Looks that way to me (although I haven't used it personally). The howto says that postfix uses parts of cyrus for sasl implementation. Perhaps there's a courier equivalent? Note, it's using only the sasl component, which is used for authentication. Yes, it's used for smtp (submission), although it has nothing to do with the imap component. -- -Eric 'shubes' Bryan O'Neal wrote: > Even though I am only having the issue with SMTP? IMAP works perfectly > with stranded password auth? > BTW I am using courier not cyrus > > On Thu, May 6, 2010 at 1:29 PM, Eric Shubert wrote: >> Bryan O'Neal wrote: >>> Ok, I have a smart phone that can not auth for SMTP on this postfix box >>> >>> The error I get is >>> May 6 09:53:39 GNUbox postfix/smtpd[16233]: TLS connection >>> established from 2.sub-75-244-219.myvzw.com[75.244.219.2]: SSLv3 with >>> cipher RC4-MD5 (128/128 bits) >>> May 6 09:53:41 GNUbox postfix/smtpd[16233]: warning: SASL >>> authentication problem: unable to open Berkeley db /etc/sasldb2: No >>> such file or directory >>> May 6 09:53:41 GNUbox postfix/smtpd[16233]: warning: SASL >>> authentication problem: unable to open Berkeley db /etc/sasldb2: No >>> such file or directory >>> May 6 09:53:41 GNUbox postfix/smtpd[16233]: warning: SASL >>> authentication failure: no secret in database >>> May 6 09:53:41 GNUbox postfix/smtpd[16233]: warning: >>> 2.sub-75-244-219.myvzw.com[75.244.219.2]: SASL CRAM-MD5 authentication >>> failed: authentication failure >>> May 6 09:53:42 GNUbox postfix/smtpd[16233]: lost connection after >>> AUTH from 2.sub-75-244-219.myvzw.com[75.244.219.2] >>> May 6 09:53:42 GNUbox postfix/smtpd[16233]: disconnect from >>> 2.sub-75-244-219.myvzw.com[75.244.219.2] >>> >>> So after trying to fix SASL (And failing - I would have to set it up >>> again from scratch which I am not prepared to do rite now) I said - Ok >>> - I'll just turn it off and see what happens but I still get and SASL >>> error - see above - And this is what I find odd. If the server is not >>> advertising SASL why is the client trying to negotiate it and why is >>> the server looking to comply? Desktop clients work fine using TSL and >>> password auth against the LDAP server. Which is what I would like to >>> do for the phones at this point. >>> >>> Could I please get some help from some one smarter then I. >>> >>> Here is the appropriate segment of my main.cf file >>> >>> content_filter = smtp-amavis:[127.0.0.1]:10024 >>> >>> smtp_use_tls = yes >>> smtp_tls_note_starttls_offer = yes >>> smtp_tls_enforce_peername = no >>> smtpd_use_tls = yes >>> smtpd_enforce_tls = no >>> smtp_tls_CApath = /usr/share/ssl/certs >>> smtpd_tls_cert_file = /etc/postfix/ssl/mail.cmaz.com.crt >>> smtpd_tls_key_file = /etc/postfix/ssl/mail.cmaz.com.key >>> smtpd_tls_wrappermode = no >>> smtpd_tls_auth_only = yes >>> smtpd_tls_loglevel = 2 >>> smtpd_tls_received_header = yes >>> smtpd_tls_session_cache_timeout = 3600s >>> tls_random_source = dev:/dev/urandom >>> tls_daemon_random_source = dev:/dev/urandom >>> >>> smtpd_sasl_auth_enable = no >>> smtpd_sasl2_auth_enable = no >>> #smtpd_sasl_local_domain = $myhostname >>> #smtpd_sasl_security_options = noanonymous >>> #smtpd_sasl_path = smtpd >>> >>> smtpd_client_restrictions = permit_mynetworks >>> # permit_sasl_authenticated >>> >>> #smtpd_sasl_tls_security_options = $smtpd_sasl_security_options >>> >>> mime_header_checks = regexp:/etc/postfix/mime_header_checks >>> >>> smtpd_recipient_restrictions = >>> permit_sasl_authenticated, >>> permit_mynetworks, >>> check_sender_access hash:/etc/postfix/whitelist, >>> # check_sender_access ldap:whitelist, >>> check_sender_access hash:/etc/postfix/spoofed-domains, >>> reject_non_fqdn_sender, >>> reject_non_fqdn_recipient, >>> reject_unknown_sender_domain, >>> reject_unknown_recipient_domain, >>> reject_unauth_destination, >>> # reject_unauth_pipelining, >>> #reject_rbl_client cbl.abuseat.org, >>> #reject_rbl_client combined.njabl.org, >>> #reject_rbl_client sbl-xbl.spamhaus.org, >>> #reject_rbl_client relays.ordb.org, >>> #reject_rbl_client list.dsbl.org, >>> #reject_rhsbl_client blackhole.securitysage.com, >>> #reject_rhsbl_sender blackhole.securitysage.com, >>> >>> # reject_non_fqdn_helo_hostname >>> # reject_invalid_helo_hostname >>> check_policy_service unix:/var/spool/postfix/postgrey/socket >>> >>> smtpd_data_restrictions = >>> reject_multi_recipient_bounce >>> # sleep 1 >>> reject_unauth_pipelining >> Looks to me like perhaps you need to configure Cyrus SASL. >> See http://www.postfix.org/SASL_README.html#server_cyrus >> >> -- >> -Eric 'shubes' >> >> --------------------------------------------------- >> PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us >> To subscribe, unsubscribe, or to change your mail settings: >> http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss >> --------------------------------------------------- PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us To subscribe, unsubscribe, or to change your mail settings: http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss