[SOLVED] Configure Postfix to relay to Exchange Server with NTLM authentication
Linux - NewbieThis Linux forum is for members that are new to Linux.
Just starting out and have a question?
If it is not in the man pages or the how-to's this is the place!
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
Configure Postfix to relay to Exchange Server with NTLM authentication
Hello
I have a shell script, which should send email, if any error occurred. This script is running in Red Hat Linux 4.6, and want to configure postfix so it can relay to an Exchange Server.
The Authorization method of Exchange server, I guess is: 250-AUTH NTLM. So I have:
Server A ( Red Hat 4.6 10.150.200.60)
Server B ( Exchange Server 172.22.85.125 )
I would like you to help me with the necessary configurations in files of postifx, and if needed, the configurations in Exchange Server. Also, how to use NTLM authentication please.
Is the email supposed to go to and end user at the domain this exchange server is for? If so there is no need for authentication.
If not do you have any admin control over this exchange server?
- the email would go for any user for example: user@gmail.com
- I dont have admin control in this exchange server. (Im on the side of developer/configuration in Linux side)
- The guys in charge of Exchabge server, said, we could use anonymus connections.
- I guess, I have to add "realyhost = 172.22.85.125:25" in main.cf in postfix ?
Yes, if it supports anonymous relay then that is all you have to do, add the relayhost and then restart postfix (you could reload, but I prefer restart)
Yes, if it supports anonymous relay then that is all you have to do, add the relayhost and then restart postfix (you could reload, but I prefer restart)
Hi
Something went wrong with authentication:
Code:
Jun 12 12:14:17 ndsis01ven postfix/qmgr[21736]: 2B09720814E: from=<root@ndsis01ven.mydomaindummie>, size=424, nrcpt=1 (queue active)
Jun 12 12:14:22 ndsis01ven postfix/smtp[21750]: 2B09720814E: to=<me@gmail.com>, relay=172.22.85.125[172.22.85.125], delay=5, status=bounced (host 172.22.85.125[172.22.85.125] said: 530 5.7.1 Client was not authenticated (in reply to MAIL FROM command))
The NTLM is just the backend it authenticates against, if the reading I've done is correct. Using the standard sasl2 authentication with the username and password they provided should let you relay. Just configure using the two links I provided as a guideline and see if it works or not. One thing you could do is test the username and password using the standard authentication process that Postfix would use as well.
Just telnet to the exchange server on port 25 and after issuing a EHLO try the AUTH LOGIN see this http://www.dasblinkenlichten.com/?p=190 for instructions on testing the authentication via telnet.
---------- Post added 06-13-12 at 03:28 AM ----------
Don't forget you will likely need the cyrus ntlm package for the sasl2 authentication to work.
The NTLM is just the backend it authenticates against, if the reading I've done is correct. Using the standard sasl2 authentication with the username and password they provided should let you relay. Just configure using the two links I provided as a guideline and see if it works or not. One thing you could do is test the username and password using the standard authentication process that Postfix would use as well.
Just telnet to the exchange server on port 25 and after issuing a EHLO try the AUTH LOGIN see this http://www.dasblinkenlichten.com/?p=190 for instructions on testing the authentication via telnet.
---------- Post added 06-13-12 at 03:28 AM ----------
Don't forget you will likely need the cyrus ntlm package for the sasl2 authentication to work.
Thanks.
It has been hard to find the correct version of cyrus-sasl-ntlm. The Linux server (Suse) has cyrus-sasl 2.1.18 installed.
I could only find 2.1.19, 2.1.20 or higher and all these versions needed its corresponding version of cyrus-sasl.
Anyway, I have decided to compile a version of cyrus-sasl, which includes the lib I need (libntlm). I'll wait for my support engineer on site (I work remotely and send the scripts/configuration to him) to do the task (compile cyrus-sasl) and make some more test.
Just to see what happens, we make test sending an email with mailx and this is what appears in log.
Code:
SASL authentication failure: No worthy mechs found
I think, sasl cannot find the library (libntlm) in /usr/lib/sasl2/
I hope when finish installation of cyrus-sasl, it finally works
It has been hard to find the correct version of cyrus-sasl-ntlm. The Linux server (Suse) has cyrus-sasl 2.1.18 installed.
I could only find 2.1.19, 2.1.20 or higher and all these versions needed its corresponding version of cyrus-sasl.
Anyway, I have decided to compile a version of cyrus-sasl, which includes the lib I need (libntlm). I'll wait for my support engineer on site (I work remotely and send the scripts/configuration to him) to do the task (compile cyrus-sasl) and make some more test.
Just to see what happens, we make test sending an email with mailx and this is what appears in log.
Code:
SASL authentication failure: No worthy mechs found
I think, sasl cannot find the library (libntlm) in /usr/lib/sasl2/
I hope when finish installation of cyrus-sasl, it finally works
As this version of cyrus-sasl 2.1.18 did not have the cyrus-sasl-ntlm plugin, I had to download the cyrus-sasl-2.1.25 and compile with --enable-ntlm option.
So I got installed ntlm plugin in /usr/local/lib/sasl2/
warning: SASL authentication failure: No worthy mechs found
send attr reason = delivery via 172.168.240.129[172.168.240.129]: Authentication failed: cannot SASL authenticate to server 172.168.240.129[172.168.240.129]: no mechanism available
Any ideas, suggestions to this would be very appreciated. (I've been dealing with this issue many days)
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.