# Postfix vusers i vdomain

## lukiw

Zainstalowalem postfixa zgodnie z http://www.gentoo.org/doc/pl/virt-mail-howto.xml

Postfix obsluguje jedna domene wirtualna i jdna domene lokalna.

zalozylem konta userom.

Jedno dla domeny wirtualne i drugie w domenie lokalnej.

Uzytkownik z domeny lokalnej moze wysylac maile i odbierac i wszystko dziala wspaniale.

Natomiast uzytkownik nalezacy do domeny wirtualne odbiera maile ale nie moze wysylac.

System (smtp) nie moze odnales takiego uzytkownika co jest bardzo dziwne bo imap logowanie dziala i znajduje login i pass w bazie.

Ponizej przedstawiam logi i konfiguracje.

/var/log/messages

```
Dec 19 14:22:11 mail2 postfix/smtpd[8530]: < unknown[10.0.0.1]: AUTH PLAIN AGx1a2FzAGdlbnRvbw==

Dec 19 14:22:11 mail2 postfix/smtpd[8530]: xsasl_cyrus_server_first: sasl_method PLAIN, init_response AGx1a2FzAGdlbnRvbw==

Dec 19 14:22:11 mail2 postfix/smtpd[8530]: xsasl_cyrus_server_first: decoded initial response

Dec 19 14:22:11 mail2 saslauthd[7658]: pam_unix(smtp:auth): check pass; user unknown

Dec 19 14:22:11 mail2 saslauthd[7658]: pam_unix(smtp:auth): authentication failure; logname= uid=0 euid=0 tty= ruser= rhost=

Dec 19 14:22:13 mail2 saslauthd[7658]: DEBUG: auth_pam: pam_authenticate failed: Authentication failure

Dec 19 14:22:13 mail2 saslauthd[7658]: do_auth         : auth failure: [user=lukas] [service=smtp] [realm=] [mech=pam] [reason=PAM auth error]

Dec 19 14:22:13 mail2 postfix/smtpd[8530]: warning: SASL authentication failure: Password verification failed

Dec 19 14:22:13 mail2 postfix/smtpd[8530]: warning: unknown[10.0.0.1]: SASL PLAIN authentication failed: authentication failure

Dec 19 14:22:13 mail2 postfix/smtpd[8530]: > unknown[10.0.0.1]: 535 5.7.8 Error: authentication failed: authentication failure

Dec 19 14:22:13 mail2 postfix/smtpd[8530]: < unknown[10.0.0.1]: AUTH LOGIN

Dec 19 14:22:13 mail2 postfix/smtpd[8530]: xsasl_cyrus_server_first: sasl_method LOGIN

Dec 19 14:22:13 mail2 postfix/smtpd[8530]: xsasl_cyrus_server_auth_response: uncoded server challenge: Username:

Dec 19 14:22:13 mail2 postfix/smtpd[8530]: > unknown[10.0.0.1]: 334 VXNlcm5hbWU6

Dec 19 14:22:13 mail2 postfix/smtpd[8530]: < unknown[10.0.0.1]: xxxxxxxxxx

Dec 19 14:22:13 mail2 postfix/smtpd[8530]: xsasl_cyrus_server_next: decoded response: xxxxxxxx

Dec 19 14:22:13 mail2 postfix/smtpd[8530]: xsasl_cyrus_server_auth_response: uncoded server challenge: Password:

Dec 19 14:22:13 mail2 postfix/smtpd[8530]: > unknown[10.0.0.1]: 334 UGFzc3dvcmQ6

Dec 19 14:22:13 mail2 postfix/smtpd[8530]: < unknown[10.0.0.1]: xxxxxxxxxxxxx

Dec 19 14:22:13 mail2 postfix/smtpd[8530]: xsasl_cyrus_server_next: decoded response: xxxxxxxxx

Dec 19 14:22:13 mail2 saslauthd[7652]: pam_unix(smtp:auth): check pass; user unknown

Dec 19 14:22:13 mail2 saslauthd[7652]: pam_unix(smtp:auth): authentication failure; logname= uid=0 euid=0 tty= ruser= rhost=

Dec 19 14:22:15 mail2 saslauthd[7652]: DEBUG: auth_pam: pam_authenticate failed: Authentication failure

Dec 19 14:22:15 mail2 saslauthd[7652]: do_auth         : auth failure: [user=lukas] [service=smtp] [realm=] [mech=pam] [reason=PAM auth error]

Dec 19 14:22:15 mail2 postfix/smtpd[8530]: warning: unknown[10.0.0.1]: SASL LOGIN authentication failed: authentication failure

Dec 19 14:22:15 mail2 postfix/smtpd[8530]: > unknown[10.0.0.1]: 535 5.7.8 Error: authentication failed: authentication failure

Dec 19 14:22:17 mail2 postfix/smtpd[8530]: < unknown[10.0.0.1]: QUIT

Dec 19 14:22:17 mail2 postfix/smtpd[8530]: > unknown[10.0.0.1]: 221 2.0.0 Bye

Dec 19 14:22:17 mail2 postfix/smtpd[8530]: match_hostname: unknown ~? 10.0.0.0/24

Dec 19 14:22:17 mail2 postfix/smtpd[8530]: match_hostaddr: 10.0.0.1 ~? 10.0.0.0/24

Dec 19 14:22:17 mail2 postfix/smtpd[8530]: disconnect from unknown[10.0.0.1]

Dec 19 14:22:17 mail2 postfix/smtpd[8530]: master_notify: status 1

Dec 19 14:22:17 mail2 postfix/smtpd[8530]: connection closed

Dec 19 14:22:17 mail2 postfix/smtpd[8530]: auto_clnt_close: disconnect private/tlsmgr stream 
```

# postconf -n

```
alias_maps = mysql:/etc/postfix/mysql-aliases.cf

broken_sasl_auth_clients = yes

command_directory = /usr/sbin

config_directory = /etc/postfix

daemon_directory = /usr/lib64/postfix

data_directory = /var/lib/postfix

debug_peer_level = 2

default_destination_concurrency_limit = 10

home_mailbox = .maildir/

html_directory = /usr/share/doc/postfix-2.5.5/html

inet_interfaces = all

local_destination_concurrency_limit = 2

local_recipient_maps = $alias_maps $virtual_mailbox_maps unix:passwd.byname

local_transport = local

mail_owner = postfix

mailq_path = /usr/bin/mailq

manpage_directory = /usr/share/man

mydestination = mail2.linecom.com.pl, localhost

mydomain = linecom.com.pl

myhostname = mail2.linecom.com.pl

mynetworks = 10.0.0.0/24, 127.0.0.0/8

newaliases_path = /usr/bin/newaliases

queue_directory = /var/spool/postfix

readme_directory = /usr/share/doc/postfix-2.5.5/readme

relocated_maps = mysql:/etc/postfix/mysql-relocated.cf

sample_directory = /etc/postfix

sendmail_path = /usr/sbin/sendmail

setgid_group = postdrop

smtp_tls_note_starttls_offer = yes

smtp_use_tls = yes

smtpd_recipient_restrictions = permit_sasl_authenticated,  permit_mynetworks,  reject_unauth_destination

smtpd_sasl_auth_enable = yes

smtpd_sasl_local_domain =

smtpd_sasl_security_options = noanonymous

smtpd_tls_CAfile = /etc/postfix/cacert.pem

smtpd_tls_cert_file = /etc/postfix/newcert.pem

smtpd_tls_key_file = /etc/postfix/newkey.pem

smtpd_tls_loglevel = 3

smtpd_tls_received_header = yes

smtpd_tls_session_cache_timeout = 3600s

smtpd_use_tls = yes

tls_random_source = dev:/dev/urandom

unknown_local_recipient_reject_code = 550

virtual_alias_maps = mysql:/etc/postfix/mysql-virtual.cf

virtual_gid_maps = static:1001

virtual_mailbox_base = /

virtual_mailbox_domains = mail3.linecom.com.pl

virtual_mailbox_maps = mysql:/etc/postfix/mysql-virtual-maps.cf

virtual_minimum_uid = 1000

virtual_transport = virtual

virtual_uid_maps = static:1001 
```

Jesli potrzebne sa jeszcze jakies informacje to piszcie co jest jeszcze potrzebne.

----------

## Exil

poszukaj na forum "postfix authdaemonrc".

----------

## bartmarian

pokaż flagi saslauthd (jeżeli hasło w bazie jest szyfrowane, musisz mieć crypt)

EDIT

przemyśl postawienie LMS'a, będziesz miał większe możliwości, np ftp z bazy (apache, konta shell, obsługę baz danych)

----------

## lukiw

 *bartmarian wrote:*   

> pokaż flagi saslauthd (jeżeli hasło w bazie jest szyfrowane, musisz mieć crypt)
> 
> EDIT
> 
> przemyśl postawienie LMS'a, będziesz miał większe możliwości, np ftp z bazy (apache, konta shell, obsługę baz danych)

 

nie mam szyfrowanego hasla ze wzgledow szkoleniowych.

----------

