Results 1 to 2 of 2

Thread: openSuSE11.4 Postfix sasl PAM problem

  1. #1

    Unhappy openSuSE11.4 Postfix sasl PAM problem

    Hi, i tries to authenticate posfix with sasl
    but on the 11.4 Version fails. version 10.2 and 11.2 are tested under the same conditions are fine.
    what's wrong?

    here the infos:

    Code:
    postconf | grep mail_version
    mail_version = 2.8.4
    cat /etc/sasl2/smtpd.conf

    Code:
    log_level: 3
    
    ###
    pwcheck_method: auxprop
    auxprop_plugin: sasldb
    mech_list: PLAIN LOGIN
    Symptome:
    after auth plain (base64-string) kills the smtpd with Signal 11

    Code:
    telnet localhost 25
    Trying 127.0.0.1...
    Connected to localhost.
    Escape character is '^]'.
    220 mail.tuxplay.de ESMTP
    EHLO klaus
    250-mail.tuxplay.de
    250-PIPELINING
    250-SIZE
    250-VRFY
    250-ETRN
    250-AUTH PLAIN LOGIN
    250-AUTH=PLAIN LOGIN
    250-ENHANCEDSTATUSCODES
    250-8BITMIME
    250 DSN
    AUTH PLAIN
    334
    AHRlc3R1c2VyQHRlc3Rkb21haW4uaW50ZXJuAHRlc3RwYXNz
    Connection closed by foreign host.
    the log with verbosity:
    /var/log/mail

    Code:
    Aug 17 11:26:04 ispcp postfix/smtpd[9873]: < ispcp.tuxplay.de.internal[127.0.0.1]: auth plain
    Aug 17 11:26:04 ispcp postfix/smtpd[9873]: xsasl_cyrus_server_first: sasl_method plain
    Aug 17 11:26:04 ispcp postfix/smtpd[9873]: xsasl_cyrus_server_auth_response: uncoded server challenge:
    Aug 17 11:26:04 ispcp postfix/smtpd[9873]: > ispcp.tuxplay.de.internal[127.0.0.1]: 334
    Aug 17 11:26:12 ispcp postfix/smtpd[9873]: < ispcp.tuxplay.de.internal[127.0.0.1]: AHRlc3R1c2VyQHRlc3Rkb21haW4uaW50ZXJuAHRlc3RwYXNz (Original changed by testuser@testdomain.intern/testpass)
    Aug 17 11:26:12 ispcp postfix/smtpd[9873]: xsasl_cyrus_server_next: decoded response:
    Aug 17 11:26:12 ispcp postfix/master[9724]: warning: process /usr/lib/postfix/smtpd pid 9873 killed by signal 11
    Aug 17 11:26:12 ispcp postfix/master[9724]: warning: /usr/lib/postfix/smtpd: bad command startup -- throttling
    rpm -qa | grep libdb:
    Code:
    	libdb-4_5-32bit-4.5.20-108.3.x86_64
    	libdb-4_5-4.5.20-108.3.x86_64
    	libdb-4_5-devel-4.5.20-108.3.x86_64
    	libdbusmenu-qt2-32bit-0.6.6-3.1.x86_64
    	libdbusmenu-qt2-0.6.6-3.1.x86_64
    	libdb-4_8-4.8.30-2.4.x86_64
    	libdb-4_8-32bit-4.8.30-2.4.x86_64
    	libdb-4_8-devel-4.8.30-2.4.x86_64
    ldd smtpd:

    Code:
    	ldd /usr/lib/postfix/smtpd
            linux-gate.so.1 =>  (0xffffe000)
            libpostfix-master.so.1 => /usr/lib/libpostfix-master.so.1 (0xf76ff000)
            libpostfix-tls.so.1 => /usr/lib/libpostfix-tls.so.1 (0xf76ef000)
            libpostfix-dns.so.1 => /usr/lib/libpostfix-dns.so.1 (0xf76e9000)
            libpostfix-milter.so.1 => /usr/lib/libpostfix-milter.so.1 (0xf76dd000)
            libpostfix-global.so.1 => /usr/lib/libpostfix-global.so.1 (0xf76a7000)
            libpostfix-util.so.1 => /usr/lib/libpostfix-util.so.1 (0xf7671000)
            libsasl2.so.2 => /usr/lib/libsasl2.so.2 (0xf7656000)
            libc.so.6 => /lib/libc.so.6 (0xf74e9000)
            libssl.so.1.0.0 => /lib/libssl.so.1.0.0 (0xf7491000)
            libcrypto.so.1.0.0 => /lib/libcrypto.so.1.0.0 (0xf72ee000)
            libresolv.so.2 => /lib/libresolv.so.2 (0xf72d7000)
            libdl.so.2 => /lib/libdl.so.2 (0xf72d2000)
            libdb-4.5.so => /usr/lib/libdb-4.5.so (0xf718d000)
            libnsl.so.1 => /lib/libnsl.so.1 (0xf7173000)
            /lib/ld-linux.so.2 (0xf772c000)
            libz.so.1 => /lib/libz.so.1 (0xf715b000)
            libpthread.so.0 => /lib/libpthread.so.0 (0xf7140000)
    /etc/postfix/master.cf

    Code:
    #
    # Postfix master process configuration file.  For details on the format
    # of the file, see the Postfix master(5) manual page.
    #
    # ==========================================================================
    # service type  private unpriv  chroot  wakeup  maxproc command + args
    #               (yes)   (yes)   (yes)   (never) (100)
    # ==========================================================================
    smtp      inet  n       -       y       -       -       smtpd -v
    
    # Used by clients that are standard compliant - port 587
    submission inet  n       -       y       -       -       smtpd
       -o smtpd_etrn_restrictions=reject
       -o smtpd_sasl_auth_enable=yes
       -o smtpd_client_restrictions=permit_sasl_authenticated,reject
    
    
    
    # smtps - Un-comment if TLS is avaiable/used
    #465      inet  n       -       y       -       -       smtpd
    #   -o smtpd_tls_wrappermode=yes
    #   -o smtpd_sasl_auth_enable=yes
    #   -o smtpd_client_restrictions=permit_sasl_authenticated,reject
    
    #628      inet  n       -       n       -       -       qmqpd
    pickup    fifo  n       -       y       60      1       pickup
    cleanup   unix  n       -       y       -       0       cleanup
    qmgr      fifo  n       -       n       300     1       qmgr
    #qmgr     fifo  n       -       n       300     1       oqmgr
    tlsmgr    unix  -       -       n       1000?   1       tlsmgr
    rewrite   unix  -       -       y       -       -       trivial-rewrite
    bounce    unix  -       -       y       -       0       bounce
    defer     unix  -       -       y       -       0       bounce
    trace     unix  -       -       n       -       0       bounce
    verify    unix  -       -       n       -       1       verify
    flush     unix  n       -       n       1000?   0       flush
    proxymap  unix  -       -       n       -       -       proxymap
    smtp      unix  -       -       n       -       -       smtp
    # When relaying mail as backup MX, disable fallback_relay to avoid MX loops
    relay     unix  -       -       n       -       -       smtp
       -o fallback_relay=
    #   -o smtp_helo_timeout=5 -o smtp_connect_timeout=5
    showq     unix  n       -       y       -       -       showq
    error     unix  -       -       y       -       -       error
    discard   unix  -       -       n       -       -       discard
    local     unix  -       n       n       -       -       local
    virtual   unix  -       n       n       -       -       virtual
    lmtp      unix  -       -       y       -       -       lmtp
    anvil     unix  -       -       n       -       1       anvil
    scache    unix  -       -       n       -       1       scache
    
    
    # Postfix to Amavisd
    amavis    unix  -       -       y       -       2       smtp
       -o smtp_data_done_timeout=1200
       -o smtp_send_xforward_command=yes
       -o disable_dns_lookups=yes
       -o max_use=20
    
    
    
    # Amavisd to postfix (mails re-injection)
    127.0.0.1:10025 inet  n -       y       -      -        smtpd
       -o content_filter=
       -o local_recipient_maps=
       -o relay_recipient_maps=
       -o smtpd_restriction_classes=
       -o smtpd_client_restrictions=
       -o smtpd_helo_restrictions=
       -o smtpd_sender_restrictions=
       -o smtpd_recipient_restrictions=permit_mynetworks,reject
       -o smtpd_data_restrictions=reject_unauth_pipelining
       -o smtpd_end_of_data_restrictions=
       -o mynetworks=127.0.0.0/8
       -o strict_rfc821_envelopes=yes
       -o smtpd_error_sleep_time=0
       -o smtpd_soft_error_limit=1001
       -o smtpd_hard_error_limit=1000
       -o smtpd_client_connection_count_limit=0
       -o smtpd_client_connection_rate_limit=0
       -o receive_override_options=no_address_mappings,no_header_body_checks,no_unknown_recipient_checks
       -o local_header_rewrite_clients=
    
    # Amavisd  - Notification only (to avoid no_address_mapping)
    127.0.0.1:10029 inet n  -       y       -       -  smtpd
       -o content_filter=
       -o smtpd_delay_reject=no
       -o local_recipient_maps=
       -o relay_recipient_maps=
       -o smtpd_restriction_classes=
       -o smtpd_client_restrictions=
       -o smtpd_helo_restrictions=
       -o smtpd_sender_restrictions=
       -o smtpd_recipient_restrictions=permit_mynetworks,reject
       -o smtpd_data_restrictions=reject_unauth_pipelining
       -o smtpd_end_of_data_restrictions=
       -o mynetworks=127.0.0.0/8
       -o strict_rfc821_envelopes=yes
       -o smtpd_error_sleep_time=0
       -o smtpd_soft_error_limit=1001
       -o smtpd_hard_error_limit=1000
       -o smtpd_client_connection_count_limit=0
       -o smtpd_client_connection_rate_limit=0
       -o receive_override_options=no_header_body_checks,no_unknown_recipient_checks
       -o local_header_rewrite_clients=
    
    
    #
    # ispCP auto responder service
    #
    
    ispcp-arpl unix  -      n       n       -       -       pipe
      flags=O user=vmail argv=/srv/www/ispcp/engine/messenger/ispcp-arpl-msgr
    
    
    #
    maildrop  unix  -       n       n       -       -       pipe
      flags=DRhu user=vmail argv=/usr/local/bin/maildrop -d ${recipient}
    cyrus     unix  -       n       n       -       -       pipe
      user=cyrus argv=/usr/lib/cyrus/bin/deliver -e -r ${sender} -m ${extension} ${user}
    uucp      unix  -       n       n       -       -       pipe
      flags=Fqhu user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail ($recipient)
    ifmail    unix  -       n       n       -       -       pipe
      flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient)
    bsmtp     unix  -       n       n       -       -       pipe
      flags=Fq. user=foo argv=/usr/local/sbin/bsmtp -f $sender $nexthop $recipient
    procmail  unix  -       n       n       -       -       pipe
      flags=R user=nobody argv=/usr/bin/procmail -t -m /etc/procmailrc ${sender} ${recipient}
    retry     unix  -       -       n       -       -       error
    proxywrite unix -       -       n       -       1       proxymap
    
    ###eingefuegt
    
    ####
    ## Submissionsport
    587      inet  n       -       n       -       -       smtpd -o smtpd_client_res  trictions=permit_sasl_authenticated,reject_unauth_destination
    #smtp      inet  n       -       n       -       1       postscreen
    #smtpd     pass  -       -       n       -       -       smtpd
    #dnsblog   unix  -       -       n       -       0       dnsblog
    #tlsproxy  unix  -       -       n       -       0       tlsproxy
    and the main.cf

    Code:
    # Postfix directory settings; These are critical for normal Postfix MTA function
    allity
    command_directory            = /usr/sbin
    daemon_directory             = /usr/lib/postfix
    
    # Some common configuration parameters
    inet_interfaces              = all
    mynetworks_style             = subnet
    proxy_interfaces             = 87.98.243.120
    
    # myhostname                   = ispcp.xxxxxxxx.de
    # mydomain                     = ispcp.xxxxxxxx.de.local
    
    myhostname                   = mail.xxxxxxxx.de
    mydomain                     = xxxxxxxx.de
    myorigin                     = $myhostname
    mynetworks                   = 127.0.0.1 127.0.0.2 10.10.31.0/24
    smtpd_banner                 = $myhostname ESMTP
    setgid_group                 = maildrop
    
    # Receiving messages parameters
    mydestination                = localhost, mail.xxxxxxxx.de
    append_dot_mydomain          = no
    append_at_myorigin           = yes
    local_transport              = local
    virtual_transport            = virtual
    transport_maps               = hash:/etc/postfix/ispcp/transport
    alias_maps                   = hash:/etc/aliases
    alias_database               = hash:/etc/aliases
    
    # Delivering local messages parameters
    mail_spool_directory         = /var/spool/mail
    
    # Mailboxquota
    # => 0 for unlimited
    # => 104857600 for 100 MB
    mailbox_size_limit           = 0
    mailbox_command              = procmail -a "$EXTENSION"
    
    # Message size limit
    # => 0 for unlimited
    # => 104857600 for 100 MB
    message_size_limit           = 0
    
    biff                         = no
    recipient_delimiter          = +
    
    local_destination_recipient_limit = 1
    local_recipient_maps         = unix:passwd.byname $alias_database
    
    # ispCP Autoresponder parameters
    ispcp-arpl_destination_recipient_limit = 1
    
    # Delivering virtual messages parameters
    virtual_mailbox_base         = /var/spool/mail/virtual
    virtual_mailbox_limit        = 0
    
    virtual_mailbox_domains      = hash:/etc/postfix/ispcp/domains
    virtual_mailbox_maps         = hash:/etc/postfix/ispcp/mailboxes
    
    virtual_alias_maps           = hash:/etc/postfix/ispcp/aliases
    
    virtual_minimum_uid          = 500
    virtual_uid_maps             = static:1001
    virtual_gid_maps             = static:12
    
    # SASL paramters
    smtpd_sasl_auth_enable       = yes
    smtpd_sasl_security_options  = noanonymous
    smtpd_sasl_local_domain      = ''
    #$myhostname
    smtpd_sasl_path              = smtpd
    
    broken_sasl_auth_clients     = yes
    
    
    
    smtpd_helo_required          = yes
    
    smtpd_helo_restrictions      = permit_mynetworks,
                                   permit_sasl_authenticated,
                                   reject_invalid_helo_hostname,
                                   reject_non_fqdn_helo_hostname
    smtpd_sender_restrictions    = reject_non_fqdn_sender,
                                 #  reject_unknown_sender_domain,
                                   permit_mynetworks,
                                   permit_sasl_authenticated
    
    smtpd_recipient_restrictions = reject_non_fqdn_recipient,
                                   reject_unknown_recipient_domain,
                                   permit_mynetworks,
                                   permit_sasl_authenticated,
                                   reject_unauth_destination,
                                   reject_unlisted_recipient,
    ## policy-weight
    
    ## Greylisting
                                   check_policy_service inet:127.0.0.1:10023,
                                   permit
    
    smtpd_data_restrictions      = reject_multi_recipient_bounce,
                                   reject_unauth_pipelining
    
    
    # AMaViS parameters; activate, if available/used
    content_filter               = amavis:[127.0.0.1]:10024
    what can i do?
    thanks for a hint.
    regards
    klaus

  2. #2

    Default AW: openSuSE11.4 Postfix sasl PAM problem

    Sorry , a mistake on the subject, it's NOT a PAM Problem
    Only postfix via auxprop sasldb plugin.
    (i don't know how to change the subject)
    regards

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •