[Postfix-es] postfix + sals con mysql
linux en derechoalgrano.com.ar
linux en derechoalgrano.com.ar
Lun Jul 4 23:46:47 CEST 2005
Hola lista. LLego como apelando a uno de los último recursos. Vuestra
ayuda. Hace 3 días, que vengo peleando con Postfix para lograr que
autentique mediante SASL contra una bd en mysql. Busque ejemplos , lei
SASL.README.gz, ejemplos, etc. Pero no logre que funcione la autenticación
smtp.
Actualmente me funciona: Postfix 2.1.5.9 + amavis (20030616p10-5) +
clamav (0.84-2) + bogofilter, pero no logre que funcione la autenticación
SMTP con SALS.
Tengo instalado:
Debian Sarge:
ii postfix 2.1.5-9
ii postfix-doc 2.1.5-9
ii postfix-mysql 2.1.5-9
ii postfix-tls 2.1.5-9
ii libsasl2 2.1.19-1.5
ii libsasl2-modul 2.1.19-1.5
ii libsasl2-modules-sql 2.1.19-1.5
Mi main.cf
======================================
turx:/etc/postfix# cat main.cf
command_directory = /usr/sbin
daemon_directory = /usr/lib/postfix
program_directory = /usr/lib/postfix
smtpd_banner = TuRx ESMTP $mail_name (Debian/GNU)
setgid_group = postdrop
biff = no
local_recipient_maps = $virtual_mailbox_maps
myhostname = tucx
alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases
myorigin = $myhostname
mydestination = turx.tc, turx
relay_domains = $mydestination
relayhost =
mynetworks = 127.0.0.0/8
mailbox_size_limit = 0
recipient_delimiter = +
queue_directory = /var/spool/postfix
mail_owner = postfix
mydomain = turx.tc
home_mailbox = /Maildir/
mail_spool_directory = /var/spool/mail/
relay_domains = $mydestination
local_destination_concurrency_limit = 2
default_destination_concurrency_limit = 10
debug_peer_level = 2
virtual_mailbox_base = /
virtual_uid_maps = mysql:/etc/postfix/ids.cf
virtual_gid_maps = mysql:/etc/postfix/gids.cf
virtual_mailbox_maps = mysql:/etc/postfix/mysql_virt.cf
local_transport = virtual
program_directory = /usr/lib/postfix
smtpd_sasl_auth_enable = yes
#smtpd_sasl_password_maps = mysql:/etc/postfix/mysql_smtp.cf
broken_sasl_auth_client = yes
unknown_local_recipient_reject_code = 550
smtpd_recipient_restrictions =
permit_sasl_authenticated,
# permit_mynetwork,
reject_unauth_destination
#La siguiente linea es hacer pasar los correos por el clamav
content_filter = smtp-amavis:[127.0.0.1]:10024
turx:/etc/postfix#
============================================
Acerca de mi base:
bd:mail
usuario:postfix
clave:postfix
tabla de usuarios: passwd
Les pego una consulta para mostrar la forma de mi tabla:
>select * from passwd;
| id | clear | name | uid | gid | home | maildir
|
+-------------------+---------+-----------+------+-----+------+------------------------------------+
| alejandro en turx.tc | abigail | ale vilte | 1002 | 8 | / |
/var/spool/mail/alejandro/Maildir/ |
============================================
#cat mysql_virt.cf
user=postfix
password=postfix
dbname=mail
table=passwd
select_field=maildir
where_field=id
hosts=unix:mysqld.sock
===============================================
Mi master.cf
turx:/etc/postfix# cat master.cf |grep -v \#
smtp inet n - - - - smtpd
-o content_filter=filter:
pickup fifo n - - 60 1 pickup
cleanup unix n - - - 0 cleanup
qmgr fifo n - - 300 1 qmgr
rewrite unix - - - - - trivial-rewrite
bounce unix - - - - 0 bounce
defer unix - - - - 0 bounce
trace unix - - - - 0 bounce
verify unix - - - - 1 verify
flush unix n - - 1000? 0 flush
proxymap unix - - n - - proxymap
smtp unix - - - - - smtp
relay unix - - - - - smtp
showq unix n - - - - showq
error unix - - - - - error
local unix - n n - - local
virtual unix - n n - - virtual
lmtp unix - - n - - lmtp
anvil unix - - n - 1 anvil
maildrop unix - n n - - pipe
flags=DRhu user=vmail argv=/usr/local/bin/maildrop -d ${recipient}
uucp unix - n n - - pipe
flags=Fqhu user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail
($recipient)
ifmail unix - n n - - pipe
flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient)
bsmtp unix - n n - - pipe
flags=Fq. user=bsmtp argv=/usr/lib/bsmtp/bsmtp -d -t$nexthop -f$sender
$recipient
scalemail-backend unix - n n - 2 pipe
flags=R user=scalemail argv=/usr/lib/scalemail/bin/scalemail-store
${nexthop}${user} ${extension}
smtp-amavis unix - - n - 2 smtp
-o smtp_data_done_timeout=1200
-o smtp_send_xforward_command=yes
-o disable_dns_lookups=yes
127.0.0.1:10025 inet n - n - - smtpd
-o content_filter=
-o local_recipient_maps=
-o relay_recipient_maps=
-o smtpd_restriction_classes=
turx:/etc/postfix# cat master.cf |grep -v \#
smtp inet n - - - - smtpd
-o content_filter=filter:
pickup fifo n - - 60 1 pickup
cleanup unix n - - - 0 cleanup
qmgr fifo n - - 300 1 qmgr
rewrite unix - - - - - trivial-rewrite
bounce unix - - - - 0 bounce
defer unix - - - - 0 bounce
trace unix - - - - 0 bounce
verify unix - - - - 1 verify
flush unix n - - 1000? 0 flush
proxymap unix - - n - - proxymap
smtp unix - - - - - smtp
relay unix - - - - - smtp
showq unix n - - - - showq
error unix - - - - - error
local unix - n n - - local
virtual unix - n n - - virtual
lmtp unix - - n - - lmtp
anvil unix - - n - 1 anvil
maildrop unix - n n - - pipe
flags=DRhu user=vmail argv=/usr/local/bin/maildrop -d ${recipient}
uucp unix - n n - - pipe
flags=Fqhu user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail
($recipient)
ifmail unix - n n - - pipe
flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient)
bsmtp unix - n n - - pipe
flags=Fq. user=bsmtp argv=/usr/lib/bsmtp/bsmtp -d -t$nexthop -f$sender
$recipient
scalemail-backend unix - n n - 2 pipe
flags=R user=scalemail argv=/usr/lib/scalemail/bin/scalemail-store
${nexthop}${user} ${extension}
smtp-amavis unix - - n - 2 smtp
-o smtp_data_done_timeout=1200
-o smtp_send_xforward_command=yes
-o disable_dns_lookups=yes
127.0.0.1:10025 inet n - n - - smtpd
-o content_filter=
-o local_recipient_maps=
-o relay_recipient_maps=
-o smtpd_restriction_classes=
-o smtpd_client_restrictions=
-o smtpd_helo_restrictions=
-o smtpd_sender_restrictions=
-o smtpd_recipient_restrictions=permit_mynetworks,reject
-o mynetworks=127.0.0.0/8
-o strict_rfc821_envelopes=yes
-o smtpd_error_sleep_time=0
-o smtpd_soft_error_limit=1001
-o smtpd_hard_error_limit=1000
filter unix - n n - - pipe
flags=R user=filter argv=/home/bogofilter/postfix-filter.sh -f
${sender} -- ${recipient}
turx:/etc/postfix#
=========================================================
Segun lo que vi en algunos instructivos, con sals 2.1.19x, puedo
autenticar con sasauthd, auxprox. No me quedo muy en claro exactamente
cada uno, por lo que + o - comprendi que con sasldb y auxprop (version
nueva de sals) puedo autenticar contra una bd /etc/salsdb o /etc/salsdb2.
Y con salauthd, puedo autenticar a traves de saslautd de courier con una
cuenta local del linux a traves de PAM. En definitiva, no quiero
autenticar utilizando una cuenta local de mi equipo ni tampoco a traves de
la BD de sasl. Sino contra la bd del mysql. He realizado los siguientes
intentos y no me funciono:
===============
PRUEBA 1
turx:/etc/postfix/sasl# cat smtpd.conf
mysql_user: postfix
mysql_passwd: postfix
mysql_hostnames: localhost
mysql_database: mail
mysql_statement: select clear from passwd id='%u@%r'
pwcheck_method: auxprop
LOGS 1 ========================
Jul 4 17:28:57 turx postfix/smtpd[15501]: warning: SASL authentication
failure: no secret in database
Jul 4 17:28:57 turx postfix/smtpd[15501]: warning:
sts0010.vans.org[10.1.1.16]: SASL NTLM authentication failed
Jul 4 17:29:30 turx postfix/smtpd[15501]: warning: SASL authentication
problem: unable to open Berkeley db /etc/sasldb2: No such file or
directory
Jul 4 17:29:30 turx postfix/smtpd[15501]: warning: SASL authentication
failure: no secret in database
Jul 4 17:29:30 turx postfix/smtpd[15501]: warning:
sts0010.vans.org[10.1.1.16]: SASL NTLM authentication failed
Jul 4 17:29:41 turx postfix/smtpd[15501]: warning: SASL authentication
problem: unable to open Berkeley db /etc/sasldb2: No such file or
directory
Jul 4 17:29:41 turx postfix/smtpd[15501]: warning: SASL authentication
failure: no secret in database
Jul 4 17:29:41 turx postfix/smtpd[15501]: warning:
sts0010.vans.org[10.1.1.16]: SASL NTLM authentication failed
Jul 4 17:29:42 turx postfix/smtpd[15501]: warning:
sts0010.vans.org[10.1.1.16]: SASL NTLM authentication failed
Jul 4 17:29:42 turx postfix/smtpd[15501]: warning: SASL authentication
problem: unable to open Berkeley db /etc/sasldb2: No such file or
directory
Jul 4 17:29:42 turx last message repeated 2 times
Jul 4 17:29:42 turx postfix/smtpd[15501]: warning:
sts0010.vans.org[10.1.1.16]: SASL LOGINauthentication failed
Jul 4 17:29:42 turx postfix/smtpd[15501]: lost connection after AUTH from
sts0010.vans.org[10.1.1.16]
Jul 4 17:29:42 turx postfix/smtpd[15501]: disconnect from
sts0010.vans.org[10.1.1.16]
Jul 4 17:29:50 turx postfix/smtpd[15501]: connect from
sts0010.vans.org[10.1.1.16]
Jul 4 17:29:50 turx postfix/smtpd[15501]: warning: SASL authentication
problem: unable to open Berkeley db /etc/sasldb2: No such file or
directory
Jul 4 17:29:50 turx postfix/smtpd[15501]: warning: SASL authentication
problem: unable to open Berkeley db /etc/sasldb2: No such file or
directory
Jul 4 17:29:50 turx postfix/smtpd[15501]: warning:
sts0010.vans.org[10.1.1.16]: SASL LOGINauthentication failed
Jul 4 17:29:50 turx postfix/smtpd[15501]: lost connection after AUTH from
sts0010.vans.org[10.1.1.16]
Jul 4 17:29:50 turx postfix/smtpd[15501]: disconnect from
sts0010.vans.org[10.1.1.16]
=========================================================================================================
=========================================================================================================
PRUEBA 2
turx:/etc/postfix/sasl# cat smtpd.conf
pwcheck_method: auxprop
auxprop_plugin: sql
sql_engine: mysql
mech_list: sql plain login
sql_hostnames: 127.0.0.1
sql_user: postfix
sql_passwd: postfix
sql_database: mail
sql_statement: select clear from passwd where id = '%u@%r'
sql_verbose: yes
LOGS 2==========================================
Jul 4 17:34:25 turx postfix/master[15614]: daemon started -- version 2.1.5
Jul 4 17:34:46 turx postfix/smtpd[15618]: connect from
sts0010.vans.org[10.1.1.16]
Jul 4 17:34:46 turx postfix/smtpd[15618]: warning:
sts0010.vans.org[10.1.1.16]: SASL LOGINauthentication failed
Jul 4 17:34:46 turx postfix/smtpd[15618]: lost connection after AUTH from
sts0010.vans.org[10.1.1.16]
Jul 4 17:34:46 turx postfix/smtpd[15618]: disconnect from
sts0010.vans.org[10.1.1.16]
Jul 4 17:34:57 turx postfix/smtpd[15618]: connect from
sts0010.vans.org[10.1.1.16]
Jul 4 17:34:57 turx postfix/smtpd[15618]: warning:
sts0010.vans.org[10.1.1.16]: SASL LOGINauthentication failed
Jul 4 17:34:57 turx postfix/smtpd[15618]: lost connection after AUTH from
sts0010.vans.org[10.1.1.16]
Jul 4 17:34:57 turx postfix/smtpd[15618]: disconnect from
sts0010.vans.org[10.1.1.16]
Jul 4 17:35:21 turx postfix/smtpd[15618]: connect from
sts0010.vans.org[10.1.1.16]
Jul 4 17:35:21 turx postfix/smtpd[15618]: warning:
sts0010.vans.org[10.1.1.16]: SASL LOGINauthentication failed
Jul 4 17:35:21 turx postfix/smtpd[15618]: lost connection after AUTH from
sts0010.vans.org[10.1.1.16]
Jul 4 17:35:21 turx postfix/smtpd[15618]: disconnect from
sts0010.vans.org[10.1.1.16]
============================================================================================================
=========================================================================================================
PRUEBA 3
turx:/etc/postfix/sasl# cat smtpd.conf
pwcheck_method: auxprop
auxprop_plugin: sql
mech_list: plain login
sql_engine: mysql
sql_hostnames: 127.0.0.1
sql_user: postfix
sql_passwd: postfix
sql_database: mail
sql_statement: select clear from passwd where id = '%u@%r'
LOGS 3==========================================
Jul 4 17:37:55 turx postfix/smtpd[15744]: connect from
sts0010.vans.org[10.1.1.16]
Jul 4 17:37:55 turx postfix/smtpd[15744]: warning:
sts0010.vans.org[10.1.1.16]: SASL LOGINauthentication failed
Jul 4 17:37:55 turx postfix/smtpd[15744]: lost connection after AUTH from
sts0010.vans.org[10.1.1.16]
Jul 4 17:37:55 turx postfix/smtpd[15744]: disconnect from
sts0010.vans.org[10.1.1.16]
Jul 4 17:37:59 turx postfix/smtpd[15744]: connect from
sts0010.vans.org[10.1.1.16]
Jul 4 17:37:59 turx postfix/smtpd[15744]: warning:
sts0010.vans.org[10.1.1.16]: SASL LOGINauthentication failed
Jul 4 17:37:59 turx postfix/smtpd[15744]: lost connection after AUTH from
sts0010.vans.org[10.1.1.16]
Jul 4 17:37:59 turx postfix/smtpd[15744]: disconnect from
sts0010.vans.org[10.1.1.16]
Jul 4 17:38:14 turx postfix/smtpd[15744]: connect from
sts0010.vans.org[10.1.1.16]
Jul 4 17:38:14 turx postfix/smtpd[15744]: warning:
sts0010.vans.org[10.1.1.16]: SASL LOGINauthentication failed
Jul 4 17:38:14 turx postfix/smtpd[15744]: lost connection after AUTH from
sts0010.vans.org[10.1.1.16]
Jul 4 17:38:14 turx postfix/smtpd[15744]: disconnect from
sts0010.vans.org[10.1.1.16]
============================================================================================================
Y otras pruebas que no fui tomando control. Habilite para que me muestre
los query que realiza el mysql. Pero cuando envio un correo en ningun
momento veo una consulta del usuario que envia un correo. Si la veo cuando
me autentico via POP o IMAP.
Alguien puede ayudarme... Perdon si fui extenso, trate de pasar todos los
datos que creo que hacen falta para ver, pero ya me tiene la moral casi
por el piso ver que no funciona ni pa' trás-
Muchas Gracias.
Vilte, Alejandro.
Longchamps.
Argentina.
Más información sobre la lista de distribución Postfix-es