Ein kleines Postfix Cyrus-SASL - MySQL Problem

Autor: Christian Eichert <eichertc_at_gmail.com>
Datum: Thu, 27 Sep 2012 15:53:56 +0200
Hallo Liste

ich konfiguriere gerade einen Email Server mit POSTFIX + SSL +
Cyrus-SASL mit MySQL Authentifizierung
IMAPs Login per Courier IMAP ( SSL + CRAM-MD5 ) + Courier Authlib ->
MySQL  funktioniert einwandfrei

mein Problem ist die SMTP Seite
SSL Zertifikat funktioniert Postfix nimmt den username ( der identisch
mit der email ist ) an und entschlüsselt ihn richtig.
nur dann weiß er nicht was damit anfangen soll und sucht eine
Datenbank die es nicht gibt /etc/sasldb2 statt ihn an Cyrus abzugeben
bricht er ab.

wie bringe ich ihm mit dass er die MYQSL Datenbank abfragen soll und
wen das Passwort richtig ist die Mail versenden.

KANN MIR JEMAND BITTE WEITER HELFEN?




Sep 27 13:14:04 mail postfix/smtpd[11652]: >
sender.domain.com[xxx.xxx.xxx.xxx]: 220 empfaenger.domain.de ESMTP
Postfix (Debian/GNU)
Sep 27 13:14:04 mail postfix/smtpd[11652]: <
sender.domain.com[xxx.xxx.xxx.xxx]: EHLO [192.168.0.104]
Sep 27 13:14:04 mail postfix/smtpd[11652]: >
sender.domain.com[xxx.xxx.xxx.xxx]: 250-empfaenger.domain.de
Sep 27 13:14:04 mail postfix/smtpd[11652]: >
sender.domain.com[xxx.xxx.xxx.xxx]: 250-empfaenger.domain.de
Sep 27 13:14:04 mail postfix/smtpd[11652]: >
sender.domain.com[xxx.xxx.xxx.xxx]: 250-PIPELINING
Sep 27 13:14:04 mail postfix/smtpd[11652]: >
sender.domain.com[xxx.xxx.xxx.xxx]: 250-SIZE 10240000
Sep 27 13:14:04 mail postfix/smtpd[11652]: >
sender.domain.com[xxx.xxx.xxx.xxx]: 250-VRFY
Sep 27 13:14:04 mail postfix/smtpd[11652]: >
sender.domain.com[xxx.xxx.xxx.xxx]: 250-ETRN
Sep 27 13:14:04 mail postfix/smtpd[11652]: >
sender.domain.com[xxx.xxx.xxx.xxx]: 250-PIPELINING
Sep 27 13:14:04 mail postfix/smtpd[11652]: >
sender.domain.com[xxx.xxx.xxx.xxx]: 250-SIZE 10240000
Sep 27 13:14:04 mail postfix/smtpd[11652]: >
sender.domain.com[xxx.xxx.xxx.xxx]: 250-VRFY
Sep 27 13:14:04 mail postfix/smtpd[11652]: >
sender.domain.com[xxx.xxx.xxx.xxx]: 250-ETRN
Sep 27 13:14:04 mail postfix/smtpd[11652]: >
sender.domain.com[xxx.xxx.xxx.xxx]: 250-AUTH PLAIN LOGIN DIGEST-MD5
NTLM CRAM-MD5
Sep 27 13:14:04 mail postfix/smtpd[11652]: match_list_match:
sender.domain.com: no match
Sep 27 13:14:04 mail postfix/smtpd[11652]: match_list_match:
xxx.xxx.xxx.xxx: no match
Sep 27 13:14:04 mail postfix/smtpd[11652]: match_list_match:
sender.domain.com: no match
Sep 27 13:14:04 mail postfix/smtpd[11652]: match_list_match:
xxx.xxx.xxx.xxx: no match
Sep 27 13:14:04 mail postfix/smtpd[11652]: >
sender.domain.com[xxx.xxx.xxx.xxx]: 250-AUTH=PLAIN LOGIN DIGEST-MD5
NTLM CRAM-MD5
Sep 27 13:14:04 mail postfix/smtpd[11652]: >
sender.domain.com[xxx.xxx.xxx.xxx]: 250-AUTH=PLAIN LOGIN DIGEST-MD5
NTLM CRAM-MD5
Sep 27 13:14:04 mail postfix/smtpd[11652]: >
sender.domain.com[xxx.xxx.xxx.xxx]: 250-ENHANCEDSTATUSCODES
Sep 27 13:14:04 mail postfix/smtpd[11652]: >
sender.domain.com[xxx.xxx.xxx.xxx]: 250-ENHANCEDSTATUSCODES
Sep 27 13:14:04 mail postfix/smtpd[11652]: >
sender.domain.com[xxx.xxx.xxx.xxx]: 250-8BITMIME
Sep 27 13:14:04 mail postfix/smtpd[11652]: >
sender.domain.com[xxx.xxx.xxx.xxx]: 250 DSN
Sep 27 13:14:17 mail postfix/smtpd[11652]: <
sender.domain.com[xxx.xxx.xxx.xxx]: AUTH CRAM-MD5
Sep 27 13:14:17 mail postfix/smtpd[11652]: xsasl_cyrus_server_first:
sasl_method CRAM-MD5
Sep 27 13:14:17 mail postfix/smtpd[11652]:
xsasl_cyrus_server_auth_response: uncoded server challenge:
<4235163841.6574457_at_empfaenger.domain.de>
Sep 27 13:14:17 mail postfix/smtpd[11652]: >
sender.domain.com[xxx.xxx.xxx.xxx]: 334
PDQyMzUxNjM4NDEuNjU3NDQ1N0BtaW5pLnpwMS5uZXQ+
Sep 27 13:14:17 mail postfix/smtpd[11652]: <
sender.domain.com[xxx.xxx.xxx.xxx]:
Y2hyaXN0aWFuQHpwMS5uZXQgNDU0ZWZiODFiYTFkMzc3MWIxNjJkMjMwMjI2NmM1ZDQ=
Sep 27 13:14:17 mail postfix/smtpd[11652]: xsasl_cyrus_server_next:
decoded response: christian_at_meine-domain.de
454efb81ba1d3771b162d2302266c5d4
Sep 27 13:14:17 mail postfix/smtpd[11652]: warning: SASL
authentication problem: unable to open Berkeley db /etc/sasldb2:
Permission denied
Sep 27 13:14:17 mail postfix/smtpd[11652]: warning: SASL
authentication problem: unable to open Berkeley db /etc/sasldb2:
Permission denied
Sep 27 13:14:17 mail postfix/smtpd[11652]: warning: SASL
authentication failure: no secret in database
Sep 27 13:14:17 mail postfix/smtpd[11652]: warning:
sender.domain.com[xxx.xxx.xxx.xxx]: SASL CRAM-MD5 authentication
failed: authentication failure
Sep 27 13:14:17 mail postfix/smtpd[11652]: >
sender.domain.com[xxx.xxx.xxx.xxx]: 535 5.7.8 Error: authentication
failed: authentication failure
Sep 27 13:14:17 mail postfix/smtpd[11652]: xsasl_cyrus_server_next:
decoded response: christian_at_zp1.net 454efb81ba1d3771b162d2302266c5d4
Sep 27 13:14:17 mail postfix/smtpd[11652]: warning: SASL
authentication problem: unable to open Berkeley db /etc/sasldb2:
Permission denied
Sep 27 13:14:17 mail postfix/smtpd[11652]: warning: SASL
authentication problem: unable to open Berkeley db /etc/sasldb2:
Permission denied
Sep 27 13:14:17 mail postfix/smtpd[11652]: warning: SASL
authentication failure: no secret in database
Sep 27 13:14:17 mail postfix/smtpd[11652]: warning:
sender.domain.com[xxx.xxx.xxx.xxx]: SASL CRAM-MD5 authentication
failed: authentication failure
Sep 27 13:14:17 mail postfix/smtpd[11652]: >
sender.domain.com[xxx.xxx.xxx.xxx]: 535 5.7.8 Error: authentication
failed: authentication failure
Sep 27 13:14:19 mail postfix/smtpd[11652]: <
sender.domain.com[xxx.xxx.xxx.xxx]: QUIT



/etc/postfix/sasl/smtp.conf
=====================

### Global parameters
log_level: 5

### pwcheck_method: saslauthd
#saslauthd_path: /var/run/saslauthd/mux

pwcheck_method: auxprop
mech_list: PLAIN LOGIN CRAM-MD5

### auxiliary plugin parameters
auxprop_plugin:sql

sql_engine: mysql

sql_hostname: localhost
sql_hostnames :localhost

sql_user: postfix

sql_passwd: DpOdjmwxQNpbcku1pfLnvD5q4GKzhscG
sql_password: DpOdjmwxQNpbcku1pfLnvD5q4GKzhscG

sql_database: postfixdb

# sql_select: select password from users where email='%u@%r'
# sql_select: SELECT '%p' from virtual_users where username = '%u' and
auth = '1'
sql_select: SELECT password from mailbox where username = '%u' and auth = '1'

sql_usessl: no








/etc/postfix/main.cf
=======================


#myorigin = /etc/mailname

smtpd_banner = $myhostname ESMTP $mail_name (Debian/GNU)
biff = no

# appending .domain is the MUA's job.
append_dot_mydomain = no

# Uncomment the next line to generate "delayed mail" warnings
#delay_warning_time = 4h

readme_directory = no
myhostname = sender.domain.com
alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases
myorigin = /etc/mailname
mydestination = sender.domain.com, localhost.domain.com, localhost
relayhost =
mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128
mailbox_command = procmail -a "$EXTENSION"
mailbox_size_limit = 0
recipient_delimiter = +
inet_interfaces = all
inet_protocols = all

virtual_alias_maps = proxy:mysql:/etc/postfix/mysql_virtual_alias_maps.cf
virtual_gid_maps = static:5000
virtual_mailbox_base = /var/vmail
virtual_mailbox_domains = proxy:mysql:/etc/postfix/mysql_virtual_domains_maps.cf
virtual_mailbox_limit = 512000000

virtual_mailbox_maps = proxy:mysql:/etc/postfix/mysql_virtual_mailbox_maps.cf
#virtual_mailbox_maps =
proxy:mysql:/etc/postfix/mysql-virtual_mailboxes.cf,mysql:/etc/postfix/mysql_alias.cf

virtual_minimum_uid = 5000
virtual_transport = virtual
virtual_uid_maps = static:5000

transport_maps = proxy:mysql:/etc/postfix/mysql-virtual_transports.cf

#######################
# GRAYLISTING
#
#check_policy_service = inet:127.0.0.1:10023

#######################
# AMAVIS
content_filter = amavis:[127.0.0.1]:10024
#sonst funktioniert das virtualalias nicht
#receive_override_options = no_address_mappings

###################
# SASL AUTH
smtpd_sasl_auth_enable = yes
smtpd_use_tls = yes
smtpd_tls_auth_only = yes

smtpd_tls_cert_file = /etc/ssl/sender.domain.com/sender.domain.com.crt
smtpd_tls_key_file = /etc/ssl/sender.domain.com/sender.domain.com.key
smtp_tls_CAfile = /etc/ssl/sender.domain.com/sender.domain.com.pem

smtpd_sasl_application_name = smtpd
smtpd_sasl_path = smtpd
broken_sasl_auth_clients = yes

smtpd_recipient_restrictions =
    permit_mynetworks
    permit_sasl_authenticated
    # check_client_access hash:/var/lib/pop-before-smtp/hosts
    reject_non_fqdn_hostname
    reject_non_fqdn_sender
    reject_non_fqdn_recipient
    reject_unauth_destination
    reject_unauth_pipelining
    reject_invalid_hostname
    reject_rbl_client list.dsbl.org
    reject_rbl_client bl.spamcop.net
    reject_rbl_client zen.spamhaus.org
    reject_rbl_client sbl-xbl.spamhaus.org
    reject_rbl_client whois.rfc-ignorant.org
    reject_rbl_client ix.dnsbl.manitu.org
    check_policy_service inet:127.0.0.1:10023






#
# Postfix master process configuration file.  For details on the format
# of the file, see the master(5) manual page (command: "man 5 master").
#
# Do not forget to execute "postfix reload" after editing this file.
#
# ==========================================================================
# service type  private unpriv  chroot  wakeup  maxproc command + args
#               (yes)   (yes)   (yes)   (never) (100)
# ==========================================================================
smtp      inet  n       -       n       -       -       smtpd
submission inet n       -       n       -       -       smtpd
  -o smtpd_tls_security_level=encrypt
  -o smtpd_sasl_auth_enable=yes
  -o smtpd_client_restrictions=permit_sasl_authenticated,reject
  -o milter_macro_daemon_name=ORIGINATING
smtps     inet  n       -       n       -       -       smtpd -v
  -o smtpd_tls_wrappermode=yes
  -o smtpd_sasl_auth_enable=yes
  -o smtpd_client_restrictions=permit_sasl_authenticated,reject
  -o milter_macro_daemon_name=ORIGINATING
#628       inet  n       -       -       -       -       qmqpd
pickup    fifo  n       -       -       60      1       pickup
cleanup   unix  n       -       -       -       0       cleanup
qmgr      fifo  n       -       n       300     1       qmgr
#qmgr     fifo  n       -       -       300     1       oqmgr
tlsmgr    unix  -       -       -       1000?   1       tlsmgr
rewrite   unix  -       -       -       -       -       trivial-rewrite
bounce    unix  -       -       -       -       0       bounce
defer     unix  -       -       -       -       0       bounce
trace     unix  -       -       -       -       0       bounce
verify    unix  -       -       -       -       1       verify
flush     unix  n       -       -       1000?   0       flush
proxymap  unix  -       -       n       -       -       proxymap
proxywrite unix -       -       n       -       1       proxymap
smtp      unix  -       -       -       -       -       smtp
# When relaying mail as backup MX, disable fallback_relay to avoid MX loops
relay     unix  -       -       -       -       -       smtp
        -o smtp_fallback_relay=
#       -o smtp_helo_timeout=5 -o smtp_connect_timeout=5
showq     unix  n       -       -       -       -       showq
error     unix  -       -       -       -       -       error
retry     unix  -       -       -       -       -       error
discard   unix  -       -       -       -       -       discard
local     unix  -       n       n       -       -       local
virtual   unix  -       n       n       -       -       virtual
lmtp      unix  -       -       -       -       -       lmtp
anvil     unix  -       -       -       -       1       anvil
scache    unix  -       -       -       -       1       scache
#
# ====================================================================
# Interfaces to non-Postfix software. Be sure to examine the manual
# pages of the non-Postfix software to find out what options it wants.
#
# Many of the following services use the Postfix pipe(8) delivery
# agent.  See the pipe(8) man page for information about ${recipient}
# and other message envelope options.
# ====================================================================
#
# Cyrus 2.1.5 (Amos Gouaux)
# Also specify in main.cf: cyrus_destination_recipient_limit=1
#
#cyrus     unix  -       n       n       -       -       pipe
#  user=cyrus argv=/cyrus/bin/deliver -e -r ${sender} -m ${extension} ${user}
#
# ====================================================================
# Old example of delivery via Cyrus.
#
#old-cyrus unix  -       n       n       -       -       pipe
#  flags=R user=cyrus argv=/cyrus/bin/deliver -e -m ${extension} ${user}
#
# ====================================================================
#
# See the Postfix UUCP_README file for configuration details.
#

maildrop  unix  -       n       n       -       -       pipe
  flags=DRhu user=vmail argv=/usr/bin/maildrop -d ${recipient}
#
uucp      unix  -       n       n       -       -       pipe
  flags=Fqhu user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail ($recipient)
#
# Other external delivery methods.
#
ifmail    unix  -       n       n       -       -       pipe
  flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient)
bsmtp     unix  -       n       n       -       -       pipe
  flags=Fq. user=bsmtp argv=/usr/lib/bsmtp/bsmtp -t$nexthop -f$sender $recipient
scalemail-backend unix  -       n       n       -       2       pipe
  flags=R user=scalemail argv=/usr/lib/scalemail/bin/scalemail-store
${nexthop} ${user} ${extension}
mailman   unix  -       n       n       -       -       pipe
  flags=FR user=list argv=/usr/lib/mailman/bin/postfix-to-mailman.py
  ${nexthop} ${user}
#
######################
# by eichet AMAVIS
amavis unix - - - - 2 smtp
  -o smtp_data_done_timeout=1200
  -o smtp_send_xforward_command=yes
127.0.0.1:10025 inet n - - - - smtpd
  -o content_filter=
  -o local_recipient_maps=
  -o relay_recipient_maps=
  -o smtpd_restriction_classes=
  -o smtpd_client_restrictions=
  -o smtpd_helo_restrictions=
  -o smtpd_sender_restrictions=
  -o smtpd_recipient_restrictions=permit_mynetworks,reject
  -o mynetworks=127.0.0.0/8
  -o strict_rfc821_envelopes=yes
  -o receive_override_options=no_unknown_recipient_checks,no_header_body_checks

-- 
UUGRN e.V. http://www.uugrn.org/
http://mailman.uugrn.org/mailman/listinfo/uugrn
Wiki: https://wiki.uugrn.org/UUGRN:Mailingliste
Archiv: http://lists.uugrn.org/
Empfangen am 27.09.2012

Dieses Archiv wurde generiert von hypermail 2.2.0 : 27.09.2012 CEST