[SOLVED] postfix no mechanism available

bradvan · 12-12-2016, 02:05 PM

I'm running a CentOS 7 server for my personal domain. My ISP is Verizon and I used to send outgoing mail through their smtp server (with login/authentication). They recently decided it would be a great security feature to only allow outgoing mail with a verizon return address. So, I contracted with someone else to provide my outgoing e-mail service. I should only have had to change the relayhost and the entries in sasl_passwd. Which I did and re-hashed the file. However, it fails to connect and keeps telling me:

Code:

status=deferred (SASL authentication failed; cannot authenticate to server smtp-auth.nowhere.com[38.123.22.160]: no mechanism available)

cyrus-sasl-plain is installed. Any suggestions?

c0wb0y · 12-12-2016, 02:39 PM

Do you have access to your new SMTP server?

bradvan · 12-12-2016, 06:32 PM

I am able to telnet to the hostname and port. So, I know it is not a dns resolution problem nor a firewall problem. Just odd that it was working for years to Verizon. I just change the relay and all of a sudden, not mechanism available. I've re-installed cyrus-sasl-plain. No difference.

c0wb0y · 12-12-2016, 07:02 PM

Can you post output of:

Code:

postconf -n | grep smtpd_sasl

Check the config of cyrus-sasl, too. I can't tell you which line/s to look for as I don't use cyrus. Then test its IMAP/POP3 ports. You can use openssl for that.

bradvan · 12-12-2016, 08:09 PM

The postconf output:

Code:

smtpd_sasl_auth_enable = yes
smtpd_sasl_local_domain = $myhostname
smtpd_sasl_path = private/auth
smtpd_sasl_security_options = noanonymous
smtpd_sasl_type = dovecot

saslauth config:

Code:

aslauthd -v
saslauthd 2.1.26
authentication mechanisms: getpwent kerberos5 pam rimap shadow ldap httpform

c0wb0y · 12-12-2016, 08:44 PM

Quote:

smtpd_sasl_type = dovecot

If I understand correctly, you setup a cyrus-sasl. However, the output above does not seems to agree. And as I don't use cyrus-sasl, I won't be able to help you much there.

descendant_command · 12-12-2016, 11:56 PM

smtpd_sasl is for authenticating INCOMING smtp connections (with dovecot / cyrus / other).

You want the smtp_sasl_ directives for the smtp client.

c0wb0y · 12-13-2016, 12:17 AM

When an SMTP server receives an incoming connection, it acts as a server.
When an SMTP server connects to another SMTP server, it acts as a client.
When an email client such as Thunderbird connects to SMTP server because it wants to send an email out, it talks to the smtpd persona of the SMTP server. Hence, the smtpd_sasl_type = <whatever> is required.
When the SMTP server receives such connection, it consults its authentication back-end such as cyrus or dovecot.

Let me know if my interpretation in not correct

.

descendant_command · 12-13-2016, 12:59 AM

You are quite correct, but the OP is talking about authenticating to his new relayhost to sent mail OUT from his postfix.

Maybe it has to do with the fairly recent deprecation of the now insecure sslv3 'mechanism' (Debian systems will no longer use it by default, presumably CentOS7 is similar).

Investigation with an online checker such as https://www.ssllabs.com/ or talking to their tech support might help.

Also check out the postfix docs for how to increase the logging level for troubkeshooting this issue.

bradvan · 12-13-2016, 01:34 PM

Yes, I use dovecot for my client connection. I just got it working. I had:

Code:

smtp_tls_security_options = noanonymous

which apparently was a mistake. When I changed it to:

Code:

smtp_sasl_security_options = noanonymous

it started working!

Thanks to all for your suggestions and feedback!

yadheesh · 01-23-2017, 05:11 AM

Hi,

i'm also using the postfix and SMTP server ,, if the smtp account got expired then the message came like this,, Please check the smtp server..

RegARDS
YADEENDRAN