Falha de autenticação do SMTP de Postfix + saslauthd

1

Eu tento implementar a autenticação SMTP com postfix e saslauthd on Ubuntu .

Meu IP é W.X.Y.Z e meu IP do VPS é W'.X'.Y'.Z' .
Meu usuário é JohnDoe e meu nome de host é server .

Não funciona, aqui está o arquivo de log /var/mail/log . Quando tento autenticar usando meu aplicativo Mail:

Sep 12 08:36:12 server postfix/smtpd[2384]: connect from Z.Y.X.W.rev.sfr.net[W.X.Y.Z]
Sep 12 08:36:13 server dovecot: imap-login: Login: user=<JohnDoe>, method=PLAIN, rip=W.X.Y.Z, lip=W'.X'.Y'.Z', mpid=2392, TLS, session=<FvDmE4wfQwBUZ2XK>
Sep 12 08:36:13 server postfix/smtpd[2384]: warning: SASL authentication failure: unable to canonify user and get auxprops
Sep 12 08:36:13 server postfix/smtpd[2384]: warning: Z.Y.X.W.rev.sfr.net[W.X.Y.Z]: SASL DIGEST-MD5 authentication failed: authentication failure
Sep 12 08:36:13 server dovecot: imap(JohnDoe): Disconnected: Logged out in=30 out=456
Sep 12 08:36:13 server postfix/smtpd[2384]: disconnect from Z.Y.X.W.rev.sfr.net[W.X.Y.Z]
Sep 12 08:36:13 server postfix/smtpd[2384]: connect from Z.Y.X.W.rev.sfr.net[W.X.Y.Z]
Sep 12 08:36:14 server postfix/smtpd[2384]: warning: SASL authentication failure: unable to canonify user and get auxprops
Sep 12 08:36:14 server postfix/smtpd[2384]: warning: Z.Y.X.W.rev.sfr.net[W.X.Y.Z]: SASL DIGEST-MD5 authentication failed: authentication failure
Sep 12 08:36:14 server postfix/smtpd[2384]: disconnect from Z.Y.X.W.rev.sfr.net[W.X.Y.Z]
Sep 12 08:36:15 server postfix/smtpd[2384]: connect from Z.Y.X.W.rev.sfr.net[W.X.Y.Z]
Sep 12 08:36:16 server postfix/smtpd[2384]: warning: Z.Y.X.W.rev.sfr.net[W.X.Y.Z]: SASL CRAM-MD5 authentication failed: authentication failure
Sep 12 08:36:16 server postfix/smtpd[2384]: disconnect from Z.Y.X.W.rev.sfr.net[W.X.Y.Z]
Sep 12 08:36:16 server postfix/smtpd[2384]: connect from Z.Y.X.W.rev.sfr.net[W.X.Y.Z]
Sep 12 08:36:17 server postfix/smtpd[2384]: warning: Z.Y.X.W.rev.sfr.net[W.X.Y.Z]: SASL CRAM-MD5 authentication failed: authentication failure
Sep 12 08:36:17 server postfix/smtpd[2384]: disconnect from Z.Y.X.W.rev.sfr.net[W.X.Y.Z]
Sep 12 08:36:17 server postfix/smtpd[2384]: connect from Z.Y.X.W.rev.sfr.net[W.X.Y.Z]
Sep 12 08:36:18 server postfix/smtpd[2384]: warning: Z.Y.X.W.rev.sfr.net[W.X.Y.Z]: SASL NTLM authentication failed: authentication failure
Sep 12 08:36:18 server postfix/smtpd[2384]: disconnect from Z.Y.X.W.rev.sfr.net[W.X.Y.Z]
Sep 12 08:36:18 server postfix/smtpd[2384]: connect from Z.Y.X.W.rev.sfr.net[W.X.Y.Z]
Sep 12 08:36:19 server postfix/smtpd[2384]: warning: Z.Y.X.W.rev.sfr.net[W.X.Y.Z]: SASL NTLM authentication failed: authentication failure
Sep 12 08:36:19 server postfix/smtpd[2384]: disconnect from Z.Y.X.W.rev.sfr.net[W.X.Y.Z]
Sep 12 08:36:20 server postfix/smtpd[2384]: connect from Z.Y.X.W.rev.sfr.net[W.X.Y.Z]
Sep 12 08:36:20 server postfix/smtpd[2384]: warning: SASL authentication failure: cannot connect to saslauthd server: No such file or directory
Sep 12 08:36:20 server postfix/smtpd[2384]: warning: SASL authentication failure: Password verification failed
Sep 12 08:36:20 server postfix/smtpd[2384]: warning: Z.Y.X.W.rev.sfr.net[W.X.Y.Z]: SASL PLAIN authentication failed: generic failure
Sep 12 08:36:21 server postfix/smtpd[2384]: disconnect from Z.Y.X.W.rev.sfr.net[W.X.Y.Z]
Sep 12 08:36:21 server postfix/smtpd[2384]: connect from Z.Y.X.W.rev.sfr.net[W.X.Y.Z]
Sep 12 08:36:22 server postfix/smtpd[2384]: warning: SASL authentication failure: cannot connect to saslauthd server: No such file or directory
Sep 12 08:36:22 server postfix/smtpd[2384]: warning: SASL authentication failure: Password verification failed
Sep 12 08:36:22 server postfix/smtpd[2384]: warning: Z.Y.X.W.rev.sfr.net[W.X.Y.Z]: SASL PLAIN authentication failed: generic failure
Sep 12 08:36:22 server postfix/smtpd[2384]: disconnect from Z.Y.X.W.rev.sfr.net[W.X.Y.Z]
Sep 12 08:36:22 server postfix/smtpd[2384]: connect from Z.Y.X.W.rev.sfr.net[W.X.Y.Z]
Sep 12 08:36:23 server postfix/smtpd[2384]: warning: SASL authentication failure: cannot connect to saslauthd server: No such file or directory
Sep 12 08:36:23 server postfix/smtpd[2384]: warning: Z.Y.X.W.rev.sfr.net[W.X.Y.Z]: SASL LOGIN authentication failed: generic failure
Sep 12 08:36:23 server postfix/smtpd[2384]: disconnect from Z.Y.X.W.rev.sfr.net[W.X.Y.Z]
Sep 12 08:36:23 server postfix/smtpd[2384]: connect from Z.Y.X.W.rev.sfr.net[W.X.Y.Z]
Sep 12 08:36:25 server postfix/smtpd[2384]: warning: SASL authentication failure: cannot connect to saslauthd server: No such file or directory
Sep 12 08:36:25 server postfix/smtpd[2384]: warning: Z.Y.X.W.rev.sfr.net[W.X.Y.Z]: SASL LOGIN authentication failed: generic failure
Sep 12 08:36:25 server postfix/smtpd[2384]: disconnect from Z.Y.X.W.rev.sfr.net[W.X.Y.Z]
Sep 12 08:36:25 server postfix/smtpd[2384]: connect from Z.Y.X.W.rev.sfr.net[W.X.Y.Z]

Se eu tentar usar telnet para autenticar manualmente:

MyComputer:~ JohnDoe$ telnet my.domain 587
Trying W'.X'.Y'.Z'...
Connected to my.domain.
Escape character is '^]'.
220 my.domain ESMTP Postfix (Ubuntu)
EHLO my.domain
250-server.my.domain
250-PIPELINING
250-SIZE 10240000
250-VRFY
250-ETRN
250-STARTTLS
250-AUTH DIGEST-MD5 NTLM CRAM-MD5 PLAIN LOGIN
250-AUTH=DIGEST-MD5 NTLM CRAM-MD5 PLAIN LOGIN
250-ENHANCEDSTATUSCODES
250-8BITMIME
250 DSN
AUTH PLAIN Sm9obkRvZQBKb2huRG9lAE15UGFzc3dvcmQ=
535 5.7.8 Error: authentication failed: generic failure
QUIT
221 2.0.0 Bye
Connection closed by foreign host.

Eu posso ver no log:

Sep 12 08:47:17 server postfix/smtpd[2384]: connect from Z.Y.X.W.rev.sfr.net[W.X.Y.Z]
Sep 12 08:47:24 server postfix/smtpd[2384]: warning: SASL authentication failure: cannot connect to saslauthd server: No such file or directory
Sep 12 08:47:24 server postfix/smtpd[2384]: warning: SASL authentication failure: Password verification failed
Sep 12 08:47:24 server postfix/smtpd[2384]: warning: Z.Y.X.W.rev.sfr.net[W.X.Y.Z]: SASL PLAIN authentication failed: generic failure
Sep 12 08:47:28 server postfix/smtpd[2384]: disconnect from Z.Y.X.W.rev.sfr.net[W.X.Y.Z]

Aqui está minha posftconf -n output:

alias_database = hash:/etc/aliases
alias_maps = hash:/etc/aliases
append_dot_mydomain = no
biff = no
broken_sasl_auth_clients = yes
config_directory = /etc/postfix
inet_interfaces = all
inet_protocols = all
mailbox_size_limit = 0
masquerade_domains = $mydomain
mydestination = $myhostname, $mydomain, localhost.$mydomain, localhost
mydomain = my.domain
myhostname = server.$mydomain
mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128
myorigin = /etc/mailname
readme_directory = no
recipient_delimiter = +
relayhost =
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
smtpd_banner = $mydomain ESMTP $mail_name (Ubuntu)
smtpd_recipient_restrictions = permit_sasl_authenticated, permit_mynetworks, reject_unauth_destination
smtpd_relay_restrictions = permit_sasl_authenticated, permit_mynetworks, defer_unauth_destination
smtpd_sasl_auth_enable = yes
smtpd_sasl_authenticated_header = no
smtpd_sasl_local_domain =
smtpd_sasl_security_options = noanonymous
smtpd_sasl_type = cyrus
smtpd_tls_cert_file = /etc/ssl/certs/ssl-cert-snakeoil.pem
smtpd_tls_key_file = /etc/ssl/private/ssl-cert-snakeoil.key
smtpd_tls_received_header = yes
smtpd_tls_security_level = may
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
smtpd_use_tls = yes
    
por Micky75 12.09.2015 / 14:52

1 resposta

2

Ok, tentei isso em um virt e o

Sep 12 08:36:20 server postfix/smtpd[2384]: warning: SASL authentication failure: cannot connect to saslauthd server: No such file or directory

a mensagem de log provavelmente indica que as etapas relacionadas chroot não foram realizadas, pois strace nos processos postfix/smtpd indica que o postfix está procurando por um nome de arquivo - unlogged, suspiro - de /var/run/saslauthd/mux e outros Depurando que o script init.d está fazendo chroot coisas relacionadas. Eu pude fazer o auth PLAIN no meu test virt depois de seguir estes passos:

rm -r /var/run/saslauthd/
mkdir -p /var/spool/postfix/var/run/saslauthd
ln -s /var/spool/postfix/var/run/saslauthd /var/run
chgrp sasl /var/spool/postfix/var/run/saslauthd
adduser postfix sasl

E, em seguida, reinicializar para garantir que os daemons envolvidos veriam a inclusão da associação do grupo. Caso contrário, eu anexaria um strace aos processos de postfix e verificaria todos os arquivos de log no sistema para ver se há alguma indicação sobre o que está acontecendo.

    
por 12.09.2015 / 16:47