LinuxQuestions.org
View the Most Wanted LQ Wiki articles.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Distributions > Debian
User Name
Password
Debian This forum is for the discussion of Debian Linux.

Notices

Reply
 
Search this Thread
Old 03-10-2010, 01:16 PM   #1
Mr. A
LQ Newbie
 
Registered: Mar 2010
Posts: 3

Rep: Reputation: 0
Postfix SASL auth not working


Hi,

I've been having a really hard time with this; maybe someone here can help. I'm getting relay access denied to an email outside of my domain. It seems the passwords are authenticating because I'm not getting invalid password prompts.

### BEGIN POSTFIX CONF ###

# postconf -n
alias_maps = hash:/etc/aliases
broken_sasl_auth_clients = yes
config_directory = /etc/postfix
mailbox_size_limit = 0
message_size_limit = 50240000
mydomain = mycompany.com
myhostname = myhost.mycompany.com
mynetworks = 127.0.0.0/8,192.168.2.0/24,10.0.0.0/24,hash:/etc/postfix/
pop-before-smtp
myorigin = thrud.alliantinternet.com
sender_bcc_maps = hash:/etc/postfix/sender_bcc
smtp_tls_note_starttls_offer = yes
smtp_use_tls = yes
smtpd_banner = $myhostname NO UCE ESMTP myhost.mycompany.com
smtpd_client_restrictions = permit_sasl_authenticated, permit_mynetworks, hash:/etc/postfix/pop-before-smtp
smtpd_delay_reject = no
smtpd_recipient_restrictions = permit_sasl_authenticated, permit_mynetworks, reject_unauth_destination, hash:/etc/postfix/sender_access
smtpd_sasl_auth_enable = yes
smtpd_sasl_local_domain =
smtpd_sasl_security_options = noanonymous
smtpd_sender_restrictions = permit_sasl_authenticated, permit_mynetworks
smtpd_tls_CAfile = /etc/postfix/ssl/smtpd.pem
smtpd_tls_cert_file = /etc/postfix/ssl/smtpd.pem
smtpd_tls_key_file = /etc/postfix/ssl/smtpd.pem
smtpd_tls_loglevel = 1
smtpd_tls_received_header = yes
smtpd_tls_session_cache_timeout = 3600s
smtpd_use_tls = yes
tls_random_source = dev:/dev/urandom
unknown_local_recipient_reject_code = 450
virtual_alias_maps = mysql:/etc/postfix/mysql_virtual_alias_maps.cf
virtual_gid_maps = static:8
virtual_mailbox_base = /var/spool/postfix/vmail
virtual_mailbox_domains = mysql:/etc/postfix/mysql_virtual_domains_maps.cf
virtual_mailbox_limit = 500000000
virtual_mailbox_maps = mysql:/etc/postfix/mysql_virtual_mailbox_maps.cf
virtual_minimum_uid = 107
virtual_transport = virtual
virtual_uid_maps = static:107

### END POSTFIX CONF ###

If you need anything else to work with, let me know.
 
Old 03-10-2010, 01:43 PM   #2
rweaver
Senior Member
 
Registered: Dec 2008
Location: Louisville, OH
Distribution: Debian, CentOS, Slackware, RHEL, Gentoo
Posts: 1,833

Rep: Reputation: 163Reputation: 163
These are the additional items my config has that yours doesn't (differs from yours significantly.)
Code:
smtpd_tls_auth_only = no
smtpd_tls_key_file = /etc/postfix/ssl/smtpd.key
smtpd_tls_cert_file = /etc/postfix/ssl/smtpd.crt
smtpd_tls_CAfile = /etc/postfix/ssl/cacert.pem
tls_random_source = dev:/dev/urandom
tls_daemon_random_source = dev:/dev/urandom
There are good instructions for testing smtp-auth from command line at http://qmail.jms1.net/test-auth.shtml including how to do it using tls.

Edit: Also make sure you remembered to install the required sasl items-- cyrus-sasl-* (more or a less.)

Last edited by rweaver; 03-10-2010 at 02:37 PM.
 
Old 03-11-2010, 08:18 AM   #3
Mr. A
LQ Newbie
 
Registered: Mar 2010
Posts: 3

Original Poster
Rep: Reputation: 0
The difference I see here is that you added

tls_daemon_random_source = dev:/dev/urandom
smtpd_tls_auth_only

You also have separate ssl keyfiles. Other posts I've seen use the same file for all three properties. Is there a significance to having them vary? How did you generate all three?
 
Old 03-11-2010, 08:59 AM   #4
Mr. A
LQ Newbie
 
Registered: Mar 2010
Posts: 3

Original Poster
Rep: Reputation: 0
Could the issue also possibly be in one of these three lines?

smtpd_client_restrictions = permit_sasl_authenticated, permit_mynetworks, hash:/etc/postfix/pop-before-smtp, check_sender_access hash:/etc/postfix/sender_access
smtpd_recipient_restrictions = permit_sasl_authenticated, permit_mynetworks, reject_unauth_destination, check_recipient_access hash:/etc/postfix/recipient_access
smtpd_sender_restrictions = permit_sasl_authenticated, permit_mynetworks, check_sender_access hash:/etc/postfix/sender_access

is permit_sasl_authenticated required in all three lines? I'm thinking it may be unnecessary (and counterproductive) in the smtpd_sender_restrictions. In the logs, I see "certificate verification failed" for IPs/emails that we deliver mail to, which leads me to believe I need to modify something in those 3 lines above, no?
 
  


Reply

Tags
postfix, sasl2


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Postfix sasl auth problem fandar Linux - Server 1 01-02-2010 08:39 AM
Postfix + Mysql + Sasl SMTP Auth Problem Jukas Linux - Server 0 10-30-2007 10:10 PM
Postfix SASL Auth...Problems... JamesGolick Linux - Software 1 08-05-2005 10:32 AM
Postfix configured SASL auth OK, but Outlook login kept rejected randy_liu_tw Linux - Software 2 01-14-2005 02:56 AM
SASL-AUTH Postfix Mandrake 9.1 jsnow50 Linux - Software 0 09-29-2003 04:27 PM


All times are GMT -5. The time now is 03:24 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration