die main.cf
Code:
mail_owner = postfix
readme_directory = /usr/share/doc/packages/postfix/README_FILES
mail_spool_directory = /var/mail
canonical_maps = hash:/etc/postfix/canonical
virtual_maps = hash:/etc/postfix/virtual
virtual_alias_maps= ldap:/etc/postfix/ldap-alias.cf
(die Datei sieht so aus:
Code:
bind_dn= cn=Manager,dc=mydc,dc=de
bind_pw= s789azt
server_host= localhost
server_port= 389
bind= yes
timeout= 20
search_base= ou=Users,ou=OxObjects,dc=mydc,dc=de
query_filter= (&(uid=%u)(objectClass=shadowAccount)(&(mailDomain=%d)(objectClass=OXUserObject)))
result_attribute= uid
scope= one
Finden tut er mich auch im ersten Durchgang lt. Log..aber was zum Geier sucht er danach und sagt dann unknown user p.tzvetanov
Code:
Apr 20 17:34:35 mail slapd[22485]: conn=312 op=3 SRCH base="ou=Users,ou=OxObjects,dc=mydc,dc=de" scope=1 deref=0 filter="(&(uid=p.tzvetanov)(objectClass=shadowAccount)(&(mailDomain=meinedomain.de)(objectClass=OXUserObject)))"
Apr 20 17:34:35 mail slapd[22485]: conn=312 op=3 SRCH attr=uid
Apr 20 17:34:35 mail slapd[22485]: conn=312 op=3 SEARCH RESULT tag=101 err=0 nentries=1 text=
Apr 20 17:34:35 mail slapd[23599]: conn=312 op=4 SRCH base="ou=Users,ou=OxObjects,dc=mydc,dc=de" scope=1 deref=0 filter="(&(uid=p.tzvetanov)(objectClass=shadowAccount)(&(mailDomain=mail.meinedomain.de)(objectClass=OXUserObject)))"
Apr 20 17:34:35 mail slapd[23599]: conn=312 op=4 SRCH attr=uid
Apr 20 17:34:35 mail slapd[23599]: conn=312 op=4 SEARCH RESULT tag=101 err=0 nentries=0 text=
Apr 20 17:34:35 mail slapd[22485]: conn=312 op=5 SRCH base="ou=Users,ou=OxObjects,dc=mydc,dc=de" scope=1 deref=0 filter="(&(uid=p.tzvetanov)(objectClass=shadowAccount)(&(?=undefined)(objectClass=OXUserObject)))"
Apr 20 17:34:35 mail slapd[22485]: conn=312 op=5 SRCH attr=uid
Apr 20 17:34:35 mail slapd[22485]: conn=312 op=5 SEARCH RESULT tag=101 err=0 nentries=0 text=
Apr 20 17:34:35 mail slapd[23599]: conn=312 op=6 SRCH base="ou=Users,ou=OxObjects,dc=mydc,dc=de" scope=1 deref=0 filter="(&(?=undefined)(objectClass=shadowAccount)(&(mailDomain=mail.meinedomain.de)(objectClass=OXUserObject)))"
Apr 20 17:34:35 mail slapd[23599]: conn=312 op=6 SRCH attr=uid
Apr 20 17:34:35 mail slapd[23599]: conn=312 op=6 SEARCH RESULT tag=101 err=0 nentries=0 text=
Apr 20 17:34:35 mail slapd[22482]: conn=313 fd=10 ACCEPT from IP=127.0.0.1:32792 (IP=0.0.0.0:389)
Apr 20 17:34:35 mail slapd[22485]: conn=313 op=0 BIND dn="cn=Manager,dc=mydc,dc=de" method=128
Apr 20 17:34:35 mail slapd[22485]: conn=313 op=0 BIND dn="cn=Manager,dc=mydc,dc=de" mech=SIMPLE ssf=0
Apr 20 17:34:35 mail slapd[22485]: conn=313 op=0 RESULT tag=97 err=0 text=
Apr 20 17:34:35 mail slapd[23599]: conn=313 op=1 SRCH base="ou=Users,ou=OxObjects,dc=mydc,dc=de" scope=1 deref=0 filter="(&(uid=mail.meinedomain.de)(objectClass=shadowAccount)(&(?=undefined)(objectClass=OXUserObject)))"
Apr 20 17:34:35 mail slapd[23599]: conn=313 op=1 SRCH attr=uid
Apr 20 17:34:35 mail slapd[23599]: conn=313 op=1 SEARCH RESULT tag=101 err=0 nentries=0 text=
Apr 20 17:34:35 mail slapd[22485]: conn=312 op=7 SRCH base="ou=Users,ou=OxObjects,dc=mydc,dc=de" scope=1 deref=0 filter="(&(uid=root)(objectClass=shadowAccount)(&(mailDomain=mail.meinedomain.de)(objectClass=OXUserObject)))"
Apr 20 17:34:35 mail slapd[22485]: conn=312 op=7 SRCH attr=uid
Apr 20 17:34:35 mail slapd[22485]: conn=312 op=7 SEARCH RESULT tag=101 err=0 nentries=0 text=
Apr 20 17:34:35 mail slapd[23599]: conn=312 op=8 SRCH base="ou=Users,ou=OxObjects,dc=mydc,dc=de" scope=1 deref=0 filter="(&(uid=root)(objectClass=shadowAccount)(&(?=undefined)(objectClass=OXUserObject)))"
Apr 20 17:34:35 mail slapd[23599]: conn=312 op=8 SRCH attr=uid
Apr 20 17:34:35 mail slapd[23599]: conn=312 op=8 SEARCH RESULT tag=101 err=0 nentries=0 text=
Apr 20 17:34:35 mail slapd[22485]: conn=312 op=9 SRCH base="ou=Users,ou=OxObjects,dc=mydc,dc=de" scope=1 deref=0 filter="(&(?=undefined)(objectClass=shadowAccount)(&(mailDomain=mail.meinedomain.de)(objectClass=OXUserObject)))"
Apr 20 17:34:35 mail slapd[22485]: conn=312 op=9 SRCH attr=uid
Apr 20 17:34:35 mail slapd[22485]: conn=312 op=9 SEARCH RESULT tag=101 err=0 nentries=0 text=
Apr 20 17:34:35 mail slapd[23599]: conn=313 op=2 SRCH base="ou=Users,ou=OxObjects,dc=mydc,dc=de" scope=1 deref=0 filter="(&(uid=mail.meinedomain.de)(objectClass=shadowAccount)(&(?=undefined)(objectClass=OXUserObject)))"
Apr 20 17:34:35 mail slapd[23599]: conn=313 op=2 SRCH attr=uid
Apr 20 17:34:35 mail slapd[23599]: conn=313 op=2 SEARCH RESULT tag=101 err=0 nentries=0 text=
Apr 20 17:34:35 mail slapd[22485]: conn=313 op=3 SRCH base="ou=Users,ou=OxObjects,dc=mydc,dc=de" scope=1 deref=0 filter="(&(uid=mail.meinedomain.de)(objectClass=shadowAccount)(&(?=undefined)(objectClass=OXUserObject)))"
Apr 20 17:34:35 mail slapd[22485]: conn=313 op=3 SRCH attr=uid
Apr 20 17:34:35 mail slapd[22485]: conn=313 op=3 SEARCH RESULT tag=101 err=0 nentries=0 text=
)
Code:
virtual_mailbox_base= /home/
relocated_maps = hash:/etc/postfix/relocated
transport_maps = hash:/etc/postfix/transport
sender_canonical_maps = hash:/etc/postfix/sender_canonical
masquerade_exceptions = root
masquerade_classes = envelope_sender, header_sender, header_recipient
myhostname = mail.meinedomain.de
program_directory = /usr/lib/postfix
inet_interfaces = all
masquerade_domains =
mydestination = $myhostname, localhost.$mydomain
defer_transports =
disable_dns_lookups = no
relayhost =
content_filter =
mailbox_command =
mailbox_transport =
smtpd_sender_restrictions = hash:/etc/postfix/access
smtpd_client_restrictions =
smtpd_helo_required = no
smtpd_helo_restrictions =
broken_sasl_auth_clients = yes
strict_rfc821_envelopes = no
smtpd_recipient_restrictions = permit_mynetworks,
permit_sasl_authenticated,
reject_non_fqdn_hostname,
reject_non_fqdn_sender,
reject_non_fqdn_recipient,
reject_unauth_destination,
reject_unauth_pipelining,
reject_invalid_hostname,
reject_rbl_client opm.blitzed.org,
reject_rbl_client list.dsbl.org,
reject_rbl_client bl.spamcop.net,
reject_rbl_client sbl-xbl.spamhaus.org
#smtp_sasl_auth_enable = yes
smtpd_sasl_auth_enable = yes
smtpd_sasl_local_domains = meinedomain.de
smtpd_use_tls = no
smtp_use_tls = no
alias_maps = hash:/etc/aliases
mailbox_size_limit = 0
message_size_limit = 10240000
mein Logbuch
Code:
Apr 20 17:34:15 mail postfix/smtp[5143]: name_mask: resource
Apr 20 17:34:15 mail postfix/smtp[5143]: name_mask: software
Apr 20 17:34:15 mail postfix/smtp[5143]: deliver_request_final: send: "" 0
Apr 20 17:34:15 mail postfix/smtp[5143]: send attr reason =
Apr 20 17:34:15 mail postfix/smtp[5143]: send attr status = 0
Apr 20 17:34:15 mail postfix/qmgr[5096]: ECEF51E827A: removed
Apr 20 17:34:15 mail postfix/smtp[5143]: master_notify: status 1
Apr 20 17:34:15 mail postfix/smtp[5143]: connection closed
Apr 20 17:34:15 mail postfix/smtp[5143]: watchdog_stop: 0x80851b0
Apr 20 17:34:15 mail postfix/smtp[5143]: watchdog_start: 0x80851b0
Apr 20 17:34:35 mail postfix/pickup[5095]: 55CEA1E827A: uid=0 from=<root>
Apr 20 17:34:35 mail postfix/cleanup[5141]: 55CEA1E827A: message-id=<4266768B.mail3YX11QNB1@forum.meinedomain.de>
Apr 20 17:34:35 mail postfix/qmgr[5096]: 55CEA1E827A: from=<root@mail.meinedomain.de>, size=451, nrcpt=1 (queue active)
Apr 20 17:34:35 mail postfix/local[5149]: 55CEA1E827A: to=<p.tzvetanov@mail.meinedomain.de>, orig_to=<p.tzvetanov@meinedomain.de>, relay=local, delay=0, status=bounced (unknown user: "p.tzvetanov")
Apr 20 17:34:35 mail postfix/cleanup[5141]: 5F94B1E827E: message-id=<20050420153435.5F94B1E827E@mail.meinedomain.de>
Apr 20 17:34:35 mail postfix/qmgr[5096]: 5F94B1E827E: from=<>, size=2342, nrcpt=1 (queue active)
Apr 20 17:34:35 mail postfix/qmgr[5096]: 55CEA1E827A: removed
Apr 20 17:34:35 mail postfix/local[5149]: 5F94B1E827E: to=<root@mail.meinedomain.de>, relay=local, delay=0, status=sent (delivered to mailbox)
Apr 20 17:34:35 mail postfix/qmgr[5096]: 5F94B1E827E: removed
Apr 20 17:35:55 mail postfix/smtp[5143]: idle timeout -- exiting
Die LDAP Structur, die genutzt werden soll, ist die von Open Xchange RC1 Standardinstallation.
die SMTP_AUTH erfolgt über SASLAUTHD und dieser soll sich die werte aus der saslauthd.conf holen die so aussieht.. im LDAP log sucht er aber nach meiner domain als mail=meinedomain.de, was ja auch falsch ist.
Code:
ldap_servers: ldap://127.0.0.1/
ldap_bind_dn: cn=Manager,dc=mydc,dc=de
ldap_bind_pw: s789azt
ldap_timeout: 10
ldap_time_limit: 10
ldap_scope: one
ldap_auth_method: bind
ldap_search_base: dc=Users,ou=OxObjects,dc=mydc,dc=de
ldap_filter: (mail=%r)
ldap_result_attribute= mail
ldap_debug: 0
ldap_verbose: off
ldap_ssl: no
ldap_start_tls: no
ldap_referrals: yes
Das merkwürdigen ist nur, dass er beim versuch etwas zu versenden folgendes :
lt. log
Code:
Apr 20 17:44:32 mail postfix/smtpd[5168]: connection established
Apr 20 17:44:32 mail postfix/smtpd[5168]: master_notify: status 0
Apr 20 17:44:32 mail postfix/smtpd[5168]: name_mask: resource
Apr 20 17:44:32 mail postfix/smtpd[5168]: name_mask: software
Apr 20 17:44:32 mail postfix/smtpd[5168]: name_mask: noanonymous
Apr 20 17:44:32 mail postfix/smtpd[5168]: connect from p54BE7389.dip.t-dialin.net[84.190.115.137]
Apr 20 17:44:32 mail postfix/smtpd[5168]: match_list_match: p54BE7389.dip.t-dialin.net: no match
Apr 20 17:44:32 mail postfix/smtpd[5168]: match_list_match: 84.190.115.137: no match
Apr 20 17:44:32 mail postfix/smtpd[5168]: match_list_match: p54BE7389.dip.t-dialin.net: no match
Apr 20 17:44:32 mail postfix/smtpd[5168]: match_list_match: 84.190.115.137: no match
Apr 20 17:44:32 mail postfix/smtpd[5168]: > p54BE7389.dip.t-dialin.net[84.190.115.137]: 220 mail.meinedomain.de ESMTP Postfix
Apr 20 17:44:32 mail postfix/smtpd[5168]: watchdog_pat: 0x80a8158
Apr 20 17:44:33 mail postfix/smtpd[5168]: < p54BE7389.dip.t-dialin.net[84.190.115.137]: EHLO 3erbmw
Apr 20 17:44:33 mail postfix/smtpd[5168]: > p54BE7389.dip.t-dialin.net[84.190.115.137]: 250-mail.meinedomain.de
Apr 20 17:44:33 mail postfix/smtpd[5168]: > p54BE7389.dip.t-dialin.net[84.190.115.137]: 250-PIPELINING
Apr 20 17:44:33 mail postfix/smtpd[5168]: > p54BE7389.dip.t-dialin.net[84.190.115.137]: 250-SIZE 10240000
Apr 20 17:44:33 mail postfix/smtpd[5168]: > p54BE7389.dip.t-dialin.net[84.190.115.137]: 250-VRFY
Apr 20 17:44:33 mail postfix/smtpd[5168]: > p54BE7389.dip.t-dialin.net[84.190.115.137]: 250-ETRN
Apr 20 17:44:33 mail postfix/smtpd[5168]: > p54BE7389.dip.t-dialin.net[84.190.115.137]: 250-AUTH PLAIN CRAM-MD5 LOGIN
Apr 20 17:44:33 mail postfix/smtpd[5168]: > p54BE7389.dip.t-dialin.net[84.190.115.137]: 250-AUTH=PLAIN CRAM-MD5 LOGIN
Apr 20 17:44:33 mail postfix/smtpd[5168]: match_list_match: p54BE7389.dip.t-dialin.net: no match
Apr 20 17:44:33 mail postfix/smtpd[5168]: match_list_match: 84.190.115.137: no match
Apr 20 17:44:33 mail postfix/smtpd[5168]: > p54BE7389.dip.t-dialin.net[84.190.115.137]: 250 8BITMIME
Apr 20 17:44:33 mail postfix/smtpd[5168]: watchdog_pat: 0x80a8158
Apr 20 17:44:33 mail postfix/smtpd[5168]: < p54BE7389.dip.t-dialin.net[84.190.115.137]: AUTH PLAIN AHAudHp2ZXRhbm92AHM3ODlhenQ=
Apr 20 17:44:33 mail postfix/smtpd[5168]: smtpd_sasl_authenticate: sasl_method PLAIN, init_response AHAudHp2ZXRhbm92AHM3ODlhenQ=
Apr 20 17:44:33 mail postfix/smtpd[5168]: smtpd_sasl_authenticate: decoded initial response
Apr 20 17:44:33 mail postfix/smtpd[5168]: warning: SASL authentication failure: Password verification failed
Apr 20 17:44:33 mail postfix/smtpd[5168]: warning: p54BE7389.dip.t-dialin.net[84.190.115.137]: SASL PLAIN authentication failed
Apr 20 17:44:33 mail postfix/smtpd[5168]: > p54BE7389.dip.t-dialin.net[84.190.115.137]: 535 Error: authentication failed
Apr 20 17:44:33 mail postfix/smtpd[5168]: watchdog_pat: 0x80a8158
Apr 20 17:44:33 mail postfix/smtpd[5168]: < p54BE7389.dip.t-dialin.net[84.190.115.137]: MAIL FROM: <p.tzvetanov@meinedomain.de>
Apr 20 17:44:33 mail postfix/smtpd[5168]: extract_addr: input: <p.tzvetanov@meinedomain.de>
Apr 20 17:44:33 mail postfix/smtpd[5168]: smtpd_check_addr: addr=p.tzvetanov@meinedomain.de
Apr 20 17:44:33 mail postfix/smtpd[5168]: ctable_locate: leave existing entry key p.tzvetanov@meinedomain.de
Apr 20 17:44:33 mail postfix/smtpd[5168]: extract_addr: result: p.tzvetanov@meinedomain.de
Apr 20 17:44:33 mail postfix/smtpd[5168]: fsspace: .: block size 4096, blocks free 17084163
Apr 20 17:44:33 mail postfix/smtpd[5168]: smtpd_check_size: blocks 4096 avail 17084163 min_free 0 msg_size_limit 10240000
Apr 20 17:44:33 mail postfix/smtpd[5168]: > p54BE7389.dip.t-dialin.net[84.190.115.137]: 250 Ok
Apr 20 17:44:33 mail postfix/smtpd[5168]: watchdog_pat: 0x80a8158
Apr 20 17:44:33 mail postfix/smtpd[5168]: < p54BE7389.dip.t-dialin.net[84.190.115.137]: RCPT TO: <p.tzvetanov@meinedomain.de>
Apr 20 17:44:33 mail postfix/smtpd[5168]: extract_addr: input: <p.tzvetanov@meinedomain.de>
Apr 20 17:44:33 mail postfix/smtpd[5168]: smtpd_check_addr: addr=p.tzvetanov@meinedomain.de
Apr 20 17:44:33 mail postfix/smtpd[5168]: ctable_locate: move existing entry key p.tzvetanov@meinedomain.de
Apr 20 17:44:33 mail postfix/smtpd[5168]: extract_addr: result: p.tzvetanov@meinedomain.de
Apr 20 17:44:33 mail postfix/smtpd[5168]: >>> START Sender address RESTRICTIONS <<<
Apr 20 17:44:33 mail postfix/smtpd[5168]: generic_checks: name=hash:/etc/postfix/access
Apr 20 17:44:33 mail postfix/smtpd[5168]: check_mail_access: p.tzvetanov@meinedomain.de
Apr 20 17:44:33 mail postfix/smtpd[5168]: ctable_locate: move existing entry key p.tzvetanov@meinedomain.de
Apr 20 17:44:33 mail postfix/smtpd[5168]: check_access: p.tzvetanov@meinedomain.de
Apr 20 17:44:33 mail postfix/smtpd[5168]: check_domain_access: meinedomain.de
Apr 20 17:44:33 mail postfix/smtpd[5168]: check_access: p.tzvetanov@
Apr 20 17:44:33 mail postfix/smtpd[5168]: generic_checks: name=check_sender_access status=0
Apr 20 17:44:33 mail postfix/smtpd[5168]: >>> END Sender address RESTRICTIONS <<<
Apr 20 17:44:33 mail postfix/smtpd[5168]: >>> START Recipient address RESTRICTIONS <<<
Apr 20 17:44:33 mail postfix/smtpd[5168]: generic_checks: name=permit_mynetworks
Apr 20 17:44:33 mail postfix/smtpd[5168]: permit_mynetworks: p54BE7389.dip.t-dialin.net 84.190.115.137
Apr 20 17:44:33 mail postfix/smtpd[5168]: match_hostname: p54BE7389.dip.t-dialin.net ~? 127.0.0.0/8
Apr 20 17:44:33 mail postfix/smtpd[5168]: match_hostaddr: 84.190.115.137 ~? 127.0.0.0/8
Apr 20 17:44:33 mail postfix/smtpd[5168]: match_hostname: p54BE7389.dip.t-dialin.net ~? 80.237.209.0/24
Apr 20 17:44:33 mail postfix/smtpd[5168]: match_hostaddr: 84.190.115.137 ~? 80.237.209.0/24
Apr 20 17:44:33 mail postfix/smtpd[5168]: match_hostname: p54BE7389.dip.t-dialin.net ~? 10.11.11.24/30
Apr 20 17:44:33 mail postfix/smtpd[5168]: match_hostaddr: 84.190.115.137 ~? 10.11.11.24/30
Apr 20 17:44:33 mail postfix/smtpd[5168]: match_hostname: p54BE7389.dip.t-dialin.net ~? [::1]/128
Apr 20 17:44:33 mail postfix/smtpd[5168]: match_hostaddr: 84.190.115.137 ~? [::1]/128
Apr 20 17:44:33 mail postfix/smtpd[5168]: match_hostname: p54BE7389.dip.t-dialin.net ~? [fe80::211:43ff:fece:2249]/64
Apr 20 17:44:33 mail postfix/smtpd[5168]: match_hostaddr: 84.190.115.137 ~? [fe80::211:43ff:fece:2249]/64
Apr 20 17:44:33 mail postfix/smtpd[5168]: match_hostname: p54BE7389.dip.t-dialin.net ~? [fe80::211:43ff:fece:2248]/64
Apr 20 17:44:33 mail postfix/smtpd[5168]: match_hostaddr: 84.190.115.137 ~? [fe80::211:43ff:fece:2248]/64
Apr 20 17:44:33 mail postfix/smtpd[5168]: match_list_match: p54BE7389.dip.t-dialin.net: no match
Apr 20 17:44:33 mail postfix/smtpd[5168]: match_list_match: 84.190.115.137: no match
Apr 20 17:44:33 mail postfix/smtpd[5168]: generic_checks: name=permit_mynetworks status=0
Apr 20 17:44:33 mail postfix/smtpd[5168]: generic_checks: name=permit_sasl_authenticated
Apr 20 17:44:33 mail postfix/smtpd[5168]: generic_checks: name=permit_sasl_authenticated status=0
Apr 20 17:44:33 mail postfix/smtpd[5168]: generic_checks: name=reject_non_fqdn_hostname
Apr 20 17:44:33 mail postfix/smtpd[5168]: reject_non_fqdn_hostname: 3erbmw
Apr 20 17:44:33 mail postfix/smtpd[5168]: NOQUEUE: reject: RCPT from p54BE7389.dip.t-dialin.net[84.190.115.137]: 504 <3erbmw>: Helo command rejected: need fully-qualified hostname; from=<p.tzvetanov@meinedomain.de> to=<p.tzvetanov@meinedomain.de> proto=ESMTP helo=<3erbmw>
Apr 20 17:44:33 mail postfix/smtpd[5168]: generic_checks: name=reject_non_fqdn_hostname status=2
Apr 20 17:44:33 mail postfix/smtpd[5168]: > p54BE7389.dip.t-dialin.net[84.190.115.137]: 504 <3erbmw>: Helo command rejected: need fully-qualified hostname
Apr 20 17:44:33 mail postfix/smtpd[5168]: watchdog_pat: 0x80a8158
Apr 20 17:44:33 mail postfix/smtpd[5168]: < p54BE7389.dip.t-dialin.net[84.190.115.137]: QUIT
Apr 20 17:44:33 mail postfix/smtpd[5168]: > p54BE7389.dip.t-dialin.net[84.190.115.137]: 221 Bye
Apr 20 17:44:33 mail postfix/smtpd[5168]: disconnect from p54BE7389.dip.t-dialin.net[84.190.115.137]
Apr 20 17:44:33 mail postfix/smtpd[5168]: master_notify: status 1
Apr 20 17:44:33 mail postfix/smtpd[5168]: connection closed
Apr 20 17:44:33 mail postfix/smtpd[5168]: watchdog_stop: 0x80a8158
Apr 20 17:44:33 mail postfix/smtpd[5168]: watchdog_start: 0x80a8158
Lesezeichen