Re: Postfix smtp auth problem

Top Page
Attachments:
Message as email
+ (text/plain)
Delete this message
Reply to this message
Author: Bryan O'Neal
Date:  
To: Main PLUG discussion list
Subject: Re: Postfix smtp auth problem
I see nothing in /etc/courier-imap/ that would levee me to believe
this is true. There must be a way to not use SASL - since the desktop
clients are not using SASL. I do not see the point in setting up a
base 64 SASL authentication just for one set of phones. What I can not
figure out is!

My configuration is postfix + courier w/ ssl/tsl + maildir + spam assasin

On Thu, May 6, 2010 at 3:15 PM, Eric Shubert <> wrote:
> Looks that way to me (although I haven't used it personally). The howto says
> that postfix uses parts of cyrus for sasl implementation. Perhaps there's a
> courier equivalent? Note, it's using only the sasl component, which is used
> for authentication. Yes, it's used for smtp (submission), although it has
> nothing to do with the imap component.
>
> --
> -Eric 'shubes'
>
> Bryan O'Neal wrote:
>>
>> Even though I am only having the issue with SMTP? IMAP works perfectly
>> with stranded password auth?
>> BTW I am using courier not cyrus
>>
>> On Thu, May 6, 2010 at 1:29 PM, Eric Shubert <> wrote:
>>>
>>> Bryan O'Neal wrote:
>>>>
>>>> Ok, I have a smart phone that can not auth for SMTP on this postfix box
>>>>
>>>> The error I get is
>>>> May  6 09:53:39 GNUbox postfix/smtpd[16233]: TLS connection
>>>> established from 2.sub-75-244-219.myvzw.com[75.244.219.2]: SSLv3 with
>>>> cipher RC4-MD5 (128/128 bits)
>>>> May  6 09:53:41 GNUbox postfix/smtpd[16233]: warning: SASL
>>>> authentication problem: unable to open Berkeley db /etc/sasldb2: No
>>>> such file or directory
>>>> May  6 09:53:41 GNUbox postfix/smtpd[16233]: warning: SASL
>>>> authentication problem: unable to open Berkeley db /etc/sasldb2: No
>>>> such file or directory
>>>> May  6 09:53:41 GNUbox postfix/smtpd[16233]: warning: SASL
>>>> authentication failure: no secret in database
>>>> May  6 09:53:41 GNUbox postfix/smtpd[16233]: warning:
>>>> 2.sub-75-244-219.myvzw.com[75.244.219.2]: SASL CRAM-MD5 authentication
>>>> failed: authentication failure
>>>> May  6 09:53:42 GNUbox postfix/smtpd[16233]: lost connection after
>>>> AUTH from 2.sub-75-244-219.myvzw.com[75.244.219.2]
>>>> May  6 09:53:42 GNUbox postfix/smtpd[16233]: disconnect from
>>>> 2.sub-75-244-219.myvzw.com[75.244.219.2]
>>>>
>>>> So after trying to fix SASL (And failing - I would have to set it up
>>>> again from scratch which I am not prepared to do rite now) I said - Ok
>>>> - I'll just turn it off and see what happens but I still get and SASL
>>>> error - see above - And this is what I find odd. If the server is not
>>>> advertising SASL why is the client trying to negotiate it and why is
>>>> the server looking to comply?  Desktop clients work fine using TSL and
>>>> password auth against the LDAP server. Which is what I would like to
>>>> do for the phones at this point.
>>>>
>>>> Could I please get some help from some one smarter then I.
>>>>
>>>> Here is the appropriate segment of my main.cf file
>>>>
>>>> content_filter = smtp-amavis:[127.0.0.1]:10024
>>>>
>>>> smtp_use_tls = yes
>>>> smtp_tls_note_starttls_offer = yes
>>>> smtp_tls_enforce_peername = no
>>>> smtpd_use_tls = yes
>>>> smtpd_enforce_tls = no
>>>> smtp_tls_CApath = /usr/share/ssl/certs
>>>> smtpd_tls_cert_file = /etc/postfix/ssl/mail.cmaz.com.crt
>>>> smtpd_tls_key_file = /etc/postfix/ssl/mail.cmaz.com.key
>>>> smtpd_tls_wrappermode = no
>>>> smtpd_tls_auth_only = yes
>>>> smtpd_tls_loglevel = 2
>>>> smtpd_tls_received_header = yes
>>>> smtpd_tls_session_cache_timeout = 3600s
>>>> tls_random_source = dev:/dev/urandom
>>>> tls_daemon_random_source = dev:/dev/urandom
>>>>
>>>> smtpd_sasl_auth_enable = no
>>>> smtpd_sasl2_auth_enable = no
>>>> #smtpd_sasl_local_domain = $myhostname
>>>> #smtpd_sasl_security_options = noanonymous
>>>> #smtpd_sasl_path = smtpd
>>>>
>>>> smtpd_client_restrictions = permit_mynetworks
>>>>                         # permit_sasl_authenticated
>>>>
>>>> #smtpd_sasl_tls_security_options = $smtpd_sasl_security_options
>>>>
>>>> mime_header_checks = regexp:/etc/postfix/mime_header_checks
>>>>
>>>> smtpd_recipient_restrictions =
>>>>      permit_sasl_authenticated,
>>>>      permit_mynetworks,
>>>>      check_sender_access hash:/etc/postfix/whitelist,
>>>>      # check_sender_access ldap:whitelist,
>>>>      check_sender_access hash:/etc/postfix/spoofed-domains,
>>>>      reject_non_fqdn_sender,
>>>>      reject_non_fqdn_recipient,
>>>>      reject_unknown_sender_domain,
>>>>      reject_unknown_recipient_domain,
>>>>      reject_unauth_destination,
>>>>      # reject_unauth_pipelining,
>>>>      #reject_rbl_client cbl.abuseat.org,
>>>>      #reject_rbl_client combined.njabl.org,
>>>>      #reject_rbl_client sbl-xbl.spamhaus.org,
>>>>      #reject_rbl_client relays.ordb.org,
>>>>      #reject_rbl_client list.dsbl.org,
>>>>      #reject_rhsbl_client blackhole.securitysage.com,
>>>>      #reject_rhsbl_sender blackhole.securitysage.com,
>>>>
>>>>      # reject_non_fqdn_helo_hostname
>>>>      # reject_invalid_helo_hostname
>>>>      check_policy_service unix:/var/spool/postfix/postgrey/socket
>>>>
>>>> smtpd_data_restrictions =
>>>>      reject_multi_recipient_bounce
>>>>      # sleep 1
>>>>      reject_unauth_pipelining
>>>
>>> Looks to me like perhaps you need to configure Cyrus SASL.
>>> See http://www.postfix.org/SASL_README.html#server_cyrus
>>>
>>> --
>>> -Eric 'shubes'
>>>
>>> ---------------------------------------------------
>>> PLUG-discuss mailing list -
>>> To subscribe, unsubscribe, or to change your mail settings:
>>> http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss
>>>
>
>
> ---------------------------------------------------
> PLUG-discuss mailing list -
> To subscribe, unsubscribe, or to change your mail settings:
> http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss
>

---------------------------------------------------
PLUG-discuss mailing list -
To subscribe, unsubscribe, or to change your mail settings:
http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss