SASL i autentifikacija? [sređeno]
Kategorije Mreže i bezbednost Teme
 
z10n (933) #5124
29. jun 06. 11:17
Poludeh, al' ajde polako da objasnim o čemu se radi: Hoću da dozvolim da moji korisnici mail servera mogu da pošalju mail sa interneta, naravno neću open relay već samo klasičnu SMTP+TLS autentifikaciju i ne polazi mi za rukom, ne znam gde grešim!? Za početak znam da mogu ovo da izvedem na nekoliko načina, odnosno da ima nekoliko načina za proveru (auxprop, saslauthd, authdaemon...) i pošto sam već namestio authdaemond i to sa webmailom radi vrlo dobro, odlučio sam da za SASL iskoristim isto njega.
Evo konfiguracije. 

log_level: 3
pwcheck_method: authdaemond
authdaemond_path: /var/lib/courier/authdaemon/socket
mech_list: PLAIN LOGIN

# plaintext - passwords are stored in plaintext format - this is default
# crypt - passwords are stored as modular crypt hashes (md5 or blowfish crypt)
# crypt_trad - passwords are stored as des crypt hashes (2 character salt crypt)
password_format: crypt


emerge -vp cyrus-sasl

These are the packages that would be merged, in order:

Calculating dependencies... done!
[ebuild   R   ] dev-libs/cyrus-sasl-2.1.21-r2  USE="authdaemond berkdb crypt mysql ssl -gdbm -java -kerberos -ldap -ntlm_unsupported_patch -pam -postgres -sample -srp -urandom" 0 kB


i kad probam da pošaljem mail dobijem ovo:


Jun 29 11:09:47 src@kerber postfix/smtpd[1825]: connect from dhcp-87-116-185-106.ataman-bg.customer.sbb.co.yu[87.116.185.106]
Jun 29 11:09:48 src@kerber postfix/smtpd[1825]: warning: dhcp-87-116-185-106.ataman-bg.customer.sbb.co.yu[87.116.185.106]: SASL LOGIN authentication failed
Jun 29 11:09:48 src@kerber postfix/smtpd[1825]: lost connection after AUTH from dhcp-87-116-185-106.ataman-bg.customer.sbb.co.yu[87.116.185.106]
Jun 29 11:09:48 src@kerber postfix/smtpd[1825]: disconnect from dhcp-87-116-185-106.ataman-bg.customer.sbb.co.yu[87.116.185.106]
Jun 29 11:09:49 src@kerber postfix/smtpd[1816]: connect from dhcp-87-116-185-106.ataman-bg.customer.sbb.co.yu[87.116.185.106]
Jun 29 11:09:50 src@kerber postfix/smtpd[1816]: warning: dhcp-87-116-185-106.ataman-bg.customer.sbb.co.yu[87.116.185.106]: SASL LOGIN authentication failed
Jun 29 11:09:50 src@kerber postfix/smtpd[1816]: lost connection after AUTH from dhcp-87-116-185-106.ataman-bg.customer.sbb.co.yu[87.116.185.106]
Jun 29 11:09:50 src@kerber postfix/smtpd[1816]: disconnect from dhcp-87-116-185-106.ataman-bg.customer.sbb.co.yu[87.116.185.106]
Jun 29 11:09:52 src@kerber authdaemond: Authenticated: sysusername=, sysuserid=207, sysgroupid=207, homedir=/usr/local/mail/virtual, address=ivans@domain.tld
Jun 29 11:09:52 src@kerber authdaemond: Authenticated: clearpasswd=xxxxxxx, passwd=$1$4d1bab89$yrI038thj37wt5rR961Jb/


Iz ovog poslednjeg zaključujem da je pogođen authdaemond socket, ali korisnik nije autentifikovan i naravno mail nije poslat ?!?


Jun 29 11:09:48 src@kerber postfix/smtpd[1825]: sql plugin could not connect to host localhost
Jun 29 11:09:48 src@kerber postfix/smtpd[1825]: sql plugin couldn't connect to any host
Jun 29 11:09:48 src@kerber postfix/smtpd[1825]: sql plugin could not connect to host localhost
Jun 29 11:09:48 src@kerber postfix/smtpd[1825]: sql plugin couldn't connect to any host
Jun 29 11:09:48 src@kerber postfix/smtpd[1825]: sql plugin could not connect to host localhost
Jun 29 11:09:48 src@kerber postfix/smtpd[1825]: sql plugin couldn't connect to any host
Jun 29 11:09:48 src@kerber postfix/smtpd[1825]: sql plugin could not connect to host localhost
Jun 29 11:09:48 src@kerber postfix/smtpd[1825]: sql plugin couldn't connect to any host
Jun 29 11:09:50 src@kerber postfix/smtpd[1816]: sql plugin could not connect to host localhost
Jun 29 11:09:50 src@kerber postfix/smtpd[1816]: sql plugin couldn't connect to any host
Jun 29 11:09:50 src@kerber postfix/smtpd[1816]: sql plugin could not connect to host localhost
Jun 29 11:09:50 src@kerber postfix/smtpd[1816]: sql plugin couldn't connect to any host
Jun 29 11:09:50 src@kerber postfix/smtpd[1816]: sql plugin could not connect to host localhost
Jun 29 11:09:50 src@kerber postfix/smtpd[1816]: sql plugin couldn't connect to any host
Jun 29 11:09:50 src@kerber postfix/smtpd[1816]: sql plugin could not connect to host localhost
Jun 29 11:09:50 src@kerber postfix/smtpd[1816]: sql plugin couldn't connect to any host


Ovo ne razumem, jer authdaemond se uspešno kači na mysql bazu i čita iz postfix baze korisnike, za webamail kažem nisam imao problema....

Probao sam i preko auxprop-a i sql plugina, ali nije mi ni to radilo, zato sam hteo authdaemond jer sam njega već lepo namestio i radi...

Ima li neko ideju/predlog ?

Pozdrav

Postfix 
z10n (933) #5126
29. jun 06. 13:56
E, evo imam neke nove rezultate, sad mi smtpd.conf izgleda ovako

log_level: 3

pwcheck_method: authdaemond
authdaemond_path: /var/lib/courier/authdaemon/socket

# plaintext - passwords are stored in plaintext format - this is default
# crypt - passwords are stored as modular crypt hashes (md5 or blowfish crypt)
# crypt_trad - passwords are stored as des crypt hashes (2 character salt crypt)
password_format: crypt

mech_list: PLAIN LOGIN
sql_engine: mysql
sql_hostnames: localhost:3306
sql_user: postfix
sql_passwd: xxxxx
sql_database: postfix
sql_select: SELECT password FROM mailbox WHERE username = '%u@%r' AND active = '1' LIMIT 1
sql_update: UPDATE mailbox SET password = '%v' WHERE username = '%u@%r' AND active = '1' LIMIT 1
sql_usessl: no


i u auth.logu nam vise errora, ali zato mail.log izgleda ovako

Jun 29 13:49:10 src@kerber postfix/smtpd[6525]: connect from dhcp-87-116-185-106.ataman-bg.customer.sbb.co.yu[87.116.185.106]
Jun 29 13:49:11 src@kerber authdaemond: Authenticated: sysusername=, sysuserid=207, sysgroupid=207, homedir=/usr/local/mail/virtual, address=ivans@domain.tld, fullname=Ivan, maildir=ivans@domain.tld/, quota=0, options=
Jun 29 13:49:11 src@kerber authdaemond: Authenticated: clearpasswd=zazxzx, passwd=$1$4d1jhab89$y8I038t6j37wz5rR961Jb/
Jun 29 13:49:11 src@kerber postfix/smtpd[6525]: NOQUEUE: reject: RCPT from dhcp-87-116-185-106.ataman-bg.customer.sbb.co.yu[87.116.185.106]: 554 : Relay access denied; from= to= proto=ESMTP helo=
Jun 29 13:49:11 src@kerber postfix/smtpd[6525]: disconnect from dhcp-87-116-185-106.ataman-bg.customer.sbb.co.yu[87.116.185.106]
Jun 29 13:49:12 src@kerber authdaemond: Authenticated: sysusername=, sysuserid=207, sysgroupid=207, homedir=/usr/local/mail/virtual, address=ivans@domain.tld, fullname=Ivan, maildir=ivans@domain.tld/, quota=0, options=
Jun 29 13:49:12 src@kerber authdaemond: Authenticated: clearpasswd=xzxzxzx, passwd=$1$4d1jhab89$y8I038t6j37wz5rR961Jb/


Ulogovan sam ali imam Relay access denied!

OMG! zasta da se hvatam sad?

z10n (933) #5127
29. jun 06. 14:32
Evo i to je gotovo :) Dodao sam još i ovo u main.cf

smtpd_sender_restrictions                               = permit_mynetworks,
                                                          permit_sasl_authenticated,
                                                          permit_tls_clientcerts,
                                                          reject_unauth_destination


i sad sve prolazi !

:biglol:

Pozdrav

Na teme mogu odgovarati samo članovi. Morate biti prijavljeni ili se registrovati.