postfix mit sasl/auxprop: SASL authentication failure: Password verificati

softice

Mitglied
Hallo Leute!
Ich habe einen root server, über den sollen mehrere Domains verwaltet werden. Nun bin ich bin ein Anfänger, was Mailserver angeht, jedoch habe ich mir das Postfix Buch gekauft und mehrmals durchgelesen und parallel dazu den Server aufgesetzt.
Nun dachte ich mir, dass aus Sicherheitsgründen die Postfächer virtuell sein sollten. Bevor ich allerdings die Schnittstelle zum cyrus imapd herstellen will, möchte ich erst mal das smtp auth hinbekommen. Die Benutzerdaten sind in einer Datenbank hinterlegt, der postfix user kann auch auf die db und die Einträge zugreifen. Wenn ich mich verbinde, sagt der mir allerdings immer, dass das Zugangspasswort falsch ist. Ich poste mal den Print von saslfinger, und die Fehlermeldung, vielleicht kann mir ja jemand tipps geben!

saslfinger - postfix Cyrus sasl configuration Sa 8. Dez 20:58:32 CET 2007
version: 1.0.5
mode: server-side SMTP AUTH

-- basics --
Postfix: 2.4.5
System: Ubuntu 7.10 \n \l

-- smtpd is linked to --
libsasl2.so.2 => /usr/lib/libsasl2.so.2 (0xb7d1e000)

-- active SMTP AUTH and TLS parameters for smtpd --
broken_sasl_auth_clients = yes
smtpd_sasl_auth_enable = yes
smtpd_sasl_local_domain = $myhostname
smtpd_sasl_security_options = noanonymous


-- listing of /usr/lib/sasl2 --
total 792
drwxr-xr-x 2 root root 4096 2007-12-04 21:51 .
drwxr-xr-x 50 root root 12288 2007-12-08 20:56 ..
-rw-r--r-- 1 root root 13640 2007-10-02 15:58 libanonymous.a
-rw-r--r-- 1 root root 862 2007-10-02 15:58 libanonymous.la
-rw-r--r-- 1 root root 13208 2007-10-02 15:58 libanonymous.so
-rw-r--r-- 1 root root 13208 2007-10-02 15:58 libanonymous.so.2
-rw-r--r-- 1 root root 13208 2007-10-02 15:58 libanonymous.so.2.0.22
-rw-r--r-- 1 root root 15974 2007-10-02 15:58 libcrammd5.a
-rw-r--r-- 1 root root 848 2007-10-02 15:58 libcrammd5.la
-rw-r--r-- 1 root root 15672 2007-10-02 15:58 libcrammd5.so
-rw-r--r-- 1 root root 15672 2007-10-02 15:58 libcrammd5.so.2
-rw-r--r-- 1 root root 15672 2007-10-02 15:58 libcrammd5.so.2.0.22
-rw-r--r-- 1 root root 47348 2007-10-02 15:58 libdigestmd5.a
-rw-r--r-- 1 root root 871 2007-10-02 15:58 libdigestmd5.la
-rw-r--r-- 1 root root 43916 2007-10-02 15:58 libdigestmd5.so
-rw-r--r-- 1 root root 43916 2007-10-02 15:58 libdigestmd5.so.2
-rw-r--r-- 1 root root 43916 2007-10-02 15:58 libdigestmd5.so.2.0.22
-rw-r--r-- 1 root root 13650 2007-10-02 15:58 liblogin.a
-rw-r--r-- 1 root root 842 2007-10-02 15:58 liblogin.la
-rw-r--r-- 1 root root 14036 2007-10-02 15:58 liblogin.so
-rw-r--r-- 1 root root 14036 2007-10-02 15:58 liblogin.so.2
-rw-r--r-- 1 root root 14036 2007-10-02 15:58 liblogin.so.2.0.22
-rw-r--r-- 1 root root 30516 2007-10-02 15:58 libntlm.a
-rw-r--r-- 1 root root 836 2007-10-02 15:58 libntlm.la
-rw-r--r-- 1 root root 29876 2007-10-02 15:58 libntlm.so
-rw-r--r-- 1 root root 29876 2007-10-02 15:58 libntlm.so.2
-rw-r--r-- 1 root root 29876 2007-10-02 15:58 libntlm.so.2.0.22
-rw-r--r-- 1 root root 13938 2007-10-02 15:58 libplain.a
-rw-r--r-- 1 root root 842 2007-10-02 15:58 libplain.la
-rw-r--r-- 1 root root 14036 2007-10-02 15:58 libplain.so
-rw-r--r-- 1 root root 14036 2007-10-02 15:58 libplain.so.2
-rw-r--r-- 1 root root 14036 2007-10-02 15:58 libplain.so.2.0.22
-rw-r--r-- 1 root root 22150 2007-10-02 15:58 libsasldb.a
-rw-r--r-- 1 root root 863 2007-10-02 15:58 libsasldb.la
-rw-r--r-- 1 root root 18356 2007-10-02 15:58 libsasldb.so
-rw-r--r-- 1 root root 18356 2007-10-02 15:58 libsasldb.so.2
-rw-r--r-- 1 root root 18356 2007-10-02 15:58 libsasldb.so.2.0.22
-rw-r--r-- 1 root root 23812 2007-10-02 15:58 libsql.a
-rw-r--r-- 1 root root 971 2007-10-02 15:58 libsql.la
-rw-r--r-- 1 root root 23352 2007-10-02 15:58 libsql.so
-rw-r--r-- 1 root root 23352 2007-10-02 15:58 libsql.so.2
-rw-r--r-- 1 root root 23352 2007-10-02 15:58 libsql.so.2.0.22

-- listing of /etc/postfix/sasl --
total 12
drwxr-xr-x 2 root root 4096 2007-12-08 20:52 .
drwxr-xr-x 4 root root 4096 2007-12-08 20:55 ..
-rw-r--r-- 1 root root 390 2007-12-08 20:25 smtpd.conf




-- content of /etc/postfix/sasl/smtpd.conf --
log_level: 7
pwcheck_method: auxprop
#neu:
auxprop_plugin: sql
allowplaintext: yes
allowanonymouslogin: no
mech_list: PLAIN LOGIN
# LOGIN CRAM-MD5 DIGEST-MD5
sql_engine: mysql
sql_hostnames: localhost
sql_database: mail
sql_user: --- replaced ---
sql_passwd: --- replaced ---
sql_select: SELECT userpassword FROM virtual_users WHERE username = '%u'
#AND auth = '1' AND active = '1'
sql_usessl: no

-- content of /etc/postfix/sasl/smtpd.conf --
log_level: 7
pwcheck_method: auxprop
#neu:
auxprop_plugin: sql
allowplaintext: yes
allowanonymouslogin: no
mech_list: PLAIN LOGIN
# LOGIN CRAM-MD5 DIGEST-MD5
sql_engine: mysql
sql_hostnames: localhost
sql_database: mail
sql_user: --- replaced ---
sql_passwd: --- replaced ---
sql_select: SELECT userpassword FROM virtual_users WHERE username = '%u'
#AND auth = '1' AND active = '1'
sql_usessl: no


-- active services in /etc/postfix/master.cf --
# service type private unpriv chroot wakeup maxproc command + args
# (yes) (yes) (yes) (never) (100)
smtp inet n - - - - smtpd -v
pickup fifo n - - 60 1 pickup -v
cleanup unix n - - - 0 cleanup -v
qmgr fifo n - n 300 1 qmgr -v
tlsmgr unix - - - 1000? 1 tlsmgr -v
rewrite unix - - - - - trivial-rewrite -v
bounce unix - - - - 0 bounce -v
defer unix - - - - 0 bounce -v
trace unix - - - - 0 bounce -v
verify unix - - - - 1 verify -v
flush unix n - - 1000? 0 flush -v
proxymap unix - - n - - proxymap -v
smtp unix - - - - - smtp -v
relay unix - - - - - smtp -v
-o smtp_fallback_relay=
showq unix n - - - - showq -v
error unix - - - - - error -v
retry unix - - - - - error -v
discard unix - - - - - discard -v
local unix - n n - - local -v
virtual unix - n n - - virtual -v
lmtp unix - - - - - lmtp -v
anvil unix - - - - 1 anvil -v
scache unix - - - - 1 scache -v
maildrop unix - n n - - pipe
flags=DRhu user=vmail argv=/usr/bin/maildrop -d ${recipient}
uucp unix - n n - - pipe
flags=Fqhu user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail ($recipient)
ifmail unix - n n - - pipe
flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient)
bsmtp unix - n n - - pipe
flags=Fq. user=bsmtp argv=/usr/lib/bsmtp/bsmtp -t$nexthop -f$sender $recipient
scalemail-backend unix - n n - 2 pipe
flags=R user=scalemail argv=/usr/lib/scalemail/bin/scalemail-store ${nexthop} ${user} ${extension}
mailman unix - n n - - pipe
flags=FR user=list argv=/usr/lib/mailman/bin/postfix-to-mailman.py
${nexthop} ${user}

-- mechanisms on localhost --
250-AUTH PLAIN LOGIN
250-AUTH=PLAIN LOGIN


-- end of saslfinger output --

softice@noise:~$ saslfinger -s >out.put
softice@noise:~$ vim out.put
verify unix - - - - 1 verify -v
flush unix n - - 1000? 0 flush -v
proxymap unix - - n - - proxymap -v
smtp unix - - - - - smtp -v
relay unix - - - - - smtp -v
-o smtp_fallback_relay=
showq unix n - - - - showq -v
error unix - - - - - error -v
retry unix - - - - - error -v
discard unix - - - - - discard -v
local unix - n n - - local -v
virtual unix - n n - - virtual -v
lmtp unix - - - - - lmtp -v
anvil unix - - - - 1 anvil -v
scache unix - - - - 1 scache -v
maildrop unix - n n - - pipe
flags=DRhu user=vmail argv=/usr/bin/maildrop -d ${recipient}
uucp unix - n n - - pipe
flags=Fqhu user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail ($recipient)
ifmail unix - n n - - pipe
flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient)
bsmtp unix - n n - - pipe
flags=Fq. user=bsmtp argv=/usr/lib/bsmtp/bsmtp -t$nexthop -f$sender $recipient
scalemail-backend unix - n n - 2 pipe
flags=R user=scalemail argv=/usr/lib/scalemail/bin/scalemail-store ${nexthop} ${user} ${extension}
mailman unix - n n - - pipe
flags=FR user=list argv=/usr/lib/mailman/bin/postfix-to-mailman.py
${nexthop} ${user}

-- mechanisms on localhost --
250-AUTH PLAIN LOGIN^M
250-AUTH=PLAIN LOGIN^M


-- end of saslfinger output --







Auszug aus der main.cf:

# Debian specific: Specifying a file name will cause the first
# line of that file to be used as the name. The Debian default
# is /etc/mailname.
#myorigin = /etc/mailname

smtpd_banner = $myhostname ESMTP $mail_name
biff = no

# appending .domain is the MUA's job.
append_dot_mydomain = no

# Uncomment the next line to generate "delayed mail" warnings
#delay_warning_time = 4h

# TLS parameters kommt noch!
#smtpd_tls_cert_file=/etc/ssl/certs/ssl-cert-snakeoil.pem
#smtpd_tls_key_file=/etc/ssl/private/ssl-cert-snakeoil.key
#smtpd_use_tls=yes
#smtpd_tls_session_cache_database = btree:${queue_directory}/smtpd_scache
#smtp_tls_session_cache_database = btree:${queue_directory}/smtp_scache

# SASL parameters
#smtpd_sasl_path = smtpd
smtpd_sasl_application_name = smtpd
smtpd_sasl_auth_enable = yes
smtpd_sasl_security_options = noanonymous
broken_sasl_auth_clients = yes

# Realm (domain) festlegen, unter dem ein Benutzer ohne angegebenen Realm behandelt werden soll, map erstellen,z bsp mit sql, oder foo- domain angeben?
smtpd_sasl_local_domain = $myhostname

#Einschraenkungen
smtpd_helo_required = yes

# See /usr/share/doc/postfix/TLS_README.gz in the postfix-doc package for
# information on enabling SSL in the smtp client.
mydomain = localhost
myhostname = noise.domain1
myorigin = $mydomain
mydestination = noise.localhost
localhost
relayhost =
mynetworks = 127.0.0.0/8
mailbox_size_limit = 0
recipient_delimiter = +
inet_interfaces = all
address_verify_sender = postmaster@domain1
address_verify_negative_cache = no
#RESTRICTIONS
smtpd_recipient_restrictions =
.
permit_mynetworks,
permit_sasl_authenticated,
.
permit

smtpd_data_restrictions =
reject_multi_recipient_bounce

virtual_mailbox_base = /var/spool/virtual_mailboxes
virtual_mailbox_maps = mysql:/etc/postfix/sql/virtual_mailbox_recipients.cf
virtual_mailbox_domains = domain1
domain2
domain3
domain4
domain5
domain6
domain7
virtual_uid_maps = hash:/etc/postfix/virtual_mailbox_uid_map
virtual_gid_maps = $virtual_uid_maps
virtual_transport = virtual

Was im mail.log drinne steht ist leider nur folgendes, ich hab keine Ahnung, wie ich an mehr Infos kommen kann:

Dec 8 21:09:00 noise postfix/smtpd[4335]: < unknown[10.10.10.13]: EHLO [127.0.0.1]
Dec 8 21:09:00 noise postfix/smtpd[4335]: > unknown[10.10.10.13]: 250-!SERVERNAME!
Dec 8 21:09:00 noise postfix/smtpd[4335]: > unknown[10.10.10.13]: 250-PIPELINING
Dec 8 21:09:00 noise postfix/smtpd[4335]: > unknown[10.10.10.13]: 250-SIZE 10240000
Dec 8 21:09:00 noise postfix/smtpd[4335]: > unknown[10.10.10.13]: 250-VRFY
Dec 8 21:09:00 noise postfix/smtpd[4335]: > unknown[10.10.10.13]: 250-ETRN
Dec 8 21:09:00 noise postfix/smtpd[4335]: > unknown[10.10.10.13]: 250-AUTH PLAIN LOGIN
Dec 8 21:09:00 noise postfix/smtpd[4335]: match_list_match: unknown: no match
Dec 8 21:09:00 noise postfix/smtpd[4335]: match_list_match: 10.10.10.13: no match
Dec 8 21:09:00 noise postfix/smtpd[4335]: > unknown[10.10.10.13]: 250-AUTH=PLAIN LOGIN
Dec 8 21:09:00 noise postfix/smtpd[4335]: > unknown[10.10.10.13]: 250-ENHANCEDSTATUSCODES
Dec 8 21:09:00 noise postfix/smtpd[4335]: > unknown[10.10.10.13]: 250-8BITMIME
Dec 8 21:09:00 noise postfix/smtpd[4335]: > unknown[10.10.10.13]: 250 DSN
Dec 8 21:09:04 noise postfix/smtpd[4335]: < unknown[10.10.10.13]: AUTH PLAIN !CRYPTED!
Dec 8 21:09:04 noise postfix/smtpd[4335]: xsasl_cyrus_server_first: sasl_method PLAIN, init_response !CRYPTED!
Dec 8 21:09:04 noise postfix/smtpd[4335]: xsasl_cyrus_server_first: decoded initial response
Dec 8 21:09:04 noise postfix/smtpd[4335]: warning: SASL authentication failure: Password verification failed
Dec 8 21:09:04 noise postfix/smtpd[4335]: warning: unknown[10.10.10.13]: SASL PLAIN authentication failed: authentication failure
Dec 8 21:09:04 noise postfix/smtpd[4335]: > unknown[10.10.10.13]: 535 5.7.0 Error: authentication failed: authentication failure
Dec 8 21:09:04 noise postfix/smtpd[4335]: < unknown[10.10.10.13]: AUTH LOGIN
Dec 8 21:09:04 noise postfix/smtpd[4335]: xsasl_cyrus_server_first: sasl_method LOGIN
Dec 8 21:09:04 noise postfix/smtpd[4335]: xsasl_cyrus_server_auth_response: uncoded server challenge: Username:
Dec 8 21:09:04 noise postfix/smtpd[4335]: > unknown[10.10.10.13]: 334 !CRYPTED!
Dec 8 21:09:04 noise postfix/smtpd[4335]: < unknown[10.10.10.13]: !CRYPTED!
Dec 8 21:09:04 noise postfix/smtpd[4335]: xsasl_cyrus_server_next: decoded response: !USERNAME!
Dec 8 21:09:04 noise postfix/smtpd[4335]: xsasl_cyrus_server_auth_response: uncoded server challenge: Password:
Dec 8 21:09:04 noise postfix/smtpd[4335]: > unknown[10.10.10.13]: 334 !CRYPTED!
Dec 8 21:09:04 noise postfix/smtpd[4335]: < unknown[10.10.10.13]: !CRYPTED!
Dec 8 21:09:04 noise postfix/smtpd[4335]: xsasl_cyrus_server_next: decoded response: !PASSWORT!
Dec 8 21:09:04 noise postfix/smtpd[4335]: warning: unknown[10.10.10.13]: SASL LOGIN authentication failed: authentication failure
Dec 8 21:09:04 noise postfix/smtpd[4335]: > unknown[10.10.10.13]: 535 5.7.0 Error: authentication failed: authentication failure

Die Zugangsdaten, die in der Datenbank stehen, sind auf jeden fall identisch mit den Zugangsdaten die im Log im Klartext angezeigt werden, im Mailclient sind sie definitiv auch übereinstimment mit den aus der Datenbank..
Ich hoffe, damit kann jemand was anfangen, ich freu mich auf Eure Hilfe!

Vielen Dank,

Markus K.
 
Zurück