Postfix & SMTP User Auth (Server) auf SuSE 8.2 / 9.0
Hallo SuSE-Linux Postfix-Experten, Ich versuche, meinem Postfix-Server SMTP Auth bezubringen, d.h. ich moechte mich mit einem Client an Postfix anmelden um E-Mail zu relayen. Nun bekomme ich die SMTP User Auth nicht zum rennen - Ich bekomme immer noch ein "relaying denied". Getestete Clients: Mozilla 1.5 & 1.6a / Outlook Express und "von Hand": fuckup:~ # telnet localhost 25 Trying ::1... telnet: connect to address ::1: Connection refused Trying 127.0.0.1... Connected to localhost. Escape character is '^]'. 220 fuckup.int.wirthuell.de ESMTP Postfix ehlo asd 250-fuckup.int.wirthuell.de 250-PIPELINING 250-SIZE 10240000 250-VRFY 250-ETRN 250-STARTTLS 250-AUTH LOGIN 250-XVERP 250 8BITMIME auth plain dGVzdAB0ZXN0AHRlc3RwYXNz 535 Error: authentication failed Warum sehe ich oben bei 250 - AUTH nicht die Methoden wie in: "250-AUTH DIGEST-MD5 PLAIN CRAM-MD5" (aus dem Readme) Der Authstring entstammt aus perl -MMIME::Base64 -e 'print encode_base64("test\0test\0testpass")' Ein entsprechender Account test mit passwd testpass existiert. Wer weiss Rat? Daniel P.S.: Meine Konfigs mit: cat /usr/lib/sasl2/smtpd.conf =================== pwcheck_method: pam mech_list: plain login cat /etc/sysconfig/saslauthd ================== ## Path: System/Security/SASL ## Type: list(getpwent,kerberos5,pam,rimap,shadow,ldap) ## Default: pam # # Authentication mechanism to use by saslauthd. # See man 8 saslauthd for available mechanisms. # #SASLAUTHD_AUTHMECH="shadow" SASLAUTHD_AUTHMECH="pam" grep -v "#" /etc/postfix/main.cf: ===================== queue_directory = /var/spool/postfix command_directory = /usr/sbin daemon_directory = /usr/lib/postfix mail_owner = postfix unknown_local_recipient_reject_code = 450 mynetworks_style = subnet mynetworks = 127.0.0.0/8 home_mailbox = Maildir/ debug_peer_level = 2 debugger_command = PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin xxgdb $daemon_directory/$process_name $process_id & sleep 5 sendmail_path = /usr/sbin/sendmail newaliases_path = /usr/bin/newaliases mailq_path = /usr/bin/mailq setgid_group = maildrop manpage_directory = /usr/share/man sample_directory = /usr/share/doc/packages/postfix/samples readme_directory = /usr/share/doc/packages/postfix/README_FILES mail_spool_directory = /var/mail canonical_maps = hash:/etc/postfix/canonical virtual_maps = hash:/etc/postfix/virtual relocated_maps = hash:/etc/postfix/relocated transport_maps = hash:/etc/postfix/transport sender_canonical_maps = hash:/etc/postfix/sender_canonical masquerade_exceptions = root masquerade_classes = envelope_sender, header_sender, header_recipient myhostname = hal.int.wirthuell.de program_directory = /usr/lib/postfix inet_interfaces = all masquerade_domains = wirthuell.de mydestination = localhost,wirthuell.de,int.wirthuell.de,hal.int.wirthuell.de,localhost.int.wirthuell.de defer_transports = disable_dns_lookups = no relayhost = mail.arcor.de content_filter = vscan: mailbox_command = /usr/bin/procmail mailbox_transport = smtpd_sender_restrictions = hash:/etc/postfix/access, reject_unknown_sender_domain smtpd_client_restrictions = permit_sasl_authenticated, bhsmtpd_helo_required = yes smtpd_helo_restrictions = strict_rfc821_envelopes = no smtpd_recipient_restrictions = permit_tls_clientcerts, permit_mynetworks, reject_unauth_destination smtp_sasl_auth_enable = no smtpd_sasl_auth_enable = yes smtpd_use_tls = yes alias_maps = hash:/etc/aliases mailbox_size_limit = 51200000 message_size_limit = 10240000 smtpd_tls_CAfile = /etc/postfix/ssl/cacert.pem smtpd_tls_cert_file = /etc/postfix/ssl/certs/postfixcert.pem smtpd_tls_key_file = /etc/postfix/ssl/certs/postfixkey.pem smtpd_tls_received_header = yes tls_daemon_random_source = dev:/dev/urandom tls_random_source = dev:/dev/urandom relay_clientcerts = hash:/etc/postfix/relay_ccerts smtpd_tls_ask_ccert = yes allow_mail_to_files = include
Am Sonntag, 30. November 2003 20:43 schrieb Daniel Wirth:
Ich versuche, meinem Postfix-Server SMTP Auth bezubringen, d.h. ich moechte mich mit einem Client an Postfix anmelden um E-Mail zu relayen. Nun bekomme ich die SMTP User Auth nicht zum rennen - Ich bekomme immer noch ein "relaying denied".
Getestete Clients: Mozilla 1.5 & 1.6a / Outlook Express und "von Hand": fuckup:~ # telnet localhost 25 Trying ::1... telnet: connect to address ::1: Connection refused Trying 127.0.0.1... Connected to localhost. Escape character is '^]'. 220 fuckup.int.wirthuell.de ESMTP Postfix ehlo asd 250-fuckup.int.wirthuell.de 250-PIPELINING 250-SIZE 10240000 250-VRFY 250-ETRN 250-STARTTLS 250-AUTH LOGIN 250-XVERP 250 8BITMIME auth plain dGVzdAB0ZXN0AHRlc3RwYXNz 535 Error: authentication failed
Wenn Postfix nur LOGIN anbietet, nützt es sicher nix, PLAIN zu versuchen. Was mich zu der Frage führt, wieso bietet es nur LOGIN an. Per Default ist in der Suse auch PLAIN installiert. ALso was hast Du verändert?
Warum sehe ich oben bei 250 - AUTH nicht die Methoden wie in: "250-AUTH DIGEST-MD5 PLAIN CRAM-MD5" (aus dem Readme)
Welches README? Vermute mal es betrifft sasl-v1. Suse 8.2/9 hat sasl-v2.
Der Authstring entstammt aus perl -MMIME::Base64 -e 'print encode_base64("test\0test\0testpass")' Ein entsprechender Account test mit passwd testpass existiert.
Nur bei PLAIN.
P.S.: Meine Konfigs mit:
cat /usr/lib/sasl2/smtpd.conf =================== pwcheck_method: pam
Das gibt es mit sasl-v2 nicht mehr. Du musst nun saslauthd benutzen und diesen mit "-a pam" starten. Wie es bei der 8.2/9 per Default der Fall ist.
mech_list: plain login
Ist ok.
cat /etc/sysconfig/saslauthd ================== ## Path: System/Security/SASL ## Type: list(getpwent,kerberos5,pam,rimap,shadow,ldap) ## Default: pam # # Authentication mechanism to use by saslauthd. # See man 8 saslauthd for available mechanisms. # #SASLAUTHD_AUTHMECH="shadow" SASLAUTHD_AUTHMECH="pam"
grep -v "#" /etc/postfix/main.cf:
Hmm, beim nächsten mal bitte "postconf -n" ist übersichtlicher und bringt mehr.
===================== queue_directory = /var/spool/postfix command_directory = /usr/sbin daemon_directory = /usr/lib/postfix mail_owner = postfix unknown_local_recipient_reject_code = 450 mynetworks_style = subnet mynetworks = 127.0.0.0/8 home_mailbox = Maildir/ debug_peer_level = 2 debugger_command = PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin xxgdb $daemon_directory/$process_name $process_id & sleep 5 sendmail_path = /usr/sbin/sendmail newaliases_path = /usr/bin/newaliases mailq_path = /usr/bin/mailq setgid_group = maildrop manpage_directory = /usr/share/man sample_directory = /usr/share/doc/packages/postfix/samples readme_directory = /usr/share/doc/packages/postfix/README_FILES mail_spool_directory = /var/mail canonical_maps = hash:/etc/postfix/canonical virtual_maps = hash:/etc/postfix/virtual relocated_maps = hash:/etc/postfix/relocated transport_maps = hash:/etc/postfix/transport sender_canonical_maps = hash:/etc/postfix/sender_canonical masquerade_exceptions = root masquerade_classes = envelope_sender, header_sender, header_recipient myhostname = hal.int.wirthuell.de program_directory = /usr/lib/postfix inet_interfaces = all masquerade_domains = wirthuell.de mydestination = localhost,wirthuell.de,int.wirthuell.de,hal.int.wirthuell.de,localhost.int. wirthuell.de defer_transports = disable_dns_lookups = no relayhost = mail.arcor.de content_filter = vscan: mailbox_command = /usr/bin/procmail mailbox_transport = smtpd_sender_restrictions = hash:/etc/postfix/access, reject_unknown_sender_domain smtpd_client_restrictions = permit_sasl_authenticated, bhsmtpd_helo_required = yes
Was ist das denn?
smtpd_helo_restrictions = strict_rfc821_envelopes = no smtpd_recipient_restrictions = permit_tls_clientcerts, permit_mynetworks, reject_unauth_destination smtp_sasl_auth_enable = no smtpd_sasl_auth_enable = yes smtpd_use_tls = yes alias_maps = hash:/etc/aliases mailbox_size_limit = 51200000 message_size_limit = 10240000 smtpd_tls_CAfile = /etc/postfix/ssl/cacert.pem smtpd_tls_cert_file = /etc/postfix/ssl/certs/postfixcert.pem smtpd_tls_key_file = /etc/postfix/ssl/certs/postfixkey.pem smtpd_tls_received_header = yes tls_daemon_random_source = dev:/dev/urandom tls_random_source = dev:/dev/urandom relay_clientcerts = hash:/etc/postfix/relay_ccerts smtpd_tls_ask_ccert = yes allow_mail_to_files = include
Ganz abgesehen davon vermute ich mal, dass im Log noch ein paar sachen dazu stehen. -- Andreas
Hallo nochmals, so, ich habe ein neues jungfraeuliches Testsystem unter SuSE 9 aufgesetzt - leider immer noch ohne Erfolg, immer noch "relaying denied". Konfiguriert habe ich nur /etc/sysconfig/postfix und /etc/sysconfig/mail (siehe unten), natuerlich mit anschliessendem SuSEconfig. Hier nochmals der Test mit telnet auf port 25: --------- begin telnet session ---------- linux:~ # telnet localhost 25 Trying ::1... telnet: connect to address ::1: Connection refused Trying 127.0.0.1... Connected to localhost. Escape character is '^]'. 220 linux.int.wirthuell.de ESMTP Postfix ehlo linux.int.wirthuell.de 250-linux.int.wirthuell.de 250-PIPELINING 250-SIZE 10000000 250-VRFY 250-ETRN 250-STARTTLS 250-AUTH LOGIN 250-XVERP 250 8BITMIME auth login 334 VXNlcm5hbWU6 dGVzdAB0ZXN0AHRlc3RwYXNz 334 UGFzc3dvcmQ6 dGVzdAB0ZXN0AHRlc3RwYXNz 535 Error: authentication failed --------- end telnet session ---------- Der authstring wurde gemaess /usr/share/doc/packages/postfix/README_FILES/SASL_README fuer einen Benutzer test mit passwort testpass erzeugt. Leider immer noch keine erfolgreiche Authentication - HILFE!. Ich bekomme auch jetzt nur ein "auth login" und kein "auth login plain" In /var/log/messages finde ich folgendes: --------- begin /var/log/messages ---------- Dec 1 09:38:19 linux PAM-warn[864]: function=[pam_sm_authenticate] service=[smtp] terminal=[<unknown>] user=[test] ruser=[< unknown>] rhost=[<unknown>] Dec 1 09:38:19 linux saslauthd[864]: DEBUG: auth_pam: pam_authenticate failed: Authentication failure Dec 1 09:38:19 linux saslauthd[864]: do_auth : auth failure: [user=test] [service=smtp] [realm=] [mech=pam] [reason =PAM auth error] --------- end /var/log/messages ---------- Wer weiss weiter? Danke & Gruesse Daniel ******************************************************** PS: meine Konfiguration: --------- begin postconf -n ---------- alias_maps = hash:/etc/aliases canonical_maps = hash:/etc/postfix/canonical command_directory = /usr/sbin config_directory = /etc/postfix content_filter = vscan: daemon_directory = /usr/lib/postfix debug_peer_level = 2 defer_transports = disable_dns_lookups = no inet_interfaces = all mail_owner = postfix mail_spool_directory = /var/mail mailbox_command = /usr/bin/procmail mailbox_size_limit = 0 mailbox_transport = mailq_path = /usr/bin/mailq manpage_directory = /usr/share/man masquerade_classes = envelope_sender, header_sender, header_recipient masquerade_domains = wirthuell.de masquerade_exceptions = root message_size_limit = 10000000 mydestination = wirthuell.de,int.wirthuell.de,linux.int.wirthuell.de,localhost myhostname = linux.int.wirthuell.de mynetworks = 127.0.0.0/8 mynetworks_style = subnet newaliases_path = /usr/bin/newaliases program_directory = /usr/lib/postfix queue_directory = /var/spool/postfix readme_directory = /usr/share/doc/packages/postfix/README_FILES relay_clientcerts = hash:/etc/postfix/relay_ccerts relayhost = mail.arcor.de relocated_maps = hash:/etc/postfix/relocated sample_directory = /usr/share/doc/packages/postfix/samples sender_canonical_maps = hash:/etc/postfix/sender_canonical sendmail_path = /usr/sbin/sendmail setgid_group = maildrop smtp_sasl_auth_enable = no smtp_use_tls = no smtpd_client_restrictions = permit_sasl_authenticated, smtpd_helo_required = yes smtpd_helo_restrictions = smtpd_recipient_restrictions = permit_tls_clientcerts, permit_mynetworks, reject_unauth_destination smtpd_sasl_auth_enable = yes smtpd_sender_restrictions = hash:/etc/postfix/access, reject_unknown_sender_domain smtpd_tls_CAfile = /etc/postfix/ssl/cacert.pem smtpd_tls_ask_ccert = yes smtpd_tls_cert_file = /etc/postfix/ssl/certs/postfixcert.pem smtpd_tls_key_file = /etc/postfix/ssl/certs/postfixkey.pem smtpd_tls_received_header = yes smtpd_use_tls = yes strict_rfc821_envelopes = no tls_daemon_random_source = dev:/dev/urandom tls_random_source = dev:/dev/urandom transport_maps = hash:/etc/postfix/transport unknown_local_recipient_reject_code = 450 --------- end postconf -n ---------- --------- begin /etc/sysconfig/saslauthd ---------- ## Path: System/Security/SASL ## Type: list(getpwent,kerberos5,pam,rimap,shadow,ldap) ## Default: pam ## ServiceRestart: saslauthd # # Authentication mechanism to use by saslauthd. # See man 8 saslauthd for available mechanisms. # SASLAUTHD_AUTHMECH=pam --------- end /etc/sysconfig/saslauthd ---------- --------- begin /usr/lib/sasl2/smtpd.conf ---------- pwcheck_method: saslauthd mech_list: plain login --------- end /usr/lib/sasl2/smtpd.conf ---------- --------- begin ps fax ---------- PID TTY STAT TIME COMMAND 1 ? S 0:04 init [5] 2 ? SW 0:00 [keventd] 3 ? SWN 0:00 [ksoftirqd_CPU0] 4 ? SW 0:00 [kswapd] 5 ? SW 0:00 [bdflush] 6 ? SW 0:00 [kupdated] 7 ? SW 0:00 [kinoded] 8 ? SW 0:00 [mdrecoveryd] 15 ? SW 0:00 [kreiserfsd] 593 ? S 0:00 /sbin/dhcpcd -D -N -t 999999 -h linux eth0 664 ? S 0:00 /sbin/syslogd -a /var/lib/dhcp/dev/log -a /var/lib/named/dev/log 667 ? S 0:00 /sbin/klogd -c 1 -2 715 ? SW 0:00 [khubd] 825 ? S 0:00 /sbin/resmgrd 857 ? S 0:00 /sbin/portmap 864 ? S 0:00 /usr/sbin/saslauthd -a pam 865 ? S 0:00 \_ /usr/sbin/saslauthd -a pam 866 ? S 0:00 \_ /usr/sbin/saslauthd -a pam 867 ? S 0:00 \_ /usr/sbin/saslauthd -a pam 868 ? S 0:00 \_ /usr/sbin/saslauthd -a pam 920 ? S 0:03 /usr/sbin/vmware-guestd --background /var/run/vmware-guestd.pid 994 ? S 0:00 /usr/sbin/acpid 995 ? S 0:00 /usr/sbin/sshd -o PidFile=/var/run/sshd.init.pid 1735 ? S 0:02 \_ sshd: root@pts/2,pts/3,pts/4 1736 pts/2 S 0:00 \_ -bash 1756 pts/3 S 0:00 \_ -bash 3252 pts/4 S 0:00 \_ -bash 3460 pts/4 R 0:00 \_ ps fax 1058 ? S 0:02 /usr/sbin/cupsd 1243 ? S 0:01 amavisd (master) 3204 ? S 0:00 \_ amavisd (child) 3207 ? S 0:00 \_ amavisd (child) 1361 ? S 0:00 /opt/kde3/bin/kdm 1405 ? S 2:54 \_ /usr/X11R6/bin/X vt7 -auth /var/lib/xdm/authdir/authfiles/A:0-jUxmyb 1440 ? S 0:00 \_ -:0 1476 ? S 0:00 \_ /bin/sh /usr/X11R6/bin/kde 1550 ? S 0:00 \_ kwrapper ksmserver 1399 ? S 0:00 /usr/sbin/cron 1400 ? S 0:00 /usr/sbin/nscd 1401 ? S 0:00 \_ /usr/sbin/nscd 1408 ? S 0:00 \_ /usr/sbin/nscd 1409 ? S 0:00 \_ /usr/sbin/nscd 1410 ? S 0:00 \_ /usr/sbin/nscd 1411 ? S 0:00 \_ /usr/sbin/nscd 1415 ? S 0:00 \_ /usr/sbin/nscd 1434 tty1 S 0:00 /sbin/mingetty --noclear tty1 1435 tty2 S 0:00 /sbin/mingetty tty2 1436 tty3 S 0:00 /sbin/mingetty tty3 1437 tty4 S 0:00 /sbin/mingetty tty4 1438 tty5 S 0:00 /sbin/mingetty tty5 1439 tty6 S 0:00 /sbin/mingetty tty6 1530 ? S 0:00 kdeinit: Running... 1547 ? S 0:05 \_ /opt/kde3/bin/artsd -F 10 -S 4096 -s 5 -m artsmessage -l 3 -f 1553 ? S 0:01 \_ kdeinit: kwin -session 117f000002000107025623500000077360000_1070265781_718214 1561 ? S 0:00 \_ kdeinit: kio_file file /tmp/ksocket-test/klauncherMkU6ha.slave-socket /tmp/ksocket-test/kdesk 1562 ? S 0:00 \_ kdeinit: kio_file file /tmp/ksocket-test/klauncherMkU6ha.slave-socket /tmp/ksocket-test/kdesk 1563 ? S 0:00 \_ kdeinit: kio_file file /tmp/ksocket-test/klauncherMkU6ha.slave-socket /tmp/ksocket-test/kdesk 1580 ? S 0:01 \_ kdeinit: konqueror --preload 1896 ? S 0:00 \_ kdeinit: kio_file file /tmp/ksocket-test/klauncherMkU6ha.slave-socket /tmp/ksocket-test/kdesk 1533 ? S 0:00 kdeinit: dcopserver --nosid 1536 ? S 0:00 kdeinit: klauncher 1539 ? S 0:04 kdeinit: kded 1549 ? S 0:00 kdeinit: knotify 1552 ? S 0:00 kdeinit: ksmserver 1555 ? S 0:00 kdeinit: kwrited 1557 ? S 0:03 kdeinit: kdesktop 1617 ? S 0:05 \_ vmware-toolbox 3302 ? S 0:00 \_ /opt/kde3/bin/kdesktop_lock 3303 ? RN 1:48 \_ julia -window-id 41943047 -count 1000 -cycles 20 -delay 10000 -ncolors 200 1560 ? S 0:05 kdeinit: kicker 1566 ? S 0:05 kdeinit: klipper 1571 ? S 0:01 kamix 1576 ? S 0:00 susewatcher -caption SuSE Watcher -icon kinternet.png -miniicon kinternet.png --quiet 1578 ? S 0:17 suseplugger -caption SuSE Hardware Tool -icon hi22-action-hardware.png -miniicon hi22-action-hard 1583 ? S 0:00 kalarmd --login 3158 ? S 0:00 /usr/lib/postfix/master 3161 ? S 0:00 \_ pickup -l -t fifo -u 3162 ? S 0:00 \_ qmgr -l -t fifo -u 3163 ? S 0:00 \_ tlsmgr -l -t fifo -u --------- end ps fax ----------
Am Sonntag, 30. November 2003 20:43 schrieb Daniel Wirth:
Ich versuche, meinem Postfix-Server SMTP Auth bezubringen, d.h. ich moechte mich mit einem Client an Postfix anmelden um E-Mail zu relayen. Nun bekomme ich die SMTP User Auth nicht zum rennen - Ich bekomme immer noch ein "relaying denied".
Getestete Clients: Mozilla 1.5 & 1.6a / Outlook Express und "von Hand": fuckup:~ # telnet localhost 25 Trying ::1... telnet: connect to address ::1: Connection refused Trying 127.0.0.1... Connected to localhost. Escape character is '^]'. 220 fuckup.int.wirthuell.de ESMTP Postfix ehlo asd 250-fuckup.int.wirthuell.de 250-PIPELINING 250-SIZE 10240000 250-VRFY 250-ETRN 250-STARTTLS 250-AUTH LOGIN 250-XVERP 250 8BITMIME auth plain dGVzdAB0ZXN0AHRlc3RwYXNz 535 Error: authentication failed
Wenn Postfix nur LOGIN anbietet, nützt es sicher nix, PLAIN zu versuchen. Was mich zu der Frage führt, wieso bietet es nur LOGIN an. Per Default ist in der Suse auch PLAIN installiert. ALso was hast Du verändert?
Warum sehe ich oben bei 250 - AUTH nicht die Methoden wie in: "250-AUTH DIGEST-MD5 PLAIN CRAM-MD5" (aus dem Readme)
Welches README? Vermute mal es betrifft sasl-v1. Suse 8.2/9 hat sasl-v2.
Der Authstring entstammt aus perl -MMIME::Base64 -e 'print encode_base64("test\0test\0testpass")' Ein entsprechender Account test mit passwd testpass existiert.
Nur bei PLAIN.
P.S.: Meine Konfigs mit:
cat /usr/lib/sasl2/smtpd.conf =================== pwcheck_method: pam
Das gibt es mit sasl-v2 nicht mehr. Du musst nun saslauthd benutzen und diesen mit "-a pam" starten. Wie es bei der 8.2/9 per Default der Fall ist.
mech_list: plain login
Ist ok.
cat /etc/sysconfig/saslauthd ================== ## Path: System/Security/SASL ## Type: list(getpwent,kerberos5,pam,rimap,shadow,ldap) ## Default: pam # # Authentication mechanism to use by saslauthd. # See man 8 saslauthd for available mechanisms. # #SASLAUTHD_AUTHMECH="shadow" SASLAUTHD_AUTHMECH="pam"
grep -v "#" /etc/postfix/main.cf:
Hmm, beim nächsten mal bitte "postconf -n" ist übersichtlicher und bringt mehr.
===================== queue_directory = /var/spool/postfix command_directory = /usr/sbin daemon_directory = /usr/lib/postfix mail_owner = postfix unknown_local_recipient_reject_code = 450 mynetworks_style = subnet mynetworks = 127.0.0.0/8 home_mailbox = Maildir/ debug_peer_level = 2 debugger_command = PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin xxgdb $daemon_directory/$process_name $process_id & sleep 5 sendmail_path = /usr/sbin/sendmail newaliases_path = /usr/bin/newaliases mailq_path = /usr/bin/mailq setgid_group = maildrop manpage_directory = /usr/share/man sample_directory = /usr/share/doc/packages/postfix/samples readme_directory = /usr/share/doc/packages/postfix/README_FILES mail_spool_directory = /var/mail canonical_maps = hash:/etc/postfix/canonical virtual_maps = hash:/etc/postfix/virtual relocated_maps = hash:/etc/postfix/relocated transport_maps = hash:/etc/postfix/transport sender_canonical_maps = hash:/etc/postfix/sender_canonical masquerade_exceptions = root masquerade_classes = envelope_sender, header_sender, header_recipient myhostname = hal.int.wirthuell.de program_directory = /usr/lib/postfix inet_interfaces = all masquerade_domains = wirthuell.de mydestination = localhost,wirthuell.de,int.wirthuell.de,hal.int.wirthuell.de,localhost.int. wirthuell.de defer_transports = disable_dns_lookups = no relayhost = mail.arcor.de content_filter = vscan: mailbox_command = /usr/bin/procmail mailbox_transport = smtpd_sender_restrictions = hash:/etc/postfix/access, reject_unknown_sender_domain smtpd_client_restrictions = permit_sasl_authenticated, bhsmtpd_helo_required = yes
Was ist das denn?
smtpd_helo_restrictions = strict_rfc821_envelopes = no smtpd_recipient_restrictions = permit_tls_clientcerts, permit_mynetworks, reject_unauth_destination smtp_sasl_auth_enable = no smtpd_sasl_auth_enable = yes smtpd_use_tls = yes alias_maps = hash:/etc/aliases mailbox_size_limit = 51200000 message_size_limit = 10240000 smtpd_tls_CAfile = /etc/postfix/ssl/cacert.pem smtpd_tls_cert_file = /etc/postfix/ssl/certs/postfixcert.pem smtpd_tls_key_file = /etc/postfix/ssl/certs/postfixkey.pem smtpd_tls_received_header = yes tls_daemon_random_source = dev:/dev/urandom tls_random_source = dev:/dev/urandom relay_clientcerts = hash:/etc/postfix/relay_ccerts smtpd_tls_ask_ccert = yes allow_mail_to_files = include
Ganz abgesehen davon vermute ich mal, dass im Log noch ein paar sachen dazu stehen.
-- Andreas
-- Um die Liste abzubestellen, schicken Sie eine Mail an: suse-linux-unsubscribe@suse.com Um eine Liste aller verfuegbaren Kommandos zu bekommen, schicken Sie eine Mail an: suse-linux-help@suse.com
Ich habe das Problem geloest. Ursache des Aergers ist, dass SuSEconfig-postfix den Eintrag smtpd_recipient_restrictions nicht um die Option "permit_sasl_authenticated" ergaenzt. Dann schein postfix zwar die mail von dem authentisierten Client anzunehmen, nicht aber zu versenden. Um die Geschichte sauber in SuSE-Style zu beheben, habe ich folgende Zeilen in /sbin/conf.d/SuSEconfig-postfix hinzugefuegt: linux:/sbin/conf.d # diff -u /root/SuSEconfig.postfix.original SuSEconfig.postfix --- /root/SuSEconfig.postfix.original 2003-12-01 11:11:16.000000000 +0100 +++ SuSEconfig.postfix 2003-12-01 11:13:07.000000000 +0100 @@ -335,6 +335,8 @@ postconf -c $TMPDIR -e "smtpd_sasl_auth_enable= yes" CURRENT=$(postconf -c $TMPDIR -h smtpd_client_restrictions) postconf -c $TMPDIR -e "smtpd_client_restrictions= permit_sasl_authenticated, $CURRENT" + CURRENT=$(postconf -c $TMPDIR -h smtpd_recipient_restrictions) + postconf -c $TMPDIR -e "smtpd_recipient_restrictions= permit_sasl_authenticated, $CURRENT" else postconf -c $TMPDIR -e "smtpd_sasl_auth_enable= no" fi Ich danke allen, insbesondere Andreas Winkelmann, fuer die Hilfe. Gruesse, Daniel
participants (2)
-
Andreas Winkelmann
-
Daniel Wirth