Kolab 3.1 auf Debian Wheezy | SMTP AUTH
Clemens Wallner
Clemens.Wallner at safeintrain.de
Mi Jan 22 12:29:11 CET 2014
Hallo!
Wir haben ein Kolab 3.1 über die Debian Pakete installiert wie in der
Doku beschrieben.
Es funktioniert schon sehr vieles (Kalender, Adressen, etc.). Intern
(also zwischen Usern des Kolab Servers) kann man auch Mails verschicken.
Wir sitzen hinter einer Firewall/Router, der über NAT nach Außen mit
einem Relayhost für Mails kommuniziert/arbeitet.
Unser interner DNS-Name des Kolab Servers lautet xxx-local.de (auf
192.168.0.x) und unser externer DNS Name lautet xxx.de (Server unseres
Providers hängt da dran).
xxx.de wird bei unserem Provider gehostet, deshalb die interne
Umbenennung mit "-local".
Jetzt soll man auch nach extern Mails (über den Relayhost) verschicken
können. Dazu wollen wir unsere E-mails Konnten bei unserem Provider
(=Domainfactory) nutzen. Leider funktioniert wohl die Authentifizierung
(SMTP-Auth) nicht. Wir nutzen den SMTP Server
smtprelaypool.ispgateway.de unter Port 25 und wollen per TLS und
SMTP-Auth versenden. So wird es aktuell von unseren anderen Mail Clients
auch benutzt und funktioniert.
Es kommen immer Mails mit folgendem Inhalt zurück:
Remote-MTA: dns; smtprelaypool.ispgateway.de
Diagnostic-Code: smtp; 550 Authentication required. Please use SMTP AUTH -
contact support for help
Der Daemon kolab_saslauthd läuft.
Log und Konfigurations-Files (soweit wir das verstehen und sie dafür
nötig sind) sind angehängt.
Ich habe die echte externe E-Mail adresse mit der Adresse
target at example.com ersetzt.
1) Wie kann ich raus bekommen mit welchem User sich kolab/postfix beim
mail Anbieter per SMTP-Auth anmeldet, also was muss ich an den log
Einstellungen dazu ändern?
2) Warum benutzt kolab/postfix laut e-mail Antwort keine Authentifizierung?
Über jede Hilfreiche Antwort freue ich mich,
Clemens Wallner
-------------- nächster Teil --------------
# Per sender authentication
#
# Login information for the default relayhost
smtprelaypool.ispgateway.de [user]:[userpw]
-------------- nächster Teil --------------
# Postfix master process configuration file. For details on the format
# of the file, see the master(5) manual page (command: "man 5 master").
# Do not forget to execute "postfix reload" after editing this file.
# ==============================================================================
# service type private unpriv chroot wakeup maxproc command
# (yes) (yes) (yes) (never) (100) + args
# ==============================================================================
smtp inet n - n - - smtpd -v
#smtp inet n - n - 1 postscreen
#smtpd pass - - n - - smtpd
#dnsblog unix - - n - 0 dnsblog
#tlsproxy unix - - n - 0 tlsproxy
submission inet n - n - - smtpd
-o cleanup_service_name=cleanup_submission
-o syslog_name=postfix/submission
-o smtpd_tls_security_level=encrypt
-o smtpd_sasl_auth_enable=yes
-o smtpd_sasl_authenticated_header=yes
-o smtpd_client_restrictions=permit_sasl_authenticated,reject
-o smtpd_data_restrictions=$submission_data_restrictions
-o smtpd_recipient_restrictions=$submission_recipient_restrictions
-o smtpd_sender_restrictions=$submission_sender_restrictions
#smtps inet n - n - - smtpd
# -o syslog_name=postfix/smtps
# -o smtpd_tls_wrappermode=yes
# -o smtpd_sasl_auth_enable=yes
# -o smtpd_client_restrictions=permit_sasl_authenticated,reject
# -o milter_macro_daemon_name=ORIGINATING
#628 inet n - n - - qmqpd
pickup fifo n - n 60 1 pickup
cleanup unix n - n - 0 cleanup
-o header_checks=regexp:/etc/postfix/header_checks.inbound
-o mime_header_checks=regexp:/etc/postfix/header_checks.inbound
cleanup_internal unix n - n - 0 cleanup
-o header_checks=regexp:/etc/postfix/header_checks.internal
-o mime_header_checks=regexp:/etc/postfix/header_checks.internal
cleanup_submission unix n - n - 0 cleanup
-o header_checks=regexp:/etc/postfix/header_checks.submission
-o mime_header_checks=regexp:/etc/postfix/header_checks.submission
qmgr fifo n - n 300 1 qmgr
#qmgr fifo n - n 300 1 oqmgr
tlsmgr unix - - n 1000? 1 tlsmgr -v
rewrite unix - - n - - trivial-rewrite
bounce unix - - n - 0 bounce
defer unix - - n - 0 bounce
trace unix - - n - 0 bounce
verify unix - - n - 1 verify
flush unix n - n 1000? 0 flush
proxymap unix - - n - - proxymap
proxywrite unix - - n - 1 proxymap
smtp unix - - n - - smtp
relay unix - - n - - smtp -v
showq unix n - n - - showq
error unix - - n - - error
retry unix - - n - - error
discard unix - - n - - discard
local unix - n n - - local
virtual unix - n n - - virtual
lmtp unix - - n - - lmtp
anvil unix - - n - 1 anvil
scache unix - - n - 1 scache
# Filter email through Amavisd
smtp-amavis unix - - n - 3 smtp
-o smtp_data_done_timeout=1800
-o disable_dns_lookups=yes
-o smtp_send_xforward_command=yes
-o max_use=20
-o smtp_bind_address=127.0.0.1
# Listener to re-inject email from Amavisd into Postfix
127.0.0.1:10025 inet n - n - 100 smtpd -v
-o syslog_name=postfix/reinjamavis
-o cleanup_service_name=cleanup_internal
-o content_filter=
-o local_recipient_maps=
-o relay_recipient_maps=
-o smtpd_restriction_classes=
-o smtpd_client_restrictions=
-o smtpd_helo_restrictions=
-o smtpd_sender_restrictions=
-o smtpd_sasl_auth_enable=yes
-o smtpd_sasl_authenticated_header=yes
-o smtpd_recipient_restrictions=permit_mynetworks,reject
-o mynetworks=127.0.0.0/8
-o smtpd_authorized_xforward_hosts=127.0.0.0/8
# Filter email through Wallace
smtp-wallace unix - - n - 3 smtp
-o smtp_data_done_timeout=1800
-o disable_dns_lookups=yes
-o smtp_send_xforward_command=yes
-o max_use=20
# Listener to re-inject email from Wallace into Postfix
127.0.0.1:10027 inet n - n - 100 smtpd -v
-o cleanup_service_name=cleanup_internal
-o content_filter=
-o local_recipient_maps=
-o relay_recipient_maps=
-o smtpd_restriction_classes=
-o smtpd_client_restrictions=
-o smtpd_helo_restrictions=
-o smtpd_sender_restrictions=
-o smtpd_recipient_restrictions=permit_mynetworks,reject
-o mynetworks=127.0.0.0/8
-o smtpd_authorized_xforward_hosts=127.0.0.0/8
recipient_policy unix - n n - - spawn
user=kolab-n argv=/usr/lib/postfix/kolab_smtp_access_policy --verify-recipient
recipient_policy_incoming unix - n n - - spawn
user=kolab-n argv=/usr/lib/postfix/kolab_smtp_access_policy --verify-recipient --allow-unauthenticated
sender_policy unix - n n - - spawn
user=kolab-n argv=/usr/lib/postfix/kolab_smtp_access_policy --verify-sender
sender_policy_incoming unix - n n - - spawn
user=kolab-n argv=/usr/lib/postfix/kolab_smtp_access_policy --verify-sender --allow-unauthenticated
submission_policy unix - n n - - spawn
user=kolab-n argv=/usr/lib/postfix/kolab_smtp_access_policy --verify-sender --verify-recipient
-------------- nächster Teil --------------
Ein Dateianhang mit Binärdaten wurde abgetrennt...
Dateiname : sys.log
Dateityp : text/x-log
Dateigröße : 49694 bytes
Beschreibung: nicht verfügbar
URL : <http://lists.kolab.org/pipermail/users-de/attachments/20140122/266917f7/attachment-0001.bin>
-------------- nächster Teil --------------
# See /usr/share/postfix/main.cf.dist for a commented, more complete version
# Debian specific: Specifying a file name will cause the first
# line of that file to be used as the name. The Debian default
# is /etc/mailname.
#myorigin = /etc/mailname
smtpd_banner = $myhostname ESMTP $mail_name (Debian/GNU)
biff = no
# appending .domain is the MUA's job.
append_dot_mydomain = no
# Uncomment the next line to generate "delayed mail" warnings
#delay_warning_time = 4h
readme_directory = no
# TLS parameters
smtpd_tls_cert_file=/etc/ssl/certs/ssl-cert-snakeoil.pem
smtpd_tls_key_file=/etc/ssl/private/ssl-cert-snakeoil.key
smtpd_use_tls=yes
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
# See /usr/share/doc/postfix/TLS_README.gz in the postfix-doc package for
# information on enabling SSL in the smtp client.
myhostname = kolabsrv.xxx-local.de
alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases
myorigin = /etc/mailname
mydestination = ldap:/etc/postfix/ldap/mydestination.cf
### is overriden by sender_dependent_relay_host
relayhost = smtprelaypool.ispgateway.de
## Added by PB - 2.1.2014
smtp_sender_dependent_authentication = yes
sender_dependent_relayhost_maps = hash:/etc/postfix/sender_relay
smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd
##
mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128
mailbox_command = procmail -a "$EXTENSION"
mailbox_size_limit = 0
recipient_delimiter = +
inet_interfaces = all
### overriden by smtpd_tls_security_level
#smtpd_tls_auth_only = yes
transport_maps = ldap:/etc/postfix/ldap/transport_maps.cf, hash:/etc/postfix/transport
content_filter = smtp-amavis:[127.0.0.1]:10024
## deaktivate clewa 21.1.2014
#smtpd_sender_login_maps = $relay_recipient_maps
local_recipient_maps = ldap:/etc/postfix/ldap/local_recipient_maps.cf
virtual_alias_maps = $alias_maps, ldap:/etc/postfix/ldap/virtual_alias_maps.cf, ldap:/etc/postfix/ldap/virtual_alias_maps_sharedfolders.cf, ldap:/etc/postfix/ldap/mailenabled_distgroups.cf, ldap:/etc/postfix/ldap/mailenabled_dynamic_distgroups.cf
submission_sender_restrictions = reject_non_fqdn_sender, check_policy_service unix:private/submission_policy, permit_sasl_authenticated, reject
submission_recipient_restrictions = check_policy_service unix:private/submission_policy, permit_sasl_authenticated, reject
smtpd_recipient_restrictions = permit_mynetworks, reject_unauth_pipelining, reject_rbl_client zen.spamhaus.org, reject_non_fqdn_recipient, reject_invalid_helo_hostname, reject_unknown_recipient_domain, reject_unauth_destination, check_policy_service unix:private/recipient_policy_incoming, permit
smtp_tls_security_level = may
submission_data_restrictions = check_policy_service unix:private/submission_policy
smtpd_tls_security_level = may
smtpd_sasl_auth_enable = yes
smtpd_sender_restrictions = permit_mynetworks, check_policy_service unix:private/sender_policy_incoming
### Added PB 21.1.2014 for debugging
##debug_peer_list = web.de
#debug_peer_level = 2
###
Mehr Informationen über die Mailingliste users-de