darkelf
Grünschnabel
Hallo
Ich verwende postfix auf einem root-server für eine domain. Die Clients sollen sich gegen die /etc/shadow authorisieren um emails zu verschicken. Da postfix keine rechte auf die Datei /etc/shadow hat erfolgt der zugriff über das Programm saslauthd (gemäß diverser Howtos). Folgende Fehlermeldung habe ich in /var/log/mail
"cannot connect to saslauthd server: Permission denied" --> welche permissions sind gemeint?
"smtp_get: EOF" --> End Of File ???
Vielleicht hat ja jemand ne Idee woran das liegen könnte.
Folgende Konfiguration habe ich
cyrus-sasl 2.1.20
Postfix 2.2.2
Ich verwende postfix auf einem root-server für eine domain. Die Clients sollen sich gegen die /etc/shadow authorisieren um emails zu verschicken. Da postfix keine rechte auf die Datei /etc/shadow hat erfolgt der zugriff über das Programm saslauthd (gemäß diverser Howtos). Folgende Fehlermeldung habe ich in /var/log/mail
Code:
Apr 16 12:32:05 h81916 postfix/smtpd[10911]: > <<clientname[client-ip]>>: 220 smtp.<<meine-domain>> ESMTP Postfix
Apr 16 12:32:05 h81916 postfix/smtpd[10911]: < <<clientname[client-ip]>>: EHLO dragon
Apr 16 12:32:05 h81916 postfix/smtpd[10911]: > <<clientname[client-ip]>>: 250-smtp.<<meine-domain>>
Apr 16 12:32:05 h81916 postfix/smtpd[10911]: > <<clientname[client-ip]>>: 250-PIPELINING
Apr 16 12:32:05 h81916 postfix/smtpd[10911]: > <<clientname[client-ip]>>: 250-SIZE 10240000
Apr 16 12:32:05 h81916 postfix/smtpd[10911]: > <<clientname[client-ip]>>: 250-VRFY
Apr 16 12:32:05 h81916 postfix/smtpd[10911]: > <<clientname[client-ip]>>: 250-ETRN
Apr 16 12:32:05 h81916 postfix/smtpd[10911]: > <<clientname[client-ip]>>: 250-AUTH OTP DIGEST-MD5 CRAM-MD5 LOGIN PLAIN
Apr 16 12:32:05 h81916 postfix/smtpd[10911]: match_list_match: <<clientname>>: no match
Apr 16 12:32:05 h81916 postfix/smtpd[10911]: match_list_match: <<client-ip>>: no match
Apr 16 12:32:05 h81916 postfix/smtpd[10911]: > <<clientname[client-ip]>>: 250-AUTH=OTP DIGEST-MD5 CRAM-MD5 LOGIN PLAIN
Apr 16 12:32:05 h81916 postfix/smtpd[10911]: > <<clientname[client-ip]>>: 250 8BITMIME
Apr 16 12:32:05 h81916 postfix/smtpd[10911]: < <<clientname[client-ip]>>: AUTH LOGIN
Apr 16 12:32:05 h81916 postfix/smtpd[10911]: smtpd_sasl_authenticate: sasl_method LOGIN
Apr 16 12:32:05 h81916 postfix/smtpd[10911]: smtpd_sasl_authenticate: uncoded challenge: Username:
Apr 16 12:32:05 h81916 postfix/smtpd[10911]: > <<clientname[client-ip]>>: 334 xxxxxxxxxxxxxx
Apr 16 12:32:05 h81916 postfix/smtpd[10911]: < <<clientname[client-ip]>>: xxxxxxxxxxxxxxx
Apr 16 12:32:05 h81916 postfix/smtpd[10911]: smtpd_sasl_authenticate: decoded response: xxxxxxxxx
Apr 16 12:32:05 h81916 postfix/smtpd[10911]: smtpd_sasl_authenticate: uncoded challenge: Password:
Apr 16 12:32:05 h81916 postfix/smtpd[10911]: > <<clientname[client-ip]>>: 334 xxxxxxxxxxx
Apr 16 12:32:05 h81916 postfix/smtpd[10911]: < <<clientname[client-ip]>>: xxxxxxxxxxxx
Apr 16 12:32:05 h81916 postfix/smtpd[10911]: smtpd_sasl_authenticate: decoded response: xxxxxxxxxxx
Apr 16 12:32:05 h81916 postfix/smtpd[10911]: warning: SASL authentication failure: cannot connect to saslauthd server: Permission denied
Apr 16 12:32:05 h81916 postfix/smtpd[10911]: warning: <<clientname[client-ip]>>: SASL LOGIN authentication failed
Apr 16 12:32:05 h81916 postfix/smtpd[10911]: > <<clientname[client-ip]>>: 535 Error: authentication failed
Apr 16 12:32:05 h81916 postfix/smtpd[10911]: smtp_get: EOF
"cannot connect to saslauthd server: Permission denied" --> welche permissions sind gemeint?
"smtp_get: EOF" --> End Of File ???
Vielleicht hat ja jemand ne Idee woran das liegen könnte.
Folgende Konfiguration habe ich
cyrus-sasl 2.1.20
Postfix 2.2.2
Code:
h81916:/usr/src # postconf -n
broken_sasl_auth_clients = yes
command_directory = /usr/sbin
config_directory = /etc/postfix
daemon_directory = /usr/libexec/postfix
debug_peer_level = 2
html_directory = no
inet_interfaces = all
mail_owner = postfix
mailq_path = /usr/bin/mailq
manpage_directory = /usr/local/man
mydestination = $myhostname, localhost.$mydomain, localhost, $mydomain
mydomain = <<meine-domain.de>>
myhostname = smtp.<<meine-domain.de>>
myorigin = $mydomain
newaliases_path = /usr/bin/newaliases
queue_directory = /var/spool/postfix
readme_directory = no
sample_directory = /etc/postfix
sendmail_path = /usr/sbin/sendmail
setgid_group = postdrop
smtpd_recipient_restrictions = permit_sasl_authenticated,reject
smtpd_sasl_auth_enable = yes
smtpd_sasl_security_options = noanonymous
unknown_local_recipient_reject_code = 550
Code:
h81916:/usr/src # saslfinger -s
saslfinger - postfix Cyrus sasl configuration Sa Apr 16 12:55:59 CEST 2005
version: 0.9.9.1
mode: server-side SMTP AUTH
-- basics --
Postfix: 2.2.2
System:
Welcome to SuSE Linux 9.1 (i586) - Kernel \r (\l).
-- smtpd is linked to --
libsasl2.so.2 => /usr/local/lib/libsasl2.so.2 (0x4001d000)
-- active SMTP AUTH and TLS parameters for smtpd --
broken_sasl_auth_clients = yes
smtpd_sasl_auth_enable = yes
smtpd_sasl_security_options = noanonymous
-- listing of /usr/lib/sasl2 --
insgesamt 1696
drwxr-xr-x 2 root root 4096 2005-04-16 11:36 .
drwxr-xr-x 5 root root 4096 2005-04-15 17:33 ..
-rwxr-xr-x 1 root root 686 2005-04-15 17:32 libanonymous.la
-rwxr-xr-x 1 root root 50833 2005-04-15 17:32 libanonymous.so
-rwxr-xr-x 1 root root 50833 2005-04-15 17:32 libanonymous.so.2
-rwxr-xr-x 1 root root 50833 2005-04-15 17:32 libanonymous.so.2.0.20
-rwxr-xr-x 1 root root 674 2005-04-15 17:32 libcrammd5.la
-rwxr-xr-x 1 root root 56364 2005-04-15 17:32 libcrammd5.so
-rwxr-xr-x 1 root root 56364 2005-04-15 17:32 libcrammd5.so.2
-rwxr-xr-x 1 root root 56364 2005-04-15 17:32 libcrammd5.so.2.0.20
-rwxr-xr-x 1 root root 704 2005-04-15 17:32 libdigestmd5.la
-rwxr-xr-x 1 root root 112569 2005-04-15 17:32 libdigestmd5.so
-rwxr-xr-x 1 root root 112569 2005-04-15 17:32 libdigestmd5.so.2
-rwxr-xr-x 1 root root 112569 2005-04-15 17:32 libdigestmd5.so.2.0.20
-rwxr-xr-x 1 root root 670 2005-04-15 17:32 liblogin.la
-rwxr-xr-x 1 root root 51949 2005-04-15 17:32 liblogin.so
-rwxr-xr-x 1 root root 51949 2005-04-15 17:32 liblogin.so.2
-rwxr-xr-x 1 root root 51949 2005-04-15 17:32 liblogin.so.2.0.20
-rwxr-xr-x 1 root root 659 2005-04-15 17:32 libotp.la
-rwxr-xr-x 1 root root 110884 2005-04-15 17:32 libotp.so
-rwxr-xr-x 1 root root 110884 2005-04-15 17:32 libotp.so.2
-rwxr-xr-x 1 root root 110884 2005-04-15 17:32 libotp.so.2.0.20
-rwxr-xr-x 1 root root 670 2005-04-15 17:32 libplain.la
-rwxr-xr-x 1 root root 52043 2005-04-15 17:32 libplain.so
-rwxr-xr-x 1 root root 52043 2005-04-15 17:32 libplain.so.2
-rwxr-xr-x 1 root root 52043 2005-04-15 17:32 libplain.so.2.0.20
-rwxr-xr-x 1 root root 698 2005-04-15 17:32 libsasldb.la
-rwxr-xr-x 1 root root 88811 2005-04-15 17:32 libsasldb.so
-rwxr-xr-x 1 root root 88811 2005-04-15 17:32 libsasldb.so.2
-rwxr-xr-x 1 root root 88811 2005-04-15 17:32 libsasldb.so.2.0.20
-rw------- 1 root root 73 2005-04-16 11:36 smtpd.conf
-- listing of /usr/local/lib/sasl2 --
insgesamt 1696
drwxr-xr-x 2 root root 4096 2005-04-16 11:36 .
drwxr-xr-x 5 root root 4096 2005-04-15 17:33 ..
-rwxr-xr-x 1 root root 686 2005-04-15 17:32 libanonymous.la
-rwxr-xr-x 1 root root 50833 2005-04-15 17:32 libanonymous.so
-rwxr-xr-x 1 root root 50833 2005-04-15 17:32 libanonymous.so.2
-rwxr-xr-x 1 root root 50833 2005-04-15 17:32 libanonymous.so.2.0.20
-rwxr-xr-x 1 root root 674 2005-04-15 17:32 libcrammd5.la
-rwxr-xr-x 1 root root 56364 2005-04-15 17:32 libcrammd5.so
-rwxr-xr-x 1 root root 56364 2005-04-15 17:32 libcrammd5.so.2
-rwxr-xr-x 1 root root 56364 2005-04-15 17:32 libcrammd5.so.2.0.20
-rwxr-xr-x 1 root root 704 2005-04-15 17:32 libdigestmd5.la
-rwxr-xr-x 1 root root 112569 2005-04-15 17:32 libdigestmd5.so
-rwxr-xr-x 1 root root 112569 2005-04-15 17:32 libdigestmd5.so.2
-rwxr-xr-x 1 root root 112569 2005-04-15 17:32 libdigestmd5.so.2.0.20
-rwxr-xr-x 1 root root 670 2005-04-15 17:32 liblogin.la
-rwxr-xr-x 1 root root 51949 2005-04-15 17:32 liblogin.so
-rwxr-xr-x 1 root root 51949 2005-04-15 17:32 liblogin.so.2
-rwxr-xr-x 1 root root 51949 2005-04-15 17:32 liblogin.so.2.0.20
-rwxr-xr-x 1 root root 659 2005-04-15 17:32 libotp.la
-rwxr-xr-x 1 root root 110884 2005-04-15 17:32 libotp.so
-rwxr-xr-x 1 root root 110884 2005-04-15 17:32 libotp.so.2
-rwxr-xr-x 1 root root 110884 2005-04-15 17:32 libotp.so.2.0.20
-rwxr-xr-x 1 root root 670 2005-04-15 17:32 libplain.la
-rwxr-xr-x 1 root root 52043 2005-04-15 17:32 libplain.so
-rwxr-xr-x 1 root root 52043 2005-04-15 17:32 libplain.so.2
-rwxr-xr-x 1 root root 52043 2005-04-15 17:32 libplain.so.2.0.20
-rwxr-xr-x 1 root root 698 2005-04-15 17:32 libsasldb.la
-rwxr-xr-x 1 root root 88811 2005-04-15 17:32 libsasldb.so
-rwxr-xr-x 1 root root 88811 2005-04-15 17:32 libsasldb.so.2
-rwxr-xr-x 1 root root 88811 2005-04-15 17:32 libsasldb.so.2.0.20
-rw------- 1 root root 73 2005-04-16 11:36 smtpd.conf
-- content of /usr/lib/sasl2/smtpd.conf --
pwcheck_method:saslauthd
saslauthd_path:/var/state/saslauthd
log_level:7
-- content of /usr/local/lib/sasl2/smtpd.conf --
pwcheck_method:saslauthd
saslauthd_path:/var/state/saslauthd
log_level:7
-- active services in /etc/postfix/master.cf --
# service type private unpriv chroot wakeup maxproc command + args
# (yes) (yes) (yes) (never) (100)
smtp inet n - n - - smtpd -v
-o smtpd_client_restrictions=permit_sasl_authenticated,reject
pickup fifo n - n 60 1 pickup
cleanup unix n - n - 0 cleanup
qmgr fifo n - n 300 1 qmgr
tlsmgr unix - - n 1000? 1 tlsmgr
rewrite unix - - n - - trivial-rewrite
bounce unix - - n - 0 bounce
defer unix - - n - 0 bounce
trace unix - - n - 0 bounce
verify unix - - n - 1 verify
flush unix n - n 1000? 0 flush
proxymap unix - - n - - proxymap
smtp unix - - n - - smtp
relay unix - - n - - smtp
-o fallback_relay=
showq unix n - n - - showq
error unix - - n - - error
discard unix - - n - - discard
local unix - n n - - local
virtual unix - n n - - virtual
lmtp unix - - n - - lmtp
anvil unix - - n - 1 anvil
scache unix - - n - 1 scache
maildrop unix - n n - - pipe
flags=DRhu user=vmail argv=/usr/local/bin/maildrop -d ${recipient}
old-cyrus unix - n n - - pipe
flags=R user=cyrus argv=/cyrus/bin/deliver -e -m ${extension} ${user}
cyrus unix - n n - - pipe
user=cyrus argv=/cyrus/bin/deliver -e -r ${sender} -m ${extension} ${user}
uucp unix - n n - - pipe
flags=Fqhu user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail ($recipient)
ifmail unix - n n - - pipe
flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient)
bsmtp unix - n n - - pipe
flags=Fq. user=foo argv=/usr/local/sbin/bsmtp -f $sender $nexthop $recipient
-- mechanisms on localhost --
250-AUTH OTP DIGEST-MD5 CRAM-MD5 LOGIN PLAIN
250-AUTH=OTP DIGEST-MD5 CRAM-MD5 LOGIN PLAIN
-- end of saslfinger output --
Code:
h81916:/usr/src # ps aux | grep saslauthd
root 9676 0.0 0.1 1652 528 ? Ss 11:50 0:00 /usr/sbin/saslauthd -a shadow -m /var/state/saslauthd
root 9677 0.0 0.1 1840 872 ? S 11:50 0:00 /usr/sbin/saslauthd -a shadow -m /var/state/saslauthd
root 9678 0.0 0.1 1652 528 ? S 11:50 0:00 /usr/sbin/saslauthd -a shadow -m /var/state/saslauthd
root 9679 0.0 0.1 1652 528 ? S 11:50 0:00 /usr/sbin/saslauthd -a shadow -m /var/state/saslauthd
root 9680 0.0 0.1 1652 528 ? S 11:50 0:00 /usr/sbin/saslauthd -a shadow -m /var/state/saslauthd
root 11147 0.0 0.1 1788 696 pts/3 R+ 13:10 0:00 grep saslauthd
Code:
h81916:/var/state/saslauthd # l
insgesamt 12
drwxr-xr-x 2 root root 4096 2005-04-16 11:38 ./
drwxr-xr-x 3 root root 4096 2005-03-31 14:43 ../
srwxrwxrwx 1 root root 0 2005-04-16 11:38 mux=
-rw------- 1 root root 0 2005-04-16 11:38 mux.accept
-rw------- 1 root root 5 2005-04-16 11:38 saslauthd.pid