|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Re: SASL + TLS: Still no TLS or AUTH offer in ESMPT
From: Andreas Winkelmann (ml
awinkelmann.de)
Date: Sat Jul 08 2006 - 05:31:36 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Am Saturday 08 July 2006 12:23 schrieb Andreas Winkelmann:
> > Honestly, I'm stumped. More than that, I'm seriously frustrated, and
> > about ready to give Dovecot a try instead of Cyrus-SASL. I figure I'll
> > give the group one more crack at this before I do, since others have
> > obviously got it working.
> >
> > THE PLATFORM: NetBSD 3.0/SPARC, Postfix 2.3-RC5, Cyrus-SASL 2.1.22,
> > OpenSSL 0.9.7.inb1.
> >
> > THE PROBLEM: Despite a full recompilation of SASL and Postfix from
> > nearly bare metal, I have had NO luck whatsoever in getting the server to
> > offer up SMTP AUTH, TLS, or any other secure negotiation in response to
> > an ESMTP EHLO greeting.
> >
> > OUTPUT OF POSTCONF -N:
> >
> > featherweb: {92} postconf -n
> > address_verify_sender = <>
> > alias_database = hash:/etc/mail/postfix.aliases
> > alias_maps = hash:/etc/mail/postfix.aliases
> > command_directory = /usr/sbin
> > config_directory = /etc/postfix
> > daemon_directory = /usr/libexec/postfix
> > debug_peer_level = 2
> > default_destination_concurrency_limit = 8
> > default_privs = nobody
> > disable_dns_lookups = no
> > home_mailbox = Maildir/
> > smtpd_sasl_auth_enable = yes
> > smtpd_sasl_security_options = noanonymous
> > broken_sasl_auth_clients = yes
> > smtpd_sasl_path = smtpd
> > smtpd_sasl_local_domain = $myhostname
> > smtpd_sasl_authenticated_header = yes
> > smtp_use_tls = yes
> > smtpd_enforce_tls = yes
> > smtpd_use_tls = yes
> > smtp_tls_note_starttls_offer = yes
> > smtpd_tls_key_file = /etc/postfix/ssl/newreq.pem
> > smtpd_tls_cert_file = /etc/postfix/ssl/newcert.pem
> > smtpd_tls_CAfile = /etc/postfix/ssl/cacert.pem
> > smtpd_tls_loglevel = 2
> > smtpd_tls_session_cache_database = btree:/etc/postfix/smtpd_scache
> > smtpd_tls_received_header = no
> > smtpd_tls_session_cache_timeout = 3600s
> > tls_random_source = dev:/dev/urandom
Check the Block in your main.cf behind/under "home_mailbox". I would guess,
Postfix sees it as one Line.
Show:
# postconf home_mailbox
> > html_directory = no
> > inet_interfaces = 192.168.42.130, localhost
>
> postconf -n is sorted a-z, this not. There is something wrong with your
> main.cf. Check for Spaces or something at the beginning of lines.
And this:
> Please show (only):
>
> # postconf smtpd_sasl_auth_enable
Until there comes " ... = on", you will see no AUTH-Line(s).
> > local_destination_concurrency_limit = 2
> > local_recipient_maps = $alias_maps unix:passwd.byname
> > mail_owner = postfix
> > mailbox_size_limit = 100000000
> > mailq_path = /usr/bin/mailq
> > manpage_directory = /usr/share/man
> > mydestination = $myhostname, localhost.$mydomain, $mydomain
> > mydomain = bluefeathertech.com
> > myhostname = featherweb.bluefeathertech.com
> > mynetworks = 192.168.42.0/24, 127.0.0.0/8
> > mynetworks_style = subnet
> > myorigin = $mydomain
> > newaliases_path = /usr/bin/newaliases
> > queue_directory = /var/spool/postfix
> > readme_directory = /usr/share/examples/postfix
> > relay_domains = $mydestination
> > sample_directory = /usr/share/examples/postfix
> > sendmail_path = /usr/sbin/sendmail
> > setgid_group = maildrop
> > smtpd_banner = $myhostname ESMTP $mail_name - Unsolicited Commercial
> > E-mail prohibited! smtpd_data_restrictions = reject_unauth_pipelining,
> > permit smtpd_helo_required = yes
> > #
> > smtpd_recipient_restrictions =
> > permit_sasl_authenticated,
> > permit_mynetworks,
> > reject_invalid_hostname,
> > reject_non_fqdn_hostname,
> > reject_non_fqdn_sender,
> > reject_non_fqdn_recipient,
> > reject_unknown_sender_domain,
> > reject_unauth_destination,
> > check_sender_mx_access cidr:/etc/postfix/mx_access,
> > reject_unknown_recipient_domain,
> > check_recipient_mx_access cidr:/etc/postfix/mx_access,
> > check_recipient_access regexp:/etc/postfix/recipient_checks.re,
> > check_helo_access hash:/etc/postfix/helo_checks,
> > check_sender_access regexp:/etc/postfix/verizon_sav_sender.re,
> > check_sender_access hash:/etc/postfix/client_checks,
> > check_client_access hash:/etc/postfix/client_checks,
> > check_sender_access cidr:/etc/postfix/mx_access,
> > check_client_access cidr:/etc/postfix/mx_access,
> > reject_rbl_client relays.ordb.org,
> > reject_rbl_client sbl-xbl.spamhaus.org,
> > reject_rbl_client dnsbl.ahbl.org,
> > reject_rhsbl_client rhsbl.sorbs.net,
> > permit
> > smtpd_restriction_classes = from_verizon_sav
> > soft_bounce = no
> > unknown_address_reject_code = 553
> > unknown_client_reject_code = 554
> > unknown_hostname_reject_code = 554
> > featherweb: {93}
> >
> > OUTPUT OF /VAR/LOG/MAILLOG following a localhost test.
> >
> > Jul 8 01:01:55 featherweb postfix/smtpd[25590]: disconnect from
> > localhost[127.0.0.1] Jul 8 01:03:31 featherweb postfix/smtpd[25590]:
> > connect from localhost[127.0.0.1] Jul 8 01:03:39 featherweb
> > postfix/smtpd[25590]: disconnect from localhost[127.0.0.1]
> >
> > IN /VAR/LOG/AUTHLOG: I only found two entries relevant to saslauthd as
> > follows.
> >
> > Jul 8 00:19:41 featherweb saslauthd[12962]: detach_tty : master pid
> > is: 12962 Jul 8 00:19:42 featherweb saslauthd[12962]: ipc_init :
> > listening on socket: /etc/postfix/saslauthd/mux
> >
> > TRANSCRIPT OF LOCALHOST TEST TO TRY AND VERIFY SMTPAUTH.
> >
> > featherweb: {102} telnet localhost 25
> > Trying ::1...
> > telnet: connect to address ::1: Connection refused
> > Trying 127.0.0.1...
> > Connected to localhost.
> > Escape character is '^]'.
> > 220 featherweb.bluefeathertech.com ESMTP Postfix - Unsolicited Commercial
> > E-mail prohibited! EHLO test.com
> > 250-featherweb.bluefeathertech.com
> > 250-PIPELINING
> > 250-SIZE 10240000
> > 250-VRFY
> > 250-ETRN
> > 250-ENHANCEDSTATUSCODES
> > 250-8BITMIME
> > 250 DSN
> > quit
> > 221 2.0.0 Bye
> > Connection closed by foreign host.
> > featherweb: {103}
> >
> > As you will all be able to see, I'm not getting anything in the ESMTP
> > greeting that references any sort of SMTP auth, SASL, TLS, or anything
> > else relevant.
> >
> > I have two major reasons for wanting to set this up: First, so I can get
> > a mail connection while on the road, and not have to worry about
> > establishing a full-blown VPN tunnel.
> >
> > Second, so that I can set up my father's E-mail client to be as simple
> > as possible to use without having to worry him about VPN tunnels and
> > signon.
> >
> > Assistance appreciated. Thanks in advance.
> >
> >
> > -=-=-=-=-=-=-=-=-=-=-=-
> > Bruce Lane, Owner & Head Hardware Heavy,
> > Blue Feather Technologies -- http://www.bluefeathertech.com
> > kyrrin (at) bluefeathertech do/t c=o=m
> > "If Salvador Dali had owned a computer, would it have been equipped with
> > surreal ports?"
--
Andreas
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]