Главная » Форум » Gentoo Linux » Системное администрирование

SASL для postfix используя courier-authlib

9112 19 февраля, 2010 - 18:15

настраивается сервер, postfix+sasl+courier-imapd+ldap
всё настроил, всё работает, без sasl.
пытаюсь прикрутить к postfix sasl, чтобы пользоваться courier-authlib - не работает, письма не отсылаются, забираются без проблем.

mail / # cat /etc/sasl2/smtpd.conf
pwcheck_method: authdaemond
log_level: 3
mech_list: LOGIN CRAM-MD5
authdaemond_path: /var/lib/courier/authdaemon/socket

mail / # grep -v "#" /etc/postfix/main.cf
local_transport = virtual
virtual_mailbox_base = /
virtual_mailbox_maps = ldap:ldapvirtual
virtual_uid_maps = static:5000
virtual_gid_maps = static:5000
virtual_minimum_uid = 500
virtual_mailbox_limit = 0
ldapvirtual_server_host = 192.168.10.113
ldapvirtual_server_port = 389
ldapvirtual_bind = yes
ldapvirtual_bind_dn = cn=admin,dc=mydomain,dc=net
ldapvirtual_bind_pw = root
ldapvirtual_search_base = ou=people,dc=mydomain,dc=net
ldapvirtual_query_filter = (mail=%s)
ldapvirtual_result_attribute = mailMessageStore
ldapvirtual_domain = mydomain.ru

myhostname = mail.mydomain.ru
mydomain = mydomain.ru
myorigin = $mydomain

inet_interfaces = all

mydestination = $myhostname,localhost.localdomain,$mydomain

virtual_maps = ldap:ldapalias
ldapalias_server_host = 192.168.10.113
ldapalias_server_port = 389
ldapalias_bind = yes
ldapalias_bind_dn = cn=admin,dc=mydomain,dc=net
ldapalias_bind_pw = root
ldapalias_search_base = ou=people,dc=mydomain,dc=net
ldapalias_query_filter = (|(mail=%s)(mailAlternateAddress=%s))
ldapalias_result_attribute = mail

smtpd_sasl_path = smtpd
smtpd_sasl_auth_enable = yes
smtpd_sasl_security_options = noanonymous, noplaintext
broken_sasl_auth_clients = yes
smtpd_sasl_local_domain =
smtpd_sasl_type = cyrus

readme_directory = /usr/share/doc/postfix-2.6.5/readme
sample_directory = /etc/postfix
sendmail_path = /usr/sbin/sendmail
html_directory = /usr/share/doc/postfix-2.6.5/html
setgid_group = postdrop

command_directory = /usr/sbin
manpage_directory = /usr/share/man
daemon_directory = //usr/lib64/postfix
newaliases_path = /usr/bin/newaliases
mailq_path = /usr/bin/mailq
queue_directory = /var/spool/postfix
mail_owner = postfix
data_directory = /var/lib/postfix
debug_peer_level = 2

alias_database = hash:/etc/aliases
alias_maps = hash:/etc/aliases
unknown_local_recipient_reject_code = 450
mynetworks = 192.168.10.0/24, 127.0.0.0/8
biff = no

smtpd_banned = $myhostname ESMTP

recipient_delimiter =
local_recipient_maps =

smtpd_recipient_restrictions = permit_sasl_authenticated, reject_unauth_destination, reject_sender_login_mismatch

приводить конфиг authdaemond я думаю смысла нет, т.к. courier-pop3d без проблем его использует.

в логах, при попытке отправить письмо пишется следующее:

Feb 19 17:07:56 mail postfix/smtpd[7587]: connect from unknown[192.168.10.120]
Feb 19 17:07:56 mail postfix/smtpd[7587]: match_list_match: unknown: no match
Feb 19 17:07:56 mail postfix/smtpd[7587]: match_list_match: 192.168.10.120: no match
Feb 19 17:07:56 mail postfix/smtpd[7587]: match_list_match: unknown: no match
Feb 19 17:07:56 mail postfix/smtpd[7587]: match_list_match: 192.168.10.120: no match
Feb 19 17:07:56 mail postfix/smtpd[7587]: match_hostname: unknown ~? 192.168.10.0/24
Feb 19 17:07:56 mail postfix/smtpd[7587]: match_hostaddr: 192.168.10.120 ~? 192.168.10.0/24
Feb 19 17:07:56 mail postfix/smtpd[7587]: > unknown[192.168.10.120]: 220 mail.mydomain.ru ESMTP Postfix
Feb 19 17:07:56 mail postfix/smtpd[7587]: xsasl_cyrus_server_create: SASL service=smtp, realm=(null)
Feb 19 17:07:56 mail postfix/smtpd[7587]: name_mask: noanonymous
Feb 19 17:07:56 mail postfix/smtpd[7587]: name_mask: noplaintext
Feb 19 17:07:56 mail postfix/smtpd[7587]: watchdog_pat: 0x1480780
Feb 19 17:07:56 mail postfix/smtpd[7587]: < unknown[192.168.10.120]: EHLO [192.168.10.120]
Feb 19 17:07:56 mail postfix/smtpd[7587]: > unknown[192.168.10.120]: 250-mail.mydomain.ru
Feb 19 17:07:56 mail postfix/smtpd[7587]: > unknown[192.168.10.120]: 250-PIPELINING
Feb 19 17:07:56 mail postfix/smtpd[7587]: > unknown[192.168.10.120]: 250-SIZE 10240000
Feb 19 17:07:56 mail postfix/smtpd[7587]: > unknown[192.168.10.120]: 250-VRFY
Feb 19 17:07:56 mail postfix/smtpd[7587]: > unknown[192.168.10.120]: 250-ETRN
Feb 19 17:07:56 mail postfix/smtpd[7587]: > unknown[192.168.10.120]: 250-AUTH CRAM-MD5
Feb 19 17:07:56 mail postfix/smtpd[7587]: match_list_match: unknown: no match
Feb 19 17:07:56 mail postfix/smtpd[7587]: match_list_match: 192.168.10.120: no match
Feb 19 17:07:56 mail postfix/smtpd[7587]: > unknown[192.168.10.120]: 250-AUTH=CRAM-MD5
Feb 19 17:07:56 mail postfix/smtpd[7587]: > unknown[192.168.10.120]: 250-ENHANCEDSTATUSCODES
Feb 19 17:07:56 mail postfix/smtpd[7587]: > unknown[192.168.10.120]: 250-8BITMIME
Feb 19 17:07:56 mail postfix/smtpd[7587]: > unknown[192.168.10.120]: 250 DSN
Feb 19 17:07:56 mail postfix/smtpd[7587]: watchdog_pat: 0x1480780
Feb 19 17:07:56 mail postfix/smtpd[7587]: < unknown[192.168.10.120]: AUTH CRAM-MD5
Feb 19 17:07:56 mail postfix/smtpd[7587]: xsasl_cyrus_server_first: sasl_method CRAM-MD5
Feb 19 17:07:56 mail postfix/smtpd[7587]: xsasl_cyrus_server_auth_response: uncoded server challenge: <1310942510.8308151@mail.mydomain.ru>
Feb 19 17:07:56 mail postfix/smtpd[7587]: > unknown[192.168.10.120]: 334 PDEzMTA5NDI1MTAuODMwODE1MUBtYWlsLmFrdmFyb20ucnU+
Feb 19 17:07:56 mail postfix/smtpd[7587]: < unknown[192.168.10.120]: bmV3IGVkYjc3NzA2MGFlNmQ0MDZhZWQ2OTJhYzAwNTkwMTQ5
Feb 19 17:07:56 mail postfix/smtpd[7587]: xsasl_cyrus_server_next: decoded response: new edb777060ae6d406aed692ac00590149
Feb 19 17:07:56 mail postfix/smtpd[7587]: warning: SASL authentication failure: no secret in database
Feb 19 17:07:56 mail postfix/smtpd[7587]: warning: unknown[192.168.10.120]: SASL CRAM-MD5 authentication failed: authentication failure
Feb 19 17:07:56 mail postfix/smtpd[7587]: > unknown[192.168.10.120]: 535 5.7.8 Error: authentication failed: authentication failure
Feb 19 17:07:56 mail postfix/smtpd[7587]: watchdog_pat: 0x1480780
Feb 19 17:07:57 mail postfix/smtpd[7587]: < unknown[192.168.10.120]: QUIT
Feb 19 17:07:57 mail postfix/smtpd[7587]: > unknown[192.168.10.120]: 221 2.0.0 Bye
Feb 19 17:07:57 mail postfix/smtpd[7587]: match_hostname: unknown ~? 192.168.10.0/24
Feb 19 17:07:57 mail postfix/smtpd[7587]: match_hostaddr: 192.168.10.120 ~? 192.168.10.0/24
Feb 19 17:07:57 mail postfix/smtpd[7587]: disconnect from unknown[192.168.10.120]
Feb 19 17:07:57 mail postfix/smtpd[7587]: master_notify: status 1
Feb 19 17:07:57 mail postfix/smtpd[7587]: connection closed
Feb 19 17:07:57 mail postfix/smtpd[7587]: watchdog_stop: 0x1480780
Feb 19 17:07:57 mail postfix/smtpd[7587]: watchdog_start: 0x1480780

и кстати, когда ставлю в smtpd.conf метод только LOGIN, логи после отправки вообще ошибками заваливаются, якобы не поддерживаемый метод(немного не понятен сей факт..)

‹ Nagios и apache2 SAMS и Gentoo ›
»