Mailinglist Archive: opensuse-de (1970 mails)

< Previous Next >
Postfix SSL
  • From: Michael Post <michael.post@xxxxxxxxxxxx>
  • Date: Tue, 05 Dec 2006 23:48:00 +0100
  • Message-id: <4575F720.2040302@xxxxxxxxxxxx>
Hallo Liste,

ich habe postfix eingerichtet. Nun will aber SSL nicht funktionieren.
Woran könnte es liegen? Ihr seid da doch die Experten. ;-)

Das Passwort wird abgefragt, aber ich erhalte in der /var/log/messages
den folgenden Eintrag:

Dec 5 23:41:02 beta saslauthd[14791]: DEBUG: auth_pam: pam_authenticate
failed: Permission denied
Dec 5 23:41:02 beta saslauthd[14791]: do_auth : auth failure:
[user=645233] [service=smtp] [realm=] [mech=pam] [reason=PAM auth error]

Ok. Das er die PAM-Authentifizierung nicht durchführen kann ist mir
klar. Also hier liegt der Hase begraben.

Aber warum kann er das nicht? Ohne SSL funktioniert es einwandfrei.

Vielen Dank

Michael


Ausgabe von saslfinger:

saslfinger - postfix Cyrus sasl configuration Di Dez 5 23:42:58 CET 2006
version: 1.0
mode: server-side SMTP AUTH

-- basics --
Postfix: 2.3.0
System:
Welcome to SUSE LINUX 10.0 (i586) - Kernel \r (\l).

-- smtpd is linked to --
libsasl2.so.2 => /usr/lib/libsasl2.so.2 (0x40087000)

-- active SMTP AUTH and TLS parameters for smtpd --
broken_sasl_auth_clients = yes
smtpd_sasl_auth_enable = yes
smtpd_sasl_local_domain =
smtpd_sasl_security_options = noanonymous
smtpd_tls_CAfile = /var/lib/imap/certs/CAcert.pem
smtpd_tls_auth_only = no
smtpd_tls_cert_file = /var/lib/imap/certs/cert.pem
smtpd_tls_key_file = /var/lib/imap/certs/key.pem
smtpd_tls_loglevel = 1
smtpd_tls_received_header = yes
smtpd_tls_session_cache_timeout = 3600s
smtpd_use_tls = yes


-- listing of /usr/lib/sasl2 --
insgesamt 699
drwxr-xr-x 2 root root 1048 2006-07-26 18:03 .
drwxr-xr-x 47 root root 18464 2006-12-05 22:20 ..
-rwxr-xr-x 1 root root 13592 2005-09-09 19:39 libanonymous.so
-rwxr-xr-x 1 root root 13592 2005-09-09 19:39 libanonymous.so.2
-rwxr-xr-x 1 root root 13592 2005-09-09 19:39 libanonymous.so.2.0.21
-rwxr-xr-x 1 root root 15796 2005-09-09 19:39 libcrammd5.so
-rwxr-xr-x 1 root root 15796 2005-09-09 19:39 libcrammd5.so.2
-rwxr-xr-x 1 root root 15796 2005-09-09 19:39 libcrammd5.so.2.0.21
-rwxr-xr-x 1 root root 43416 2005-09-09 19:39 libdigestmd5.so
-rwxr-xr-x 1 root root 43416 2005-09-09 19:39 libdigestmd5.so.2
-rwxr-xr-x 1 root root 43416 2005-09-09 19:39 libdigestmd5.so.2.0.21
-rwxr-xr-x 1 root root 25336 2005-09-09 19:39 libgssapiv2.so
-rwxr-xr-x 1 root root 25336 2005-09-09 19:39 libgssapiv2.so.2
-rwxr-xr-x 1 root root 25336 2005-09-09 19:39 libgssapiv2.so.2.0.21
-rwxr-xr-x 1 root root 14420 2005-09-09 19:39 liblogin.so
-rwxr-xr-x 1 root root 14420 2005-09-09 19:39 liblogin.so.2
-rwxr-xr-x 1 root root 14420 2005-09-09 19:39 liblogin.so.2.0.21
-rwxr-xr-x 1 root root 45020 2005-09-09 19:39 libotp.so
-rwxr-xr-x 1 root root 45020 2005-09-09 19:39 libotp.so.2
-rwxr-xr-x 1 root root 45020 2005-09-09 19:39 libotp.so.2.0.21
-rwxr-xr-x 1 root root 14420 2005-09-09 19:39 libplain.so
-rwxr-xr-x 1 root root 14420 2005-09-09 19:39 libplain.so.2
-rwxr-xr-x 1 root root 14420 2005-09-09 19:39 libplain.so.2.0.21
-rwxr-xr-x 1 root root 18756 2005-09-09 19:39 libsasldb.so
-rwxr-xr-x 1 root root 18756 2005-09-09 19:39 libsasldb.so.2
-rwxr-xr-x 1 root root 18756 2005-09-09 19:39 libsasldb.so.2.0.21
-rwxr-xr-x 1 root root 21932 2005-09-09 19:39 libsql.so
-rwxr-xr-x 1 root root 21932 2005-09-09 19:39 libsql.so.2
-rwxr-xr-x 1 root root 21932 2005-09-09 19:39 libsql.so.2.0.21
-rw-r--r-- 1 root root 105 2006-07-26 18:03 smtpd.conf
-rw-r--r-- 1 root root 106 2006-07-20 16:20 smtpd.conf~




-- content of /usr/lib/sasl2/smtpd.conf --
pwcheck_method: saslauthd
mech_list: plain login cram-md5 digest-md5
log_level: 3
#ausprop_plugin: sasldb

-- active services in /etc/postfix/master.cf --
# service type private unpriv chroot wakeup maxproc command + args
# (yes) (yes) (yes) (never) (100)
smtp inet n - n - 2 smtpd -o content_filter=smtp:[127.0.0.1]:10024
submission inet n - n - - smtpd
-o smtpd_etrn_restrictions=reject
smtps inet n - n - - smtpd -o
smtpd_tls_wrappermode=yes
-o smtpd_tls_wrappermode=yes -o smtpd_sasl_auth_enable=yes
submission inet n - n - - smtpd
-o smtpd_enforce_tls=yes -o smtpd_sasl_auth_enable=yes

127.0.0.1:10025 inet n - n - - smtpd
-o content_filter=
-o local_recipient_maps=
-o smtpd_helo_restrictions=
-o smtpd_client_restrictions=
-o smtpd_sender_restrictions=
-o mynetworks=127.0.0.0/8

smtp-amavis unix - - n - 2 smtp
-o smtp_data_done_timeout=1200
-o disable_dns_lookups=yes

pickup fifo n - n 60 1 pickup
cleanup unix n - n - 0 cleanup
qmgr fifo n - n 300 1 qmgr
tlsmgr unix - - n 1000? 1 tlsmgr
rewrite unix - - n - - trivial-rewrite
bounce unix - - n - 0 bounce
defer unix - - n - 0 bounce
trace unix - - n - 0 bounce
verify unix - - n - 1 verify
flush unix n - n 1000? 0 flush
proxymap unix - - n - - proxymap
smtp unix - - n - - smtp
relay unix - - n - - smtp
-o fallback_relay=
showq unix n - n - - showq
error unix - - n - - error
discard unix - - n - - discard
local unix - n n - - local
virtual unix - n n - - virtual
lmtp unix - - n - - lmtp
anvil unix - - n - 1 anvil
scache unix - - n - 1 scache
maildrop unix - n n - - pipe
flags=DRhu user=vmail argv=/usr/local/bin/maildrop -d ${recipient}
cyrus unix - n n - - pipe
user=cyrus argv=/usr/lib/cyrus/bin/deliver -e -r ${sender} -m
${extension} ${user}
uucp unix - n n - - pipe
flags=Fqhu user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail
($recipient)
ifmail unix - n n - - pipe
flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient)
bsmtp unix - n n - - pipe
flags=Fq. user=foo argv=/usr/local/sbin/bsmtp -f $sender $nexthop
$recipient
procmail unix - n n - - pipe
flags=R user=nobody argv=/usr/bin/procmail -t -m /etc/procmailrc
${sender} ${recipient}
tlsmgr unix - - n 1000? 1 tlsmgr

-- mechanisms on localhost --
250-AUTH CRAM-MD5 DIGEST-MD5 LOGIN PLAIN
250-AUTH=CRAM-MD5 DIGEST-MD5 LOGIN PLAIN


-- end of saslfinger output --




Hier noch meine postconf -n - Ausgabe:

alias_database = hash:/etc/aliases
alias_maps = hash:/etc/aliases
biff = no
broken_sasl_auth_clients = yes
command_directory = /usr/sbin
config_directory = /etc/postfix
content_filter = smtp-amavis:[127.0.0.1]:10024
daemon_directory = /usr/lib/postfix
debug_peer_level = 2
disable_dns_lookups = no
disable_vrfy_command = yes
html_directory = /usr/share/doc/packages/postfix/html
inet_interfaces = all
inet_protocols = all
mail_owner = postfix
mail_spool_directory = /var/mail
mailbox_size_limit = 0
mailbox_transport = cyrus
mailq_path = /usr/bin/mailq
manpage_directory = /usr/share/man
masquerade_classes = envelope_sender, header_sender, header_recipient
masquerade_exceptions = root
message_size_limit = 20480000
mydestination = $myhostname, localhost.$mydomain
myhostname = xxxxxx.xxxxxx.de
mynetworks = 127.0.0.0/8
newaliases_path = /usr/bin/newaliases
queue_directory = /var/spool/postfix
readme_directory = /usr/share/doc/packages/postfix/README_FILES
relay_domains = mysql:/etc/postfix/mysql-relay.cf
sample_directory = /usr/share/doc/packages/postfix/samples
sender_canonical_maps = mysql:/etc/postfix/mysql-canonical.cf
sendmail_path = /usr/sbin/sendmail
setgid_group = maildrop
smtp_use_tls = yes
smtpd_delay_reject = yes
smtpd_helo_required = yes
smtpd_helo_restrictions = permit_sasl_authenticated, permit_mynetworks, reject_unauth_destination, reject_invalid_hostname
smtpd_recipient_restrictions = permit_sasl_authenticated, permit_mynetworks, reject_unauth_destination, reject_invalid_hostname, reject_non_fqdn_hostname, reject_non_fqdn_sender, reject_non_fqdn_recipient, reject_unknown_sender_domain, reject_unknown_recipient_domain, reject_unauth_pipelining, permit
smtpd_sasl_auth_enable = yes
smtpd_sasl_local_domain =
smtpd_sasl_security_options = noanonymous
smtpd_tls_CAfile = /var/lib/imap/certs/CAcert.pem
smtpd_tls_auth_only = no
smtpd_tls_cert_file = /var/lib/imap/certs/cert.pem
smtpd_tls_key_file = /var/lib/imap/certs/key.pem
smtpd_tls_loglevel = 1
smtpd_tls_received_header = yes
smtpd_tls_session_cache_timeout = 3600s
smtpd_use_tls = yes
strict_rfc821_envelopes = no
tls_random_source = dev:/dev/urandom
transport_maps = hash:/etc/postfix/transport
unknown_local_recipient_reject_code = 550


--
Um die Liste abzubestellen, schicken Sie eine Mail an:
opensuse-de+unsubscribe@xxxxxxxxxxxx
Um eine Liste aller verfuegbaren Kommandos zu bekommen, schicken
Sie eine Mail an: opensuse-de+help@xxxxxxxxxxxx

< Previous Next >