LinuxQuestions.org
Visit Jeremy's Blog.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Software
User Name
Password
Linux - Software This forum is for Software issues.
Having a problem installing a new program? Want to know which application is best for the job? Post your question in this forum.

Notices

Reply
 
Search this Thread
Old 07-12-2005, 01:59 AM   #1
spiritwing
LQ Newbie
 
Registered: Dec 2003
Distribution: Debian
Posts: 26

Rep: Reputation: 15
Postfix cram-md5 authentication to earthlink relay


Hi All,

I have been having a hair pulling fest trying to get postfix to relay mail through smtpauth.earthlink.net.

Using mutt I send mail to myname@earthlink.net and I get an "Undeliverable Reply" back from postfix. Here is an example:

> From MAILER-DAEMON Tue Jul 12 06:23:16 2005
> Return-Path: <>
> X-Original-To: silasb@silasb.mybsdomain.org
> Delivered-To: silasb@silasb.mybsdomain.org
> Received: by mail.silasb.mybsdomain.org (Postfix)
> id 42A853017127; Tue, 12 Jul 2005 06:23:16 -0700 (PDT)
> Date: Tue, 12 Jul 2005 06:23:16 -0700 (PDT)
> From: MAILER-DAEMON@silasb.mybsdomain.org (Mail Delivery System)
> Subject: Undelivered Mail Returned to Sender
> To: silasb@silasb.mybsdomain.org
> MIME-Version: 1.0
> Content-Type: multipart/report; report-type=delivery-status;
> boundary="22D3A3014DBE.1121174596/mail.silasb.mybsdomain.org"
> Message-Id: <20050712132316.42A853017127@mail.silasb.mybsdomain.org>
> Status: RO
> Content-Length: 1888
> Lines: 57
>
> This is a MIME-encapsulated message.
>
> --22D3A3014DBE.1121174596/mail.silasb.mybsdomain.org
> Content-Description: Notification
> Content-Type: text/plain
>
> This is the Postfix program at host mail.silasb.homelinux.org.
>
> I'm sorry to have to inform you that your message could not be
> be delivered to one or more recipients. It's attached below.
>
> For further assistance, please send mail to <postmaster>
>
> If you do so, please include this problem report. You can
> delete your own text from the attached returned message.
>
> The Postfix program
>
> <silasb@earthlink.net>: host smtpauth.earthlink.net[207.69.189.203] said: 550
> Please configure your mail client to use authentication. (in reply to RCPT
> TO command)
>
> --22D3A3014DBE.1121174596/mail.silasb.mybsdomain.org
> Content-Description: Delivery report
> Content-Type: message/delivery-status
>
> Reporting-MTA: dns; mail.silasb.mybsdomain.org
> X-Postfix-Queue-ID: 22D3A3014DBE
> X-Postfix-Sender: rfc822; silasb@silasb.mybsdomain.org
> Arrival-Date: Tue, 12 Jul 2005 06:23:10 -0700 (PDT)
>
> Final-Recipient: rfc822; myname@earthlink.net
> Action: failed
> Status: 5.0.0
> Diagnostic-Code: X-Postfix; host smtpauth.earthlink.net[207.69.189.203] said:
> 550 Please configure your mail client to use authentication. (in reply to
> RCPT TO command)
>
> --22D3A3014DBE.1121174596/mail.silasb.mybsdomain.org
> Content-Description: Undelivered Message
> Content-Type: message/rfc822
>
> Received: by mail.silasb.mybsdomain.org (Postfix, from userid 1000)
> id 22D3A3014DBE; Tue, 12 Jul 2005 06:23:10 -0700 (PDT)
> Date: Tue, 12 Jul 2005 06:23:09 -0700
> To: myname@earthlink.net
> Subject: Test 11:27
> Message-ID: <20050712132309.GA2778@silasb.mybsdomain.org>
> Mime-Version: 1.0
> Content-Type: text/plain; charset=us-ascii
> Content-Disposition: inline
> User-Agent: Mutt/1.5.9i
> From: silasb@silasb.mybsdomain.org (Silas Bennett)
>
> Test
>
> --22D3A3014DBE.1121174596/mail.silasb.mybsdomain.org--

The funny thing is, that if I send mail to my gmail address
foobar@gmail.com it gets through but is marked as spam. This leads me to
believe that all mail is not being relayed (as I want it to) via
earthlink's smtp server. I know this setup is possible to get working as
I had it working a month ago before two simultaneous disk failures. No
longer having my previous config, I have combed google throughly and
have been unable to get a successful configuration working. Here is my
postconf output:

Cheers,
Silas Bennett

=0)


#postconf -n

alias_database = hash:/etc/aliases
alias_maps = hash:/etc/aliases
append_dot_mydomain = no
biff = no
broken_sasl_auth_clients = yes
config_directory = /etc/postfix
home_mailbox = Maildir/
inet_interfaces = all
mail_spool_directory = /var/mail
mailbox_command = procmail -a "$EXTENSION"
mailbox_size_limit = 0

mydestination = webmini.silasb.homelinux.org, silasb.homelinux.org, silasb.homelinux.net, dmz.silas.qm.com, silas.qm.com, localhost.localdomain, localhost

mydomain = silasb.homelinux.org
myhostname = mail.silasb.homelinux.org
mynetworks = 127.0.0.0/8, 192.168.2.0/24, 10.12.0.0/16
myorigin = $mydomain
recipient_delimiter = +
relay_domains = $mydestination, 127.0.0.1
relayhost = smtpauth.earthlink.net
smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd
smtpd_banner = $myhostname ESMTP $mail_name (Debian/GNU)
smtpd_recipient_restrictions = check_relay_domains, reject_unauth_destination
smtpd_sasl_auth_enable = yes
smtpd_sasl_local_domain = $relay_domains
smtpd_sasl_security_options = noanonymous
smtpd_tls_CAfile = /etc/postfix/ssl/cacert.pem
smtpd_tls_auth_only = no
smtpd_tls_cert_file = /etc/postfix/cert.pem
smtpd_tls_key_file = /etc/postfix/privkey.pem
smtpd_use_tls = yes
tls_daemon_random_source = dev:/dev/urandom
tls_random_source = dev:/dev/urandom

Last edited by spiritwing; 07-12-2005 at 02:11 AM.
 
Old 07-12-2005, 09:33 AM   #2
spiritwing
LQ Newbie
 
Registered: Dec 2003
Distribution: Debian
Posts: 26

Original Poster
Rep: Reputation: 15
Hi All,

From a tip on the postfix-users@postfix.org mailing list:

Quote:
R Wahyudi wrote:
> Try putting square brackets on the relay host :
>
>relayhost = [smtpauth.earthlink.net]
>
>

This seems to force all of the traffic through the earthlink relay, but
does not help deal with the authentication issue. The bounce message
does not change.

Thanks for the [ ] tip. ;0)

Cheers,
Silas

=0)
The authentication issue is still open...
 
Old 07-13-2005, 09:19 PM   #3
spiritwing
LQ Newbie
 
Registered: Dec 2003
Distribution: Debian
Posts: 26

Original Poster
Rep: Reputation: 15
SOLVED

Hi All,

The problem was solved during the course of an email thread on the postfix-users mailing list. Here is the winning thread:

=0)
Silas


Silas Bennett wrote:

Quote:
>Patrick Ben Koetter wrote:
>
>>* Silas Bennett <silasb@earthlink.net>:
>>
>>
>>>Hello Patrick,
>>>
>>>This all looks to be right. The last line is a bit puzzling though, it
>>>looks like it is going to list mechanisms for auth on
>>>smtpauth.earthlink.net but draws a blank.
>>>
>>>Cheers,
>>>Silas
>>>
>>>=0)
>>>
>>>$ saslfinger -c
>>>
>>>saslfinger - postfix Cyrus sasl configuration Wed Jul 13 13:43:58 PDT 2005
>>>version: 0.9.9.1
>>>mode: client-side SMTP AUTH
>>>
>>>-- basics --
>>>Postfix: 2.1.5
>>>
>>>
>>In one of your first mails you mentioned that you tried to use
>>smtp_sasl_mechanism_filter. This parameter is not available in the Postfix
>>version you use. IF you need it, you have to upgrade to 2.2.
>>
>>
>>
>>
>>>System: Debian GNU/Linux 3.1 \n \l
>>>
>>>-- smtp is linked to --
>>> libsasl2.so.2 => /usr/lib/libsasl2.so.2 (0x0fd58000)
>>>
>>>-- active SMTP AUTH and TLS parameters for smtp --
>>>relayhost = [smtpauth.earthlink.net]
>>>smtp_sasl_auth_enable = yes
>>>smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd
>>>smtp_sasl_security_options =
>>>
>>>
>>OK.
>>
>>
>>
>>>-- listing of /usr/lib/sasl2 --
>>>total 1276
>>>drwxr-xr-x 2 root root 4096 2005-07-11 17:55 .
>>>drwxr-xr-x 42 root root 12288 2005-07-11 18:06 ..
>>>-rw-r--r-- 1 root root 15644 2004-10-16 14:35 libanonymous.a
>>>-rw-r--r-- 1 root root 851 2004-10-16 14:35 libanonymous.la
>>>-rw-r--r-- 1 root root 19692 2004-10-16 14:35 libanonymous.so
>>>-rw-r--r-- 1 root root 19692 2004-10-16 14:35 libanonymous.so.2
>>>-rw-r--r-- 1 root root 19692 2004-10-16 14:35 libanonymous.so.2.0.19
>>>-rw-r--r-- 1 root root 19034 2004-10-16 14:35 libcrammd5.a
>>>-rw-r--r-- 1 root root 837 2004-10-16 14:34 libcrammd5.la
>>>-rw-r--r-- 1 root root 23080 2004-10-16 14:35 libcrammd5.so
>>>-rw-r--r-- 1 root root 23080 2004-10-16 14:35 libcrammd5.so.2
>>>-rw-r--r-- 1 root root 23080 2004-10-16 14:35 libcrammd5.so.2.0.19
>>>-rw-r--r-- 1 root root 55692 2004-10-16 14:35 libdigestmd5.a
>>>-rw-r--r-- 1 root root 860 2004-10-16 14:35 libdigestmd5.la
>>>-rw-r--r-- 1 root root 53196 2004-10-16 14:35 libdigestmd5.so
>>>-rw-r--r-- 1 root root 53196 2004-10-16 14:35 libdigestmd5.so.2
>>>-rw-r--r-- 1 root root 53196 2004-10-16 14:35 libdigestmd5.so.2.0.19
>>>-rw-r--r-- 1 root root 30724 2004-10-16 22:32 libgssapiv2.a
>>>-rw-r--r-- 1 root root 886 2004-10-16 22:32 libgssapiv2.la
>>>-rw-r--r-- 1 root root 31916 2004-10-16 22:32 libgssapiv2.so
>>>-rw-r--r-- 1 root root 31916 2004-10-16 22:32 libgssapiv2.so.2
>>>-rw-r--r-- 1 root root 31916 2004-10-16 22:32 libgssapiv2.so.2.0.19
>>>-rw-r--r-- 1 root root 26152 2004-10-16 22:32 libkerberos4.a
>>>-rw-r--r-- 1 root root 858 2004-10-16 22:32 libkerberos4.la
>>>-rw-r--r-- 1 root root 28544 2004-10-16 22:32 libkerberos4.so
>>>-rw-r--r-- 1 root root 28544 2004-10-16 22:32 libkerberos4.so.2
>>>-rw-r--r-- 1 root root 28544 2004-10-16 22:32 libkerberos4.so.2.0.19
>>>-rw-r--r-- 1 root root 16054 2004-10-16 14:35 liblogin.a
>>>-rw-r--r-- 1 root root 831 2004-10-16 14:35 liblogin.la
>>>-rw-r--r-- 1 root root 20404 2004-10-16 14:35 liblogin.so
>>>-rw-r--r-- 1 root root 20404 2004-10-16 14:35 liblogin.so.2
>>>-rw-r--r-- 1 root root 20404 2004-10-16 14:35 liblogin.so.2.0.19
>>>-rw-r--r-- 1 root root 36084 2004-10-16 14:35 libntlm.a
>>>-rw-r--r-- 1 root root 825 2004-10-16 14:35 libntlm.la
>>>-rw-r--r-- 1 root root 38884 2004-10-16 14:35 libntlm.so
>>>-rw-r--r-- 1 root root 38884 2004-10-16 14:35 libntlm.so.2
>>>-rw-r--r-- 1 root root 38884 2004-10-16 14:35 libntlm.so.2.0.19
>>>-rw-r--r-- 1 root root 23134 2004-10-16 14:35 libotp.a
>>>-rw-r--r-- 1 root root 825 2004-10-16 14:35 libotp.la
>>>-rw-r--r-- 1 root root 51456 2004-10-16 14:35 libotp.so
>>>-rw-r--r-- 1 root root 51456 2004-10-16 14:35 libotp.so.2
>>>-rw-r--r-- 1 root root 51456 2004-10-16 14:35 libotp.so.2.0.19
>>>-rw-r--r-- 1 root root 16106 2004-10-16 14:35 libplain.a
>>>-rw-r--r-- 1 root root 831 2004-10-16 14:35 libplain.la
>>>-rw-r--r-- 1 root root 20400 2004-10-16 14:35 libplain.so
>>>-rw-r--r-- 1 root root 20400 2004-10-16 14:35 libplain.so.2
>>>-rw-r--r-- 1 root root 20400 2004-10-16 14:35 libplain.so.2.0.19
>>>-rw-r--r-- 1 root root 23492 2004-10-16 14:35 libsasldb.a
>>>-rw-r--r-- 1 root root 852 2004-10-16 14:34 libsasldb.la
>>>-rw-r--r-- 1 root root 26288 2004-10-16 14:35 libsasldb.so
>>>-rw-r--r-- 1 root root 26288 2004-10-16 14:35 libsasldb.so.2
>>>-rw-r--r-- 1 root root 26288 2004-10-16 14:35 libsasldb.so.2.0.19
>>>
>>>
>>OK.
>>
>>
>>
>>>-- permissions for /etc/postfix/sasl_passwd --
>>>-rw-rw-rw- 1 root root 57 2005-07-12 14:10 /etc/postfix/sasl_passwd
>>>
>>>-- permissions for /etc/postfix/sasl_passwd.db --
>>>-rw-rw-rw- 1 root root 12288 2005-07-12 14:11 /etc/postfix/sasl_passwd.db
>>>
>>>/etc/postfix/sasl_passwd.db is up to date.
>>>
>>>
>>OK.
>>
>>
>>
>>>-- active services in /etc/postfix/master.cf --
>>># service type private unpriv chroot wakeup maxproc command + args
>>># (yes) (yes) (yes) (never) (100)
>>>smtp inet n - - - - smtpd
>>>pickup fifo n - - 60 1 pickup
>>>cleanup unix n - - - 0 cleanup
>>>qmgr fifo n - - 300 1 qmgr
>>>rewrite unix - - - - - trivial-rewrite
>>>bounce unix - - - - 0 bounce
>>>defer unix - - - - 0 bounce
>>>trace unix - - - - 0 bounce
>>>verify unix - - - - 1 verify
>>>flush unix n - - 1000? 0 flush
>>>proxymap unix - - n - - proxymap
>>>smtp unix - - - - - smtp
>>>
>>>
>>You should run the smtp-client verbose like this:
>>
>>smtp unix - - - - - smtp -v
>>
>>Then try to send and check the mail log for errors or warnings.
>>
>>
>>
>>
>
>Great! Thanks. I will give that a try tonight and mail back the results.
>
Looking at the log output after making Patrick's suggested change to master.cnf I found an interesting couple of lines:

Jul 13 14:55:03 localhost postfix/smtp[3994]: maps_find: smtp_sasl_passwd: smtpauth.earthlink.net: not found
Jul 13 14:55:03 localhost postfix/smtp[3994]: maps_find: smtp_sasl_passwd: [smtpauth.earthlink.net]: not found

Kmail and Thunderbird are configured to talk to smtpauth.earthlink.net over port :587 so one of the thing I had been trying earlier was to specify relayhost = smptauth.earthlink.net:587 (Which didn't work) at one point I had added smtpauth.earthlink.net:587 myname@earthlink.net:SECRET to the sasl_passwd file and apparently it was still set up that way. Removing the port number in the sasl_passwd file and rehashing fixed that problem.

After that everything worked(TM). So the problem was that I had all of the options right, I just didn't have them all right at the same time ;0)

Thanks for your help and patience Patrick!

Cheers,
Silas

=0)

Quote:
>>>-- mechanisms on smtpauth.earthlink.net:587 --
>>>
>>>
>>[p@mail ~]$ telnet smtpauth.earthlink.net 25
>>220-smtpauth08.mail.atl.earthlink.net ESMTP Exim 4.34 #26 Wed, 13 Jul 2005
>>10:17:23 -0400
>>220-NO UCE. EarthLink does not authorize the use of its computers or network
>>220 equipment to accept, transmit, or distribute unsolicited e-mail.
>>EHLO gw.state-of-mind.de
>>250-smtpauth08.mail.atl.earthlink.net Hello gw.state-of-mind.de [212.14.92.88]
>>250-SIZE 10485760
>>250-PIPELINING
>>250-AUTH PLAIN LOGIN CRAM-MD5
>>
>>There's PLAIN LOGIN and CRAM-MD5. Have you tried to authenticate without
>>Postfix using a regular mail client? Are username and password correct?
>>
>>p@rick
>>
>>
>
>Authentication works with both Thunderbird and Kmail. And yes the
>username/password pair is correct ;0).
>
>Cheers,
>Silas
>
>>
>>250-STARTTLS
>>250 HELP
>>QUIT
>>221 smtpauth08.mail.atl.earthlink.net closing connection
>>Connection closed by foreign host.
>>
>>
>>
>
>
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Postfix as a mail relay (getting relay access denied) hypexr Linux - Software 3 09-13-2005 07:15 PM
Kmail error "Unable to Authenticate via. CRAM-MD5" Spreegem Debian 2 08-04-2005 12:50 AM
MD5 Authentication To Get On A Network. s7rYd3r Linux - Wireless Networking 0 09-18-2004 11:44 AM
Cram-MD5 encryption pembo13 Linux - Security 5 04-30-2004 03:05 PM
using postfix to send through a relay server that requires authentication surban99 Linux - Software 1 04-27-2004 06:16 PM


All times are GMT -5. The time now is 01:16 PM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration