Postfix to relay through my ISPs SMTP with no tls problem

icebrian · 01-16-2007, 02:37 PM

Hi all,

I revert once again to this forum as I am at a loss as to what is happening.

I am running Slackware 11.0 as a mailserver that runs Postfix v2.3.3 + Dovecot-IMAP v1.0rc14 + MySQL (for virtual domains & accounts) + Postfix Admin v2.1.0.

My mailserver as is, is working fine with authentication and TLS encryption for sending however due to that fact that my e-mail was all being marked as SPAM (since no reverse lookup on my domain was possible) I decided to use my ISP's SMTP server for relaying.

To accomplish this I added the following to /etc/postfix/main.cf:

FYI my ISP's SMTP server requires authentication with no TLS.

Code:

relayhost = [smtp.myisp.pt]
smtp_use_tls = no
smtp_sasl_auth_enable = yes
smtp_sasl_password_maps = hash:/etc/postfix/smtp_auth
smtp_sasl_security_options = noanonymous

Then I edited smtp_auth to include my ISP SMTP server and ran postmap smtp_auth

However now every time I try to send mail I get the following error messages in /var/log/maillog:

Code:

Jan 16 20:18:52 cortex postfix/smtp[7751]: warning: unsupported SASL client implementation: cyrus
Jan 16 20:18:52 cortex postfix/smtp[7751]: fatal: SASL library initialization
Jan 16 20:18:53 cortex postfix/master[1434]: warning: process /usr/libexec/postfix/smtp pid 7751 exit status 1
Jan 16 20:18:53 cortex postfix/master[1434]: warning: /usr/libexec/postfix/smtp: bad command startup -- throttling

I have tried many different options in mainf.cf but I allways get the same error message. I also tried without the "noanonymous" but same thing happens.

As a reference I leave here my configuration files, any help would be much appreciated.

## postconf -n

Code:

alias_database = hash:/etc/mail/aliases
alias_maps = hash:/etc/mail/aliases
broken_sasl_auth_clients = yes
command_directory = /usr/sbin/
config_directory = /etc/postfix
daemon_directory = /usr/libexec/postfix
debug_peer_level = 2
html_directory = no
mail_owner = postfix
mailq_path = /usr/bin/mailq
manpage_directory = /usr/man
mydomain = mydomain.com
myhostname = mail.$mydomain
myorigin = $myhostname
newaliases_path = /usr/bin/newaliases
queue_directory = /var/spool/postfix
readme_directory = no
relay_domains = mysql:/etc/postfix/mysql_relay_domains_maps.cf
relayhost = [smtp.myisp.pt]
sample_directory = /etc/postfix
sendmail_path = /usr/sbin/sendmail
setgid_group = postdrop
smtp_sasl_auth_enable = yes
smtp_sasl_password_maps = hash:/etc/postfix/smtp_auth
smtp_sasl_security_options = noanonymous
smtp_use_tls = no
smtpd_enforce_tls = yes
smtpd_recipient_restrictions = permit_mynetworks,       permit_sasl_authenticated,      reject_unauth_destination
smtpd_sasl_auth_enable = yes
smtpd_sasl_local_domain =
smtpd_sasl_path = private/auth
smtpd_sasl_security_options = noanonymous
smtpd_sasl_type = dovecot
smtpd_tls_CAfile = /etc/ssl/mailca.pem
smtpd_tls_auth_only = yes
smtpd_tls_cert_file = /etc/ssl/certs/mail.pem
smtpd_tls_key_file = /etc/ssl/private/mail.pem
smtpd_tls_loglevel = 1
smtpd_tls_received_header = yes
smtpd_tls_security_level = may
smtpd_tls_session_cache_timeout = 3600s
smtpd_use_tls = yes
tls_random_source = dev:/dev/urandom
unknown_local_recipient_reject_code = 550
virtual_alias_maps = mysql:/etc/postfix/mysql_virtual_alias_maps.cf
virtual_gid_maps = static:102
virtual_mailbox_base = /home/mail
virtual_mailbox_domains = mysql:/etc/postfix/mysql_virtual_domains_maps.cf
virtual_mailbox_limit = 51200000
virtual_mailbox_maps = mysql:/etc/postfix/mysql_virtual_mailbox_maps.cf
virtual_minimum_uid = 1001
virtual_transport = virtual
virtual_uid_maps = static:1001

Berhanie · 01-16-2007, 04:57 PM

How did you compile postfix? Did you include support for Cyrus SASL? Post your makedefs.out.

icebrian · 01-17-2007, 06:00 AM

Hi Berhanie,

Thanks for your reply.

I have been using (when I can) precompiled packages, for postfix I used the following: http://www.linuxpackages.net/pkg_details.php?id=9775 as you can see in the description it is compiled with cyrus-sasl support.

Berhanie · 01-17-2007, 12:00 PM

Quote:

Originally Posted by icebrian

as you can see in the description it is compiled with cyrus-sasl

Yes, but it also says:

Quote:

This build supports TLS (needs openssl), MySQL (needs mysql) and SASL (needs cyrus-sasl-mysql).

Did you install the guy's cyrus-sasl-mysql package? (First, make sure you really need it, since I think Slackware 11 already comes with cyrus-sasl.)

icebrian · 01-17-2007, 01:21 PM

Yes slackware 11 does come with cyrus-sasl, which I have tried. I also downloaded source and compiled with the following options:

Code:

./configure --prefix=/usr --sysconfdir=/etc --enable-anon --enable-plain --enable-digest --enable-cram --with-mysql=/usr/bin --with-saslauthd=/usr/sbin

However the problem persists.

Concerning the guy's cyrus-sasl-mysql package it is at: http://www.linuxpackages.net/pkg_details.php?id=7543 although it has been compiled for slack 10.2 I also tried it but I keep getting the same error.

Berhanie · 01-17-2007, 05:04 PM

What do you get for

Code:

postconf -A

icebrian · 01-18-2007, 05:21 AM

for: postconf -A

nothing

for: postconf -a

dovecot

Berhanie · 01-18-2007, 11:28 AM

Then, we have a problem. I suspect that postfix wasn't built with Cyrus SASL as advertised. Here's mine:

Code:

root@machine:~# postconf -A
cyrus
root@machine:~# ldd /usr/local/libexec/postfix/smtp
        libsasl2.so.2 => /usr/local/lib/libsasl2.so.2 (0x4002d000)
        ...

You can do a ldd as above for the final proof. Yours is probably in /usr/libexec rather than /usr/local/libexec.

icebrian · 01-18-2007, 01:11 PM

Humm ldd also output's libsasl2.so.2

Code:

root@cortex:~# ldd /usr/libexec/postfix/smtp
        libsasl2.so.2 => /usr/lib/libsasl2.so.2 (0x40022000)
        libssl.so.0 => /usr/lib/libssl.so.0 (0x40038000)
        libcrypto.so.0 => /usr/lib/libcrypto.so.0 (0x40077000)
        libmysqlclient.so.15 => /usr/lib/libmysqlclient.so.15 (0x401b0000)
        libz.so.1 => /usr/lib/libz.so.1 (0x402f3000)
        libm.so.6 => /lib/libm.so.6 (0x40305000)
        libpcre.so.0 => /usr/lib/libpcre.so.0 (0x40328000)
        libdb-4.4.so => /lib/libdb-4.4.so (0x40346000)
        libnsl.so.1 => /lib/libnsl.so.1 (0x40445000)
        libresolv.so.2 => /lib/libresolv.so.2 (0x4045b000)
        libc.so.6 => /lib/libc.so.6 (0x4046f000)
        libdl.so.2 => /lib/libdl.so.2 (0x4059d000)
        libcrypt.so.1 => /lib/libcrypt.so.1 (0x405a1000)
        /lib/ld-linux.so.2 (0x40000000)

icebrian · 01-18-2007, 02:29 PM

Berhanie, firstly i'd like to thank you for all your help! It has been invaluable as to tracking down the problem which apparently was the package as you had stated.

I tried a different package http://www.linuxpackages.net/pkg_details.php?id=10281 and now everything is working perfectly.

Code:

#postconf -A
cyrus

Once again thanks!

Berhanie · 01-18-2007, 06:45 PM

You're welcome, and congratulations.