OVH Community, votre nouvel espace communautaire.

Postfix / Auth SMTP / Multi IP / multi domaines


Ramucho
04/12/2015, 13h45
Bonjour,

j'ai un serveur dédié sous Debian 8.1/jessie, avec postfix 2.11.3
ce serveur a plusieurs IP, et plusieurs domaines de tests dessus (il est actuellement en test encore).

Pour ce sujet, je donne arbitrairement cet environnement :
domaine1.com [ip 111.111.111.111]
domaine2.fr [ip 222.222.222.222]
Environnement logiciel : Apache, MySQL, PHP. Rien de bien extra.

Pour chaque domaine, j'ai configuré le reverse dans le manager de façon que mail.domaine1.com => 111.111.111.111 et idem pour mail.domaine2.fr sur son IP.

la config multi IP fonctionne.

le telnet en port 25 affiche bien la bonne bannière (trouvé un tuto qui explique comment faire).


Ce que je souhaite faire : configurer une authentification SMTP pour les domaines.

Concrètement, après des pages de liens violets sous google, je n'arrive toujours pas à faire fonctionner cette authentification. Dans un premier temps, je la fais sans TLS.
j'ai teté :
- postfix + mysql
- postfix + cyrus (mais sur un tuto fedora, je ne suis pas allé loin)
- postfix + dovecot

je ne veux pas d'imap ni de pop3 : mon serveur n'héberge aucun mail pour domaine1.com ni domaine 2.fr (les MX pointent vers un exchange online).

Verdict : lorsque je tente :
- AUTH LOGIN + base64 d'un login/mdp, j'ai l'erreur "535 5.7.8 Error: authentication failed: generic failure"
- testsaslauthd -u user -p monpass, j'ai l'erreur "connect() no such file or directory"


Mes récentes sources :
http*//michauko.org/docs/debian_testing/install_debian.pdf
http*//gogs.info/books/debian-mail/chunked/postfix.sasl.html
http*//www.nervous.it/txt/Postfix-SMTP-AUTH-4-DUMMIES.html

Mes fichiers de conf :


main.cf
Code:
# See /usr/share/postfix/main.cf.dist for a commented, more complete version


# Debian specific:  Specifying a file name will cause the first
# line of that file to be used as the name.  The Debian default
# is /etc/mailname.
#myorigin = /etc/mailname

smtpd_banner = $myhostname ESMTP $mail_name (Debian/GNU)
biff = no

# appending .domain is the MUA's job.
append_dot_mydomain = no

# Uncomment the next line to generate "delayed mail" warnings
#delay_warning_time = 4h

readme_directory = no
sender_dependent_default_transport_maps = hash:/etc/postfix/sender_transport

smtpd_sasl_auth_enable = yes
smtpd_sasl_local_domain =
broken_sasl_auth_clients = yes
smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination
smtpd_sender_restrictions = permit_sasl_authenticated




début du master.cf
Code:
#
# Postfix master process configuration file.  For details on the format
# of the file, see the master(5) manual page (command: "man 5 master" or
# on-line: http://www.postfix.org/master.5.html).
#
# Do not forget to execute "postfix reload" after editing this file.
#
# ==========================================================================
# service type  private unpriv  chroot  wakeup  maxproc command + args
#               (yes)   (yes)   (yes)   (never) (100)
# ==========================================================================
#smtp      inet  n       -       -       -       -       smtpd
127.0.0.1:smtp inet  n     -       n       -       -       smtpd
      -o syslog_name=postfix-localhost
      -o smtp_helo_name=localhost
      -o smtp_bind_address=127.0.0.1
      -o myhostname=localhost
111.111.111.111:smtp inet  n     -       n       -       -       smtpd
      -o syslog_name=postfix-mail.domaine1.com
      -o smtp_helo_name=mail.domaine1.com
      -o smtp_bind_address=111.111.111.111
      -o myhostname=mail.domaine1.com

222.222.222.222:smtp inet  n     -       n       -       -       smtpd
      -o syslog_name=postfix-mail.domaine2.fr
      -o smtp_helo_name=mail.domaine2.fr
      -o smtp_bind_address=222.222.222.222
      -o myhostname=mail.domaine2.fr

domaine1-out  unix -       -       n       -       -       smtp
   -o smtp_bind_address=111.111.111.111
   -o smtp_helo_name=mail.domaine1.com
   -o syslog_name=postfix-mail.domaine1.com

domaine2-out  unix -       -       n       -       -       smtp
   -o smtp_bind_address=222.222.222.222
   -o smtp_helo_name=mail.domaine2.fr
   -o syslog_name=postfix-mail.domaine2.fr

#smtp      inet  n       -       -       -       1       postscreen
#smtpd     pass  -       -       -       -       -       smtpd
#dnsblog   unix  -       -       -       -       0       dnsblog
#tlsproxy  unix  -       -       -       -       0       tlsproxy
#submission inet n       -       -       -       -       smtpd
#  -o syslog_name=postfix/submission
#  -o smtpd_tls_security_level=encrypt
#  -o smtpd_sasl_auth_enable=yes
#  -o smtpd_reject_unlisted_recipient=no
#  -o smtpd_client_restrictions=$mua_client_restrictions
#  -o smtpd_helo_restrictions=$mua_helo_restrictions
#  -o smtpd_sender_restrictions=$mua_sender_restrictions
#  -o smtpd_recipient_restrictions=
#  -o smtpd_relay_restrictions=permit_sasl_authenticated,reject
#  -o milter_macro_daemon_name=ORIGINATING
#smtps     inet  n       -       -       -       -       smtpd


/var/log/mail.info
[code]
Dec 3 15:33:07 MONSERVEUR postfix-mail.domaine1.com/smtpd[13657]: connect from *****.abo.wanadoo.fr[***]
Dec 3 15:33:43 MONSERVEUR postfix-mail.domaine1.com/smtpd[13657]: warning: *****.abo.wanadoo.fr[***]: SASL LOGIN authentication failed: bad protocol / cancel
Dec 3 15:33:49 MONSERVEUR postfix-mail.domaine1.com/smtpd[13657]: disconnect from *****.abo.wanadoo.fr[***]
Dec 3 15:34:09 MONSERVEUR postfix-mail.domaine1.com/smtpd[13657]: connect from *****.abo.wanadoo.fr[***]
Dec 3 15:34:14 MONSERVEUR postfix-mail.domaine1.com/smtpd[13657]: warning: SASL authentication failure: cannot connect to saslauthd server: No such file or directory
Dec 3 15:34:14 MONSERVEUR postfix-mail.domaine1.com/smtpd[13657]: warning: SASL authentication failure: Password verification failed
Dec 3 15:34:14 MONSERVEUR postfix-mail.domaine1.com/smtpd[13657]: warning: *****.abo.wanadoo.fr[***]: SASL PLAIN authentication failed: generic failure
Dec 3 15:39:15 MONSERVEUR postfix-mail.domaine1.com/smtpd[13657]: timeout after AUTH from *****.abo.wanadoo.fr[***]
Dec 3 15:39:15 MONSERVEUR postfix-mail.domaine1.com/smtpd[13657]: disconnect from *****.abo.wanadoo.fr[***]
[code]

/etc/postfix/sasl/smtp.conf
Code:
pwcheck_method: saslauthd 
#mech_list: digest-md5 cram-md5 plain login 
mech_list: plain login
log_level: 5

/etc/default/saslauthd
Code:
#
# Settings for saslauthd daemon
# Please read /usr/share/doc/sasl2-bin/README.Debian for details.
#

# Should saslauthd run automatically on startup? (default: no)
START=yes

# Description of this saslauthd instance. Recommended.
# (suggestion: SASL Authentication Daemon)
DESC="SASL Authentication Daemon"

# Short name of this saslauthd instance. Strongly recommended.
# (suggestion: saslauthd)
NAME="saslauthd"

# Which authentication mechanisms should saslauthd use? (default: pam)
#
# Available options in this Debian package:
# getpwent  -- use the getpwent() library function
# kerberos5 -- use Kerberos 5
# pam       -- use PAM
# rimap     -- use a remote IMAP server
# shadow    -- use the local shadow password file
# sasldb    -- use the local sasldb database file
# ldap      -- use LDAP (configuration is in /etc/saslauthd.conf)
#
# Only one option may be used at a time. See the saslauthd man page
# for more information.
#
# Example: MECHANISMS="pam"
MECHANISMS="pam"

# Additional options for this mechanism. (default: none)
# See the saslauthd man page for information about mech-specific options.
MECH_OPTIONS=""

# How many saslauthd processes should we run? (default: 5)
# A value of 0 will fork a new process for each connection.
THREADS=5

PARAMS="-r -m /var/spool/postfix/var/run/saslauthd"
OPTIONS="-r -c -m /var/spool/postfix/var/run/saslauthd"
mes questions...
1) les logs suggèrent clairemnt que le couple login/mdp est faux. OK. (j'ai bien démarré le saslauth évidemment).
D'où vient ce login/mdp ? j'ai créé un compte via webmin avec /bin/false mais visiblement ça ne suffit pas.

2) vu que je ne veux pas de webmail ni imap ni pop3, suis-je vraiment obligé de passer par dovecot ? Je suis en train de ne faire que du postfix/saslauth, sans mysql, sans dovecot. ça me parait plus simple.

Merci beaucoup par avance pour toute aide ...