LinuxQuestions.org
Go Job Hunting at the LQ Job Marketplace
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Server
User Name
Password
Linux - Server This forum is for the discussion of Linux Software used in a server related context.

Notices



Reply
 
Search this Thread
Old 12-02-2009, 05:55 AM   #1
seprob
Member
 
Registered: Sep 2008
Posts: 43

Rep: Reputation: 15
SASL authentication in the Postfix SMTP server


Hello! Problem is that I can connect with Postfix server through SSL but only by a telnet. Here is example:

Code:
root@borekfalecki:/home/seprob# telnet localhost 465
Trying 127.0.0.1...
Connected to localhost.localdomain.
Escape character is '^]'.
220 borekfalecki.pl
ehlo borekfalecki.pl
250-borekfalecki.pl
250-PIPELINING
250-SIZE 10240000
250-VRFY
250-ETRN
250-STARTTLS
250-AUTH LOGIN PLAIN
250-AUTH=LOGIN PLAIN
250-ENHANCEDSTATUSCODES
250-8BITMIME
250 DSN
auth plain [pass]
235 2.7.0 Authentication successful
Same situation is when I want to connect on the port 25.

Problem is when I want to connect by Thunderbird on the SSL port. Here is what I have in logs:

Code:
Dec  1 20:31:31 borekfalecki postfix/smtpd[32662]: connect from unknown[80.48.47.115]
Dec  1 20:32:00 borekfalecki postfix/smtpd[32662]: lost connection after UNKNOWN from unknown[80.48.47.115]
Dec  1 20:32:00 borekfalecki postfix/smtpd[32662]: disconnect from unknown[80.48.47.115]
When I'm connecting through TLS everyting is OK.

I have Debian Lenny and all software is installed from packages.

Information about software:
Code:
root@borekfalecki:/home/seprob# dpkg --list | grep sasl
ii  libsasl2-2                      2.1.22.dfsg1-23+lenny1     Cyrus SASL - authentication abstraction libr
ii  libsasl2-modules                2.1.22.dfsg1-23+lenny1     Cyrus SASL - pluggable authentication module
ii  sasl2-bin                       2.1.22.dfsg1-23+lenny1     Cyrus SASL - administration programs for SAS
root@borekfalecki:/home/seprob# dpkg --list | grep postfix
ii  postfix                         2.5.5-1.1                  High-performance mail transport agent

Last edited by seprob; 12-02-2009 at 05:58 AM.
 
Old 12-02-2009, 11:07 AM   #2
rweaver
Senior Member
 
Registered: Dec 2008
Location: Louisville, OH
Distribution: Debian, CentOS, Slackware, RHEL, Gentoo
Posts: 1,833

Rep: Reputation: 163Reputation: 163
You may need to add this to your postfix config.

Code:
smtpd_tls_auth_only = no
You should also make sure you've got thunderbird setup correctly to use SSL/TLS as appropriate.

Last edited by rweaver; 12-02-2009 at 11:08 AM.
 
Old 12-02-2009, 01:30 PM   #3
seprob
Member
 
Registered: Sep 2008
Posts: 43

Original Poster
Rep: Reputation: 15
I've got this option. Sorry, I forgot to add my configuration files. Here is my /etc/postfix/main.cf:

Code:
# See /usr/share/postfix/main.cf.dist for a commented, more complete version


# Debian specific:  Specifying a file name will cause the first
# line of that file to be used as the name.  The Debian default
# is /etc/mailname.
#myorigin = /etc/mailname

smtpd_banner = $myhostname
biff = no

# appending .domain is the MUA's job.
append_dot_mydomain = no

# Uncomment the next line to generate "delayed mail" warnings
#delay_warning_time = 4h

readme_directory = no

# TLS parameters
smtpd_tls_auth_only = no
smtpd_sasl_auth_enable = yes
smtpd_sasl_type = cyrus
smtpd_sasl_path = smtpd
smtpd_sasl_local_domain = $myhostname
local_recipient_maps =
smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination
#smtpd_tls_cert_file=/etc/ssl/certs/ssl-cert-snakeoil.pem
#smtpd_tls_key_file=/etc/ssl/private/ssl-cert-snakeoil.key
smtpd_tls_key_file =   /etc/postfix/ssl/smtpd.key
smtpd_tls_cert_file =   /etc/postfix/ssl/smtpd.crt
smtpd_tls_CAfile =   /etc/postfix/ssl/cacert.pem
smtpd_use_tls=yes
smtp_use_tls = yes
smtp_tls_note_starttls_offer = yes
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
smtpd_tls_loglevel = 1
smtpd_tls_received_header = yes
smtpd_tls_session_cache_timeout = 3600s
tls_random_source = dev:/dev/urandom

# See /usr/share/doc/postfix/TLS_README.gz in the postfix-doc package for
# information on enabling SSL in the smtp client.

myhostname = borekfalecki.pl
alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases
myorigin = /etc/mailname
mydestination = borekfalecki.pl, localhost.pl, , localhost
relayhost =
mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128
mailbox_size_limit = 0
recipient_delimiter = +
inet_interfaces = all
And here is my /etc/postfix/master.cf:

Code:
#
# Postfix master process configuration file.  For details on the format
# of the file, see the master(5) manual page (command: "man 5 master").
#
# Do not forget to execute "postfix reload" after editing this file.
#
# ==========================================================================
# service type  private unpriv  chroot  wakeup  maxproc command + args
#               (yes)   (yes)   (yes)   (never) (100)
# ==========================================================================
smtp      inet  n       -       -       -       -       smtpd
#submission inet n       -       -       -       -       smtpd
#  -o smtpd_tls_security_level=encrypt
#  -o smtpd_sasl_auth_enable=yes
#  -o smtpd_client_restrictions=permit_sasl_authenticated,reject
#  -o milter_macro_daemon_name=ORIGINATING
smtps     inet  n       -       -       -       -       smtpd
   -o smtpd_sasl_auth_enable=yes
   -o smtpd_reject_unlisted_sender=yes
   -o smtpd_recipient_restrictions=permit_sasl_authenticated,reject
   -o broken_sasl_auth_clients=yes
#  -o smtpd_tls_wrappermode=yes
#  -o smtpd_sasl_auth_enable=yes
#  -o smtpd_client_restrictions=permit_sasl_authenticated,reject
#  -o milter_macro_daemon_name=ORIGINATING
#628      inet  n       -       -       -       -       qmqpd
pickup    fifo  n       -       -       60      1       pickup
cleanup   unix  n       -       -       -       0       cleanup
qmgr      fifo  n       -       n       300     1       qmgr
#qmgr     fifo  n       -       -       300     1       oqmgr
tlsmgr    unix  -       -       -       1000?   1       tlsmgr
rewrite   unix  -       -       -       -       -       trivial-rewrite
bounce    unix  -       -       -       -       0       bounce
defer     unix  -       -       -       -       0       bounce
trace     unix  -       -       -       -       0       bounce
verify    unix  -       -       -       -       1       verify
flush     unix  n       -       -       1000?   0       flush
proxymap  unix  -       -       n       -       -       proxymap
proxywrite unix -       -       n       -       1       proxymap
smtp      unix  -       -       -       -       -       smtp
# When relaying mail as backup MX, disable fallback_relay to avoid MX loops
relay     unix  -       -       -       -       -       smtp
        -o smtp_fallback_relay=
#       -o smtp_helo_timeout=5 -o smtp_connect_timeout=5
showq     unix  n       -       -       -       -       showq
error     unix  -       -       -       -       -       error
retry     unix  -       -       -       -       -       error
discard   unix  -       -       -       -       -       discard
local     unix  -       n       n       -       -       local
virtual   unix  -       n       n       -       -       virtual
lmtp      unix  -       -       -       -       -       lmtp
anvil     unix  -       -       -       -       1       anvil
scache    unix  -       -       -       -       1       scache
#
# ====================================================================
# Interfaces to non-Postfix software. Be sure to examine the manual
# pages of the non-Postfix software to find out what options it wants.
#
# Many of the following services use the Postfix pipe(8) delivery
# agent.  See the pipe(8) man page for information about ${recipient}
# and other message envelope options.
# ====================================================================
#
# maildrop. See the Postfix MAILDROP_README file for details.
# Also specify in main.cf: maildrop_destination_recipient_limit=1
#
maildrop  unix  -       n       n       -       -       pipe
  flags=DRhu user=vmail argv=/usr/bin/maildrop -d ${recipient}
#
# See the Postfix UUCP_README file for configuration details.
#
uucp      unix  -       n       n       -       -       pipe
  flags=Fqhu user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail ($recipient)
#
# Other external delivery methods.
#
ifmail    unix  -       n       n       -       -       pipe
  flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient)
bsmtp     unix  -       n       n       -       -       pipe
  flags=Fq. user=bsmtp argv=/usr/lib/bsmtp/bsmtp -t$nexthop -f$sender $recipient
scalemail-backend unix  -       n       n       -       2       pipe
  flags=R user=scalemail argv=/usr/lib/scalemail/bin/scalemail-store ${nexthop} ${user} ${extension}
mailman   unix  -       n       n       -       -       pipe
  flags=FR user=list argv=/usr/lib/mailman/bin/postfix-to-mailman.py
  ${nexthop} ${user}
I'm sure that I have Thunderbird set up correctly.
 
Old 12-02-2009, 06:57 PM   #4
Berhanie
Senior Member
 
Registered: Dec 2003
Location: phnom penh
Distribution: Fedora
Posts: 1,625

Rep: Reputation: 165Reputation: 165
Postfix only does TLS, not SSL. i.e. the client establishes a regular (unencrypted) smtp connection, and then 'upgrades' to tls using STARTTLS. See here.
 
Old 12-03-2009, 08:16 AM   #5
seprob
Member
 
Registered: Sep 2008
Posts: 43

Original Poster
Rep: Reputation: 15
Yeah, it was a problem. I didn't have Stunnel Thanks.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
SMTP authentication with postfix using sasl GuyWood13 Linux - Server 23 05-03-2011 04:29 PM
SMTP authentication error and server could not connected in postfix server Ravinder Singh Thakur Linux - Server 1 11-02-2009 11:22 AM
Postfix SASL authentication for SMTP server CJhough Linux - Server 2 04-28-2009 02:47 PM
Postfix + SASL Authentication problem on Ubuntu Server 8.04 beusekom Linux - Server 3 11-14-2008 05:05 PM


All times are GMT -5. The time now is 03:08 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration