Pages : 1
#1 Le 23/12/2009, à 19:13
- clement.analogue
Postfix par le port 587 et problème d'authentification
Bonjour à tous, bonjour Uggy,
alors, voila ce que je cherche à faire : J'ai postfix de fonctionnel mais avec une configuration bancale. J'aimerais remédier à ça. Deux points :
Mon FAI, orange, bloque le port 25, donc je passe par relayhost pour renvoyer vers le smtp d'orange, sauf que je ne veux plus passer par là car je soupçonne orange de marquer mes mails comme spam et pour militer pour l'Internet libre.
D'après ce que j'ai compris de la doc de postfix sur Ubuntu.com (https://help.ubuntu.com/community/Postfix que j'ai suivis jusq'à testing inclus), passer par le le port 587 arrange les choses. Sauf que je ne trouve pas la ligne à décommenter dont il est question dans cette doc. J'ai trouvé quelques pages sur le sujet, mais pas très actualité. Ma question : Comment faire pour utiliser le port 587 ?
Second point : Toujours dans cette doc, j'ai configuré SASL for SMTP AUTH (authentification). Mais lorsque je veux envoyer des mails avec un client comme thunderbird, je dois mettre NONE à connection security. Par contre, pas de problème pour la réception, j'ai pu mettre SSL/TLS.
Un peu d'info :
postconf -n
alias_database = hash:/etc/aliases
alias_maps = hash:/etc/aliases
append_dot_mydomain = no
biff = no
broken_sasl_auth_clients = yes
config_directory = /etc/postfix
home_mailbox = Maildir/
inet_interfaces = all
inet_protocols = all
mailbox_size_limit = 0
mydestination = mail.forumanalogue.fr, localhost, localhost.forumanalogue.fr, clement.forumanalogue.fr, forumanalogue.fr
myhostname = mail.forumanalogue.fr
mynetworks = 127.0.0.0/8, 192.168.1.0/24
myorigin = /etc/mailname
readme_directory = no
recipient_delimiter = +
relay_domains = lists.forumanaogue.fr
relayhost = [smtp.orange.fr]
smtp_tls_note_starttls_offer = yes
smtp_tls_security_level = may
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
smtpd_banner = $myhostname ESMTP $mail_name (Ubuntu)
smtpd_recipient_restrictions = permit_sasl_authenticated,permit_mynetworks,reject_unauth_destination
smtpd_sasl_auth_enable = yes
smtpd_sasl_security_options = noanonymous
smtpd_tls_CAfile = /etc/ssl/certs/cacert.pem'
smtpd_tls_auth_only = no
smtpd_tls_cert_file = /etc/ssl/certs/smtpd.crt
smtpd_tls_key_file = /etc/ssl/private/smtpd.key
smtpd_tls_loglevel = 1
smtpd_tls_received_header = yes
smtpd_tls_security_level = may
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
smtpd_tls_session_cache_timeout = 3600s
smtpd_use_tls = yes
tls_random_source = dev:/dev/urandom
transport_maps = hash:/etc/postfix/transport
cat /etc/postfix/sasl/smtpd.conf
pwcheck_method: saslauthd
mech_list: plain login
cat /etc/default/saslauthd
#
# Settings for saslauthd daemon
# Please read /usr/share/doc/sasl2-bin/README.Debian for details.
#
# Should saslauthd run automatically on startup? (default: no)
START=yes
# Description of this saslauthd instance. Recommended.
# (suggestion: SASL Authentication Daemon)
DESC="SASL Authentication Daemon"
# Short name of this saslauthd instance. Strongly recommended.
# (suggestion: saslauthd)
NAME="saslauthd"
# Which authentication mechanisms should saslauthd use? (default: pam)
#
# Available options in this Debian package:
# getpwent -- use the getpwent() library function
# kerberos5 -- use Kerberos 5
# pam -- use PAM
# rimap -- use a remote IMAP server
# shadow -- use the local shadow password file
# sasldb -- use the local sasldb database file
# ldap -- use LDAP (configuration is in /etc/saslauthd.conf)
#
# Only one option may be used at a time. See the saslauthd man page
# for more information.
#
# Example: MECHANISMS="pam"
MECHANISMS="pam"
# Additional options for this mechanism. (default: none)
# See the saslauthd man page for information about mech-specific options.
MECH_OPTIONS=""
# How many saslauthd processes should we run? (default: 5)
# A value of 0 will fork a new process for each connection.
THREADS=5
# Other options (default: -c -m /var/run/saslauthd)
# Note: You MUST specify the -m option or saslauthd won't run!
#
# WARNING: DO NOT SPECIFY THE -d OPTION.
# The -d option will cause saslauthd to run in the foreground instead of as
# a daemon. This will PREVENT YOUR SYSTEM FROM BOOTING PROPERLY. If you wish
# to run saslauthd in debug mode, please run it by hand to be safe.
#
# See /usr/share/doc/sasl2-bin/README.Debian for Debian-specific information.
# See the saslauthd man page and the output of 'saslauthd -h' for general
# information about these options.
#
# Example for postfix users: "-c -m /var/spool/postfix/var/run/saslauthd"
OPTIONS="-m /var/spool/postfix/var/run/saslauthd"
PWDIR="/var/spool/postfix/var/run/saslauthd"
PARAMS="-m ${PWDIR}"
PIDFILE="${PWDIR}/saslauthd.pid"
telnet localhost 25
Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'.
220 mail.forumanalogue.fr ESMTP Postfix (Ubuntu)
ehlo localhost
250-mail.forumanalogue.fr
250-PIPELINING
250-SIZE 10240000
250-VRFY
250-ETRN
250-STARTTLS
250-AUTH PLAIN LOGIN
250-AUTH=PLAIN LOGIN
250-ENHANCEDSTATUSCODES
250-8BITMIME
250 DSN
quit
221 2.0.0 Bye
Connection closed by foreign host.
Un message un peu long, merci d'avance pour votre aide.
Edit : j'ai compris pourquoi je n'ai pas d'authenfication sécurisé, c'est parce que le serveur smtp-msa.orange.fr ne l'accepte pas.
Dernière modification par clement.analogue (Le 06/05/2010, à 15:10)
Site personnel
Association Ubuntu-Lyon : Organisation d'événements autour d'Ubuntu sur Lyon.
Venez discuter philosophie, exposez vos textes et réflexions, ...
Forum Analogue : Philosophie, sciences, art, actualité, etc.
Hors ligne
#2 Le 23/12/2009, à 21:49
- Uggy
Re : Postfix par le port 587 et problème d'authentification
D'après ce que j'ai compris [..] passer par le le port 587 arrange les choses.
Oui et non.
Oui si ton Postfix est "sur internet". Dans ce cas, tu es bloqué pour aller vers ton serveur sur Internet si il écoute sur le port 25 mais pas si il écoute sur un autre port.
Non dans ton cas, car j'imagine dans ton cas ton Postfix est "chez toi"... auquel cas tu peux toi t'y connecter sur le port 25.. mais lui ton Postfix ne pourra aller sur aucun port 25 sur internet (sauf le serveur d'Orange....)
Donc a ma connaissance:
- soit tu quittes Orange et tu prends un FAI un peu plus "intelligent" (Free par exemple bloque par défaut, mais c'est configurable dans l'interface de gestion)
- soit tu dois disposer d'un serveur mail sur Internet que tu peux configurer pour écouter sur un autre port que le 25.. et qui accepte ensuite de relayer pour toi vers les serveurs des destinataires.
Hors ligne
#3 Le 23/12/2009, à 21:54
- Uggy
Re : Postfix par le port 587 et problème d'authentification
Pour le SASL.
- Je ne connais pas bien l'authentification par "Cyrus". (moi j'utilise celle avec "Dovecot")
- J'imagine que le log aiderais
- J'imagine qu'un coup de saslfinger aiderais
http://doc.ubuntu-fr.org/tutoriel/comment_soumettre_un_probleme_postfix_sur_le_forum
http://www.postfix.org/SASL_README.html
Dernière modification par Uggy (Le 23/12/2009, à 21:56)
Hors ligne
#4 Le 04/01/2010, à 17:31
- clement.analogue
Re : Postfix par le port 587 et problème d'authentification
De retour en France avec mon problème ...
Quelques captures d'écran : configuration, message d'erreur de thunderbird (3.0), puis les logs
Rien dans les logs
Rien dans les logs
Rien dans les logs
Jan 4 15:11:47 clement postfix/smtpd[19586]: cannot load Certificate Authority data: disabling TLS support
Jan 4 15:11:47 clement postfix/smtpd[19586]: warning: TLS library problem: 19586:error:02001002:system library:fopen:No such file or directory:bss_file.c:122:fopen('/etc/ssl/certs/cacert.pem'','r'):
Jan 4 15:11:47 clement postfix/smtpd[19586]: warning: TLS library problem: 19586:error:2006D080:BIO routines:BIO_new_file:no such file:bss_file.c:125:
Jan 4 15:11:47 clement postfix/smtpd[19586]: warning: TLS library problem: 19586:error:0B084002:x509 certificate routines:X509_load_cert_crl_file:system lib:by_file.c:274:
Jan 4 15:11:47 clement postfix/smtpd[19586]: connect from www.forumanalogue.fr[192.168.1.11]
Jan 4 15:11:47 clement postfix/cleanup[19611]: 864AF36C7: message-id=<20100104141147.864AF36C7@mail.forumanalogue.fr>
Jan 4 15:11:47 clement postfix/smtpd[19586]: disconnect from www.forumanalogue.fr[192.168.1.11]
Jan 4 15:11:47 clement postfix/qmgr[29557]: 864AF36C7: from=<double-bounce@mail.forumanalogue.fr>, size=931, nrcpt=1 (queue active)
Jan 4 15:11:47 clement postfix/local[19613]: 864AF36C7: to=<root@mail.forumanalogue.fr>, orig_to=<postmaster>, relay=local, delay=0.17, delays=0.1/0.01/0/0.05, dsn=2.0.0, status=sent (delivered to maildir)
Jan 4 15:11:47 clement postfix/qmgr[29557]: 864AF36C7: removed
Jan 4 15:13:55 clement postfix/smtpd[23794]: cannot load Certificate Authority data: disabling TLS support
Jan 4 15:13:55 clement postfix/smtpd[23794]: warning: TLS library problem: 23794:error:02001002:system library:fopen:No such file or directory:bss_file.c:122:fopen('/etc/ssl/certs/cacert.pem'','r'):
Jan 4 15:13:55 clement postfix/smtpd[23794]: warning: TLS library problem: 23794:error:2006D080:BIO routines:BIO_new_file:no such file:bss_file.c:125:
Jan 4 15:13:55 clement postfix/smtpd[23794]: warning: TLS library problem: 23794:error:0B084002:x509 certificate routines:X509_load_cert_crl_file:system lib:by_file.c:274:
Jan 4 15:13:55 clement postfix/smtpd[23794]: connect from www.forumanalogue.fr[192.168.1.11]
Jan 4 15:13:55 clement postfix/cleanup[23797]: CFD7136C7: message-id=<20100104141355.CFD7136C7@mail.forumanalogue.fr>
Jan 4 15:13:55 clement postfix/smtpd[23794]: disconnect from www.forumanalogue.fr[192.168.1.11]
Jan 4 15:13:55 clement postfix/qmgr[29557]: CFD7136C7: from=<double-bounce@mail.forumanalogue.fr>, size=931, nrcpt=1 (queue active)
Jan 4 15:13:55 clement postfix/local[23799]: CFD7136C7: to=<root@mail.forumanalogue.fr>, orig_to=<postmaster>, relay=local, delay=0.15, delays=0.07/0.01/0/0.07, dsn=2.0.0, status=sent (delivered to maildir)
Jan 4 15:13:55 clement postfix/qmgr[29557]: CFD7136C7: removed
Jan 4 15:14:51 clement postfix/smtpd[23794]: connect from www.forumanalogue.fr[192.168.1.11]
Jan 4 15:14:51 clement postfix/cleanup[23797]: 9857D36C7: message-id=<20100104141451.9857D36C7@mail.forumanalogue.fr>
Jan 4 15:14:51 clement postfix/smtpd[23794]: disconnect from www.forumanalogue.fr[192.168.1.11]
Jan 4 15:14:51 clement postfix/qmgr[29557]: 9857D36C7: from=<double-bounce@mail.forumanalogue.fr>, size=931, nrcpt=1 (queue active)
Jan 4 15:14:51 clement postfix/local[23799]: 9857D36C7: to=<root@mail.forumanalogue.fr>, orig_to=<postmaster>, relay=local, delay=0.14, delays=0.06/0.01/0/0.07, dsn=2.0.0, status=sent (delivered to maildir)
Jan 4 15:14:51 clement postfix/qmgr[29557]: 9857D36C7: removed
Jan 4 15:15:13 clement imapd-ssl: LOGIN, user=clement, ip=[::ffff:192.168.1.11], port=[55108], protocol=IMAP
Jan 4 15:16:23 clement postfix/smtpd[23794]: connect from www.forumanalogue.fr[192.168.1.11]
Jan 4 15:16:23 clement postfix/smtpd[23794]: disconnect from www.forumanalogue.fr[192.168.1.11]
Jan 4 15:17:28 clement postfix/smtpd[23794]: connect from www.forumanalogue.fr[192.168.1.11]
Jan 4 15:17:28 clement postfix/smtpd[23794]: 85D70399D: client=www.forumanalogue.fr[192.168.1.11], sasl_method=PLAIN, sasl_username=clement
Jan 4 15:17:28 clement postfix/cleanup[31173]: 85D70399D: message-id=<4B41F878.5000909@forumanalogue.fr>
Jan 4 15:17:28 clement postfix/qmgr[29557]: 85D70399D: from=<****@forumanalogue.fr>, size=637, nrcpt=1 (queue active)
Jan 4 15:17:28 clement postfix/smtpd[23794]: disconnect from www.forumanalogue.fr[192.168.1.11]
Jan 4 15:17:28 clement postfix/smtp[31175]: 85D70399D: to=<clement.analogue@hotmail.fr>, relay=smtp.orange.fr[80.12.242.16]:25, delay=0.29, delays=0.07/0.05/0.12/0.05, dsn=2.0.0, status=sent (250 2.0.0 Ok: queued as C49E3800023D)
Jan 4 15:17:28 clement postfix/qmgr[29557]: 85D70399D: removed
Maintenant, les retours de saslfinger :
Coter client :
saslfinger -c
saslfinger - postfix Cyrus sasl configuration lundi 4 janvier 2010, 16:22:24 (UTC+0100)
version: 1.0.4
mode: client-side SMTP AUTH
-- basics --
Postfix: 2.6.5
System: Ubuntu 9.10 \n \l
-- smtp is linked to --
libsasl2.so.2 => /usr/lib/libsasl2.so.2 (0x00007fcfae4e5000)
-- active SMTP AUTH and TLS parameters for smtp --
relayhost = [smtp.orange.fr]
smtp_sasl_auth_enable = yes
smtp_sasl_mechanism_filter = !gssapi, !external, static:all
smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd
smtp_sasl_security_options = noanonymous
smtp_sasl_type = cyrus
smtp_tls_note_starttls_offer = yes
smtp_tls_security_level = may
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
-- listing of /usr/lib64/sasl2 --
total 988
drwxr-xr-x 2 root root 4096 2009-10-27 18:57 .
drwxr-xr-x 293 root root 131072 2010-01-04 15:10 ..
-rw-r--r-- 1 root root 20060 2009-08-21 03:49 libanonymous.a
-rw-r--r-- 1 root root 982 2009-08-21 03:49 libanonymous.la
-rw-r--r-- 1 root root 18528 2009-08-21 03:49 libanonymous.so
-rw-r--r-- 1 root root 18528 2009-08-21 03:49 libanonymous.so.2
-rw-r--r-- 1 root root 18528 2009-08-21 03:49 libanonymous.so.2.0.23
-rw-r--r-- 1 root root 23802 2009-08-21 03:49 libcrammd5.a
-rw-r--r-- 1 root root 968 2009-08-21 03:49 libcrammd5.la
-rw-r--r-- 1 root root 22624 2009-08-21 03:49 libcrammd5.so
-rw-r--r-- 1 root root 22624 2009-08-21 03:49 libcrammd5.so.2
-rw-r--r-- 1 root root 22624 2009-08-21 03:49 libcrammd5.so.2.0.23
-rw-r--r-- 1 root root 65880 2009-08-21 03:49 libdigestmd5.a
-rw-r--r-- 1 root root 991 2009-08-21 03:49 libdigestmd5.la
-rw-r--r-- 1 root root 51752 2009-08-21 03:49 libdigestmd5.so
-rw-r--r-- 1 root root 51752 2009-08-21 03:49 libdigestmd5.so.2
-rw-r--r-- 1 root root 51752 2009-08-21 03:49 libdigestmd5.so.2.0.23
-rw-r--r-- 1 root root 20590 2009-08-21 03:49 liblogin.a
-rw-r--r-- 1 root root 962 2009-08-21 03:49 liblogin.la
-rw-r--r-- 1 root root 18520 2009-08-21 03:49 liblogin.so
-rw-r--r-- 1 root root 18520 2009-08-21 03:49 liblogin.so.2
-rw-r--r-- 1 root root 18520 2009-08-21 03:49 liblogin.so.2.0.23
-rw-r--r-- 1 root root 41980 2009-08-21 03:49 libntlm.a
-rw-r--r-- 1 root root 956 2009-08-21 03:49 libntlm.la
-rw-r--r-- 1 root root 34904 2009-08-21 03:49 libntlm.so
-rw-r--r-- 1 root root 34904 2009-08-21 03:49 libntlm.so.2
-rw-r--r-- 1 root root 34904 2009-08-21 03:49 libntlm.so.2.0.23
-rw-r--r-- 1 root root 20486 2009-08-21 03:49 libplain.a
-rw-r--r-- 1 root root 962 2009-08-21 03:49 libplain.la
-rw-r--r-- 1 root root 18520 2009-08-21 03:49 libplain.so
-rw-r--r-- 1 root root 18520 2009-08-21 03:49 libplain.so.2
-rw-r--r-- 1 root root 18520 2009-08-21 03:49 libplain.so.2.0.23
-rw-r--r-- 1 root root 30364 2009-08-21 03:49 libsasldb.a
-rw-r--r-- 1 root root 993 2009-08-21 03:49 libsasldb.la
-rw-r--r-- 1 root root 22464 2009-08-21 03:49 libsasldb.so
-rw-r--r-- 1 root root 22464 2009-08-21 03:49 libsasldb.so.2
-rw-r--r-- 1 root root 22464 2009-08-21 03:49 libsasldb.so.2.0.23
-- listing of /usr/lib/sasl2 --
total 988
drwxr-xr-x 2 root root 4096 2009-10-27 18:57 .
drwxr-xr-x 293 root root 131072 2010-01-04 15:10 ..
-rw-r--r-- 1 root root 20060 2009-08-21 03:49 libanonymous.a
-rw-r--r-- 1 root root 982 2009-08-21 03:49 libanonymous.la
-rw-r--r-- 1 root root 18528 2009-08-21 03:49 libanonymous.so
-rw-r--r-- 1 root root 18528 2009-08-21 03:49 libanonymous.so.2
-rw-r--r-- 1 root root 18528 2009-08-21 03:49 libanonymous.so.2.0.23
-rw-r--r-- 1 root root 23802 2009-08-21 03:49 libcrammd5.a
-rw-r--r-- 1 root root 968 2009-08-21 03:49 libcrammd5.la
-rw-r--r-- 1 root root 22624 2009-08-21 03:49 libcrammd5.so
-rw-r--r-- 1 root root 22624 2009-08-21 03:49 libcrammd5.so.2
-rw-r--r-- 1 root root 22624 2009-08-21 03:49 libcrammd5.so.2.0.23
-rw-r--r-- 1 root root 65880 2009-08-21 03:49 libdigestmd5.a
-rw-r--r-- 1 root root 991 2009-08-21 03:49 libdigestmd5.la
-rw-r--r-- 1 root root 51752 2009-08-21 03:49 libdigestmd5.so
-rw-r--r-- 1 root root 51752 2009-08-21 03:49 libdigestmd5.so.2
-rw-r--r-- 1 root root 51752 2009-08-21 03:49 libdigestmd5.so.2.0.23
-rw-r--r-- 1 root root 20590 2009-08-21 03:49 liblogin.a
-rw-r--r-- 1 root root 962 2009-08-21 03:49 liblogin.la
-rw-r--r-- 1 root root 18520 2009-08-21 03:49 liblogin.so
-rw-r--r-- 1 root root 18520 2009-08-21 03:49 liblogin.so.2
-rw-r--r-- 1 root root 18520 2009-08-21 03:49 liblogin.so.2.0.23
-rw-r--r-- 1 root root 41980 2009-08-21 03:49 libntlm.a
-rw-r--r-- 1 root root 956 2009-08-21 03:49 libntlm.la
-rw-r--r-- 1 root root 34904 2009-08-21 03:49 libntlm.so
-rw-r--r-- 1 root root 34904 2009-08-21 03:49 libntlm.so.2
-rw-r--r-- 1 root root 34904 2009-08-21 03:49 libntlm.so.2.0.23
-rw-r--r-- 1 root root 20486 2009-08-21 03:49 libplain.a
-rw-r--r-- 1 root root 962 2009-08-21 03:49 libplain.la
-rw-r--r-- 1 root root 18520 2009-08-21 03:49 libplain.so
-rw-r--r-- 1 root root 18520 2009-08-21 03:49 libplain.so.2
-rw-r--r-- 1 root root 18520 2009-08-21 03:49 libplain.so.2.0.23
-rw-r--r-- 1 root root 30364 2009-08-21 03:49 libsasldb.a
-rw-r--r-- 1 root root 993 2009-08-21 03:49 libsasldb.la
-rw-r--r-- 1 root root 22464 2009-08-21 03:49 libsasldb.so
-rw-r--r-- 1 root root 22464 2009-08-21 03:49 libsasldb.so.2
-rw-r--r-- 1 root root 22464 2009-08-21 03:49 libsasldb.so.2.0.23
-- listing of /etc/postfix/sasl --
total 16
drwxr-xr-x 2 root root 4096 2009-12-23 17:43 .
drwxr-xr-x 3 root root 4096 2010-01-04 16:19 ..
-rw-r--r-- 1 root root 49 2009-12-14 10:39 smtp.conf
-rw-r--r-- 1 root root 49 2009-12-23 17:43 smtpd.conf
-- permissions for /etc/postfix/sasl_passwd --
-rw-r--r-- 1 root root 94 2010-01-04 16:00 /etc/postfix/sasl_passwd
-- permissions for /etc/postfix/sasl_passwd.db --
-rw-r--r-- 1 root root 94 2010-01-04 16:19 /etc/postfix/sasl_passwd.db
/etc/postfix/sasl_passwd.db is up to date.
-- active services in /etc/postfix/master.cf --
# service type private unpriv chroot wakeup maxproc command + args
# (yes) (yes) (yes) (never) (100)
smtp inet n - - - - smtpd
pickup fifo n - - 60 1 pickup
cleanup unix n - - - 0 cleanup
qmgr fifo n - n 300 1 qmgr
tlsmgr unix - - - 1000? 1 tlsmgr
rewrite unix - - - - - trivial-rewrite
bounce unix - - - - 0 bounce
defer unix - - - - 0 bounce
trace unix - - - - 0 bounce
verify unix - - - - 1 verify
flush unix n - - 1000? 0 flush
proxymap unix - - n - - proxymap
proxywrite unix - - n - 1 proxymap
smtp unix - - - - - smtp
relay unix - - - - - smtp
-o smtp_fallback_relay=
showq unix n - - - - showq
error unix - - - - - error
retry unix - - - - - error
discard unix - - - - - discard
local unix - n n - - local
virtual unix - n n - - virtual
lmtp unix - - - - - lmtp
anvil unix - - - - 1 anvil
scache unix - - - - 1 scache
maildrop unix - n n - - pipe
flags=DRhu user=vmail argv=/usr/bin/maildrop -d ${recipient}
uucp unix - n n - - pipe
flags=Fqhu user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail ($recipient)
ifmail unix - n n - - pipe
flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient)
bsmtp unix - n n - - pipe
flags=Fq. user=bsmtp argv=/usr/lib/bsmtp/bsmtp -t$nexthop -f$sender $recipient
scalemail-backend unix - n n - 2 pipe
flags=R user=scalemail argv=/usr/lib/scalemail/bin/scalemail-store ${nexthop} ${user} ${extension}
mailman unix - n n - - pipe
flags=FR user=list argv=/usr/lib/mailman/bin/postfix-to-mailman.py
${nexthop} ${user}
-- mechanisms on [smtp.orange.fr] --
-- mechanisms on [smtp.orange.fr]:submission --
-- end of saslfinger output --
Serveur :
saslfinger -s
saslfinger - postfix Cyrus sasl configuration lundi 4 janvier 2010, 16:23:03 (UTC+0100)
version: 1.0.4
mode: server-side SMTP AUTH
-- basics --
Postfix: 2.6.5
System: Ubuntu 9.10 \n \l
-- smtpd is linked to --
libsasl2.so.2 => /usr/lib/libsasl2.so.2 (0x00007fb8431d5000)
-- active SMTP AUTH and TLS parameters for smtpd --
broken_sasl_auth_clients = yes
smtpd_sasl_auth_enable = yes
smtpd_sasl_security_options = noanonymous
smtpd_tls_CAfile = /etc/ssl/certs/cacert.pem'
smtpd_tls_auth_only = no
smtpd_tls_cert_file = /etc/ssl/certs/smtpd.crt
smtpd_tls_key_file = /etc/ssl/private/smtpd.key
smtpd_tls_loglevel = 1
smtpd_tls_received_header = yes
smtpd_tls_security_level = may
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
smtpd_tls_session_cache_timeout = 3600s
smtpd_use_tls = yes
-- listing of /usr/lib64/sasl2 --
total 988
drwxr-xr-x 2 root root 4096 2009-10-27 18:57 .
drwxr-xr-x 293 root root 131072 2010-01-04 15:10 ..
-rw-r--r-- 1 root root 20060 2009-08-21 03:49 libanonymous.a
-rw-r--r-- 1 root root 982 2009-08-21 03:49 libanonymous.la
-rw-r--r-- 1 root root 18528 2009-08-21 03:49 libanonymous.so
-rw-r--r-- 1 root root 18528 2009-08-21 03:49 libanonymous.so.2
-rw-r--r-- 1 root root 18528 2009-08-21 03:49 libanonymous.so.2.0.23
-rw-r--r-- 1 root root 23802 2009-08-21 03:49 libcrammd5.a
-rw-r--r-- 1 root root 968 2009-08-21 03:49 libcrammd5.la
-rw-r--r-- 1 root root 22624 2009-08-21 03:49 libcrammd5.so
-rw-r--r-- 1 root root 22624 2009-08-21 03:49 libcrammd5.so.2
-rw-r--r-- 1 root root 22624 2009-08-21 03:49 libcrammd5.so.2.0.23
-rw-r--r-- 1 root root 65880 2009-08-21 03:49 libdigestmd5.a
-rw-r--r-- 1 root root 991 2009-08-21 03:49 libdigestmd5.la
-rw-r--r-- 1 root root 51752 2009-08-21 03:49 libdigestmd5.so
-rw-r--r-- 1 root root 51752 2009-08-21 03:49 libdigestmd5.so.2
-rw-r--r-- 1 root root 51752 2009-08-21 03:49 libdigestmd5.so.2.0.23
-rw-r--r-- 1 root root 20590 2009-08-21 03:49 liblogin.a
-rw-r--r-- 1 root root 962 2009-08-21 03:49 liblogin.la
-rw-r--r-- 1 root root 18520 2009-08-21 03:49 liblogin.so
-rw-r--r-- 1 root root 18520 2009-08-21 03:49 liblogin.so.2
-rw-r--r-- 1 root root 18520 2009-08-21 03:49 liblogin.so.2.0.23
-rw-r--r-- 1 root root 41980 2009-08-21 03:49 libntlm.a
-rw-r--r-- 1 root root 956 2009-08-21 03:49 libntlm.la
-rw-r--r-- 1 root root 34904 2009-08-21 03:49 libntlm.so
-rw-r--r-- 1 root root 34904 2009-08-21 03:49 libntlm.so.2
-rw-r--r-- 1 root root 34904 2009-08-21 03:49 libntlm.so.2.0.23
-rw-r--r-- 1 root root 20486 2009-08-21 03:49 libplain.a
-rw-r--r-- 1 root root 962 2009-08-21 03:49 libplain.la
-rw-r--r-- 1 root root 18520 2009-08-21 03:49 libplain.so
-rw-r--r-- 1 root root 18520 2009-08-21 03:49 libplain.so.2
-rw-r--r-- 1 root root 18520 2009-08-21 03:49 libplain.so.2.0.23
-rw-r--r-- 1 root root 30364 2009-08-21 03:49 libsasldb.a
-rw-r--r-- 1 root root 993 2009-08-21 03:49 libsasldb.la
-rw-r--r-- 1 root root 22464 2009-08-21 03:49 libsasldb.so
-rw-r--r-- 1 root root 22464 2009-08-21 03:49 libsasldb.so.2
-rw-r--r-- 1 root root 22464 2009-08-21 03:49 libsasldb.so.2.0.23
-- listing of /usr/lib/sasl2 --
total 988
drwxr-xr-x 2 root root 4096 2009-10-27 18:57 .
drwxr-xr-x 293 root root 131072 2010-01-04 15:10 ..
-rw-r--r-- 1 root root 20060 2009-08-21 03:49 libanonymous.a
-rw-r--r-- 1 root root 982 2009-08-21 03:49 libanonymous.la
-rw-r--r-- 1 root root 18528 2009-08-21 03:49 libanonymous.so
-rw-r--r-- 1 root root 18528 2009-08-21 03:49 libanonymous.so.2
-rw-r--r-- 1 root root 18528 2009-08-21 03:49 libanonymous.so.2.0.23
-rw-r--r-- 1 root root 23802 2009-08-21 03:49 libcrammd5.a
-rw-r--r-- 1 root root 968 2009-08-21 03:49 libcrammd5.la
-rw-r--r-- 1 root root 22624 2009-08-21 03:49 libcrammd5.so
-rw-r--r-- 1 root root 22624 2009-08-21 03:49 libcrammd5.so.2
-rw-r--r-- 1 root root 22624 2009-08-21 03:49 libcrammd5.so.2.0.23
-rw-r--r-- 1 root root 65880 2009-08-21 03:49 libdigestmd5.a
-rw-r--r-- 1 root root 991 2009-08-21 03:49 libdigestmd5.la
-rw-r--r-- 1 root root 51752 2009-08-21 03:49 libdigestmd5.so
-rw-r--r-- 1 root root 51752 2009-08-21 03:49 libdigestmd5.so.2
-rw-r--r-- 1 root root 51752 2009-08-21 03:49 libdigestmd5.so.2.0.23
-rw-r--r-- 1 root root 20590 2009-08-21 03:49 liblogin.a
-rw-r--r-- 1 root root 962 2009-08-21 03:49 liblogin.la
-rw-r--r-- 1 root root 18520 2009-08-21 03:49 liblogin.so
-rw-r--r-- 1 root root 18520 2009-08-21 03:49 liblogin.so.2
-rw-r--r-- 1 root root 18520 2009-08-21 03:49 liblogin.so.2.0.23
-rw-r--r-- 1 root root 41980 2009-08-21 03:49 libntlm.a
-rw-r--r-- 1 root root 956 2009-08-21 03:49 libntlm.la
-rw-r--r-- 1 root root 34904 2009-08-21 03:49 libntlm.so
-rw-r--r-- 1 root root 34904 2009-08-21 03:49 libntlm.so.2
-rw-r--r-- 1 root root 34904 2009-08-21 03:49 libntlm.so.2.0.23
-rw-r--r-- 1 root root 20486 2009-08-21 03:49 libplain.a
-rw-r--r-- 1 root root 962 2009-08-21 03:49 libplain.la
-rw-r--r-- 1 root root 18520 2009-08-21 03:49 libplain.so
-rw-r--r-- 1 root root 18520 2009-08-21 03:49 libplain.so.2
-rw-r--r-- 1 root root 18520 2009-08-21 03:49 libplain.so.2.0.23
-rw-r--r-- 1 root root 30364 2009-08-21 03:49 libsasldb.a
-rw-r--r-- 1 root root 993 2009-08-21 03:49 libsasldb.la
-rw-r--r-- 1 root root 22464 2009-08-21 03:49 libsasldb.so
-rw-r--r-- 1 root root 22464 2009-08-21 03:49 libsasldb.so.2
-rw-r--r-- 1 root root 22464 2009-08-21 03:49 libsasldb.so.2.0.23
-- listing of /etc/postfix/sasl --
total 16
drwxr-xr-x 2 root root 4096 2009-12-23 17:43 .
drwxr-xr-x 3 root root 4096 2010-01-04 16:19 ..
-rw-r--r-- 1 root root 49 2009-12-14 10:39 smtp.conf
-rw-r--r-- 1 root root 49 2009-12-23 17:43 smtpd.conf
-- content of /etc/postfix/sasl/smtpd.conf --
pwcheck_method: saslauthd
mech_list: plain login
-- content of /etc/postfix/sasl/smtpd.conf --
pwcheck_method: saslauthd
mech_list: plain login
-- active services in /etc/postfix/master.cf --
# service type private unpriv chroot wakeup maxproc command + args
# (yes) (yes) (yes) (never) (100)
smtp inet n - - - - smtpd
pickup fifo n - - 60 1 pickup
cleanup unix n - - - 0 cleanup
qmgr fifo n - n 300 1 qmgr
tlsmgr unix - - - 1000? 1 tlsmgr
rewrite unix - - - - - trivial-rewrite
bounce unix - - - - 0 bounce
defer unix - - - - 0 bounce
trace unix - - - - 0 bounce
verify unix - - - - 1 verify
flush unix n - - 1000? 0 flush
proxymap unix - - n - - proxymap
proxywrite unix - - n - 1 proxymap
smtp unix - - - - - smtp
relay unix - - - - - smtp
-o smtp_fallback_relay=
showq unix n - - - - showq
error unix - - - - - error
retry unix - - - - - error
discard unix - - - - - discard
local unix - n n - - local
virtual unix - n n - - virtual
lmtp unix - - - - - lmtp
anvil unix - - - - 1 anvil
scache unix - - - - 1 scache
maildrop unix - n n - - pipe
flags=DRhu user=vmail argv=/usr/bin/maildrop -d ${recipient}
uucp unix - n n - - pipe
flags=Fqhu user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail ($recipient)
ifmail unix - n n - - pipe
flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient)
bsmtp unix - n n - - pipe
flags=Fq. user=bsmtp argv=/usr/lib/bsmtp/bsmtp -t$nexthop -f$sender $recipient
scalemail-backend unix - n n - 2 pipe
flags=R user=scalemail argv=/usr/lib/scalemail/bin/scalemail-store ${nexthop} ${user} ${extension}
mailman unix - n n - - pipe
flags=FR user=list argv=/usr/lib/mailman/bin/postfix-to-mailman.py
${nexthop} ${user}
-- mechanisms on localhost --
250-AUTH PLAIN LOGIN
250-AUTH=PLAIN LOGIN
-- end of saslfinger output --
Le modifs que j'ai apporté :
postconf -n
alias_database = hash:/etc/aliases
alias_maps = hash:/etc/aliases
append_dot_mydomain = no
biff = no
broken_sasl_auth_clients = yes
config_directory = /etc/postfix
home_mailbox = Maildir/
inet_interfaces = all
inet_protocols = all
mailbox_size_limit = 0
mydestination = mail.forumanalogue.fr, localhost, localhost.forumanalogue.fr, clement.forumanalogue.fr, forumanalogue.fr
myhostname = mail.forumanalogue.fr
mynetworks = 127.0.0.0/8, 192.168.1.0/24
myorigin = /etc/mailname
readme_directory = no
recipient_delimiter = +
relay_domains = lists.forumanaogue.fr
relayhost = [smtp.orange.fr]
smtp_sasl_auth_enable = yes
smtp_sasl_mechanism_filter = !gssapi, !external, static:all
smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd
smtp_sasl_security_options = noanonymous
smtp_sasl_type = cyrus
smtp_tls_note_starttls_offer = yes
smtp_tls_security_level = may
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
smtpd_banner = $myhostname ESMTP $mail_name (Ubuntu)
smtpd_recipient_restrictions = permit_sasl_authenticated,permit_mynetworks,reject_unauth_destination
smtpd_sasl_auth_enable = yes
smtpd_sasl_security_options = noanonymous
smtpd_tls_CAfile = /etc/ssl/certs/cacert.pem'
smtpd_tls_auth_only = no
smtpd_tls_cert_file = /etc/ssl/certs/smtpd.crt
smtpd_tls_key_file = /etc/ssl/private/smtpd.key
smtpd_tls_loglevel = 1
smtpd_tls_received_header = yes
smtpd_tls_security_level = may
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
smtpd_tls_session_cache_timeout = 3600s
smtpd_use_tls = yes
tls_random_source = dev:/dev/urandom
transport_maps = hash:/etc/postfix/transport
J'ai créé deux fichiers /etc/postfix/sasl_passwd et /etc/postfix/sasl_passwd.db contenant :
[smtp.orange.fr] login_orange:mdp_orange
[smtp.orange.fr]:submission login_orange:mdp_orange
Y a-t-il besoin d'autres informations ?
Edit: cacher l'email.
Dernière modification par clement.analogue (Le 29/09/2016, à 12:52)
Site personnel
Association Ubuntu-Lyon : Organisation d'événements autour d'Ubuntu sur Lyon.
Venez discuter philosophie, exposez vos textes et réflexions, ...
Forum Analogue : Philosophie, sciences, art, actualité, etc.
Hors ligne
#5 Le 06/01/2010, à 18:42
- clement.analogue
Re : Postfix par le port 587 et problème d'authentification
Je patauge encore.
Avant de continuer, j'aimerai qu'on m'enlève un doute :
telnet smtp-msa.orange.fr 587
Trying 193.252.22.72...
Connected to smtp-msa.orange.fr.
Escape character is '^]'.
220 mwinf5a04.orange.fr ESMTP MSA **************************
ehlo local host
250-mwinf5a04.orange.fr
250-PIPELINING
250-SIZE 14365491
250-ETRN
250-AUTH PLAIN LOGIN
250-AUTH=PLAIN LOGIN
250-ENHANCEDSTATUSCODES
250 8BITMIME
quit
221 2.0.0 Bye
Connection closed by foreign host.
Pas de ligne 250-STARTTLS. Cela veut dire qu'il n'y a pas de starttls, ni ssl/tls sur ce serveur ?
Auquel cas, puis-je tout même l'activer sur mon postfix, ou cela devient caduc ?
Les modifications :
postconf -n
alias_database = hash:/etc/aliases
alias_maps = hash:/etc/aliases
append_dot_mydomain = no
biff = no
broken_sasl_auth_clients = yes
config_directory = /etc/postfix
home_mailbox = Maildir/
inet_interfaces = all
inet_protocols = all
mailbox_size_limit = 0
mydestination = mail.forumanalogue.fr, localhost, localhost.forumanalogue.fr, clement.forumanalogue.fr, forumanalogue.fr
myhostname = mail.forumanalogue.fr
mynetworks = 127.0.0.0/8, 192.168.1.0/24
myorigin = /etc/mailname
readme_directory = no
recipient_delimiter = +
relay_domains = lists.forumanaogue.fr
relayhost = [smtp-msa.orange.fr]:submission
smtp_sasl_auth_enable = yes
smtp_sasl_mechanism_filter = !gssapi, !external, static:all
smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd
smtp_sasl_security_options = noanonymous
smtp_sasl_type = cyrus
smtp_tls_note_starttls_offer = yes
smtp_tls_security_level = may
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
smtpd_banner = $myhostname ESMTP $mail_name (Ubuntu)
smtpd_recipient_restrictions = permit_sasl_authenticated,permit_mynetworks,reject_unauth_destination
smtpd_sasl_auth_enable = yes
smtpd_sasl_security_options = noanonymous
smtpd_tls_CAfile = /etc/ssl/certs/cacert.pem'
smtpd_tls_auth_only = no
smtpd_tls_cert_file = /etc/ssl/certs/smtpd.crt
smtpd_tls_key_file = /etc/ssl/private/smtpd.key
smtpd_tls_loglevel = 1
smtpd_tls_received_header = yes
smtpd_tls_security_level = may
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
smtpd_tls_session_cache_timeout = 3600s
smtpd_use_tls = yes
tls_random_source = dev:/dev/urandom
transport_maps = hash:/etc/postfix/transport
J'ai ajouté submission au relayhost et je l'ai changé pour passé par le port 587 car ça fait plusieurs jours que mes mails ne passent plus (blackilist ?)
Modification des fichiers sasl_password en conséquence. Un petit coup de
postmap /etc/postfix/sasl_passwd
puis
sudo /etc/init.d/postfix restart
pour s'assurer que tout roule. Et plus de problème d'envoi de mail. Mais toujours pas de sécurité.
Site personnel
Association Ubuntu-Lyon : Organisation d'événements autour d'Ubuntu sur Lyon.
Venez discuter philosophie, exposez vos textes et réflexions, ...
Forum Analogue : Philosophie, sciences, art, actualité, etc.
Hors ligne