Hallo zusammen,
nach dem Update meines UCS Zarafa Servers von 4.0.3 auf 4.1.1 funktioniert die Authentifizierung am Postfix nicht mehr.
Mails können nur noch von Clients im Netzwerk welche unter der Variable “mail/postfix/mynetworks” gesetzt sind offenbar ohne Authentifizierung versendet werden.
Beim Versuch sich per Telnet in den Server einzuloggen wird die Authentifizierung nicht angeboten:
telnet mailserver.domain.de 25
EHLO test
250-mailserver.domain.de
250-PIPELINING
250-SIZE 51200000
250-VRFY
250-ETRN
250-STARTTLS
250-ENHANCEDSTATUSCODES
250-8BITMIME
250 DSN
AUTH LOGIN
503 5.5.1 Error: authentication not enabled
Die Optionen “smtp_sasl_auth_enable = yes” und “smtp_sasl_security_options = noanonymous” sind beide gesetzt und sollten doch dafür sorgen oder? Vor dem Update war es problemlos möglich sich per SMTP einzulogen.
root@mailserver:/var/log# postconf -M
25 inet n - n - - smtpd
465 inet n - n - - smtpd -o smtpd_sasl_auth_enable=yes -o smtpd_tls_wrappermode=yes
587 inet n - n - - smtpd -o smtpd_sasl_auth_enable=yes -o smtpd_enforce_tls=yes
pickup fifo n - n 60 1 pickup
cleanup unix n - n - 0 cleanup
qmgr fifo n - n 300 1 qmgr
rewrite unix - - n - - trivial-rewrite
bounce unix - - n - 0 bounce
defer unix - - n - 0 bounce
verify unix - - n - 1 verify
flush unix n - n 1000? 0 flush
smtp unix - - n - - smtp
showq unix n - n - - showq
error unix - - n - - error
local unix - n n - - local
lmtp unix - - n - - lmtp
relay unix - - n - - smtp
trace unix - - n - 0 bounce
proxymap unix - - n - - proxymap
anvil unix - - n - 1 anvil
scache unix - - - - 1 scache
discard unix - - n - - discard
tlsmgr unix - - n 1000? 1 tlsmgr
smtp-amavis unix - - n - 2 smtp -o smtp_data_done_timeout=1200 -o smtp_send_xforward_command=yes -o disable_dns_lookups=yes
127.0.0.1:10025 inet n - n - - smtpd -o content_filter= -o local_recipient_maps= -o relay_recipient_maps= -o smtpd_restriction_classes= -o smtpd_client_restrictions= -o smtpd_helo_restrictions= -o smtpd_sender_restrictions= -o smtpd_recipient_restrictions=permit_mynetworks,reject -o mynetworks=127.0.0.0/8 -o smtpd_authorized_xforward_hosts=127.0.0.0/8 -o strict_rfc821_envelopes=yes -o smtpd_error_sleep_time=0 -o smtpd_soft_error_limit=1001 -o smtpd_hard_error_limit=1000
root@mailserver:/var/log# postconf -n
alias_database = hash:/etc/aliases
alias_maps = hash:/etc/aliases
append_dot_mydomain = no
broken_sasl_auth_clients = yes
canonical_maps = hash:/etc/postfix/canonical
command_directory = /usr/sbin
config_directory = /etc/postfix
content_filter = smtp-amavis:[127.0.0.1]:10024
daemon_directory = /usr/lib/postfix
disable_vrfy_command = no
inet_interfaces = all
inet_protocols = ipv4
local_header_rewrite_clients =
masquerade_domains = $mydomain
masquerade_exceptions = root
message_size_limit = 51200000
mydestination = $myhostname, localhost.$mydomain, localhost
myhostname = mailserver.domain.de
mynetworks = 127.0.0.0/8 192.168.10.0/24
myorigin = mailserver.domain.de
relayhost = smtp.todo.de
relocated_maps = hash:/etc/postfix/relocated
smtp_helo_name = mailserver.domain.de
smtp_sasl_auth_enable = yes
smtp_sasl_password_maps = hash:/etc/postfix/smtp_auth
smtp_sasl_security_options = noanonymous
smtp_tls_exclude_ciphers = RC4, aNULL
smtp_tls_loglevel = 0
smtp_tls_mandatory_protocols = !SSLv2,!SSLv3
smtp_tls_protocols = !SSLv2,!SSLv3
smtp_tls_security_level = may
smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination, reject_unlisted_recipient
smtpd_sasl_local_domain =
smtpd_sasl_security_options = noanonymous
smtpd_starttls_timeout = 300s
smtpd_timeout = 300s
smtpd_tls_auth_only = yes
smtpd_tls_cert_file = /etc/univention/ssl/mailserver.domain.de/cert.pem
smtpd_tls_dh1024_param_file = /etc/postfix/dh_2048.pem
smtpd_tls_dh512_param_file = /etc/postfix/dh_512.pem
smtpd_tls_eecdh_grade = strong
smtpd_tls_exclude_ciphers = RC4, aNULL
smtpd_tls_key_file = /etc/univention/ssl/mailserver.domain.de/private.key
smtpd_tls_loglevel = 0
smtpd_tls_mandatory_protocols = !SSLv2,!SSLv3
smtpd_tls_protocols =
smtpd_tls_received_header = no
smtpd_tls_session_cache_timeout = 3600s
smtpd_use_tls = yes
tls_preempt_cipherlist = yes
tls_random_source = dev:/dev/urandom
transport_maps = hash:/etc/postfix/transport
virtual_alias_domains =
virtual_alias_maps = hash:/etc/postfix/virtual, ldap:/etc/postfix/ldap.groups, ldap:/etc/postfix/ldap.distlist, ldap:/etc/postfix/ldap.sharedfolderremote, ldap:/etc/postfix/ldap.sharedfolderlocal, ldap:/etc/postfix/ldap.virtual
virtual_mailbox_domains = ldap:/etc/postfix/ldap.virtualdomains
virtual_mailbox_maps = hash:/etc/postfix/virtual, ldap:/etc/postfix/ldap.groups, ldap:/etc/postfix/ldap.distlist, ldap:/etc/postfix/ldap.sharedfolderremote, ldap:/etc/postfix/ldap.sharedfolderlocal, ldap:/etc/postfix/ldap.virtual
virtual_transport = lmtp:127.0.0.1:2003
Wäre super wenn hier jemand eine Idee hat.
VG