* Drew Tomlinson <[EMAIL PROTECTED]>: > Here's the same session with the Postfix smtp client with smtp -v set in > master.cf: > > --- BEGIN --- > > Sep 20 07:48:17 blacklamb postfix/smtp[8558]: smtp_connect_addr: trying: > smtpauth.surewest.net[66.60.130.153] port 25... > Sep 20 07:48:17 blacklamb postfix/smtpd[8761]: disconnect from > bigdaddy.mykitchentable.net[192.168.1.3] > Sep 20 07:48:17 blacklamb postfix/smtp[8558]: vstream_tweak_tcp: > TCP_MAXSEG 1448 > Sep 20 07:48:17 blacklamb postfix/smtp[8558]: global TLS level: may > Sep 20 07:48:17 blacklamb postfix/smtp[8558]: < > smtpauth.surewest.net[66.60.130.153]:25: 220 smtpauth.surewest.net ESMTP > Postfix > Sep 20 07:48:17 blacklamb postfix/smtp[8558]: > > smtpauth.surewest.net[66.60.130.153]:25: EHLO > blacklamb.mykitchentable.net > Sep 20 07:48:17 blacklamb postfix/smtp[8558]: < > smtpauth.surewest.net[66.60.130.153]:25: 250-smtpauth.surewest.net > Sep 20 07:48:17 blacklamb postfix/smtp[8558]: < > smtpauth.surewest.net[66.60.130.153]:25: 250-SIZE 10240000 > Sep 20 07:48:17 blacklamb postfix/smtp[8558]: < > smtpauth.surewest.net[66.60.130.153]:25: 250-VRFY > Sep 20 07:48:17 blacklamb postfix/smtp[8558]: < > smtpauth.surewest.net[66.60.130.153]:25: 250-ETRN > Sep 20 07:48:17 blacklamb postfix/smtp[8558]: < > smtpauth.surewest.net[66.60.130.153]:25: 250-STARTTLS > Sep 20 07:48:17 blacklamb postfix/smtp[8558]: < > smtpauth.surewest.net[66.60.130.153]:25: 250-AUTH=LOGIN PLAIN DIGEST-MD5 > CRAM-MD5
AUTH offered ... > Sep 20 07:48:17 blacklamb postfix/smtp[8558]: < > smtpauth.surewest.net[66.60.130.153]:25: 250-ENHANCEDSTATUSCODES > Sep 20 07:48:17 blacklamb postfix/smtp[8558]: < > smtpauth.surewest.net[66.60.130.153]:25: 250-8BITMIME > Sep 20 07:48:17 blacklamb postfix/smtp[8558]: < > smtpauth.surewest.net[66.60.130.153]:25: 250 DSN > Sep 20 07:48:17 blacklamb postfix/smtp[8558]: server features: 0x901b > size 10240000 > Sep 20 07:48:17 blacklamb postfix/smtp[8558]: > > smtpauth.surewest.net[66.60.130.153]:25: STARTTLS Postfix opts for STARTTLS > Sep 20 07:48:18 blacklamb postfix/smtp[8558]: < > smtpauth.surewest.net[66.60.130.153]:25: 220 2.0.0 Ready to start TLS > Sep 20 07:48:18 blacklamb postfix/smtp[8558]: auto_clnt_open: connected > to private/tlsmgr > Sep 20 07:48:18 blacklamb postfix/smtp[8558]: send attr request = seed > Sep 20 07:48:18 blacklamb postfix/smtp[8558]: send attr size = 32 > Sep 20 07:48:18 blacklamb postfix/smtp[8558]: private/tlsmgr: wanted > attribute: status > Sep 20 07:48:18 blacklamb postfix/smtp[8558]: input attribute name: status > Sep 20 07:48:18 blacklamb postfix/smtp[8558]: input attribute value: 0 > Sep 20 07:48:18 blacklamb postfix/smtp[8558]: private/tlsmgr: wanted > attribute: seed > Sep 20 07:48:18 blacklamb postfix/smtp[8558]: input attribute name: seed > Sep 20 07:48:18 blacklamb postfix/smtp[8558]: input attribute value: <my > password string> > Sep 20 07:48:18 blacklamb postfix/smtp[8558]: private/tlsmgr: wanted > attribute: (list terminator) > Sep 20 07:48:18 blacklamb postfix/smtp[8558]: input attribute name: (end) > Sep 20 07:48:18 blacklamb postfix/smtp[8558]: > TLS sesssion starting SMTP session anew ... > smtpauth.surewest.net[66.60.130.153]:25: EHLO > blacklamb.mykitchentable.net > Sep 20 07:48:18 blacklamb postfix/smtp[8558]: < > smtpauth.surewest.net[66.60.130.153]:25: 250-smtpauth.surewest.net > Sep 20 07:48:18 blacklamb postfix/smtp[8558]: < > smtpauth.surewest.net[66.60.130.153]:25: 250-PIPELINING > Sep 20 07:48:18 blacklamb postfix/smtp[8558]: < > smtpauth.surewest.net[66.60.130.153]:25: 250-SIZE 10240000 > Sep 20 07:48:18 blacklamb postfix/smtp[8558]: < > smtpauth.surewest.net[66.60.130.153]:25: 250-VRFY > Sep 20 07:48:18 blacklamb postfix/smtp[8558]: < > smtpauth.surewest.net[66.60.130.153]:25: 250-ETRN > Sep 20 07:48:18 blacklamb postfix/smtp[8558]: < > smtpauth.surewest.net[66.60.130.153]:25: 250-AUTH=LOGIN PLAIN DIGEST-MD5 > CRAM-MD5 AUTH offered ... > Sep 20 07:48:18 blacklamb postfix/smtp[8558]: < > smtpauth.surewest.net[66.60.130.153]:25: 250-ENHANCEDSTATUSCODES > Sep 20 07:48:18 blacklamb postfix/smtp[8558]: < > smtpauth.surewest.net[66.60.130.153]:25: 250-8BITMIME > Sep 20 07:48:18 blacklamb postfix/smtp[8558]: < > smtpauth.surewest.net[66.60.130.153]:25: 250 DSN > Sep 20 07:48:18 blacklamb postfix/smtp[8558]: server features: 0x900f > size 10240000 > Sep 20 07:48:18 blacklamb postfix/smtp[8558]: Using ESMTP PIPELINING, > TCP send buffer size is 4096 > Sep 20 07:48:18 blacklamb postfix/smtp[8558]: > > smtpauth.surewest.net[66.60.130.153]:25: MAIL > FROM:<[EMAIL PROTECTED]> SIZE=777 Envelope sender sent ... > Sep 20 07:48:18 blacklamb postfix/smtp[8558]: > > smtpauth.surewest.net[66.60.130. > 153]:25: RCPT TO:<[EMAIL PROTECTED]> > ORCPT=rfc822;[EMAIL PROTECTED] Recipient sent ... > Sep 20 07:48:18 blacklamb postfix/smtp[8558]: > > smtpauth.surewest.net[66.60.130.153]:25: DATA > Sep 20 07:48:18 blacklamb postfix/smtp[8558]: < > smtpauth.surewest.net[66.60.130.153]:25: 250 2.1.0 Ok > Sep 20 07:48:18 blacklamb postfix/smtp[8558]: < > smtpauth.surewest.net[66.60.130. > 153]:25: 554 5.7.1 <[EMAIL PROTECTED]>: Recipient address > rejected: Relay access denied denied. Your Postfix Client connects to smtpauth.surewest.net and the server introduces itself with that hostname, but Postfix does not seem to recognize this host (smtpauth.surewest.net) as a host where it should start a AUTH session. Verify that smtpauth.surewest.net has been written down correctly in /usr/local/etc/postfix/sasl_passwd and update the map. saslfinger barks that the hash file is out of date. [EMAIL PROTECTED] > > --- END --- > > Yet I can send via interactive telnet session: > > --- BEGIN --- > > blacklamb# telnet smtpauth.surewest.net 25 > Trying 66.60.130.153... > Connected to smtpauth.surewest.net. > Escape character is '^]'. > 220 smtpauth.surewest.net ESMTP Postfix > AUTH PLAIN <my password string> > 235 2.0.0 Authentication successful > mail from:[EMAIL PROTECTED] > 250 2.1.0 Ok > rcpt to:[EMAIL PROTECTED] > 250 2.1.5 Ok > DATA > 354 End data with <CR><LF>.<CR><LF> > some data here > some more here > > . > 250 2.0.0 Ok: queued as 03D609BF3C > rset > 250 2.0.0 Ok > quit > 221 2.0.0 Bye > > --- END --- > > Thus I suspect I don't have something correct in my Postfix > configuration. I have been trying to resolve this for a few days and am > stuck. Can anyone show me my error? I'd *REALLY* appreciate it. > > Thanks, > > Drew > > --- > > Requested output from http://www.postfix.org/DEBUG_README.html#mail follows: > > The postfinger link returns a forbidden error. Thus: > > blacklamb# postconf -n > body_checks = regexp:/etc/postfix/body_checks > broken_sasl_auth_clients = yes > command_directory = /usr/local/sbin > config_directory = /usr/local/etc/postfix > daemon_directory = /usr/local/libexec/postfix > data_directory = /var/db/postfix > debug_peer_level = 2 > default_privs = nobody > disable_vrfy_command = yes > header_checks = regexp:/usr/local/etc/postfix/header_checks > home_mailbox = Maildir/ > html_directory = no > mail_owner = postfix > mailbox_command = /usr/local/bin/procmail > mailq_path = /usr/local/bin/mailq > manpage_directory = /usr/local/man > mydestination = $myhostname localhost.$mydomain $mydomain > alchemistswarehouse.com > mynetworks = 192.168.0.0/16, 127.0.0.0/8 > myorigin = $mydomain > newaliases_path = /usr/local/bin/newaliases > notify_classes = 2bounce, delay, resource, software > queue_directory = /var/spool/postfix > readme_directory = no > relayhost = smtpauth.surewest.net > sample_directory = /usr/local/etc/postfix > sendmail_path = /usr/local/sbin/sendmail > setgid_group = maildrop > smtp_sasl_mechanism_filter = plain > smtp_sasl_password_maps = hash:/usr/local/etc/postfix/sasl_passwd > smtp_sasl_type = cyrus > smtp_tls_note_starttls_offer = yes > smtp_tls_security_level = may > smtpd_banner = $myhostname NO UCE ESMTP > smtpd_client_restrictions = check_client_access > hash:/usr/local/etc/postfix/client_access, > reject_unauth_pipelining, reject_rbl_client dnsbl.njabl.org, > reject_rbl_client bl.spamcop.net, reject_rbl_client > sbl.spamhaus.org, reject_rbl_client xbl.spamhaus.org, > reject_rbl_client list.dsbl.orgreject_rbl_client dsn.rfc-ignorant.org > smtpd_helo_required = yes > smtpd_recipient_restrictions = permit_sasl_authenticated, > permit_mynetworks, reject_unauth_destination > smtpd_sasl_auth_enable = yes > smtpd_sasl_local_domain = > smtpd_sasl_security_options = noanonymous > smtpd_tls_CAfile = /etc/postfix/ssl/smtpd.pem > smtpd_tls_cert_file = /etc/postfix/ssl/smtpd.pem > smtpd_tls_key_file = /etc/postfix/ssl/smtpd.pem > smtpd_tls_loglevel = 1 > smtpd_tls_received_header = yes > smtpd_tls_security_level = may > smtpd_tls_session_cache_timeout = 3600s > soft_bounce = yes > strict_rfc821_envelopes = yes > tls_random_source = dev:/dev/urandom > unknown_local_recipient_reject_code = 550 > > > blacklamb# ./saslfinger.sh -c > saslfinger.sh - postfix Cyrus sasl configuration Sat Sep 20 09:48:55 PDT > 2008 > version: 1.0.2 > mode: client-side SMTP AUTH > > -- basics -- > Postfix: 2.5.1 > System: FreeBSD 6.2-RELEASE-p8 (BLACKLAMB) #2: Thu Oct 25 23:17:42 PDT 2007 > > Welcome to FreeBSD! > > Before seeking technical support, please use the following resources: > > o Security advisories and updated errata information for all releases are > at http://www.FreeBSD.org/releases/ - always consult the ERRATA section > for your release first as it's updated frequently. > > o The Handbook and FAQ documents are at http://www.FreeBSD.org/ and, > along with the mailing lists, can be searched by going to > http://www.FreeBSD.org/search/. If the doc distribution has > been installed, they're also available formatted in /usr/share/doc. > > If you still have a question or problem, please take the output of > `uname -a', along with any relevant error messages, and email it > as a question to the [EMAIL PROTECTED] mailing list. If you are > unfamiliar with FreeBSD's directory layout, please refer to the hier(7) > manual page. If you are not familiar with manual pages, type `man man'. > > You may also use sysinstall(8) to re-enter the installation and > configuration utility. Edit /etc/motd to change this login announcement. > > -- smtp is linked to -- > libsasl2.so.2 => /usr/local/lib/libsasl2.so.2 (0x280e9000) > > -- active SMTP AUTH and TLS parameters for smtp -- > relayhost = smtpauth.surewest.net > smtp_sasl_mechanism_filter = plain > smtp_sasl_password_maps = hash:/usr/local/etc/postfix/sasl_passwd > smtp_sasl_type = cyrus > smtp_tls_note_starttls_offer = yes > smtp_tls_security_level = may > > > -- listing of /usr/local/lib/sasl2 -- > total 692 > drwxr-xr-x 2 root wheel 1024 Jul 16 06:15 . > drwxr-xr-x 25 root wheel 9728 Aug 20 09:23 .. > -rw-r--r-- 1 root wheel 26 May 30 2006 Sendmail.conf > -rw-r--r-- 1 root wheel 13276 Jul 16 06:15 libanonymous.a > -rwxr-xr-x 1 root wheel 829 Jul 16 06:15 libanonymous.la > -rwxr-xr-x 1 root wheel 16549 Jul 16 06:15 libanonymous.so > -rwxr-xr-x 1 root wheel 16549 Jul 16 06:15 libanonymous.so.2 > -rw-r--r-- 1 root wheel 15478 Jul 16 06:15 libcrammd5.a > -rwxr-xr-x 1 root wheel 815 Jul 16 06:15 libcrammd5.la > -rwxr-xr-x 1 root wheel 18850 Jul 16 06:15 libcrammd5.so > -rwxr-xr-x 1 root wheel 18850 Jul 16 06:15 libcrammd5.so.2 > -rw-r--r-- 1 root wheel 46360 Jul 16 06:15 libdigestmd5.a > -rwxr-xr-x 1 root wheel 838 Jul 16 06:15 libdigestmd5.la > -rwxr-xr-x 1 root wheel 48299 Jul 16 06:15 libdigestmd5.so > -rwxr-xr-x 1 root wheel 48299 Jul 16 06:15 libdigestmd5.so.2 > -rw-r--r-- 1 root wheel 23156 Jul 16 06:15 libgssapiv2.a > -rwxr-xr-x 1 root wheel 891 Jul 16 06:15 libgssapiv2.la > -rwxr-xr-x 1 root wheel 27232 Jul 16 06:15 libgssapiv2.so > -rwxr-xr-x 1 root wheel 27232 Jul 16 06:15 libgssapiv2.so.2 > -rw-r--r-- 1 root wheel 13482 Jul 16 06:15 liblogin.a > -rwxr-xr-x 1 root wheel 809 Jul 16 06:15 liblogin.la > -rwxr-xr-x 1 root wheel 17008 Jul 16 06:15 liblogin.so > -rwxr-xr-x 1 root wheel 17008 Jul 16 06:15 liblogin.so.2 > -rw-r--r-- 1 root wheel 29640 Jul 16 06:15 libntlm.a > -rwxr-xr-x 1 root wheel 803 Jul 16 06:15 libntlm.la > -rwxr-xr-x 1 root wheel 33727 Jul 16 06:15 libntlm.so > -rwxr-xr-x 1 root wheel 33727 Jul 16 06:15 libntlm.so.2 > -rw-r--r-- 1 root wheel 19738 Jul 16 06:15 libotp.a > -rwxr-xr-x 1 root wheel 803 Jul 16 06:15 libotp.la > -rwxr-xr-x 1 root wheel 23669 Jul 16 06:15 libotp.so > -rwxr-xr-x 1 root wheel 23669 Jul 16 06:15 libotp.so.2 > -rw-r--r-- 1 root wheel 13610 Jul 16 06:15 libplain.a > -rwxr-xr-x 1 root wheel 809 Jul 16 06:15 libplain.la > -rwxr-xr-x 1 root wheel 16970 Jul 16 06:15 libplain.so > -rwxr-xr-x 1 root wheel 16970 Jul 16 06:15 libplain.so.2 > -rw-r--r-- 1 root wheel 19632 Jul 16 06:15 libsasldb.a > -rwxr-xr-x 1 root wheel 808 Jul 16 06:15 libsasldb.la > -rwxr-xr-x 1 root wheel 21743 Jul 16 06:15 libsasldb.so > -rwxr-xr-x 1 root wheel 21743 Jul 16 06:15 libsasldb.so.2 > -rw-r--r-- 1 root wheel 50 Apr 14 2006 smtpd.conf > > > -- permissions for /usr/local/etc/postfix/sasl_passwd -- > -rw-r--r-- 1 root wheel 55 Sep 20 08:54 > /usr/local/etc/postfix/sasl_passwd > > -- permissions for /usr/local/etc/postfix/sasl_passwd.db -- > -rw-r--r-- 1 root wheel 16384 Sep 19 22:57 > /usr/local/etc/postfix/sasl_passwd.db > > /usr/local/etc/postfix/sasl_passwd.db is older than > /usr/local/etc/postfix/sasl_passwd! > Run the following command as root to sync > /usr/local/etc/postfix/sasl_passwd.db: > > postmap hash:/usr/local/etc/postfix/sasl_passwd > > > > > > > > > > -- The Book of Postfix <http://www.postfix-book.com> saslfinger (debugging SMTP AUTH): <http://postfix.state-of-mind.de/patrick.koetter/saslfinger/>
