|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Re: Sasl Authentication not running on Postfix-2.1.5-5 on FC3
From: Andreas Winkelmann (ml
awinkelmann.de)
Date: Tue Oct 03 2006 - 13:38:05 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Am Tuesday 03 October 2006 20:05 schrieb Sandy Drobic:
> > Oct 3 21:49:47 mail postfix/smtpd[6999]: connect from
> > unknown[125.23.52.249]
> > Oct 3 21:49:48 mail postfix/smtpd[6999]: lost connection after
> > CONNECT from unknown[125.23.52.249]
> > Oct 3 21:49:48 mail postfix/smtpd[6999]: disconnect from
> > unknown[125.23.52.249]
>
> I can not see any attempt to authenticate. Please verify that the client
> did indeed try to authenticate.
I think he has enabled SMTP-Auth in his Client.
SMTP has diffrent States.
"CONNECT" is from the Client-Connect until the HELO/EHLO.
"HELO/HELO" is from the Client sends EHLO until the Client sends "MAIL FROM".
"MAIL" ....
In this case the Client disconnects before it sends the EHLO-Command or
better, before the Server receives the EHLO. And before the Client sees
AUTH... or STARTTLS-Headers.
The only Reason I see for that is something in between the Client and the
Server which "fixup"s the SMTP-Traffic.
The Client connects, sends EHLO and the thing between says "5xx Command not
supported". The Client knows, no EHLO no Authentification and Disconnects.
If SMTP-Auth is disabled in the Client, the Client would send HELO after the
failed EHLO and tries to send the Mail. Which would end in an "Relay Access
denied".
> > -- active SMTP AUTH and TLS parameters for smtpd --
> > broken_sasl_auth_clients = yes
> > smtpd_sasl_auth_enable = yes
> > smtpd_sasl_local_domain =
> > smtpd_sasl_security_options = noanonymous
> > smtpd_tls_CAfile = /etc/postfix/cacert.pem
> > smtpd_tls_auth_only = yes
>
> Ah, that explains why you don't get an auth line. Please deactive that
> line while you debug sasl auth.
>
> smtpd_tls_auth_only = no
>
> Then execute "postfix reload".
>
> You can only authenticate now, if you use tls for your connection.
Yes, good catch. But I would guess after the thing above.
--
Andreas
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]