Mailserver c't 17 SuSE 9.3

zini2001 · 13 Okt. 2005

so siehts bei mir aus. SuSE 9.3 minimal install. ähnelt ein bischen dem debian!

/etc/pam.d # dir
insgesamt 90
drwxr-xr-x 2 root root 584 2005-10-13 21:25 .
drwxr-xr-x 56 root root 5296 2005-10-13 22:33 ..
-rw-r--r-- 1 root root 167 2005-03-19 22:12 chage
-rw-r--r-- 1 root root 199 2005-03-19 22:12 chfn
-rw-r--r-- 1 root root 199 2005-03-19 22:12 chsh
-rw-r--r-- 1 root root 378 2005-03-19 20:22 common-account
-rw-r--r-- 1 root root 448 2005-03-19 20:22 common-auth
-rw-r--r-- 1 root root 861 2005-03-19 20:22 common-password
-rw-r--r-- 1 root root 405 2005-03-19 20:22 common-session
-rw------- 1 root root 247 2005-03-19 20:34 crond
-rw-r--r-- 1 root root 165 2005-03-19 22:16 imap
-rw-r--r-- 1 root root 264 2005-03-19 22:12 login
-rw-r--r-- 1 root root 251 2005-03-19 20:22 other
-rw-r--r-- 1 root root 133 2005-03-19 22:12 passwd
-rw-r--r-- 1 root root 165 2005-03-19 22:16 pop
-rw-r--r-- 1 root root 249 2005-07-01 16:20 ppp
-rw-r--r-- 1 root root 165 2005-03-19 22:12 rpasswd
-rw-r--r-- 1 root root 209 2005-03-19 22:12 shadow
-rw-r--r-- 1 root root 165 2005-03-19 22:16 sieve
-rw-r--r-- 1 root root 165 2005-03-19 22:16 smtp
-rw-r--r-- 1 root root 367 2005-03-22 19:53 sshd
-rw-r--r-- 1 root root 239 2005-03-19 21:28 su
-rw-r--r-- 1 root root 172 2005-03-19 22:12 useradd

dermichel · 13 Okt. 2005

Code:

p75108:/ # cat /etc/sysconfig/saslauthd
## Path:           System/Security/SASL
## Type:           list(getpwent,kerberos5,pam,rimap,shadow,ldap)
## Default:        pam
## ServiceRestart: saslauthd
#
# Authentication mechanism to use by saslauthd.
# See man 8 saslauthd for available mechanisms.
#

SASLAUTHD_AUTHMECH=pam

Code:

p75108:/ # cat /usr/lib/sasl2/smtpd.conf
pwcheck_method: saslauthd
mech_list: plain login

und das wars...

dermichel · 13 Okt. 2005

Code:

p75108:/ # l /etc/pam.d/
total 56
drwxr-xr-x   2 root root 4096 Dec 21  2004 ./
drwxr-xr-x  48 root root 4096 Oct 10 17:21 ../
-rw-r--r--   1 root root  214 Apr 15  2004 chage
-rw-r--r--   1 root root  249 Apr 15  2004 chfn
-rw-r--r--   1 root root  248 Apr 15  2004 chsh
-rw-r--r--   1 root root  476 Apr 15  2004 login
-rw-r--r--   1 root root  396 Apr  6  2004 other
-rw-r--r--   1 root root  254 Apr 15  2004 passwd
-rw-r--r--   1 root root  379 Apr  6  2004 pure-ftpd
-rw-r--r--   1 root root  254 Apr 15  2004 rpasswd
-rw-r--r--   1 root root  209 Apr 15  2004 shadow
-rw-r--r--   1 root root  568 Apr  6  2004 sshd
-rw-r--r--   1 root root  356 Apr  6  2004 su
-rw-r--r--   1 root root  172 Apr 15  2004 useradd
p75108:/ #

Code:

cat /etc/SuSE-release
SuSE Linux 9.1 (i586)
VERSION = 9.1

zini2001 · 13 Okt. 2005

pwcheck_method: saslauthd
mech_list: plain login

cat saslauthd
## Path: System/Security/SASL
## Type: list(getpwent,kerberos5,pam,rimap,shadow,ldap)
## Default: pam
## ServiceRestart: saslauthd
#
# Authentication mechanism to use by saslauthd.
# See man 8 saslauthd for available mechanisms.
#
SASLAUTHD_AUTHMECH=pam

tja...sieht gleich aus!!
und was sagt deine main.cf?

dermichel · 13 Okt. 2005

main.cf:

Code:

smtpd_client_restrictions =
   permit_sasl_authenticated,
    check_client_access hash:/etc/postfix/client_access,
    permit_mynetworks
    ...

smtpd_recipient_restrictions =
    permit_mynetworks,
    permit_sasl_authenticated,
    reject_non_fqdn_sender,
    reject_unauth_destination,
    check_sender_access hash:/etc/postfix/frequently_forged_senders,
    check_policy_service inet:127.0.0.1:60000

zini2001 · 13 Okt. 2005

SuSE Linux 9.3 (i586)
VERSION = 9.3

-rw-r--r-- 1 root root 378 2005-03-19 20:22 common-account
-rw-r--r-- 1 root root 448 2005-03-19 20:22 common-auth
-rw-r--r-- 1 root root 861 2005-03-19 20:22 common-password
-rw-r--r-- 1 root root 405 2005-03-19 20:22 common-session

die sachen gibt es unter debian auch!! ist ne kleine vereinfachung...finde ich.

cat common-auth
#
# /etc/pam.d/common-auth - authentication settings common to all services
#
# This file is included from other service-specific PAM config files,
# and should contain a list of the authentication modules that define
# the central authentication scheme for use on the system
# (e.g., /etc/shadow, LDAP, Kerberos, etc.). The default is to use the
# traditional Unix authentication mechanisms.
#
auth required pam_env.so
auth required pam_unix2.so

cat common-auth
#
# /etc/pam.d/common-auth - authentication settings common to all services
#
# This file is included from other service-specific PAM config files,
# and should contain a list of the authentication modules that define
# the central authentication scheme for use on the system
# (e.g., /etc/shadow, LDAP, Kerberos, etc.). The default is to use the
# traditional Unix authentication mechanisms.
#
auth required pam_env.so
auth required pam_unix2.so
homeserver:/etc/pam.d # cat common-account
#
# /etc/pam.d/common-account - authorization settings common to all services
#
# This file is included from other service-specific PAM config files,
# and should contain a list of the authorization modules that define
# the central access policy for use on the system. The default is to
# only deny service to users whose accounts are expired.
#
account required pam_unix2.so

cat common-password
#
# /etc/pam.d/common-password - password-related modules common to all services
#
# This file is included from other service-specific PAM config files,
# and should contain a list of modules that define the services to be
# used to change user passwords. The default is pam_unix2 in combination
# with pam_pwcheck.

# The "nullok" option allows users to change an empty password, else
# empty passwords are treated as locked accounts.
#
# To enable Blowfish or MD5 passwords, you should edit
# /etc/default/passwd.
#
# Alternate strength checking for passwords should be configured
# in /etc/security/pam_pwcheck.conf.
#
# pam_make can be used to rebuild NIS maps after password change.
#
password required pam_pwcheck.so nullok
password required pam_unix2.so nullok use_first_pass use_authtok
#password required pam_make.so /var/yp

cat common-session
#
# /etc/pam.d/common-session - session-related modules common to all services
#
# This file is included from other service-specific PAM config files,
# and should contain a list of modules that define tasks to be performed
# at the start and end of sessions of *any* kind (both interactive and
# non-interactive). The default is pam_unix2.
#
session required pam_limits.so
session required pam_unix2.so

dermichel · 13 Okt. 2005

hauptsache dein server geht. ich gehe mal in die heia - bis morgen.

zini2001 · 13 Okt. 2005

standard install SuSE 9.3 mit YaST:

smtpd_sasl_auth_enable = no
smtpd_recipient_restrictions = permit_mynetworks,reject_unauth_destination

neu, mit hilfe der console:

mynetworks = 192.168.1.0/24,127.0.0.0/8
smtpd_sasl_auth_enable = yes
smtpd_sasl_security_options = noanonymous
broken_sasl_auth_clients = yes
smtpd_recipient_restrictions = permit_mynetworks,permit_sasl_authenticated,reject_unauth_destination

dermichel · 13 Okt. 2005

genau! ohne anpassung der main.cf kriegst du mit der original suse installation kein smtpd_auth hin. steht das in der ct anders drin?

zini2001 · 13 Okt. 2005

ja das ist die hauptsache. ist jedoch sehr unschön, wenn

1. ein artikel auf den markt kommt der nicht 100%ig funzt,
2. 2 wie wir versuchen jemanden zu helfen, die aber selber 2 verschiede funktionierede systeme haben.

das ist wirklich sehr unschön!!

dermichel · 13 Okt. 2005

lieber unschoen als windows

wann kommt die naechste ausgabe der ct? evtl. wird der artikel korrigiert.

zini2001 · 13 Okt. 2005

dort steht nix von anpassen. ich habe 2x den server aufgesetzt. ich dacht beim erstenmal ich habe was fasch gemacht....aber dem war nicht so.
es wird gesagt das sasl benutzt wird,
das saslauth="pam" eingestellt ist und der auch gestartet werden muß,
und ein link auf http://www.ietf.org/rfc/rfc2222.txt
das wars!!!

gruß

zini2001 · 13 Okt. 2005

die 17, wo dieser artikel drinsteht ist schon etwas .... der zeit ist bestimmt schon die 22 draussen... ichhabe hier die 21, in der ist der spamassassin erkärt.
bestimmt mach ich hier noch einen parallel thread auf...mmmhhh

zini2001 · 13 Okt. 2005

lieber unschoen als windows Smile

Kreisch....das böse wort mit W

dermichel · 13 Okt. 2005

im institut haben die alle ausgaben ausliegen. ich gehe mir mal die artikel kopieren.

zini2001 · 13 Okt. 2005

also 2005/17 und 2005/21 und in der 2005/13 ist die 9.3 DVD drin
mal fragen ob man sich die mit ausleihen kann-> testsystem aufgebaut und bitte dann anworten!!!!

zini2001 · 13 Okt. 2005

hier nochmal die ganze SuSE standard install:

readme_directory = /usr/share/doc/packages/postfix/README_FILES
inet_protocols = all
biff = no
mail_spool_directory = /var/mail
canonical_maps = hash:/etc/postfix/canonical
virtual_maps = hash:/etc/postfix/virtual
relocated_maps = hash:/etc/postfix/relocated
transport_maps = hash:/etc/postfix/transport
sender_canonical_maps = hash:/etc/postfix/sender_canonical
masquerade_exceptions = root
masquerade_classes = envelope_sender, header_sender, header_recipient
myhostname = server.zuhause.xx
program_directory = /usr/lib/postfix
inet_interfaces = all
masquerade_domains =
mydestination = $myhostname,localhost.$mydomain,$mydomain
defer_transports =
disable_dns_lookups = no
relayhost = relay.vom.isp.de
mailbox_command =
mailbox_transport = lmtp:unix:/var/lib/imap/socket/lmtp
smtpd_sender_restrictions = hash:/etc/postfix/access
smtpd_client_restrictions =
smtpd_helo_required = no
smtpd_helo_restrictions =
strict_rfc821_envelopes = no
smtpd_recipient_restrictions = permit_mynetworks,reject_unauth_destination

smtpd_sasl_auth_enable = no
smtpd_use_tls = no
smtp_use_tls = no
alias_maps = hash:/etc/aliases
mailbox_size_limit = 0
message_size_limit = 10240000
smtp_sasl_auth_enable = yes
smtp_sasl_security_options =
smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd

dermichel · 14 Okt. 2005

wieso brauchst du eigentlich im intranet smtpd-authentifizierung?

zini2001 · 14 Okt. 2005

schalt gerade nicht ....was du willst?

dermichel · 15 Okt. 2005

wieso muessen sich deine clients aus dem internen netz authentifizieren?