LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Server (https://www.linuxquestions.org/questions/linux-server-73/)
-   -   postfix no mechanism available (https://www.linuxquestions.org/questions/linux-server-73/postfix-no-mechanism-available-4175595296/)

bradvan 12-12-2016 02:05 PM
postfix no mechanism available
 
I'm running a CentOS 7 server for my personal domain. My ISP is Verizon and I used to send outgoing mail through their smtp server (with login/authentication). They recently decided it would be a great security feature to only allow outgoing mail with a verizon return address. So, I contracted with someone else to provide my outgoing e-mail service. I should only have had to change the relayhost and the entries in sasl_passwd. Which I did and re-hashed the file. However, it fails to connect and keeps telling me:


Code:
status=deferred (SASL authentication failed; cannot authenticate to server smtp-auth.nowhere.com[38.123.22.160]: no mechanism available)
cyrus-sasl-plain is installed. Any suggestions?

c0wb0y 12-12-2016 02:39 PM
Do you have access to your new SMTP server?

bradvan 12-12-2016 06:32 PM
I am able to telnet to the hostname and port. So, I know it is not a dns resolution problem nor a firewall problem. Just odd that it was working for years to Verizon. I just change the relay and all of a sudden, not mechanism available. I've re-installed cyrus-sasl-plain. No difference.

c0wb0y 12-12-2016 07:02 PM
Can you post output of:
Code:
postconf -n | grep smtpd_sasl
Check the config of cyrus-sasl, too. I can't tell you which line/s to look for as I don't use cyrus. Then test its IMAP/POP3 ports. You can use openssl for that.

bradvan 12-12-2016 08:09 PM
The postconf output:

Code:
smtpd_sasl_auth_enable = yes
smtpd_sasl_local_domain = $myhostname
smtpd_sasl_path = private/auth
smtpd_sasl_security_options = noanonymous
smtpd_sasl_type = dovecot
saslauth config:
Code:
aslauthd -v
saslauthd 2.1.26
authentication mechanisms: getpwent kerberos5 pam rimap shadow ldap httpform

c0wb0y 12-12-2016 08:44 PM
Quote:
smtpd_sasl_type = dovecot
If I understand correctly, you setup a cyrus-sasl. However, the output above does not seems to agree. And as I don't use cyrus-sasl, I won't be able to help you much there.

descendant_command 12-12-2016 11:56 PM
smtpd_sasl is for authenticating INCOMING smtp connections (with dovecot / cyrus / other).

You want the smtp_sasl_ directives for the smtp client.

c0wb0y 12-13-2016 12:17 AM
When an SMTP server receives an incoming connection, it acts as a server.
When an SMTP server connects to another SMTP server, it acts as a client.
When an email client such as Thunderbird connects to SMTP server because it wants to send an email out, it talks to the smtpd persona of the SMTP server. Hence, the smtpd_sasl_type = <whatever> is required.
When the SMTP server receives such connection, it consults its authentication back-end such as cyrus or dovecot.

Let me know if my interpretation in not correct :) .

descendant_command 12-13-2016 12:59 AM
You are quite correct, but the OP is talking about authenticating to his new relayhost to sent mail OUT from his postfix.

Maybe it has to do with the fairly recent deprecation of the now insecure sslv3 'mechanism' (Debian systems will no longer use it by default, presumably CentOS7 is similar).

Investigation with an online checker such as https://www.ssllabs.com/ or talking to their tech support might help.

Also check out the postfix docs for how to increase the logging level for troubkeshooting this issue.

bradvan 12-13-2016 01:34 PM
Yes, I use dovecot for my client connection. I just got it working. I had:
Code:
smtp_tls_security_options = noanonymous
which apparently was a mistake. When I changed it to:
Code:
smtp_sasl_security_options = noanonymous
it started working!

Thanks to all for your suggestions and feedback! :)

yadheesh 01-23-2017 05:11 AM
Hi,

i'm also using the postfix and SMTP server ,, if the smtp account got expired then the message came like this,, Please check the smtp server..

RegARDS
YADEENDRAN


All times are GMT -5. The time now is 02:35 PM.