ubuntuusers.de

Hi!

Habe hier einen Dapper Ubuntu Server, dem möchte ich E-Mail (also SMTP,POP+IMAP) beibringen, ich nutze hierbei diese Anleitung. Nach anfänglichen Startschwierigkeiten, da diese Anleitung für Gutsy geschrieben ist, habe ich es dann doch (halbwegs) hinbekommen.

Postfix+Courier mit den ganzen Authlibs sind drauf, Werte in MySQL eingetragen, E-Mail-Empfang (erstmal ohne AntiSpam+AntiVirus) und IMAP-Abruf funktionieren wie sie sollen. Nur der SMTP-Teil macht mir Sorgen. Versuche ich, darüber eine Mail zu senden, taucht in mail.info folgendes auf:

Jan  3 12:59:18 h1356354 postfix/smtpd[13040]: connect from pxxxxx.dip0.t-ipconnect.de[79.211.47.xxx]
Jan  3 12:59:18 h1356354 postfix/smtpd[13040]: warning: pxxxx.dip0.t-ipconnect.de[79.211.47.xxx]: SASL LOGIN authentication failed: authentication failure
Jan  3 12:59:18 h1356354 postfix/smtpd[13040]: lost connection after AUTH from pxxxx.dip0.t-ipconnect.de[79.211.47.xxx]
Jan  3 12:59:18 h1356354 postfix/smtpd[13040]: disconnect from pxxxxx.dip0.t-ipconnect.de[79.211.47.xxx]

Hat jemand eine Idee, woran das liegen könnte?

/etc/postfix/main.cf

# See /usr/share/postfix/main.cf.dist for a commented, more complete version


# Debian specific:  Specifying a file name will cause the first
# line of that file to be used as the name.  The Debian default
# is /etc/mailname.
#myorigin = /etc/mailname

smtpd_banner = $myhostname ESMTP $mail_name (Ubuntu)
biff = no

# appending .domain is the MUA's job.
append_dot_mydomain = no

# Uncomment the next line to generate "delayed mail" warnings
#delay_warning_time = 4h

# TLS parameters
smtpd_tls_cert_file = /etc/postfix/smtpd.cert
smtpd_tls_key_file = /etc/postfix/smtpd.key
smtpd_use_tls = yes
smtpd_tls_session_cache_database = btree:${queue_directory}/smtpd_scache
smtp_tls_session_cache_database = btree:${queue_directory}/smtp_scache

# See /usr/share/doc/postfix/TLS_README.gz in the postfix-doc package for
# information on enabling SSL in the smtp client.

myhostname = xxxxxx.net
alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases
myorigin = /etc/mailname
mydestination = xxxxxx, localhost, localhost.localdomain
relayhost =
mynetworks = 127.0.0.0/8
mailbox_size_limit = 0
recipient_delimiter = +
inet_interfaces = all
virtual_alias_domains =
virtual_alias_maps = proxy:mysql:/etc/postfix/mysql-virtual_forwardings.cf, mysql:/etc/postfix/mysql-virtual_email2email.cf
virtual_mailbox_domains = proxy:mysql:/etc/postfix/mysql-virtual_domains.cf
virtual_mailbox_maps = proxy:mysql:/etc/postfix/mysql-virtual_mailboxes.cf
virtual_mailbox_base = /home/vmail
virtual_uid_maps = static:5000
virtual_gid_maps = static:5000
smtpd_sasl_auth_enable = yes
broken_sasl_auth_clients = yes
smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination
transport_maps = proxy:mysql:/etc/postfix/mysql-virtual_transports.cf
virtual_create_maildirsize = yes
virtual_mailbox_extended = yes
virtual_mailbox_limit_maps = proxy:mysql:/etc/postfix/mysql-virtual_mailbox_limit_maps.cf
virtual_mailbox_limit_override = yes
virtual_maildir_limit_message = "The user you are trying to reach is over quota."
virtual_overquota_bounce = yes
proxy_read_maps = $local_recipient_maps $mydestination $virtual_alias_maps $virtual_alias_domains $virtual_mailbox_maps $virtual_mailbox_domains $relay_recipient_maps $relay_domains $canonical_maps $sender_canonical_maps $recipient_canonical_maps $relocated_maps $transport_maps $mynetworks $virtual_mailbox_limit_maps
mailbox_command = procmail -a "$EXTENSION"
inet_protocols = all
smtpd_sasl_local_domain =
smtpd_sasl_security_options = noanonymous
smtpd_tls_auth_only = no
smtp_use_tls = yes
smtp_tls_note_starttls_offer = yes
smtpd_tls_CAfile = /etc/postfix/ssl/cacert.pem
smtpd_tls_loglevel = 1
smtpd_tls_received_header = yes
smtpd_tls_session_cache_timeout = 3600s
tls_random_source = dev:/dev/urandom

/etc/postfix/sasl/smtpd.conf

pwceck_method: saslauthd
mech_list: plain login
allow_plaintext: true
auxprop_plugin: mysql
sql_hostnames: 127.0.0.1
sql_user: mail_admin
sql_passwd: xxxxxxx
sql_database: mail
sql_select: select password from users where email = '%u'

/etc/pam.d/smtp

auth    required   pam_mysql.so user=mail_admin passwd=xxxxxxx host=127.0.0.1 db=mail table=users usercolumn=email passwdcolumn=password crypt=1
account sufficient pam_mysql.so user=mail_admin passwd=xxxxxxx host=127.0.0.1 db=mail table=users usercolumn=email passwdcolumn=password crypt=1

Nimm doch als pwcheck_method in /etc/postfix/sasl/smtpd.conf auxprop. Damit kannst du direkt auf eine SQL-Datenbank zugreifen und musst nicht den Umweg über PAM gehen. Gleichzeitig ist es dir so auch möglich, sichere Authentisierungsmechanismen anzubieten.

Gruß
Christian

Habe es jetzt auf smtp-Seite über auxprop realisiert, danke für den Tipp!!!
Es läuft jetzt alles so wie es soll ☺

Hier meine /etc/postfix/sasl/smtpd.conf:

pwceck_method: auxprop
auxprop_plugin: sql
log_level: 3
mech_list: plain login cram-md5 digest-md5
allow_plaintext: true
auxprop_plugin: mysql
sql_engine: mysql
sql_hostnames: 127.0.0.1
sql_user: --removed--
sql_passwd: --removed--
sql_database: mail
sql_select: select password from users where email = '%u@%r'