From: Andreas Winkelmann (mlawinkelmann.de)
Date: Sat Jul 08 2006 - 05:23:09 CDT

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Am Saturday 08 July 2006 10:10 schrieb Bruce Lane:

> Fellow postfixers,
>
> Honestly, I'm stumped. More than that, I'm seriously frustrated, and about
> ready to give Dovecot a try instead of Cyrus-SASL. I figure I'll give the
> group one more crack at this before I do, since others have obviously got
> it working.
>
> THE PLATFORM: NetBSD 3.0/SPARC, Postfix 2.3-RC5, Cyrus-SASL 2.1.22,
> OpenSSL 0.9.7.inb1.
>
> THE PROBLEM: Despite a full recompilation of SASL and Postfix from nearly
> bare metal, I have had NO luck whatsoever in getting the server to offer up
> SMTP AUTH, TLS, or any other secure negotiation in response to an ESMTP
> EHLO greeting.
>
> OUTPUT OF POSTCONF -N:
>
> featherweb: {92} postconf -n
> address_verify_sender = <>
> alias_database = hash:/etc/mail/postfix.aliases
> alias_maps = hash:/etc/mail/postfix.aliases
> command_directory = /usr/sbin
> config_directory = /etc/postfix
> daemon_directory = /usr/libexec/postfix
> debug_peer_level = 2
> default_destination_concurrency_limit = 8
> default_privs = nobody
> disable_dns_lookups = no
> home_mailbox = Maildir/
> smtpd_sasl_auth_enable = yes
> smtpd_sasl_security_options = noanonymous
> broken_sasl_auth_clients = yes
> smtpd_sasl_path = smtpd
> smtpd_sasl_local_domain = $myhostname
> smtpd_sasl_authenticated_header = yes
> smtp_use_tls = yes
> smtpd_enforce_tls = yes
> smtpd_use_tls = yes
> smtp_tls_note_starttls_offer = yes
> smtpd_tls_key_file = /etc/postfix/ssl/newreq.pem
> smtpd_tls_cert_file = /etc/postfix/ssl/newcert.pem
> smtpd_tls_CAfile = /etc/postfix/ssl/cacert.pem
> smtpd_tls_loglevel = 2
> smtpd_tls_session_cache_database = btree:/etc/postfix/smtpd_scache
> smtpd_tls_received_header = no
> smtpd_tls_session_cache_timeout = 3600s
> tls_random_source = dev:/dev/urandom
> html_directory = no
> inet_interfaces = 192.168.42.130, localhost

postconf -n is sorted a-z, this not. There is something wrong with your
main.cf. Check for Spaces or something at the beginning of lines.

Please show (only):

# postconf smtpd_sasl_auth_enable

> local_destination_concurrency_limit = 2
> local_recipient_maps = $alias_maps unix:passwd.byname
> mail_owner = postfix
> mailbox_size_limit = 100000000
> mailq_path = /usr/bin/mailq
> manpage_directory = /usr/share/man
> mydestination = $myhostname, localhost.$mydomain, $mydomain
> mydomain = bluefeathertech.com
> myhostname = featherweb.bluefeathertech.com
> mynetworks = 192.168.42.0/24, 127.0.0.0/8
> mynetworks_style = subnet
> myorigin = $mydomain
> newaliases_path = /usr/bin/newaliases
> queue_directory = /var/spool/postfix
> readme_directory = /usr/share/examples/postfix
> relay_domains = $mydestination
> sample_directory = /usr/share/examples/postfix
> sendmail_path = /usr/sbin/sendmail
> setgid_group = maildrop
> smtpd_banner = $myhostname ESMTP $mail_name - Unsolicited Commercial E-mail
> prohibited! smtpd_data_restrictions = reject_unauth_pipelining, permit
> smtpd_helo_required = yes
> #
> smtpd_recipient_restrictions =
> permit_sasl_authenticated,
> permit_mynetworks,
> reject_invalid_hostname,
> reject_non_fqdn_hostname,
> reject_non_fqdn_sender,
> reject_non_fqdn_recipient,
> reject_unknown_sender_domain,
> reject_unauth_destination,
> check_sender_mx_access cidr:/etc/postfix/mx_access,
> reject_unknown_recipient_domain,
> check_recipient_mx_access cidr:/etc/postfix/mx_access,
> check_recipient_access regexp:/etc/postfix/recipient_checks.re,
> check_helo_access hash:/etc/postfix/helo_checks,
> check_sender_access regexp:/etc/postfix/verizon_sav_sender.re,
> check_sender_access hash:/etc/postfix/client_checks,
> check_client_access hash:/etc/postfix/client_checks,
> check_sender_access cidr:/etc/postfix/mx_access,
> check_client_access cidr:/etc/postfix/mx_access,
> reject_rbl_client relays.ordb.org,
> reject_rbl_client sbl-xbl.spamhaus.org,
> reject_rbl_client dnsbl.ahbl.org,
> reject_rhsbl_client rhsbl.sorbs.net,
> permit
> smtpd_restriction_classes = from_verizon_sav
> soft_bounce = no
> unknown_address_reject_code = 553
> unknown_client_reject_code = 554
> unknown_hostname_reject_code = 554
> featherweb: {93}
>
> OUTPUT OF /VAR/LOG/MAILLOG following a localhost test.
>
> Jul 8 01:01:55 featherweb postfix/smtpd[25590]: disconnect from
> localhost[127.0.0.1] Jul 8 01:03:31 featherweb postfix/smtpd[25590]:
> connect from localhost[127.0.0.1] Jul 8 01:03:39 featherweb
> postfix/smtpd[25590]: disconnect from localhost[127.0.0.1]
>
> IN /VAR/LOG/AUTHLOG: I only found two entries relevant to saslauthd as
> follows.
>
> Jul 8 00:19:41 featherweb saslauthd[12962]: detach_tty : master pid
> is: 12962 Jul 8 00:19:42 featherweb saslauthd[12962]: ipc_init :
> listening on socket: /etc/postfix/saslauthd/mux
>
> TRANSCRIPT OF LOCALHOST TEST TO TRY AND VERIFY SMTPAUTH.
>
> featherweb: {102} telnet localhost 25
> Trying ::1...
> telnet: connect to address ::1: Connection refused
> Trying 127.0.0.1...
> Connected to localhost.
> Escape character is '^]'.
> 220 featherweb.bluefeathertech.com ESMTP Postfix - Unsolicited Commercial
> E-mail prohibited! EHLO test.com
> 250-featherweb.bluefeathertech.com
> 250-PIPELINING
> 250-SIZE 10240000
> 250-VRFY
> 250-ETRN
> 250-ENHANCEDSTATUSCODES
> 250-8BITMIME
> 250 DSN
> quit
> 221 2.0.0 Bye
> Connection closed by foreign host.
> featherweb: {103}
>
> As you will all be able to see, I'm not getting anything in the ESMTP
> greeting that references any sort of SMTP auth, SASL, TLS, or anything else
> relevant.
>
> I have two major reasons for wanting to set this up: First, so I can get a
> mail connection while on the road, and not have to worry about establishing
> a full-blown VPN tunnel.
>
> Second, so that I can set up my father's E-mail client to be as simple as
> possible to use without having to worry him about VPN tunnels and signon.
>
> Assistance appreciated. Thanks in advance.
>
>
> -=-=-=-=-=-=-=-=-=-=-=-
> Bruce Lane, Owner & Head Hardware Heavy,
> Blue Feather Technologies -- http://www.bluefeathertech.com
> kyrrin (at) bluefeathertech do/t c=o=m
> "If Salvador Dali had owned a computer, would it have been equipped with
> surreal ports?"

--
        Andreas

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]