[linux] SMTP autorizacia v postfixe pomocou cyrus-sasl
Oskar Stolc
oskar na stolc.sk
Pondělí Srpen 9 13:15:56 CEST 2004
Ahojte,
pokusam sa rozbehat smtp autorizaciu v postfixe na fedore 1. Mam
nakonfigurovany postfix takto:
# cat /etc/postfix/main.cf |grep -v "^#"
queue_directory = /var/spool/postfix
command_directory = /usr/sbin
daemon_directory = /usr/libexec/postfix
mail_owner = postfix
myhostname = mail.firma.sk
mydomain = firma.sk
myorigin = $mydomain
inet_interfaces = all
mydestination = $mydomain, $myhostname, localhost.$mydomain
unknown_local_recipient_reject_code = 450
mynetworks = 192.168.1.0/24, 192.168.2.0/24, 192.168.3.0/24, 127.0.0.0/8
relay_domains = firma.sk
alias_maps = hash:/etc/postfix/aliases
home_mailbox = Maildir/
debug_peer_level = 2
debugger_command =
PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin
xxgdb $daemon_directory/$process_name $process_id & sleep 5
sendmail_path = /usr/sbin/sendmail.postfix
newaliases_path = /usr/bin/newaliases.postfix
mailq_path = /usr/bin/mailq.postfix
setgid_group = postdrop
manpage_directory = /usr/share/man
sample_directory = /usr/share/doc/postfix-2.0.16/samples
readme_directory = /usr/share/doc/postfix-2.0.16/README_FILES
alias_database = hash:/etc/postfix/aliases
mailbox_size_limit = 512000000
smtpd_sasl_auth_enable = yes
smtpd_sasl_security_options = noanonymous
smtpd_sasl_local_domain = $myhostname
broken_sasl_auth_clients = yes
smtpd_recipient_restrictions = permit_mynetworks,
reject_unauth_destination, permit_sasl_authenticated,
reject_unknown_recipient_domain
content_filter = amavis:
virtual_alias_maps = hash:/etc/postfix/virtual
masquerade_domains = firma.sk
masquerade_exceptions = root
maps_rbl_domains = blackholes.mail-abuse.org, rbl.maps.vix.com,
orbs.dorkslayers.com, orbz.gst-group.co.uk,
relays.osirusoft.com, relays.ordb.org,
inputs.orbz.org, outputs.orbz.org
# ps axu |grep sasl
root 13645 0.0 0.1 3720 576 ? S 07:41 0:00
/usr/sbin/saslauthd -m /var/run/saslauthd -a pam
root 13646 0.0 0.1 3764 828 ? S 07:41 0:00
/usr/sbin/saslauthd -m /var/run/saslauthd -a pam
root 13647 0.0 0.1 3764 828 ? S 07:41 0:00
/usr/sbin/saslauthd -m /var/run/saslauthd -a pam
root 13648 0.0 0.1 3720 576 ? S 07:41 0:00
/usr/sbin/saslauthd -m /var/run/saslauthd -a pam
root 13649 0.0 0.1 3720 576 ? S 07:41 0:00
/usr/sbin/saslauthd -m /var/run/saslauthd -a pam
# cat /usr/lib/sasl2/smtpd.conf
pwcheck_method: saslauthd
# rpm -qa |grep sasl
cyrus-sasl-2.1.15-6
cyrus-sasl-md5-2.1.15-6
cyrus-sasl-plain-2.1.15-6
cyrus-sasl-devel-2.1.15-6
cyrus-sasl-gssapi-2.1.15-6
Ked sa pokusam poslat mail, v logoch vidim:
Aug 6 07:01:14 mail postfix/smtpd[12798]: connect from
unknown[213.215.79.23]
Aug 6 07:01:22 mail postfix/smtpd[12798]: warning: SASL authentication
problem: unable to open Berkeley db /etc/sasldb2: No such file or directory
Aug 6 07:01:22 mail postfix/smtpd[12798]: warning: SASL authentication
problem: unable to open Berkeley db /etc/sasldb2: No such file or directory
Aug 6 07:01:22 mail postfix/smtpd[12798]: warning: SASL authentication
failure: no secret in database
Aug 6 07:01:22 mail postfix/smtpd[12798]: warning:
unknown[213.215.79.23]: SASL CRAM-MD5 authentication failed
Aug 6 07:01:23 mail postfix/smtpd[12798]: warning: SASL authentication
problem: unable to open Berkeley db /etc/sasldb2: No such file or directory
Aug 6 07:01:23 mail postfix/smtpd[12798]: warning: SASL authentication
problem: unable to open Berkeley db /etc/sasldb2: No such file or directory
Aug 6 07:01:25 mail postfix/smtpd[12798]: warning: SASL authentication
failure: Password verification failed
Aug 6 07:01:25 mail postfix/smtpd[12798]: warning:
unknown[213.215.79.23]: SASL PLAIN authentication failed
Aug 6 07:01:26 mail postfix/smtpd[12798]: warning: SASL authentication
problem: unable to open Berkeley db /etc/sasldb2: No such file or directory
Aug 6 07:01:26 mail postfix/smtpd[12798]: warning: SASL authentication
problem: unable to open Berkeley db /etc/sasldb2: No such file or directory
Aug 6 07:01:29 mail postfix/smtpd[12798]: warning:
unknown[213.215.79.23]: SASL LOGIN authentication failed
Aug 6 07:07:24 manex postfix/smtpd[12798]: disconnect from
unknown[213.215.79.23]
Z log suboru je vidiet, ze postupne skusa CRAM-MD5, PLAIN a nakoniec
LOGIN. Snazim sa nakonfigurovat SASL tak, aby pouzival /etc/shadow subor
ako databazu uzivatelov.
Vidite niekde chybu?
Vdaka vopred za nakopnutie...
Oskar
Další informace o konferenci linux