NEOHAPSIS - Peace of Mind Through Integrity and Insight

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com

Neohapsis > Archives > Postfix Discussion> 2008-01

MS Exchange + TLS+AUTH as a relay host

From: Alex Zepeda (zipzippysonic.net)
Date: Fri Feb 01 2008 - 01:06:51 CST

Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

So my goal, as handed down to me by my supervisor is to get postfix to
relay all outgoing mail through a hosted Exchange server. Sigh. Said
server requires TLS and user/pass authentication before you can do
anything.

If you connect to the host you'll see:

220 smtpx16.msoutlookonline.net Microsoft ESMTP MAIL Service ready at
Thu, 31 Jan 2008 22:58:54 -0800
EHLO localhost
250-smtpx16.msoutlookonline.net Hello [x.x.x.x]
250-SIZE 52428800
250-PIPELINING
250-ENHANCEDSTATUSCODES
250-STARTTLS
250-AUTH
250-8BITMIME
250-BINARYMIME
250 CHUNKING

Note that it does indeed show a null auth list (sigh). If I connect
with s_client and hit start tls I'll see:

EHLO localhost
250-smtpx16.msoutlookonline.net Hello [x.x.x.x]
250-SIZE 52428800
250-PIPELINING
250-ENHANCEDSTATUSCODES
250-AUTH LOGIN
250-8BITMIME
250-BINARYMIME
250 CHUNKING

Ah hah, a real list of allowed authentication methods!

However with postfix I see the following in my mail.log:

postfix/smtp[5288]: warning: smtpx16.msoutlookonline.net[207.5.72.190] offered
null AUTH mechanism list
postfix/smtp[5288]: setting up TLS connection to smtpx16.msoutlookonline.net
postfix/smtp[5288]: Verified: subject_CN=smtpx16.msoutlookonline.net,
issuer=Equifax
postfix/smtp[5288]: TLS connection established to smtpx16.msoutlookonline.net:
TLSv1 with cipher RC4-MD5 (128/128 bits)
postfix/smtp[5288]: warning: SASL authentication failure: No worthy mechs found
postfix/smtp[5288]: 75915BF45: to=<destination.addresscompany.com>,
relay=smtpx16.msoutlookonline.net[207.5.72.190]:25, delay=17993,
delays=17993/0.05/0.15/0, dsn=4.7.0, status=deferred (SASL authentication
failed; cannot authenticate to server
smtpx16.msoutlookonline.net[207.5.72.190]: no mechanism available)

Note that it's checking the auth list before it does its TLS handshake.

Is there any way to get Postfix to re-read the auth list? This is
Postfix 2.3.8 (2.3.8-2+b1) on Debian Etch.

--
alex

Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]