LinuxQuestions.org
Review your favorite Linux distribution.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Server
User Name
Password
Linux - Server This forum is for the discussion of Linux Software used in a server related context.

Notices

Reply
 
Search this Thread
Old 11-23-2009, 04:04 PM   #1
carlosinfl
Senior Member
 
Registered: May 2004
Location: Orlando, FL
Distribution: Arch
Posts: 2,905

Rep: Reputation: 73
SASL Auth Tests Fail on Mail Server


I followed the CentOS Wiki guide for configuring my Postfix server for SASL / TLS. I don't get any errors and I assume it's working but when I try and test SASL (saslauthd), I don't get the response noted according to the Wiki and I don't understand why.

Code:
[root@mail ~]# telnet 127.0.0.1 25
Trying 127.0.0.1...
Connected to 127.0.0.1.
Escape character is '^]'.
220 mail.iamghost.com ESMTP
EHLO iamghost.com
250-mail.iamghost.com
250-PIPELINING
250-SIZE 20480000
250-VRFY
250-ETRN
250-STARTTLS
250-ENHANCEDSTATUSCODES
250-8BITMIME
250 DSN
AUTH PLAIN AHRlc3QAdGVzdDEyMzQ=
538 5.7.0 Encryption required for requested authentication mechanism
I don't understand why this is...

I checked my logs and I can send email find in Thunderbird when configuring all to use SASL / TLS.

Code:
Nov 23 14:27:42 mail postfix/smtpd[28320]: 9F80F77A1D6: client=tunafish.iamghost.com[192.168.6.108], sasl_method=PLAIN, sasl_username=test
So from above when I send an email from my 'test' account, I can see the above in my logs. Can someone tell me what is wrong and why I get the "538" error when I test SASL via Telnet. I am very confused.
 
Old 11-23-2009, 04:16 PM   #2
rweaver
Senior Member
 
Registered: Dec 2008
Location: Louisville, OH
Distribution: Debian, CentOS, Slackware, RHEL, Gentoo
Posts: 1,833

Rep: Reputation: 163Reputation: 163
This is the command if memory serves...
Code:
openssl s_client -starttls smtp -crlf -connect your.ip.goes.here:25
Which should open a open things up encrypted then let you do the same test. The reason it's doing that is you haven't specified that smtp auth is ok without tls.

Code:
smtpd_tls_auth_only = no

Last edited by rweaver; 11-23-2009 at 04:39 PM.
 
Old 11-24-2009, 08:23 AM   #3
carlosinfl
Senior Member
 
Registered: May 2004
Location: Orlando, FL
Distribution: Arch
Posts: 2,905

Original Poster
Rep: Reputation: 73
Quote:
Originally Posted by rweaver View Post
Which should open a open things up encrypted then let you do the same test. The reason it's doing that is you haven't specified that smtp auth is ok without tls.

Code:
smtpd_tls_auth_only = no
I did not try the command you suggested above but the code section of your post made me think to change 'smtpd_tls_auth_only = yes' in my main.cf so I changed it to "no" and tried my test again and it worked.

Code:
235 2.0.0 Authentication successful
I am sorry but can you explain why this worked when I made the change? I don't really follow what TLS impacts on SASL authentication.

Lastly, I noticed the service saslauthd is not set to start during server startup. Does 'saslauthd' need to be running in order for SASL and TLS to work on my mail server?
 
Old 11-24-2009, 02:04 PM   #4
rweaver
Senior Member
 
Registered: Dec 2008
Location: Louisville, OH
Distribution: Debian, CentOS, Slackware, RHEL, Gentoo
Posts: 1,833

Rep: Reputation: 163Reputation: 163
basically smtpd_tls_auth_only=yes means you must be using an encryption to use smtpd auth, if it's set to no then you can use it over a plaintext connection which can be sniffed from the network and the encoding is not nearly as strong as real encryption even though it's not human readable.

Yes, saslauthd has to be running for the smtp auth to work.

Code:
chkconfig saslauthd on

Last edited by rweaver; 11-24-2009 at 02:05 PM.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
LXer: Debian Mail Server Setup with Postfix + Dovecot + SASL + Squirrel Mail LXer Syndicated Linux News 0 03-12-2008 11:50 PM
Postfix SASL Auth...Problems... JamesGolick Linux - Software 1 08-05-2005 11:32 AM
Sasl auth probleme freelinuxcpp Debian 0 06-28-2004 10:10 AM
SMTP AUTH, SASL and Sendmail not getting along prozach Linux - Software 0 12-02-2003 06:10 PM
SASL-AUTH Postfix Mandrake 9.1 jsnow50 Linux - Software 0 09-29-2003 05:27 PM


All times are GMT -5. The time now is 03:54 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration