Трабла postfix+sasl и авторизация по smtp
Итак, версия postfix 2.2.11
sasl cyrus-sasl-2.1.22
sasl собран
./configure --enable-login
postfix собран с поддержкой sasl
Исходные данные
su-2.05b# ldd /usr/sbin/postfix
/usr/sbin/postfix:
libsasl2.so.2 => /usr/local/lib/libsasl2.so.2 (0x28072000)
libc.so.4 => /usr/lib/libc.so.4 (0x28087000)
su-2.05b#
файл БД
su-2.05b# l /etc/sasldb2.db
-rw-rw-r-- 1 root postfix 16384 22 ноя 23:41 /etc/sasldb2.db
su-2.05b#
less /usr/lib/sasl2/smtpd.conf
# This sets smtpd to authenticate using the saslauthd daemon.
pwcheck_method: saslauthd
#pwcheck_method: auxprop
# This allows only plain, login, cram-md5 and digest-md5 as the authentication mechanisms.
mech_list: plain login cram-md5 digest-md5
less /etc/postfix/mail.cf
command_directory = /usr/local/sbin
daemon_directory = /usr/local/libexec/postfix
mail_owner = postfix
default_privs = nobody
myhostname = mail.wad.spb.ru
mydomain = wad.spb.ru
mynetworks = 192.168.1.0/24, 127.0.0.0/8
relayhost = smtp.rol.ru
myorigin = $mydomain
inet_interfaces = all
mydestination = $myhostname, localhost.$mydomain, $mydomain, /etc/postfix/mydestination, mail.wad.spb.ru
default_transport = smtp
alias_database = hash:/etc/aliases
mailbox_command = /usr/local/bin/procmail
enable_sasl_authentication = yes
smtpd_sasl_auth_enable = yes
smtpd_helo_required = yes
smtpd_sasl_local_domain = $myhostname
smtp_sasl_security_options = noanonymous
#smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd
broken_sasl_auth_clients = yes
smtpd_etrn_restrictions = permit_mynetworks,reject
smtpd_helo_restrictions = permit_mynetworks, reject_invalid_hostname, reject_non_fqdn_hostname, reject_unknown
_hostname
header_checks = regexp:/etc/postfix/header_checks
body_checks = regexp:/etc/postfix/body_checks
#home_mailbox = Maildir/
smtpd_banner = $myhostname ESMTP READY! NOT FOR CRACKERS CONNECT!
disable_vrfy_command = yes
smtpd_client_restrictions = permit_sasl_authenticated, reject_unknown_client, reject_rbl_client, permit_mynetw
orks, regexp:/etc/postfix/brj_checks,
reject_rbl_client blackholes.mail-abuse.org,
reject_rbl_client dialups.mail-abuse.org,
reject_rbl_client relays.ordb.org,
reject_rbl_client dul.ru,
reject_rbl_client opm.blitzed.org,
reject_rbl_client list.dsbl.org,
reject_rbl_client sbl.spamhaus.org,
reject_rbl_client cbl.abuseat.org,
reject_rbl_client dul.dnsbl.sorbs.net,
reject_rbl_client dnsbl.njabl.org,
reject_rbl_client dynablock.njabl.org,
reject_rbl_client combined.njabl.org,
permit_mynetworks,
reject_unknown_client,
permit
smtpd_sender_restrictions = permit_sasl_authenticated, permit_mynetworks, reject_unknown_sender_domain, reject
_unknown_address, reject_non_fqdn_sender, reject_invalid_hostname, check_sender_access hash:/etc/postfix/sende
r_access, warn_if_reject, reject_unverified_sender
smtpd_recipient_restrictions = permit_sasl_authenticated, permit_mynetworks, permit_auth_destination, reject_u
nauth_destination, reject_non_fqdn_sender, reject_unknown_sender_domain, check_relay_domains, reject_unknown_c
lient, reject_unknown_recipient_domain, reject_unverified_recipient, reject_maps_rbl
smtpd_data_restrictions = reject_unauth_pipelining
strict_rfc821_envelopes = yes
maps_rbl_client = relays.ordb.org, rbl.ukr.net, bl.spamcop.net, sbl.spamhaus.org, spam.dnsrbl.net, dun.dnsrbl
.net
maps_rbl_reject_code = 550
in_flow_delay = 1s
bounce_queue_lifetime = 2h
#maximal_queue_lifetime = 5h
content_filter = scan:127.0.0.1:10025
receive_override_options = no_address_mappings
local_destination_concurrency_limit = 2
default_destination_concurrency_limit = 5
debug_peer_level = 2
debugger_command =
PATH=/usr/bin:/usr/X11R6/bin
xxgdb $daemon_directory/$process_name $process_id & sleep 5
readme_directory = no
sample_directory = /usr/local/etc/postfix
sendmail_path = /usr/local/sbin/sendmail
setgid_group = maildrop
manpage_directory = /usr/local/man
newaliases_path = /usr/local/bin/newaliases
mailq_path = /usr/local/bin/mailq
queue_directory = /var/spool/postfix
unknown_local_recipient_reject_code = 450
virtual_alias_maps = hash:/etc/postfix/virtual
html_directory = no
далее......
su-2.05b# ps ax|grep sasl
90866 ?? Is 0:00,01 /usr/local/sbin/saslauthd -a pam
90867 ?? I 0:00,00 /usr/local/sbin/saslauthd -a pam
90868 ?? I 0:00,00 /usr/local/sbin/saslauthd -a pam
90869 ?? I 0:00,00 /usr/local/sbin/saslauthd -a pam
90870 ?? I 0:00,00 /usr/local/sbin/saslauthd -a pam
91059 p1 S+ 0:00,01 grep sasl
su-2.05b#
пользователь wadim@wad.spb.ru добавлен
su-2.05b# saslpasswd2 -c -u wad.spb.ru -a smtpd wadim
Password:
Again (for verification):
su-2.05b#
после чего при попытке отправить письмо
Nov 22 23:58:41 wad postfix/smtpd[91240]: connect from monkey.valuehost.ru[217.112.34.254]
Nov 22 23:58:41 wad postfix/smtpd[91240]: warning: SASL authentication failure: cannot connect to saslauthd se
rver: Permission denied
Nov 22 23:58:41 wad postfix/smtpd[91240]: warning: SASL authentication failure: Password verification failed
Nov 22 23:58:41 wad postfix/smtpd[91240]: warning: monkey.valuehost.ru[217.112.34.254]: SASL PLAIN authenticat
ion failed
Nov 22 23:58:41 wad postfix/smtpd[91240]: lost connection after AUTH from monkey.valuehost.ru[217.112.34.254]
Nov 22 23:58:41 wad postfix/smtpd[91240]: disconnect from monkey.valuehost.ru[217.112.34.254]
настройки проги
учётное имя wadim@wad.spb.ru
pass такой же как и тут
su-2.05b# saslpasswd2 -c -u wad.spb.ru -a smtpd wadim
Password:
Again (for verification):
У кого какие мысли? Какого хрена не работает?
Вариант для распечатки
OpenNET: Виртуальная конференция (Public)
(??) on 23-Ноя-06, 00:07 
