Postfix + SASL (não autentica)
Citação:
Postado originalmente por fabiano_guru
poste seu main.cf aqui para poder ajudar melhor.
Fabiano,
Acabei de lembrar que eu tinha salvo o postconf -n dele:
Código :
[root@ns1 ~]# postconf -n
alias_database = hash:/etc/postfix/aliases
alias_maps = hash:/etc/postfix/aliases
broken_sasl_auth_clients = yes
command_directory = /usr/sbin
command_time_limit = 1h
config_directory = /etc/postfix
daemon_directory = /usr/libexec/postfix
debug_peer_level = 2
header_checks = regexp:/etc/postfix/maps/header_checks
html_directory = no
inet_interfaces = all
local_destination_concurrency_limit = 2
mail_owner = postfix
mail_spool_directory = /var/mail
mailbox_size_limit = 20000000
mailq_path = /usr/bin/mailq.postfix
manpage_directory = /usr/share/man
maximal_queue_lifetime = 1d
mime_header_checks = regexp:/etc/postfix/maps/mime_header_checks
mydestination = $myhostname, localhost.$mydomain, localhost, $mydomain, email.$mydomain, www.$mydomain
mydomain = cnett.com.br
myhostname = email.cnett.com.br
myorigin = $mydomain
newaliases_path = /usr/bin/newaliases.postfix
queue_directory = /var/spool/postfix
readme_directory = /usr/share/doc/postfix-2.1.5/README_FILES
sample_directory = /usr/share/doc/postfix-2.1.5/samples
sendmail_path = /usr/sbin/sendmail.postfix
setgid_group = postdrop
smtpd_client_restrictions = reject_non_fqdn_sender, reject_non_fqdn_recipient, reject_unknown_sender_domain, reject_unknown_recipient_domain, permit_mynetworks, reject_unauth_destination, reject_invalid_hostname, reject_rbl_client cn-kr.blackholes.us, reject_rbl_client singapore.blackholes.us, reject_rbl_client malaysia.blackholes.us, reject_rbl_client nigeria.blackholes.us, reject_rhsbl_sender dsn.rfc-ignorant.org, reject_rbl_client ipwhois.rfc-ignorant.org
smtpd_helo_required = yes
smtpd_recipient_restrictions = permit_sasl_authenticated, reject
smtpd_sasl_auth_enable = yes
smtpd_sasl_security_options = noanonymous
unknown_local_recipient_reject_code = 550
Versões do postfix e do cyrus-sasl são as mesmas tanto no servidor que tá ok (email.cnett.com.br, aqui o sasl funciona perfeitamente) quanto no outro servidor (que nao funciona e usa um ip da minha rede interna que passa pelo meu gateway fazendo nat).
Código :
[root@ns1 ~]# rpm -q postfix cyrus-sasl
postfix-2.1.5-5
cyrus-sasl-2.1.19-3
Postfix + SASL (não autentica)
Citação:
Postado originalmente por scorpion
lembrou de colocar no seu main.cf do postfix essas confs
Código :
broken_sasl_auth_clients = yes
smtpd_sasl_auth_enable = yes
smtpd_sasl_security_options = noanonymous
smtpd_recipient_restrictions =
permit_mynetworks,
permit_sasl_authenticated,
reject_unauth_destination
Scorpion,
Eu não coloquei dessa forma, mas sim, coloquei isso.
Postfix + SASL (não autentica)
adiciona
smtpd_recipient_restrictions =
permit_mynetworks,
permit_sasl_authenticated,
reject_unauth_destination
e faz um teste
Postfix + SASL (não autentica)
Citação:
Postado originalmente por scorpion
adiciona
smtpd_recipient_restrictions =
permit_mynetworks,
permit_sasl_authenticated,
reject_unauth_destination
e faz um teste
scorpion,
Eu to limpando a maquina, vou refazer toda a instalação. Olha só, no servidor que está funcionando eu coloquei assim:
smtpd_recipient_restrictions = permit_sasl_authenticated, reject
E a linha mynetorks fica comentada.
Postfix + SASL (não autentica)
Citação:
Postado originalmente por scorpion
adiciona
smtpd_recipient_restrictions =
permit_mynetworks,
permit_sasl_authenticated,
reject_unauth_destination
e faz um teste
Scorpion,
Assim funcionou mas o problema é que mesmo desmarcada a opção de autenticar no SMTP ele envia as mensagens... e não quero isso. Quero que todos os meus clientes precisem autenticar para usar o SMTP.
Vou te mostrar o processo com o servidor que funciona:
LOG de uma tentativa desmarcado a opcao de autenticar no login smtp:
Código :
Jan 13 16:41:03 ns1 postfix/smtpd[32179]: connect from unknown[172.30.0.14]
Jan 13 16:41:03 ns1 postfix/smtpd[32179]: NOQUEUE: reject: RCPT from unknown[172.30.0.14]: 554 <[email protected]>: Recipient address rejected: Access denied; from=<[email protected]> to=<[email protected]> proto=SMTP helo=<NATANIEL>
Jan 13 16:41:03 ns1 postfix/smtpd[32179]: disconnect from unknown[172.30.0.14]
LOG do mesmo email, agora com a autenticacao marcada no outlook
Código :
Jan 13 16:42:20 ns1 postfix/smtpd[32200]: connect from unknown[172.30.0.14]
Jan 13 16:42:20 ns1 postfix/smtpd[32200]: 18D6E16B23C: client=unknown[172.30.0.14], sasl_method=LOGIN, sasl_username=gerente
Jan 13 16:42:20 ns1 postfix/cleanup[32208]: 18D6E16B23C: message-id=<002c01c61871$15a4c9d0$0e001eac@NATANIEL>
Jan 13 16:42:20 ns1 postfix/qmgr[32164]: 18D6E16B23C: from=<[email protected]>, size=1354, nrcpt=1 (queue active)
Jan 13 16:42:20 ns1 postfix/smtpd[32200]: disconnect from unknown[172.30.0.14]
Jan 13 16:42:20 ns1 spamd[30704]: connection from localhost.localdomain [127.0.0.1] at port 33872
Jan 13 16:42:20 ns1 spamd[30704]: info: setuid to clamav succeeded
Jan 13 16:42:20 ns1 spamd[30704]: checking message <002c01c61871$15a4c9d0$0e001eac@NATANIEL> for clamav:500.
Jan 13 16:42:20 ns1 spamd[30704]: clean message (-5.8/5.0) for clamav:500 in 0.3 seconds, 1349 bytes.
Jan 13 16:42:20 ns1 spamd[30704]: result: . -5 - ALL_TRUSTED,AWL,BAYES_00,HTML_90_100,HTML_MESSAGE scantime=0.3,size=1349,mid=<002c01c61871$15a4c9d0$0e001eac@NATANIEL>,bayes=0,autolearn=ham
Jan 13 16:42:20 ns1 spamd[25860]: connection from localhost.localdomain [127.0.0.1] at port 33873
Jan 13 16:42:20 ns1 spamd[25860]: info: setuid to clamav succeeded
Jan 13 16:42:20 ns1 spamd[25860]: processing message <002c01c61871$15a4c9d0$0e001eac@NATANIEL> for clamav:500.
Jan 13 16:42:20 ns1 spamd[25860]: clean message (-5.8/5.0) for clamav:500 in 0.2 seconds, 1349 bytes.
Jan 13 16:42:20 ns1 spamd[25860]: result: . -5 - ALL_TRUSTED,AWL,BAYES_00,HTML_90_100,HTML_MESSAGE scantime=0.2,size=1349,mid=<002c01c61871$15a4c9d0$0e001eac@NATANIEL>,bayes=0,autolearn=unavailable
Jan 13 16:42:20 ns1 postfix/pickup[32163]: EE52D16B23F: uid=500 from=<[email protected]>
Jan 13 16:42:20 ns1 postfix/cleanup[32208]: EE52D16B23F: message-id=<002c01c61871$15a4c9d0$0e001eac@NATANIEL>
Jan 13 16:42:20 ns1 postfix/pipe[32209]: 18D6E16B23C: to=<[email protected]>, relay=clamav, delay=0, status=sent (clamav)
Jan 13 16:42:20 ns1 postfix/qmgr[32164]: 18D6E16B23C: removed
Jan 13 16:42:20 ns1 postfix/qmgr[32164]: EE52D16B23F: from=<[email protected]>, size=1703, nrcpt=1 (queue active)
Jan 13 16:42:28 ns1 postfix/smtpd[32179]: connect from 200-161-112-130.dsl.telesp.net.br[200.161.112.130]
Jan 13 16:42:29 ns1 postfix/smtp[32170]: EE52D16B23F: to=<[email protected]>, relay=cnett.psi.br[200.250.168.70], delay=9, status=sent (250 OK id=1ExTsb-0003wy-Mq)
Jan 13 16:42:29 ns1 postfix/qmgr[32164]: EE52D16B23F: removed
Ou seja... Nesse servidor ta funcionando. Agora o postconf -n:
Código :
alias_database = hash:/etc/postfix/aliases
alias_maps = hash:/etc/postfix/aliases
broken_sasl_auth_clients = yes
command_directory = /usr/sbin
command_time_limit = 1h
config_directory = /etc/postfix
daemon_directory = /usr/libexec/postfix
debug_peer_level = 2
header_checks = regexp:/etc/postfix/maps/header_checks
html_directory = no
inet_interfaces = all
local_destination_concurrency_limit = 2
mail_owner = postfix
mail_spool_directory = /var/mail
mailbox_size_limit = 20000000
mailq_path = /usr/bin/mailq.postfix
manpage_directory = /usr/share/man
maximal_queue_lifetime = 1d
mime_header_checks = regexp:/etc/postfix/maps/mime_header_checks
mydestination = $myhostname, localhost.$mydomain, localhost, $mydomain, email.$mydomain, www.$mydomain
mydomain = cnett.com.br
myhostname = email.cnett.com.br
myorigin = $mydomain
newaliases_path = /usr/bin/newaliases.postfix
queue_directory = /var/spool/postfix
readme_directory = /usr/share/doc/postfix-2.1.5/README_FILES
sample_directory = /usr/share/doc/postfix-2.1.5/samples
sendmail_path = /usr/sbin/sendmail.postfix
setgid_group = postdrop
smtpd_client_restrictions = reject_non_fqdn_sender, reject_non_fqdn_recipient, reject_unknown_sender_domain, reject_unknown_recipient_domain, permit_mynetworks, reject_unauth_destination, reject_invalid_hostname, reject_rbl_client cn-kr.blackholes.us, reject_rbl_client singapore.blackholes.us, reject_rbl_client malaysia.blackholes.us, reject_rbl_client nigeria.blackholes.us, reject_rhsbl_sender dsn.rfc-ignorant.org, reject_rbl_client ipwhois.rfc-ignorant.org
smtpd_helo_required = yes
smtpd_recipient_restrictions = permit_sasl_authenticated, reject
smtpd_sasl_auth_enable = yes
smtpd_sasl_security_options = noanonymous
unknown_local_recipient_reject_code = 550
Agora no outro servidor, no que não funciona quando eu habilito a autenticação SMTP está assim o postconf -n:
Código :
alias_database = hash:/etc/postfix/aliases
alias_maps = hash:/etc/postfix/aliases
broken_sasl_auth_clients = yes
command_directory = /usr/sbin
command_time_limit = 1h
config_directory = /etc/postfix
daemon_directory = /usr/libexec/postfix
debug_peer_level = 2
header_checks = regexp:/etc/postfix/maps/header_checks
html_directory = no
inet_interfaces = all
local_destination_concurrency_limit = 2
mail_owner = postfix
mail_spool_directory = /var/mail
mailbox_size_limit = 20000000
mailq_path = /usr/bin/mailq.postfix
manpage_directory = /usr/share/man
maximal_queue_lifetime = 1d
mime_header_checks = regexp:/etc/postfix/maps/mime_header_checks
mydestination = $myhostname, localhost.$mydomain, localhost, $mydomain, email.$mydomain, www.$mydomain
mydomain = cnett.com.br
myhostname = email.cnett.com.br
myorigin = $mydomain
newaliases_path = /usr/bin/newaliases.postfix
queue_directory = /var/spool/postfix
readme_directory = /usr/share/doc/postfix-2.1.5/README_FILES
sample_directory = /usr/share/doc/postfix-2.1.5/samples
sendmail_path = /usr/sbin/sendmail.postfix
setgid_group = postdrop
smtpd_client_restrictions = reject_non_fqdn_sender, reject_non_fqdn_recipient, reject_unknown_sender_domain, reject_unknown_recipient_domain, permit_mynetworks, reject_unauth_destination, reject_invalid_hostname, reject_rbl_client cn-kr.blackholes.us, reject_rbl_client singapore.blackholes.us, reject_rbl_client malaysia.blackholes.us, reject_rbl_client nigeria.blackholes.us, reject_rhsbl_sender dsn.rfc-ignorant.org, reject_rbl_client ipwhois.rfc-ignorant.org
smtpd_helo_required = yes
smtpd_recipient_restrictions = permit_sasl_authenticated, reject
smtpd_sasl_auth_enable = yes
smtpd_sasl_security_options = noanonymous
unknown_local_recipient_reject_code = 550
E sempre ao tentar enviar email a mesma mensagem aparece:
Código :
Jan 13 10:45:53 localhost postfix/smtpd[3111]: connect from unknown[172.30.0.14]
Jan 13 10:45:53 localhost postfix/smtpd[3111]: NOQUEUE: reject: RCPT from unknown[172.30.0.14]: 554 <[email protected]>: Recipient address rejected: Access denied; from=<[email protected]> to=<[email protected]> proto=ESMTP helo=<NATANIEL>
Jan 13 10:45:53 localhost postfix/smtpd[3111]: disconnect from unknown[172.30.0.14]
Tentei parando o sasl e apareceui a mesma mensagem. Estou achando que o Postfix nao procura no SASL:
Código :
[root@localhost log]# /etc/rc.d/init.d/saslauthd stop
Stopping saslauthd: [ OK ]
[root@localhost log]# tail /var/log/maillog
[root@localhost log]# tail /var/log/maillog -n 3
Jan 13 10:46:28 localhost postfix/smtpd[3111]: connect from unknown[172.30.0.14]
Jan 13 10:46:28 localhost postfix/smtpd[3111]: NOQUEUE: reject: RCPT from unknown[172.30.0.14]: 554 <[email protected]>: Recipient address rejected: Access denied; from=<[email protected]> to=<[email protected]> proto=ESMTP helo=<NATANIEL>
Jan 13 10:46:28 localhost postfix/smtpd[3111]: disconnect from unknown[172.30.0.14]
[root@localhost log]#
Fiz um teste mais sinistro mudei o arquivo /usr/lib/sasl2/smtpd.conf e mudei a linha tirando o ": saslauthd" e coloquei "= saslauthd", reiniciei o sasl sem problemas e tentei enviar novamente. No outlook ele fica conectando e não sai disso e no log apareceu assim:
Código :
Jan 13 10:51:33 localhost postfix/smtpd[3144]: fatal: SASL per-process initialization failed
Jan 13 10:51:34 localhost postfix/master[3101]: warning: process /usr/libexec/postfix/smtpd pid 3144 exit status 1
Jan 13 10:51:34 localhost postfix/master[3101]: warning: /usr/libexec/postfix/smtpd: bad command startup -- throttling
Sinceramente estou perdido... Se puder me dar uma mão eu agradeço.