LinuxQuestions.org
Page 1 of 2 1 2
Show 50 post(s) from this thread on one page

LinuxQuestions.org (/questions/)
-   Linux - Server (https://www.linuxquestions.org/questions/linux-server-73/)
-   -   SMTP problem (https://www.linuxquestions.org/questions/linux-server-73/smtp-problem-655521/)

marciano 07-13-2008 05:03 PM
SMTP problem
 
Hello,

I am having problems with SMTP authentication from client email like Kmail or Thunderbird.
No problem with POP3
No problem from webmail.

Kmail says that the server does not accept plain text authentication but I suspect if it is the real problem. Postfix and Dovecot are set to accept plain text auth.

Thank you for any help.

MAIN.CF
smtpd_sasl_security_options = noanonymous
smtpd_recipient_restrictions = permit_mynetworks permit_sasl_authenticated
smtpd_sasl_auth_enable = yes

MASTER.CF
smtp inet n - n - - smtpd

-o smtpd_sasl_auth_enable=yes -o content_filter=spamassassin



spamassassin unix - n n - 10 pipe

flags=Rq user=spamuser argv=/usr/bin/spamc -e

/usr/sbin/sendmail -oi -f ${sender} ${recipient}

DOVECOT.CONF
protocols = imap pop3 imaps pop3s
listen = [::]
disable_plaintext_auth = no
default_mail_env = maildir:~/Maildir
ssl_listen = [::]
protocol imap {
}
protocol pop3 {
pop3_uidl_format = %08Xv%08Xu
}
protocol lda {
postmaster_address = s@gmail.com
}
auth default {
mechanisms = plain
passdb pam {
}
passdb passwd {
}
passdb shadow {
}
userdb passwd {
}
user = root
}
dict {
}
plugin {
}
ssl_disable = yes
-------------------
FC8 Apache 2.2.8 Postfix 2.4.5 Dovecot 1.0.15 Spamassassin 3.2.5
250-PIPELINING
250-SIZE 10240000
250-VRFY
250-ETRN
250-AUTH LOGIN PLAIN
250-AUTH=LOGIN PLAIN
250-ENHANCEDSTATUSCODES
250-8BITMIME
250 DSN

Berhanie 07-13-2008 05:58 PM
Code:
smtpd_recipient_restrictions = permit_mynetworks permit_sasl_authenticated
I don't think postfix will function with all permit statements in recipient_restrictions. But, anyway, you need to read your logs and do smtp auth manually as explainedhere. It's also a good idea to post the output of postconf -n.

marciano 07-13-2008 07:25 PM
Sorry for the delay...

alias_database = hash:/etc/aliases
alias_maps = hash:/etc/aliases
broken_sasl_auth_clients = yes
command_directory = /usr/sbin
config_directory = /etc/postfix
daemon_directory = /usr/libexec/postfix
debug_peer_level = 2
home_mailbox = Maildir/
html_directory = no
ipc_idle = 10s
mail_spool_directory = /var/spool/mail
mailq_path = /usr/bin/mailq.postfix
manpage_directory = /usr/share/man
newaliases_path = /usr/bin/newaliases.postfix
notify_classes = resource, software
readme_directory = /usr/share/doc/postfix-2.4.5/README_FILES
sample_directory = /usr/share/doc/postfix-2.4.5/samples
sendmail_path = /usr/sbin/sendmail.postfix
setgid_group = postdrop
smtpd_recipient_restrictions = permit_mynetworks permit_sasl_authenticated reject_unauth_destination
smtpd_sasl_auth_enable = yes
smtpd_sasl_security_options = noanonymous
unknown_local_recipient_reject_code = 550
virtual_alias_maps = hash:/etc/postfix/virtual

marciano 07-13-2008 07:51 PM
/var/log/secure and /var/log/messages do not display any information about this issue

For debugging purposes I entered a wrong password for certain user (to get mail from client program, POP3) and this is the last line of 'secure'
Jul 13 21:34:18 cl-t102-130cl dovecot-auth: pam_unix(dovecot:auth): authentication failure; logname= uid=0 euid=0 tty=dovecot ruser= rhost=::ffff:190.134.32.238 user=admin.domain

marciano 07-13-2008 08:02 PM
$ perl -MMIME::Base64 -e 'print encode_base64("\0usernamexxx\0passwxxx");'
AGRzdG9uZWsAbXVyY2llbGFnxxxx

$ telnet mail.domain.com 25

Trying 67.205.xxx.xxx...
Connected to mail.domain.com.
Escape character is '^]'.
220 hostnamexxx.com ESMTP Postfix

ehlo

Escape character is '^]'.
220 hostnamexxx.com ESMTP Postfix
ehlo mail.domain.com
250-hostnamexxx.com
250-PIPELINING
250-SIZE 10240000
250-VRFY
250-ETRN
250-AUTH LOGIN PLAIN
250-AUTH=LOGIN PLAIN
250-ENHANCEDSTATUSCODES
250-8BITMIME
250 DSN

auth plain AGRzdG9uZWsAbXVyY2llbGFnxxxx
535 5.7.0 Error: authentication failed: generic failure
quit
221 2.0.0 Bye
Connection closed by foreign host.

After this no error was recorded in log/secure nor log/messages

Berhanie 07-13-2008 08:16 PM
First, please address the recipient_restriction issue I pointed out. You should have tons of errors logged to /var/log/maillog. This is what postconf(5) "man 5 postconf" has to say about smtpd_recipient_restrictions:
Code:
      IMPORTANT: If you change this parameter setting, you  must  specify  at
      least  one of the following restrictions. Otherwise Postfix will refuse
      to receive mail:

          reject, defer, defer_if_permit, reject_unauth_destination
. Then, read the entire document I linked (not just the portion on testing) in order to understand how postfix does smtp auth. Keep in mind that, in the language of the documentation, you're trying to enable sasl for the smtp server, not the smtp client.

marciano 07-13-2008 08:28 PM
Hi, thanks for your help.
I will follow what you are suggesting on that link.
I am moving from other physical working server and this setting are almost the same.
In this case
smtpd_recipient_restrictions = permit_mynetworks permit_sasl_authenticated
they are exactly the same.
What do you suggest?

tail -f /var/log/maillog displays mails server regulary, no error messages are displayed.
I also am able to send/receive emails from squirrelmail.
Thanks again,

marciano 07-13-2008 08:46 PM
I made a transcription error, I forgot the second line of a wrapped one.

smtpd_recipient_restrictions = permit_mynetworks permit_sasl_authenticated reject_unauth_destination

Sorry

Berhanie 07-13-2008 09:01 PM
It looks like somewhere between your first and second posts smtpd_recipient_restrictions acquired a reject_unauth_destination, so I suppose we're ok as far as that goes.

[Edit] I see you noticed the same thing.[/Edit]

marciano 07-14-2008 01:42 AM
warning: SASL: Connect to smtpd failed: No such file or directory
postfix/smtpd[30670]: fatal: no SASL authentication mechanisms
postfix/master[30615]: warning: process /usr/libexec/postfix/smtpd pid 30670 exit status 1
postfix/master[30615]: warning: /usr/libexec/postfix/smtpd: bad command startup -- throttling

postfix/smtpd[31831]: warning: SASL: Connect to /usr/libexec/postfix/smtpd failed: Permission denied
postfix/smtpd[31831]: fatal: no SASL authentication mechanisms

There are
/usr/lib/sasl/smtpd.conf
/usr/lib/sasl2/smtpd.conf
/usr/libexec/postfix/smtpd
/usr/local/bin/rblsmtpd

Main.conf
postconf -n
alias_database = hash:/etc/aliases
alias_maps = hash:/etc/aliases
broken_sasl_auth_clients = yes
command_directory = /usr/sbin
config_directory = /etc/postfix
daemon_directory = /usr/libexec/postfix
debug_peer_level = 2
home_mailbox = Maildir/
html_directory = no
ipc_idle = 10s
mail_spool_directory = /var/spool/mail
mailq_path = /usr/bin/mailq.postfix
manpage_directory = /usr/share/man
newaliases_path = /usr/bin/newaliases.postfix
notify_classes = resource, software
readme_directory = /usr/share/doc/postfix-2.4.5/README_FILES
sample_directory = /usr/share/doc/postfix-2.4.5/samples
sendmail_path = /usr/sbin/sendmail.postfix
setgid_group = postdrop
smtpd_recipient_restrictions = reject_unauth_destination permit_sasl_authenticated
smtpd_sasl_auth_enable = yes
smtpd_sasl_authenticated_header = yes
smtpd_sasl_local_domain = $myhostname
smtpd_sasl_path = smtpd
smtpd_sasl_security_options = noanonymous
smtpd_sasl_type = dovecot
unknown_local_recipient_reject_code = 550
virtual_alias_maps = hash:/etc/postfix/virtual

Berhanie 07-14-2008 04:36 AM
Ok, after reading the postfix sasl document, you should know that postfix can use either cyrus or dovecot sasl, depending on how it's compiled.

Code:
smtpd_sasl_type = dovecot
This means that you want to use dovecot sasl. Have you made sure that postfix was compiled with dovecot support? Check with "postconf -a".


Code:
smtpd_sasl_path = smtpd
For dovecot sasl, this is the location of the authentication socket (relative to the queue directory, if you don't specify a full path). So, if the queue directory is /var/spool/postfix (check with "postconf queue_directory"), you've just told postfix to expect the socket in /var/spool/postfix/smtpd. If this is what you want, you need to configure dovecot to put
the socket in that location and make it accessible to postfix. This is explained in the document.

You might also find this useful.

marciano 07-14-2008 08:59 AM
postconf -a
cyrus
dovecot

postconf queue_directory
queue_directory = /var/spool/postfix

I'll follow your suggestions.
Thanks for your help
Daniel

marciano 07-14-2008 09:27 AM
I mixed the things up between cyrus and dovecot

smtpd_sasl_path = private/auth

#smtpd_sasl_path = /var/spool/postfix/smtpd

Now, loading smtpd does not generate errors.

marciano 07-14-2008 09:51 AM
I sounds stupid (it is)
How do I know if Dovecot supports SASL
postconf -a
only displays 'Dovecot' (and Cyrus)
It is supposed that it should be 'Dovecot-SASL'?
Thanks

marciano 07-14-2008 11:05 AM
telnet mail.domain.com 25
Trying 67.205.xxx.xxx..
Connected to mail.domain.com.
Escape character is '^]'.
xxxxx.privatedns.com ESMTP Postfix
ehlo mail.domain.com
xxxxx.privatedns.com
250-PIPELINING
250-SIZE 10240000
250-VRFY
250-ETRN
250-AUTH PLAIN LOGIN
250-AUTH=PLAIN LOGIN
250-ENHANCEDSTATUSCODES
250-8BITMIME
250 DSN
auth plain AGRzdG9uZWsAbXVyY2llbGFnxxxx
235 2.0.0 Authentication successful

But I am getting a "relaying denied" from client email (thunderbird)


All times are GMT -5. The time now is 02:51 PM.
Page 1 of 2 1 2
Show 50 post(s) from this thread on one page