Hi,
CRAM-MD5 funktioniert bei mir nicht. Ich habe Fedora Core 3 mit postfix und cyrus imap. Des Weiteren die ganze Palette wie fetchmail, procmail usw, aber darum geht es ja nicht.
Also postfix läuft soweit (intern und extern). Das Versenden von einem externen Mail Client, also nicht lokal, in meinen Falle "The Bat" funktioniert aber nur über die "Plain" Methode. SMTP Auth ist also eingerichtet, aber halt nicht richtig. Ich benutze sasl2. Cyrus ist aktiv und stellt kein Problem dar.
Als erstes mal meine logs:
Oct 21 18:45:26 base master[9100]: process 15445 exited, status 0
Oct 21 18:46:35 base postfix/smtpd[15450]: connect from brln-d9b81c50.pool.mediaWays.net[217.184.28.80]
Oct 21 18:46:35 base postfix/smtpd[15450]: warning: SASL authentication failure: no secret in database
Oct 21 18:46:35 base postfix/smtpd[15450]: warning: brln-d9b81c50.pool.mediaWays.net[217.184.28.80]: SASL CRAM-MD5 authentication failed
Oct 21 18:46:36 base postfix/smtpd[15450]: 4C0948C68D: client=brln-d9b81c50.pool.mediaWays.net[217.184.28.80], sasl_method=PLAIN, sasl_username=cirox
Oct 21 18:46:36 base postfix/cleanup[15451]: 4C0948C68D: message-id=<199797905.20051021184631@hardtekk.org>
Oct 21 18:46:36 base postfix/qmgr[15216]: 4C0948C68D: from=<cirox@hardtekk.org>, size=676, nrcpt=1 (queue active)
Oct 21 18:46:36 base postfix/smtpd[15450]: disconnect from brln-d9b81c50.pool.mediaWays.net[217.184.28.80]
Oct 21 18:46:37 base postfix/smtp[15452]: 4C0948C68D: to=<antorox@gmx.net>, relay=smtprelay.t-online.de[194.25.134.94], delay=1, status=sent (250 Message accepted.)
Oct 21 18:46:37 base postfix/qmgr[15216]: 4C0948C68D: removed
Daraus ist ersichtlich, daß ich also nur "Plain" aushandeln kann. Die sasldb ist eingerichtet und ich habe die User so angelegt:
saslpasswd2 -a smtpd -c cirox
ein sasldblistusers2 ergibt:
cirox@base.base.local: userPassword
ein sasldblistusers:
user: cirox realm: base.base.local mech: PLAIN
user: cirox realm: base.base.local mech: CRAM-MD5
user: cirox realm: base.base.local mech: DIGEST-MD5
,aber soweit ich dass verstanden habe wird diese ja nicht benutzt.
meinen Mailserver habe ich auch getestet:
telnet localhost smtp
Trying 127.0.0.1...
Connected to localhost.localdomain (127.0.0.1).
Escape character is '^]'.
220 mail.hardtekk.org ESMTP Postfix
ehlo d
250-mail.hardtekk.org
250-PIPELINING
250-SIZE 10240000
250-VRFY
250-ETRN
250-AUTH LOGIN DIGEST-MD5 CRAM-MD5 PLAIN
250-AUTH=LOGIN DIGEST-MD5 CRAM-MD5 PLAIN
250 8BITMIME
quit
221 Bye
sasauthd habe ich auch getestet:
testsaslauthd -u cirox -p geheim
0: OK "Success."
saslauthd -v ergibt folgendes:
saslauthd 2.1.19
authentication mechanisms: getpwent kerberos5 pam rimap shadow ldap
Nun mal zu meinen confs:
imapd.conf -> (sasl_pwcheck_method: saslauthd ,sasl_mech_list: PLAIN )
----------
configdirectory: /var/lib/imap
partition-default: /var/spool/imap
admins: cyrus
sievedir: /var/lib/imap/sieve
sendmail: /usr/sbin/sendmail
hashimapspool: true
sasl_pwcheck_method: saslauthd
sasl_mech_list: PLAIN
tls_cert_file: /usr/share/ssl/certs/cyrus-imapd.pem
tls_key_file: /usr/share/ssl/certs/cyrus-imapd.pem
tls_ca_file: /usr/share/ssl/certs/ca-bundle.crt
----------
smtpd.conf ( /usr/lib/sasl2/smtpd.conf )
----------
pwcheck_method: saslauthd
saslauthd -> ( Hier ist mech=pam eingestellt )
---------
# Directory in which to place saslauthd's listening socket, pid file, and so
# on. This directory must already exist.
SOCKETDIR=/var/run/saslauthd
# Mechanism to use when checking passwords. Run "saslauthd -v" to get a list
# of which mechanism your installation was compiled to use.
MECH=pam
# Additional flags to pass to saslauthd on the command line. See saslauthd(Cool
# for the list of accepted flags.
FLAGS=
cyrus.conf:
----------.
# standard standalone server implementation
START {
# do not delete this entry!
recover cmd="ctl_cyrusdb -r"
# this is only necessary if using idled for IMAP IDLE
idled cmd="idled"
}
# UNIX sockets start with a slash and are put into /var/lib/imap/sockets
SERVICES {
# add or remove based on preferences
imap cmd="imapd" listen="imap" prefork=5
imaps cmd="imapd -s" listen="imaps" prefork=1
pop3 cmd="pop3d" listen="pop3" prefork=3
pop3s cmd="pop3d -s" listen="pop3s" prefork=1
sieve cmd="timsieved" listen="sieve" prefork=0
# these are only necessary if receiving/exporting usenet via NNTP
# nntp cmd="nntpd" listen="nntp" prefork=3
# nntps cmd="nntpd -s" listen="nntps" prefork=1
# at least one LMTP is required for delivery
# lmtp cmd="lmtpd" listen="lmtp" prefork=0
lmtpunix cmd="lmtpd -a" listen="/var/lib/imap/socket/lmtp" prefork=0
# this is only necessary if using notifications
# notify cmd="notifyd" listen="/var/lib/imap/socket/notify" proto="udp" prefork=1
}
EVENTS {
# this is required
checkpoint cmd="ctl_cyrusdb -c" period=30
# this is only necessary if using duplicate delivery suppression,
# Sieve or NNTP
delprune cmd="cyr_expire -E 3" at=0400
# this is only necessary if caching TLS sessions
tlsprune cmd="tls_prune" at=0400
}
main.cf:
--------
soft_bounce = no
queue_directory = /var/spool/postfix
command_directory = /usr/sbin
daemon_directory = /usr/libexec/postfix
mail_owner = postfix
default_privs = nobody
myhostname = mail.hardtekk.org
mydomain = hardtekk.org
myorigin = $mydomain
inet_interfaces = all
mydestination = $mydomain, $myhostname, localhost.$mydomain, hardtekk.dyndns.org, hardtekk.org
unknown_local_recipient_reject_code = 550
mynetworks_style = host
mynetworks = 192.168.0.0/24, 127.0.0.0/8
relay_domains = $mydestination
relayhost = [smtprelay.t-online.de]
alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases
debug_peer_level = 2
debugger_command =
PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin
xxgdb $daemon_directory/$process_name $process_id & sleep 5
sendmail_path = /usr/sbin/sendmail.postfix
newaliases_path = /usr/bin/newaliases.postfix
mailq_path = /usr/bin/mailq.postfix
setgid_group = postdrop
html_directory = no
manpage_directory = /usr/share/man
sample_directory = /usr/share/doc/postfix-2.1.5/samples
readme_directory = /usr/share/doc/postfix-2.1.5/README_FILES
mailbox_command = /usr/bin/procmail -t -a $EXTENSION
#mailbox_transport = lmtp:unix:/var/lib/imap/socket/lmtp
#mailbox_transport = cyrus
smtpd_sasl_auth_enable = yes
smtpd_sasl_local_domain =
smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, check_relay_domains
smtpd_sasl_security_options = noanonymous
broken_sasl_auth_clients = yes
master.cf:
---------
# ================================================== ==================== ====
# service type private unpriv chroot wakeup maxproc command + args
# (yes) (yes) (yes) (never) (100)
# ================================================== ==================== ====
smtp inet n - n - - smtpd
#smtps inet n - n - - smtpd
# -o smtpd_tls_wrappermode=yes -o smtpd_sasl_auth_enable=yes
#submission inet n - n - - smtpd
# -o smtpd_enforce_tls=yes -o smtpd_sasl_auth_enable=yes -o smtpd_etrn_restrictions=reject
#628 inet n - n - - qmqpd
pickup fifo n - n 60 1 pickup
cleanup unix n - n - 0 cleanup
qmgr fifo n - n 300 1 qmgr
#qmgr fifo n - n 300 1 oqmgr
#tlsmgr fifo - - n 300 1 tlsmgr
rewrite unix - - n - - trivial-rewrite
bounce unix - - n - 0 bounce
defer unix - - n - 0 bounce
trace unix - - n - 0 bounce
verify unix - - n - 1 verify
flush unix n - n 1000? 0 flush
proxymap unix - - n - - proxymap
smtp unix - - n - - smtp
relay unix - - n - - smtp
# -o smtp_helo_timeout=5 -o smtp_connect_timeout=5
showq unix n - n - - showq
error unix - - n - - error
local unix - n n - - local
virtual unix - n n - - virtual
lmtp unix - - n - - lmtp
anvil unix - - n - 1 anvil
#
# Interfaces to non-Postfix software. Be sure to examine the manual
# pages of the non-Postfix software to find out what options it wants.
#
# maildrop. See the Postfix MAILDROP_README file for details.
#
maildrop unix - n n - - pipe
flags=DRhu user=vmail argv=/usr/local/bin/maildrop -d ${recipient}
#
# The Cyrus deliver program has changed incompatibly, multiple times.
#
old-cyrus unix - n n - - pipe
flags=R user=cyrus argv=/usr/lib/cyrus-imapd/deliver -e -m ${extension} ${user}
# Cyrus 2.1.5 (Amos Gouaux)
# Also specify in main.cf: cyrus_destination_recipient_limit=1
cyrus unix - n n - - pipe
user=cyrus argv=/usr/lib/cyrus-imapd/deliver -e -r ${sender} -m ${extension} ${user}
uucp unix - n n - - pipe
flags=Fqhu user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail ($recipient)
ifmail unix - n n - - pipe
flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient)
bsmtp unix - n n - - pipe
flags=Fq. user=foo argv=/usr/local/sbin/bsmtp -f $sender $nexthop $recipient
-----------------
So ich hoffe ich hab nix vergessen Wink
Nach stundenlangem How-To lesen, finde ich den Fehler nicht, warum nur "Plain" ausgehandelt werden kann. Achso die Rechte sasldb habe ich mal auf 777 gesetzt, zum Test. Also das ist es auch nicht.
cya
PS1: Was mir auch noch einfällt ist, daß mein host base.base.local heißt ich aber in der main.cf myhostname = mail.hardtekk.org
mydomain = hardtekk.org eingestellt habe. Mein host base.base.local ist aber über dyndns unter mail.hardtekk.org erreichbar.
PS2: Was ich auch nicht verstehe ist, benenne ich die sasldb um, also mache sie nicht lesbar, wird trotzdem die "Plain" Methode ausgehandelt. Ich dachte eigentlich immer diese Datenbank wird immer gebraucht: Hier der log, als ich die sasldb2 unlesbar gemacht habe:
ct 21 19:21:45 base master[9100]: process 15481 exited, status 0
Oct 21 19:24:36 base postfix/smtpd[15515]: connect from brln-d9b8060d.pool.mediaWays.net[217.184.6.13]
Oct 21 19:24:37 base postfix/smtpd[15515]: warning: SASL authentication problem: unable to open Berkeley db /etc/sasldb2: No such file or directory
Oct 21 19:24:37 base postfix/smtpd[15515]: warning: SASL authentication problem: unable to open Berkeley db /etc/sasldb2: No such file or directory
Oct 21 19:24:37 base postfix/smtpd[15515]: warning: SASL authentication failure: no secret in database
Oct 21 19:24:37 base postfix/smtpd[15515]: warning: brln-d9b8060d.pool.mediaWays.net[217.184.6.13]: SASL CRAM-MD5 authentication failed
Oct 21 19:24:37 base postfix/smtpd[15515]: warning: SASL authentication problem: unable to open Berkeley db /etc/sasldb2: No such file or directory
Oct 21 19:24:37 base postfix/smtpd[15515]: warning: SASL authentication problem: unable to open Berkeley db /etc/sasldb2: No such file or directory
Oct 21 19:24:40 base postfix/smtpd[15515]: A67B08C610: client=brln-d9b8060d.pool.mediaWays.net[217.184.6.13], sasl_method=PLAIN, sasl_username=cirox
Oct 21 19:24:41 base postfix/cleanup[15519]: A67B08C610: message-id=<732424886.20051021192430@hardtekk.org>
Oct 21 19:24:41 base postfix/qmgr[15216]: A67B08C610: from=<cirox@hardtekk.org>, size=698, nrcpt=1 (queue active)
Oct 21 19:24:42 base postfix/smtp[15520]: A67B08C610: to=<huhu@blub.de>, relay=smtprelay.t-online.de[194.25.134.93], delay=2, status=sent (250 Message accepted.)
Oct 21 19:24:42 base postfix/qmgr[15216]: A67B08C610: removed
Zitieren
Lesezeichen