Unterschiede

Hier werden die Unterschiede zwischen zwei Versionen angezeigt.

--- centos:mail_c7:postfix3_8 [10.02.2019 07:49. ] – [Test der Authentifizierung] django
+++ centos:mail_c7:postfix3_8 [10.02.2019 09:37. ] – [Links] django
@@ Zeile 827: / Zeile 827: @@
 ==== Test der Authentifizierung ====
+Nun testen wir die unterschiedlichen Authentifizierungsvarianten, die der Server unseren Clients anbietet.
+<WRAP center round tip 80%>
+Bei den einzelnen Tests geben wir aber das Passwort __nicht__ als Option in der Befehlszeile mit, schließlich wollen wir ja nicht, dass in der bash-History dieses entsprechend auffindbar ist!
-<WRAP center round todo 30%>
-FIXME FIXME FIXME
-  * //**... working in progres!**//
-FIXME FIXME FIXME
 </WRAP>
+=== PLAIN ===
+Als erstes testen wir den **PLAIN**-Mechanismus:
+Nach Aufruf von **swaks** werden wir nach dem zugehörigen Passwort gefragt. Anschließend sehen wir den SMTP-Dialog zwischen dem Client "swaks" und dem Server "postfix".
+   # swaks --to django@nausch.org --from michael@nausch.org --auth PLAIN --auth-user michael@nausch.org --protocol ESMTPS \\
+           --header-X-Test "test email" --server 10.0.0.80:587
+  Password: DAx1d13g31l354u!
+<code>=== Trying 10.0.0.80:587...
+=== Connected to 10.0.0.80.
+<-  220 mx1.nausch.org ESMTP Postfix
+ -> EHLO vml000080.dmz.nausch.org
+<-  250-mx1.nausch.org
+<-  250-PIPELINING
+<-  250-SIZE 52428800
+<-  250-ETRN
+<-  250-STARTTLS
+<-  250-ENHANCEDSTATUSCODES
+<-  250-8BITMIME
+<-  250-DSN
+<-  250 SMTPUTF8
+ -> STARTTLS
+<-  220 2.0.0 Ready to start TLS
+=== TLS started with cipher TLSv1.2:ECDHE-RSA-AES256-GCM-SHA384:256
+=== TLS no local certificate set
+=== TLS peer DN="/OU=Domain Control Validated/CN=*.nausch.org"
+ ~> EHLO vml000080.dmz.nausch.org
+<~  250-mx1.nausch.org
+<~  250-PIPELINING
+<~  250-SIZE 52428800
+<~  250-ETRN
+<~  250-AUTH PLAIN LOGIN DIGEST-MD5 CRAM-MD5 NTLM
+<~  250-AUTH=PLAIN LOGIN DIGEST-MD5 CRAM-MD5 NTLM
+<~  250-ENHANCEDSTATUSCODES
+<~  250-8BITMIME
+<~  250-DSN
+<~  250 SMTPUTF8
+ ~> AUTH PLAIN AG1pY2hhZWxAbmF1c2NoLm9yZwBEQXgxZDEzZzMxbDM1NHUh
+<~  235 2.7.0 Authentication successful
+ ~> MAIL FROM:<michael@nausch.org>
+<~  250 2.1.0 Ok
+ ~> RCPT TO:<django@nausch.org>
+<~  250 2.1.5 Ok
+ ~> DATA
+<~  354 End data with <CR><LF>.<CR><LF>
+ ~> Date: Sun, 10 Feb 2019 09:40:26 +0100
+ ~> To: django@nausch.org
+ ~> From: michael@nausch.org
+ ~> Subject: test Sun, 10 Feb 2019 09:40:26 +0100
+ ~> Message-Id: <20190210094026.027182@vml000080.dmz.nausch.org>
+ ~> X-Mailer: swaks v20170101.0 jetmore.org/john/code/swaks/
+ ~> X-Test: test email
+ ~>
+ ~> This is a test mailing
+ ~>
+ ~> .
+<~  250 2.0.0 Ok: queued as 0F3B560008B
+ ~> QUIT
+<~  221 2.0.0 Bye
+=== Connection closed with remote host.
+</code>
-Zum leichteren Testen der Authentifizierung greifen wir auf das "Schweitzer Taschenmesser für SMTP" kurz **[[http://www.jetmore.org/john/code/swaks/|SWAKS]]** zurück. Vor allem beim Testen der **[[http://de.wikipedia.org/wiki/Challenge-Response-Authentifizierung|Challenge-Response-Authentifizierung]]** unterstützt uns **swaks** ebenso, wie beim Tippen der einzelnen SMTP-Befehle.
+Im Maillog wird die erfolgreiche Authentifizierung und die weitere Verarbeitung unserer Mail entsprechend dokumentiert.
+   # less /var/log/maillog
+<code>Feb 10 09:40:35 vml000080 postfix/submission/smtpd[27183]: connect from vml000080.dmz.nausch.org[10.0.0.80]
+Feb 10 09:40:36 vml000080 postfix/submission/smtpd[27183]: Anonymous TLS connection established from vml000080.dmz.nausch.org[10.0.0.80]: TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)
+Feb 10 09:40:36 vml000080 postfix/submission/smtpd[27183]: 0F3B560008B: client=vml000080.dmz.nausch.org[10.0.0.80], sasl_method=PLAIN, sasl_username=michael@nausch.org
+Feb 10 09:40:36 vml000080 postfix/cleanup[27187]: 0F3B560008B: message-id=<20190210094026.027182@vml000080.dmz.nausch.org>
+Feb 10 09:40:36 vml000080 postfix/qmgr[26334]: 0F3B560008B: from=<michael@nausch.org>, size=527, nrcpt=1 (queue active)
+Feb 10 09:40:36 vml000080 postfix/submission/smtpd[27183]: disconnect from vml000080.dmz.nausch.org[10.0.0.80] ehlo=2 starttls=1 auth=1 mail=1 rcpt=1 data=1 quit=1 commands=8
+</code>
-Nach Aufruf von **swaks** werden wir nach dem zugehörigen Passwort gefragt. Anschließend sehen wir den SMTP-Dialog zwischen dem Cilene "swaks" und dem Server "postfix".
+=== LOGIN ===
+Als nächstes testen wir die Variante LOGIN - hier wird im Gegensatz zum vorheringen Auth-Mechanismus PLAIN die Anmeldekennung und das zugehörige Passwort zusammen in einem String sondern separat übergeben.
-   # swaks --to django@nausch.org --from michael@nausch.org --auth LOGIN --auth-user michael@nausch.org --header-X-Test "test email" --server 10.0.0.87
+   # swaks --to django@nausch.org --from michael@nausch.org --auth PLAIN --auth-user michael@nausch.org --protocol ESMTPS \\
+           --header-X-Test "test email" --server 10.0.0.80:587
-   Password: DAx1d13g31l354u!
+  Password: DAx1d13g31l354u!
-<code>=== Trying 10.0.0.87:25...
+<code>=== Trying 10.0.0.80:587...
-=== Connected to 10.0.0.87.
+=== Connected to 10.0.0.80.
-<-  220 mx01.nausch.org ESMTP Postfix
+<-  220 mx1.nausch.org ESMTP Postfix
- -> EHLO vml000087.dmz.nausch.org
+ -> EHLO vml000080.dmz.nausch.org
-<-  250-mx01.nausch.org
+<-  250-mx1.nausch.org
 <-  250-PIPELINING
 <-  250-SIZE 52428800
 <-  250-ETRN
 <-  250-STARTTLS
-<-  250-AUTH PLAIN LOGIN CRAM-MD5 DIGEST-MD5 NTLM
-<-  250-AUTH=PLAIN LOGIN CRAM-MD5 DIGEST-MD5 NTLM
 <-  250-ENHANCEDSTATUSCODES
 <-  250-8BITMIME
-<-  250 DSN
+<-  250-DSN
- -> AUTH LOGIN
+<-  250 SMTPUTF8
-<-  334 VXNlcm5hbWU6
+ -> STARTTLS
- -> bWljaGFl69BuYXVzY2gub3Jn
+<-  220 2.0.0 Ready to start TLS
-<-  334 UGFzc3dvcQ69
+=== TLS started with cipher TLSv1.2:ECDHE-RSA-AES256-GCM-SHA384:256
- -> RGQ0bWRkMyE=
+=== TLS no local certificate set
-<-  235 2.7.0 Authentication successful
+=== TLS peer DN="/OU=Domain Control Validated/CN=*.nausch.org"
- -> MAIL FROM:<michael@nausch.org>
+ ~> EHLO vml000080.dmz.nausch.org
-<-  250 2.1.0 Ok
+<~  250-mx1.nausch.org
- -> RCPT TO:<django@nausch.org>
+<~  250-PIPELINING
-<-  250 2.1.5 Ok
+<~  250-SIZE 52428800
- -> DATA
+<~  250-ETRN
-<-  354 End data with <CR><LF>.<CR><LF>
+<~  250-AUTH PLAIN LOGIN DIGEST-MD5 CRAM-MD5 NTLM
- -> Date: Tue, 28 Oct 2014 22:59:26 +0100
+<~  250-AUTH=PLAIN LOGIN DIGEST-MD5 CRAM-MD5 NTLM
- -> To: django@nausch.org
+<~  250-ENHANCEDSTATUSCODES
- -> From: michael@nausch.org
+<~  250-8BITMIME
- -> Subject: test Tue, 28 Oct 2014 22:59:26 +0100
+<~  250-DSN
- -> X-Mailer: swaks v20130209.0 jetmore.org/john/code/swaks/
+<~  250 SMTPUTF8
- -> X-Test: test email
+ ~> AUTH LOGIN
- ->
+<~  334 VXNlcm5hbWU6
- -> This is a test mailing
+ ~> bWljaGFlbEBuYXVzY2gub3Jn
- ->
+<~  334 UGFzc3dvcmQ6
- -> .
+ ~> REF4MWQxM2czMWwzNTR1IQ==
-<-  250 2.0.0 Ok: queued as DE611C00088
+<~  235 2.7.0 Authentication successful
- -> QUIT
+ ~> MAIL FROM:<michael@nausch.org>
-<-  221 2.0.0 Bye
+<~  250 2.1.0 Ok
-=== Connection closed with remote host.
+ ~> RCPT TO:<django@nausch.org>
-</code>
+<~  250 2.1.5 Ok
+ ~> DATA
+<~  354 End data with <CR><LF>.<CR><LF>
+ ~> Date: Sun, 10 Feb 2019 10:02:32 +0100
+ ~> To: django@nausch.org
+ ~> From: michael@nausch.org
+ ~> Subject: test Sun, 10 Feb 2019 10:02:32 +0100
+ ~> Message-Id: <20190210100232.027213@vml000080.dmz.nausch.org>
+ ~> X-Mailer: swaks v20170101.0 jetmore.org/john/code/swaks/
+ ~> X-Test: test email
+ ~>
+ ~> This is a test mailing
+ ~>
+ ~> .
+<~  250 2.0.0 Ok: queued as 27AC960008B
+ ~> QUIT
+<~  221 2.0.0 Bye
+=== Connection closed with remote host.</code>
 Im Maillog wird die erfolgreiche Authentifizierung und die weitere Verarbeitung unserer Mail entsprechend dokumentiert.
    # less /var/log/maillog
-<code>Oct 28 22:59:34 vml000087 postfix/smtpd[27693]: connect from vml000087.dmz.nausch.org[10.0.0.87]
+<code>Feb 10 10:02:39 vml000080 postfix/submission/smtpd[27214]: connect from vml000080.dmz.nausch.org[10.0.0.80]
-Oct 28 22:59:34 vml000087 postfix/smtpd[27693]: DE611C00088: client=vml000087.dmz.nausch.org[10.0.0.87], sasl_method=LOGIN, sasl_username=michael@nausch.org
+Feb 10 10:02:39 vml000080 postfix/submission/smtpd[27214]: Anonymous TLS connection established from vml000080.dmz.nausch.org[10.0.0.80]: TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)
-Oct 28 22:59:34 vml000087 postfix/cleanup[27698]: DE611C00088: message-id=<20141028215934.DE611C00088@mx01.nausch.org>
+Feb 10 10:02:39 vml000080 postfix/submission/smtpd[27214]: 27AC960008B: client=vml000080.dmz.nausch.org[10.0.0.80], sasl_method=LOGIN, sasl_username=michael@nausch.org
-Oct 28 22:59:34 vml000087 postfix/qmgr[27526]: DE611C00088: from=<michael@nausch.org>, size=502, nrcpt=1 (queue active)
+Feb 10 10:02:39 vml000080 postfix/cleanup[27218]: 27AC960008B: message-id=<20190210100232.027213@vml000080.dmz.nausch.org>
-Oct 28 22:59:34 vml000087 postfix/smtpd[27693]: disconnect from vml000087.dmz.nausch.org[10.0.0.87]
+Feb 10 10:02:39 vml000080 postfix/qmgr[26334]: 27AC960008B: from=<michael@nausch.org>, size=527, nrcpt=1 (queue active)
-Oct 28 22:59:35 vml000087 postfix/lmtp[27699]: DE611C00088: to=<django@nausch.org>, relay=10.0.0.77[10.0.0.77]:24, delay=0.38, delays=0.06/0.01/0/0.31, dsn=2.0.0, status=sent (250 2.0.0 <django@nausch.org> l2nwKlYRUFSFQwAArK2B9Q Saved)
+Feb 10 10:02:39 vml000080 postfix/submission/smtpd[27214]: disconnect from vml000080.dmz.nausch.org[10.0.0.80] ehlo=2 starttls=1 auth=1 mail=1 rcpt=1 data=1 quit=1 commands=8
-Oct 28 22:59:35 vml000087 postfix/qmgr[27526]: DE611C00088: removed
+Feb 10 10:02:40 vml000080 postfix/smtp[27221]: 27AC960008B: to=<django@nausch.org>, relay=10.0.0.67[10.0.0.67]:10024, delay=0.86, delays=0.03/0.03/0.01/0.8, dsn=2.0.0, status=sent (250 2.0.0 from MTA(smtp:[10.0.0.87]:10025): 250 2.0.0 Ok: queued as F078AC0008A)
+Feb 10 10:02:40 vml000080 postfix/qmgr[26334]: 27AC960008B: removed
 </code>
-**swaks** beherrscht natürlich auch das Verfahren **CRAM-MD5**:
+=== DIGEST-MD5 ===
-   # swaks --to django@nausch.org --from michael@nausch.org --auth CRAM-MD5 --auth-user michael@nausch.org --header-X-Test "test email" --server 10.0.0.87
+Als nächstes testen wir die Variante [[https://de.wikipedia.org/wiki/Message-Digest_Algorithm_5|DIGEST-MD5]] - hier wird im Gegensatz zu den beiden vorherigen Varianten nicht mehr der Anmeldenamen und das Passwort BASE64 kodiert übertragen, sondern ein mit einem Einmalhashwert codiert übertragen.
-   Password: DAx1d13g31l354u!
+   # swaks --to django@nausch.org --from michael@nausch.org --auth DIGEST-MD5 --auth-user michael@nausch.org --protocol ESMTPS \\
+           --header-X-Test "test email" --server 10.0.0.80:587
-<code>=== Trying 10.0.0.87:25...
+  Password: DAx1d13g31l354u!
-=== Connected to 10.0.0.87.
-<-  220 mx01.nausch.org ESMTP Postfix
+<code>=== Trying 10.0.0.80:587...
- -> EHLO vml000087.dmz.nausch.org
+=== Connected to 10.0.0.80.
-<-  250-mx01.nausch.org
+<-  220 mx1.nausch.org ESMTP Postfix
+ -> EHLO vml000080.dmz.nausch.org
+<-  250-mx1.nausch.org
 <-  250-PIPELINING
 <-  250-SIZE 52428800
 <-  250-ETRN
 <-  250-STARTTLS
-<-  250-AUTH PLAIN LOGIN CRAM-MD5 DIGEST-MD5 NTLM
-<-  250-AUTH=PLAIN LOGIN CRAM-MD5 DIGEST-MD5 NTLM
 <-  250-ENHANCEDSTATUSCODES
 <-  250-8BITMIME
-<-  250 DSN
+<-  250-DSN
- -> AUTH CRAM-MD5
+<-  250 SMTPUTF8
-<-  334 PDI2OTAzMjcP1ffp4ff0NzA1MUBteDAxLm5hdXNjaC5vcmc+
+ -> STARTTLS
- -> bWljaGP1ffp4ffFlbEBuYXVzY2MwNzczOTg2ZmQ1ZjP1ffp4ffUzOWNkOWE0YTM1ZGMx
+<-  220 2.0.0 Ready to start TLS
-<-  235 2.7.0 Authentication successful
+=== TLS started with cipher TLSv1.2:ECDHE-RSA-AES256-GCM-SHA384:256
- -> MAIL FROM:<michael@nausch.org>
+=== TLS no local certificate set
-<-  250 2.1.0 Ok
+=== TLS peer DN="/OU=Domain Control Validated/CN=*.nausch.org"
- -> RCPT TO:<django@nausch.org>
+ ~> EHLO vml000080.dmz.nausch.org
-<-  250 2.1.5 Ok
+<~  250-mx1.nausch.org
- -> DATA
+<~  250-PIPELINING
-<-  354 End data with <CR><LF>.<CR><LF>
+<~  250-SIZE 52428800
- -> Date: Tue, 28 Oct 2014 22:51:47 +0100
+<~  250-ETRN
- -> To: django@nausch.org
+<~  250-AUTH PLAIN LOGIN DIGEST-MD5 CRAM-MD5 NTLM
- -> From: michael@nausch.org
+<~  250-AUTH=PLAIN LOGIN DIGEST-MD5 CRAM-MD5 NTLM
- -> Subject: test Tue, 28 Oct 2014 22:51:47 +0100
+<~  250-ENHANCEDSTATUSCODES
- -> X-Mailer: swaks v20130209.0 jetmore.org/john/code/swaks/
+<~  250-8BITMIME
- -> X-Test: test email
+<~  250-DSN
- ->
+<~  250 SMTPUTF8
- -> This is a test mailing
+ ~> AUTH DIGEST-MD5
- ->
+<~  334 cmVhbG09IiIsbm9uYGYtOCIsYWx2U9Inh0MUNJbmlwR0VNamNySmN2NndO9wPSJhdXRoIixjaGFyc2V0PSJ1dnb3JpdGhtPSJtZDUtc2dXc9PSIscWVzcyI=
- -> .
+ ~> Y2hhcnNldD11dm9uY2U9IjgGYtOCxjbwNzJkMTcwNDMxYTlkODkwMGE4Yjk5ZDdhNDQ5YjY4IixkaWtdXJpPSJzbXRwLdlc3QzEwLjAuMC44MCIsbmM9MDAwMDAwMDEsbm9uY2U9Inh0MUNJbmlwR0VNdOdXc9PSIscW9wPWF1dGgscmVhbG09IiIscmVzcG9uc2U9M2U2MTJhODc5MTgzZjNiZmRhYTdkY2EyMzZkNTdhZDYsdXNlcm5hbWU9Im1pY2hhZWxAbmF1c2NoLm9yZyamNySmN2NnI=
-<-  250 2.0.0 Ok: queued as CCB35C00088
+<~  334 cYXV0anNwD0zMWE1ZDQzMWQwOTMjUzMJiYTU2ZjcwjcyZDIzMjg0Yg==
- -> QUIT
+ ~>
-<-  221 2.0.0 Bye
+<~  235 2.7.0 Authentication successful
-=== Connection closed with remote host.
+ ~> MAIL FROM:<michael@nausch.org>
-</code>
+<~  250 2.1.0 Ok
+ ~> RCPT TO:<django@nausch.org>
+<~  250 2.1.5 Ok
+ ~> DATA
+<~  354 End data with <CR><LF>.<CR><LF>
+ ~> Date: Sun, 10 Feb 2019 10:11:45 +0100
+ ~> To: django@nausch.org
+ ~> From: michael@nausch.org
+ ~> Subject: test Sun, 10 Feb 2019 10:11:45 +0100
+ ~> Message-Id: <20190210101145.027224@vml000080.dmz.nausch.org>
+ ~> X-Mailer: swaks v20170101.0 jetmore.org/john/code/swaks/
+ ~> X-Test: test email
+ ~>
+ ~> This is a test mailing
+ ~>
+ ~> .
+<~  250 2.0.0 Ok: queued as 4EC6160008B
+ ~> QUIT
+<~  221 2.0.0 Bye
+=== Connection closed with remote host.</code>
-Maillog:
-<code>Oct 28 22:51:51 vml000087 postfix/smtpd[27669]: connect from vml000087.dmz.nausch.org[10.0.0.87]
+Im Maillog wird die erfolgreiche Authentifizierung und die weitere Verarbeitung unserer Mail entsprechend dokumentiert.
-Oct 28 22:51:51 vml000087 postfix/smtpd[27669]: CCB35C00088: client=vml000087.dmz.nausch.org[10.0.0.87], sasl_method=CRAM-MD5, sasl_username=michael@nausch.org
-Oct 28 22:51:51 vml000087 postfix/cleanup[27674]: CCB35C00088: message-id=<20141028215151.CCB35C00088@mx01.nausch.org>
+   # less /var/log/maillog
-Oct 28 22:51:51 vml000087 postfix/qmgr[27526]: CCB35C00088: from=<michael@nausch.org>, size=502, nrcpt=1 (queue active)
+<code>Feb 10 10:11:51 vml000080 postfix/submission/smtpd[27226]: connect from vml000080.dmz.nausch.org[10.0.0.80]
-Oct 28 22:51:51 vml000087 postfix/smtpd[27669]: disconnect from vml000087.dmz.nausch.org[10.0.0.87]
+Feb 10 10:11:51 vml000080 postfix/submission/smtpd[27226]: Anonymous TLS connection established from vml000080.dmz.nausch.org[10.0.0.80]: TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)
-Oct 28 22:51:51 vml000087 postfix/lmtp[27675]: CCB35C00088: to=<django@nausch.org>, relay=10.0.0.77[10.0.0.77]:24, delay=0.12, delays=0.04/0.02/0/0.06, dsn=2.0.0, status=sent (250 2.0.0 <django@nausch.org> 3B0zBGIPUFTOQgAArK2B9Q Saved)
+Feb 10 10:11:51 vml000080 postfix/submission/smtpd[27226]: 4EC6160008B: client=vml000080.dmz.nausch.org[10.0.0.80], sasl_method=DIGEST-MD5, sasl_username=michael@nausch.org
-Oct 28 22:51:51 vml000087 postfix/qmgr[27526]: CCB35C00088: removed
+Feb 10 10:11:51 vml000080 postfix/cleanup[27230]: 4EC6160008B: message-id=<20190210101145.027224@vml000080.dmz.nausch.org>
+Feb 10 10:11:51 vml000080 postfix/qmgr[26334]: 4EC6160008B: from=<michael@nausch.org>, size=527, nrcpt=1 (queue active)
+Feb 10 10:11:51 vml000080 postfix/submission/smtpd[27226]: disconnect from vml000080.dmz.nausch.org[10.0.0.80] ehlo=2 starttls=1 auth=1 mail=1 rcpt=1 data=1 quit=1 commands=8
 </code>
-Zu guter Letzt testen wir noch das Verfahren **NTLM**.
+=== CRAM-MD5 ===
-   # swaks --to django@nausch.org --from michael@nausch.org --auth NTLM --auth-user michael@nausch.org --header-X-Test "test email" --server 10.0.0.87
+Nun testen wir die Variante [[https://de.wikipedia.org/wiki/CRAM-MD5|CRAM-MD5]] einem Authentifizierungsverfahren nach dem Challenge-Response-Prinzip auf der Basis des MD5-HMAC-Algorithmus.
-   Password: DAx1d13g31l354u!
+   # swaks --to django@nausch.org --from michael@nausch.org --auth PLAIN --auth-user michael@nausch.org --protocol ESMTPS \\
+           --header-X-Test "test email" --server 10.0.0.80:587
-<code>=== Trying 10.0.0.87:25...
+  Password: DAx1d13g31l354u!
-=== Connected to 10.0.0.87.
-<-  220 mx01.nausch.org ESMTP Postfix
+<code>=== Trying 10.0.0.80:587...
- -> EHLO vml000087.dmz.nausch.org
+=== Connected to 10.0.0.80.
-<-  250-mx01.nausch.org
+<-  220 mx1.nausch.org ESMTP Postfix
+ -> EHLO vml000080.dmz.nausch.org
+<-  250-mx1.nausch.org
 <-  250-PIPELINING
 <-  250-SIZE 52428800
 <-  250-ETRN
 <-  250-STARTTLS
-<-  250-AUTH PLAIN LOGIN CRAM-MD5 DIGEST-MD5 NTLM
-<-  250-AUTH=PLAIN LOGIN CRAM-MD5 DIGEST-MD5 NTLM
 <-  250-ENHANCEDSTATUSCODES
 <-  250-8BITMIME
-<-  250 DSN
+<-  250-DSN
- -> AUTH NTLM
+<-  250 SMTPUTF8
-<-  334
+ -> STARTTLS
- -> TlRMTVNTUBABAAAAB6IAAAAAAAAAAAAAAAAAAAAAAAA=
+<-  220 2.0.0 Ready to start TLS
-<-  334 TlRMTVNTUABCAAAAHgAeADAAAAAF0gIAJsLjyygqM30AAAAAAAAAAAAAAAAAAAAATQBYADAAMQAuAE4AQQBVAFMAQwBIAC4ATwBSAEcA
+=== TLS started with cipher TLSv1.2:ECDHE-RSA-AES256-GCM-SHA384:256
- -> TlRTFMNTUAADAAAAGAAYAEAAAAAYABgAWAAAAB4AHgBwAAAAJAAkAI4AAAAkACQAsgAAAAAAAACWAAAABaICAJj/ymDAxyE253qytBGRgm2wg7GOYB4byOvGaTn7wPf/wxTL7okh3kAnFN5KHfE0DAxyB4bywADEALgBOAEEAVQBTAEMASAAuAE8AUgBHAG0AaQBjAGgAYQBlAGwAQABuAGEQBzAGMAaAAuAG8AcgBnAG0AaQBjAGgAYQBlwAQABuAGEAdQBzAGMADAxyB4byAG8AcgBnAA==
+=== TLS no local certificate set
-<-  235 2.7.0 Authentication successful
+=== TLS peer DN="/OU=Domain Control Validated/CN=*.nausch.org"
- -> MAIL FROM:<michael@nausch.org>
+ ~> EHLO vml000080.dmz.nausch.org
-<-  250 2.1.0 Ok
+<~  250-mx1.nausch.org
- -> RCPT TO:<django@nausch.org>
+<~  250-PIPELINING
-<-  250 2.1.5 Ok
+<~  250-SIZE 52428800
- -> DATA
+<~  250-ETRN
-<-  354 End data with <CR><LF>.<CR><LF>
+<~  250-AUTH PLAIN LOGIN DIGEST-MD5 CRAM-MD5 NTLM
- -> Date: Tue, 28 Oct 2014 22:55:33 +0100
+<~  250-AUTH=PLAIN LOGIN DIGEST-MD5 CRAM-MD5 NTLM
- -> To: django@nausch.org
+<~  250-ENHANCEDSTATUSCODES
- -> From: michael@nausch.org
+<~  250-8BITMIME
- -> Subject: test Tue, 28 Oct 2014 22:55:33 +0100
+<~  250-DSN
- -> X-Mailer: swaks v20130209.0 jetmore.org/john/code/swaks/
+<~  250 SMTPUTF8
- -> X-Test: test email
+ ~> AUTH CRAM-MD5
- ->
+<~  334 PDk1MDgTcywMzE4OMTkzMjIuMTU0B2bWwwMDAwNzcuZG16Lm0OTc5MDUyM5hdXNjaC5vcmc+
- -> This is a test mailing
+ ~> bGFlbEWljaBuYXVzY2gub3JnIGI2ZhODEyNmJlODY4MDM2YTZmY2YTM1OGQyMzJmNWFk
- ->
+<~  235 2.7.0 Authentication successful
- -> .
+ ~> MAIL FROM:<michael@nausch.org>
-<-  250 2.0.0 Ok: queued as BDD65C00088
+<~  250 2.1.0 Ok
- -> QUIT
+ ~> RCPT TO:<django@nausch.org>
-<-  221 2.0.0 Bye
+<~  250 2.1.5 Ok
-=== Connection closed with remote host.
+ ~> DATA
-</code>
+<~  354 End data with <CR><LF>.<CR><LF>
+ ~> Date: Sun, 10 Feb 2019 10:21:54 +0100
+ ~> To: django@nausch.org
+ ~> From: michael@nausch.org
+ ~> Subject: test Sun, 10 Feb 2019 10:21:54 +0100
+ ~> Message-Id: <20190210102154.027237@vml000080.dmz.nausch.org>
+ ~> X-Mailer: swaks v20170101.0 jetmore.org/john/code/swaks/
+ ~> X-Test: test email
+ ~>
+ ~> This is a test mailing
+ ~>
+ ~> .
+<~  250 2.0.0 Ok: queued as 5F28060008B
+ ~> QUIT
+<~  221 2.0.0 Bye
+=== Connection closed with remote host.</code>
-Maillog:
+Im Maillog wird die erfolgreiche Authentifizierung und die weitere Verarbeitung unserer Mail entsprechend dokumentiert.
-<code>Oct 28 22:55:37 vml000087 postfix/smtpd[27681]: connect from vml000087.dmz.nausch.org[10.0.0.87]
-Oct 28 22:55:37 vml000087 postfix/smtpd[27681]: BDD65C00088: client=vml000087.dmz.nausch.org[10.0.0.87], sasl_method=NTLM, sasl_username=michael@nausch.org
+   # less /var/log/maillog
-Oct 28 22:55:37 vml000087 postfix/cleanup[27686]: BDD65C00088: message-id=<20141028215537.BDD65C00088@mx01.nausch.org>
+<code>Feb 10 10:22:03 vml000080 postfix/submission/smtpd[27238]: connect from vml000080.dmz.nausch.org[10.0.0.80]
-Oct 28 22:55:37 vml000087 postfix/qmgr[27526]: BDD65C00088: from=<michael@nausch.org>, size=502, nrcpt=1 (queue active)
+Feb 10 10:22:03 vml000080 postfix/submission/smtpd[27238]: Anonymous TLS connection established from vml000080.dmz.nausch.org[10.0.0.80]: TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)
-Oct 28 22:55:37 vml000087 postfix/smtpd[27681]: disconnect from vml000087.dmz.nausch.org[10.0.0.87]
+Feb 10 10:22:03 vml000080 postfix/submission/smtpd[27238]: 5F28060008B: client=vml000080.dmz.nausch.org[10.0.0.80], sasl_method=CRAM-MD5, sasl_username=michael@nausch.org
-Oct 28 22:55:38 vml000087 postfix/lmtp[27687]: BDD65C00088: to=<django@nausch.org>, relay=10.0.0.77[10.0.0.77]:24, delay=0.24, delays=0.04/0.02/0/0.17, dsn=2.0.0, status=sent (250 2.0.0 <django@nausch.org> UTXtEMoQUFRnQwAArK2B9Q Saved)
+Feb 10 10:22:03 vml000080 postfix/cleanup[27242]: 5F28060008B: message-id=<20190210102154.027237@vml000080.dmz.nausch.org>
-Oct 28 22:55:38 vml000087 postfix/qmgr[27526]: BDD65C00088: removed
+Feb 10 10:22:03 vml000080 postfix/qmgr[26334]: 5F28060008B: from=<michael@nausch.org>, size=527, nrcpt=1 (queue active)
+Feb 10 10:22:03 vml000080 postfix/submission/smtpd[27238]: disconnect from vml000080.dmz.nausch.org[10.0.0.80] ehlo=2 starttls=1 auth=1 mail=1 rcpt=1 data=1 quit=1 commands=8
 </code>
+=== NTLM ===
+Zu guter Letzt testen wir nun noch die Variante [[https://de.wikipedia.org/wiki/NTLM|NTLM]] einer weiteren Variante nach dem Challenge-Response-Verfahren.
+   # swaks --to django@nausch.org --from michael@nausch.org --auth NTLM --auth-user michael@nausch.org --protocol ESMTPS \\
+           --header-X-Test "test email" --server 10.0.0.80:587
+  Password: DAx1d13g31l354u!
+<code>=== Trying 10.0.0.80:587...
+=== Connected to 10.0.0.80.
+<-  220 mx1.nausch.org ESMTP Postfix
+ -> EHLO vml000080.dmz.nausch.org
+<-  250-mx1.nausch.org
+<-  250-PIPELINING
+<-  250-SIZE 52428800
+<-  250-ETRN
+<-  250-STARTTLS
+<-  250-ENHANCEDSTATUSCODES
+<-  250-8BITMIME
+<-  250-DSN
+<-  250 SMTPUTF8
+ -> STARTTLS
+<-  220 2.0.0 Ready to start TLS
+=== TLS started with cipher TLSv1.2:ECDHE-RSA-AES256-GCM-SHA384:256
+=== TLS no local certificate set
+=== TLS peer DN="/OU=Domain Control Validated/CN=*.nausch.org"
+ ~> EHLO vml000080.dmz.nausch.org
+<~  250-mx1.nausch.org
+<~  250-PIPELINING
+<~  250-SIZE 52428800
+<~  250-ETRN
+<~  250-AUTH PLAIN LOGIN DIGEST-MD5 CRAM-MD5 NTLM
+<~  250-AUTH=PLAIN LOGIN DIGEST-MD5 CRAM-MD5 NTLM
+<~  250-ENHANCEDSTATUSCODES
+<~  250-8BITMIME
+<~  250-DSN
+<~  250 SMTPUTF8
+ ~> AUTH NTLM
+<~  334
+ ~> TlNTUAABAARMTVAAB6IAAAAAAAAAAAAAAAAAAAAAAAA=
+<~  334 TlRMTVNTAAMAAUAACAAwADAAAAAFAoIA5Q0rDZLB/vMAAAAAgAAAAdgBtAAAAAADgAOABGwAMAAwADAAMAA3ADcALgBkAG0AegAuAG4AYQB1AHMAYwBoAC4AbwByAGcAAwAwAHYAAMAAwbQBsADAADAANwA3AC4AZABtAHoALgBuAGEAdQBzAGMAaAAuAG8AcgBnAAAAAAA=
+ ~> TlRMTVNTUAAYAEAADAAAAGAAAAAYABgAWAAAADAAMABwAAAAJAAkAKAAAAAkACQAxAAAAAAAAACoAAAABJSaXkYUsXiQKCAMmxYEq5Ym+GwRwCtYI1znaLYKVgk5jYxd5ICe6NxyXV0+t2oEFNVuxwA3AC4AZABHYAbQBsADAAMAAwADAANtAHoALgBuAGEAdQBzAGMAaAAuAG8AcgBnAG0AaQBjAGgAYQBlAGwAQABuAGEAdQBz8AcgBnAG0AaQBjAGgAYQBlAGwAQABuAGEAdQBzAGMAaAAuAG8AcgBAGMAaAAuAGnAA==
+<~  235 2.7.0 Authentication successful
+ ~> MAIL FROM:<michael@nausch.org>
+<~  250 2.1.0 Ok
+ ~> RCPT TO:<django@nausch.org>
+<~  250 2.1.5 Ok
+ ~> DATA
+<~  354 End data with <CR><LF>.<CR><LF>
+ ~> Date: Sun, 10 Feb 2019 10:29:20 +0100
+ ~> To: django@nausch.org
+ ~> From: michael@nausch.org
+ ~> Subject: test Sun, 10 Feb 2019 10:29:20 +0100
+ ~> Message-Id: <20190210102920.027248@vml000080.dmz.nausch.org>
+ ~> X-Mailer: swaks v20170101.0 jetmore.org/john/code/swaks/
+ ~> X-Test: test email
+ ~>
+ ~> This is a test mailing
+ ~>
+ ~> .
+<~  250 2.0.0 Ok: queued as 5BB7E60008B
+ ~> QUIT
+<~  221 2.0.0 Bye
+=== Connection closed with remote host.</code>
+Auch dieser erfolgreiche Vebindungsaufbau wird im Maillog entsprechend protokolliert.
+   # less /var/log/maillog
+<code>Feb 10 10:29:27 vml000080 postfix/submission/smtpd[27250]: connect from vml000080.dmz.nausch.org[10.0.0.80]
+Feb 10 10:29:27 vml000080 postfix/submission/smtpd[27250]: Anonymous TLS connection established from vml000080.dmz.nausch.org[10.0.0.80]: TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)
+Feb 10 10:29:27 vml000080 postfix/submission/smtpd[27250]: 5BB7E60008B: client=vml000080.dmz.nausch.org[10.0.0.80], sasl_method=NTLM, sasl_username=michael@nausch.org
+Feb 10 10:29:27 vml000080 postfix/cleanup[27254]: 5BB7E60008B: message-id=<20190210102920.027248@vml000080.dmz.nausch.org>
+Feb 10 10:29:27 vml000080 postfix/qmgr[26334]: 5BB7E60008B: from=<michael@nausch.org>, size=527, nrcpt=1 (queue active)
+Feb 10 10:29:27 vml000080 postfix/submission/smtpd[27250]: disconnect from vml000080.dmz.nausch.org[10.0.0.80] ehlo=2 starttls=1 auth=1 mail=1 rcpt=1 data=1 quit=1 commands=8
+</code>
 ====== Links ======
-  * **⇐ [[centos:mail_c7:mta_7|Zurück zum Kapitel "virtuelle(r) Mailserver unter Postfix 2.11. und CentOS 7"]]**
+/*  * **⇐ [[centos:mail_c7:mta_7|Zurück zum Kapitel "virtuelle(r) Mailserver unter Postfix 2.11. und CentOS 7"]]**
-  * **⇒ [[centos:mail_c7:mta_9|Weiter zum Kapitel "Backup-Mailserver mit Postfix 2.11 unter CentOS7"]]**
+  * **⇒ [[centos:mail_c7:mta_9|Weiter zum Kapitel "Backup-Mailserver mit Postfix 2.11 unter CentOS7"]]** */
   * **[[centos:mail_c7:start|Zurück zum Kapitel >>Mailserverinstallation unter CentOS 7<<]]**
   * **[[wiki:start|Zurück zu >>Projekte und Themenkapitel<<]]**