saslfinger-1.0.3/ 0000755 0000000 0000000 00000000000 11456263132 0013651 5 ustar 00root root 0000000 0000000 saslfinger-1.0.3/ChangeLog 0000644 0000000 0000000 00000004743 11456263132 0015433 0 ustar 00root root 0000000 0000000 2008-10-04 09:02 p
* saslfinger: Added /usr/pkg/lib/sasl2 as SASL config path
2007-01-29 23:29 p
* install.sh: Fixed sha-bang in file
2005-11-28 22:55 p
* saslfinger: Added Gentoo paths contributed by Tuan Van
2005-01-10 23:10 p
* HISTORY, INSTALL, TODO, index.html, install.sh, saslfinger,
saslfinger.1, saslfinger.1.xml: Added properties to all files,
changed source paths for install script
2005-01-10 23:04 p
* man, saslfinger, saslfinger.1, saslfinger.1.xml, script: Moved
saslfinger.1.xml saslfinger.1 and saslfinger to top dir
2005-01-10 23:02 p
* html, index.html: Moved index.html to top dir.
2005-01-10 22:13 p
* CHANGES, HISTORY, script/saslfinger: Moved telnet test to the end
of the script until I've found a solution to stop the script from
stopping if the telnet test fails
2005-01-10 21:50 p
* branches, tags, trunk: Removed stupid SVN default files
2005-01-10 21:49 p
* script/saslfinger: fighting the telnet test...
2004-11-22 14:35 p
* script/saslfinger: Added /etc/slackware-version as system
descriptor to look for
2004-11-03 08:53 p
* html/index.html: update for 0.9.8 downloads
2004-11-03 08:53 p
* CHANGES: update of changes
2004-11-03 08:52 p
* script/saslfinger: + Added netcat as alternative for the unstable
telnet based SMTP test routine + Fixed "command not found" message
when nc or netcat are not present + Fixed a typo in the routine
that replaces sql_passwd entries with blanks; it used to grep for
sql_pass, but not sql_passwd.
2004-11-02 19:33 p
* CHANGES: Update of changes
2004-11-02 19:32 p
* script/saslfinger: Fixed a misleading message when smtpd.conf is
missing.
2004-10-29 10:21 p
* CHANGES, TODO: Update for release 0.9.6
2004-10-29 10:20 p
* script/saslfinger: Added nc as alternative for the instable telnet
test
2004-10-28 14:57 p
* script/saslfinger: Added support for FreeBSD Fixed a typo in the
client debug section
2004-10-28 14:56 p
* CHANGES, TODO: Created a Changelog and a todo list
2004-10-07 07:58 p
* script/saslfinger: Added path for SASL on NetBSD Added search
parameters for TLS configuration
2004-09-15 00:17 p
* INSTALL: Another change...
2004-09-15 00:15 p
* INSTALL: Just to test the mail script...
2004-09-14 23:58 p
* INSTALL, html, html/index.html, install.sh, man, man/saslfinger.1,
man/saslfinger.1.xml, script, script/saslfinger: Initial import
2004-09-14 20:36 root
* branches, tags, trunk: Initial repository layout
saslfinger-1.0.3/INSTALL 0000644 0000000 0000000 00000000277 11456263132 0014710 0 ustar 00root root 0000000 0000000 # $Id: INSTALL 21 2005-01-10 23:10:54Z p $
Run ./install.sh to install saslfinger and its man page.
Read "man 1 saslfinger", choose the mode, and type "saslfinger" to start collecting data.
saslfinger-1.0.3/TODO 0000644 0000000 0000000 00000000320 11456263132 0014334 0 ustar 00root root 0000000 0000000 # $Id: TODO 21 2005-01-10 23:10:54Z p $
TODO list for saslfinger
+ SASL pwcheck_method debugging
Add routines to identify the choosen pwcheck_method and run debug
tests on them e.g. "saslauthd -a foo -d"
saslfinger-1.0.3/index.html 0000644 0000000 0000000 00000011146 11456263132 0015651 0 ustar 00root root 0000000 0000000
saslfinger - debugging SMTP AUTH in Postfix
saslfinger
saslfinger is a bash utility script that seeks to help you debugging your SMTP AUTH setup. It gathers various informations about Cyrus SASL and Postfix from your system and sends it to stdout.
Requirements
saslfinger has been tested with bash version 2.04 or greater on the following plattforms:
RedHat Linux
Fedora Core
Debian Linux
SuSe Linux
Gentoo Linux
Mandrake Linux
FreeBSD
Usage
You must run saslfinger with one of the following options:
-c
If you run saslfinger with the option -c it will collect data required for client-side SMTP AUTH. Client-side SMTP AUTH is when Postfix smtp daemon uses SMTP AUTH to authenticate itself with a remote mail server that offers SMTP AUTH.
saslfinger will try to telnet to all hosts listed in smtp_sasl_password_maps, if it may read smtp_sasl_password_maps
The telnet test verifies your host is able to reach the remote servers and shows what AUTH mechanisms they offer - in some cases this is required to debug client-side SMTP AUTH.
Important: By default smtp_sasl_password_maps must be read-only to root, since these maps contain the usernames and passwords to authenticate. If you run saslfinger as root access will be no problem, but saslfinger will fail if you lack the permissions to access smtp_sasl_password_maps.
If you want to run the telnet test, but don't want to run saslfinger as root change permissions of smtp_sasl_password_maps so that the user running saslfinger may access smtp_sasl_password_maps while you debug.
*note: You don't need to worry about saslfinger doing anything with the username or password stored next to the remote hosts in your smtp_sasl_password_maps; saslfinger completely ignores these informations!
-h
If you run saslfinger with the option -h it will print a little help message that tells you about the options you can use.
-s
If you run saslfinger with the option -s it will collect data required for server-side SMTP AUTH. Server-side SMTP AUTH is when Postfix smtpd daemon offers SMTP AUTH to mail clients.
Patrick Koetter, patrick.koetter@state-of-mind.de
saslfinger-1.0.3/install.sh 0000755 0000000 0000000 00000002116 11456263132 0015656 0 ustar 00root root 0000000 0000000 #!/bin/bash
scriptname="saslfinger"
man_paths=(/usr/share/man)
# verify_man_page ()
# Check if the man page for this script has been installed and install it
# if it isn't there.
verify_man_page ()
{
for man_path in ${man_paths[@]}
do
local man_source="${scriptname}.1"
local man_dest="${man_path}/man1/${scriptname}.1"
if ! [[ -e ${man_dest} ]]; then
echo "Installing man page..."
$(cp ${man_source} ${man_dest})
elif [[ ${man_dest} -ot ${man_source} ]]; then
echo "Updating ${scriptname} man page..."
$(cp ${man_source} ${man_dest})
else
echo "${scriptname} man page is up to date. Nothing to do."
fi
done
}
verify_script ()
{
local source_dir="${scriptname}"
local install_dir="/usr/bin/${scriptname}"
if ! [[ -e ${install_dir} ]]; then
echo "Installing ${scriptname}..."
`cp ${source_dir} ${install_dir}`
`chmod 755 ${install_dir}`
elif [[ ${install_dir} -ot ${source_dir} ]]; then
echo "Updating ${scriptname}..."
`cp -p -f ${source_dir} ${install_dir}`
`chmod 755 ${install_dir}`
else
echo "${scriptname} is up to date. Nothing to do."
fi
}
verify_script
verify_man_page
exit 0
saslfinger-1.0.3/saslfinger 0000755 0000000 0000000 00000020141 11456263132 0015732 0 ustar 00root root 0000000 0000000 #!/bin/bash
#
# Name:
# saslfinger
#
# Drafted by Ralf Hildebrandt
# written by Patrick Koetter
# Initial release: August, 13th 2004 - a Friday... ;)
#####################################################################
# VARIABLES #
#####################################################################
# set -e
scriptname="${0##*/}"
scriptversion=1.0.2
declare -a sasl_dirs valid_sasl_lib_names
sasl_dirs=(/usr/lib/sasl \
/usr/lib64/sasl2 \
/var/lib/sasl \
/opt/lib/sasl \
/usr/lib/sasl2 \
/var/lib/sasl2 \
/opt/lib/sasl2 \
/usr/local/lib/sasl2 \
/etc/sasl2 \
/etc/cyrus-sasl \
/usr/pkg/lib \
/usr/pkg/lib/sasl2)
sasl_libs=(libsasl.so libsasl2.so)
#####################################################################
# COMMANDS AND FUNCTIONS #
#####################################################################
export PATH="/bin:/sbin:/usr/bin:/usr/sbin:$PATH"
function start () {
echo "${scriptname} - postfix Cyrus sasl configuration $(date)"
echo "version: ${scriptversion}"
echo "mode: ${mode} SMTP AUTH"
}
function end () {
echo "-- end of ${scriptname} output --"
}
function postconf_get () {
postconf -h ${1};
}
function get_saslpasswd () {
postconf -h smtp_sasl_password_maps | sed -e s/^.*://;
}
function get_mail_version () {
declare -a systems
local systems=("/etc/redhat-release" "/etc/fedora-release" "/etc/slackware-version" "/etc/gentoo-release" "/etc/issue" "/etc/motd")
echo "-- basics --"
echo "Postfix: $(postconf_get mail_version)"
for system in ${systems[@]}; do
if [[ -e ${system} ]]; then
echo "System: $(cat ${system})"
break
else
continue
fi
done
}
function get_sasl_dirs () {
local i=0
local sasldir=""
for sasldir in ${sasl_dirs[@]}; do
if [ -d ${sasldir} ]; then
valid_sasldirs[$i]=${sasldir}
let "i = $i + 1"
fi
done
if ! [[ ${valid_sasldirs[@]} ]]; then
echo -e "\aCould not find any valid Cyrus SASL directories."
echo "Cyrus SASL is required to setup SMTP AUTH!"
exit 72
fi
}
function get_sasl_support () {
local sasllib=""
echo "-- $1 is linked to --"
for sasllib in ${sasl_libs[@]}; do
local ldd_res="$(ldd "$(postconf_get daemon_directory)/${1}" | egrep -e "${sasllib}" 2>/dev/null)"
if [ -n "${ldd_res}" ]; then
echo "${ldd_res}"
fi
done
}
function get_smtp_dialogue () {
echo "-- mechanisms on ${1} --"
if echo "EHLO $HOSTNAME\r\nQUIT\r\n" | nc -w 1 -v ${1} 25 2>/dev/null | egrep "AUTH" 2>/dev/null; then
echo
elif echo "EHLO $HOSTNAME\r\nQUIT\r\n" | netcat -w 1 -v ${1} 25 2>/dev/null | egrep "AUTH" 2>/dev/null; then
echo
else
(echo "EHLO $HOSTNAME"; sleep 2) | telnet ${1} 25 2>/dev/null | egrep "(AUTH)"
fi
}
function get_maincf () {
if test ${1} = "smtpd"; then
local authparams="(^smtpd_sasl_*|broken_sasl_auth_clients|^smtpd_use_tls|^smtpd_tls_*)"
elif test ${1} = "smtp"; then
local authparams="(^smtp_sasl_*|^relayhost|^smtp_use_tls|^smtp_tls_*)"
fi
for daemon in ${1}; do
echo "-- active SMTP AUTH and TLS parameters for ${1} --"
if postconf -n | egrep -i ${authparams} 2> /dev/null; then
continue
else
echo -e "\aNo active SMTP AUTH and TLS parameters for ${1} in main.cf!"
echo "SMTP AUTH can't work!"
exit 72
fi
done
}
function get_sasl_apps () {
active_services[0]=""
if [[ $(egrep -v "^#.*smtpd_sasl_application_name" $(postconf_get config_directory)/master.cf |\
egrep "^.*smtpd_sasl_application_name" 2>/dev/null) ]]; then
active_services=$(egrep -v "^#.*smtpd_sasl_application_name" $(postconf_get config_directory)/master.cf |\
egrep "^.*smtpd_sasl_application_name" | sed 's/.*-o smtpd_sasl_application_name=//g' | awk '{print $1}')
else
active_services[0]="smtpd"
fi
}
function get_service_config () {
# Add /etc/postfix/sasl to valid_sasldirs for Debian users.
sasl_dirs[100]="/etc/postfix/sasl"
local o=1
local sasldir=""
local service=""
for sasldir in ${sasl_dirs[@]}; do
local i=1
for service in ${active_services[@]}; do
if [ -e ${sasldir}/${service}.conf ]; then
valid_services[$i$o]=${sasldir}/${service}.conf
let "i = $i + 1"
elif ! [ -e ${sasldir}/${service}.conf ]; then
continue
fi
done
let "o+=1"
done
if ! [[ ${valid_services[@]} ]]; then
echo; echo -e "\aThere is no smtpd.conf that defines what SASL should do for Postfix."
echo "SMTP AUTH can't work!"; echo
exit 72
fi
}
function list_service_configs () {
local smtpdconf=""
for smtpdconf in ${valid_services[@]}; do
echo "-- content of ${smtpdconf} --"
cat ${smtpdconf} | sed -e 's/.*ldapdb_id.*/ldapdb_id: --- replaced ---/;s/.*sql_user:.*/sql_user: --- replaced ---/g;'\
-e 's/.*ldapdb_pw:.*/ldapdb_pw: --- replaced ---/g;s/.*sql_passwd:.*/sql_passwd: --- replaced ---/g'
echo
done
}
function list_sasl_dirs () {
local sasldir=""
for sasldir in ${valid_sasldirs[@]}; do
echo "-- listing of ${sasldir} --"; ls -alL ${sasldir}; echo
done
}
function get_mastercf () {
echo "-- active services in $(postconf_get config_directory)/master.cf --"
echo "$(egrep "(^# service type|\(yes\))" $(postconf_get config_directory)/master.cf)"
echo "$(cat $(postconf_get config_directory)/master.cf | egrep -v "^#")"
}
function check_saslpasswd () {
saslpasswd=$(postconf_get smtp_sasl_password_maps | sed -e s/^.*://)
if ! [ $(get_saslpasswd) ]; then
echo -e "\aCannot find the smtp_sasl_password_maps parameter in main.cf."
echo "Client-side SMTP AUTH cannot work without this parameter!"
exit 78
elif [ -e $(get_saslpasswd) ]; then
echo "-- permissions for $(get_saslpasswd) --"; echo "`ls -al ${saslpasswd}`"; echo
if [ -e $(get_saslpasswd).db ]; then
echo "-- permissions for $(get_saslpasswd).db --"; echo "`ls -al ${saslpasswd}.db`"; echo
if [ $(get_saslpasswd) -nt $(get_saslpasswd).db ]; then
echo -e "\a$(get_saslpasswd).db is older than $(get_saslpasswd)!"
echo "Run the following command as root to sync $(get_saslpasswd).db:"
echo; echo -e "\tpostmap `postconf -h smtp_sasl_password_maps`"; echo
exit 65
else
echo "$(get_saslpasswd).db is up to date."
fi
else
echo; echo -e "\aThere is no $(get_saslpasswd).db!"
exit 78
fi
elif ! [ -e $(get_saslpasswd) ]; then
echo; echo -e "\aYou have set smtp_sasl_password_maps = ${saslpasswd}"
echo "in main.cf, but $(get_saslpasswd) does not seem to be there."
echo "Please check and run ${scriptname} again."
exit 78
fi
}
function get_smtp_dialogue_wrapper () {
local host=""
if [ -r $(get_saslpasswd) ]; then
for host in $(awk '!/^#/ {print $1}' ${saslpasswd}); do
get_smtp_dialogue ${host}; echo
done
elif ! [ -r $(get_saslpasswd) ]; then
echo -e "\aYou don't have the correct permissions to read $(get_saslpasswd)."
echo "The telnet test, which gets the AUTH mechanisms offered by your remote"
echo "MTA(s), requires reading this file. Become either root to access"
echo "$(get_saslpasswd), or allow your current user, ${USER}, to read it."; echo
exit 0
fi
}
function server () {
mode="server-side"
start; echo
get_mail_version; echo
get_sasl_support smtpd; echo
get_maincf smtpd; echo
get_sasl_dirs; echo
list_sasl_dirs; echo
get_sasl_apps; echo
get_service_config; echo
list_service_configs; echo
get_mastercf; echo
get_smtp_dialogue localhost; echo
end; echo
exit 0
}
function client () {
mode="client-side"
start; echo
get_mail_version; echo
get_sasl_support smtp; echo
get_maincf smtp; echo
get_sasl_dirs; echo
list_sasl_dirs; echo
check_saslpasswd; echo
get_mastercf; echo
get_smtp_dialogue_wrapper; echo
end; echo
exit 0
}
function usage () {
echo; echo "saslfinger -s"; echo -e "\tCheck server-side SMTP AUTH configuration"
echo; echo "saslfinger -c"; echo -e "\tCheck client-side SMTP AUTH configuration"
echo; echo "saslfinger -h"; echo -e "\tPrint this message."
echo; echo "Read man (1) saslfinger for a detailed discussion on what"; echo "${scriptname} may do for you."
echo; exit 0
}
no_args=0
if [ ${#} -eq ${no_args} ]; then
echo; echo -e "\aUsage: `basename ${0}` [-chs]"
echo "Use \"`basename ${0}` -h\" to find out what the options mean."
echo; exit 65
fi
while getopts "chs" option; do
case ${option} in
c ) client;;
s ) server;;
h ) usage;;
esac
done
shift $(($OPTIND - 1))
exit 0
saslfinger-1.0.3/saslfinger.1 0000644 0000000 0000000 00000004566 11456263132 0016103 0 ustar 00root root 0000000 0000000 .TH saslfinger 1 User Manuals
.SH NAME
saslfinger \- A utility to collect SMTP AUTH relevant configuration for Postfix
.SH SYNOPSIS
\fBsaslfinger [-chs]
\f1
.SH DESCRIPTION
saslfinger is a utility to collect SMTP AUTH relevant configuration for Postfix. Depending on how you run it, it will search for information on server-side or client-side SMTP AUTH configuration settings in Postfix and Cyrus SASL.
.SH OPTIONS
.TP
\fB-c\f1
If you run saslfinger with the option \fB-c\f1 it will collect data required for client-side SMTP AUTH. Client-side SMTP AUTH is when Postfix smtp daemon uses SMTP AUTH to authenticate itself with a remote mail server that offers SMTP AUTH.
saslfinger will try to telnet to all hosts listed in smtp_sasl_password_maps, if it may read smtp_sasl_password_maps
The telnet test verifies your host is able to reach the remote servers and shows what AUTH mechanisms they offer - in some cases this is required to debug client-side SMTP AUTH.
Important: By default smtp_sasl_password_maps must be read-only to root, since these maps contain the usernames and passwords to authenticate. If you run saslfinger as root access will be no problem, but saslfinger will fail if you lack the permissions to access smtp_sasl_password_maps.
If you want to run the telnet test, but don't want to run saslfinger as root change permissions of smtp_sasl_password_maps so that the user running saslfinger may access smtp_sasl_password_maps while you debug.
*note: You don't need to worry about saslfinger doing anything with the username or password stored next to the remote hosts in your smtp_sasl_password_maps; saslfinger completely ignores these informations!
.TP
\fB-h\f1
If you run saslfinger with the option \fB-h\f1 it will print a little help message that tells you about the options you can use.
.TP
\fB-s\f1
If you run saslfinger with the option \fB-s\f1 it will collect data required for server-side SMTP AUTH. Server-side SMTP AUTH is when Postfix smtpd daemon offers SMTP AUTH to mail clients.
.SH FILES
\fIsaslfinger\f1 - the script you need to run.
\fIsaslfinger.1\f1 - the man page you are currently reading.
.SH AUTHOR
Patrick Koetter, , \fBhttp://www.state-of-mind.de\f1
You will find the newest version of saslfinger at \fBhttp://postfix.state-of-mind.de/patrick.koetter/saslfinger/\f1.
.SH BUGS
Please report bugs to
saslfinger-1.0.3/saslfinger.1.xml 0000644 0000000 0000000 00000006656 11456263132 0016704 0 ustar 00root root 0000000 0000000
saslfinger [-chs]
saslfinger is a utility to collect SMTP AUTH relevant configuration
for Postfix. Depending on how you run it, it will search for information
on server-side or client-side SMTP AUTH configuration settings in
Postfix and Cyrus SASL.
saslfinger - the script you need to run.
saslfinger.1 - the man page you are currently reading.
Patrick Koetter, <patrick.koetter@state-of-mind.de>,
You will find the newest version of saslfinger at .
Please report bugs to <patrick.koetter@state-of-mind.de>