Postfix smtp auth problem

Eric Shubert ejs at shubes.net
Thu May 6 15:15:02 MST 2010


Looks that way to me (although I haven't used it personally). The howto 
says that postfix uses parts of cyrus for sasl implementation. Perhaps 
there's a courier equivalent? Note, it's using only the sasl component, 
which is used for authentication. Yes, it's used for smtp (submission), 
although it has nothing to do with the imap component.

-- 
-Eric 'shubes'

Bryan O'Neal wrote:
> Even though I am only having the issue with SMTP? IMAP works perfectly
> with stranded password auth?
> BTW I am using courier not cyrus
> 
> On Thu, May 6, 2010 at 1:29 PM, Eric Shubert <ejs at shubes.net> wrote:
>> Bryan O'Neal wrote:
>>> Ok, I have a smart phone that can not auth for SMTP on this postfix box
>>>
>>> The error I get is
>>> May  6 09:53:39 GNUbox postfix/smtpd[16233]: TLS connection
>>> established from 2.sub-75-244-219.myvzw.com[75.244.219.2]: SSLv3 with
>>> cipher RC4-MD5 (128/128 bits)
>>> May  6 09:53:41 GNUbox postfix/smtpd[16233]: warning: SASL
>>> authentication problem: unable to open Berkeley db /etc/sasldb2: No
>>> such file or directory
>>> May  6 09:53:41 GNUbox postfix/smtpd[16233]: warning: SASL
>>> authentication problem: unable to open Berkeley db /etc/sasldb2: No
>>> such file or directory
>>> May  6 09:53:41 GNUbox postfix/smtpd[16233]: warning: SASL
>>> authentication failure: no secret in database
>>> May  6 09:53:41 GNUbox postfix/smtpd[16233]: warning:
>>> 2.sub-75-244-219.myvzw.com[75.244.219.2]: SASL CRAM-MD5 authentication
>>> failed: authentication failure
>>> May  6 09:53:42 GNUbox postfix/smtpd[16233]: lost connection after
>>> AUTH from 2.sub-75-244-219.myvzw.com[75.244.219.2]
>>> May  6 09:53:42 GNUbox postfix/smtpd[16233]: disconnect from
>>> 2.sub-75-244-219.myvzw.com[75.244.219.2]
>>>
>>> So after trying to fix SASL (And failing - I would have to set it up
>>> again from scratch which I am not prepared to do rite now) I said - Ok
>>> - I'll just turn it off and see what happens but I still get and SASL
>>> error - see above - And this is what I find odd. If the server is not
>>> advertising SASL why is the client trying to negotiate it and why is
>>> the server looking to comply?  Desktop clients work fine using TSL and
>>> password auth against the LDAP server. Which is what I would like to
>>> do for the phones at this point.
>>>
>>> Could I please get some help from some one smarter then I.
>>>
>>> Here is the appropriate segment of my main.cf file
>>>
>>> content_filter = smtp-amavis:[127.0.0.1]:10024
>>>
>>> smtp_use_tls = yes
>>> smtp_tls_note_starttls_offer = yes
>>> smtp_tls_enforce_peername = no
>>> smtpd_use_tls = yes
>>> smtpd_enforce_tls = no
>>> smtp_tls_CApath = /usr/share/ssl/certs
>>> smtpd_tls_cert_file = /etc/postfix/ssl/mail.cmaz.com.crt
>>> smtpd_tls_key_file = /etc/postfix/ssl/mail.cmaz.com.key
>>> smtpd_tls_wrappermode = no
>>> smtpd_tls_auth_only = yes
>>> smtpd_tls_loglevel = 2
>>> smtpd_tls_received_header = yes
>>> smtpd_tls_session_cache_timeout = 3600s
>>> tls_random_source = dev:/dev/urandom
>>> tls_daemon_random_source = dev:/dev/urandom
>>>
>>> smtpd_sasl_auth_enable = no
>>> smtpd_sasl2_auth_enable = no
>>> #smtpd_sasl_local_domain = $myhostname
>>> #smtpd_sasl_security_options = noanonymous
>>> #smtpd_sasl_path = smtpd
>>>
>>> smtpd_client_restrictions = permit_mynetworks
>>>                          # permit_sasl_authenticated
>>>
>>> #smtpd_sasl_tls_security_options = $smtpd_sasl_security_options
>>>
>>> mime_header_checks = regexp:/etc/postfix/mime_header_checks
>>>
>>> smtpd_recipient_restrictions =
>>>       permit_sasl_authenticated,
>>>       permit_mynetworks,
>>>       check_sender_access hash:/etc/postfix/whitelist,
>>>       # check_sender_access ldap:whitelist,
>>>       check_sender_access hash:/etc/postfix/spoofed-domains,
>>>       reject_non_fqdn_sender,
>>>       reject_non_fqdn_recipient,
>>>       reject_unknown_sender_domain,
>>>       reject_unknown_recipient_domain,
>>>       reject_unauth_destination,
>>>       # reject_unauth_pipelining,
>>>       #reject_rbl_client cbl.abuseat.org,
>>>       #reject_rbl_client combined.njabl.org,
>>>       #reject_rbl_client sbl-xbl.spamhaus.org,
>>>       #reject_rbl_client relays.ordb.org,
>>>       #reject_rbl_client list.dsbl.org,
>>>       #reject_rhsbl_client blackhole.securitysage.com,
>>>       #reject_rhsbl_sender blackhole.securitysage.com,
>>>
>>>       # reject_non_fqdn_helo_hostname
>>>       # reject_invalid_helo_hostname
>>>       check_policy_service unix:/var/spool/postfix/postgrey/socket
>>>
>>> smtpd_data_restrictions =
>>>       reject_multi_recipient_bounce
>>>       # sleep 1
>>>       reject_unauth_pipelining
>> Looks to me like perhaps you need to configure Cyrus SASL.
>> See http://www.postfix.org/SASL_README.html#server_cyrus
>>
>> --
>> -Eric 'shubes'
>>
>> ---------------------------------------------------
>> PLUG-discuss mailing list - PLUG-discuss at lists.plug.phoenix.az.us
>> To subscribe, unsubscribe, or to change your mail settings:
>> http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss
>>




More information about the PLUG-discuss mailing list