[postfix-es] Problemas con SASL (again)
Josep M.
websurfer en navegants.com
Dom Nov 16 15:02:40 CET 2003
Hola.
Quiero usar SASL con postfix y no hay manera de que funcione,os pongo los logs y el problema
explicado un poco,ahora tengo instalado postfix-2.0.16-7.sasl2.tls.rhel3.rpm and
postfix-debuginfo-2.0.16-7.sasl2.tls.rhel3.rpm compilado usando un .src.rpm de Simon J Mudd.
Este es el error del log mas preocupante:
SASL authentication problem: unknown password verifier
No tengo el archivo /etc/postfix/saslpass ,lo necesito si quiero autenfificarme contra /etc/shadow
Os pongo todos los detalles otra vez a ver si alguien puede ver el fallo:
Necesito el archivo /etc/pam.d/smtpd ? No lo tengo,deberia crearlo?
He modificado en master.cf
Antes:
smtp inet n - n - - smtpd
Ahora:
smtp inet n - n - - smtpd -v
smtps inet n - n - - smtpd -v -o smtpd_sasl_auth_enable=yes
[root en mail root]# postconf -n
alias_database = hash:/etc/postfix/aliases
alias_maps = hash:/etc/postfix/aliases
broken_sasl_auth_clients = yes
command_directory = /usr/sbin
config_directory = /etc/postfix
daemon_directory = /usr/libexec/postfix
debug_peer_level = 9
inet_interfaces = all
mail_owner = postfix
mailbox_size_limit = 5120000000
mailq_path = /usr/bin/mailq.postfix
manpage_directory = /usr/share/man
message_size_limit = 102400000
mydestination = $myhostname, localhost.$mydomain, $mydomain
mydomain = navegants.com
myhostname = mail.navegants.com
mynetworks = 172.26.0.2, 172.26.0.3, 127.0.0.0/8
mynetworks_style = subnet
myorigin = $mydomain
newaliases_path = /usr/bin/newaliases.postfix
notify_classes = resource, software
queue_directory = /var/spool/postfix
readme_directory = /etc/postfix/README_FILES
relay_domains = $mydestination
sample_directory = /etc/postfix/samples
sendmail_path = /usr/sbin/sendmail.postfix
setgid_group = postdrop
smtp_sasl_auth_enable = yes
smtp_sasl_password_maps = hash:/etc/postfix/saslpass
smtp_sasl_security_options = noplaintext
smtpd_recipient_restrictions = permit_sasl_authenticated, permit_mynetworks, reject_unauth_destination, check_recipient_access hash:/etc/postfix/recipient_checks, check_sender_access hash:/etc/postfix/sender_checks, check_client_access hash:/etc/postfix/client_checks, permit
smtpd_sasl_auth_enable = yes
smtpd_sasl_local_domain = $myhostname
smtpd_sasl_security_options = noanonymous
unknown_local_recipient_reject_code = 450
virtual_alias_domains = $virtual_alias_maps
virtual_alias_maps = hash:/etc/postfix/virtual
[root en mail root]# cat /usr/lib/sasl2/smtpd.conf
pwcheck_method: saslauth
[root en mail root]# cat /etc/ld.so.conf
/usr/kerberos/lib
/usr/X11R6/lib
/usr/lib/qt-3.1/lib
/usr/lib/sane
/usr/lib/mysql
/usr/local/lib/sasl2
NOTA: Yo he añadido la ultima linea "/usr/local/lib/sasl2a" /etc/ld.so.conf
y despues he ejecutado "ldconfig"
[root en mail root]# rpm -qa |grep sasl
cyrus-sasl-devel-2.1.15-3
cyrus-sasl-md5-2.1.15-3
cyrus-sasl-plain-2.1.15-3
cyrus-sasl-2.1.15-3
cyrus-sasl-gssapi-2.1.15-3
postfix-2.0.16-7.sasl2.tls.rhel3
postfix-debuginfo-2.0.16-7.sasl2.tls.rhel3
[root en mail root]# ps -wax |grep saslauthd
1914 ? S 0:00 /usr/sbin/saslauthd -m /var/run/saslauthd -a shadow
1915 ? S 0:00 /usr/sbin/saslauthd -m /var/run/saslauthd -a shadow
1916 ? S 0:00 /usr/sbin/saslauthd -m /var/run/saslauthd -a shadow
1917 ? S 0:00 /usr/sbin/saslauthd -m /var/run/saslauthd -a shadow
1918 ? S 0:00 /usr/sbin/saslauthd -m /var/run/saslauthd -a shadow
Codifico el password asi:
perl -MMIME::Base64 -e 'print encode_base64("test\0test\0hereispassword");'
Con el resultado de eso hago el AUTH PLAIN
220 mail.navegants.com ESMTP Postfix
EHLO navegants.com
250-mail.navegants.com
250-PIPELINING
250-SIZE 102400000
250-VRFY
250-ETRN
250-AUTH PLAIN LOGIN GSSAPI DIGEST-MD5 CRAM-MD5
250-AUTH=PLAIN LOGIN GSSAPI DIGEST-MD5 CRAM-MD5
250 8BITMIME
AUTH PLAIN dGxxxxxxxxxxxxxxxxxxxxxxxxx24=
535 Error: authentication failed
Y este es el log:
mail postfix/smtpd[2450]: < unknown[172.26.0.4]: EHLO navegants.com
mail postfix/smtpd[2450]: > unknown[172.26.0.4]: 250-mail.navegants.com
mail postfix/smtpd[2450]: > unknown[172.26.0.4]: 250-PIPELINING
mail postfix/smtpd[2450]: > unknown[172.26.0.4]: 250-SIZE 102400000
mail postfix/smtpd[2450]: > unknown[172.26.0.4]: 250-VRFY
mail postfix/smtpd[2450]: > unknown[172.26.0.4]: 250-ETRN
mail postfix/smtpd[2450]: > unknown[172.26.0.4]: 250-AUTH PLAIN LOGIN GSSAPI DIGEST-MD5 CRAM-MD5
mail postfix/smtpd[2450]: > unknown[172.26.0.4]: 250-AUTH=PLAIN LOGIN GSSAPI DIGEST-MD5 CRAM-MD5
mail postfix/smtpd[2450]: match_hostname: unknown ~? 172.26.0.2
mail postfix/smtpd[2450]: match_hostaddr: 172.26.0.4 ~? 172.26.0.2
mail postfix/smtpd[2450]: match_hostname: unknown ~? 172.26.0.3
mail postfix/smtpd[2450]: match_hostaddr: 172.26.0.4 ~? 172.26.0.3
mail postfix/smtpd[2450]: match_hostname: unknown ~? 127.0.0.0/8
mail postfix/smtpd[2450]: match_hostaddr: 172.26.0.4 ~? 127.0.0.0/8
mail postfix/smtpd[2450]: match_list_match: unknown: no match
mail postfix/smtpd[2450]: match_list_match: 172.26.0.4: no match
mail postfix/smtpd[2450]: > unknown[172.26.0.4]: 250 8BITMIME
mail postfix/smtpd[2450]: watchdog_pat: 0x80acef0
mail postfix/smtpd[2450]: < unknown[172.26.0.4]: AUTH PLAIN dGXXXXXXCHANGEDXXXXXXXxxx4=
mail postfix/smtpd[2450]: smtpd_sasl_authenticate: sasl_method PLAIN, init_response dGXXXXXXXXCHANGEDXXXXXXXX24=
mail postfix/smtpd[2450]: smtpd_sasl_authenticate: decoded initial response test
mail postfix/smtpd[2450]: warning: SASL authentication problem: unknown password verifier
mail postfix/smtpd[2450]: warning: SASL authentication failure: Password verification failed
mail postfix/smtpd[2450]: warning: unknown[172.26.0.4]: SASL PLAIN authentication failed
mail postfix/smtpd[2450]: > unknown[172.26.0.4]: 535 Error: authentication failed
mail postfix/smtpd[2450]: watchdog_pat: 0x80acef
Ni idea de que puede ser,alguien ve algo por lo que puede fallar?
Saludos
Josep
-
Para ENVIAR mensajes a esta lista tienes que estar SUSCRITO a ella.
.
Envía la linea "unsubscribe postfix-es" en el cuerpo de un mensaje
a majordomo en WL0.org para quitarte de la lista.
Más información sobre la lista de distribución Postfix-es