- Previous message: damian: "Re: Smtp Auth"
- Maybe in reply to: damian: "Smtp Auth"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
|
|
|
From: Patrick Ben Koetter (p at state-of-mind dot de)
Date: Wed Jun 01 2005 - 04:25:15 EDT
* damian <>:
> heres for saslfinger -s:
>
> saslfinger - postfix Cyrus sasl configuration Wed Jun 1 16:03:45 SGT 2005
> version: 0.9.9.1
> mode: server-side SMTP AUTH
>
> -- basics --
> Postfix: 2.0.16
>
> -- smtpd is linked to --
> libsasl.so.7 => /usr/lib/libsasl.so.7 (0x00de3000)
Postfix was built to use SASL1
> -- active SMTP AUTH and TLS parameters for smtpd --
> broken_sasl_auth_clients = yes
> smtpd_sasl_auth_enable = yes
> smtpd_sasl_local_domain = $myhostname
> smtpd_sasl_security_options = noanonymous
>
>
> -- listing of /usr/lib/sasl --
> total 360
> drwxr-xr-x 2 root root 4096 May 31 18:27 .
> drwxr-xr-x 75 root root 36864 May 31 15:06 ..
> -rw-r--r-- 1 root root 4560 Oct 9 2004 libanonymous.a
> -rwxr-xr-x 1 root root 771 Oct 9 2004 libanonymous.la
> -rwxr-xr-x 1 root root 5900 Oct 9 2004 libanonymous.so
> -rwxr-xr-x 1 root root 5900 Oct 9 2004 libanonymous.so.1
> -rwxr-xr-x 1 root root 5900 Oct 9 2004
> libanonymous.so.1.0.17
> -rw-r--r-- 1 root root 10688 Oct 9 2004 libcrammd5.a
> -rwxr-xr-x 1 root root 757 Oct 9 2004 libcrammd5.la
> -rwxr-xr-x 1 root root 10912 Oct 9 2004 libcrammd5.so
> -rwxr-xr-x 1 root root 10912 Oct 9 2004 libcrammd5.so.1
> -rwxr-xr-x 1 root root 10912 Oct 9 2004 libcrammd5.so.1.0.19
> -rw-r--r-- 1 root root 35246 Oct 9 2004 libdigestmd5.a
> -rwxr-xr-x 1 root root 780 Oct 9 2004 libdigestmd5.la
> -rwxr-xr-x 1 root root 30724 Oct 9 2004 libdigestmd5.so
> -rwxr-xr-x 1 root root 30724 Oct 9 2004 libdigestmd5.so.0
> -rwxr-xr-x 1 root root 30724 Oct 9 2004
> libdigestmd5.so.0.0.20
> -rw-r--r-- 1 root root 12368 Oct 9 2004 libgssapiv2.a
> -rw-r--r-- 1 root root 7316 Oct 9 2004 liblogin.a
> -rwxr-xr-x 1 root root 755 Oct 9 2004 liblogin.la
> -rwxr-xr-x 1 root root 8144 Oct 9 2004 liblogin.so
> -rwxr-xr-x 1 root root 8144 Oct 9 2004 liblogin.so.0
> -rwxr-xr-x 1 root root 8144 Oct 9 2004 liblogin.so.0.0.7
> -rw-r--r-- 1 root root 6864 Oct 9 2004 libplain.a
> -rwxr-xr-x 1 root root 757 Oct 9 2004 libplain.la
> -rwxr-xr-x 1 root root 7896 Oct 9 2004 libplain.so
> -rwxr-xr-x 1 root root 7896 Oct 9 2004 libplain.so.1
> -rwxr-xr-x 1 root root 7896 Oct 9 2004 libplain.so.1.0.16
> -rw-r--r-- 1 root root 19 Sep 16 2004 Sendmail.conf
> -rw-r--r-- 1 root root 45 Nov 4 2004 smtpd.conf
>
> -- listing of /usr/lib/sasl2 --
> total 600
> drwxr-xr-x 2 root root 4096 May 31 18:27 .
> drwxr-xr-x 75 root root 36864 May 31 15:06 ..
> -rw-r--r-- 1 root root 13946 Oct 9 2004 libanonymous.a
> -rwxr-xr-x 1 root root 780 Oct 9 2004 libanonymous.la
> -rwxr-xr-x 1 root root 12204 Oct 9 2004 libanonymous.so
> -rwxr-xr-x 1 root root 12204 Oct 9 2004 libanonymous.so.2
> -rwxr-xr-x 1 root root 12204 Oct 9 2004
> libanonymous.so.2.0.15
> -rw-r--r-- 1 root root 17232 Oct 9 2004 libcrammd5.a
> -rwxr-xr-x 1 root root 766 Oct 9 2004 libcrammd5.la
> -rwxr-xr-x 1 root root 14880 Oct 9 2004 libcrammd5.so
> -rwxr-xr-x 1 root root 14880 Oct 9 2004 libcrammd5.so.2
> -rwxr-xr-x 1 root root 14880 Oct 9 2004 libcrammd5.so.2.0.15
> -rw-r--r-- 1 root root 52730 Oct 9 2004 libdigestmd5.a
> -rwxr-xr-x 1 root root 789 Oct 9 2004 libdigestmd5.la
> -rwxr-xr-x 1 root root 42900 Oct 9 2004 libdigestmd5.so
> -rwxr-xr-x 1 root root 42900 Oct 9 2004 libdigestmd5.so.2
> -rwxr-xr-x 1 root root 42900 Oct 9 2004
> libdigestmd5.so.2.0.15
> -rw-r--r-- 1 root root 23282 Oct 9 2004 libgssapiv2.a
> -rw-r--r-- 1 root root 14356 Oct 9 2004 liblogin.a
> -rwxr-xr-x 1 root root 752 Oct 9 2004 liblogin.la
> -rwxr-xr-x 1 root root 12652 Oct 9 2004 liblogin.so
> -rwxr-xr-x 1 root root 12652 Oct 9 2004 liblogin.so.2
> -rwxr-xr-x 1 root root 12652 Oct 9 2004 liblogin.so.2.0.15
> -rw-r--r-- 1 root root 14268 Oct 9 2004 libplain.a
> -rwxr-xr-x 1 root root 752 Oct 9 2004 libplain.la
> -rwxr-xr-x 1 root root 12592 Oct 9 2004 libplain.so
> -rwxr-xr-x 1 root root 12592 Oct 9 2004 libplain.so.2
> -rwxr-xr-x 1 root root 12592 Oct 9 2004 libplain.so.2.0.15
> -rw-r--r-- 1 root root 19596 Oct 9 2004 libsasldb.a
> -rwxr-xr-x 1 root root 791 Oct 9 2004 libsasldb.la
> -rwxr-xr-x 1 root root 15348 Oct 9 2004 libsasldb.so
> -rwxr-xr-x 1 root root 15348 Oct 9 2004 libsasldb.so.2
> -rwxr-xr-x 1 root root 15348 Oct 9 2004 libsasldb.so.2.0.15
> drwxr-xr-x 2 root root 4096 Oct 28 2004 sasl2
> -rw-r--r-- 1 root root 76 May 31 18:18 smtpd.conf
>
> -- listing of /usr/local/lib/sasl2 --
> total 8
> drwxr-xr-x 2 root root 4096 Oct 28 2004 .
> drwxr-xr-x 4 root root 4096 Feb 15 16:42 ..
>
>
>
>
> -- content of /usr/lib/sasl/smtpd.conf --
> pwcheck_method: sasldb
> #saslauthd_version: 2
>
> -- content of /usr/lib/sasl2/smtpd.conf --
> #pwcheck_method: saslauthd
> pwcheck_method: auxprop
> mech_list: plain login
You are running RedHat or Fedora Core, right?
The Postfix version you use as well as the SASL stuff is rather outdated. You
should really consider updating because it will make SMTP AUTH configuration a
lot easier on RH Systems (RH mixes SASL versions which really is a PITA).
Postfix RPMs can be downloaded at Simon J. Mudd's Website:
<http://ftp.wl0.org/official/>. Cyrus SASL RPMs can be downloaded from Invoca
Systems (Simon Matter): <http://www.invoca.ch/pub/packages/cyrus-sasl/>.
Install SASL2 first, then install the new Postfix.
From what I see in the saslfinger output, you want to use sasldb as
authentication backend.
+ Make sure the user or group postfix is able to read from the database.
+ Check that the REALM (domain) from sasldblistuser2 output matches what you
have set in $smtpd_sasl_local_domain or drop $smtpd_sasl_local_domain in
main.cf.
+ Use sasl2-sample-server and sasl2-sample-client to test authentication
without Postfix. See the SASL_README from the Postfix documentation for how
to do this. In the SASL_REAME sasl2-sample-server is called "server" and
sasl2-sample-client is called "client".
You will need to install cyrus-sasl-devel to get sasl2-sample-* binaries.
Only if you are able to authenticate this way, proceed to test
authentication within a SMTP dialog.
+ When you create a base64 encoded AUTH string, make sure you escape special
characters like "@" as they have a special meaning to PERL. Also don't use
usernames that start with numbers.
> -- active services in /etc/postfix/master.cf --
> # service type private unpriv chroot wakeup maxproc command + args
> # (yes) (yes) (yes) (never) (100)
> smtp inet n - n - - smtpd -v
You are not running chrooted. Keep it that way while you configure and test
SMTP AUTH.
> pickup fifo n - n 60 1 pickup
> cleanup unix n - n - 0 cleanup
> qmgr fifo n - n 300 1 nqmgr
> rewrite unix - - n - - trivial-rewrite
> bounce unix - - n - 0 bounce
> defer unix - - n - 0 bounce
> flush unix n - n 1000? 0 flush
> proxymap unix - - n - - proxymap
> smtp unix - - n - - smtp
> relay unix - - n - - smtp
> showq unix n - n - - showq
> error unix - - n - - error
> local unix - n n - - local
> virtual unix - n n - - virtual
> lmtp unix - - n - - lmtp
> maildrop unix - n n - - pipe
> flags=DRhu user=vmail argv=/usr/local/bin/maildrop -d ${recipient}
> #flags=R user=cyrus argv=/cyrus/bin/deliver -e -m ${extension} ${user}
> cyrus unix - n n - - pipe
> flags=R user=cyrus argv=/usr/lib/cyrus-imapd/deliver -e -m
> ${extension} ${user}
> #user=cyrus argv=/usr/lib/cyrus-imapd/deliver -e -r ${sender} -m
> ${extension} ${user}
> uucp unix - n n - - pipe
> flags=Fqhu user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail
> ($recipient)
> ifmail unix - n n - - pipe
> flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient)
> bsmtp unix - n n - - pipe
> flags=Fq. user=foo argv=/usr/local/sbin/bsmtp -f $sender $nexthop
> $recipient
>
> -- mechanisms on localhost --
> 250-AUTH PLAIN LOGIN
> 250-AUTH=PLAIN LOGIN
>
>
> -- end of saslfinger output --
>
>
>
>
> Patrick Ben Koetter wrote:
>
> >* damian <>:
> >
> >
> >>I ran saslfinger -c, the list is very long. may i know which part of the
> >>result will tell the mistakes?
> >>
> >>
> >
> >You want to run "saslfinger -s" because you want your Postfix server to
> >offer
> >SMTP AUTH to others, right?
> >
> >SASL is rather complex. You need to know SASL well to spot the mistake.
> >That's
> >why I wrote saslfinger. It helps everyone who knows SASL to spot mistakes
> >faster. Just paste the complete output in a mail and send it to the list.
> >Don't worry about telling secrets, because saslfinger will replace secrets
> >with something like "--- replaced ---".
> >
> >p at rick
> >
> >
> >
> >
> >
> >>Damian
> >>Patrick Ben Koetter wrote:
> >>
> >>
> >>
> >>>* damian <>:
> >>>
> >>>
> >>>
> >>>
> >>>>Hi,
> >>>>
> >>>>I ran that, no problem... wondering what had I done wrong...
> >>>>
> >>>>
> >>>>
> >>>>
> >>>saslfinger does not debug or test your configuration it creates useful
> >>>output
> >>>for us on the list to help you.
> >>>
> >>>p at rick
> >>>
> >>>
> >>>
> >>>
> >>>
> >>>
> >>>
> >>>
> >>>>I tried the following:
> >>>>perl -MMIME::Base64 -e 'print
> >>>>encode_base64("username\Ousername\Opassword");'
> >>>>then after getting the output,
> >>>>I did this:telnet localhost 25
> >>>>Trying 127.0.0.1...
> >>>>Connected to localhost.
> >>>>Escape character is '^]'.
> >>>>220 mail.server.dns ESMTP Postfix
> >>>>ehlo some.server
> >>>>250-mail.server.dns
> >>>>250-PIPELINING
> >>>>250-SIZE 10240000
> >>>>250-VRFY
> >>>>250-ETRN
> >>>>250-AUTH PLAIN LOGIN
> >>>>250-AUTH=PLAIN LOGIN
> >>>>250-XVERP
> >>>>250 8BITMIME
> >>>>AUTH LOGIN
> >>>>334 VXNlcm5hbWU6
> >>>>ZGFtaWFuT2RhbWlhbk9kNG0xNG43OA==
> >>>>334 UGFzc3dvcmQ6
> >>>>ZGFtaWFuT2RhbWlhbk9kNG0xNG43OA==
> >>>>535 Error: authentication failed
> >>>>
> >>>>I couldn't authenticate through. Please advice, I had been stuck!
> >>>>
> >>>>Thanks,
> >>>>Damian
> >>>>
> >>>>Ralf Hildebrandt wrote:
> >>>>
> >>>>
> >>>>
> >>>>
> >>>>
> >>>>>* damian <>:
> >>>>>
> >>>>>
> >>>>>
> >>>>>
> >>>>>
> >>>>>
> >>>>>>Dear All,
> >>>>>>
> >>>>>>I am facing some problem with the configuration of SMTP AUTH.
> >>>>>>
> >>>>>>
> >>>>>>
> >>>>>>
> >>>>>>
> >>>>>>
> >>>>>Please do run saslfinger:
> >>>>>http://postfix.state-of-mind.de/patrick.koetter/saslfinger/
> >>>>>
> >>>>>
> >>>>>
> >>>>>
> >>>>>
> >>>>>
> >>>>>
> >>>
> >>>
> >>>
> >
> >
> >
>
-- The Book of Postfix <http://www.postfix-book.com> SMTP AUTH debug utility: <http://postfix.state-of-mind.de/patrick.koetter/saslfinger/>
|
|
|