Okay... thats computersience, i found my misstake! It was a simple blank
space behind the password!!!
I would use Dovecot the next time, it's a bit more up to date than cyrus
and not that (stupid) sensitive! ;)
I will add an advice into the wiki to prevent this misstake for other users.
Am 23.03.2012 17:49, schrieb Reindl Harald:
alternative solution for sasl is dovecot-auth
"smtpd_sasl_type = dovecot"
in main.cf is the only postfix-relevant chamge
we are using dovecot at all as imap/pop3 proxy in
front of dbmail which listens only on 127.0.0.1
but should be useable only for SASL-auth too somehow
the proxy solution is because we have one unified
configuration for SASL-methods (smtp, pop3, imap)
can do replacements in usernames for legacy compatibility
to the old mailsystems (% instead @ on many clients
configured) and in dbmail-2.x was no SSL/CRAM-MD5-support
IMHO a benefit that POP3/IMAP/SMTP are supporting the
same auth-methods and software - less points of mistakes
________________________________________________________
the relevant sections in dovecot.conf (= 2.0)
eblow also a complete configuration
maybe someone packs it in the wiki, i hate them to edit :-)
# configure proxy-database
passdb {
driver = sql
args = /etc/dovecot/sql.conf
}
# we are not using local users
userdb {
driver = static
args = static uid=15000 gid=15000 home=/dev/null
}
# configure backend for postfix sasl-auth
service auth {
unix_listener /var/spool/postfix/private/auth {
mode = 0660
user = postfix
group = postfix
}
}
________________________________________________________
"proxy" is here a own mysql-user with only access to the userdb
cat /etc/dovecot/sql.conf
driver = mysql
connect = host=/var/lib/mysql/mysql.sock dbname=dbmail user=proxy
password=*****
password_query = SELECT passwd as password, '127.0.0.1' as host, userid as
destuser, passwd AS pass, 'Y' AS
nologin, 'Y' AS nodelay, 'Y' AS proxy FROM dbmail_users WHERE userid='%u'
default_pass_scheme = plain
________________________________________________________
however, this is a complete "dovecot.conf" for proxy AND auth
you have in the best case only to change path to ssl-cert and
the ip-address because you can not use * in this configuration
since dbmail is listening on 127.0.0.1:110/143
corrently running dovecot 2.1.1, 2.1.3 is crashing randomly
the whole 2.0 serious was rock solid over the last time
this config is used since 2009 for some hundret domains
# provided services
protocols = imap pop3
# configure ssl
ssl = yes
ssl_cert =</etc/postfix/certs/mailserver.pem
ssl_key =</etc/postfix/certs/mailserver.pem
ssl_cipher_list =
ALL:!aNULL:!eNULL:!ADH!LOW:!MEDIUM:!EXP:!SSLv2:HIGH
# configure imap-proxy
service imap-login {
inet_listener imap {
address =<MAIL-SERVER-IP>
port = 143
}
inet_listener imaps {
address =<MAIL-SERVER-IP>
port = 993
}
vsz_limit = 512M
service_count = 5000
process_min_avail = 1
process_limit = 15
client_limit = 300
}
# configure pop3-proxy
service pop3-login {
inet_listener pop3 {
address =<MAIL-SERVER-IP>
port = 110
}
inet_listener pop3s {
address =<MAIL-SERVER-IP>
port = 995
}
vsz_limit = 512M
service_count = 5000
process_min_avail = 1
process_limit = 15
client_limit = 100
}
# default settings
imap_capability = IMAP4 IMAP4rev1 ACL RIGHTS=texk NAMESPACE
CHILDREN SORT QUOTA
THREAD=ORDEREDSUBJECT UNSELECT IDLE
login_greeting =
pop3_client_workarounds = outlook-no-nuls oe-ns-eoh
mail_max_userip_connections = 100
auth_mechanisms = CRAM-MD5 DIGEST-MD5 APOP LOGIN PLAIN
disable_plaintext_auth = no
shutdown_clients = no
# Logging
syslog_facility = mail
# authentication process
auth_worker_max_count = 100
auth_cache_size = 32768
auth_cache_ttl = 1800
auth_cache_negative_ttl = 1800
auth_username_chars =
abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ01234567890.-_@%
auth_username_translation =
%@AaBbCcDdEeFfGgHhIiJjKkLlMmNnOoPpQqRrSsTtUuVvWwXxYyZz
# debug options
auth_debug = no
auth_debug_passwords = no
auth_verbose = no
mail_debug = no
verbose_ssl = no
# configure proxy-database
passdb {
driver = sql
args = /etc/dovecot/sql.conf
}
# we are not using local users
userdb {
driver = static
args = static uid=5000 gid=5000 home=/dev/null
}
# configure backend for postfix sasl-auth
service auth {
unix_listener /var/spool/postfix/private/auth {
mode = 0660
user = postfix
group = postfix
}
}
Am 23.03.2012 17:33, schrieb Claas Kähler:
Okay that solved a problem... thanks!!! But at least not the SASL one! ;)
Am 23.03.2012 17:00, schrieb Reindl Harald:
we are using "mydestination", "local_recipient_maps" and dbmail-lmtpd for
years and my webinterface is simply maintaining a domain/transport
list in a table based on dbmail_aliases triggered in a php-function
after changes
in other words: i see no reason for virtual_* at all the transport
table is much flexibler because you can define external transports
and with some lines of code prefer them even if dbmail is pre-configured
for a domain while you relay messages to the old server until all users
are configured for the new one (domain-transfers and so)
mydestination = proxy:mysql:/etc/postfix/mysql-mydestination.cf
[root@srv-rhsoft:~]$ cat /etc/postfix/mysql-mydestination.cf
user = dbmail
password = ****************
dbname = dbmail
hosts = unix:/var/lib/mysql/mysql.sock inet:127.0.0.1:3307
query = select transport from dbma_mta where mydestination='%s';
mysql> select * from dbma_mta where mydestination like '%rhsoft%';
+-----------------------+--------------------------+
| mydestination | transport |
+-----------------------+--------------------------+
| arrakisvm.rhsoft.net | dbmail-lmtp:127.0.0.1:24 |
| local.rhsoft.net | dbmail-lmtp:127.0.0.1:24 |
| notebook.rhsoft.net | dbmail-lmtp:127.0.0.1:24 |
| rhsoft.net | dbmail-lmtp:127.0.0.1:24 |
| srv-rhsoft.rhsoft.net | dbmail-lmtp:127.0.0.1:24 |
| testserver.rhsoft.net | dbmail-lmtp:127.0.0.1:24 |
+-----------------------+--------------------------+
6 rows in set (0.00 sec)
Am 23.03.2012 16:49, schrieb Claas Kähler:
Your are right! But that isn't the problem. Postfix only checks if there is a
result or not. Take a look at:
http://dbmail.org/dokuwiki/doku.php/setup_postfix
They used the same query.
Am 23.03.2012 16:45, schrieb Reindl Harald:
what the hell should "SELECT DISTINCT 1" do?
this will result in "1" and never in any list
mysql> SELECT DISTINCT 1 FROM dbmail_aliases;
+---+
| 1 |
+---+
| 1 |
+---+
1 row in set (0.00 sec)
Am 23.03.2012 16:39, schrieb Claas Kähler:
root@(none):/etc/postfix# grep virtual /etc/postfix/main.cf
virtual_mailbox_domains = mysql:/etc/postfix/sql-virtual_mailbox_domains.cf
root@(none):/etc/postfix# cat /etc/postfix/sql-virtual_mailbox_domains.cf
user = dbmail
password = changeMe
hosts = 127.0.0.1
dbname = dbmail
query = SELECT DISTINCT 1 FROM dbmail_aliases WHERE SUBSTRING_INDEX(alias, '@',
-1) = '%s';
Am 23.03.2012 16:29, schrieb Paul J Stevens:
On 03/23/2012 04:22 PM, Claas Kähler wrote:
Okay i've got the following in my mail.log when my trying to sent a
Email to an account:
Mar 23 16:19:34 (none) postfix/virtual[8591]: fatal: bad string length 0
< 1: virtual_mailbox_base
Mar 23 16:19:35 (none) postfix/master[2737]: warning: process
/usr/lib/postfix/virtual pid 8591 exi status 1
Mar 23 16:19:35 (none) postfix/master[2737]: warning:
/usr/lib/postfix/virtual: bad command startup-- throttling
That's not SASL related at all!
what does
grep virtual /etc/postfix/main.cf
have to say?
--
Reindl Harald
the lounge interactive design GmbH
A-1060 Vienna, Hofmühlgasse 17
CTO / software-development / cms-solutions
p: +43 (1) 595 3999 33, m: +43 (676) 40 221 40
icq: 154546673, http://www.thelounge.net/
http://www.thelounge.net/signature.asc.what.htm
_______________________________________________
DBmail mailing list
DBmail@dbmail.org
http://mailman.fastxs.nl/cgi-bin/mailman/listinfo/dbmail
_______________________________________________
DBmail mailing list
DBmail@dbmail.org
http://mailman.fastxs.nl/cgi-bin/mailman/listinfo/dbmail
