Mail senden über Postfix unmöglich (Auth)

[einherjer]

Hi,

hab ein Problem mit meiner Mailkonfiguration auf OpenSuSE 10.1 :-(

Orientiert hab ich mich bei der Installation an diesem Howto das allerdings für Debian ausgelegt ist und nicht für OpenSuSE.

Es laufen Postfix und Dovecot, die User sollen in einer mysql Datenbank liegen.

Bei Dovecot klappt das auch einwandfrei, nur Postfix weigert sich emails zu senden und schreibt einen Fehler in die Logs:

Dec 28 12:09:20 h123 postfix/smtpd[1470]: connect from h123.stratoserver.net[127.0.0.1]
Dec 28 12:09:20 h123 postfix/smtpd[1470]: warning: SASL authentication problem: unable to open Berkeley db /etc/sasldb2: No such file or directory
Dec 28 12:09:20 h123 postfix/smtpd[1470]: warning: SASL authentication problem: unable to open Berkeley db /etc/sasldb2: No such file or directory
Dec 28 12:09:20 h123 postfix/smtpd[1470]: warning: h123.stratoserver.net[127.0.0.1]: SASL LOGIN authentication failed
Dec 28 12:09:20 h123 postfix/smtpd[1470]: lost connection after AUTH from h123.stratoserver.net[127.0.0.1]
Dec 28 12:09:20 h123 postfix/smtpd[1470]: disconnect from h123.stratoserver.net[127.0.0.1]

Meine main.cf sieht wie folgt aus:

command_directory = /usr/sbin
daemon_directory = /usr/lib/postfix
unknown_local_recipient_reject_code = 550
debug_peer_level = 2
debugger_command =
	 PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin
	 xxgdb $daemon_directory/$process_name $process_id & sleep 5
sendmail_path = /usr/sbin/sendmail
newaliases_path = /usr/bin/newaliases
mailq_path = /usr/bin/mailq
setgid_group = maildrop
program_directory = /usr/lib/postfix
html_directory = /usr/share/doc/packages/postfix/html
manpage_directory = /usr/share/man
sample_directory = /usr/share/doc/packages/postfix/samples
readme_directory = /usr/share/doc/packages/postfix/README_FILES
mail_spool_directory = /var/mail
canonical_maps = hash:/etc/postfix/canonical
virtual_alias_domains = hash:/etc/postfix/virtual
relocated_maps = hash:/etc/postfix/relocated
transport_maps = hash:/etc/postfix/transport
sender_canonical_maps = hash:/etc/postfix/sender_canonical
alias_maps = hash:/etc/aliases
masquerade_exceptions = root
masquerade_classes = envelope_sender, header_sender, header_recipient
masquerade_domains = 
recipient_delimiter = +
header_checks = regexp:/etc/postfix/header_checks
smtpd_banner = $myhostname ESMTP $mail_name
inet_protocols = ipv4
biff = no
append_dot_mydomain = no
myhostname = h123.stratoserver.net
mydestination = localhost, $myhostname
mynetworks = 127.0.0.0/8
mynetworks_style = host
disable_dns_lookups = no
defer_transports = 
mailbox_command = 
mailbox_transport = 
strict_8bitmime = no
strict_rfc821_envelopes = no
disable_mime_output_conversion = no
mailbox_size_limit = 0
message_size_limit = 10240000
virtual_mailbox_domains = proxy:mysql:$config_directory/mysql_virtual_domains_maps.cf
virtual_mailbox_base = /var/vmail
virtual_mailbox_maps = proxy:mysql:$config_directory/mysql_virtual_mailbox_maps.cf
virtual_alias_maps = proxy:mysql:$config_directory/mysql_virtual_alias_maps.cf
virtual_mailbox_limit = proxy:mysql:$config_directory/mysql_virtual_mailbox_limit_maps.cf
virtual_minimum_uid = 150
virtual_uid_maps = static:150
virtual_gid_maps = static:12
virtual_transport = dovecot
dovecot_destination_recipient_limit = 1
smtpd_use_tls = yes
smtpd_tls_CAfile = /etc/apache2/ssl.crt/CAcert_chain.pem
smtpd_tls_cert_file = /etc/apache2/ssl.crt/server.crt
smtpd_tls_key_file = /etc/apache2/ssl.key/server.key
relay_clientcerts = hash:/etc/postfix/relay_ccerts
smtpd_tls_received_header = no
tls_daemon_random_source = dev:/dev/urandom
tls_random_source = dev:/dev/urandom
smtpd_tls_security_level = may
smtpd_tls_ask_ccert = yes
smtpd_sasl_security_options = noanonymous
smtpd_sasl_exceptions_networks = $mynetworks
smtpd_sasl_type = dovecot
smtpd_sasl_path = private/auth
smtpd_sasl_auth_enable = yes
smtpd_sasl_local_domain =
smtpd_helo_required = yes
smtpd_delay_reject = yes
smtpd_sender_restrictions = permit_mynetworks hash:/etc/postfix/access reject_unknown_sender_domain
smtpd_recipient_restrictions = permit_mynetworks permit_tls_all_clientcerts permit_sasl_authenticated reject_non_fqdn_sender reject_non_fqdn_recipient reject_unauth_destination reject_unauth_pipelining reject_invalid_hostname reject_unknown_sender_domain reject_rhsbl_sender dsn.rfc-ignorant.org check_policy_service inet:127.0.0.1:12525 check_policy_service inet:127.0.0.1:2525
smtpd_data_restrictions = reject_multi_recipient_bounce permit
smtpd_client_restrictions = permit_mynetworks permit_sasl_authenticated reject_unauth_pipelining reject_rhsbl_sender dsn.rfc-ignorant.org
smtpd_helo_restrictions = permit_mynetworks reject_invalid_hostname check_helo_access hash:/etc/postfix/heloblock 
smtp_use_tls = yes
smtp_sasl_auth_enable = yes
smtp_tls_session_cache_database = btree:/var/run/smtpd_tls_session_cache
smtp_tls_CAfile = /etc/apache2/ssl.crt/CAcert_chain.pem
smtp_tls_cert_file = /etc/apache2/ssl.crt/server.crt
smtp_tls_key_file = /etc/apache2/ssl.key/server.key
smtp_sasl_security_options = noactive, nodictionary, noanonymous
smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd
broken_sasl_auth_clients = yes

mysql_virtual_alias_maps.cf:

user = mail
password = n/a
hosts = 127.0.0.1
dbname = mail
query = SELECT goto FROM alias WHERE address = '%s' AND active = '1'

mysql_virtual_domains_maps.cf:

user = mail
password = n/a
hosts = 127.0.0.1
dbname = mail
query = SELECT domain FROM domain WHERE domain= '%s' AND backupmx = '0' AND active = '1'

mysql_virtual_mailbox_limit_maps.cf:

user = mail
password = n/a
hosts = 127.0.0.1
dbname = mail
query = SELECT quota FROM mailbox WHERE username = '%s' AND active = '1'

mysql_virtual_mailbox_maps.cf:

user = mail
password = n/a
hosts = 127.0.0.1
dbname = mail
query = SELECT CONCAT(domain,'/',maildir) FROM mailbox WHERE username = '%s' AND active = '1'

Wäre für Hinweise woran es hacken könnte echt dankbar, SMTP AUTH hat mich schon mit Sendmail zur Verzweiflung getrieben...

 

[amnesie]

Tach

Die Fehlermeldung ist doch ziemlich eindeutig, oder?

Dec 28 12:09:20 h123 postfix/smtpd[1470]: connect from h123.stratoserver.net[127.0.0.1]
Dec 28 12:09:20 h123 postfix/smtpd[1470]: warning: SASL authentication problem: unable to open Berkeley db /etc/sasldb2: No such file or directory
Dec 28 12:09:20 h123 postfix/smtpd[1470]: warning: SASL authentication problem: unable to open Berkeley db /etc/sasldb2: No such file or directory
Dec 28 12:09:20 h123 postfix/smtpd[1470]: warning: h123.stratoserver.net[127.0.0.1]: SASL LOGIN authentication failed
Dec 28 12:09:20 h123 postfix/smtpd[1470]: lost connection after AUTH from h123.stratoserver.net[127.0.0.1]
Dec 28 12:09:20 h123 postfix/smtpd[1470]: disconnect from h123.stratoserver.net[127.0.0.1]

Schau dir mal deine SASL-Konfiguration an.

 

[einherjer]

Meinst Du diese Zeile?

Dec 28 12:09:20 h123 postfix/smtpd[1470]: warning: h123.stratoserver.net[127.0.0.1]: SASL LOGIN authentication failed

Die find ich gar ned so eindeutig irgendwie...

Die Authentifizierung soll doch über MySQL laufen und nicht über SASL. Nur scheinbar hält mein Postfix nix von der Idee...

 

[LinuxAdmin]

Schau mal nach, ob Dein Postfix überhaupt für die gewählte SASL-Authentifizierung über Dovecot compiliert wurde:

postconf -a

Ansonsten könnte vielleicht auch folgendes Tool beim Debuggen hilfreich sein: saslfinger - debugging SMTP AUTH in Postfix

Viele Grüße,
LinuxAdmin

 

[amnesie]

Meinst Du diese Zeile?

Dec 28 12:09:20 h123 postfix/smtpd[1470]: warning: h123.stratoserver.net[127.0.0.1]: SASL LOGIN authentication failed

Die find ich gar ned so eindeutig irgendwie...

Eigentlich meinte ich eher die beiden Zeilen darüber...

 

[einherjer]

Funktioniert jetzt übrigens (mit Schönheitsfehler).

Config sieht jetzt wie folgt aus:

Installierte Pakete
cyrus-sasl-2.1.21-3
cyrus-sasl-saslauthd-2.1.21-3
cyrus-sasl-plain-2.1.21-3
cyrus-sasl-sqlauxprop-2.1.21-3

pam_mysql nochmal aus den Quellen installiert

/usr/lib/sasl2/smtpd.conf:

pwcheck_method: saslauthd
mech_list: plain login

/etc/pam.d/smtp:

#%PAM-1.0
auth sufficient pam_mysql.so user=mail passwd=n/a host=127.0.0.1 db=mail table=mailbox usercolumn=username passwdcolumn=password crypt=1 where=active='1'
account sufficient pam_mysql.so user=mail passwd=n/a host=127.0.0.1 db=mail table=mailbox usercolumn=username passwdcolumn=password crypt=1 where=active!='0'

auth     include        common-auth
account  include        common-account
password include        common-password
session  include        common-session

/etc/sysconfig/saslauthd:

SASLAUTHD_AUTHMECH="pam -r"

(schneidet sonst den Domainnamen ab)

und in die boot.local:

mount --bind /var/run/sasl2/ /var/spool/postfix/var/run/sasl2/

(Postfix findet sonst den Socket nicht im chroot)

überaus hilfreich war übrigens der Befehl:

testsaslauthd -u [email]user@domain.tld[/email] -p pass -s smtp

Einen kleinen Schönheitsfehler gibt es aber noch. Im messages Log tauchen nach wie vor Fehler auf:

postfix/smtpd[23909]: sql_select option missing
postfix/smtpd[23909]: auxpropfunc error no mechanism available 
postfix/smtpd[23909]: _sasl_plugin_load failed on sasl_auxprop_plug_init for plugin: sql

Wie bekommt man denn das eventuell noch weg?