SMTP problem
Hello,
I am having problems with SMTP authentication from client email like Kmail or Thunderbird. No problem with POP3 No problem from webmail. Kmail says that the server does not accept plain text authentication but I suspect if it is the real problem. Postfix and Dovecot are set to accept plain text auth. Thank you for any help. MAIN.CF smtpd_sasl_security_options = noanonymous smtpd_recipient_restrictions = permit_mynetworks permit_sasl_authenticated smtpd_sasl_auth_enable = yes MASTER.CF smtp inet n - n - - smtpd -o smtpd_sasl_auth_enable=yes -o content_filter=spamassassin spamassassin unix - n n - 10 pipe flags=Rq user=spamuser argv=/usr/bin/spamc -e /usr/sbin/sendmail -oi -f ${sender} ${recipient} DOVECOT.CONF protocols = imap pop3 imaps pop3s listen = [::] disable_plaintext_auth = no default_mail_env = maildir:~/Maildir ssl_listen = [::] protocol imap { } protocol pop3 { pop3_uidl_format = %08Xv%08Xu } protocol lda { postmaster_address = s@gmail.com } auth default { mechanisms = plain passdb pam { } passdb passwd { } passdb shadow { } userdb passwd { } user = root } dict { } plugin { } ssl_disable = yes ------------------- FC8 Apache 2.2.8 Postfix 2.4.5 Dovecot 1.0.15 Spamassassin 3.2.5 250-PIPELINING 250-SIZE 10240000 250-VRFY 250-ETRN 250-AUTH LOGIN PLAIN 250-AUTH=LOGIN PLAIN 250-ENHANCEDSTATUSCODES 250-8BITMIME 250 DSN |
Code:
smtpd_recipient_restrictions = permit_mynetworks permit_sasl_authenticated |
Sorry for the delay...
alias_database = hash:/etc/aliases alias_maps = hash:/etc/aliases broken_sasl_auth_clients = yes command_directory = /usr/sbin config_directory = /etc/postfix daemon_directory = /usr/libexec/postfix debug_peer_level = 2 home_mailbox = Maildir/ html_directory = no ipc_idle = 10s mail_spool_directory = /var/spool/mail mailq_path = /usr/bin/mailq.postfix manpage_directory = /usr/share/man newaliases_path = /usr/bin/newaliases.postfix notify_classes = resource, software readme_directory = /usr/share/doc/postfix-2.4.5/README_FILES sample_directory = /usr/share/doc/postfix-2.4.5/samples sendmail_path = /usr/sbin/sendmail.postfix setgid_group = postdrop smtpd_recipient_restrictions = permit_mynetworks permit_sasl_authenticated reject_unauth_destination smtpd_sasl_auth_enable = yes smtpd_sasl_security_options = noanonymous unknown_local_recipient_reject_code = 550 virtual_alias_maps = hash:/etc/postfix/virtual |
/var/log/secure and /var/log/messages do not display any information about this issue
For debugging purposes I entered a wrong password for certain user (to get mail from client program, POP3) and this is the last line of 'secure' Jul 13 21:34:18 cl-t102-130cl dovecot-auth: pam_unix(dovecot:auth): authentication failure; logname= uid=0 euid=0 tty=dovecot ruser= rhost=::ffff:190.134.32.238 user=admin.domain |
$ perl -MMIME::Base64 -e 'print encode_base64("\0usernamexxx\0passwxxx");'
AGRzdG9uZWsAbXVyY2llbGFnxxxx $ telnet mail.domain.com 25 Trying 67.205.xxx.xxx... Connected to mail.domain.com. Escape character is '^]'. 220 hostnamexxx.com ESMTP Postfix ehlo Escape character is '^]'. 220 hostnamexxx.com ESMTP Postfix ehlo mail.domain.com 250-hostnamexxx.com 250-PIPELINING 250-SIZE 10240000 250-VRFY 250-ETRN 250-AUTH LOGIN PLAIN 250-AUTH=LOGIN PLAIN 250-ENHANCEDSTATUSCODES 250-8BITMIME 250 DSN auth plain AGRzdG9uZWsAbXVyY2llbGFnxxxx 535 5.7.0 Error: authentication failed: generic failure quit 221 2.0.0 Bye Connection closed by foreign host. After this no error was recorded in log/secure nor log/messages |
First, please address the recipient_restriction issue I pointed out. You should have tons of errors logged to /var/log/maillog. This is what postconf(5) "man 5 postconf" has to say about smtpd_recipient_restrictions:
Code:
IMPORTANT: If you change this parameter setting, you must specify at |
Hi, thanks for your help.
I will follow what you are suggesting on that link. I am moving from other physical working server and this setting are almost the same. In this case smtpd_recipient_restrictions = permit_mynetworks permit_sasl_authenticated they are exactly the same. What do you suggest? tail -f /var/log/maillog displays mails server regulary, no error messages are displayed. I also am able to send/receive emails from squirrelmail. Thanks again, |
I made a transcription error, I forgot the second line of a wrapped one.
smtpd_recipient_restrictions = permit_mynetworks permit_sasl_authenticated reject_unauth_destination Sorry |
It looks like somewhere between your first and second posts smtpd_recipient_restrictions acquired a reject_unauth_destination, so I suppose we're ok as far as that goes.
[Edit] I see you noticed the same thing.[/Edit] |
warning: SASL: Connect to smtpd failed: No such file or directory
postfix/smtpd[30670]: fatal: no SASL authentication mechanisms postfix/master[30615]: warning: process /usr/libexec/postfix/smtpd pid 30670 exit status 1 postfix/master[30615]: warning: /usr/libexec/postfix/smtpd: bad command startup -- throttling postfix/smtpd[31831]: warning: SASL: Connect to /usr/libexec/postfix/smtpd failed: Permission denied postfix/smtpd[31831]: fatal: no SASL authentication mechanisms There are /usr/lib/sasl/smtpd.conf /usr/lib/sasl2/smtpd.conf /usr/libexec/postfix/smtpd /usr/local/bin/rblsmtpd Main.conf postconf -n alias_database = hash:/etc/aliases alias_maps = hash:/etc/aliases broken_sasl_auth_clients = yes command_directory = /usr/sbin config_directory = /etc/postfix daemon_directory = /usr/libexec/postfix debug_peer_level = 2 home_mailbox = Maildir/ html_directory = no ipc_idle = 10s mail_spool_directory = /var/spool/mail mailq_path = /usr/bin/mailq.postfix manpage_directory = /usr/share/man newaliases_path = /usr/bin/newaliases.postfix notify_classes = resource, software readme_directory = /usr/share/doc/postfix-2.4.5/README_FILES sample_directory = /usr/share/doc/postfix-2.4.5/samples sendmail_path = /usr/sbin/sendmail.postfix setgid_group = postdrop smtpd_recipient_restrictions = reject_unauth_destination permit_sasl_authenticated smtpd_sasl_auth_enable = yes smtpd_sasl_authenticated_header = yes smtpd_sasl_local_domain = $myhostname smtpd_sasl_path = smtpd smtpd_sasl_security_options = noanonymous smtpd_sasl_type = dovecot unknown_local_recipient_reject_code = 550 virtual_alias_maps = hash:/etc/postfix/virtual |
Ok, after reading the postfix sasl document, you should know that postfix can use either cyrus or dovecot sasl, depending on how it's compiled.
Code:
smtpd_sasl_type = dovecot Code:
smtpd_sasl_path = smtpd the socket in that location and make it accessible to postfix. This is explained in the document. You might also find this useful. |
postconf -a
cyrus dovecot postconf queue_directory queue_directory = /var/spool/postfix I'll follow your suggestions. Thanks for your help Daniel |
I mixed the things up between cyrus and dovecot
smtpd_sasl_path = private/auth #smtpd_sasl_path = /var/spool/postfix/smtpd Now, loading smtpd does not generate errors. |
I sounds stupid (it is)
How do I know if Dovecot supports SASL postconf -a only displays 'Dovecot' (and Cyrus) It is supposed that it should be 'Dovecot-SASL'? Thanks |
telnet mail.domain.com 25
Trying 67.205.xxx.xxx.. Connected to mail.domain.com. Escape character is '^]'. xxxxx.privatedns.com ESMTP Postfix ehlo mail.domain.com xxxxx.privatedns.com 250-PIPELINING 250-SIZE 10240000 250-VRFY 250-ETRN 250-AUTH PLAIN LOGIN 250-AUTH=PLAIN LOGIN 250-ENHANCEDSTATUSCODES 250-8BITMIME 250 DSN auth plain AGRzdG9uZWsAbXVyY2llbGFnxxxx 235 2.0.0 Authentication successful But I am getting a "relaying denied" from client email (thunderbird) |
All times are GMT -5. The time now is 02:51 PM. |