LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Slackware (https://www.linuxquestions.org/questions/slackware-14/)
-   -   postfix - warning: SASL authentication failure: No worthy mechs found (https://www.linuxquestions.org/questions/slackware-14/postfix-warning-sasl-authentication-failure-no-worthy-mechs-found-887026/)

matters 06-18-2011 05:11 AM
postfix - warning: SASL authentication failure: No worthy mechs found
 
Hey guys!

I wanted to test sending emails using external isp gmx.

however after installing postfix 2.8.3 +cyrus + mysql

and adding in main.cf
Code:
#### ADDED BY HAND TO USE MY ISP SMTP ACCOUNT WHEN SENDING EMAILS ####
relayhost = [mail.gmx.com]
smtp_sasl_auth_enable=yes
smtp_sasl_password_maps=hash:/etc/postfix/sasl-passwords
and in /etc/postfix/sasl-passwords
Code:
[mail.gmx.com] myusername@gmx.com:mypassword
in /var/log/mailllog i get errors like this:

Code:
Jun 18 11:17:53 parade postfix/smtp[24010]: 4273736803C: to=<myusername@gmail.com>, relay=mail.gmx.com[213.165.64.44]:25, delay=33982, delays=33981/0.03/0.51/0, dsn=4.7.0, status=deferred (SASL authentication failed; cannot authenticate to server mail.gmx.com[213.165.64.44]: no mechanism available)
Jun 18 11:32:53 parade postfix/qmgr[22710]: 159BE368034: from=<root@berlin.internal>, size=474, nrcpt=1 (queue active)
Jun 18 11:32:53 parade postfix/smtp[24079]: warning: SASL authentication failure: No worthy mechs found
Jun 18 11:32:53 parade postfix/smtp[24079]: 159BE368034: SASL authentication failed; cannot authenticate to server mail.gmx.com[213.165.64.45]: no mechanism available
and to see what i have in /usr/sasl2/lib
Code:
/usr/lib/sasl2# ls
libcrammd5.la          liblogin.la        libplain.la
libcrammd5.so          liblogin.so        libplain.so
libcrammd5.so.2        liblogin.so.2      libplain.so.2
libcrammd5.so.2.0.23    liblogin.so.2.0.23  libplain.so.2.0.23
libdigestmd5.la        libotp.la          libsasldb.la
libdigestmd5.so        libotp.so          libsasldb.so
libdigestmd5.so.2      libotp.so.2        libsasldb.so.2
libdigestmd5.so.2.0.23  libotp.so.2.0.23    libsasldb.so.2.0.23
im wondering where the problem might be?

thanks

wargus 06-18-2011 05:52 AM
After writing your sasl-passwords file, did you

Code:
postmap sasl_passwords
which creates a database from your password file. You need this since you are using the hashed table with your configuration

Code:
smtp_sasl_password_maps=hash:/etc/postfix/sasl-passwords
check for the output, I don't use it anymore but as far as I remember there will be a sasl-passwords.db or something.

:hattip:

matters 06-18-2011 08:02 AM
yes i have created sasl-passwords.db
im reading and it shows that this error msg usually shows up because theres no required sasl2 modules installed,

if thats the case im wondering how i can find specific sasl2 plugin for cyrus when it comes to slackware? because i installed postfix + cyrus + mysql from slackbuilds version 2.8.3.

thanks guys

wargus 06-18-2011 10:00 AM
OK so I can't help here, but I remember that I had problems with cyrus too, so I simply used the dovecot sasl auth since I had to install dovecot anyways (postfix and the slackbuild script are already prepared for that and postfix tries to shy away from cyrus, according the READMEs)


:hattip:

Mike_M 06-18-2011 02:22 PM
By default the Postfix SMTP client does not support plain text auth mechanisms. The remote server mentioned in your post only supports plain text auth (LOGIN and PLAIN). Have you set the smtp_sasl_security_options configuration directive, or did you leave it as the default? Try setting that in main.cf as follows:

Code:
smtp_sasl_security_options = noanonymous
Then issue a "postfix reload".

For future reference it is generally a good idea to include the output of "postconf -n" when asking for help with Postfix. This allows people helping you see what changes you have made to your configuration. ("postconf -n" prints out the non-default configuration parameters in main.cf.)

Mike_M 06-18-2011 02:24 PM
Quote:
Originally Posted by wargus (Post 4389378)
OK so I can't help here, but I remember that I had problems with cyrus too, so I simply used the dovecot sasl auth since I had to install dovecot anyways (postfix and the slackbuild script are already prepared for that and postfix tries to shy away from cyrus, according the READMEs)


:hattip:
Just an FYI, the Dovecot SASL implementation can not be used for authentication with the Postfix SMTP client. Only SMTP server auth is supported in Postfix when using Dovecot. The OP needs the former in this case.

matters 06-20-2011 06:56 AM
Quote:
Originally Posted by Mike_M (Post 4389520)
By default the Postfix SMTP client does not support plain text auth mechanisms. The remote server mentioned in your post only supports plain text auth (LOGIN and PLAIN). Have you set the smtp_sasl_security_options configuration directive, or did you leave it as the default? Try setting that in main.cf as follows:

Code:
smtp_sasl_security_options = noanonymous
Then issue a "postfix reload".

For future reference it is generally a good idea to include the output of "postconf -n" when asking for help with Postfix. This allows people helping you see what changes you have made to your configuration. ("postconf -n" prints out the non-default configuration parameters in main.cf.)
yes thats correct had to read sasl readme :) thanks

modonnell 01-08-2015 02:51 PM
Thank you! This one had been driving me nuts. After hating the @55h01e5 at ComCast for years we decided to try hating the @55h01e5 at Verizon/FiOS for a while, and it was *waaaayyy* harder than it ought to have been to get the Postfix SMTP client to relay through their server (which for a while appears to actually have been a Yahoo! box?!) and it involved rigging SMTPS and using stunnel - what a PITA!

But after I finally got it working it seemed OK for a few months... until suddenly it wasn't. For whatever reason, Thunderbird continued working right along even when Postfix was failing, but I couldn't abandon Postfix as I'm hopelessly addicted to MH (and exmh) and I don't know of any way to relay through Thunderbird. The clues provided in this thread about smtp_sasl_security_options=noanonymous were what finally got things working again - yay! Now the FiOS server IDs itself as something from Oracle, so I'm assuming my config got b0rken when they switched over...

FWIW, here's the (mostly canonical, prettified) Postfix main.cf I'm using on my Linux box:

Quote:
alias_database=hash:/etc/aliases
alias_maps=hash:/etc/aliases
append_dot_mydomain=no
biff=no
inet_interfaces=all
inet_protocols=all
mailbox_command=procmail -a "$EXTENSION"
mailbox_size_limit=0
mydestination=localdomain
myhostname=YOUR_HOSTNAME_HERE
myorigin=/etc/mailname
readme_directory=no
recipient_delimiter=.
relayhost=[127.0.0.1]:11125
smtpd_banner=$myhostname ESMTP $mail_name (Debian/GNU)
smtpd_relay_restrictions=permit_mynetworks permit_sasl_authenticated defer_unauth_destination
smtpd_tls_cert_file=/etc/ssl/certs/ssl-cert-snakeoil.pem
smtpd_tls_key_file=/etc/ssl/private/ssl-cert-snakeoil.key
smtpd_tls_session_cache_database=btree:${data_directory}/smtpd_scache
smtpd_use_tls=no
smtp_sasl_auth_enable=yes
smtp_sasl_password_maps=hash:/etc/postfix/sasl_passwd
smtp_sasl_security_options=noanonymous
smtp_tls_session_cache_database=btree:${data_directory}/smtp_scache
...and my stunnel config was the canonical one as recommended in the Postfix docs.

dugan 01-08-2015 05:51 PM
Quote:
Originally Posted by matters (Post 4389213)
im wondering where the problem might be?

thanks
It's just like it says. You mechs aren't worthy. Get some better giant robots.

(sorry couldn't resist)


All times are GMT -5. The time now is 02:59 PM.