NEOHAPSIS - Peace of Mind Through Integrity and Insight

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com

Neohapsis > Archives > Postfix Discussion> 2004-03

Postfix+TLS+SMTP-AUTH on submission(port 587)

From: Adam Young (adamvbfx.com)
Date: Tue Mar 09 2004 - 21:16:28 CST

Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hey List,

I've been a long time lurker on this list, and I'm looking for an answer I
really can't find. I'm not really sure what I'm looking for though, since the
errors I'm getting aren't very verbose. Anyways, the basic's of it is... my
userbase are generally going to be using Outlook Express, which I'm told uses
LOGIN for SMTP-AUTH, so I definately want to go the way of forcing a TLS smtp
session to keep passwords protected. I want to use the saslauthd method to be
able to authenticate against the /etc/passwd file.

A little extra information. This excerpt from logs was an Outlook Express mail
client with "My mail server requires authentication" checked, and "My server
requires a secure connection SSL" checked, as well as explicitly defining the
port to connect to as "587".

I should also mention, I used Simon J. Mudd's src.rpm to build postfix-2.0.18
from source with the TLS patch and SASL enabled.

I think this is all the pertinant information (though if it's not, I'm sure I'll
find out from you guys):

postconf -d mail_version
mail_version = 2.0.18
rpm -qa cyrus-sasl
cyrus-sasl-1.5.28-2

saslauthd starts with `/usr/sbin/saslauthd -m /var/run/saslauthd/mux -a shadow`

master.cf (submisssion entry):
---
submission inet n - n - - smtpd -vvvv
-o smtpd_sasl_auth_enable=yes
-o smtpd_recipient_restricts=permit_sasl_authenticated,reject
---

main.cf (postconf -n | egrep 'sasl|tls'):
---
smtpd_sasl_local_domain = $myhostname
smtpd_sasl_security_options = noanonymous
smtpd_tls_CAfile = /etc/postfix/cacert.pem
smtpd_tls_cert_file = /etc/postfix/newcert.pem
smtpd_tls_key_file = /etc/postfix/newreq.pem
smtpd_tls_loglevel = 3
smtpd_tls_received_header = yes
smtpd_tls_session_cache_timeout = 3600s
smtpd_use_tls = yes
tls_random_source = dev:/dev/urandom
---

excerpt from maillog:
---
Mar 9 13:55:44 www postfix/smtpd[18747]: match_string: mynetworks ~?
debug_peer_list
Mar 9 13:55:44 www postfix/smtpd[18747]: match_string: mynetworks ~?
fast_flush_domains
Mar 9 13:55:44 www postfix/smtpd[18747]: match_string: mynetworks ~? mynetworks
Mar 9 13:55:44 www postfix/smtpd[18747]: match_string: relay_domains ~?
debug_peer_list
Mar 9 13:55:44 www postfix/smtpd[18747]: match_string: relay_domains ~?
fast_flush_domains
Mar 9 13:55:44 www postfix/smtpd[18747]: match_string: relay_domains ~?
mynetworks
Mar 9 13:55:44 www postfix/smtpd[18747]: match_string: relay_domains ~?
permit_mx_backup_networks
Mar 9 13:55:44 www postfix/smtpd[18747]: match_string: relay_domains ~?
qmqpd_authorized_clients
Mar 9 13:55:44 www postfix/smtpd[18747]: match_string: relay_domains ~?
relay_domains
Mar 9 13:55:44 www postfix/smtpd[18747]: match_string:
permit_mx_backup_networks ~? debug_peer_list
Mar 9 13:55:44 www postfix/smtpd[18747]: match_string:
permit_mx_backup_networks ~? fast_flush_domains
Mar 9 13:55:44 www postfix/smtpd[18747]: match_string:
permit_mx_backup_networks ~? mynetworks
Mar 9 13:55:44 www postfix/smtpd[18747]: match_string:
permit_mx_backup_networks ~? permit_mx_backup_networks
Mar 9 13:55:44 www postfix/smtpd[18747]: maps_append: proxy:unix:passwd.byname
Mar 9 13:55:44 www postfix/smtpd[18747]: connect to subsystem private/proxymap
Mar 9 13:55:44 www postfix/smtpd[18747]: send attr request = open
Mar 9 13:55:44 www postfix/smtpd[18747]: send attr table = unix:passwd.byname
Mar 9 13:55:44 www postfix/smtpd[18747]: send attr flags = 64
Mar 9 13:55:44 www postfix/smtpd[18747]: private/proxymap socket: wanted
attribute: status
Mar 9 13:55:44 www postfix/smtpd[18747]: input attribute name: status
Mar 9 13:55:44 www postfix/smtpd[18747]: input attribute value: 0
Mar 9 13:55:44 www postfix/smtpd[18747]: private/proxymap socket: wanted
attribute: flags
Mar 9 13:55:44 www postfix/smtpd[18747]: input attribute name: flags
Mar 9 13:55:44 www postfix/smtpd[18747]: input attribute value: 80
Mar 9 13:55:44 www postfix/smtpd[18747]: private/proxymap socket: wanted
attribute: (list terminator)
Mar 9 13:55:44 www postfix/smtpd[18747]: input attribute name: (end)
Mar 9 13:55:44 www postfix/smtpd[18747]: dict_proxy_open: connect to
map=unix:passwd.byname status=0 server_flags=0120
Mar 9 13:55:44 www postfix/smtpd[18747]: dict_open: proxy:unix:passwd.byname
Mar 9 13:55:44 www postfix/smtpd[18747]: maps_append: hash:/etc/postfix/aliases
Mar 9 13:55:44 www postfix/smtpd[18747]: dict_open: hash:/etc/postfix/aliases
Mar 9 13:55:44 www postfix/smtpd[18747]: match_string: smtpd_access_maps ~?
debug_peer_list
Mar 9 13:55:44 www postfix/smtpd[18747]: match_string: smtpd_access_maps ~?
fast_flush_domains
Mar 9 13:55:44 www postfix/smtpd[18747]: match_string: smtpd_access_maps ~?
mynetworks
Mar 9 13:55:44 www postfix/smtpd[18747]: match_string: smtpd_access_maps ~?
permit_mx_backup_networks
Mar 9 13:55:44 www postfix/smtpd[18747]: match_string: smtpd_access_maps ~?
qmqpd_authorized_clients
Mar 9 13:55:44 www postfix/smtpd[18747]: match_string: smtpd_access_maps ~?
relay_domains
Mar 9 13:55:44 www postfix/smtpd[18747]: match_string: smtpd_access_maps ~?
smtpd_access_maps
Mar 9 13:55:44 www postfix/smtpd[18747]: dict_open:
hash:/etc/postfix/client_access
Mar 9 13:55:44 www postfix/smtpd[18747]: dict_open:
regexp:/etc/postfix/helo_access
Mar 9 13:55:44 www postfix/smtpd[18747]: dict_open:
hash:/etc/postfix/sender_whitelist
Mar 9 13:55:44 www postfix/smtpd[18747]: dict_open:
hash:/etc/postfix/sender_blacklist
Mar 9 13:55:44 www postfix/smtpd[18747]: starting TLS engine
Mar 9 13:55:44 www postfix/smtpd[18747]: watchdog_create: 0x80db2a8 18000
Mar 9 13:55:44 www postfix/smtpd[18747]: watchdog_stop: 0x80db2a8
Mar 9 13:55:44 www postfix/smtpd[18747]: watchdog_start: 0x80db2a8
Mar 9 13:55:44 www postfix/smtpd[18747]: connection established
Mar 9 13:55:44 www postfix/smtpd[18747]: master_notify: status 0
Mar 9 13:55:44 www postfix/smtpd[18747]: name_mask: resource
Mar 9 13:55:44 www postfix/smtpd[18747]: name_mask: software
Mar 9 13:55:44 www postfix/smtpd[18747]: name_mask: noanonymous
Mar 9 13:55:44 www postfix/smtpd[18747]: connect from
pc-0-34.mountaincable.net[24.215.0.34]
Mar 9 13:55:44 www postfix/smtpd[18747]: >
pc-0-34.mountaincable.net[24.215.0.34]: 220 Mountain Cablevision Ltd
Mar 9 13:55:44 www postfix/smtpd[18747]: watchdog_pat: 0x80db2a8
Mar 9 13:55:44 www postfix/smtpd[18747]: <
pc-0-34.mountaincable.net[24.215.0.34]: ???
Mar 9 13:55:44 www postfix/smtpd[18747]: >
pc-0-34.mountaincable.net[24.215.0.34]: 502 Error: command not implemented
Mar 9 13:55:44 www postfix/smtpd[18748]: match_string: mynetworks ~?
debug_peer_list
Mar 9 13:55:44 www postfix/smtpd[18748]: match_string: mynetworks ~?
fast_flush_domains
Mar 9 13:55:44 www postfix/smtpd[18748]: match_string: mynetworks ~? mynetworks
Mar 9 13:55:44 www postfix/smtpd[18748]: match_string: relay_domains ~?
debug_peer_list
Mar 9 13:55:44 www postfix/smtpd[18748]: match_string: relay_domains ~?
fast_flush_domains
Mar 9 13:55:44 www postfix/smtpd[18748]: match_string: relay_domains ~?
mynetworks
Mar 9 13:55:44 www postfix/smtpd[18748]: match_string: relay_domains ~?
permit_mx_backup_networks
Mar 9 13:55:44 www postfix/smtpd[18748]: match_string: relay_domains ~?
qmqpd_authorized_clients
Mar 9 13:55:44 www postfix/smtpd[18748]: match_string: relay_domains ~?
relay_domains
Mar 9 13:55:44 www postfix/smtpd[18748]: match_string:
permit_mx_backup_networks ~? debug_peer_list
Mar 9 13:55:44 www postfix/smtpd[18748]: match_string:
permit_mx_backup_networks ~? fast_flush_domains
Mar 9 13:55:44 www postfix/smtpd[18748]: match_string:
permit_mx_backup_networks ~? mynetworks
Mar 9 13:55:44 www postfix/smtpd[18748]: match_string:
permit_mx_backup_networks ~? permit_mx_backup_networks
Mar 9 13:55:44 www postfix/smtpd[18748]: maps_append: proxy:unix:passwd.byname
Mar 9 13:55:44 www postfix/smtpd[18748]: connect to subsystem private/proxymap
Mar 9 13:55:44 www postfix/smtpd[18748]: send attr request = open
Mar 9 13:55:44 www postfix/smtpd[18748]: send attr table = unix:passwd.byname
Mar 9 13:55:44 www postfix/smtpd[18748]: send attr flags = 64
Mar 9 13:55:44 www postfix/smtpd[18748]: private/proxymap socket: wanted
attribute: status
Mar 9 13:55:44 www postfix/smtpd[18748]: input attribute name: status
Mar 9 13:55:44 www postfix/smtpd[18748]: input attribute value: 0
Mar 9 13:55:44 www postfix/smtpd[18748]: private/proxymap socket: wanted
attribute: flags
Mar 9 13:55:44 www postfix/smtpd[18748]: input attribute name: flags
Mar 9 13:55:44 www postfix/smtpd[18748]: input attribute value: 80
Mar 9 13:55:44 www postfix/smtpd[18748]: private/proxymap socket: wanted
attribute: (list terminator)
Mar 9 13:55:44 www postfix/smtpd[18748]: input attribute name: (end)
Mar 9 13:55:44 www postfix/smtpd[18748]: dict_proxy_open: connect to
map=unix:passwd.byname status=0 server_flags=0120
Mar 9 13:55:44 www postfix/smtpd[18748]: dict_open: proxy:unix:passwd.byname
Mar 9 13:55:44 www postfix/smtpd[18748]: maps_append: hash:/etc/postfix/aliases
Mar 9 13:55:44 www postfix/smtpd[18748]: dict_open: hash:/etc/postfix/aliases
Mar 9 13:55:44 www postfix/smtpd[18748]: match_string: smtpd_access_maps ~?
debug_peer_list
Mar 9 13:55:44 www postfix/smtpd[18748]: match_string: smtpd_access_maps ~?
fast_flush_domains
Mar 9 13:55:44 www postfix/smtpd[18748]: match_string: smtpd_access_maps ~?
mynetworks
Mar 9 13:55:44 www postfix/smtpd[18748]: match_string: smtpd_access_maps ~?
permit_mx_backup_networks
Mar 9 13:55:44 www postfix/smtpd[18748]: match_string: smtpd_access_maps ~?
qmqpd_authorized_clients
Mar 9 13:55:44 www postfix/smtpd[18748]: match_string: smtpd_access_maps ~?
relay_domains
Mar 9 13:55:44 www postfix/smtpd[18748]: match_string: smtpd_access_maps ~?
smtpd_access_maps
Mar 9 13:55:44 www postfix/smtpd[18748]: dict_open:
hash:/etc/postfix/client_access
Mar 9 13:55:44 www postfix/smtpd[18748]: dict_open:
regexp:/etc/postfix/helo_access
Mar 9 13:55:44 www postfix/smtpd[18748]: dict_open:
hash:/etc/postfix/sender_whitelist
Mar 9 13:55:44 www postfix/smtpd[18748]: dict_open:
hash:/etc/postfix/sender_blacklist
Mar 9 13:55:44 www postfix/smtpd[18748]: starting TLS engine
Mar 9 13:55:44 www postfix/smtpd[18748]: watchdog_create: 0x80db2a8 18000
Mar 9 13:55:44 www postfix/smtpd[18748]: watchdog_stop: 0x80db2a8
Mar 9 13:55:44 www postfix/smtpd[18748]: watchdog_start: 0x80db2a8
Mar 9 13:55:44 www postfix/smtpd[18748]: connection established
Mar 9 13:55:44 www postfix/smtpd[18748]: master_notify: status 0
Mar 9 13:55:44 www postfix/smtpd[18748]: name_mask: resource
Mar 9 13:55:44 www postfix/smtpd[18748]: name_mask: software
Mar 9 13:55:44 www postfix/smtpd[18748]: name_mask: noanonymous
Mar 9 13:55:44 www postfix/smtpd[18748]: connect from
pc-0-34.mountaincable.net[24.215.0.34]
Mar 9 13:55:44 www postfix/smtpd[18748]: >
pc-0-34.mountaincable.net[24.215.0.34]: 220 Mountain Cablevision Ltd
Mar 9 13:55:44 www postfix/smtpd[18748]: watchdog_pat: 0x80db2a8
Mar 9 13:55:44 www postfix/smtpd[18748]: smtp_get: EOF
Mar 9 13:55:44 www postfix/smtpd[18748]: lost connection after CONNECT from
pc-0-34.mountaincable.net[24.215.0.34]
Mar 9 13:55:44 www postfix/smtpd[18748]: disconnect from
pc-0-34.mountaincable.net[24.215.0.34]
Mar 9 13:55:44 www postfix/smtpd[18748]: master_notify: status 1
Mar 9 13:55:44 www postfix/smtpd[18748]: connection closed
Mar 9 13:55:44 www postfix/smtpd[18748]: watchdog_stop: 0x80db2a8
Mar 9 13:55:44 www postfix/smtpd[18748]: watchdog_start: 0x80db2a8
Mar 9 13:55:54 www postfix/smtpd[18747]: watchdog_pat: 0x80db2a8
Mar 9 13:55:54 www postfix/smtpd[18747]: smtp_get: EOF
Mar 9 13:55:54 www postfix/smtpd[18747]: lost connection after CONNECT from
pc-0-34.mountaincable.net[24.215.0.34]
Mar 9 13:55:54 www postfix/smtpd[18747]: disconnect from
pc-0-34.mountaincable.net[24.215.0.34]
Mar 9 13:55:54 www postfix/smtpd[18747]: master_notify: status 1
Mar 9 13:55:54 www postfix/smtpd[18747]: connection closed
Mar 9 13:55:54 www postfix/smtpd[18747]: watchdog_stop: 0x80db2a8
---

Thanks for all your help in advance,

--
    Adam Young <adam_at_vbfx_dot_com>
    http://www.vbfx.com/
    GPG Key - 5B3375F8

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)

iD8DBQFAToiRtQcc7lszdfgRAiAOAJ0Q0d2DvC1jpdDVKzE61Qu6rPtLCACgrETE
CqEW9xeX4H4LwOXYXaBi64I=
=GZf/
-----END PGP SIGNATURE-----

Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]