[linux] postfix a sasl

Martin Kyrc martin.kyrc na developers.sk
Pátek Květen 12 11:35:31 CEST 2006 

ahojte,
po upgrade debian-u (testing) som si vsimol, ze sa mi prestali korektne 
overovat useri pri pokuse odoslat postu cez smtp server. dovodom je 
'nespravne heslo' (vid log). samozrejme ziadne zmeny ani pocas upgrade 
systemu sa nerobili. len 'to' zrazu prestalo chodit :).

May 12 10:57:59 aruba postfix/smtpd[31347]: < unknown[195.46.69.4]: AUTH 
PLAIN AGhvcm9sAGhlc2wwdmlvYQ==
May 12 10:57:59 aruba postfix/smtpd[31347]: smtpd_sasl_authenticate: 
sasl_method PLAIN, init_response AGhvcm9sAGhlc2wwdmlvYQ==
May 12 10:57:59 aruba postfix/smtpd[31347]: smtpd_sasl_authenticate: 
decoded initial response
May 12 10:57:59 aruba postfix/smtpd[31347]: warning: SASL authentication 
failure: Password verification failed
May 12 10:57:59 aruba postfix/smtpd[31347]: warning: 
unknown[195.46.69.4]: SASL PLAIN authentication failed
May 12 10:57:59 aruba postfix/smtpd[31347]: > unknown[195.46.69.4]: 535 
Error: authentication failed

to iste dostanem aj po telnet localhsot 25, ehlo ..., auth plain ... 
(robim vlastne to iste co client v prvom pripade, ale generujem vlastny 
autp plain string)

ak vsak overujem 'priamo', tak to prejde
# testsaslauthd -u ... -p ...
0: OK "Success."

pozeram logy, ale neviem sa dopatrat miesta kde to zlyhava. nerobil som 
ziadne konfiguracne zmeny, myslim, ze pri upgrade sa ani ziadne 
relevantne baliky neupgradeovali, takze som z toho trochu jelen :).

tu su relevantne konfiguracie:

/etc/default/saslauthd:
START=yes
MECHANISMS="pam"

/etc/postfix/sasl/smtpd.conf:
pwcheck_method:  saslauthd
mech_list: PLAIN

/etc/postfix/main.cf:
smtpd_sasl_auth_enable = yes
broken_sasl_auth_clients = yes
#smtpd_sasl_application_name = smtpd
smtpd_sasl_security_options = noanonymous
smtpd_sasl_local_domain = $myhostname
smtpd_sasl_exceptions_networks = $mynetworks (localhost, lan)

a samozrejme permit_sasl_authenticated v smtpd_recipient_restrictions a 
myslim smtpd_client_restrictions

/etc/group:
sasl:x:45:postfix
postfix:x:104:


a pouzite verzie

postfix			2.2.10-1
postfix-mysql		2.2.10-1
libsasl2		2.1.19.dfsg1-0.2
libsasl2-modules	2.1.19.dfsg1-0.2
libsasl2-modules-sql	2.1.19.dfsg1-0.2
sasl2-bin		2.1.19.dfsg1-0.2

napada vas kde by mohol byt problem?

o5 som si oprasil znalosti okolo sasl (postfix.org, google), ale 
nepomohlo... konfiguracny problem to pravdepodobne nie, kedze to chodilo 
a verzie sa (myslim) nemenili. snad len nejaky problem v  pravach 
pristupu (postfix/sasl), alebo nieco podobne. v logu toho viac nie je.

btw: overenie pristup pre imap/pop3 je rovnako riesene cez pam/db 
(dovecot) a tam to chodi, takze problem by som lokalizoval vylucne na 
sasl (zeby saslauthd? ale to by potom nepreslo ani overenie pomocou 
testsaslauthd, nie?)

dik za kazde nasmerovanie.

--
mk

Další informace o konferenci linux