AW: Probleme mit Debian und Postfix
Hi
Probier doch erstmal den pop3 Server mit passwd als auth-file
um dich von deren Funktionalität zu überzeugen. Dann mal
die mysql Datenbank überprüfen.
Ho
-----Ursprüngliche Nachricht-----
Von: rainier.wulfcastle@web.de [mailto:rainier.wulfcastle@web.de]
Gesendet: Samstag, 22. Februar 2003 18:37
An: Debian User German
Betreff: Probleme mit Debian und Postfix
Hallo,
ihr seit meine letzte Hoffnung:
Ich habe heir einen kleinen Testserver mit Debain Woody und
Postfix/Courier
imap/pop3 und mysql nach dem HowTo von
http://www.marlow.dk/tech/postfix.html zusammengebastelt.
Der Server nimmt über smtp Mails korrekt an (Telnet Test).
Der Imap Verkehr funktioniert über Clients und Squirrelmail auch recht
gut.
Nur 2 Probleme gibts noch:
- Ich kann keine Mails per pop3 abholen
- ich kann keine Mails per Client einliefern
Die Authentifizierung läuft über eine MySql Datenbank.
main.cf:
------------------------------------------------------------------
command_directory = /usr/sbin
daemon_directory = /usr/lib/postfix
program_directory = /usr/lib/postfix
default_privs = nobody
mail_owner = postfix
smtpd_banner = mx.syneha.de ESMTP $mail_name (Debian/GNU)
setgid_group = postdrop
biff = no
append_dot_mydomain = no
myhostname = srv002.intern.syneha.de
mydomain = intern.syneha.de
myorigin = $myhostname
mydestination = $myhostname, localhost.intern.syneha.de, localhost
$transport_maps
relay_domains = $mydestination
inet_interfaces = all
home_mailbox = Maildir/
alias_maps = mysql:/etc/postfix/mysql-aliases.cf
relocated_maps = mysql:/etc/postfix/mysql-relocated.cf
transport_maps = mysql:/etc/postfix/mysql-transport.cf
virtual_maps = mysql:/etc/postfix/mysql-virtual.cf
local_recipient_maps = $alias_maps $virtual_mailbox_maps
unix:passwd.byname
virtual_mailbox_base = /home/vmail
virtual_mailbox_maps = mysql:/etc/postfix/mysql-virtual-maps.cf
virtual_uid_maps = mysql:/etc/postfix/mysql-virtual-uid.cf
virtual_gid_maps = mysql:/etc/postfix/mysql-virtual-gid.cf
#Smtp_auth fuer eingehende Verbindungen
smtpd_sasl_auth_enable = yes
smtpd_sasl_local_domain = $mydomain
broken_sasl_auth_clients = yes
smtpd_sasl_security_options = noanonymous
#Smtp_auth fuer ausgehende Verbindungen
smtp_sasl_auth_enable = yes
smtp_sasl_password_maps = hash:/etc/postfix/smtp_auth
smtp_sasl_security_options = noanonymous
relayhost = smtp.1und1.com
smtpd_recipient_restrictions = permit_mynetworks,
permit_sasl_authenticated,
reject_unknown_sender_domain
reject_non_fqdn_sender
reject_maps_rbl,
permit_auth_destination
reject
maps_rbl_domains = rbl.maps.vix.com
relays.mail-abuse.org
relays.ordb.org
spamhaus.relays.osirusoft.com
spews.relays.osirusoft.com
content_filter = amavis:
-------------------------------------------------------------------
In der Datei /etc/postfix/sasl/smtpd.conf steht
-------------------------------------------------------------------
pwcheck_method: PAM
-------------------------------------------------------------------
In der Datei /etc/pam.d/smtp steht
----------------------------------------------------------------------
auth optional pam_mysql.so server=localhost db=postfix user=postfix
passwd=postfix table=users usercolumn=email passwdcolumn=clear crypt=n
account required pam_mysql.so server=localhost db=postfix user=postfix
passwd=postfix table=users usercolumn=email passwdcolumn=clear crypt=n
-----------------------------------------------------------------------
Als postfix maulte, es könne in /etc/pam.conf nix finden, hab ich die
Einträge dort auch noch rein geschrieben:
---------------------------------------------------------------------
#
------------------------------------------------------------------------
--
-#
# /etc/pam.conf
#
#
------------------------------------------------------------------------
--
-#
#
# NOTE
# ----
#
# NOTE: Most program use a file under the /etc/pam.d/ directory to setup
their
# PAM service modules. This file is used, but not recommended
#
------------------------------------------------------------------------
--
-#
# Format:
# serv. module ctrl module [path]
..[args..] #
# name type flag
#
auth optional pam_mysql.so server=127.0.0.1 db=postfix user=postfix
passwd=postfix table=users usercolumn=email passwdcolumn=clear crypt=n
account required pam_mysql.so server=127.0.0.1 db=postfix
user=postfix
passwd=postfix table=users usercolumn=email passwdcolums=clear crypt=n
------------------------------------------------------------------------
----
--------------
Auszug aus /var/log/mail.log
------------------------------------------------------------------------
----
-----------------
Feb 22 20:12:38 srv002 postfix/smtpd[987]: connect from
emnpc1[192.168.1.5]
Feb 22 20:12:38 srv002 postfix/smtpd[987]: PAM _pam_init_handlers: could
not
open /etc/pam.conf
Feb 22 20:12:38 srv002 postfix/smtpd[987]: PAM pam_start: failed to
initialize handlers
Feb 22 20:12:38 srv002 postfix/smtpd[987]: warning: emnpc1[192.168.1.5]:
SASL LOGIN authentication failed
Feb 22 20:12:43 srv002 postfix/smtpd[987]: lost connection after AUTH
from
emnpc1[192.168.1.5]
Feb 22 20:12:43 srv002 postfix/smtpd[987]: disconnect from
emnpc1[192.168.1.5]
Feb 22 20:43:18 srv002 courierpop3login: Connection,
ip=[::ffff:192.168.1.5]
Feb 22 20:43:23 srv002 courierpop3login: LOGIN FAILED,
ip=[::ffff:192.168.1.5]
------------------------------------------------------------------------
----
--------------------
Der pop3d kann anscheinend die User nicht auth.
Die Datei /etc/pam.d/pop3d
------------------------------------------------------------------------
----
---------------
auth required pam_unix.so nullok
account required pam_unix.so
password required pam_unix.so
session required pam_unix.so
------------------------------------------------------------------------
----
-----------------
Die wird anscheinend nicht genutzt.
Da müssten ja wohl eher die mysql Werte drinn stehen, wie in pam.d/smtp.
Aber die nutzt er ja auch nicht :-(
Wie kriege ich Postfix dazu, die korrekten Wege für Sasl zu benutzen, um
die
Userdaten aus der Datenbank zu fischen?
in /etc/courier/ ist alles nach dem Howto konfiguriert.
------------------------------------------------------------------------
----
------------
/etc/courier/authdaemonrc
------------------------------------------------------------------------
----
------------
##NAME: authmodulelist:0
authmodulelist="authmysql"
##NAME: authmodulelistorig:1
authmodulelistorig="authcustom authcram authuserdb authldap authmysql
authpam"
##NAME: daemons:0
daemons=5
##NAME: version:0
version=""
##NAME: authdaemonvar:0
authdaemonvar=/var/run/courier/authdaemon
------------------------------------------------------------------------
----
-----------------
Die Datei /etc/courier/authmodulelist enthält als einziges die Zeile
authdaemon
------------------------------------------------------------------------
----
----------------
/etc/courier/authmysqlrc:
------------------------------------------------------------------------
----
---------------
MYSQL_SERVER 127.0.0.1
MYSQL_USERNAME postfix
MYSQL_PASSWORD postfix
MYSQL_SOCKET /var/run/mysqld/mysqld.sock
MYSQL_PORT 3306
MYSQL_OPT 0
MYSQL_DATABASE postfix
MYSQL_USER_TABLE users
#MYSQL_CRYPT_PWFIELD crypt
MYSQL_CLEAR_PWFIELD clear
# DEFAULT_DOMAIN example.com
MYSQL_UID_FIELD uid
MYSQL_GID_FIELD gid
MYSQL_LOGIN_FIELD email
MYSQL_HOME_FIELD homedir
MYSQL_NAME_FIELD name
MYSQL_MAILDIR_FIELD maildir
# MYSQL_QUOTA_FIELD quota
# MYSQL_WHERE_CLAUSE server='mailhost.example.com'
------------------------------------------------------------------------
----
-----------------
Die Datei /etc/courier/Imapd
------------------------------------------------------------------------
----
----------------
##NAME: ADDRESS:0
# ADDRESS=127.0.0.1
ADDRESS=192.168.1.3
##NAME: PORT:1
PORT=143
##NAME: AUTHSERVICE:0
AUTHSERVICE143=imap
# AUTHSERVICE993=imaps
##NAME: MAXDAEMONS:0
MAXDAEMONS=40
##NAME: MAXPERIP:0
MAXPERIP=4
##NAME: PIDFILE:0
PIDFILE=/var/run/courier/imapd.pid
##NAME: TCPDOPTS:0
TCPDOPTS="-nodnslookup -noidentlookup"
##NAME: AUTHMODULES:0
AUTHMODULES="authdaemon"
##NAME: AUTHMODULES_ORIG:0
AUTHMODULES_ORIG="authdaemon"
##NAME: IMAP_CAPABILITY:0
IMAP_CAPABILITY="IMAP4rev1 CHILDREN NAMESPACE THREAD=ORDEREDSUBJECT
THREAD=REFERENCES SORT AUTH=CRAM-MD5 AUTH=CRAM-SHA1"
IMAP_CAPABILITY="IMAP4rev1 CHILDREN NAMESPACE THREAD=ORDEREDSUBJECT
THREAD=REFERENCES SORT"
##NAME: IMAP_CAPABILITY_ORIG:0
IMAP_CAPABILITY_ORIG="IMAP4rev1 CHILDREN NAMESPACE THREAD=ORDEREDSUBJECT
THREAD=REFERENCES SORT AUTH=CRAM-MD5 AUTH=CRAM-SHA1 IDLE"
##NAME: IMAP_IDLE_TIMEOUT:0
IMAP_IDLE_TIMEOUT=60
##NAME: IMAP_CAPABILITY_TLS:0
IMAP_CAPABILITY_TLS="$IMAP_CAPABILITY AUTH=PLAIN"
##NAME: IMAP_TLS_ORIG:0
IMAP_CAPABILITY_TLS_ORIG="$IMAP_CAPABILITY_ORIG AUTH=PLAIN"
##NAME: IMAP_DISABLETHREADSORT:0
IMAP_DISABLETHREADSORT=0
##NAME: IMAP_CHECK_ALL_FOLDERS:0
IMAP_CHECK_ALL_FOLDERS=0
##NAME: IMAP_OBSOLETE_CLIENT:0
IMAP_OBSOLETE_CLIENT=0
##NAME: IMAP_ULIMITD:0
IMAP_ULIMITD=65536
##NAME: IMAP_USELOCKS:0
IMAP_USELOCKS=0
##NAME: IMAP_EMPTYTRASH:0
# IMAP_EMPTYTRASH=Trash:7,Sent:30
IMAP_EMPTYTRASH=Trash:7
IMAP_MOVE_EXPUNGE_TO_TRASH=0
IMAPDSTART=YES
------------------------------------------------------------------------
----
---------------------
Die Datei /etc/courier/pop3d
------------------------------------------------------------------------
----
----------------------
prefix=/usr
exec_prefix=/usr
sbindir="/usr/sbin"
PIDFILE=/var/run/courier/pop3d.pid
MAXDAEMONS=20
MAXPERIP=4
AUTHMODULES="authdaemon"
AUTHMODULES_ORIG="authdaemon"
# POP3AUTH="LOGIN"
# POP3AUTH="LOGIN CRAM-MD5 CRAM-SHA1"
POP3AUTH="LOGIN CRAM-MD5 CRAM-SHA1"
POP3AUTH_ORIG="LOGIN CRAM-MD5 CRAM-SHA1"
# POP3AUTH_TLS="LOGIN PLAIN"
#POP3AUTH_TLS=""
#POP3AUTH_TLS_ORIG="LOGIN PLAIN"
PORT=110
ADDRESS=0
TCPDOPTS="-nodnslookup -noidentlookup"
POP3DSTART=YES
------------------------------------------------------------------------
----
----------------------
Bin mit meinem latein am Ende.
Vieleicht weiss einer weiter.
Würde mich sehr freuen.
Vielen Dank und schönen Abend noch.
mfg
Matthias
--
Haeufig gestellte Fragen und Antworten (FAQ):
http://www.de.debian.org/debian-user-german-FAQ/
Zum AUSTRAGEN schicken Sie eine Mail an
debian-user-german-request@lists.debian.org
mit dem Subject "unsubscribe". Probleme? Mail an
listmaster@lists.debian.org (engl)
---
Incoming mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.449 / Virus Database: 251 - Release Date: 1/27/2003
---
Outgoing mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.449 / Virus Database: 251 - Release Date: 1/27/2003
Reply to: