From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <salavat@regiongarant.ru>
Date: Tue, 11 Jan 2005 17:06:32 +0300
From: Salavat Yarmukhametov <salavat@regiongarant.ru>
To: community@altlinux.ru
Message-ID: <20050111140632.GA27460@regiongarant.ru>
Mail-Followup-To: Salavat Yarmukhametov <salavat@regiongarant.ru>,
	community@altlinux.ru
Mime-Version: 1.0
Content-Type: text/plain; charset=koi8-r
Content-Disposition: inline
Content-Transfer-Encoding: 8bit
User-Agent: Mutt/1.4i
Subject: [Comm] postfix+sasl+cyrus
X-BeenThere: community@altlinux.ru
X-Mailman-Version: 2.1.5
Precedence: list
Reply-To: community@altlinux.ru
List-Id: Mailing list for ALT Linux users <community.altlinux.ru>
List-Unsubscribe: <https://lists.altlinux.ru/mailman/listinfo/community>,
	<mailto:community-request@altlinux.ru?subject=unsubscribe>
List-Archive: <http://lists.altlinux.ru/pipermail/community>
List-Post: <mailto:community@altlinux.ru>
List-Help: <mailto:community-request@altlinux.ru?subject=help>
List-Subscribe: <https://lists.altlinux.ru/mailman/listinfo/community>,
	<mailto:community-request@altlinux.ru?subject=subscribe>
X-List-Received-Date: Tue, 11 Jan 2005 14:06:36 -0000
Archived-At: <http://lore.altlinux.org/community/20050111140632.GA27460@regiongarant.ru/>
List-Archive: <http://lore.altlinux.org/community/>
List-Post: <mailto:mandrake-russian@linuxteam.iplabs.ru>

	Здраствуйте уважаемые, необходимо настроить smtp с авторизацией
для мобильных пользователей/филиалов конторы. Никак не выходит чаша :(
Помогите люди добрые!
M2.4+Updates
uname -a
Linux test.regiongarant.ru 2.4.26-std-smp-alt8 #1 SMP Wed Dec 15 21:27:21
MSK 2004 i686 unknown unknown GNU/Linux
postfix пересобранный из дедалуса.
[root@test postfix]# rpm -qa |grep postfix
postfix-control-1.2-alt1
postfix-2.0.20-alt2.1

/etc/postfix/main.cf
myhostname = test.regiongarant.ru
mydomain = regiongarant.ru
myorigin = $myhostname
inet_interfaces = all
mydestination = localhost, $myhostname, localhost.$mydomain, $config_directory/mydestination
unknown_local_recipient_reject_code = 550
mynetworks_style = subnet
mailbox_command = /usr/bin/procmail -a $DOMAIN -d $LOGNAME
mailbox_transport = lmtp:unix:/public/lmtp
smtpd_etrn_restrictions = permit_mynetworks, reject
smtpd_helo_required = yes
readme_directory = /etc/postfix/README_FILES
sample_directory = /etc/postfix/samples
sendmail_path = /usr/sbin/sendmail
setgid_group = postdrop
command_directory = /usr/sbin
manpage_directory = /usr/share/man
daemon_directory = /usr/lib/postfix
newaliases_path = /usr/bin/newaliases
mailq_path = /usr/bin/mailq
queue_directory = /var/spool/postfix
mail_owner = postfix
virtual_maps = hash:/etc/postfix/virtual
# SMTP Auth
smtpd_sasl_auth_enable = yes
smtpd_sasl_security_options = noanonymous
smtpd_sasl_tls_security_options = $smtpd_sasl_security_options
smtpd_tls_auth_only = no
smtpd_sasl_local_domain = $mydomain
smtp_sasl_auth_enable = yes
smtp_sasl_password_maps = hash:/etc/postfix/saslpass
#smtp_sasl_security_options = noplaintext
smtp_sasl_tls_security_options = $smtp_sasl_security_options
smtp_sasl_tls_verified_security_options = $smtp_sasl_tls_security_options
smtpd_recipient_restrictions = permit_sasl_authenticated, permit_mynetworks, check_relay_domains


/etc/postfix/master.cf

smtp    inet    n   -   -   -   -   smtpd
smtps inet n - n - - smtpd -o smtpd_tls_wrappermode=yes -o smtpd_sasl_auth_enable=yes
pickup  fifo    n   -   -   60  1   pickup
cleanup unix    n   -   -   -   0   cleanup
qmgr    fifo    n   -   -   300 1   qmgr
#qmgr   fifo    n   -   -   300 1   nqmgr
rewrite unix    -   -   -   -   -   trivial-rewrite
bounce  unix    -   -   -   -   0   bounce
defer   unix    -   -   -   -   0   bounce
flush   unix    n   -   -   1000?   0   flush
proxymap  unix  -       -       n       -       -       proxymap
smtp    unix    -   -   -   -   -   smtp
relay   unix    -   -   -   -   -   smtp
#       -o smtp_helo_timeout=5 -o smtp_connect_timeout=5
showq   unix    n   -   -   -   -   showq
error   unix    -   -   -   -   -   error
local     unix  -       n       n       -       -       local
virtual   unix  -       n       n       -       -       virtual
lmtp    unix    -   -   -   -   -   lmtp
cyrus     unix  -       n       n       -       -       pipe
 flags=R user=cyrus argv=/usr/lib/cyrus/bin/deliver -e -m ${extension} ${user}

/etc/sasl2/saslpasswd.conf
pwcheck_method: sasldb
mech_list: login plain
[root@test sasl2]# ls -l
total 20
-rw-r-----  1 root    root  2519 Jul 19 13:34 saslauthd.conf
-rw-r-----  1 postfix sasl 12288 Dec 30 15:29 sasldb2
-rw-r-----  1 root    root    46 Dec 30 10:14 saslpasswd.conf

скопировал все в /var/spool/postfix/etc/sasl2

less /usr/lib/sasl2/smtpd.conf
#pwcheck_method: saslauthd
pwcheck_method: auxprop
mech_list: login plain


Создал пользователей:
[root@test postfix]# sasldblistusers2
test@regiongarant.ru: userPassword
salavat@regiongarant.ru: userPassword
test@regiongarant.ru: cmusaslsecretOTP
salavat@regiongarant.ru: cmusaslsecretOTP

проверяю с другой машины:
[salavat@salavat salavat]$ telnet test 25
Trying 192.168.1.101...
Connected to test.
Escape character is '^]'.
220 test.regiongarant.ru ESMTP Postfix
ehlo test.regiongarant.ru
250-test.regiongarant.ru
250-PIPELINING
250-SIZE 10240000
250-ETRN
250-AUTH PLAIN LOGIN
250-XVERP
250 8BITMIME
auth plain
334 
dGVzdAB0ZXN0AHRlc3RwYXNz
235 Authentication successful

типа - все работает

[root@test /]# postfix check
postfix/postfix-script: warning: not owned by root:
/var/spool/postfix/etc/sasl2/sasldb2
postfix/postfix-script: warning: /var/spool/postfix/etc/saslpass have no
original source
postfix/postfix-script: warning: /var/spool/postfix/etc/saslpass.db have
no original source
postfix/postfix-script: warning: /var/spool/postfix/etc/virtual have no
original source
postfix/postfix-script: warning: /var/spool/postfix/etc/virtual.db have no
original source

пытаюсь отправить письмо из ms outlook express - в /var/log/maillog
Jan 11 15:20:05 test postfix/smtpd[10364]: connect from
unknown[192.168.1.25]
Jan 11 15:20:05 test postfix/smtpd[10364]: D1F6E1A0002:
client=unknown[192.168.1.25], sasl_method=LOGIN, sasl_username=test@regiongarant.ru
Jan 11 15:20:05 test postfix/cleanup[10366]: D1F6E1A0002:
message-id=<001301c4f7
e5$5f527f30$19901ed4@salavatw2k>
Jan 11 15:20:05 test postfix/qmgr[10191]: D1F6E1A0002:
from=<salavat@test.region
garant.ru>, size=1309, nrcpt=1 (queue active)
Jan 11 15:20:05 test postfix/smtpd[10364]: disconnect from
unknown[192.168.1.25]
Jan 11 15:20:05 test postfix/lmtp[10369]: D1F6E1A0002:
to=<salavat@test.regionga
rant.ru>, orig_to=<salavat@regiongarant.ru>,
relay=/public/lmtp[/public/lmtp], d
elay=0, status=bounced (host /public/lmtp[/public/lmtp] said: 550-Mailbox
unknow
n.  Either there is no mailbox associated with this 550-name or you do not
have 
authorization to see it. 550 5.1.1 User unknown (in reply to RCPT TO
command))
Jan 11 15:20:05 test postfix/cleanup[10366]: E10211A0003:
message-id=<2005011112
2005.E10211A0003@test.regiongarant.ru>
Jan 11 15:20:05 test postfix/qmgr[10191]: E10211A0003: from=<>, size=3347,
nrcpt
=1 (queue active)
Jan 11 15:20:05 test postfix/lmtp[10369]: E10211A0003:
to=<salavat@test.regionga
rant.ru>, relay=/public/lmtp[/public/lmtp], delay=0, status=bounced (host
/publi
c/lmtp[/public/lmtp] said: 550-Mailbox unknown.  Either there is no
mailbox asso
ciated with this 550-name or you do not have authorization to see it. 550
5.1.1 
User unknown (in reply to RCPT TO command))

Что еще крутить надо? У кого-нибудь это работает на ALT? Собирать все из
сорцов как советуют статьи в сети не хотелось бы.

--
Salavat Yarmukhametov		
Jabber: salik@jabber.ru	
ICQ:	21144441