testsaslauthd
Die Funktion von <code>saslauthdcode> kann man übrigends wie folgt testen:
testsaslauthd -f /var/run/saslauthd/mux -u USER -p PASSWORT
testsaslauthd -f /var/spool/postfix/var/run/saslauthd/mux -u USER -p PASSWORT
saslfinger
Bei Problemen mit Postfix und SASL ist der erste Schritt immer ein Lauf von saslfinger:
<code>saslfingercode> ist ein Bash-Script welches auf einfache Weise alle Informationen zum SMTP-AUTH-Setup anzeigt.
(Download: Version 1.0)
Usage
-c | Client-Side SMTP AUTH wird untersucht. Client-Side SMTP AUTH heißt Postfix (als SMTP-Daemon) nutzt SMTP AUTH zur eigenen Authentifizierung bei anderen Mail-Servern. <code>saslfingercode> geht alle im <code>smtp_sasl_password_mapscode> eingetragene Server um zu prüfen, ob der SMTP-Auth funktioniert/gebraucht wird. |
-h | kleiner Hilfetext. |
-s | Server-Side SMTP AUTH wird untersucht. Server-Side SMTP AUTH heißt Postfix (als SMTP-Daemon) bietet Mail-Clients SMTP AUTH an. |
Zusammenfassung:
Immer erst einmal <code>saslfinger -s | lesscode> ausführen.
Eine Ausgabe sieht dann z.B. so aus:
saslfinger - postfix Cyrus sasl configuration Mo May 08 09:25:28 CEST 2006
version: 1.0
mode: server-side SMTP AUTH
-- basics --
Postfix: 2.1.5
System: Debian GNU/Linux 3.1 \n \l
-- smtpd is linked to --
libsasl2.so.2 => /usr/lib/libsasl2.so.2 (0x401a2000)
-- active SMTP AUTH and TLS parameters for smtpd --
broken_sasl_auth_clients = yes
smtpd_sasl_auth_enable = yes
smtpd_sasl_local_domain = $myhostname
smtpd_sasl_security_options = noanonymous
smtpd_tls_CAfile = /etc/postfix/ssl/smtpd.pem
smtpd_tls_cert_file = /etc/postfix/ssl/smtpd.pem
smtpd_tls_key_file = /etc/postfix/ssl/smtpd.pem
smtpd_tls_loglevel = 1
smtpd_tls_received_header = yes
smtpd_tls_session_cache_timeout = 3600s
smtpd_use_tls = yes
-- listing of /usr/lib/sasl2 --
insgesamt 852
drwxr-xr-x 2 root root 4096 2006-04-25 21:52 .
drwxr-xr-x 70 root root 16384 2006-05-14 00:46 ..
-rw-r--r-- 1 root root 13492 2006-04-24 19:27 libanonymous.a
-rw-r--r-- 1 root root 851 2006-04-24 19:26 libanonymous.la
-rw-r--r-- 1 root root 13824 2006-04-24 19:27 libanonymous.so
-rw-r--r-- 1 root root 13824 2006-04-24 19:27 libanonymous.so.2
-rw-r--r-- 1 root root 13824 2006-04-24 19:27 libanonymous.so.2.0.19
-rw-r--r-- 1 root root 16298 2006-04-24 19:27 libcrammd5.a
-rw-r--r-- 1 root root 837 2006-04-24 19:26 libcrammd5.la
-rw-r--r-- 1 root root 16180 2006-04-24 19:27 libcrammd5.so
-rw-r--r-- 1 root root 16180 2006-04-24 19:27 libcrammd5.so.2
-rw-r--r-- 1 root root 16180 2006-04-24 19:27 libcrammd5.so.2.0.19
-rw-r--r-- 1 root root 47520 2006-04-24 19:27 libdigestmd5.a
-rw-r--r-- 1 root root 860 2006-04-24 19:26 libdigestmd5.la
-rw-r--r-- 1 root root 43944 2006-04-24 19:27 libdigestmd5.so
-rw-r--r-- 1 root root 43944 2006-04-24 19:27 libdigestmd5.so.2
-rw-r--r-- 1 root root 43944 2006-04-24 19:27 libdigestmd5.so.2.0.19
-rw-r--r-- 1 root root 13726 2006-04-24 19:27 liblogin.a
-rw-r--r-- 1 root root 831 2006-04-24 19:26 liblogin.la
-rw-r--r-- 1 root root 14028 2006-04-24 19:27 liblogin.so
-rw-r--r-- 1 root root 14028 2006-04-24 19:27 liblogin.so.2
-rw-r--r-- 1 root root 14028 2006-04-24 19:27 liblogin.so.2.0.19
-rw-r--r-- 1 root root 31248 2006-04-24 19:27 libntlm.a
-rw-r--r-- 1 root root 825 2006-04-24 19:26 libntlm.la
-rw-r--r-- 1 root root 30692 2006-04-24 19:27 libntlm.so
-rw-r--r-- 1 root root 30692 2006-04-24 19:27 libntlm.so.2
-rw-r--r-- 1 root root 30692 2006-04-24 19:27 libntlm.so.2.0.19
-rw-r--r-- 1 root root 20142 2006-04-24 19:27 libotp.a
-rw-r--r-- 1 root root 825 2006-04-24 19:26 libotp.la
-rw-r--r-- 1 root root 43184 2006-04-24 19:27 libotp.so
-rw-r--r-- 1 root root 43184 2006-04-24 19:27 libotp.so.2
-rw-r--r-- 1 root root 43184 2006-04-24 19:27 libotp.so.2.0.19
-rw-r--r-- 1 root root 13886 2006-04-24 19:27 libplain.a
-rw-r--r-- 1 root root 831 2006-04-24 19:26 libplain.la
-rw-r--r-- 1 root root 14096 2006-04-24 19:27 libplain.so
-rw-r--r-- 1 root root 14096 2006-04-24 19:27 libplain.so.2
-rw-r--r-- 1 root root 14096 2006-04-24 19:27 libplain.so.2.0.19
-rw-r--r-- 1 root root 21810 2006-04-24 19:27 libsasldb.a
-rw-r--r-- 1 root root 852 2006-04-24 19:26 libsasldb.la
-rw-r--r-- 1 root root 18692 2006-04-24 19:27 libsasldb.so
-rw-r--r-- 1 root root 18692 2006-04-24 19:27 libsasldb.so.2
-rw-r--r-- 1 root root 18692 2006-04-24 19:27 libsasldb.so.2.0.19
-- content of /etc/postfix/sasl/smtpd.conf --
pwcheck_method: saslauthd
mech_list: PLAIN LOGIN
saslauthd_path: /var/run/saslauthd/mux
autotransition: true
-- active services in /etc/postfix/master.cf --
# service type private unpriv chroot wakeup maxproc command + args
# (yes) (yes) (yes) (never) (100)
smtp inet n - - - - smtpd
pickup fifo n - - 60 1 pickup
cleanup unix n - - - 0 cleanup
qmgr fifo n - - 300 1 qmgr
rewrite unix - - - - - trivial-rewrite
bounce unix - - - - 0 bounce
defer unix - - - - 0 bounce
trace unix - - - - 0 bounce
verify unix - - - - 1 verify
flush unix n - - 1000? 0 flush
proxymap unix - - n - - proxymap
smtp unix - - - - - smtp
relay unix - - - - - smtp
showq unix n - - - - showq
error unix - - - - - error
local unix - n n - - local
virtual unix - n n - - virtual
lmtp unix - - n - - lmtp
anvil unix - - n - 1 anvil
maildrop unix - n n - - pipe
flags=DRhu user=vmail argv=/usr/local/bin/maildrop -d ${recipient}
uucp unix - n n - - pipe
flags=Fqhu user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail ($recipient)
ifmail unix - n n - - pipe
flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient)
bsmtp unix - n n - - pipe
flags=Fq. user=bsmtp argv=/usr/lib/bsmtp/bsmtp -d -t$nexthop -f$sender $recipient
scalemail-backend unix - n n - 2 pipe
flags=R user=scalemail argv=/usr/lib/scalemail/bin/scalemail-store ${nexthop} ${user} ${extension}
amavis unix - - n - 2 smtp
-o smtp_data_done_timeout=1200
-o disable_dns_lookups=yes
127.0.0.1:10025 inet n - n - - smtpd
-o content_filter=
-o local_recipient_maps=
-o relay_recipient_maps=
-o smtpd_restriction_classes=
-o smtpd_client_restrictions=
-o smtpd_helo_restrictions=
-o smtpd_sender_restrictions=
-o smtpd_recipient_restrictions=permit_mynetworks,reject
-o mynetworks=127.0.0.0/8
-o strict_rfc821_envelopes=yes
-- mechanisms on localhost --
250-AUTH LOGIN PLAIN
250-AUTH=LOGIN PLAIN
-- end of saslfinger output --