Postfix Auth nach Update von 4.0.3 auf 4.1.1 broken

mail
german

#1

Hallo zusammen,

nach dem Update meines UCS Zarafa Servers von 4.0.3 auf 4.1.1 funktioniert die Authentifizierung am Postfix nicht mehr.
Mails können nur noch von Clients im Netzwerk welche unter der Variable “mail/postfix/mynetworks” gesetzt sind offenbar ohne Authentifizierung versendet werden.

Beim Versuch sich per Telnet in den Server einzuloggen wird die Authentifizierung nicht angeboten:

telnet mailserver.domain.de 25 EHLO test 250-mailserver.domain.de 250-PIPELINING 250-SIZE 51200000 250-VRFY 250-ETRN 250-STARTTLS 250-ENHANCEDSTATUSCODES 250-8BITMIME 250 DSN AUTH LOGIN 503 5.5.1 Error: authentication not enabled

Die Optionen “smtp_sasl_auth_enable = yes” und “smtp_sasl_security_options = noanonymous” sind beide gesetzt und sollten doch dafür sorgen oder? Vor dem Update war es problemlos möglich sich per SMTP einzulogen.

root@mailserver:/var/log# postconf -M 25 inet n - n - - smtpd 465 inet n - n - - smtpd -o smtpd_sasl_auth_enable=yes -o smtpd_tls_wrappermode=yes 587 inet n - n - - smtpd -o smtpd_sasl_auth_enable=yes -o smtpd_enforce_tls=yes pickup fifo n - n 60 1 pickup cleanup unix n - n - 0 cleanup qmgr fifo n - n 300 1 qmgr rewrite unix - - n - - trivial-rewrite bounce unix - - n - 0 bounce defer unix - - n - 0 bounce verify unix - - n - 1 verify flush unix n - n 1000? 0 flush smtp unix - - n - - smtp showq unix n - n - - showq error unix - - n - - error local unix - n n - - local lmtp unix - - n - - lmtp relay unix - - n - - smtp trace unix - - n - 0 bounce proxymap unix - - n - - proxymap anvil unix - - n - 1 anvil scache unix - - - - 1 scache discard unix - - n - - discard tlsmgr unix - - n 1000? 1 tlsmgr smtp-amavis unix - - n - 2 smtp -o smtp_data_done_timeout=1200 -o smtp_send_xforward_command=yes -o disable_dns_lookups=yes 127.0.0.1:10025 inet n - n - - smtpd -o content_filter= -o local_recipient_maps= -o relay_recipient_maps= -o smtpd_restriction_classes= -o smtpd_client_restrictions= -o smtpd_helo_restrictions= -o smtpd_sender_restrictions= -o smtpd_recipient_restrictions=permit_mynetworks,reject -o mynetworks=127.0.0.0/8 -o smtpd_authorized_xforward_hosts=127.0.0.0/8 -o strict_rfc821_envelopes=yes -o smtpd_error_sleep_time=0 -o smtpd_soft_error_limit=1001 -o smtpd_hard_error_limit=1000

root@mailserver:/var/log# postconf -n alias_database = hash:/etc/aliases alias_maps = hash:/etc/aliases append_dot_mydomain = no broken_sasl_auth_clients = yes canonical_maps = hash:/etc/postfix/canonical command_directory = /usr/sbin config_directory = /etc/postfix content_filter = smtp-amavis:[127.0.0.1]:10024 daemon_directory = /usr/lib/postfix disable_vrfy_command = no inet_interfaces = all inet_protocols = ipv4 local_header_rewrite_clients = masquerade_domains = $mydomain masquerade_exceptions = root message_size_limit = 51200000 mydestination = $myhostname, localhost.$mydomain, localhost myhostname = mailserver.domain.de mynetworks = 127.0.0.0/8 192.168.10.0/24 myorigin = mailserver.domain.de relayhost = smtp.todo.de relocated_maps = hash:/etc/postfix/relocated smtp_helo_name = mailserver.domain.de smtp_sasl_auth_enable = yes smtp_sasl_password_maps = hash:/etc/postfix/smtp_auth smtp_sasl_security_options = noanonymous smtp_tls_exclude_ciphers = RC4, aNULL smtp_tls_loglevel = 0 smtp_tls_mandatory_protocols = !SSLv2,!SSLv3 smtp_tls_protocols = !SSLv2,!SSLv3 smtp_tls_security_level = may smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination, reject_unlisted_recipient smtpd_sasl_local_domain = smtpd_sasl_security_options = noanonymous smtpd_starttls_timeout = 300s smtpd_timeout = 300s smtpd_tls_auth_only = yes smtpd_tls_cert_file = /etc/univention/ssl/mailserver.domain.de/cert.pem smtpd_tls_dh1024_param_file = /etc/postfix/dh_2048.pem smtpd_tls_dh512_param_file = /etc/postfix/dh_512.pem smtpd_tls_eecdh_grade = strong smtpd_tls_exclude_ciphers = RC4, aNULL smtpd_tls_key_file = /etc/univention/ssl/mailserver.domain.de/private.key smtpd_tls_loglevel = 0 smtpd_tls_mandatory_protocols = !SSLv2,!SSLv3 smtpd_tls_protocols = smtpd_tls_received_header = no smtpd_tls_session_cache_timeout = 3600s smtpd_use_tls = yes tls_preempt_cipherlist = yes tls_random_source = dev:/dev/urandom transport_maps = hash:/etc/postfix/transport virtual_alias_domains = virtual_alias_maps = hash:/etc/postfix/virtual, ldap:/etc/postfix/ldap.groups, ldap:/etc/postfix/ldap.distlist, ldap:/etc/postfix/ldap.sharedfolderremote, ldap:/etc/postfix/ldap.sharedfolderlocal, ldap:/etc/postfix/ldap.virtual virtual_mailbox_domains = ldap:/etc/postfix/ldap.virtualdomains virtual_mailbox_maps = hash:/etc/postfix/virtual, ldap:/etc/postfix/ldap.groups, ldap:/etc/postfix/ldap.distlist, ldap:/etc/postfix/ldap.sharedfolderremote, ldap:/etc/postfix/ldap.sharedfolderlocal, ldap:/etc/postfix/ldap.virtual virtual_transport = lmtp:127.0.0.1:2003

Wäre super wenn hier jemand eine Idee hat.

VG


#2

Port 25 erlaubt keine Authenfizierung mehr, das ist korrekt so. Stattdessen sollte daher SMTPS (PORT 465) verwendet werden.