Need Help! postfix sasl setup problems..

[fffeee]

Hi,

I own a linux server on which I planed to configure postfix in order to communicate with it via thunderbird. I want to use IMAP. for authentication purposes I tried to use sasl.. There are the already the right certificates but something doesnt work. I cant connect the postfix user (info@fiveminutecoin.com) with thunderbird. Here is my main.cf:

Code: Select all

alias_database = hash:/etc/aliases
alias_maps = hash:/etc/aliases
append_dot_mydomain = no
biff = no
inet_interfaces = all
mailbox_size_limit = 0
mydomain = fiveminutecoin.com
myhostname = fiveminutecoin.com
#mynetworks = 127.0.0.0/8
mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128, 217.172.183.204/32
myorigin = /etc/mailname
recipient_delimiter = +
mydestination = florenz204.server4you.de, localhost.$mydomain, localhost, mail.fiveminutecoin.com, fiveminutecoin.com, fiveminutecoin.de

smtp_tls_note_starttls_offer = yes
smtp_tls_session_cache_database = $smtpd_tls_session_cache_database
smtp_use_tls = yes

smtpd_client_restrictions =
  permit_mynetworks,
  permit_sasl_authenticated,
  reject_unknown_client_hostname,
  reject_unknown_reverse_client_hostname,
  reject_rbl_client sbl.spamhaus.org, 
  reject_rbl_client blackholes.easynet.nl,
  reject_rbl_client dnsbl.njabl.org,
  permit

smtpd_data_restrictions =
  permit_mynetworks,
  permit_sasl_authenticated,
  reject_unauth_pipelining,
  permit

smtpd_helo_restrictions =
  permit_mynetworks,
  permit_sasl_authenticated,
  reject_invalid_helo_hostname,
  reject_non_fqdn_helo_hostname,
  reject_unknown_helo_hostname,
  permit

smtpd_recipient_restrictions = permit_sasl_authenticated,permit_mynetworks,reject_unauth_destination



smtpd_sender_restrictions =
  permit_mynetworks,
  permit_sasl_authenticated,
  reject_non_fqdn_sender,
  reject_unknown_sender_domain,
  permit


smtpd_sasl_path = private/auth
smtpd_sasl_local_domain = florenz204.server4you.de
smtpd_sasl_security_options = noanonymous
broken_sasl_auth_clients = yes
smtpd_delay_reject = yes
smtpd_helo_required = yes
smtpd_sasl_auth_enable = yes
smtpd_tls_auth_only = no
smtpd_use_tls = yes
smtpd_tls_key_file = /etc/ssl/private/smtpd.key
smtpd_tls_cert_file = /etc/ssl/certs/smtpd.crt
smtpd_tls_CAfile = /etc/ssl/certs/cacert.pem
smtpd_tls_loglevel = 1
smtpd_tls_received_header = yes
smtpd_tls_session_cache_timeout = 3600s
tls_random_source = dev:/dev/urandom
smtpd_banner = $myhostname ESMTP $mail_name (Ubuntu)
home_mailbox = Maildir/
mailbox_command = procmail -a "$EXTENSION"
message_size_limit = 104857600
unknown_local_recipient_reject_code = 550
inet_protocols = all
relayhost = 
virtual_alias_domains = fiveminutecoin.com fiveminutecoin.de
virtual_alias_maps = hash:/etc/postfix/virtual
smtp_tls_security_level = may
smtpd_tls_security_level = may

Could please someone help me? I`m not that into server administration and I dont now where I can get help..
Thanks :)

[Joe User]

Die Logzeilen (/var/log/mail.log) eines Verbindungsversuchs, sowie die Fehlermeldung von Thunderbird und dessen Konfiguration wären sehr hilfreich.

[fffeee]

florenz204:~# tail /var/log/mail.log
Jun 14 20:08:51 florenz204 postfix/smtpd[4451]: warning: SASL authentication problem: unable to open Berkeley db /etc/sasldb2: No such file or directory
Jun 14 20:08:51 florenz204 postfix/smtpd[4451]: warning: unknown[121.33.63.249]: SASL LOGIN authentication failed: authentication failure
Jun 14 20:08:55 florenz204 postfix/smtpd[4451]: warning: SASL authentication problem: unable to open Berkeley db /etc/sasldb2: No such file or directory
Jun 14 20:08:55 florenz204 postfix/smtpd[4451]: warning: SASL authentication problem: unable to open Berkeley db /etc/sasldb2: No such file or directory
Jun 14 20:08:55 florenz204 postfix/smtpd[4451]: warning: unknown[121.33.63.249]: SASL LOGIN authentication failed: authentication failure
Jun 14 20:13:59 florenz204 postfix/smtpd[4451]: timeout after AUTH from unknown[121.33.63.249]
Jun 14 20:13:59 florenz204 postfix/smtpd[4451]: disconnect from unknown[121.33.63.249]
Jun 14 20:17:19 florenz204 postfix/anvil[4454]: statistics: max connection rate 1/60s for (smtp:121.33.63.249) at Jun 14 20:07:35
Jun 14 20:17:19 florenz204 postfix/anvil[4454]: statistics: max connection count 1 for (smtp:121.33.63.249) at Jun 14 20:07:35
Jun 14 20:17:19 florenz204 postfix/anvil[4454]: statistics: max cache size 1 at Jun 14 20:07:35


Thunderbird kann keine Einstellungen für ihr emailkonto finden...

Das ist alles..

[Joe User]

Du musst die /etc/sasldb2 anlegen.

[fffeee]

nach dem einrichten von sasldb2:

Code: Select all

Jun 15 10:54:47 florenz204 postfix/smtpd[14955]: disconnect from unknown[78.104.170.94]
Jun 15 10:54:47 florenz204 postfix/smtpd[14957]: disconnect from unknown[78.104.170.94]
Jun 15 10:54:47 florenz204 postfix/smtpd[14960]: connect from unknown[78.104.170.94]
Jun 15 10:54:47 florenz204 postfix/smtpd[14959]: connect from unknown[78.104.170.94]
Jun 15 10:54:47 florenz204 postfix/smtpd[14960]: disconnect from unknown[78.104.170.94]
Jun 15 10:54:47 florenz204 postfix/smtpd[14957]: connect from unknown[78.104.170.94]
Jun 15 10:54:47 florenz204 postfix/smtpd[14959]: disconnect from unknown[78.104.170.94]
Jun 15 10:54:47 florenz204 postfix/smtpd[14955]: connect from unknown[78.104.170.94]
Jun 15 10:54:47 florenz204 postfix/smtpd[14957]: disconnect from unknown[78.104.170.94]
Jun 15 10:54:47 florenz204 postfix/smtpd[14955]: disconnect from unknown[78.104.170.94]

Aber ich weiß auch nicht genau was ich bei thunderbird einstellen muss..
ports etc.? Normalerweise findet er immer die richtigen Einstelungen automatisch?!

Aber danke für die Antwort :)

[Joe User]

Zeig mal Deine smtpd.conf und lese http://www.postfix.org/SASL_README.html sowie http://www.postfix.org/TLS_README.html

Thunderbird rät nicht immer richtig ;)

[fffeee]

pwcheck_method: saslauthd
mech_list: plain login

das is alles was drin steht..

Zu den Dokumenten: ich habe bereits versucht draus schlau zu werden aber irgendwie hilfts mir nich weiter.

[Joe User]

OK, dann brauchen wir jetzt noch die Konfigurationen von saslauthd und Thunderbird.

[fffeee]

Code: Select all

#
# Settings for saslauthd daemon
# Please read /usr/share/doc/sasl2-bin/README.Debian for details.
#

# Should saslauthd run automatically on startup? (default: no)
START=yes

PWDIR="/var/spool/postfix/var/run/saslauthd"
PARAMS="-m ${PWDIR}"
PIDFILE="${PWDIR}/saslauthd.pid"

# Description of this saslauthd instance. Recommended.
# (suggestion: SASL Authentication Daemon)
DESC="SASL Authentication Daemon"

# Short name of this saslauthd instance. Strongly recommended.
# (suggestion: saslauthd)
NAME="saslauthd"

# Which authentication mechanisms should saslauthd use? (default: pam)
#
# Available options in this Debian package:
# getpwent  -- use the getpwent() library function
# kerberos5 -- use Kerberos 5
# pam       -- use PAM
# rimap     -- use a remote IMAP server
# shadow    -- use the local shadow password file
# sasldb    -- use the local sasldb database file
# ldap      -- use LDAP (configuration is in /etc/saslauthd.conf)
#
# Only one option may be used at a time. See the saslauthd man page
# for more information.
#
# Example: MECHANISMS="pam"
MECHANISMS="pam"

# Additional options for this mechanism. (default: none)
# See the saslauthd man page for information about mech-specific options.
MECH_OPTIONS=""

# How many saslauthd processes should we run? (default: 5)
# A value of 0 will fork a new process for each connection.
THREADS=5

# Other options (default: -c -m /var/run/saslauthd)
# Note: You MUST specify the -m option or saslauthd won't run!
#
# WARNING: DO NOT SPECIFY THE -d OPTION.
# The -d option will cause saslauthd to run in the foreground instead of as
# a daemon. This will PREVENT YOUR SYSTEM FROM BOOTING PROPERLY. If you wish
# to run saslauthd in debug mode, please run it by hand to be safe.
#
# See /usr/share/doc/sasl2-bin/README.Debian for Debian-specific information.
# See the saslauthd man page and the output of 'saslauthd -h' for general
# information about these options.
#
# Example for postfix users: "-c -m /var/spool/postfix/var/run/saslauthd"
OPTIONS="-c -m /var/spool/postfix/var/run/saslauthd"

Thunderbird:

Server-Adresse Port SSL AUTHENTIFIZIERUNG
IMAP:imap.fiveminutecoin.com 143 STARTTLS Paswwort,normal
SMTP:smtp.fiveminutecoin.com 25 STARTTLS Paswwort,normal

Passt das so?

[Joe User]

Da bei Dir einfach zu viele Baustellen abzuarbeiten sind, geht es schneller für Dich, wenn Du ganz von vorne beginnst:
http://workaround.org/ispmail/squeeze passt normalerweise auch auf Dein Ubuntu, sofern Du die nötigen Repos und Pfade selbst anpasst.

[fffeee]

puh.. also ich habe keine datenbank die ich verwende.. das ist ganz schön komplex..

[Joe User]

Am Ende des Tages/Wochenendes ist es weniger komplex, als es auf den ersten Blick zu scheinen mag. Es funktioniert und es ist flexibel. Du packst das mit etwas Geduld.

[fffeee]

Naja.. muss gleichzeitig noch für meine letzte Bachelorprüfung lernen die am Dienstag stattfindet.. und irgendwie muss dieser scheiß Mailserver bis dahin auch funktionieren. Also hat zwar nichts damit zu tun aber..