Mailinglist Archive: opensuse-es (1640 mails)
| < Previous | Next > |
Postfix+openldap+sasl
- From: jvelez@xxxxxxxxxxxxxx
- Date: Fri, 10 Jun 2005 12:36:37 -0500 (COT)
- Message-id: <2901.200.89.96.138.1118424997.squirrel@xxxxxxxxxxxxxxxxxxx>
Cordial saludo a todos.
tengo un problemita que no se si es de concepto o de funcionamiento y es
el siguente:
tengo postfix autenticando contra ldap via sasl las configuraciones las
porgo al final para que las vean el problema es que postfix no me exige la
autentiación y yo la quiero obligatoria, para que se vea que funciona
agrego la salida vía telnet
ox-server:/etc # perl -MMIME::Base64 -e 'print
encode_base64("jvelez\0jvelez\0qlman");' #usuario y password en ldap
anZlbGV6AGp2ZWxlegBxbG1hbg== #
ox-server:/etc # telnet localhost 25
Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'.
220 ox-server.de ESMTP Postfix
EHLO DE
250-ox-server.de
250-PIPELINING
250-SIZE 10240000
250-VRFY
250-ETRN
250-AUTH LOGIN PLAIN
250-AUTH=LOGIN PLAIN
250 8BITMIME
AUTH PLAIN anZlbGV6AGp2ZWxlegBxbG1hbg==
235 Authentication successful
QUIT
221 Bye
por lo que se ve la autentiación funciona, si coloco en el cliente de
correo que el transporte SMTP el servidor necesita autneticación si coloc
el usuario y el password este funciona, si coloco el usuario y un password
incorrecto la respuesta del servidor es Respuesta del servidor: "Error:
authentication failed", pero si no coloco ni usuario ni password y quito
que el servidor necesita autenticación también el correo pasa (siempre y
cuando el usuario este registrado en ldap, como si el usuario fuera de
confianza y eso es lo que no quiero, quiero que sea obligatoria la
autenticación
los archivos involucrados
saslauthd.conf
ldap_servers: ldap://localhost:389/ ldap://ox-server.de:389/
#ldap_bind_dn: uid=mailadmin,dc=ox-server,dc=de
#ldap_bind_pw: secret
ldap_search_base: ou=Users,ou=OxObjects,dc=ox-server,dc=de
ldap_filter: uid=%u
ldap_group_scope: sub
ldap_password_attr: userPassword
main.cf
queue_directory = /var/spool/postfix
command_directory = /usr/sbin
daemon_directory = /usr/lib/postfix
mail_owner = postfix
unknown_local_recipient_reject_code = 450
debug_peer_level = 2
sendmail_path = /usr/sbin/sendmail
newaliases_path = /usr/bin/newaliases
mailq_path = /usr/bin/mailq
setgid_group = maildrop
html_directory = /usr/share/doc/packages/postfix/html
manpage_directory = /usr/share/man
sample_directory = /usr/share/doc/packages/postfix/samples
readme_directory = /usr/share/doc/packages/postfix/README_FILES
mynetworks = 127.0.0.0/8
mydomain = de
myhostname = ox-server.de
biff = no
mail_spool_directory = /var/mail
canonical_maps = hash:/etc/postfix/canonical
virtual_maps = hash:/etc/postfix/virtual
relocated_maps = hash:/etc/postfix/relocated
transport_maps = hash:/etc/postfix/transport
sender_canonical_maps = hash:/etc/postfix/sender_canonical
masquerade_exceptions = root
masquerade_classes = envelope_sender, header_sender, header_recipient
myhostname = ox-server.de
program_directory = /usr/lib/postfix
inet_interfaces = all
masquerade_domains =
mydestination = $myhostname, localhost.$mydomain
defer_transports =
disable_dns_lookups = yes
relayhost =
smtpd_sender_restrictions = hash:/etc/postfix/access
smtpd_client_restrictions =
smtpd_helo_required = no
smtpd_helo_restrictions =
strict_rfc821_envelopes = no
smtpd_use_tls = no
smtp_use_tls = no
mailbox_size_limit = 0
message_size_limit = 10240000
smtp_sasl_auth_enable = no
smtpd_sasl_auth_enable = yes
smtpd_sasl_security_options = noanonymous
smtpd_sasl_local_domain = $myhostname
broken_sasl_auth_clients = yes
smtpd_recipient_restrictions =
permit_sasl_authenticated,permit_mynetworks,reject_unauth_destination
mailbox_transport = lmtp:unix:/var/spool/postfix/public/lmtp
mailbox_command = /usr/lib/cyrus/bin/deliver
local_recipient_maps =
debug_peer_level = 2
debugger_command =
PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin
xxgdb $daemon_directory/$process_name $process_id & sleep 5
master.cf
# ==========================================================================
# service type private unpriv chroot wakeup maxproc command + args
# (yes) (yes) (yes) (never) (100)
# ==========================================================================
smtp inet n - n - - smtpd -v
#smtps inet n - n - - smtpd
# -o smtpd_tls_wrappermode=yes -o smtpd_sasl_auth_enable=yes
#submission inet n - n - - smtpd
# -o smtpd_enforce_tls=yes -o smtpd_sasl_auth_enable=yes -o
smtpd_etrn_restrictions=reject
#628 inet n - n - - qmqpd
pickup fifo n - n 60 1 pickup
cleanup unix n - n - 0 cleanup
qmgr fifo n - n 300 1 qmgr
#qmgr fifo n - n 300 1 oqmgr
#tlsmgr fifo - - n 300 1 tlsmgr
rewrite unix - - n - - trivial-rewrite
bounce unix - - n - 0 bounce
defer unix - - n - 0 bounce
trace unix - - n - 0 bounce
verify unix - - n - 1 verify
flush unix n - n 1000? 0 flush
proxymap unix - - n - - proxymap
smtp unix - - n - - smtp
relay unix - - n - - smtp
# -o smtp_helo_timeout=5 -o smtp_connect_timeout=5
showq unix n - n - - showq
error unix - - n - - error
local unix - n n - - local
virtual unix - n n - - virtual
lmtp unix - - n - - lmtp
anvil unix - - n - 1 anvil
localhost:10025 inet n - n - - smtpd -o content_filter=
#
# Interfaces to non-Postfix software. Be sure to examine the manual
# pages of the non-Postfix software to find out what options it wants.
#
# maildrop. See the Postfix MAILDROP_README file for details.
#
maildrop unix - n n - - pipe
flags=DRhu user=vmail argv=/usr/local/bin/maildrop -d ${recipient}
cyrus unix - n n - - pipe
user=cyrus argv=/usr/lib/cyrus/bin/deliver -e -r ${sender} -m
${extension} ${user}
uucp unix - n n - - pipe
flags=Fqhu user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail
($recipient)
ifmail unix - n n - - pipe
flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient)
bsmtp unix - n n - - pipe
flags=Fq. user=foo argv=/usr/local/sbin/bsmtp -f $sender $nexthop
$recipient
procmail unix - n n - - pipe
flags=R user=nobody argv=/usr/bin/procmail -t -m /etc/procmailrc
${sender} ${recipient}
y creo que eso es todo
este es el ultimo detallito que creo que me falta para hacer el howto de
openexchange
espero ayuda pa dedicarme al how to este fin de semana a partir de una
instalación "limpia"
jaime V.
tengo un problemita que no se si es de concepto o de funcionamiento y es
el siguente:
tengo postfix autenticando contra ldap via sasl las configuraciones las
porgo al final para que las vean el problema es que postfix no me exige la
autentiación y yo la quiero obligatoria, para que se vea que funciona
agrego la salida vía telnet
ox-server:/etc # perl -MMIME::Base64 -e 'print
encode_base64("jvelez\0jvelez\0qlman");' #usuario y password en ldap
anZlbGV6AGp2ZWxlegBxbG1hbg== #
ox-server:/etc # telnet localhost 25
Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'.
220 ox-server.de ESMTP Postfix
EHLO DE
250-ox-server.de
250-PIPELINING
250-SIZE 10240000
250-VRFY
250-ETRN
250-AUTH LOGIN PLAIN
250-AUTH=LOGIN PLAIN
250 8BITMIME
AUTH PLAIN anZlbGV6AGp2ZWxlegBxbG1hbg==
235 Authentication successful
QUIT
221 Bye
por lo que se ve la autentiación funciona, si coloco en el cliente de
correo que el transporte SMTP el servidor necesita autneticación si coloc
el usuario y el password este funciona, si coloco el usuario y un password
incorrecto la respuesta del servidor es Respuesta del servidor: "Error:
authentication failed", pero si no coloco ni usuario ni password y quito
que el servidor necesita autenticación también el correo pasa (siempre y
cuando el usuario este registrado en ldap, como si el usuario fuera de
confianza y eso es lo que no quiero, quiero que sea obligatoria la
autenticación
los archivos involucrados
saslauthd.conf
ldap_servers: ldap://localhost:389/ ldap://ox-server.de:389/
#ldap_bind_dn: uid=mailadmin,dc=ox-server,dc=de
#ldap_bind_pw: secret
ldap_search_base: ou=Users,ou=OxObjects,dc=ox-server,dc=de
ldap_filter: uid=%u
ldap_group_scope: sub
ldap_password_attr: userPassword
main.cf
queue_directory = /var/spool/postfix
command_directory = /usr/sbin
daemon_directory = /usr/lib/postfix
mail_owner = postfix
unknown_local_recipient_reject_code = 450
debug_peer_level = 2
sendmail_path = /usr/sbin/sendmail
newaliases_path = /usr/bin/newaliases
mailq_path = /usr/bin/mailq
setgid_group = maildrop
html_directory = /usr/share/doc/packages/postfix/html
manpage_directory = /usr/share/man
sample_directory = /usr/share/doc/packages/postfix/samples
readme_directory = /usr/share/doc/packages/postfix/README_FILES
mynetworks = 127.0.0.0/8
mydomain = de
myhostname = ox-server.de
biff = no
mail_spool_directory = /var/mail
canonical_maps = hash:/etc/postfix/canonical
virtual_maps = hash:/etc/postfix/virtual
relocated_maps = hash:/etc/postfix/relocated
transport_maps = hash:/etc/postfix/transport
sender_canonical_maps = hash:/etc/postfix/sender_canonical
masquerade_exceptions = root
masquerade_classes = envelope_sender, header_sender, header_recipient
myhostname = ox-server.de
program_directory = /usr/lib/postfix
inet_interfaces = all
masquerade_domains =
mydestination = $myhostname, localhost.$mydomain
defer_transports =
disable_dns_lookups = yes
relayhost =
smtpd_sender_restrictions = hash:/etc/postfix/access
smtpd_client_restrictions =
smtpd_helo_required = no
smtpd_helo_restrictions =
strict_rfc821_envelopes = no
smtpd_use_tls = no
smtp_use_tls = no
mailbox_size_limit = 0
message_size_limit = 10240000
smtp_sasl_auth_enable = no
smtpd_sasl_auth_enable = yes
smtpd_sasl_security_options = noanonymous
smtpd_sasl_local_domain = $myhostname
broken_sasl_auth_clients = yes
smtpd_recipient_restrictions =
permit_sasl_authenticated,permit_mynetworks,reject_unauth_destination
mailbox_transport = lmtp:unix:/var/spool/postfix/public/lmtp
mailbox_command = /usr/lib/cyrus/bin/deliver
local_recipient_maps =
debug_peer_level = 2
debugger_command =
PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin
xxgdb $daemon_directory/$process_name $process_id & sleep 5
master.cf
# ==========================================================================
# service type private unpriv chroot wakeup maxproc command + args
# (yes) (yes) (yes) (never) (100)
# ==========================================================================
smtp inet n - n - - smtpd -v
#smtps inet n - n - - smtpd
# -o smtpd_tls_wrappermode=yes -o smtpd_sasl_auth_enable=yes
#submission inet n - n - - smtpd
# -o smtpd_enforce_tls=yes -o smtpd_sasl_auth_enable=yes -o
smtpd_etrn_restrictions=reject
#628 inet n - n - - qmqpd
pickup fifo n - n 60 1 pickup
cleanup unix n - n - 0 cleanup
qmgr fifo n - n 300 1 qmgr
#qmgr fifo n - n 300 1 oqmgr
#tlsmgr fifo - - n 300 1 tlsmgr
rewrite unix - - n - - trivial-rewrite
bounce unix - - n - 0 bounce
defer unix - - n - 0 bounce
trace unix - - n - 0 bounce
verify unix - - n - 1 verify
flush unix n - n 1000? 0 flush
proxymap unix - - n - - proxymap
smtp unix - - n - - smtp
relay unix - - n - - smtp
# -o smtp_helo_timeout=5 -o smtp_connect_timeout=5
showq unix n - n - - showq
error unix - - n - - error
local unix - n n - - local
virtual unix - n n - - virtual
lmtp unix - - n - - lmtp
anvil unix - - n - 1 anvil
localhost:10025 inet n - n - - smtpd -o content_filter=
#
# Interfaces to non-Postfix software. Be sure to examine the manual
# pages of the non-Postfix software to find out what options it wants.
#
# maildrop. See the Postfix MAILDROP_README file for details.
#
maildrop unix - n n - - pipe
flags=DRhu user=vmail argv=/usr/local/bin/maildrop -d ${recipient}
cyrus unix - n n - - pipe
user=cyrus argv=/usr/lib/cyrus/bin/deliver -e -r ${sender} -m
${extension} ${user}
uucp unix - n n - - pipe
flags=Fqhu user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail
($recipient)
ifmail unix - n n - - pipe
flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient)
bsmtp unix - n n - - pipe
flags=Fq. user=foo argv=/usr/local/sbin/bsmtp -f $sender $nexthop
$recipient
procmail unix - n n - - pipe
flags=R user=nobody argv=/usr/bin/procmail -t -m /etc/procmailrc
${sender} ${recipient}
y creo que eso es todo
este es el ultimo detallito que creo que me falta para hacer el howto de
openexchange
espero ayuda pa dedicarme al how to este fin de semana a partir de una
instalación "limpia"
jaime V.
| < Previous | Next > |