Re: Postfix smtp auth problem

Top Page
Attachments:
Message as email
+ (text/plain)
Delete this message
Reply to this message
Author: Eric Shubert
Date:  
To: plug-discuss
Subject: Re: Postfix smtp auth problem
Bryan O'Neal wrote:
> Ok, I have a smart phone that can not auth for SMTP on this postfix box
>
> The error I get is
> May 6 09:53:39 GNUbox postfix/smtpd[16233]: TLS connection
> established from 2.sub-75-244-219.myvzw.com[75.244.219.2]: SSLv3 with
> cipher RC4-MD5 (128/128 bits)
> May 6 09:53:41 GNUbox postfix/smtpd[16233]: warning: SASL
> authentication problem: unable to open Berkeley db /etc/sasldb2: No
> such file or directory
> May 6 09:53:41 GNUbox postfix/smtpd[16233]: warning: SASL
> authentication problem: unable to open Berkeley db /etc/sasldb2: No
> such file or directory
> May 6 09:53:41 GNUbox postfix/smtpd[16233]: warning: SASL
> authentication failure: no secret in database
> May 6 09:53:41 GNUbox postfix/smtpd[16233]: warning:
> 2.sub-75-244-219.myvzw.com[75.244.219.2]: SASL CRAM-MD5 authentication
> failed: authentication failure
> May 6 09:53:42 GNUbox postfix/smtpd[16233]: lost connection after
> AUTH from 2.sub-75-244-219.myvzw.com[75.244.219.2]
> May 6 09:53:42 GNUbox postfix/smtpd[16233]: disconnect from
> 2.sub-75-244-219.myvzw.com[75.244.219.2]
>
> So after trying to fix SASL (And failing - I would have to set it up
> again from scratch which I am not prepared to do rite now) I said - Ok
> - I'll just turn it off and see what happens but I still get and SASL
> error - see above - And this is what I find odd. If the server is not
> advertising SASL why is the client trying to negotiate it and why is
> the server looking to comply? Desktop clients work fine using TSL and
> password auth against the LDAP server. Which is what I would like to
> do for the phones at this point.
>
> Could I please get some help from some one smarter then I.
>
> Here is the appropriate segment of my main.cf file
>
> content_filter = smtp-amavis:[127.0.0.1]:10024
>
> smtp_use_tls = yes
> smtp_tls_note_starttls_offer = yes
> smtp_tls_enforce_peername = no
> smtpd_use_tls = yes
> smtpd_enforce_tls = no
> smtp_tls_CApath = /usr/share/ssl/certs
> smtpd_tls_cert_file = /etc/postfix/ssl/mail.cmaz.com.crt
> smtpd_tls_key_file = /etc/postfix/ssl/mail.cmaz.com.key
> smtpd_tls_wrappermode = no
> smtpd_tls_auth_only = yes
> smtpd_tls_loglevel = 2
> smtpd_tls_received_header = yes
> smtpd_tls_session_cache_timeout = 3600s
> tls_random_source = dev:/dev/urandom
> tls_daemon_random_source = dev:/dev/urandom
>
> smtpd_sasl_auth_enable = no
> smtpd_sasl2_auth_enable = no
> #smtpd_sasl_local_domain = $myhostname
> #smtpd_sasl_security_options = noanonymous
> #smtpd_sasl_path = smtpd
>
> smtpd_client_restrictions = permit_mynetworks
>                           # permit_sasl_authenticated

>
> #smtpd_sasl_tls_security_options = $smtpd_sasl_security_options
>
> mime_header_checks = regexp:/etc/postfix/mime_header_checks
>
> smtpd_recipient_restrictions =
>        permit_sasl_authenticated,
>        permit_mynetworks,
>        check_sender_access hash:/etc/postfix/whitelist,
>        # check_sender_access ldap:whitelist,
>        check_sender_access hash:/etc/postfix/spoofed-domains,
>        reject_non_fqdn_sender,
>        reject_non_fqdn_recipient,
>        reject_unknown_sender_domain,
>        reject_unknown_recipient_domain,
>        reject_unauth_destination,
>        # reject_unauth_pipelining,
>        #reject_rbl_client cbl.abuseat.org,
>        #reject_rbl_client combined.njabl.org,
>        #reject_rbl_client sbl-xbl.spamhaus.org,
>        #reject_rbl_client relays.ordb.org,
>        #reject_rbl_client list.dsbl.org,
>        #reject_rhsbl_client blackhole.securitysage.com,
>        #reject_rhsbl_sender blackhole.securitysage.com,

>
>        # reject_non_fqdn_helo_hostname
>        # reject_invalid_helo_hostname
>        check_policy_service unix:/var/spool/postfix/postgrey/socket

>
> smtpd_data_restrictions =
>        reject_multi_recipient_bounce
>        # sleep 1
>        reject_unauth_pipelining


Looks to me like perhaps you need to configure Cyrus SASL.
See http://www.postfix.org/SASL_README.html#server_cyrus

--
-Eric 'shubes'

---------------------------------------------------
PLUG-discuss mailing list -
To subscribe, unsubscribe, or to change your mail settings:
http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss