Prosíme přihlašte se nebo zaregistrujte.

Přihlašte se svým uživatelským jménem a heslem.

Autor Téma: přechod 7.10 > 8.04 problem SENDMAIL [vyřešeno]  (Přečteno 2598 krát)

marshall1727

  • Člen
  • **
  • Příspěvků: 307
    • Zobrazit profil
přechod 7.10 > 8.04 problem SENDMAIL [vyřešeno]
« kdy: 28 Říjen 2008, 21:55:06 »
dobry den,

standartnim způsobem jsem provedl upgrade z verze 7.10 na 8.04. Vyskytl se problem s možností autentifikace uživatele pro SMTP. vysvětlím jak jsou věci nastaveny.

- Server je na adrese v rozsahu vnitřní sítě a má svoje připojení k internetu a pevnou IP adresu a DNS záznam včetně reverzního.
- v případě odesílání pošty z LANu se nepoužívá autentifikace a vše funguje jak má.
- do upgrade fungovala autentifikace odesílatele mimo LAN síť jménem a heslem, které byly totožné s pop3 jménem a heslem.
- klient je thunderbird na windows

Nyní je situace taková, že funguje pop3 z venku ale s totožným jménem a heslem nefunguje autentifikace pro SMTP. z logu se dá vyčíst toto:

Kód: [Vybrat]
Oct 28 20:57:19 akserver sm-mta[8506]: NOQUEUE: connect from [213.211.33.146]
Oct 28 20:57:19 akserver sm-mta[8506]: AUTH: available mech=PLAIN LOGIN DIGEST-MD5 CRAM-MD5, allowed mech=LOGIN PLAIN
Oct 28 20:57:19 akserver sm-mta[8506]: m9SJvJ5s008506: Milter: no active filter
Oct 28 20:57:19 akserver sm-mta[8506]: m9SJvJ5s008506: --- 220 akserver.advokati.biz ESMTP Sendmail 8.14.2/8.14.2/Debian-2build1; Tue, 28 Oct 2008 20:57:19 +0100; (No UCE/UBE) logging access from: [213.211.33.146](FAIL)-[213.211.33.146]
Oct 28 20:57:19 akserver sm-mta[8506]: m9SJvJ5s008506: <-- EHLO [127.0.0.1]
Oct 28 20:57:19 akserver sm-mta[8506]: m9SJvJ5s008506: --- 250-akserver.advokati.biz Hello [213.211.33.146], pleased to meet you
Oct 28 20:57:19 akserver sm-mta[8506]: m9SJvJ5s008506: --- 250-ENHANCEDSTATUSCODES
Oct 28 20:57:19 akserver sm-mta[8506]: m9SJvJ5s008506: --- 250-PIPELINING
Oct 28 20:57:19 akserver sm-mta[8506]: m9SJvJ5s008506: --- 250-8BITMIME
Oct 28 20:57:19 akserver sm-mta[8506]: m9SJvJ5s008506: --- 250-SIZE
Oct 28 20:57:19 akserver sm-mta[8506]: m9SJvJ5s008506: --- 250-DSN
Oct 28 20:57:19 akserver sm-mta[8506]: m9SJvJ5s008506: --- 250-ETRN
Oct 28 20:57:19 akserver sm-mta[8506]: m9SJvJ5s008506: --- 250-AUTH LOGIN PLAIN
Oct 28 20:57:19 akserver sm-mta[8506]: m9SJvJ5s008506: --- 250-DELIVERBY
Oct 28 20:57:19 akserver sm-mta[8506]: m9SJvJ5s008506: --- 250 HELP
Oct 28 20:57:27 akserver sm-mta[8506]: m9SJvJ5s008506: <-- AUTH PLAIN AGhyYmFjAGhyYmFjMTcyNw==
Oct 28 20:57:27 akserver sm-mta[8506]: m9SJvJ5s008506: --- 535 5.7.0 authentication failed
Oct 28 20:57:27 akserver sm-mta[8506]: m9SJvJ5s008506: AUTH failure (PLAIN): generic failure (-1) SASL(-1): generic failure: Password verification failed
Oct 28 20:57:27 akserver sm-mta[8506]: m9SJvJ5s008506: <-- AUTH LOGIN
Oct 28 20:57:27 akserver sm-mta[8506]: m9SJvJ5s008506: --- 334 VXNlcm5hbWU6
Oct 28 20:57:28 akserver sm-mta[8506]: m9SJvJ5s008506: --- 334 UGFzc3dvcmQ6
Oct 28 20:57:28 akserver sm-mta[8506]: m9SJvJ5s008506: --- 535 5.7.0 authentication failed
Oct 28 20:57:28 akserver sm-mta[8506]: m9SJvJ5s008506: AUTH failure (LOGIN): generic failure (-1) SASL(-1): generic failure: checkpass failed
Oct 28 20:58:09 akserver sm-mta[8506]: m9SJvJ5s008506: <-- AUTH PLAIN AGhyYmFjAGRhbjE3Mjc=
Oct 28 20:58:09 akserver sm-mta[8506]: m9SJvJ5s008506: --- 535 5.7.0 authentication failed
Oct 28 20:58:09 akserver sm-mta[8506]: m9SJvJ5s008506: AUTH failure (PLAIN): generic failure (-1) SASL(-1): generic failure: Password verification failed
Oct 28 20:58:09 akserver sm-mta[8506]: m9SJvJ5s008506: <-- AUTH LOGIN
Oct 28 20:58:09 akserver sm-mta[8506]: m9SJvJ5s008506: --- 334 VXNlcm5hbWU6
Oct 28 20:58:09 akserver sm-mta[8506]: m9SJvJ5s008506: --- 334 UGFzc3dvcmQ6
Oct 28 20:58:09 akserver sm-mta[8506]: m9SJvJ5s008506: --- 535 5.7.0 authentication failed
Oct 28 20:58:09 akserver sm-mta[8506]: m9SJvJ5s008506: AUTH failure (LOGIN): generic failure (-1) SASL(-1): generic failure: checkpass failed

konfigurák vypadá takto:

Kód: [Vybrat]
divert(-1)
dnl This is the macro config file used to generate the /etc/sendmail.cf
dnl file. If you modify the file you will have to regenerate the
dnl /etc/sendmail.cf by running this macro config through the m4
dnl preprocessor:
dnl
dnl        m4 /etc/sendmail.mc > /etc/sendmail.cf
dnl
dnl You will need to have the sendmail-cf package installed for this to
dnl work.
dnl include(`../m4/cf.m4')dnl
include(`/usr/share/sendmail-cf/m4/cf.m4')dnl
define(`confDEF_USER_ID',``mail:mail'')dnl
OSTYPE(`debian')dnl
DOMAIN(`debian-mta')dnl
dnl # Items controlled by /etc/mail/sendmail.conf - DO NOT TOUCH HERE
undefine(`confHOST_STATUS_DIRECTORY')dnl #DAEMON_HOSTSTATS
dnl # Items controlled by /etc/mail/sendmail.conf - DO NOT TOUCH HERE
undefine(`UUCP_RELAY')dnl
undefine(`BITNET_RELAY')dnl
define(`confALIAS_WAIT', `30')dnl
define(`confTO_CONNECT', `1m')dnl
define(`confTRY_NULL_MX_LIST',true)dnl
define(`confDONT_PROBE_INTERFACES',true)dnl
define(`PROCMAIL_MAILER_PATH',`/usr/bin/procmail')dnl
dnl define delivery mode: interactive, background, or queued
dnl define(`confDELIVERY_MODE', `i')dnl
define(`confMAX_QUEUE_CHILDREN',1)
MASQUERADE_AS(`localhost.localdomain')dnl
FEATURE(`limited_masquerade')dnl
FEATURE(`masquerade_envelope')dnl
FEATURE(`smrsh')dnl
FEATURE(mailertable)dnl
dnl virtusertable: redirect incoming mail to virtual domain to particular user or domain
FEATURE(`virtusertable',`hash -o /etc/mail/virtusertable')dnl
dnl genericstable: rewrite sender address for outgoing mail
FEATURE(genericstable)dnl
FEATURE(always_add_domain)dnl
FEATURE(redirect)dnl
FEATURE(use_cw_file)dnl
FEATURE(local_procmail)dnl
FEATURE(`access_db')dnl
FEATURE(`blacklist_recipients')dnl
FEATURE(`relay_based_on_MX')dnl
dnl FEATURE(dnsbl, `blackholes.mail-abuse.org', `Rejected - see  http://www.mail-abuse.org/rbl/')dnl
dnl FEATURE(dnsbl, `dialups.mail-abuse.org', `Dialup - see http://www.mail-abuse.org/dul/')dnl
dnl FEATURE(dnsbl, `relays.mail-abuse.org', `Open spam relay - see http://www.mail-abuse.org/rss/')dnl
FEATURE(`delay_checks')dnl
FEATURE(`stickyhost')dnl
dnl SASL Configuration
dnl extract from http://www.sendmail.org/~ca/email/auth.html
dnl
dnl Next two lines are for SMTP Authentication
TRUST_AUTH_MECH(`LOGIN PLAIN')dnl
define(`confAUTH_MECHANISMS', `LOGIN PLAIN')dnl
dnl
dnl Next line stops sendmail from allowing auth without encryption
dnl define(`confAUTH_OPTIONS', `A p y')dnl
dnl
dnl STARTTLS configuration
dnl extract from http://www.sendmail.org/~ca/email/starttls.html
dnl
dnl define(`CERT_DIR', `/etc/ssl/sendmail')dnl
dnl define(`confCACERT_PATH', `CERT_DIR')dnl
dnl define(`confCACERT', `CERT_DIR/CAcert.pem')dnl
dnl define(`confSERVER_CERT', `CERT_DIR/MYcert.pem')dnl
dnl define(`confSERVER_KEY', `CERT_DIR/MYkey.pem')dnl
dnl define(`confCLIENT_CERT', `CERT_DIR/MYcert.pem')dnl
dnl define(`confCLIENT_KEY', `CERT_DIR/MYkey.pem')dnl
dnl
dnl Uncomment next lines to hide identity of mail serve
define(`confPRIVACY_FLAGS',`goaway,restrictqrun,restrictmailq')dnl
dnl define(`confSMTP_LOGIN_MSG', `$j server ready at $b')dnl
FEATURE(`accept_unresolvable_domains')dnl
dnl FEATURE(`nodns')dnl
FEATURE(`nocanonify')dnl

MAILER(smtp)dnl
MAILER(procmail)dnl

undefine(`SMART_HOST')

otázka tedy zní.

nevíte někdo co se změnilo, že to nefunguje?
« Poslední změna: 30 Říjen 2008, 13:22:39 od Petr Merlin Vaněček »
--
koupil jsem si nový server a ladím ho. proto to zde spamuju. (2xXeon5110; IntelServerBoard S5000PSL; 2x2x1GbECC;4xRaptor150G)

marshall1727

  • Člen
  • **
  • Příspěvků: 307
    • Zobrazit profil
Re: přechod 7.10 > 8.04 problem SENDMAIL [VYRESENO]
« Odpověď #1 kdy: 29 Říjen 2008, 22:00:31 »
no takze pri upgrade si ubuntu myslelo ze je chytrejsi a sahalo kam nemelo. v novem konfiguraku byl jeden radek zakomentovany a to delalo problemy
Kód: [Vybrat]
define(`confAUTH_OPTIONS', `A p y')dnl
po jeho odkomentovani se zda ze to funguje.
--
koupil jsem si nový server a ladím ho. proto to zde spamuju. (2xXeon5110; IntelServerBoard S5000PSL; 2x2x1GbECC;4xRaptor150G)