From: Sandy Drobic (postfix-usersjapantest.homelinux.com)
Date: Mon Oct 02 2006 - 03:21:34 CDT

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

ankush grover wrote:
> hey friends,
>
> I am running Postfix 2.1.5-5 on FC3. The postfix server connects to my
> Mail Service Provider for sending the mails and I am using fetchmail
> to download the mails from the Mail Service Provid. I am trying to
> configure sasl authentication for the remote clients. I tried to send
> or receive the mails through outlook express from my home running
> windows 98, I was able to receive the mails but when I tried to send
> any mail I got the below error
>
> An unknown error has occurred. Account: 'testing', Server:
> 'xx.xx.xx.xx', Protocol: SMTP, Server Response: '502 Error: command
> not implemented', Port: 25, Secure(SSL): Yes, Server Error: 502, Error
> Number: 0x800CCC64
>
> I set the TLS and Secured Pop3 (pop3s) settings in outlook express and
> also enable my server requires authentication setting.

Better show the responding log lines from Postfix.

>
> Oct 2 12:03:30 mail postfix/smtpd[23149]: warning: smtpd_peer_init:
> 202.149.50.30:hostname 202-149-50-30.static.exatt.netverification
> failed: Name or service not known
> Oct 2 12:03:30 mail postfix/smtpd[23149]: connect from
> unknown[202.149.50.30]
> Oct 2 12:03:30 mail postfix/smtpd[23149]: lost connection after
> CONNECT from unknown[202.149.50.30]
> Oct 2 12:03:30 mail postfix/smtpd[23149]: disconnect from
> unknown[202.149.50.30]

This doesn't even show an attempt to authenticate.

>
> The output of postconf -n is below
>
> alias_database = hash:/etc/aliases
> alias_maps = hash:/etc/aliases
> broken_sasl_auth_clients = yes
> command_directory = /usr/sbin
> config_directory = /etc/postfix
> daemon_directory = /usr/libexec/postfix
> debug_peer_level = 2
> default_destination_concurrency_limit = 20
> fast_flush_domains = $relay_domains
> header_checks = regexp:/etc/postfix/header_checks
> home_mailbox = Maildir/
> html_directory = no
> in_flow_delay = 1s
> inet_interfaces = all
> local_destination_concurrency_limit = 2
> mail_owner = postfix
> mailq_path = /usr/bin/mailq.postfix
> manpage_directory = /usr/share/man
> masquerade_domains = example.com
> message_size_limit = 51200000
> mime_header_checks = regexp:/etc/postfix/mime_header_checks
> mydestination = $myhostname, localhost.$mydomain, $mydomain
> myhostname = mail.example.com
> mynetworks = 192.168.1.0/24, 127.0.0.0/8
> mynetworks_style = subnet

If you set mynetworks manually, then mynetworks_style is not used.

> myorigin = $mydomain
> newaliases_path = /usr/bin/newaliases.postfix
> queue_directory = /var/spool/postfix
> readme_directory = /usr/share/doc/postfix-2.1.5/README_FILES
> recipient_delimiter = +
> relayhost = isp.example.com
> sample_directory = /usr/share/doc/postfix-2.1.5/samples
> sendmail_path = /usr/sbin/sendmail.postfix
> setgid_group = postdrop
> smtp_sasl_auth_enable = yes
> smtp_sasl_password_maps = hash:/etc/postfix/passwd_test
> smtp_sasl_security_options = noanonymous
> smtp_use_tls = yes

Okay, you turned on sasl authentication for the smtp client. Where are the
corresponding smtpd settings?

broken_sasl_auth_clients = yes
smtpd_sasl_auth_enable = yes
smtpd_sasl_local_domain =
smtpd_sasl_security_options = noanonymous

> smtpd_recipient_restrictions = check_recipient_access
> hash:/etc/postfix/recipient_access,
> permit_mynetworks,permit_sasl_authenticated,reject_invalid_hostname,
> reject_unknown_sender_domain,reject_unknown_recipient_domain,reject_unauth_destination,reject_rbl_client
>
> relays.ordb.org,reject_rbl_client opm.blitzed.org,reject_rbl_client
> list.dsbl.org,reject_rbl_client sbl.spamhaus.org,reject_rbl_client
> cbl.abuseat.org, reject_rbl_client dul.dnsbl.sorbs.net,

opm.blitzed.org, sbl.spamhaus.org, cbl.abuseat.org are combined in
sbl-xbl.spamhaus.org. use
reject_rbl_client sbl-xbl.spamhaus.org
and drop the three above.

> permit
> smtpd_restriction_classes = insiders_only
> smtpd_sasl_local_domain =
> smtpd_sender_restrictions = permit_mynetworks,
> permit_sasl_authenticated, reject_unknown_sender_domain,
> reject_rbl_client relays.ordb.org, reject_rbl_client
> opm.blitzed.org, reject_rbl_client list.dsbl.org,
> reject_rbl_client sbl.spamhaus.org,reject_rbl_client cbl.abuseat.org,
> reject_rbl_client dul.dsnbl.sorbs.net,permit

No need to check the RBLs twice! Drop them here. In fact, you already have
every check also in smtpd_recipient_restrictions, you can leave
smtpd_sender_restrictions at its default (empty:
smtpd_recipient_restrictions = )

> smtpd_tls_CAfile = /etc/postfix/cacert.pem
> smtpd_tls_auth_only = yes
> smtpd_tls_cert_file = /etc/postfix/newcert.pem
> smtpd_tls_key_file = /etc/postfix/newreq.pem
> smtpd_tls_loglevel = 1
> smtpd_tls_received_header = yes
> smtpd_tls_session_cache_timeout = 3600s
> smtpd_use_tls = yes
> tls_random_source = dev:/dev/urandom
> unknown_local_recipient_reject_code = 550
>
>
> SASL Settings
> /usr/lib/sasl2/smtpd.conf
> pwcheck_method: saslauthd
> mech_list: plain login

Okay.

>
> Output of telnet to the localhost
> telnet localhost 25
> Trying 127.0.0.1...
> Connected to localhost.localdomain (127.0.0.1).
> Escape character is '^]'.
> 220 mail.example.com ESMTP Postfix
> ehlo localhost.localdomain
> 250-mail.example.com
> 250-PIPELINING
> 250-SIZE 51200000
> 250-VRFY
> 250-ETRN
> 250-STARTTLS
> 250 8BITMIME

There is no AUTH line.
See the missing settings above.

> Saslauthd service is running on Postfix.

Then test first with testsaslauthd:

testsaslauthd -u user -p password -s smtp

If that responds with "OK Success", you can try to get Postfix to
authenticate.

Sandy
--
List replies only please!
Please address PMs to: news-reply2 () japantest (.) homelinux (.) com

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]