Thanks for the reply! I'm going crazy here.'
I did change the setup between the set of logs in the previous e-mail. To
keep things simple, I won't this time.
# postconf -n
# shortened for relavent iformation
biff = no
broken_sasl_auth_clients = yes
config_directory = /etc/postfix
inet_interfaces = all
local_recipient_maps =
mydestination =
mydomain = domain.com
myhostname = real.domain.com
mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128
mynetworks_style = host
myorigin = $mydomain
readme_directory = no
recipient_delimiter = +
smtp_helo_timeout = 60s
smtp_tls_note_starttls_offer = yes
smtpd_banner = Servee SMTP ESMTP
smtpd_client_restrictions = reject_rbl_client sbl.spamhaus.org,
reject_rbl_client blackholes.easynet.nl, reject_rbl_client dnsbl.njabl.org
smtpd_data_restrictions = reject_unauth_pipelining
smtpd_delay_reject = yes
smtpd_hard_error_limit = 12
smtpd_helo_required = yes
smtpd_helo_restrictions = warn_if_reject reject_non_fqdn_hostname,
reject_invalid_hostname, permit
smtpd_recipient_limit = 16
smtpd_recipient_restrictions = reject_unauth_pipelining, permit_mynetworks,
permit_sasl_authenticated, reject_non_fqdn_recipient,
reject_unknown_recipient_domain, reject_unauth_destination,
check_policy_service inet:127.0.0.1:60000, permit
smtpd_sasl_auth_enable = yes
smtpd_sasl_authenticated_header = yes
smtpd_sasl_local_domain =
smtpd_sasl_path = /etc/postfix/sasl:/usr/lib/sasl2
smtpd_sasl_security_options = noanonymous
smtpd_sender_restrictions = permit_sasl_authenticated, permit_mynetworks,
warn_if_reject reject_non_fqdn_sender, reject_unknown_sender_domain,
reject_unauth_pipelining, permit
smtpd_soft_error_limit = 3
smtpd_tls_auth_only = no
smtpd_tls_cert_file = /etc/postfix/postfix.cert
smtpd_tls_key_file = /etc/postfix/postfix.key
smtpd_tls_loglevel = 3
smtpd_tls_received_header = yes
smtpd_tls_security_level = may
smtpd_tls_session_cache_timeout = 3600s
smtpd_use_tls = no
tls_random_source = dev:/dev/urandom
unknown_local_recipient_reject_code = 450
virtual_alias_maps = mysql:/etc/postfix/mysql_alias.cf
virtual_gid_maps = mysql:/etc/postfix/mysql_gid.cf
virtual_mailbox_base = /mnt/spool/mail/virtual
virtual_mailbox_domains = mysql:/etc/postfix/mysql_domains.cf
virtual_mailbox_maps = mysql:/etc/postfix/mysql_mailbox.cf
virtual_uid_maps = mysql:/etc/postfix/mysql_uid.cf
Here is the saslfinger output.
# saslfinger -c
saslfinger - postfix Cyrus sasl configuration Mon Oct 13 07:08:29 PDT 2008
version: 1.0.2
mode: client-side SMTP AUTH
-- basics --
Postfix: 2.5.1
System: Ubuntu 8.04 \n \l
-- smtp is linked to --
libsasl2.so.2 => /usr/lib/libsasl2.so.2 (0x00d68000)
-- active SMTP AUTH and TLS parameters for smtp --
smtp_tls_note_starttls_offer = yes
-- listing of /usr/lib/sasl2 --
total 792
drwxr-xr-x 2 root root 4096 2008-05-02 15:10 .
drwxr-xr-x 55 root root 12288 2008-05-04 09:48 ..
... omitted ...
*Cannot find the smtp_sasl_password_maps parameter in main.cf.*
Client-side SMTP AUTH cannot work without this parameter!
I'm using mysql, so I've included the
#/etc/postfix/sasl/smtpd.conf
pwcheck_method: auxprop
auxprop_plugin: sql
mech_list: login cram-md5 digest-md5
sql_engine: mysql
sql_hostnames: localhost
sql_user: mail
sql_passwd: (password)
sql_database: maildb
sql_select: select clear from users where id='[EMAIL PROTECTED]' and enabled = 1
The above was also taken from the guide
Master.cf
smtp inet n - - - - smtpd
submission inet n - - - - smtpd
-o smtpd_sasl_auth_enable=yes
# if you do not want to allow encryption only, comment out next line
-o smtpd_tls_auth_only=yes
-o smtpd_tls_security_level=encrypt
# -o header_checks=
# -o body_checks=
-o
smtpd_client_restrictions=permit_sasl_authenticated,reject_unauth_destination,reject
-o smtpd_sasl_security_options=noanonymous,noplaintext
-o smtpd_sasl_tls_security_options=noanonymous
# -o milter_macro_daemon_name=ORIGINATING
smtps inet n - - - - smtpd
-o smtpd_tls_wrappermode=yes
-o smtpd_sasl_auth_enable=yes
-o smtpd_tls_auth_only=yes
-o smtpd_client_restrictions=permit_sasl_authenticated,reject
-o smtpd_sasl_security_options=noanonymous,noplaintext
-o smtpd_sasl_tls_security_options=noanonymous
# -o milter_macro_daemon_name=ORIGINATING
Wit this setup, I'm getting in the log
Oct 13 07:19:16 ec2-75-101-148-70 postfix/smtpd[9929]: connect from (outside
host)
Oct 13 07:19:16 ec2-75-101-148-70 postfix/smtpd[9929]: setting up TLS
connection from (outside host)
Oct 13 07:19:16 postfix/smtpd[9929]: SSL_accept error from (outside host):
-1
Oct 13 07:19:16 postfix/smtpd[9929]: lost connection after STARTTLS from
(outside host)
