Postfix & cyrus : auth via sasldb

Postfix, QMail, Sendmail, Dovecot, Cyrus, Courier, Anti-Spam
theomega
Userprojekt
Userprojekt
Posts: 704
Joined: 2003-01-27 14:36

Postfix & cyrus : auth via sasldb

Post by theomega » 2005-01-26 20:20

Hallo Leute,
folgende Situation: ich will postfix (tls, version 2.x) auf cyrus (version 2.x) ausliefern. Als Authentifizierungsmedium kommt sasldb zum einsatz, das funktioniert mit cyrus auch problemlos. Es sollen keine lokalen User für die Mailadressen existieren. Bei postfix zeigt sich ein sehr komisches Phänomen: "MS Outlook Express" kann keine Mails versenden, "Mozilla Thunderbird" schon. (Ich bitte von Kommentare wie "wer nutzt schon ms-software" abzusehen, da ich meinen usern nicht das mailprgramm vorschreiben will.

Wenn ich im OE versuche die Mail zu verschicken, dann habe ich "anmelden am postaugangserver" aktiviert mit den zugangsdaten vom pop3. Dabei geht das Abholen problemlos, nur beim versenden (also beim smtp-auth) weißt der Server das Passwort zurück. Im Thunderbird geht dagegen alles.

Ich poste hier mal alle ausgaben die hilfreich sein könnten:

1. Auszug aus der mail.info zum Zeitpunkt des Zurückweisens:

Code: Select all

an 26 20:08:51 flacons postfix/smtpd[14127]: connect from p54A251F7.dip.t-dialin.net[84.162.81.247]
Jan 26 20:08:52 flacons postfix/smtpd[14127]: warning: SASL authentication problem: unknown password verifier
Jan 26 20:08:52 flacons postfix/smtpd[14127]: warning: p54A251F7.dip.t-dialin.net[84.162.81.247]: SASL LOGIN authentication failed
Jan 26 20:08:52 flacons postfix/smtpd[14127]: lost connection after AUTH from p54A251F7.dip.t-dialin.net[84.162.81.247]
Jan 26 20:08:52 flacons postfix/smtpd[14127]: disconnect from p54A251F7.dip.t-dialin.net[84.162.81.247]
2. mit smtpd -c in der master.cf, also debug-modus:

Code: Select all

Jan 26 20:13:14 flacons postfix/smtpd[14737]: connect from p54A251F7.dip.t-dialin.net[84.162.81.247]
Jan 26 20:13:14 flacons postfix/smtpd[14737]: match_list_match: p54A251F7.dip.t-dialin.net: no match
Jan 26 20:13:14 flacons postfix/smtpd[14737]: match_list_match: 84.162.81.247: no match
Jan 26 20:13:14 flacons postfix/smtpd[14737]: match_list_match: p54A251F7.dip.t-dialin.net: no match
Jan 26 20:13:14 flacons postfix/smtpd[14737]: match_list_match: 84.162.81.247: no match
Jan 26 20:13:14 flacons postfix/smtpd[14737]: > p54A251F7.dip.t-dialin.net[84.162.81.247]: 220 flacons.org ESMTP flacons.org
Jan 26 20:13:14 flacons postfix/smtpd[14737]: watchdog_pat: 0x8093168
Jan 26 20:13:14 flacons postfix/smtpd[14737]: < p54A251F7.dip.t-dialin.net[84.162.81.247]: EHLO zunami
Jan 26 20:13:14 flacons postfix/smtpd[14737]: > p54A251F7.dip.t-dialin.net[84.162.81.247]: 250-flacons.org
Jan 26 20:13:14 flacons postfix/smtpd[14737]: > p54A251F7.dip.t-dialin.net[84.162.81.247]: 250-PIPELINING
Jan 26 20:13:14 flacons postfix/smtpd[14737]: > p54A251F7.dip.t-dialin.net[84.162.81.247]: 250-SIZE 629145600
Jan 26 20:13:14 flacons postfix/smtpd[14737]: > p54A251F7.dip.t-dialin.net[84.162.81.247]: 250-VRFY
Jan 26 20:13:14 flacons postfix/smtpd[14737]: > p54A251F7.dip.t-dialin.net[84.162.81.247]: 250-ETRN
Jan 26 20:13:14 flacons postfix/smtpd[14737]: > p54A251F7.dip.t-dialin.net[84.162.81.247]: 250-STARTTLS
Jan 26 20:13:14 flacons postfix/smtpd[14737]: > p54A251F7.dip.t-dialin.net[84.162.81.247]: 250-AUTH LOGIN PLAIN OTP DIGEST-MD5 CRAM-MD5
Jan 26 20:13:14 flacons postfix/smtpd[14737]: match_list_match: p54A251F7.dip.t-dialin.net: no match
Jan 26 20:13:14 flacons postfix/smtpd[14737]: match_list_match: 84.162.81.247: no match
Jan 26 20:13:14 flacons postfix/smtpd[14737]: > p54A251F7.dip.t-dialin.net[84.162.81.247]: 250 8BITMIME
Jan 26 20:13:14 flacons postfix/smtpd[14737]: watchdog_pat: 0x8093168
Jan 26 20:13:14 flacons postfix/smtpd[14737]: < p54A251F7.dip.t-dialin.net[84.162.81.247]: AUTH LOGIN
Jan 26 20:13:14 flacons postfix/smtpd[14737]: smtpd_sasl_authenticate: sasl_method LOGIN
Jan 26 20:13:14 flacons postfix/smtpd[14737]: smtpd_sasl_authenticate: uncoded challenge: Username:
Jan 26 20:13:14 flacons postfix/smtpd[14737]: > p54A251F7.dip.t-dialin.net[84.162.81.247]: 334 VXNlcm5hbWU6
Jan 26 20:13:14 flacons postfix/smtpd[14737]: < p54A251F7.dip.t-dialin.net[84.162.81.247]: ZHhfdGVzdDE=
Jan 26 20:13:14 flacons postfix/smtpd[14737]: smtpd_sasl_authenticate: decoded response: dx_test1
Jan 26 20:13:14 flacons postfix/smtpd[14737]: smtpd_sasl_authenticate: uncoded challenge: Password:
Jan 26 20:13:14 flacons postfix/smtpd[14737]: > p54A251F7.dip.t-dialin.net[84.162.81.247]: 334 UGFzc3dvcmQ6
Jan 26 20:13:15 flacons postfix/smtpd[14737]: < p54A251F7.dip.t-dialin.net[84.162.81.247]: dGVzdA==
Jan 26 20:13:15 flacons postfix/smtpd[14737]: smtpd_sasl_authenticate: decoded response: test
Jan 26 20:13:15 flacons postfix/smtpd[14737]: warning: SASL authentication problem: unknown password verifier
Jan 26 20:13:15 flacons postfix/smtpd[14737]: warning: p54A251F7.dip.t-dialin.net[84.162.81.247]: SASL LOGIN authentication failed
Jan 26 20:13:15 flacons postfix/smtpd[14737]: > p54A251F7.dip.t-dialin.net[84.162.81.247]: 435 Error: authentication failed
Jan 26 20:13:15 flacons postfix/smtpd[14737]: watchdog_pat: 0x8093168
Jan 26 20:13:15 flacons postfix/smtpd[14737]: smtp_get: EOF
Jan 26 20:13:15 flacons postfix/smtpd[14737]: lost connection after AUTH from p54A251F7.dip.t-dialin.net[84.162.81.247]
Jan 26 20:13:15 flacons postfix/smtpd[14737]: disconnect from p54A251F7.dip.t-dialin.net[84.162.81.247]
Jan 26 20:13:15 flacons postfix/smtpd[14737]: master_notify: status 1
Jan 26 20:13:15 flacons postfix/smtpd[14737]: connection closed
Jan 26 20:13:15 flacons postfix/smtpd[14737]: watchdog_stop: 0x8093168
Jan 26 20:13:15 flacons postfix/smtpd[14737]: watchdog_start: 0x8093168
Jan 26 20:13:16 flacons postfix/smtpd[14737]: connection established
Jan 26 20:13:16 flacons postfix/smtpd[14737]: master_notify: status 0
Jan 26 20:13:16 flacons postfix/smtpd[14737]: name_mask: resource
Jan 26 20:13:16 flacons postfix/smtpd[14737]: name_mask: software
Jan 26 20:13:16 flacons postfix/smtpd[14737]: name_mask: noanonymous
Jan 26 20:13:16 flacons postfix/smtpd[14737]: connect from p54A251F7.dip.t-dialin.net[84.162.81.247]
Jan 26 20:13:16 flacons postfix/smtpd[14737]: match_list_match: p54A251F7.dip.t-dialin.net: no match
Jan 26 20:13:16 flacons postfix/smtpd[14737]: match_list_match: 84.162.81.247: no match
Jan 26 20:13:16 flacons postfix/smtpd[14737]: match_list_match: p54A251F7.dip.t-dialin.net: no match
Jan 26 20:13:16 flacons postfix/smtpd[14737]: match_list_match: 84.162.81.247: no match
Jan 26 20:13:16 flacons postfix/smtpd[14737]: > p54A251F7.dip.t-dialin.net[84.162.81.247]: 220 flacons.org ESMTP flacons.org
Jan 26 20:13:16 flacons postfix/smtpd[14737]: watchdog_pat: 0x8093168
Jan 26 20:13:16 flacons postfix/smtpd[14737]: < p54A251F7.dip.t-dialin.net[84.162.81.247]: EHLO zunami
Jan 26 20:13:16 flacons postfix/smtpd[14737]: > p54A251F7.dip.t-dialin.net[84.162.81.247]: 250-flacons.org
Jan 26 20:13:16 flacons postfix/smtpd[14737]: > p54A251F7.dip.t-dialin.net[84.162.81.247]: 250-PIPELINING
Jan 26 20:13:16 flacons postfix/smtpd[14737]: > p54A251F7.dip.t-dialin.net[84.162.81.247]: 250-SIZE 629145600
Jan 26 20:13:16 flacons postfix/smtpd[14737]: > p54A251F7.dip.t-dialin.net[84.162.81.247]: 250-VRFY
Jan 26 20:13:16 flacons postfix/smtpd[14737]: > p54A251F7.dip.t-dialin.net[84.162.81.247]: 250-ETRN
Jan 26 20:13:16 flacons postfix/smtpd[14737]: > p54A251F7.dip.t-dialin.net[84.162.81.247]: 250-STARTTLS
Jan 26 20:13:16 flacons postfix/smtpd[14737]: > p54A251F7.dip.t-dialin.net[84.162.81.247]: 250-AUTH LOGIN PLAIN OTP DIGEST-MD5 CRAM-MD5
Jan 26 20:13:16 flacons postfix/smtpd[14737]: match_list_match: p54A251F7.dip.t-dialin.net: no match
Jan 26 20:13:16 flacons postfix/smtpd[14737]: match_list_match: 84.162.81.247: no match
Jan 26 20:13:16 flacons postfix/smtpd[14737]: > p54A251F7.dip.t-dialin.net[84.162.81.247]: 250 8BITMIME
Jan 26 20:13:16 flacons postfix/smtpd[14737]: watchdog_pat: 0x8093168
Jan 26 20:13:16 flacons postfix/smtpd[14737]: < p54A251F7.dip.t-dialin.net[84.162.81.247]: AUTH LOGIN
Jan 26 20:13:16 flacons postfix/smtpd[14737]: smtpd_sasl_authenticate: sasl_method LOGIN
Jan 26 20:13:16 flacons postfix/smtpd[14737]: smtpd_sasl_authenticate: uncoded challenge: Username:
Jan 26 20:13:16 flacons postfix/smtpd[14737]: > p54A251F7.dip.t-dialin.net[84.162.81.247]: 334 VXNlcm5hbWU6
Jan 26 20:13:16 flacons postfix/smtpd[14737]: < p54A251F7.dip.t-dialin.net[84.162.81.247]: ZHhfdGVzdDE=
Jan 26 20:13:16 flacons postfix/smtpd[14737]: smtpd_sasl_authenticate: decoded response: dx_test1
Jan 26 20:13:16 flacons postfix/smtpd[14737]: smtpd_sasl_authenticate: uncoded challenge: Password:
Jan 26 20:13:16 flacons postfix/smtpd[14737]: > p54A251F7.dip.t-dialin.net[84.162.81.247]: 334 UGFzc3dvcmQ6
Jan 26 20:13:17 flacons postfix/smtpd[14737]: < p54A251F7.dip.t-dialin.net[84.162.81.247]: dGVzdA==
Jan 26 20:13:17 flacons postfix/smtpd[14737]: smtpd_sasl_authenticate: decoded response: test
Jan 26 20:13:17 flacons postfix/smtpd[14737]: warning: SASL authentication problem: unknown password verifier
Jan 26 20:13:17 flacons postfix/smtpd[14737]: warning: p54A251F7.dip.t-dialin.net[84.162.81.247]: SASL LOGIN authentication failed
Jan 26 20:13:17 flacons postfix/smtpd[14737]: > p54A251F7.dip.t-dialin.net[84.162.81.247]: 435 Error: authentication failed
Jan 26 20:13:17 flacons postfix/smtpd[14737]: watchdog_pat: 0x8093168
Jan 26 20:13:17 flacons postfix/smtpd[14737]: smtp_get: EOF
Jan 26 20:13:17 flacons postfix/smtpd[14737]: lost connection after AUTH from p54A251F7.dip.t-dialin.net[84.162.81.247]
Jan 26 20:13:17 flacons postfix/smtpd[14737]: disconnect from p54A251F7.dip.t-dialin.net[84.162.81.247]
Jan 26 20:13:17 flacons postfix/smtpd[14737]: master_notify: status 1
Jan 26 20:13:17 flacons postfix/smtpd[14737]: connection closed
zugangsdaten waren dx_test1 / test wie man in dem log sehen kann empfängt postfix diese auch richtig

postconf:
http://www.flacons.org/postconf

master.cf:
http://www.flacons.org/master.cf

/etc/postfix/sasl/smtpd:
http://www.flacons.org/smtpd1

/usr/lib/sasl2/smtpd.conf:
http://www.flacons.org/smtpd2

"l /usr/lib/sasl2/"

Code: Select all

total 360
-rw-r--r--  1 root root 13488 2004-10-16 23:02 libanonymous.a
-rw-r--r--  1 root root   851 2004-10-16 23:02 libanonymous.la
lrwxrwxrwx  1 root root    22 2005-01-26 17:53 libanonymous.so -> libanonymous.so.2.0.19
lrwxrwxrwx  1 root root    22 2005-01-26 17:53 libanonymous.so.2 -> libanonymous.so.2.0.19
-rw-r--r--  1 root root 13824 2004-10-16 23:02 libanonymous.so.2.0.19
-rw-r--r--  1 root root 16298 2004-10-16 23:02 libcrammd5.a
-rw-r--r--  1 root root   837 2004-10-16 23:02 libcrammd5.la
lrwxrwxrwx  1 root root    20 2005-01-26 17:53 libcrammd5.so -> libcrammd5.so.2.0.19
lrwxrwxrwx  1 root root    20 2005-01-26 17:53 libcrammd5.so.2 -> libcrammd5.so.2.0.19
-rw-r--r--  1 root root 16180 2004-10-16 23:02 libcrammd5.so.2.0.19
-rw-r--r--  1 root root 47516 2004-10-16 23:02 libdigestmd5.a
-rw-r--r--  1 root root   860 2004-10-16 23:02 libdigestmd5.la
lrwxrwxrwx  1 root root    22 2005-01-26 17:53 libdigestmd5.so -> libdigestmd5.so.2.0.19
lrwxrwxrwx  1 root root    22 2005-01-26 17:53 libdigestmd5.so.2 -> libdigestmd5.so.2.0.19
-rw-r--r--  1 root root 43944 2004-10-16 23:02 libdigestmd5.so.2.0.19
-rw-r--r--  1 root root 13726 2004-10-16 23:02 liblogin.a
-rw-r--r--  1 root root   831 2004-10-16 23:02 liblogin.la
lrwxrwxrwx  1 root root    18 2005-01-26 17:53 liblogin.so -> liblogin.so.2.0.19
lrwxrwxrwx  1 root root    18 2005-01-26 17:53 liblogin.so.2 -> liblogin.so.2.0.19
-rw-r--r--  1 root root 14028 2004-10-16 23:02 liblogin.so.2.0.19
-rw-r--r--  1 root root 20142 2004-10-16 23:02 libotp.a
-rw-r--r--  1 root root   825 2004-10-16 23:02 libotp.la
lrwxrwxrwx  1 root root    16 2005-01-26 17:53 libotp.so -> libotp.so.2.0.19
lrwxrwxrwx  1 root root    16 2005-01-26 17:53 libotp.so.2 -> libotp.so.2.0.19
-rw-r--r--  1 root root 43184 2004-10-16 23:02 libotp.so.2.0.19
-rw-r--r--  1 root root 13886 2004-10-16 23:02 libplain.a
-rw-r--r--  1 root root   831 2004-10-16 23:02 libplain.la
lrwxrwxrwx  1 root root    18 2005-01-26 17:53 libplain.so -> libplain.so.2.0.19
lrwxrwxrwx  1 root root    18 2005-01-26 17:53 libplain.so.2 -> libplain.so.2.0.19
-rw-r--r--  1 root root 14096 2004-10-16 23:02 libplain.so.2.0.19
-rw-r--r--  1 root root 21798 2004-10-16 23:02 libsasldb.a
-rw-r--r--  1 root root   852 2004-10-16 23:02 libsasldb.la
lrwxrwxrwx  1 root root    19 2005-01-25 21:05 libsasldb.so -> libsasldb.so.2.0.19
lrwxrwxrwx  1 root root    19 2005-01-25 21:05 libsasldb.so.2 -> libsasldb.so.2.0.19
-rw-r--r--  1 root root 18692 2004-10-16 23:02 libsasldb.so.2.0.19
-rw-r--r--  1 root root    23 2005-01-26 18:50 smtpd.conf
/usr/sbin/sasldblistusers2

Code: Select all

root@flacons.org: userPassword
dx_test1@flacons.org: userPassword
Wer hat ne Idee? Ich verstehs echt nicht! Wenn irgendwelche Infos fehlen, dann bitte sagen.

Gruß und Danke
TO

theomega
Userprojekt
Userprojekt
Posts: 704
Joined: 2003-01-27 14:36

Re: Postfix & cyrus : auth via sasldb

Post by theomega » 2005-01-27 14:09

Oki, ich hab folgende erkenntnisse gewonnen:
OE verschickt die Login-Daten unverschlüsselt (PLAIN)
Thunderbird nimmt dagegen eine Hash (CRAM MD5)
wie kann ich entweder entweder OE davon überzeugen md5 zu benutzen oder für sasl auch plain-text-passwörter zulassen?

Danke
TO

kuntho
Posts: 149
Joined: 2004-10-27 14:22
Location: Küps

Re: Postfix & cyrus : auth via sasldb

Post by kuntho » 2005-01-28 21:36

Machst Du in der smtpd.conf (/usr/lib/sasl/smtpd.conf). Beispelsweise:

Code: Select all

mech_list: PLAIN LOGIN CRAM-MD5 DIGEST-MD5