[Postfix-es] postfix + sals con mysql
Arnau Bria Ramírez
arnau en emergetux.net
Mar Jul 5 08:31:41 CEST 2005
Buenas,
yo monté algo parecido siguiendo el siguiente manual:
http://www.gentoo.org/doc/en/virt-mail-howto.xml
Échale un ojo, tal vez veas algo que te devuelva al camino!
salu2
El Mon, 4 Jul 2005 16:46:47 -0500 (CDT)
linux en derechoalgrano.com.ar linux en derechoalgrano.com.ar dijo:
> Hola lista. LLego como apelando a uno de los último recursos. Vuestra
> ayuda. Hace 3 días, que vengo peleando con Postfix para lograr que
> autentique mediante SASL contra una bd en mysql. Busque ejemplos , lei
> SASL.README.gz, ejemplos, etc. Pero no logre que funcione la autenticación
> smtp.
>
> Actualmente me funciona: Postfix 2.1.5.9 + amavis (20030616p10-5) +
> clamav (0.84-2) + bogofilter, pero no logre que funcione la autenticación
> SMTP con SALS.
>
> Tengo instalado:
> Debian Sarge:
> ii postfix 2.1.5-9
> ii postfix-doc 2.1.5-9
> ii postfix-mysql 2.1.5-9
> ii postfix-tls 2.1.5-9
> ii libsasl2 2.1.19-1.5
> ii libsasl2-modul 2.1.19-1.5
> ii libsasl2-modules-sql 2.1.19-1.5
>
> Mi main.cf
> ======================================
> turx:/etc/postfix# cat main.cf
> command_directory = /usr/sbin
> daemon_directory = /usr/lib/postfix
> program_directory = /usr/lib/postfix
> smtpd_banner = TuRx ESMTP $mail_name (Debian/GNU)
> setgid_group = postdrop
> biff = no
> local_recipient_maps = $virtual_mailbox_maps
> myhostname = tucx
> alias_maps = hash:/etc/aliases
> alias_database = hash:/etc/aliases
> myorigin = $myhostname
> mydestination = turx.tc, turx
> relay_domains = $mydestination
> relayhost =
> mynetworks = 127.0.0.0/8
> mailbox_size_limit = 0
> recipient_delimiter = +
> queue_directory = /var/spool/postfix
> mail_owner = postfix
> mydomain = turx.tc
>
> home_mailbox = /Maildir/
> mail_spool_directory = /var/spool/mail/
> relay_domains = $mydestination
> local_destination_concurrency_limit = 2
> default_destination_concurrency_limit = 10
> debug_peer_level = 2
>
> virtual_mailbox_base = /
> virtual_uid_maps = mysql:/etc/postfix/ids.cf
> virtual_gid_maps = mysql:/etc/postfix/gids.cf
> virtual_mailbox_maps = mysql:/etc/postfix/mysql_virt.cf
> local_transport = virtual
> program_directory = /usr/lib/postfix
>
> smtpd_sasl_auth_enable = yes
> #smtpd_sasl_password_maps = mysql:/etc/postfix/mysql_smtp.cf
> broken_sasl_auth_client = yes
> unknown_local_recipient_reject_code = 550
>
> smtpd_recipient_restrictions =
> permit_sasl_authenticated,
> # permit_mynetwork,
> reject_unauth_destination
> #La siguiente linea es hacer pasar los correos por el clamav
> content_filter = smtp-amavis:[127.0.0.1]:10024
>
> turx:/etc/postfix#
> ============================================
> Acerca de mi base:
> bd:mail
> usuario:postfix
> clave:postfix
> tabla de usuarios: passwd
>
> Les pego una consulta para mostrar la forma de mi tabla:
> >select * from passwd;
>
> | id | clear | name | uid | gid | home | maildir
> |
>
+-------------------+---------+-----------+------+-----+------+----------------
--------------------+
> | alejandro en turx.tc | abigail | ale vilte | 1002 | 8 | / |
> /var/spool/mail/alejandro/Maildir/ |
> ============================================
> #cat mysql_virt.cf
> user=postfix
> password=postfix
> dbname=mail
> table=passwd
> select_field=maildir
> where_field=id
> hosts=unix:mysqld.sock
> ===============================================
> Mi master.cf
> turx:/etc/postfix# cat master.cf |grep -v \#
> smtp inet n - - - - smtpd
> -o content_filter=filter:
> pickup fifo n - - 60 1 pickup
> cleanup unix n - - - 0 cleanup
> qmgr fifo n - - 300 1 qmgr
> rewrite unix - - - - - trivial-rewrite
> bounce unix - - - - 0 bounce
> defer unix - - - - 0 bounce
> trace unix - - - - 0 bounce
> verify unix - - - - 1 verify
> flush unix n - - 1000? 0 flush
> proxymap unix - - n - - proxymap
> smtp unix - - - - - smtp
> relay unix - - - - - smtp
> showq unix n - - - - showq
> error unix - - - - - error
> local unix - n n - - local
> virtual unix - n n - - virtual
> lmtp unix - - n - - lmtp
> anvil unix - - n - 1 anvil
> maildrop unix - n n - - pipe
> flags=DRhu user=vmail argv=/usr/local/bin/maildrop -d ${recipient}
> uucp unix - n n - - pipe
> flags=Fqhu user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail
> ($recipient)
> ifmail unix - n n - - pipe
> flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient)
> bsmtp unix - n n - - pipe
> flags=Fq. user=bsmtp argv=/usr/lib/bsmtp/bsmtp -d -t$nexthop -f$sender
> $recipient
> scalemail-backend unix - n n - 2 pipe
> flags=R user=scalemail argv=/usr/lib/scalemail/bin/scalemail-store
> ${nexthop}${user} ${extension}
>
>
>
> smtp-amavis unix - - n - 2 smtp
> -o smtp_data_done_timeout=1200
> -o smtp_send_xforward_command=yes
> -o disable_dns_lookups=yes
>
> 127.0.0.1:10025 inet n - n - - smtpd
> -o content_filter=
> -o local_recipient_maps=
> -o relay_recipient_maps=
> -o smtpd_restriction_classes=
> turx:/etc/postfix# cat master.cf |grep -v \#
> smtp inet n - - - - smtpd
> -o content_filter=filter:
> pickup fifo n - - 60 1 pickup
> cleanup unix n - - - 0 cleanup
> qmgr fifo n - - 300 1 qmgr
> rewrite unix - - - - - trivial-rewrite
> bounce unix - - - - 0 bounce
> defer unix - - - - 0 bounce
> trace unix - - - - 0 bounce
> verify unix - - - - 1 verify
> flush unix n - - 1000? 0 flush
> proxymap unix - - n - - proxymap
> smtp unix - - - - - smtp
> relay unix - - - - - smtp
> showq unix n - - - - showq
> error unix - - - - - error
> local unix - n n - - local
> virtual unix - n n - - virtual
> lmtp unix - - n - - lmtp
> anvil unix - - n - 1 anvil
> maildrop unix - n n - - pipe
> flags=DRhu user=vmail argv=/usr/local/bin/maildrop -d ${recipient}
> uucp unix - n n - - pipe
> flags=Fqhu user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail
> ($recipient)
> ifmail unix - n n - - pipe
> flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient)
> bsmtp unix - n n - - pipe
> flags=Fq. user=bsmtp argv=/usr/lib/bsmtp/bsmtp -d -t$nexthop -f$sender
> $recipient
> scalemail-backend unix - n n - 2 pipe
> flags=R user=scalemail argv=/usr/lib/scalemail/bin/scalemail-store
> ${nexthop}${user} ${extension}
>
>
>
> smtp-amavis unix - - n - 2 smtp
> -o smtp_data_done_timeout=1200
> -o smtp_send_xforward_command=yes
> -o disable_dns_lookups=yes
>
> 127.0.0.1:10025 inet n - n - - smtpd
> -o content_filter=
> -o local_recipient_maps=
> -o relay_recipient_maps=
> -o smtpd_restriction_classes=
> -o smtpd_client_restrictions=
> -o smtpd_helo_restrictions=
> -o smtpd_sender_restrictions=
> -o smtpd_recipient_restrictions=permit_mynetworks,reject
> -o mynetworks=127.0.0.0/8
> -o strict_rfc821_envelopes=yes
> -o smtpd_error_sleep_time=0
> -o smtpd_soft_error_limit=1001
> -o smtpd_hard_error_limit=1000
>
> filter unix - n n - - pipe
> flags=R user=filter argv=/home/bogofilter/postfix-filter.sh -f
> ${sender} -- ${recipient}
> turx:/etc/postfix#
> =========================================================
>
> Segun lo que vi en algunos instructivos, con sals 2.1.19x, puedo
> autenticar con sasauthd, auxprox. No me quedo muy en claro exactamente
> cada uno, por lo que + o - comprendi que con sasldb y auxprop (version
> nueva de sals) puedo autenticar contra una bd /etc/salsdb o /etc/salsdb2.
> Y con salauthd, puedo autenticar a traves de saslautd de courier con una
> cuenta local del linux a traves de PAM. En definitiva, no quiero
> autenticar utilizando una cuenta local de mi equipo ni tampoco a traves de
> la BD de sasl. Sino contra la bd del mysql. He realizado los siguientes
> intentos y no me funciono:
>
> ===============
> PRUEBA 1
> turx:/etc/postfix/sasl# cat smtpd.conf
> mysql_user: postfix
> mysql_passwd: postfix
> mysql_hostnames: localhost
> mysql_database: mail
> mysql_statement: select clear from passwd id='%u@%r'
> pwcheck_method: auxprop
>
> LOGS 1 ========================
> Jul 4 17:28:57 turx postfix/smtpd[15501]: warning: SASL authentication
> failure: no secret in database
> Jul 4 17:28:57 turx postfix/smtpd[15501]: warning:
> sts0010.vans.org[10.1.1.16]: SASL NTLM authentication failed
> Jul 4 17:29:30 turx postfix/smtpd[15501]: warning: SASL authentication
> problem: unable to open Berkeley db /etc/sasldb2: No such file or
> directory
> Jul 4 17:29:30 turx postfix/smtpd[15501]: warning: SASL authentication
> failure: no secret in database
> Jul 4 17:29:30 turx postfix/smtpd[15501]: warning:
> sts0010.vans.org[10.1.1.16]: SASL NTLM authentication failed
> Jul 4 17:29:41 turx postfix/smtpd[15501]: warning: SASL authentication
> problem: unable to open Berkeley db /etc/sasldb2: No such file or
> directory
> Jul 4 17:29:41 turx postfix/smtpd[15501]: warning: SASL authentication
> failure: no secret in database
> Jul 4 17:29:41 turx postfix/smtpd[15501]: warning:
> sts0010.vans.org[10.1.1.16]: SASL NTLM authentication failed
> Jul 4 17:29:42 turx postfix/smtpd[15501]: warning:
> sts0010.vans.org[10.1.1.16]: SASL NTLM authentication failed
> Jul 4 17:29:42 turx postfix/smtpd[15501]: warning: SASL authentication
> problem: unable to open Berkeley db /etc/sasldb2: No such file or
> directory
> Jul 4 17:29:42 turx last message repeated 2 times
> Jul 4 17:29:42 turx postfix/smtpd[15501]: warning:
> sts0010.vans.org[10.1.1.16]: SASL LOGINauthentication failed
> Jul 4 17:29:42 turx postfix/smtpd[15501]: lost connection after AUTH from
> sts0010.vans.org[10.1.1.16]
> Jul 4 17:29:42 turx postfix/smtpd[15501]: disconnect from
> sts0010.vans.org[10.1.1.16]
> Jul 4 17:29:50 turx postfix/smtpd[15501]: connect from
> sts0010.vans.org[10.1.1.16]
> Jul 4 17:29:50 turx postfix/smtpd[15501]: warning: SASL authentication
> problem: unable to open Berkeley db /etc/sasldb2: No such file or
> directory
> Jul 4 17:29:50 turx postfix/smtpd[15501]: warning: SASL authentication
> problem: unable to open Berkeley db /etc/sasldb2: No such file or
> directory
> Jul 4 17:29:50 turx postfix/smtpd[15501]: warning:
> sts0010.vans.org[10.1.1.16]: SASL LOGINauthentication failed
> Jul 4 17:29:50 turx postfix/smtpd[15501]: lost connection after AUTH from
> sts0010.vans.org[10.1.1.16]
> Jul 4 17:29:50 turx postfix/smtpd[15501]: disconnect from
> sts0010.vans.org[10.1.1.16]
>
===============================================================================
==========================
>
===============================================================================
==========================
> PRUEBA 2
> turx:/etc/postfix/sasl# cat smtpd.conf
> pwcheck_method: auxprop
> auxprop_plugin: sql
> sql_engine: mysql
> mech_list: sql plain login
> sql_hostnames: 127.0.0.1
> sql_user: postfix
> sql_passwd: postfix
> sql_database: mail
> sql_statement: select clear from passwd where id = '%u@%r'
> sql_verbose: yes
> LOGS 2==========================================
>
> Jul 4 17:34:25 turx postfix/master[15614]: daemon started -- version 2.1.5
> Jul 4 17:34:46 turx postfix/smtpd[15618]: connect from
> sts0010.vans.org[10.1.1.16]
> Jul 4 17:34:46 turx postfix/smtpd[15618]: warning:
> sts0010.vans.org[10.1.1.16]: SASL LOGINauthentication failed
> Jul 4 17:34:46 turx postfix/smtpd[15618]: lost connection after AUTH from
> sts0010.vans.org[10.1.1.16]
> Jul 4 17:34:46 turx postfix/smtpd[15618]: disconnect from
> sts0010.vans.org[10.1.1.16]
> Jul 4 17:34:57 turx postfix/smtpd[15618]: connect from
> sts0010.vans.org[10.1.1.16]
> Jul 4 17:34:57 turx postfix/smtpd[15618]: warning:
> sts0010.vans.org[10.1.1.16]: SASL LOGINauthentication failed
> Jul 4 17:34:57 turx postfix/smtpd[15618]: lost connection after AUTH from
> sts0010.vans.org[10.1.1.16]
> Jul 4 17:34:57 turx postfix/smtpd[15618]: disconnect from
> sts0010.vans.org[10.1.1.16]
> Jul 4 17:35:21 turx postfix/smtpd[15618]: connect from
> sts0010.vans.org[10.1.1.16]
> Jul 4 17:35:21 turx postfix/smtpd[15618]: warning:
> sts0010.vans.org[10.1.1.16]: SASL LOGINauthentication failed
> Jul 4 17:35:21 turx postfix/smtpd[15618]: lost connection after AUTH from
> sts0010.vans.org[10.1.1.16]
> Jul 4 17:35:21 turx postfix/smtpd[15618]: disconnect from
> sts0010.vans.org[10.1.1.16]
>
===============================================================================
=============================
>
===============================================================================
==========================
> PRUEBA 3
> turx:/etc/postfix/sasl# cat smtpd.conf
> pwcheck_method: auxprop
> auxprop_plugin: sql
> mech_list: plain login
> sql_engine: mysql
> sql_hostnames: 127.0.0.1
> sql_user: postfix
> sql_passwd: postfix
> sql_database: mail
> sql_statement: select clear from passwd where id = '%u@%r'
>
>
> LOGS 3==========================================
> Jul 4 17:37:55 turx postfix/smtpd[15744]: connect from
> sts0010.vans.org[10.1.1.16]
> Jul 4 17:37:55 turx postfix/smtpd[15744]: warning:
> sts0010.vans.org[10.1.1.16]: SASL LOGINauthentication failed
> Jul 4 17:37:55 turx postfix/smtpd[15744]: lost connection after AUTH from
> sts0010.vans.org[10.1.1.16]
> Jul 4 17:37:55 turx postfix/smtpd[15744]: disconnect from
> sts0010.vans.org[10.1.1.16]
> Jul 4 17:37:59 turx postfix/smtpd[15744]: connect from
> sts0010.vans.org[10.1.1.16]
> Jul 4 17:37:59 turx postfix/smtpd[15744]: warning:
> sts0010.vans.org[10.1.1.16]: SASL LOGINauthentication failed
> Jul 4 17:37:59 turx postfix/smtpd[15744]: lost connection after AUTH from
> sts0010.vans.org[10.1.1.16]
> Jul 4 17:37:59 turx postfix/smtpd[15744]: disconnect from
> sts0010.vans.org[10.1.1.16]
> Jul 4 17:38:14 turx postfix/smtpd[15744]: connect from
> sts0010.vans.org[10.1.1.16]
> Jul 4 17:38:14 turx postfix/smtpd[15744]: warning:
> sts0010.vans.org[10.1.1.16]: SASL LOGINauthentication failed
> Jul 4 17:38:14 turx postfix/smtpd[15744]: lost connection after AUTH from
> sts0010.vans.org[10.1.1.16]
> Jul 4 17:38:14 turx postfix/smtpd[15744]: disconnect from
> sts0010.vans.org[10.1.1.16]
>
===============================================================================
=============================
>
> Y otras pruebas que no fui tomando control. Habilite para que me muestre
> los query que realiza el mysql. Pero cuando envio un correo en ningun
> momento veo una consulta del usuario que envia un correo. Si la veo cuando
> me autentico via POP o IMAP.
> Alguien puede ayudarme... Perdon si fui extenso, trate de pasar todos los
> datos que creo que hacen falta para ver, pero ya me tiene la moral casi
> por el piso ver que no funciona ni pa' trás-
>
> Muchas Gracias.
>
> Vilte, Alejandro.
> Longchamps.
> Argentina.
>
>
>
> _______________________________________________
> List de correo Postfix-es
> Postfix-es en lists.wl0.org
> http://lists.wl0.org/mailman/listinfo/postfix-es
--
Arnau Bria
Más información sobre la lista de distribución Postfix-es