Problem mit SASL authentication bei postfix

[daten-zwerg]

Mail-Versand über SMTP schlägt fehl.
Postfix und saslauth laufen aber irgendwie klappt die Kommunikation nicht.

mail.log

Code: Select all

postfix/smtpd[25278]: xsasl_cyrus_server_first: decoded initial response
postfix/smtpd[25278]: warning: SASL authentication failure: cannot connect to saslauthd server: No such file or directory
postfix/smtpd[25278]: warning: SASL authentication failure: Password verification failed

main.cf

Code: Select all

command_directory = /usr/sbin
daemon_directory = /usr/lib/postfix
program_directory = /usr/lib/postfix

inet_interfaces = all
mynetworks_style = host

myhostname = mail.dv-studios.net
mydomain = dv-studios.net
myorigin = /etc/mailname

smtpd_banner = $myhostname VHCS2 2.4 Rhea Managed ESMTP 2.4.8 RC1
setgid_group = postdrop

mydestination = $myhostname, $mydomain
append_dot_mydomain = no
append_at_myorigin = yes
local_transport = local
virtual_transport = virtual
transport_maps = hash:/etc/postfix/vhcs2/transport

mail_spool_directory = /var/mail
mailbox_size_limit = 0
mailbox_command = procmail -a "$EXTENSION"

biff = no

alias_database = hash:/etc/aliases

local_destination_recipient_limit = 1
local_recipient_maps = unix:passwd.byname $alias_database

vhcs2-arpl_destination_recipient_limit = 1

virtual_mailbox_base = /var/mail/virtual
virtual_mailbox_limit = 0

virtual_mailbox_domains = hash:/etc/postfix/vhcs2/domains
virtual_mailbox_maps = hash:/etc/postfix/vhcs2/mailboxes

virtual_alias_maps = hash:/etc/postfix/vhcs2/aliases

virtual_minimum_uid = 1003
virtual_uid_maps = static:1003
virtual_gid_maps = static:8

smtpd_sasl_auth_enable = yes
smtpd_sasl2_auth_enable = yes
smtpd_sasl_security_options = noanonymous
smtpd_sasl_local_domain =
broken_sasl_auth_clients = yes
smtpd_recipient_restrictions = permit_sasl_authenticated,
                               permit_mynetworks,
                               reject_unauth_destination
#smtpd_sasl_authenticated_header = yes

smtp_use_tls = yes
smtpd_tls_loglevel = 2
smtpd_tls_cert_file = /etc/postfix/ssl/smtpd.crt
smtpd_tls_key_file = /etc/postfix/ssl/smtpd.key
smtpd_tls_CAfile = /etc/postfix/ssl/cacert.pem
smtpd_use_tls = yes
smtpd_tls_auth_only = no
smtp_tls_note_starttls_offer = yes
smtpd_tls_session_cache_timeout = 3600s
smtpd_tls_received_header = yes
tls_random_source = dev:/dev/urandom

content_filter = amavis:[127.0.0.1]:10024

relayhost =
mynetworks = 127.0.0.1/32 213.160.3.140/32
recipient_delimiter = +
inet_protocols = all

/etc/default/saslauthd

Code: Select all

START=yes
MECHANISMS="pam"
MECH_OPTIONS=""
THREADS=5
OPTIONS="-c -m /var/spool/postfix/var/run/saslauthd -r"

/etc/postfix/sasl/smtpd.conf:

Code: Select all

pwcheck_method: saslauthd
mech_list: PLAIN LOGIN
log_level: 10
saslauthd_path: /var/run/saslauthd/mux

/usr/sbin/saslauthd -a pam -c -m /var/spool/postfix/var/run/saslauthd -r -d

Code: Select all

saslauthd[26790] :main            : num_procs  : 5
saslauthd[26790] :main            : mech_option: NULL
saslauthd[26790] :main            : run_path   : /var/spool/postfix/var/run/saslauthd
saslauthd[26790] :main            : auth_mech  : pam
saslauthd[26790] :cache_alloc_mm  : mmaped shared memory segment on file: /var/spool/postfix/var/run/saslauthd/cache.mmap
saslauthd[26790] :cache_init      : bucket size: 92 bytes
saslauthd[26790] :cache_init      : stats size : 36 bytes
saslauthd[26790] :cache_init      : timeout    : 28800 seconds
saslauthd[26790] :cache_init      : cache table: 944764 total bytes
saslauthd[26790] :cache_init      : cache table: 1711 slots
saslauthd[26790] :cache_init      : cache table: 10266 buckets
saslauthd[26790] :cache_init_lock : flock file opened at /var/spool/postfix/var/run/saslauthd/cache.flock
saslauthd[26790] :ipc_init        : using accept lock file: /var/spool/postfix/var/run/saslauthd/mux.accept
saslauthd[26790] :detach_tty      : master pid is: 0
saslauthd[26790] :ipc_init        : listening on socket: /var/spool/postfix/var/run/saslauthd/mux
saslauthd[26790] :main            : using process model
saslauthd[26790] :have_baby       : forked child: 26791
saslauthd[26790] :have_baby       : forked child: 26792
saslauthd[26790] :have_baby       : forked child: 26793
saslauthd[26790] :have_baby       : forked child: 26794

ps aux | grep sasl

Code: Select all

root     25870  0.0  0.0   7216   988 ?        Ss   18:01   0:00 /usr/sbin/saslauthd -a pam -c -m /var/spool/postfix/var/run/saslauthd -r -n 5
root     25871  0.0  0.0   7336  1416 ?        S    18:01   0:00 /usr/sbin/saslauthd -a pam -c -m /var/spool/postfix/var/run/saslauthd -r -n 5
root     25872  0.0  0.0   7216   544 ?        S    18:01   0:00 /usr/sbin/saslauthd -a pam -c -m /var/spool/postfix/var/run/saslauthd -r -n 5
root     25873  0.0  0.0   7216   364 ?        S    18:01   0:00 /usr/sbin/saslauthd -a pam -c -m /var/spool/postfix/var/run/saslauthd -r -n 5
root     25874  0.0  0.0   7216   364 ?        S    18:01   0:00 /usr/sbin/saslauthd -a pam -c -m /var/spool/postfix/var/run/saslauthd -r -n 5
root     26756  0.0  0.0   2012   732 pts/2    R+   18:11   0:00 grep sasl

Postfix läuft nicht im Jail:
master.cf

Code: Select all

smtp      inet  n       -       n       -       -       smtpd -v

[Joe User]

Entweder
/etc/default/saslauthd

Code: Select all

START=yes
MECHANISMS="pam"
MECH_OPTIONS=""
THREADS=5
OPTIONS="-c -m /var/run/saslauthd -r"

oder
master.cf

Code: Select all

smtp      inet  n       -       y       -       -       smtpd -v

[/quote]

[daten-zwerg]

stimmt das passt nicht zusammen aber weder das eine noch das andere funktioniert:

Code: Select all

SASL LOGIN authentication failed: authentication failure

fahre aber jetzt ohne chroot, weil das weniger fehleranfällig ist