LinuxQuestions.org
Share your knowledge at the LQ Wiki.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Server
User Name
Password
Linux - Server This forum is for the discussion of Linux Software used in a server related context.

Notices


Reply
  Search this Thread
Old 12-12-2016, 02:05 PM   #1
bradvan
Member
 
Registered: Mar 2009
Posts: 355

Rep: Reputation: 60
postfix no mechanism available


I'm running a CentOS 7 server for my personal domain. My ISP is Verizon and I used to send outgoing mail through their smtp server (with login/authentication). They recently decided it would be a great security feature to only allow outgoing mail with a verizon return address. So, I contracted with someone else to provide my outgoing e-mail service. I should only have had to change the relayhost and the entries in sasl_passwd. Which I did and re-hashed the file. However, it fails to connect and keeps telling me:


Code:
status=deferred (SASL authentication failed; cannot authenticate to server smtp-auth.nowhere.com[38.123.22.160]: no mechanism available)
cyrus-sasl-plain is installed. Any suggestions?
 
Old 12-12-2016, 02:39 PM   #2
c0wb0y
Member
 
Registered: Jan 2012
Location: Inside the oven
Distribution: Windows
Posts: 417

Rep: Reputation: 74
Do you have access to your new SMTP server?
 
Old 12-12-2016, 06:32 PM   #3
bradvan
Member
 
Registered: Mar 2009
Posts: 355

Original Poster
Rep: Reputation: 60
I am able to telnet to the hostname and port. So, I know it is not a dns resolution problem nor a firewall problem. Just odd that it was working for years to Verizon. I just change the relay and all of a sudden, not mechanism available. I've re-installed cyrus-sasl-plain. No difference.
 
Old 12-12-2016, 07:02 PM   #4
c0wb0y
Member
 
Registered: Jan 2012
Location: Inside the oven
Distribution: Windows
Posts: 417

Rep: Reputation: 74
Can you post output of:
Code:
postconf -n | grep smtpd_sasl
Check the config of cyrus-sasl, too. I can't tell you which line/s to look for as I don't use cyrus. Then test its IMAP/POP3 ports. You can use openssl for that.
 
Old 12-12-2016, 08:09 PM   #5
bradvan
Member
 
Registered: Mar 2009
Posts: 355

Original Poster
Rep: Reputation: 60
The postconf output:

Code:
smtpd_sasl_auth_enable = yes
smtpd_sasl_local_domain = $myhostname
smtpd_sasl_path = private/auth
smtpd_sasl_security_options = noanonymous
smtpd_sasl_type = dovecot
saslauth config:
Code:
aslauthd -v
saslauthd 2.1.26
authentication mechanisms: getpwent kerberos5 pam rimap shadow ldap httpform
 
Old 12-12-2016, 08:44 PM   #6
c0wb0y
Member
 
Registered: Jan 2012
Location: Inside the oven
Distribution: Windows
Posts: 417

Rep: Reputation: 74
Quote:
smtpd_sasl_type = dovecot
If I understand correctly, you setup a cyrus-sasl. However, the output above does not seems to agree. And as I don't use cyrus-sasl, I won't be able to help you much there.
 
Old 12-12-2016, 11:56 PM   #7
descendant_command
Senior Member
 
Registered: Mar 2012
Posts: 1,744

Rep: Reputation: 560Reputation: 560Reputation: 560Reputation: 560Reputation: 560Reputation: 560
smtpd_sasl is for authenticating INCOMING smtp connections (with dovecot / cyrus / other).

You want the smtp_sasl_ directives for the smtp client.
 
1 members found this post helpful.
Old 12-13-2016, 12:17 AM   #8
c0wb0y
Member
 
Registered: Jan 2012
Location: Inside the oven
Distribution: Windows
Posts: 417

Rep: Reputation: 74
When an SMTP server receives an incoming connection, it acts as a server.
When an SMTP server connects to another SMTP server, it acts as a client.
When an email client such as Thunderbird connects to SMTP server because it wants to send an email out, it talks to the smtpd persona of the SMTP server. Hence, the smtpd_sasl_type = <whatever> is required.
When the SMTP server receives such connection, it consults its authentication back-end such as cyrus or dovecot.

Let me know if my interpretation in not correct .

Last edited by c0wb0y; 12-13-2016 at 12:57 AM.
 
Old 12-13-2016, 12:59 AM   #9
descendant_command
Senior Member
 
Registered: Mar 2012
Posts: 1,744

Rep: Reputation: 560Reputation: 560Reputation: 560Reputation: 560Reputation: 560Reputation: 560
You are quite correct, but the OP is talking about authenticating to his new relayhost to sent mail OUT from his postfix.

Maybe it has to do with the fairly recent deprecation of the now insecure sslv3 'mechanism' (Debian systems will no longer use it by default, presumably CentOS7 is similar).

Investigation with an online checker such as https://www.ssllabs.com/ or talking to their tech support might help.

Also check out the postfix docs for how to increase the logging level for troubkeshooting this issue.

Last edited by descendant_command; 12-13-2016 at 01:02 AM.
 
1 members found this post helpful.
Old 12-13-2016, 01:34 PM   #10
bradvan
Member
 
Registered: Mar 2009
Posts: 355

Original Poster
Rep: Reputation: 60
Yes, I use dovecot for my client connection. I just got it working. I had:
Code:
smtp_tls_security_options = noanonymous
which apparently was a mistake. When I changed it to:
Code:
smtp_sasl_security_options = noanonymous
it started working!

Thanks to all for your suggestions and feedback!
 
Old 01-23-2017, 05:11 AM   #11
yadheesh
LQ Newbie
 
Registered: May 2015
Location: Bangalore
Distribution: Cent-OS
Posts: 18

Rep: Reputation: Disabled
Hi,

i'm also using the postfix and SMTP server ,, if the smtp account got expired then the message came like this,, Please check the smtp server..

RegARDS
YADEENDRAN
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
postfix sasl . no mechanism available swanny99 Linux - Server 3 03-10-2015 08:57 AM
how to smtp_auth in postfix server running centos using the ldap mechanism/database. SarahGurung Linux - Server 1 06-05-2014 09:58 AM
[SOLVED] recursion mechanism bhatia.ankur8 Programming 14 08-31-2011 12:00 PM
about mechanism of squid nima0102 Linux - Server 1 07-13-2009 02:40 AM
caching mechanism sulekha Ubuntu 3 10-18-2008 12:12 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Server

All times are GMT -5. The time now is 07:49 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration