Hallo,
ich bin dabei mir ein mailserver einzurichten, dafür verwende ich postfix und courier. Ich hab diverse Howtos und Konfigurationen durch, es will einfach nicht. Habe es auch mit MySQL versucht, da hat pam-mysql keinen einzigen Query getätigt.
Folgende Logs: (HOST, HOSTIP, EMPFÄNGER sind zu ersetzen mit korrekten Daten)
/var/log/mail.log: (SMTP Login Versuch)
Jun 17 06:32:43 one postfix/smtpd[19968]: connect from HOST[HOSTIP] Jun 17 06:32:43 one postfix/smtpd[19968]: warning: SASL authentication failure: unable to canonify user and get auxprops Jun 17 06:32:43 one postfix/smtpd[19968]: warning: HOST[HOSTIP]: SASL DIGEST-MD5 authentication failed: generic failure Jun 17 06:32:43 one postfix/smtpd[19968]: disconnect from HOST[HOSTIP]
/var/log/auth.log: (SMTP Login Versuch)
Jun 17 06:58:27 one postfix/smtpd[24163]: sql plugin Parse the username EMPFÄNGER@HOST Jun 17 06:58:27 one postfix/smtpd[24163]: sql plugin try and connect to a host Jun 17 06:58:27 one postfix/smtpd[24163]: sql plugin trying to open db 'imscp' on host 'localhost' Jun 17 06:58:27 one postfix/smtpd[24163]: sql plugin could not connect to host localhost Jun 17 06:58:27 one postfix/smtpd[24163]: sql plugin couldn't connect to any host
Die Konfiguration: /etc/postfix/master.cf
# Postfix master process configuration file. For details on the format
# of the file, see the master(5) manual page (command: "man 5 master").
#
# Do not forget to execute "postfix reload" after editing this file.
#
# ==========================================================================
# service type private unpriv chroot wakeup maxproc command + args
# (yes) (yes) (yes) (never) (100)
# ==========================================================================
# Uncomment the second line below when unsing AMaViS
smtp inet n - - - - smtpd
# -o receive_override_options=no_address_mappings
submission inet n - - - - smtpd
# -o smtpd_tls_security_level=encrypt
-o smtpd_sasl_auth_enable=yes
-o smtpd_client_restrictions=permit_sasl_authenticated,reject
-o content_filter=spamassassin
-o receive_override_options=no_address_mappings
# -o milter_macro_daemon_name=ORIGINATING
#
smtps inet n - - - - smtpd
-o smtpd_tls_wrappermode=yes
-o smtpd_sasl_auth_enable=yes
-o smtpd_client_restrictions=permit_sasl_authenticated,reject
# -o milter_macro_daemon_name=ORIGINATING
#628 inet n - - - - qmqpd
pickup fifo n - - 60 1 pickup
cleanup unix n - - - 0 cleanup
qmgr fifo n - n 300 1 qmgr
#qmgr fifo n - - 300 1 oqmgr
tlsmgr unix - - - 1000? 1 tlsmgr
rewrite unix - - - - - trivial-rewrite
bounce unix - - - - 0 bounce
defer unix - - - - 0 bounce
trace unix - - - - 0 bounce
verify unix - - - - 1 verify
flush unix n - - 1000? 0 flush
proxymap unix - - n - - proxymap
proxywrite unix - - n - 1 proxymap
smtp unix - - - - - smtp
# When relaying mail as backup MX, disable fallback_relay to avoid MX loops
relay unix - - - - - smtp
-o smtp_fallback_relay=
# -o smtp_helo_timeout=5 -o smtp_connect_timeout=5
showq unix n - - - - showq
error unix - - - - - error
retry unix - - - - - error
discard unix - - - - - discard
local unix - n n - - local
virtual unix - n n - - virtual
lmtp unix - - - - - lmtp
anvil unix - - - - 1 anvil
scache unix - - - - 1 scache
#
# ====================================================================
# Interfaces to non-Postfix software. Be sure to examine the manual
# pages of the non-Postfix software to find out what options it wants.
#
# Many of the following services use the Postfix pipe(8) delivery
# agent. See the pipe(8) man page for information about ${recipient}
# and other message envelope options.
# ====================================================================
#
# maildrop. See the Postfix MAILDROP_README file for details.
# Also specify in main.cf: maildrop_destination_recipient_limit=1
#
maildrop unix - n n - - pipe
flags=DRhu user=vmail argv=/usr/bin/maildrop -d ${recipient}
#
# See the Postfix UUCP_README file for configuration details.
#
uucp unix - n n - - pipe
flags=Fqhu user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail ($recipient)
#
# Other external delivery methods.
#
ifmail unix - n n - - pipe
flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient)
bsmtp unix - n n - - pipe
flags=Fq. user=bsmtp argv=/usr/lib/bsmtp/bsmtp -t$nexthop -f$sender $recipient
scalemail-backend unix - n n - 2 pipe
flags=R user=scalemail argv=/usr/lib/scalemail/bin/scalemail-store ${nexthop} ${user} ${extension}
mailman unix - n n - - pipe
flags=FR user=list argv=/usr/lib/mailman/bin/postfix-to-mailman.py
${nexthop} ${user}
# for AMaViS and spam filter support
amavis unix - - n - 2 smtp
-o smtp_data_done_timeout=1200
-o smtp_send_xforward_command=yes
-o disable_dns_lookups=yes
localhost:10025 inet n - n - - smtpd
-o content_filter=
-o local_recipient_maps=
-o relay_recipient_maps=
-o smtpd_restriction_classes=
-o smtpd_client_restrictions=
-o smtpd_helo_restrictions=
-o smtpd_sender_restrictions=
-o smtpd_recipient_restrictions=permit_mynetworks,reject
# -o smtpd_override_options=no_address_mappings
-o mynetworks=127.0.0.0/8
-o strict_rfc821_envelopes=yes
# i-MSCP autoresponder
imscp-arpl unix - n n - - pipe
flags=O user=vmail:imscp argv=/var/www/imscp/engine/messenger/imscp-arpl-msgr $recipient
spamassassin unix - n n - - pipe
flags=Rq user=vmail argv=/usr/bin/spamc -u ${user}@${domain} -e /usr/sbin/sendmail -oi -f ${sender} ${recipient}/etc/postfix/my.cf
# Postfix directory settings; These are critical for normal Postfix MTA functionallity
command_directory = /usr/sbin
daemon_directory = /usr/lib/postfix
# Some common configuration parameters
inet_protocols = ipv4, ipv6
inet_interfaces = all
mynetworks_style = host
myhostname = one.HOST
mydomain = one.HOST.local
myorigin = $myhostname
smtpd_banner = $myhostname ESMTP i-MSCP 1.1.0-rc2.3 Managed
setgid_group = postdrop
# Receiving messages parameters
mydestination = $myhostname, $mydomain, localhost, localhost.$mydomain
append_dot_mydomain = no
append_at_myorigin = yes
local_transport = local
transport_maps = hash:/etc/postfix/imscp/transport
relay_domains = hash:/etc/postfix/imscp/relay_domains
alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases
# Delivering local messages parameters
mail_spool_directory = /var/mail
# Mailboxquota
# => 0 for unlimited
# => 104857600 for 100 MB
mailbox_size_limit = 0
mailbox_command = procmail -a "$EXTENSION"
# Message size limit
# => 0 for unlimited
# => 104857600 for 100 MB
message_size_limit = 0
biff = no
recipient_delimiter = +
local_destination_recipient_limit = 1
local_recipient_maps = unix:passwd.byname $alias_database
# i-MSCP Autoresponder parameters
imscp-arpl_destination_recipient_limit = 1
# Delivering virtual messages parameters
virtual_mailbox_base = /var/mail/virtual
virtual_mailbox_limit = 0
virtual_mailbox_domains = hash:/etc/postfix/imscp/domains
virtual_mailbox_maps = hash:/etc/postfix/imscp/mailboxes
virtual_alias_maps = hash:/etc/postfix/imscp/aliases
virtual_minimum_uid = 999
virtual_uid_maps = static:999
virtual_gid_maps = static:8
# SASL parameters
smtpd_sasl_auth_enable = yes
smtpd_sasl_security_options = noanonymous
broken_sasl_auth_clients = yes
smtpd_sasl_authenticated_header = yes
smtpd_helo_required = yes
smtpd_helo_restrictions = permit_mynetworks,
permit_sasl_authenticated,
reject_invalid_helo_hostname,
reject_non_fqdn_helo_hostname
smtpd_sender_restrictions = reject_non_fqdn_sender,
reject_unknown_sender_domain,
permit_mynetworks,
permit_sasl_authenticated
smtpd_recipient_restrictions = reject_non_fqdn_recipient,
reject_unknown_recipient_domain,
permit_mynetworks,
permit_sasl_authenticated,
reject_unauth_destination,
reject_unlisted_recipient,
check_policy_service inet:127.0.0.1:12525,
check_policy_service inet:127.0.0.1:10023,
permit
smtpd_data_restrictions = reject_multi_recipient_bounce,
reject_unauth_pipelining
# TLS parameters
smtpd_tls_security_level = may
smtpd_tls_loglevel = 2
smtpd_tls_cert_file = /etc/imscp/one.HOST.pem
smtpd_tls_key_file = /etc/imscp/one.HOST.pem
smtpd_tls_auth_only = no
smtpd_tls_received_header = yes
# AMaViS parameters; activate, if available/used
#content_filter = amavis:[127.0.0.1]:10024
# Quota support; activate, if available/used
#virtual_create_maildirsize = yes
#virtual_mailbox_extended = yes
#virtual_mailbox_limit_maps = mysql:/etc/postfix/mysql_virtual_mailbox_limit_maps.cf
#virtual_mailbox_limit_override = yes
#virtual_maildir_limit_message = "The user you're trying to reach is over mailbox quota."
#virtual_overquota_bounce = yes
#spamassasin
spamassassin_destination_recipient_limit = 1/etc/default/saslauthd
# # Settings for saslauthd daemon # Please read /usr/share/doc/sasl2-bin/README.Debian for details. # # Should saslauthd run automatically on startup? (default: no) START=yes # Description of this saslauthd instance. Recommended. # (suggestion: SASL Authentication Daemon) DESC="SASL Authentication Daemon" # Short name of this saslauthd instance. Strongly recommended. # (suggestion: saslauthd) NAME="saslauthd" # Which authentication mechanisms should saslauthd use? (default: pam) # # Available options in this Debian package: # getpwent -- use the getpwent() library function # kerberos5 -- use Kerberos 5 # pam -- use PAM # rimap -- use a remote IMAP server # shadow -- use the local shadow password file # sasldb -- use the local sasldb database file # ldap -- use LDAP (configuration is in /etc/saslauthd.conf) # # Only one option may be used at a time. See the saslauthd man page # for more information. # # Example: MECHANISMS="pam" MECHANISMS="pam" # Additional options for this mechanism. (default: none) # See the saslauthd man page for information about mech-specific options. MECH_OPTIONS="" # How many saslauthd processes should we run? (default: 5) # A value of 0 will fork a new process for each connection. THREADS=5 # Other options (default: -c -m /var/run/saslauthd) # Note: You MUST specify the -m option or saslauthd won't run! # # WARNING: DO NOT SPECIFY THE -d OPTION. # The -d option will cause saslauthd to run in the foreground instead of as # a daemon. This will PREVENT YOUR SYSTEM FROM BOOTING PROPERLY. If you wish # to run saslauthd in debug mode, please run it by hand to be safe. # # See /usr/share/doc/sasl2-bin/README.Debian for Debian-specific information. # See the saslauthd man page and the output of 'saslauthd -h' for general # information about these options. # # Example for chroot Postfix users: "-c -m /var/spool/postfix/var/run/saslauthd" # Example for non-chroot Postfix users: "-c -m /var/run/saslauthd" # # To know if your Postfix is running chroot, check /etc/postfix/master.cf. # If it has the line "smtp inet n - y - - smtpd" or "smtp inet n - - - - smtpd" # then your Postfix is running in a chroot. # If it has the line "smtp inet n - n - - smtpd" then your Postfix is NOT # running in a chroot. OPTIONS="-c -m /var/spool/postfix/var/run/saslauthd -r"
Bitte um Hilfe, komme einfach nicht mehr weiter... Seh ich das richtig, wieso versucht sasl via SQL zu verifizieren? Wo ist auxprop gesetzt? Habe doch die smtpd.conf nicht eingebunden (stmpd_sasl_path = smtpd nicht in my.cf enthalten) Habe dann mal versucht wenigstens SQL zu konfigurieren.
Hier noch die /etc/postfix/sasl/smtpd.conf
pwcheck_method: auxprop saslauthd auxprop_plugin: sql saslauthd_path: /var/spool/postfix/var/run/saslauthd mech_list: DIGEST-MD5 CRAM-MD5 PLAIN LOGIN auto_transition: yes sql_engine: mysql sql_hostnames: localhost sql_database: imscp sql_user: USER sql_passwd: PASSWORT sql_select: SELECT mail_pass FROM mail_users WHERE mail_addr='%u' and mail_forward!='_no_' sql_verbose: yes log_level: 9
Die user und pws liegen dort in Klartext vor. Aber eigentlich sollten die doch aus der imscp/*.db geholt werden oder?
Vielen Dank für eure Bemühungen.