From: Patrick Ben Koetter (pstate-of-mind.de)
Date: Tue Apr 01 2008 - 17:30:33 CDT

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

* alanpatriot.net <alanpatriot.net>:
> > To cut it short: Download saslfinger (see signature) and post output from
> > "saslfinger -c"
> I have just done so -- thanks for writing what will I hope
> be a script useful to me.
>
> The output of saslfinger -c is just below. Note that the
> 587 attached to the relayhost entry is a "jeux d'esprit"
> suggestion from the techie at PatriotNet. I can and will
> remove it; it neither helped nor hurt.

The relayhost seems to be very restrictive. I coulnd't find out which
mechanisms it offers and saslfinger couldn't either. It might turn out that
this is the important detail we need.

Read more below ...

> (start)-----------------------------
> saslfinger - postfix Cyrus sasl configuration Tue Apr 1 16:07:22 EDT 2008
> version: 1.0.2
> mode: client-side SMTP AUTH
>
> -- basics --
> Postfix: 2.3.8
> System: Debian GNU/Linux 4.0 \n \l
>
> -- smtp is linked to --
> libsasl2.so.2 => /usr/lib/libsasl2.so.2 (0xb7d68000)
>
> -- active SMTP AUTH and TLS parameters for smtp --
> relayhost = [smtp.patriot.net]:587
> smtp_sasl_auth_enable = yes
> smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd
> smtp_sasl_type = cyrus

"smtp_sasl_type = cyrus" is default. You don't need to set it.

> smtp_tls_session_cache_database = btree:${queue_directory}/smtp_scache
>
>
> -- listing of /usr/lib/sasl2 --
> total 704
> drwxr-xr-x 2 root root 4096 2008-04-01 13:18 .
> drwxr-xr-x 112 root root 24576 2008-03-28 18:20 ..
> -rw-r--r-- 1 root root 13304 2006-12-13 16:26 libanonymous.a
> -rw-r--r-- 1 root root 855 2006-12-13 16:26 libanonymous.la
> -rw-r--r-- 1 root root 12844 2006-12-13 16:26 libanonymous.so
> -rw-r--r-- 1 root root 12844 2006-12-13 16:26 libanonymous.so.2
> -rw-r--r-- 1 root root 12844 2006-12-13 16:26 libanonymous.so.2.0.22
> -rw-r--r-- 1 root root 15502 2006-12-13 16:26 libcrammd5.a
> -rw-r--r-- 1 root root 841 2006-12-13 16:26 libcrammd5.la
> -rw-r--r-- 1 root root 15052 2006-12-13 16:26 libcrammd5.so
> -rw-r--r-- 1 root root 15052 2006-12-13 16:26 libcrammd5.so.2
> -rw-r--r-- 1 root root 15052 2006-12-13 16:26 libcrammd5.so.2.0.22
> -rw-r--r-- 1 root root 46320 2006-12-13 16:26 libdigestmd5.a
> -rw-r--r-- 1 root root 864 2006-12-13 16:26 libdigestmd5.la
> -rw-r--r-- 1 root root 43040 2006-12-13 16:26 libdigestmd5.so
> -rw-r--r-- 1 root root 43040 2006-12-13 16:26 libdigestmd5.so.2
> -rw-r--r-- 1 root root 43040 2006-12-13 16:26 libdigestmd5.so.2.0.22
> -rw-r--r-- 1 root root 13482 2006-12-13 16:26 liblogin.a
> -rw-r--r-- 1 root root 835 2006-12-13 16:26 liblogin.la
> -rw-r--r-- 1 root root 13384 2006-12-13 16:26 liblogin.so
> -rw-r--r-- 1 root root 13384 2006-12-13 16:26 liblogin.so.2
> -rw-r--r-- 1 root root 13384 2006-12-13 16:26 liblogin.so.2.0.22
> -rw-r--r-- 1 root root 29300 2006-12-13 16:26 libntlm.a
> -rw-r--r-- 1 root root 829 2006-12-13 16:26 libntlm.la
> -rw-r--r-- 1 root root 28776 2006-12-13 16:26 libntlm.so
> -rw-r--r-- 1 root root 28776 2006-12-13 16:26 libntlm.so.2
> -rw-r--r-- 1 root root 28776 2006-12-13 16:26 libntlm.so.2.0.22
> -rw-r--r-- 1 root root 13818 2006-12-13 16:26 libplain.a
> -rw-r--r-- 1 root root 835 2006-12-13 16:26 libplain.la
> -rw-r--r-- 1 root root 13992 2006-12-13 16:26 libplain.so
> -rw-r--r-- 1 root root 13992 2006-12-13 16:26 libplain.so.2
> -rw-r--r-- 1 root root 13992 2006-12-13 16:26 libplain.so.2.0.22
> -rw-r--r-- 1 root root 21726 2006-12-13 16:26 libsasldb.a
> -rw-r--r-- 1 root root 856 2006-12-13 16:25 libsasldb.la
> -rw-r--r-- 1 root root 17980 2006-12-13 16:26 libsasldb.so
> -rw-r--r-- 1 root root 17980 2006-12-13 16:26 libsasldb.so.2
> -rw-r--r-- 1 root root 17980 2006-12-13 16:26 libsasldb.so.2.0.22

Fine. All commonly used mechanisms are there.

> -- permissions for /etc/postfix/sasl_passwd --
> -rw-r--r-- 1 root root 33 2007-08-10 17:38 /etc/postfix/sasl_passwd
>
> -- permissions for /etc/postfix/sasl_passwd.db --
> -rw-r--r-- 1 root root 12288 2007-08-10 17:38 /etc/postfix/sasl_passwd.db
>
> /etc/postfix/sasl_passwd.db is up to date.

Okay.

> -- active services in /etc/postfix/master.cf --
> # service type private unpriv chroot wakeup maxproc command + args
> # (yes) (yes) (yes) (never) (100)
> smtp inet n - - - - smtpd
> pickup fifo n - - 60 1 pickup
> cleanup unix n - - - 0 cleanup
> qmgr fifo n - n 300 1 qmgr
> tlsmgr unix - - - 1000? 1 tlsmgr
> rewrite unix - - - - - trivial-rewrite
> bounce unix - - - - 0 bounce
> defer unix - - - - 0 bounce
> trace unix - - - - 0 bounce
> verify unix - - - - 1 verify
> flush unix n - - 1000? 0 flush
> proxymap unix - - n - - proxymap
> smtp unix - - - - - smtp

Okay.

> -- mechanisms on smtp.patriot.net --

Here's should be some output from a telnet session to your relayhost.
The question is what they are offering and if any of their mechanisms matches
one in your set of SASL mechs.

Can you telnet to their server? All I get is this:

$ telnet smtp.patriot.net 587
EHLO gw.state-of-mind.de
554 jefferson.patriot.net ESMTP not accepting messages
250-jefferson.patriot.net Hello gw.state-of-mind.de [62.245.202.194], pleased to meet you
250 ENHANCEDSTATUSCODES
QUIT

If you get that too, then truly no mechanism is available and that would
match your error message:

  (SASL authentication failed; cannot authenticate to server
  smtp.patriot.net[209.249.176.3]: no mechanism available)

Interestingly I couldn't find the string "no mechanism available" in the
Postfix 2.5.1 code. My guess is, its Cyrus SASL complaining about the absence
of SASL mechs. At least src/smtp/smtp_sasl_glue.c lets me think its Cyrus
SASL. But that's pure speculation; I can't program and can't read code well
either. ;)

prick

--
The Book of Postfix
<http://www.postfix-book.com>
saslfinger (debugging SMTP AUTH):
<http://postfix.state-of-mind.de/patrick.koetter/saslfinger/>

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]