[Verzweiflung] SASLAUTH mal wieder


romeo

New Member
HI Leute
Ich habe probiert mir meinen Mailserver einzurichten.
Postfix Sasl etc
Stand der Dinge ist ich kann via Imap empfangen, aber nichts via Smtp versenden. :(
Bitte sagt, dass ihr mir helfen könnt... Ich bin schon am zweifeln ob ich nicht auf eine Windoof One-Click-Lösung setzten sollte :eek:

problem ist immer folgendes laut mail.log:
Code:
Apr  2 08:57:01 w0g postfix/smtpd[15751]: warning: SASL authentication failure: cannot connect to saslauthd server: No such file or directory
Apr  2 08:57:01 w0g postfix/smtpd[15751]: warning: **********-dynip.superkabel.de[*********]: SASL LOGIN authentication failed: generic failure

dann hab ich testsaslauthd -u user -p pw probiert:
Code:
connect() : No such file or directory

saslfinger -s liefert mir:
Code:
saslfinger - postfix Cyrus sasl configuration Fri Apr  2 09:01:13 UTC 2010
version: 1.0.4
mode: server-side SMTP AUTH

-- basics --
Postfix: 2.5.5
System: Ubuntu 9.04 \n \l

-- smtpd is linked to --
        libsasl2.so.2 => /usr/lib/libsasl2.so.2 (0xf755e000)

-- active SMTP AUTH and TLS parameters for smtpd --
broken_sasl_auth_clients = yes
smtpd_sasl_auth_enable = yes
smtpd_sasl_local_domain = $myhostname
smtpd_sasl_security_options = noanonymous
smtpd_tls_cert_file = /etc/ssl/certs/ssl-cert-snakeoil.pem
smtpd_tls_key_file = /etc/ssl/private/ssl-cert-snakeoil.key
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
smtpd_use_tls = yes



-- listing of /usr/lib/sasl2 --
total 744
drwxr-xr-x  2 root root  4096 May 28  2009 .
drwxr-xr-x 37 root root 12288 Apr  1 20:31 ..
-rw-r--r--  1 root root 13868 Mar  6  2009 libanonymous.a
-rw-r--r--  1 root root   989 Mar  6  2009 libanonymous.la
-rw-r--r--  1 root root 13752 Mar  6  2009 libanonymous.so
-rw-r--r--  1 root root 13752 Mar  6  2009 libanonymous.so.2
-rw-r--r--  1 root root 13752 Mar  6  2009 libanonymous.so.2.0.22
-rw-r--r--  1 root root 16390 Mar  6  2009 libcrammd5.a
-rw-r--r--  1 root root   975 Mar  6  2009 libcrammd5.la
-rw-r--r--  1 root root 17848 Mar  6  2009 libcrammd5.so
-rw-r--r--  1 root root 17848 Mar  6  2009 libcrammd5.so.2
-rw-r--r--  1 root root 17848 Mar  6  2009 libcrammd5.so.2.0.22
-rw-r--r--  1 root root 47760 Mar  6  2009 libdigestmd5.a
-rw-r--r--  1 root root   998 Mar  6  2009 libdigestmd5.la
-rw-r--r--  1 root root 46828 Mar  6  2009 libdigestmd5.so
-rw-r--r--  1 root root 46828 Mar  6  2009 libdigestmd5.so.2
-rw-r--r--  1 root root 46828 Mar  6  2009 libdigestmd5.so.2.0.22
-rw-r--r--  1 root root 13906 Mar  6  2009 liblogin.a
-rw-r--r--  1 root root   969 Mar  6  2009 liblogin.la
-rw-r--r--  1 root root 13748 Mar  6  2009 liblogin.so
-rw-r--r--  1 root root 13748 Mar  6  2009 liblogin.so.2
-rw-r--r--  1 root root 13748 Mar  6  2009 liblogin.so.2.0.22
-rw-r--r--  1 root root 30324 Mar  6  2009 libntlm.a
-rw-r--r--  1 root root   963 Mar  6  2009 libntlm.la
-rw-r--r--  1 root root 30196 Mar  6  2009 libntlm.so
-rw-r--r--  1 root root 30196 Mar  6  2009 libntlm.so.2
-rw-r--r--  1 root root 30196 Mar  6  2009 libntlm.so.2.0.22
-rw-r--r--  1 root root 14226 Mar  6  2009 libplain.a
-rw-r--r--  1 root root   969 Mar  6  2009 libplain.la
-rw-r--r--  1 root root 17844 Mar  6  2009 libplain.so
-rw-r--r--  1 root root 17844 Mar  6  2009 libplain.so.2
-rw-r--r--  1 root root 17844 Mar  6  2009 libplain.so.2.0.22
-rw-r--r--  1 root root 22402 Mar  6  2009 libsasldb.a
-rw-r--r--  1 root root  1000 Mar  6  2009 libsasldb.la
-rw-r--r--  1 root root 21804 Mar  6  2009 libsasldb.so
-rw-r--r--  1 root root 21804 Mar  6  2009 libsasldb.so.2
-rw-r--r--  1 root root 21804 Mar  6  2009 libsasldb.so.2.0.22

-- listing of /etc/postfix/sasl --
total 12
drwxr-xr-x 2 root root 4096 Apr  1 20:56 .
drwxr-xr-x 3 root root 4096 Apr  1 21:25 ..
-rw-r--r-- 1 root root  108 Apr  1 20:33 smtpd.conf

-- content of /etc/postfix/sasl/smtpd.conf --
pwcheck_method: saslauthd
mech_list: PLAIN LOGIN
saslauthd_path: /var/run/saslauthd/mux
autotransition:true

-- content of /etc/postfix/sasl/smtpd.conf --
pwcheck_method: saslauthd
mech_list: PLAIN LOGIN
saslauthd_path: /var/run/saslauthd/mux
autotransition:true


-- active services in /etc/postfix/master.cf --
# service type  private unpriv  chroot  wakeup  maxproc command + args
#               (yes)   (yes)   (yes)   (never) (100)
smtp      inet  n       -       y       -       -       smtpd
pickup    fifo  n       -       -       60      1       pickup
cleanup   unix  n       -       -       -       0       cleanup
qmgr      fifo  n       -       n       300     1       qmgr
tlsmgr    unix  -       -       -       1000?   1       tlsmgr
rewrite   unix  -       -       -       -       -       trivial-rewrite
bounce    unix  -       -       -       -       0       bounce
defer     unix  -       -       -       -       0       bounce
trace     unix  -       -       -       -       0       bounce
verify    unix  -       -       -       -       1       verify
flush     unix  n       -       -       1000?   0       flush
proxymap  unix  -       -       n       -       -       proxymap
proxywrite unix -       -       n       -       1       proxymap
smtp      unix  -       -       -       -       -       smtp
relay     unix  -       -       -       -       -       smtp
        -o smtp_fallback_relay=
showq     unix  n       -       -       -       -       showq
error     unix  -       -       -       -       -       error
retry     unix  -       -       -       -       -       error
discard   unix  -       -       -       -       -       discard
local     unix  -       n       n       -       -       local
virtual   unix  -       n       n       -       -       virtual
lmtp      unix  -       -       -       -       -       lmtp
anvil     unix  -       -       -       -       1       anvil
scache    unix  -       -       -       -       1       scache
maildrop  unix  -       n       n       -       -       pipe
  flags=DRhu user=vmail argv=/usr/bin/maildrop -d ${recipient}
uucp      unix  -       n       n       -       -       pipe
  flags=Fqhu user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail ($recipient)
ifmail    unix  -       n       n       -       -       pipe
  flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient)
bsmtp     unix  -       n       n       -       -       pipe
  flags=Fq. user=bsmtp argv=/usr/lib/bsmtp/bsmtp -t$nexthop -f$sender $recipient
scalemail-backend unix  -       n       n       -       2       pipe
  flags=R user=scalemail argv=/usr/lib/scalemail/bin/scalemail-store ${nexthop} ${user} ${extension}
mailman   unix  -       n       n       -       -       pipe
  flags=FR user=list argv=/usr/lib/mailman/bin/postfix-to-mailman.py
  ${nexthop} ${user}

-- mechanisms on localhost --
250-AUTH LOGIN PLAIN
250-AUTH=LOGIN PLAIN


-- end of saslfinger output --
 
Die Fehlermeldung lautet cannot connect to saslauthd server. Du hast verifiziert, daß der genannte Prozeß läuft?
 
oh man ich sollte echt schlafen gehen :(
jetzt sagt testsaslauthd :
Code:
0: OK "Success."

aber es geht noch immer nicht und im mail.log:
Code:
Apr  2 09:27:49 w0g postfix/smtpd[18884]: connect from ************-dynip.superkabel.de[************]
Apr  2 09:27:49 w0g postfix/smtpd[18884]: warning: SASL authentication failure: cannot connect to saslauthd server: No such file or directory
Apr  2 09:27:49 w0g postfix/smtpd[18884]: warning: ************-dynip.superkabel.de[************]: SASL LOGIN authentication failed: generic failure
Apr  2 09:27:49 w0g postfix/smtpd[18884]: lost connection after AUTH from ************-dynip.superkabel.de[************]
Apr  2 09:27:49 w0g postfix/smtpd[18884]: disconnect from ************-dynip.superkabel.de[************]
 
Kann der User postfix an den genannten Socket sowie alle drüberliegenden Verzeichnisse? Vermutlich hast du postfix nicht in die Gruppe sasl gesteckt.
 
danke für dein schnellen antworten
aber auch hier muss ich dich enttäuschen:
Code:
root@w0g:~# id postfix
uid=104(postfix) gid=107(postfix) groups=107(postfix),45(sasl)
 
Postfix versucht die Verbindung über /var/run/saslauthd/mux. Gibt es den Socket? Wie sehen die Rechte aus? Wie sehen die Rechte der drüberliegenden Verzeichnisse aus?
 
Code:
root@w0g:~# ls -al /var/run/saslauthd/
total 936
drwx--x--- 2 root sasl   4096 Apr  2 09:26 .
drwxr-xr-x 8 root root   4096 Apr  2 11:10 ..
-rw------- 1 root root      0 Apr  2 09:26 cache.flock
-rw------- 1 root root 945152 Apr  2 09:26 cache.mmap
srwxrwxrwx 1 root root      0 Apr  2 09:26 mux
-rw------- 1 root root      0 Apr  2 09:26 mux.accept
-rw------- 1 root root      6 Apr  2 09:26 saslauthd.pid

Code:
root@w0g:~# ls -al /var/run/
total 60
drwxr-xr-x  8 root   root   4096 Apr  2 11:20 .
drwxr-xr-x 14 root   root   4096 Mar  7 18:38 ..
drwxr-xr-x  4 daemon daemon 4096 Apr  1 19:35 courier
-rw-r--r--  1 root   root      5 Apr  1 08:27 crond.pid
----------  1 root   root      0 Apr  1 08:27 crond.reboot
drwxr-xr-x  2 klog   klog   4096 May 28  2009 klogd
-rw-r--r--  1 root   root    448 Apr  2 11:20 motd
-rw-r--r--  1 root   root      5 Apr  1 08:27 rsyslogd.pid
drwx--x---  2 root   sasl   4096 Apr  2 09:26 saslauthd
drwxrwxr-x  3 root   utmp   4096 Mar  7 18:40 screen
drwxr-xr-x  2 root   root   4096 Jan 28  2009 sshd
-rw-r--r--  1 root   root      5 Apr  1 08:27 sshd.pid
drwxr-xr-x  2 root   root   4096 Apr  1 08:30 update-motd
-rw-r--r--  1 root   root     49 Apr  2 11:20 update-motd.lastrun
-rw-r--r--  1 root   root      1 Apr  1 20:31 updates-available
-rw-rw-r--  1 root   voice  2688 Apr  2 08:49 utmp
 
Die Rechte sehen wie bei mir aus (allerdings nutze ich sendmail und das tut es so). Vielleicht kann jemand mit einer funktionierenden Postfixkonfiguration mehr dazu sagen...
 
Code:
root@w0g:~# cat /etc/default/saslauthd
#
# Settings for saslauthd daemon
# Please read /usr/share/doc/sasl2-bin/README.Debian for details.
#

# Should saslauthd run automatically on startup? (default: no)
START=yes

# Description of this saslauthd instance. Recommended.
# (suggestion: SASL Authentication Daemon)
DESC="SASL Authentication Daemon"

# Short name of this saslauthd instance. Strongly recommended.
# (suggestion: saslauthd)
NAME="saslauthd"

# Which authentication mechanisms should saslauthd use? (default: pam)
#
# Available options in this Debian package:
# getpwent  -- use the getpwent() library function
# kerberos5 -- use Kerberos 5
# pam       -- use PAM
# rimap     -- use a remote IMAP server
# shadow    -- use the local shadow password file
# sasldb    -- use the local sasldb database file
# ldap      -- use LDAP (configuration is in /etc/saslauthd.conf)
#
# Only one option may be used at a time. See the saslauthd man page
# for more information.
#
# Example: MECHANISMS="pam"
MECHANISMS="rimap"

# Additional options for this mechanism. (default: none)
# See the saslauthd man page for information about mech-specific options.
MECH_OPTIONS="localhost"

# How many saslauthd processes should we run? (default: 5)
# A value of 0 will fork a new process for each connection.
THREADS=5

# Other options (default: -c -m /var/run/saslauthd)
# Note: You MUST specify the -m option or saslauthd won't run!
#
# WARNING: DO NOT SPECIFY THE -d OPTION.
# The -d option will cause saslauthd to run in the foreground instead of as
# a daemon. This will PREVENT YOUR SYSTEM FROM BOOTING PROPERLY. If you wish
# to run saslauthd in debug mode, please run it by hand to be safe.
#
# See /usr/share/doc/sasl2-bin/README.Debian for Debian-specific information.
# See the saslauthd man page and the output of 'saslauthd -h' for general
# information about these options.
#
# Example for postfix users: "-c -m /var/spool/postfix/var/run/saslauthd"
#OPTIONS="-c -m /var/run/saslauthd"
OPTIONS="-r -c -m /var/spool/postfix/var/run/saslauthd -d"
 
Code:
OPTIONS="-r -c -m /var/spool/postfix/var/run/saslauthd -d"

Dann überprüfe mal Rechte/Besitzer/Gruppe von dem Verzeichnis. Die müssen so wie oben stehen. Ich tippe drauf, dass die Gruppe nicht auf sasl steht oder das x-Bit dafür fehlt.
 
auch hier wieder enttäuschung :(
Code:
root@w0g:~# ls -al /var/spool/postfix/var/run/
total 12
drwxr-xr-x 3 root root 4096 Apr  1 21:00 .
drwxr-xr-x 3 root root 4096 Apr  1 21:00 ..
drwx--x--- 2 root sasl 4096 Apr  1 21:29 saslauthd
^^ für den salsauth directory hab ihc postfix zum user gemacht

aber das verzeichniss is leer
Code:
root@w0g:~# ls -al /var/spool/postfix/var/run/saslauthd
total 8
drwx--x--- 2 postfix sasl 4096 Apr  1 21:29 .
drwxr-xr-x 3 root    root 4096 Apr  1 21:00 ..

ist das ok?
 
Last edited by a moderator:
salsath liefert im betrieb immer folgende ausgabe:
Code:
saslauthd[24155] :rel_accept_lock : released accept lock
saslauthd[24156] :get_accept_lock : acquired accept lock
saslauthd[24155] :cache_get_rlock : attempting a read lock on slot: 1423
saslauthd[24155] :cache_lookup    : [login=*******@***.***.net] [service=***.***.net] [realm=smtp]: not found, update pending
saslauthd[24155] :cache_un_lock   : attempting to release lock on slot: 1423
saslauthd[24155] :do_auth         : auth failure: [user=test123@*****@***.***.net] [service=smtp] [realm=***.***.net] [mech=rimap] [reason=remote server rejected your credentials]
 
/etc/init.d/saslauthd stop

ps aux | grep saslauthd

Werden alle Prozesse beendet wenn du den sasl stoppst?
 
ich bin schon ein stück weiter gekommen:
ich denke der fehler liegt nun darin dass er mit der domain hinten dran sich als user zu authentifizieren versucht, was natürlich nicht klappen kann

Code:
/var/log/mail.log
Code:
Apr  3 08:41:49 w0g postfix/smtpd[19670]: connect from *******-dynip.superkabel.de[*******]
Apr  3 08:41:50 w0g imapd: Connection, ip=[::ffff:127.0.0.1]
Apr  3 08:41:50 w0g authdaemond: received auth request, service=imap, authtype=login
Apr  3 08:41:50 w0g authdaemond: authpam: trying this module
Apr  3 08:41:50 w0g authdaemond: authpam: username 'test123@***.***.***' not found in password file
Apr  3 08:41:50 w0g authdaemond: authpam: REJECT - try next module
Apr  3 08:41:50 w0g authdaemond: FAIL, all modules rejected
Apr  3 08:41:50 w0g imapd: LOGIN FAILED, user=test123@***.***.***, ip=[::ffff:127.0.0.1]
 
Und wieder bin ich ein Stück weitergekommen.
Verzeiht mir wenn ich das schon fast als "Blog" missbrauche aber so behalte ich auch noch einen Überblick;)

Authentifzierungen klappen allerdings werden emails trotzdem nicht versendet.. und die Logs schweigen :(

/var/log/mail.log
Code:
Apr  3 09:52:48 w0g imapd: Connection, ip=[::ffff:*********]
Apr  3 09:52:48 w0g authdaemond: received auth request, service=imap, authtype=login
Apr  3 09:52:48 w0g authdaemond: authpam: trying this module
Apr  3 09:52:48 w0g authdaemond: authpam: sysusername=test, sysuserid=<null>, sysgroupid=1000, homedir=/home/test, address=test, fullname=, maildir=<null>, quota=<null>, options=<null>
Apr  3 09:52:48 w0g authdaemond: authpam: clearpasswd=<null>, passwd=x
Apr  3 09:52:48 w0g authdaemond: pam_service=imap, pam_username=test
Apr  3 09:52:48 w0g authdaemond: dopam successful
Apr  3 09:52:48 w0g authdaemond: Authenticated: sysusername=test, sysuserid=<null>, sysgroupid=1000, homedir=/home/test, address=test, fullname=, maildir=<null>, quota=<null>, options=<null>
Apr  3 09:52:48 w0g authdaemond: Authenticated: clearpasswd=test, passwd=******
Apr  3 09:52:48 w0g imapd: LOGIN, user=test123, ip=[::ffff:***], port=[56303], protocol=IMAP

Allerdings erreichen die emails nie ihren Adressaten und ich weiss nicht mehr wo ich noch suchen soll.
 

Back
Top