[linux] postfix a sasl
Martin Kyrc
martin.kyrc na developers.sk
Pátek Květen 12 11:35:31 CEST 2006
ahojte,
po upgrade debian-u (testing) som si vsimol, ze sa mi prestali korektne
overovat useri pri pokuse odoslat postu cez smtp server. dovodom je
'nespravne heslo' (vid log). samozrejme ziadne zmeny ani pocas upgrade
systemu sa nerobili. len 'to' zrazu prestalo chodit :).
May 12 10:57:59 aruba postfix/smtpd[31347]: < unknown[195.46.69.4]: AUTH
PLAIN AGhvcm9sAGhlc2wwdmlvYQ==
May 12 10:57:59 aruba postfix/smtpd[31347]: smtpd_sasl_authenticate:
sasl_method PLAIN, init_response AGhvcm9sAGhlc2wwdmlvYQ==
May 12 10:57:59 aruba postfix/smtpd[31347]: smtpd_sasl_authenticate:
decoded initial response
May 12 10:57:59 aruba postfix/smtpd[31347]: warning: SASL authentication
failure: Password verification failed
May 12 10:57:59 aruba postfix/smtpd[31347]: warning:
unknown[195.46.69.4]: SASL PLAIN authentication failed
May 12 10:57:59 aruba postfix/smtpd[31347]: > unknown[195.46.69.4]: 535
Error: authentication failed
to iste dostanem aj po telnet localhsot 25, ehlo ..., auth plain ...
(robim vlastne to iste co client v prvom pripade, ale generujem vlastny
autp plain string)
ak vsak overujem 'priamo', tak to prejde
# testsaslauthd -u ... -p ...
0: OK "Success."
pozeram logy, ale neviem sa dopatrat miesta kde to zlyhava. nerobil som
ziadne konfiguracne zmeny, myslim, ze pri upgrade sa ani ziadne
relevantne baliky neupgradeovali, takze som z toho trochu jelen :).
tu su relevantne konfiguracie:
/etc/default/saslauthd:
START=yes
MECHANISMS="pam"
/etc/postfix/sasl/smtpd.conf:
pwcheck_method: saslauthd
mech_list: PLAIN
/etc/postfix/main.cf:
smtpd_sasl_auth_enable = yes
broken_sasl_auth_clients = yes
#smtpd_sasl_application_name = smtpd
smtpd_sasl_security_options = noanonymous
smtpd_sasl_local_domain = $myhostname
smtpd_sasl_exceptions_networks = $mynetworks (localhost, lan)
a samozrejme permit_sasl_authenticated v smtpd_recipient_restrictions a
myslim smtpd_client_restrictions
/etc/group:
sasl:x:45:postfix
postfix:x:104:
a pouzite verzie
postfix 2.2.10-1
postfix-mysql 2.2.10-1
libsasl2 2.1.19.dfsg1-0.2
libsasl2-modules 2.1.19.dfsg1-0.2
libsasl2-modules-sql 2.1.19.dfsg1-0.2
sasl2-bin 2.1.19.dfsg1-0.2
napada vas kde by mohol byt problem?
o5 som si oprasil znalosti okolo sasl (postfix.org, google), ale
nepomohlo... konfiguracny problem to pravdepodobne nie, kedze to chodilo
a verzie sa (myslim) nemenili. snad len nejaky problem v pravach
pristupu (postfix/sasl), alebo nieco podobne. v logu toho viac nie je.
btw: overenie pristup pre imap/pop3 je rovnako riesene cez pam/db
(dovecot) a tam to chodi, takze problem by som lokalizoval vylucne na
sasl (zeby saslauthd? ale to by potom nepreslo ani overenie pomocou
testsaslauthd, nie?)
dik za kazde nasmerovanie.
--
mk
Další informace o konferenci linux