Guest User

Untitled

a guest
Jan 16th, 2018
359
0
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 8.74 KB | None | 0 0
  1. mose@postfix ~ $ cat /etc/redhat-release
  2. CentOS Linux release 7.4.1708 (Core)
  3.  
  4. mose@postfix ~ $ postconf -v | grep 'mail_version = '
  5. postconf: $smtpd_tls_security_level in main.cf validates smtpd_tls_security_level=value in master.cf:submission.inet
  6. mail_version = 2.10.1
  7.  
  8. mose@postfix ~ $ testsaslauthd -u mose@example.com -p password -s smtp
  9. 0: OK "Success."
  10.  
  11. mose@postfix ~ $ openssl s_client -starttls smtp -crlf -connect postfix.example.com:587
  12. <SSL Output truncated for brevity>
  13. EHLO example.com
  14. 250-postfix.example.com
  15. 250-PIPELINING
  16. 250-SIZE 10240000
  17. 250-ETRN
  18. 250-AUTH PLAIN LOGIN CRAM-MD5 DIGEST-MD5
  19. 250-AUTH=PLAIN LOGIN CRAM-MD5 DIGEST-MD5
  20. 250-ENHANCEDSTATUSCODES
  21. 250-8BITMIME
  22. 250 DSN
  23. AUTH PLAIN bW9zZS5jb20AbW9zZS5jb20AcGFzc3dvcmQ=
  24. 535 5.7.8 Error: authentication failed: authentication failure
  25.  
  26. mose@postfix ~ $ sudo tail /var/log/secure
  27. Jan 16 16:37:42 postfix saslauthd[5115]: pam_mysql - option verbose is set to "1"
  28. Jan 16 16:37:42 postfix saslauthd[5115]: pam_mysql - option users.host is set to "localhost"
  29. Jan 16 16:37:42 postfix saslauthd[5115]: pam_mysql - option users.database is set to "postfix"
  30. Jan 16 16:37:42 postfix saslauthd[5115]: pam_mysql - option users.db_user is set to "postfix"
  31. Jan 16 16:37:42 postfix saslauthd[5115]: pam_mysql - option users.db_passwd is set to "password"
  32. Jan 16 16:37:42 postfix saslauthd[5115]: pam_mysql - option users.password_crypt is set to "1"
  33. Jan 16 16:37:42 postfix saslauthd[5115]: pam_mysql - unknown option users.md5 on line 7
  34. Jan 16 16:37:42 postfix saslauthd[5115]: pam_mysql - option users.table is set to "mailboxes"
  35. Jan 16 16:37:42 postfix saslauthd[5115]: pam_mysql - option users.where_clause is set to "status = 1"
  36. Jan 16 16:37:42 postfix saslauthd[5115]: pam_mysql - option users.user_column is set to "login"
  37. Jan 16 16:37:42 postfix saslauthd[5115]: pam_mysql - option users.password_column is set to "password"
  38. Jan 16 16:37:42 postfix saslauthd[5115]: pam_mysql - pam_sm_authenticate() called.
  39. Jan 16 16:37:42 postfix saslauthd[5115]: pam_mysql - pam_mysql_open_db() called.
  40. Jan 16 16:37:42 postfix saslauthd[5115]: pam_mysql - pam_mysql_open_db() returning 0.
  41. Jan 16 16:37:42 postfix saslauthd[5115]: pam_mysql - pam_mysql_check_passwd() called.
  42. Jan 16 16:37:42 postfix saslauthd[5115]: pam_mysql - pam_mysql_format_string() called
  43. Jan 16 16:37:42 postfix saslauthd[5115]: pam_mysql - pam_mysql_quick_escape() called.
  44. Jan 16 16:37:42 postfix saslauthd[5115]: pam_mysql - SELECT password FROM mailboxes WHERE login = 'mose.com' AND (status = 1)
  45. Jan 16 16:37:42 postfix saslauthd[5115]: pam_mysql - SELECT returned no result.
  46. Jan 16 16:37:42 postfix saslauthd[5115]: pam_mysql - pam_mysql_check_passwd() returning 1.
  47. Jan 16 16:37:42 postfix saslauthd[5115]: pam_mysql - pam_mysql_sql_log() called.
  48. Jan 16 16:37:42 postfix saslauthd[5115]: pam_mysql - pam_mysql_sql_log() returning 0.
  49. Jan 16 16:37:42 postfix saslauthd[5115]: pam_mysql - pam_mysql_converse() called.
  50. Jan 16 16:37:42 postfix saslauthd[5115]: pam_mysql - pam_mysql_open_db() called.
  51. Jan 16 16:37:42 postfix saslauthd[5115]: pam_mysql - pam_mysql_check_passwd() called.
  52. Jan 16 16:37:42 postfix saslauthd[5115]: pam_mysql - pam_mysql_format_string() called
  53. Jan 16 16:37:42 postfix saslauthd[5115]: pam_mysql - pam_mysql_quick_escape() called.
  54. Jan 16 16:37:42 postfix saslauthd[5115]: pam_mysql - SELECT password FROM mailboxes WHERE login = 'mose.com' AND (status = 1)
  55. Jan 16 16:37:42 postfix saslauthd[5115]: pam_mysql - SELECT returned no result.
  56. Jan 16 16:37:42 postfix saslauthd[5115]: pam_mysql - pam_mysql_check_passwd() returning 1.
  57. Jan 16 16:37:42 postfix saslauthd[5115]: pam_mysql - pam_mysql_sql_log() called.
  58. Jan 16 16:37:42 postfix saslauthd[5115]: pam_mysql - pam_mysql_sql_log() returning 0.
  59. Jan 16 16:37:42 postfix saslauthd[5115]: pam_mysql - pam_sm_authenticate() returning 10.
  60. Jan 16 16:37:42 postfix saslauthd[5115]: pam_mysql - pam_mysql_release_ctx() called.
  61. Jan 16 16:37:42 postfix saslauthd[5115]: pam_mysql - pam_mysql_destroy_ctx() called.
  62. Jan 16 16:37:42 postfix saslauthd[5115]: pam_mysql - pam_mysql_close_db() called.
  63.  
  64. mose@postfix ~ $ sudo grep -v # /etc/sysconfig/saslauthd
  65. SOCKETDIR=/run/saslauthd
  66. MECH=pam
  67. FLAGS=
  68.  
  69. mose@postfix ~ $ ll /etc/postfix/sasl/smtpd.conf
  70. lrwxrwxrwx 1 root root 21 Jan 11 17:24 /etc/postfix/sasl/smtpd.conf -> /etc/sasl2/smtpd.conf
  71.  
  72. mose@postfix ~ $ sudo cat /etc/sasl2/smtpd.conf
  73. pwcheck_method: saslauthd
  74. mech_list: plain login cram-md5 digest-md5
  75. allow_plaintext: true
  76. auxprop_plugin: sql
  77. sql_engine: mysql
  78. sql_hostnames: localhost
  79. sql_user: mysql
  80. sql_passwd: password
  81. sql_database: postfix
  82. sql_verbose: yes
  83. sql_select: select password from mailboxes where login = '%u@%r' and status='1'
  84. sql_usessl: no
  85. log_level: 3
  86.  
  87. mose@postfix ~ $ sudo cat /etc/pam.d/smtp
  88. #%PAM-1.0
  89. auth required pam_nologin.so
  90. auth sufficient pam_mysql.so config_file=/etc/postfix/mysql/pam.conf
  91. account sufficient pam_mysql.so config_file=/etc/postfix/mysql/pam.conf
  92. password required pam_deny.so
  93.  
  94. mose@postfix ~ $ sudo cat /etc/postfix/mysql/pam.conf
  95. verbose = 1;
  96. users.host = localhost;
  97. users.database = postfix;
  98. users.db_user = mysql;
  99. users.db_passwd = password;
  100. users.password_crypt = 1;
  101. users.table = postfix_mailboxes;
  102. users.where_clause = status = 1;
  103. users.user_column = login;
  104. users.password_column = password;
  105.  
  106. mose@postfix ~ $ sudo postconf -n
  107. alias_database = hash:/etc/aliases
  108. alias_maps = hash:/etc/aliases
  109. append_dot_mydomain = no
  110. biff = no
  111. broken_sasl_auth_clients = yes
  112. command_directory = /usr/sbin
  113. config_directory = /etc/postfix
  114. daemon_directory = /usr/libexec/postfix
  115. data_directory = /var/lib/postfix
  116. debug_peer_level = 2
  117. debugger_command = PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin ddd $daemon_directory/$process_name $process_id & sleep 5
  118. disable_vrfy_command = yes
  119. html_directory = no
  120. inet_interfaces = $myhostname, localhost, 10.100.0.11
  121. inet_protocols = ipv4
  122. local_recipient_maps =
  123. mail_owner = postfix
  124. mailbox_command = procmail -a "$EXTENSION"
  125. mailq_path = /usr/bin/mailq.postfix
  126. manpage_directory = /usr/share/man
  127. mydestination =
  128. mydomain = example.com
  129. myhostname = postfix.example.com
  130. mynetworks = 127.0.0.0/8, 10.100.0.0/24
  131. myorigin = $mydomain
  132. newaliases_path = /usr/bin/newaliases.postfix
  133. postscreen_access_list = permit_mynetworks, cidr:/etc/postfix/postscreen/access.cidr
  134. postscreen_bare_newline_action = enforce
  135. postscreen_bare_newline_enable = no
  136. postscreen_blacklist_action = drop
  137. postscreen_dnsbl_action = enforce
  138. postscreen_dnsbl_reply_map = pcre:$config_directory/postscreen_dnsbl_reply_map.pcre
  139. postscreen_dnsbl_sites = zen.spamhaus.org*3 b.barracudacentral.org*2 bl.spameatingmonkey.net*2 bl.spamcop.net dnsbl.sorbs.net psbl.surriel.com bl.mailspike.net
  140. postscreen_dnsbl_threshold = 3
  141. postscreen_greet_action = enforce
  142. postscreen_greet_banner = $myhostname [POSTSCREEN] ESMTP $mail_name
  143. postscreen_non_smtp_command_enable = no
  144. postscreen_pipelining_enable = no
  145. postscreen_whitelist_interfaces = static:all
  146. proxy_read_maps = $virtual_mailbox_maps $virtual_alias_maps $virtual_mailbox_domains #$transport_maps
  147. queue_directory = /var/spool/postfix
  148. readme_directory = /usr/share/doc/postfix-2.10.1/README_FILES
  149. relay_domains =
  150. relayhost =
  151. sample_directory = /usr/share/doc/postfix-2.10.1/samples
  152. sendmail_path = /usr/sbin/sendmail.postfix
  153. setgid_group = postdrop
  154. smtp_helo_timeout = 5
  155. smtp_host_lookup = native
  156. smtp_sasl_auth_enable = yes
  157. smtpd_banner = $myhostname [SMTPD] ESMTP $mail_name
  158. smtpd_delay_reject = no
  159. smtpd_error_sleep_time = 30
  160. smtpd_hard_error_limit = 20
  161. smtpd_recipient_restrictions = permit_sasl_authenticated, permit_mynetworks, reject_unauth_destination, permit
  162. smtpd_sasl_auth_enable = yes
  163. smtpd_sasl_authenticated_header = no
  164. smtpd_sasl_exceptions_networks = $mynetworks
  165. smtpd_sasl_local_domain = $mydomain
  166. smtpd_sasl_security_options = noanonymous, noplaintext
  167. smtpd_sasl_tls_security_options = noanonymous
  168. smtpd_sasl_type = cyrus
  169. smtpd_sender_restrictions = reject_unknown_sender_domain
  170. smtpd_soft_error_limit = 10
  171. smtpd_tls_CAfile = /etc/postfix/gd_bundle-g2-g1.crt
  172. smtpd_tls_cert_file = /etc/postfix/smtpd.cert
  173. smtpd_tls_key_file = /etc/postfix/smtpd.key
  174. smtpd_tls_loglevel = 1
  175. smtpd_tls_received_header = yes
  176. smtpd_tls_security_level = may
  177. smtpd_tls_session_cache_database = btree:/var/lib/postfix/smtpd_scache
  178. smtpd_tls_session_cache_timeout = 10800s
  179. strict_rfc821_envelopes = yes
  180. tls_random_exchange_name = /var/lib/postfix/prng_exch
  181. tls_random_source = dev:/dev/urandom
  182. unknown_local_recipient_reject_code = 550
  183. virtual_alias_domains =
  184. virtual_alias_maps = proxy:mysql:/etc/postfix/mysql/autoreply.cf, proxy:mysql:/etc/postfix/mysql/aliases.cf, proxy:mysql:/etc/postfix/mysql/groups.cf
  185. virtual_gid_maps = static:101
  186. virtual_mailbox_base = /
  187. virtual_mailbox_domains = proxy:mysql:/etc/postfix/mysql/domains.cf
  188. virtual_mailbox_maps = proxy:mysql:/etc/postfix/mysql/mailboxes.cf
  189. virtual_minimum_uid = 110532
  190. virtual_uid_maps = static:110532
Add Comment
Please, Sign In to add comment