SASL i autentifikacija? [sređeno]

Forum index ›› Mreže i bezbednost › SASL i autentifikacija? [sređeno]

AUTOR

PORUKA

z10n

Site Admin
Učlanjen: 27 Oct 04
Lokacija: privileged mode
Poruke: 913

profil¬ poruka¬

Oglašeno: 29 Jun 06 11:17 Izmenio: z10n

Poludeh, al' ajde polako da objasnim o čemu se radi: Hoću da dozvolim da moji korisnici mail servera mogu da pošalju mail sa interneta, naravno neću open relay već samo klasičnu SMTP+TLS autentifikaciju i ne polazi mi za rukom, ne znam gde grešim!? Za početak znam da mogu ovo da izvedem na nekoliko načina, odnosno da ima nekoliko načina za proveru (auxprop, saslauthd, authdaemon...) i pošto sam već namestio authdaemond i to sa webmailom radi vrlo dobro, odlučio sam da za SASL iskoristim isto njega.
Evo konfiguracije.

Kod: /etc/sasl2/smtp.conf

log_level: 3
pwcheck_method: authdaemond
authdaemond_path: /var/lib/courier/authdaemon/socket
mech_list: PLAIN LOGIN

# plaintext - passwords are stored in plaintext format - this is default
# crypt - passwords are stored as modular crypt hashes (md5 or blowfish crypt)
# crypt_trad - passwords are stored as des crypt hashes (2 character salt crypt)
password_format: crypt

Kod: verzija cyrus-sasl-a

emerge -vp cyrus-sasl

These are the packages that would be merged, in order:

Calculating dependencies... done!
[ebuild R ] dev-libs/cyrus-sasl-2.1.21-r2 USE="authdaemond berkdb crypt mysql ssl -gdbm -java -kerberos -ldap -ntlm_unsupported_patch -pam -postgres -sample -srp -urandom" 0 kB

i kad probam da pošaljem mail dobijem ovo:

Kod: /var/log/syslog-ng/mail.log

Jun 29 11:09:47 src@kerber postfix/smtpd[1825]: connect from dhcp-87-116-185-106.ataman-bg.customer.sbb.co.yu[87.116.185.106]
Jun 29 11:09:48 src@kerber postfix/smtpd[1825]: warning: dhcp-87-116-185-106.ataman-bg.customer.sbb.co.yu[87.116.185.106]: SASL LOGIN authentication failed
Jun 29 11:09:48 src@kerber postfix/smtpd[1825]: lost connection after AUTH from dhcp-87-116-185-106.ataman-bg.customer.sbb.co.yu[87.116.185.106]
Jun 29 11:09:48 src@kerber postfix/smtpd[1825]: disconnect from dhcp-87-116-185-106.ataman-bg.customer.sbb.co.yu[87.116.185.106]
Jun 29 11:09:49 src@kerber postfix/smtpd[1816]: connect from dhcp-87-116-185-106.ataman-bg.customer.sbb.co.yu[87.116.185.106]
Jun 29 11:09:50 src@kerber postfix/smtpd[1816]: warning: dhcp-87-116-185-106.ataman-bg.customer.sbb.co.yu[87.116.185.106]: SASL LOGIN authentication failed
Jun 29 11:09:50 src@kerber postfix/smtpd[1816]: lost connection after AUTH from dhcp-87-116-185-106.ataman-bg.customer.sbb.co.yu[87.116.185.106]
Jun 29 11:09:50 src@kerber postfix/smtpd[1816]: disconnect from dhcp-87-116-185-106.ataman-bg.customer.sbb.co.yu[87.116.185.106]
Jun 29 11:09:52 src@kerber authdaemond: Authenticated: sysusername=<null>, sysuserid=207, sysgroupid=207, homedir=/usr/local/mail/virtual, address=ivans@domain.tld
Jun 29 11:09:52 src@kerber authdaemond: Authenticated: clearpasswd=xxxxxxx, passwd=$1$4d1bab89$yrI038thj37wt5rR961Jb/

Iz ovog poslednjeg zaključujem da je pogođen authdaemond socket, ali korisnik nije autentifikovan i naravno mail nije poslat ?!?

Kod: /var/log/syslog-ng/auth.log

Jun 29 11:09:48 src@kerber postfix/smtpd[1825]: sql plugin could not connect to host localhost
Jun 29 11:09:48 src@kerber postfix/smtpd[1825]: sql plugin couldn't connect to any host
Jun 29 11:09:48 src@kerber postfix/smtpd[1825]: sql plugin could not connect to host localhost
Jun 29 11:09:48 src@kerber postfix/smtpd[1825]: sql plugin couldn't connect to any host
Jun 29 11:09:48 src@kerber postfix/smtpd[1825]: sql plugin could not connect to host localhost
Jun 29 11:09:48 src@kerber postfix/smtpd[1825]: sql plugin couldn't connect to any host
Jun 29 11:09:48 src@kerber postfix/smtpd[1825]: sql plugin could not connect to host localhost
Jun 29 11:09:48 src@kerber postfix/smtpd[1825]: sql plugin couldn't connect to any host
Jun 29 11:09:50 src@kerber postfix/smtpd[1816]: sql plugin could not connect to host localhost
Jun 29 11:09:50 src@kerber postfix/smtpd[1816]: sql plugin couldn't connect to any host
Jun 29 11:09:50 src@kerber postfix/smtpd[1816]: sql plugin could not connect to host localhost
Jun 29 11:09:50 src@kerber postfix/smtpd[1816]: sql plugin couldn't connect to any host
Jun 29 11:09:50 src@kerber postfix/smtpd[1816]: sql plugin could not connect to host localhost
Jun 29 11:09:50 src@kerber postfix/smtpd[1816]: sql plugin couldn't connect to any host
Jun 29 11:09:50 src@kerber postfix/smtpd[1816]: sql plugin could not connect to host localhost
Jun 29 11:09:50 src@kerber postfix/smtpd[1816]: sql plugin couldn't connect to any host

Ovo ne razumem, jer authdaemond se uspešno kači na mysql bazu i čita iz postfix baze korisnike, za webamail kažem nisam imao problema....

Probao sam i preko auxprop-a i sql plugina, ali nije mi ni to radilo, zato sam hteo authdaemond jer sam njega već lepo namestio i radi...

Ima li neko ideju/predlog ?

Pozdrav

z10n

Site Admin
Učlanjen: 27 Oct 04
Lokacija: privileged mode
Poruke: 913

profil¬ poruka¬

→ RE: SASL i autentifikacija? [sređeno] Oglašeno: 29 Jun 06 13:56

E, evo imam neke nove rezultate, sad mi smtpd.conf izgleda ovako

Kod: /etc/sasl2/smtpd.conf

log_level: 3

pwcheck_method: authdaemond
authdaemond_path: /var/lib/courier/authdaemon/socket

# plaintext - passwords are stored in plaintext format - this is default
# crypt - passwords are stored as modular crypt hashes (md5 or blowfish crypt)
# crypt_trad - passwords are stored as des crypt hashes (2 character salt crypt)
password_format: crypt

mech_list: PLAIN LOGIN
sql_engine: mysql
sql_hostnames: localhost:3306
sql_user: postfix
sql_passwd: xxxxx
sql_database: postfix
sql_select: SELECT password FROM mailbox WHERE username = '%u@%r' AND active = '1' LIMIT 1
sql_update: UPDATE mailbox SET password = '%v' WHERE username = '%u@%r' AND active = '1' LIMIT 1
sql_usessl: no

i u auth.logu nam vise errora, ali zato mail.log izgleda ovako

Kod: mail.log

Jun 29 13:49:10 src@kerber postfix/smtpd[6525]: connect from dhcp-87-116-185-106.ataman-bg.customer.sbb.co.yu[87.116.185.106]
Jun 29 13:49:11 src@kerber authdaemond: Authenticated: sysusername=<null>, sysuserid=207, sysgroupid=207, homedir=/usr/local/mail/virtual, address=ivans@domain.tld, fullname=Ivan, maildir=ivans@domain.tld/, quota=0, options=<null>
Jun 29 13:49:11 src@kerber authdaemond: Authenticated: clearpasswd=zazxzx, passwd=$1$4d1jhab89$y8I038t6j37wz5rR961Jb/
Jun 29 13:49:11 src@kerber postfix/smtpd[6525]: NOQUEUE: reject: RCPT from dhcp-87-116-185-106.ataman-bg.customer.sbb.co.yu[87.116.185.106]: 554 <genzion[at]gmail.com>: Relay access denied; from=<ivans@itm.co.yu> to=<genzion@gmail.com> proto=ESMTP helo=<piii>
Jun 29 13:49:11 src@kerber postfix/smtpd[6525]: disconnect from dhcp-87-116-185-106.ataman-bg.customer.sbb.co.yu[87.116.185.106]
Jun 29 13:49:12 src@kerber authdaemond: Authenticated: sysusername=<null>, sysuserid=207, sysgroupid=207, homedir=/usr/local/mail/virtual, address=ivans@domain.tld, fullname=Ivan, maildir=ivans@domain.tld/, quota=0, options=<null>
Jun 29 13:49:12 src@kerber authdaemond: Authenticated: clearpasswd=xzxzxzx, passwd=$1$4d1jhab89$y8I038t6j37wz5rR961Jb/

Ulogovan sam ali imam Relay access denied!

OMG! zasta da se hvatam sad?

z10n

Site Admin
Učlanjen: 27 Oct 04
Lokacija: privileged mode
Poruke: 913

profil¬ poruka¬

→ RE: SASL i autentifikacija? [sređeno] Oglašeno: 29 Jun 06 14:32

Evo i to je gotovo :) Dodao sam još i ovo u main.cf

Kod: /etc/postfix/main.cf

smtpd_sender_restrictions = permit_mynetworks,
permit_sasl_authenticated,
permit_tls_clientcerts,
reject_unauth_destination

i sad sve prolazi !

smile

Pozdrav

WWW.GENTOO-SRBIJA.ORG	HOME FORUMFAQ WIKI DOKUMENTACIJA
Serving freedom and socialism since 1985.	Četvrtak, 20 Novembar/2008

zapamti me

z10n

z10n

z10n