
pickup fifo n - - 60 1 pickup
cleanup unix n - - - 0 cleanup
qmgr fifo n - - 300 1 qmgr
rewrite unix - - - - - trivial-rewrite
bounce unix - - - - 0 bounce
defer unix - - - - 0 bounce
trace unix - - - - 0 bounce
verify unix - - - - 1 verify
flush unix n - - 1000? 0 flush
proxymap unix - - n - - proxymap
smtp unix - - - - - smtp
relay unix - - - - - smtp
showq unix n - - - - showq
error unix - - - - - error
local unix - n n - - local
virtual unix - n n - - virtual
lmtp unix - - n - - lmtp
anvil unix - - n - 1 anvil
maildrop unix - n n - - pipe
flags=DRhu user=vmail argv=/usr/local/bin/maildrop -d ${recipient}
uucp unix - n n - - pipe
flags=Fqhu user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail
($recipient)
ifmail unix - n n - - pipe
flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient)
bsmtp unix - n n - - pipe
flags=Fq. user=bsmtp argv=/usr/lib/bsmtp/bsmtp -d -t$nexthop -f$sender
$recipient
scalemail-backend unix - n n - 2 pipe
flags=R user=scalemail argv=/usr/lib/scalemail/bin/scalemail-store
${nexthop} ${user} ${extension}
-- mechanisms on localhost --
250-AUTH LOGIN PLAIN DIGEST-MD5 CRAM-MD5
250-AUTH=LOGIN PLAIN DIGEST-MD5 CRAM-MD5
-- end of saslfinger output --
\--------------------------------------------------------------------------/
I'm quite confused about the two different smtpd.conf - files. Which one is
actually used? Should I replace one by a symbolic link?
I already spent months with the whole sasl-database-thing. I really need to
solve it soon, otherwise I'll be carried to the loony bin or something like
that.
--
Herbert
More information about the Cyrus-sasl
mailing list