problem mit postfix + saslauthd

darkelf

darkelf

Grünschnabel
Hallo

Ich verwende postfix auf einem root-server für eine domain. Die Clients sollen sich gegen die /etc/shadow authorisieren um emails zu verschicken. Da postfix keine rechte auf die Datei /etc/shadow hat erfolgt der zugriff über das Programm saslauthd (gemäß diverser Howtos). Folgende Fehlermeldung habe ich in /var/log/mail
Code: 
Apr 16 12:32:05 h81916 postfix/smtpd[10911]: > <<clientname[client-ip]>>: 220 smtp.<<meine-domain>> ESMTP Postfix
Apr 16 12:32:05 h81916 postfix/smtpd[10911]: < <<clientname[client-ip]>>: EHLO dragon
Apr 16 12:32:05 h81916 postfix/smtpd[10911]: > <<clientname[client-ip]>>: 250-smtp.<<meine-domain>>
Apr 16 12:32:05 h81916 postfix/smtpd[10911]: > <<clientname[client-ip]>>: 250-PIPELINING
Apr 16 12:32:05 h81916 postfix/smtpd[10911]: > <<clientname[client-ip]>>: 250-SIZE 10240000
Apr 16 12:32:05 h81916 postfix/smtpd[10911]: > <<clientname[client-ip]>>: 250-VRFY
Apr 16 12:32:05 h81916 postfix/smtpd[10911]: > <<clientname[client-ip]>>: 250-ETRN
Apr 16 12:32:05 h81916 postfix/smtpd[10911]: > <<clientname[client-ip]>>: 250-AUTH OTP DIGEST-MD5 CRAM-MD5 LOGIN PLAIN
Apr 16 12:32:05 h81916 postfix/smtpd[10911]: match_list_match: <<clientname>>: no match
Apr 16 12:32:05 h81916 postfix/smtpd[10911]: match_list_match: <<client-ip>>: no match
Apr 16 12:32:05 h81916 postfix/smtpd[10911]: > <<clientname[client-ip]>>: 250-AUTH=OTP DIGEST-MD5 CRAM-MD5 LOGIN PLAIN
Apr 16 12:32:05 h81916 postfix/smtpd[10911]: > <<clientname[client-ip]>>: 250 8BITMIME
Apr 16 12:32:05 h81916 postfix/smtpd[10911]: < <<clientname[client-ip]>>: AUTH LOGIN
Apr 16 12:32:05 h81916 postfix/smtpd[10911]: smtpd_sasl_authenticate: sasl_method LOGIN
Apr 16 12:32:05 h81916 postfix/smtpd[10911]: smtpd_sasl_authenticate: uncoded challenge: Username:
Apr 16 12:32:05 h81916 postfix/smtpd[10911]: > <<clientname[client-ip]>>: 334 xxxxxxxxxxxxxx
Apr 16 12:32:05 h81916 postfix/smtpd[10911]: < <<clientname[client-ip]>>: xxxxxxxxxxxxxxx
Apr 16 12:32:05 h81916 postfix/smtpd[10911]: smtpd_sasl_authenticate: decoded response: xxxxxxxxx
Apr 16 12:32:05 h81916 postfix/smtpd[10911]: smtpd_sasl_authenticate: uncoded challenge: Password:
Apr 16 12:32:05 h81916 postfix/smtpd[10911]: > <<clientname[client-ip]>>: 334 xxxxxxxxxxx
Apr 16 12:32:05 h81916 postfix/smtpd[10911]: < <<clientname[client-ip]>>: xxxxxxxxxxxx
Apr 16 12:32:05 h81916 postfix/smtpd[10911]: smtpd_sasl_authenticate: decoded response: xxxxxxxxxxx
Apr 16 12:32:05 h81916 postfix/smtpd[10911]: warning: SASL authentication failure: cannot connect to saslauthd server: Permission denied
Apr 16 12:32:05 h81916 postfix/smtpd[10911]: warning: <<clientname[client-ip]>>: SASL LOGIN authentication failed
Apr 16 12:32:05 h81916 postfix/smtpd[10911]: > <<clientname[client-ip]>>: 535 Error: authentication failed
Apr 16 12:32:05 h81916 postfix/smtpd[10911]: smtp_get: EOF

"cannot connect to saslauthd server: Permission denied" --> welche permissions sind gemeint?
"smtp_get: EOF" --> End Of File ???
Vielleicht hat ja jemand ne Idee woran das liegen könnte.

Folgende Konfiguration habe ich
cyrus-sasl 2.1.20
Postfix 2.2.2

Code: 
h81916:/usr/src # postconf -n
broken_sasl_auth_clients = yes
command_directory = /usr/sbin
config_directory = /etc/postfix
daemon_directory = /usr/libexec/postfix
debug_peer_level = 2
html_directory = no
inet_interfaces = all
mail_owner = postfix
mailq_path = /usr/bin/mailq
manpage_directory = /usr/local/man
mydestination = $myhostname, localhost.$mydomain, localhost, $mydomain
mydomain = <<meine-domain.de>>
myhostname = smtp.<<meine-domain.de>>
myorigin = $mydomain
newaliases_path = /usr/bin/newaliases
queue_directory = /var/spool/postfix
readme_directory = no
sample_directory = /etc/postfix
sendmail_path = /usr/sbin/sendmail
setgid_group = postdrop
smtpd_recipient_restrictions = permit_sasl_authenticated,reject
smtpd_sasl_auth_enable = yes
smtpd_sasl_security_options = noanonymous
unknown_local_recipient_reject_code = 550
Code: 
h81916:/usr/src # saslfinger -s
saslfinger - postfix Cyrus sasl configuration Sa Apr 16 12:55:59 CEST 2005
version: 0.9.9.1
mode: server-side SMTP AUTH

-- basics --
Postfix: 2.2.2
System:
Welcome to SuSE Linux 9.1 (i586) - Kernel \r (\l).

-- smtpd is linked to --
        libsasl2.so.2 => /usr/local/lib/libsasl2.so.2 (0x4001d000)

-- active SMTP AUTH and TLS parameters for smtpd --
broken_sasl_auth_clients = yes
smtpd_sasl_auth_enable = yes
smtpd_sasl_security_options = noanonymous


-- listing of /usr/lib/sasl2 --
insgesamt 1696
drwxr-xr-x  2 root root   4096 2005-04-16 11:36 .
drwxr-xr-x  5 root root   4096 2005-04-15 17:33 ..
-rwxr-xr-x  1 root root    686 2005-04-15 17:32 libanonymous.la
-rwxr-xr-x  1 root root  50833 2005-04-15 17:32 libanonymous.so
-rwxr-xr-x  1 root root  50833 2005-04-15 17:32 libanonymous.so.2
-rwxr-xr-x  1 root root  50833 2005-04-15 17:32 libanonymous.so.2.0.20
-rwxr-xr-x  1 root root    674 2005-04-15 17:32 libcrammd5.la
-rwxr-xr-x  1 root root  56364 2005-04-15 17:32 libcrammd5.so
-rwxr-xr-x  1 root root  56364 2005-04-15 17:32 libcrammd5.so.2
-rwxr-xr-x  1 root root  56364 2005-04-15 17:32 libcrammd5.so.2.0.20
-rwxr-xr-x  1 root root    704 2005-04-15 17:32 libdigestmd5.la
-rwxr-xr-x  1 root root 112569 2005-04-15 17:32 libdigestmd5.so
-rwxr-xr-x  1 root root 112569 2005-04-15 17:32 libdigestmd5.so.2
-rwxr-xr-x  1 root root 112569 2005-04-15 17:32 libdigestmd5.so.2.0.20
-rwxr-xr-x  1 root root    670 2005-04-15 17:32 liblogin.la
-rwxr-xr-x  1 root root  51949 2005-04-15 17:32 liblogin.so
-rwxr-xr-x  1 root root  51949 2005-04-15 17:32 liblogin.so.2
-rwxr-xr-x  1 root root  51949 2005-04-15 17:32 liblogin.so.2.0.20
-rwxr-xr-x  1 root root    659 2005-04-15 17:32 libotp.la
-rwxr-xr-x  1 root root 110884 2005-04-15 17:32 libotp.so
-rwxr-xr-x  1 root root 110884 2005-04-15 17:32 libotp.so.2
-rwxr-xr-x  1 root root 110884 2005-04-15 17:32 libotp.so.2.0.20
-rwxr-xr-x  1 root root    670 2005-04-15 17:32 libplain.la
-rwxr-xr-x  1 root root  52043 2005-04-15 17:32 libplain.so
-rwxr-xr-x  1 root root  52043 2005-04-15 17:32 libplain.so.2
-rwxr-xr-x  1 root root  52043 2005-04-15 17:32 libplain.so.2.0.20
-rwxr-xr-x  1 root root    698 2005-04-15 17:32 libsasldb.la
-rwxr-xr-x  1 root root  88811 2005-04-15 17:32 libsasldb.so
-rwxr-xr-x  1 root root  88811 2005-04-15 17:32 libsasldb.so.2
-rwxr-xr-x  1 root root  88811 2005-04-15 17:32 libsasldb.so.2.0.20
-rw-------  1 root root     73 2005-04-16 11:36 smtpd.conf

-- listing of /usr/local/lib/sasl2 --
insgesamt 1696
drwxr-xr-x  2 root root   4096 2005-04-16 11:36 .
drwxr-xr-x  5 root root   4096 2005-04-15 17:33 ..
-rwxr-xr-x  1 root root    686 2005-04-15 17:32 libanonymous.la
-rwxr-xr-x  1 root root  50833 2005-04-15 17:32 libanonymous.so
-rwxr-xr-x  1 root root  50833 2005-04-15 17:32 libanonymous.so.2
-rwxr-xr-x  1 root root  50833 2005-04-15 17:32 libanonymous.so.2.0.20
-rwxr-xr-x  1 root root    674 2005-04-15 17:32 libcrammd5.la
-rwxr-xr-x  1 root root  56364 2005-04-15 17:32 libcrammd5.so
-rwxr-xr-x  1 root root  56364 2005-04-15 17:32 libcrammd5.so.2
-rwxr-xr-x  1 root root  56364 2005-04-15 17:32 libcrammd5.so.2.0.20
-rwxr-xr-x  1 root root    704 2005-04-15 17:32 libdigestmd5.la
-rwxr-xr-x  1 root root 112569 2005-04-15 17:32 libdigestmd5.so
-rwxr-xr-x  1 root root 112569 2005-04-15 17:32 libdigestmd5.so.2
-rwxr-xr-x  1 root root 112569 2005-04-15 17:32 libdigestmd5.so.2.0.20
-rwxr-xr-x  1 root root    670 2005-04-15 17:32 liblogin.la
-rwxr-xr-x  1 root root  51949 2005-04-15 17:32 liblogin.so
-rwxr-xr-x  1 root root  51949 2005-04-15 17:32 liblogin.so.2
-rwxr-xr-x  1 root root  51949 2005-04-15 17:32 liblogin.so.2.0.20
-rwxr-xr-x  1 root root    659 2005-04-15 17:32 libotp.la
-rwxr-xr-x  1 root root 110884 2005-04-15 17:32 libotp.so
-rwxr-xr-x  1 root root 110884 2005-04-15 17:32 libotp.so.2
-rwxr-xr-x  1 root root 110884 2005-04-15 17:32 libotp.so.2.0.20
-rwxr-xr-x  1 root root    670 2005-04-15 17:32 libplain.la
-rwxr-xr-x  1 root root  52043 2005-04-15 17:32 libplain.so
-rwxr-xr-x  1 root root  52043 2005-04-15 17:32 libplain.so.2
-rwxr-xr-x  1 root root  52043 2005-04-15 17:32 libplain.so.2.0.20
-rwxr-xr-x  1 root root    698 2005-04-15 17:32 libsasldb.la
-rwxr-xr-x  1 root root  88811 2005-04-15 17:32 libsasldb.so
-rwxr-xr-x  1 root root  88811 2005-04-15 17:32 libsasldb.so.2
-rwxr-xr-x  1 root root  88811 2005-04-15 17:32 libsasldb.so.2.0.20
-rw-------  1 root root     73 2005-04-16 11:36 smtpd.conf




-- content of /usr/lib/sasl2/smtpd.conf --
pwcheck_method:saslauthd
saslauthd_path:/var/state/saslauthd
log_level:7

-- content of /usr/local/lib/sasl2/smtpd.conf --
pwcheck_method:saslauthd
saslauthd_path:/var/state/saslauthd
log_level:7


-- active services in /etc/postfix/master.cf --
# service type  private unpriv  chroot  wakeup  maxproc command + args
#               (yes)   (yes)   (yes)   (never) (100)
smtp      inet  n       -       n       -       -       smtpd -v
        -o smtpd_client_restrictions=permit_sasl_authenticated,reject
pickup    fifo  n       -       n       60      1       pickup
cleanup   unix  n       -       n       -       0       cleanup
qmgr      fifo  n       -       n       300     1       qmgr
tlsmgr    unix  -       -       n       1000?   1       tlsmgr
rewrite   unix  -       -       n       -       -       trivial-rewrite
bounce    unix  -       -       n       -       0       bounce
defer     unix  -       -       n       -       0       bounce
trace     unix  -       -       n       -       0       bounce
verify    unix  -       -       n       -       1       verify
flush     unix  n       -       n       1000?   0       flush
proxymap  unix  -       -       n       -       -       proxymap
smtp      unix  -       -       n       -       -       smtp
relay     unix  -       -       n       -       -       smtp
        -o fallback_relay=
showq     unix  n       -       n       -       -       showq
error     unix  -       -       n       -       -       error
discard   unix  -       -       n       -       -       discard
local     unix  -       n       n       -       -       local
virtual   unix  -       n       n       -       -       virtual
lmtp      unix  -       -       n       -       -       lmtp
anvil     unix  -       -       n       -       1       anvil
scache    unix  -       -       n       -       1       scache
maildrop  unix  -       n       n       -       -       pipe
  flags=DRhu user=vmail argv=/usr/local/bin/maildrop -d ${recipient}
old-cyrus unix  -       n       n       -       -       pipe
  flags=R user=cyrus argv=/cyrus/bin/deliver -e -m ${extension} ${user}
cyrus     unix  -       n       n       -       -       pipe
  user=cyrus argv=/cyrus/bin/deliver -e -r ${sender} -m ${extension} ${user}
uucp      unix  -       n       n       -       -       pipe
  flags=Fqhu user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail ($recipient)
ifmail    unix  -       n       n       -       -       pipe
  flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient)
bsmtp     unix  -       n       n       -       -       pipe
  flags=Fq. user=foo argv=/usr/local/sbin/bsmtp -f $sender $nexthop $recipient

-- mechanisms on localhost --
250-AUTH OTP DIGEST-MD5 CRAM-MD5 LOGIN PLAIN
250-AUTH=OTP DIGEST-MD5 CRAM-MD5 LOGIN PLAIN


-- end of saslfinger output --
Code: 
h81916:/usr/src # ps aux | grep saslauthd
root      9676  0.0  0.1  1652  528 ?        Ss   11:50   0:00 /usr/sbin/saslauthd -a shadow -m /var/state/saslauthd
root      9677  0.0  0.1  1840  872 ?        S    11:50   0:00 /usr/sbin/saslauthd -a shadow -m /var/state/saslauthd
root      9678  0.0  0.1  1652  528 ?        S    11:50   0:00 /usr/sbin/saslauthd -a shadow -m /var/state/saslauthd
root      9679  0.0  0.1  1652  528 ?        S    11:50   0:00 /usr/sbin/saslauthd -a shadow -m /var/state/saslauthd
root      9680  0.0  0.1  1652  528 ?        S    11:50   0:00 /usr/sbin/saslauthd -a shadow -m /var/state/saslauthd
root     11147  0.0  0.1  1788  696 pts/3    R+   13:10   0:00 grep saslauthd
Code: 
h81916:/var/state/saslauthd # l
insgesamt 12
drwxr-xr-x  2 root root 4096 2005-04-16 11:38 ./
drwxr-xr-x  3 root root 4096 2005-03-31 14:43 ../
srwxrwxrwx  1 root root    0 2005-04-16 11:38 mux=
-rw-------  1 root root    0 2005-04-16 11:38 mux.accept
-rw-------  1 root root    5 2005-04-16 11:38 saslauthd.pid
 
Hab den Fehler selber gefunden.

Die Datei /usr/lib/sasl2/smtpd.conf
Code: 
pwcheck_method:saslauthd
saslauthd_path:/var/state/saslauthd
log_level:7

muss heißen
Code: 
pwcheck_method:saslauthd
saslauthd_path:/var/state/saslauthd/mux

dann klappts.
 
Anmelden, um zu antworten.

Ähnliche Themen

Mit AWK verschiedene Felder verschiedener Zeilen vergleichen
Mit AWK verschiedene Felder verschiedener Zeilen vergleichen: Hallo alle zusammen! Bei folgender Aufgabe komme ich nicht weiter. Hier ist der zu verarbeitende Inhalt einer Datei (die Zeilennummern gehören nicht zum...

Adressvergabe in anderen Subnets
Adressvergabe in anderen Subnets: Hallo zusammen, nach längerem testen und probieren, bekomme ich die Adressvergabe in den einzelnen VLANs hin... Mein Problem ist, dass die Vergabe der...

Creative Labs SoundBlaster Audigy 2 ZS unter Debian / Kernel 3.16
Creative Labs SoundBlaster Audigy 2 ZS unter Debian / Kernel 3.16: Hallo zusammen Beim verwendeten Gerät handelt es sich um eine Sun Ultra 45, also SPARC-Plattform. Die Karte wird angezeigt bei den Audio-Einstellungen...

X startet nichtmehr
X startet nichtmehr: Hallo, ich habe versucht CUDA und OPENCL mit meiner Graka zum laufen zu bekommen ... nun hängt er aber schon beim Booten bei "started Update UTMP about...

XEN 4.3 GMP Problem
XEN 4.3 GMP Problem: Hallo, ich bin gerade dabei Xen 4.3 auf meiner openSUSE 12.3 zu kompilieren. Als Voraussetzung benötigt XEN das GMP (http://gmplib.org/) . Soweit...

Neueste Themen

Zurück
Oben