On Sat, Dec 20, 2008 at 9:41 PM, Wietse Venema <wie...@porcupine.org> wrote:
> Asif Iqbal:
>> Dec 20 21:25:20 improvise postfix/smtp[7157]: warning: SASL
>> authentication failure: No worthy mechs found
>
> This means that the SASL (NOT: SSL) mechanisms are not properly
> configured.
>
>> So I tried the openssl test and looks like I need a real certificate?!
>
> No, you need to fix the SASL (NOT: SSL) details.
>
> Output from:
>
> postconf -n |grep sasl
>
> Very likely you need to set
>
> /etc/postfix/main.cf:
> smtp_sasl_tls_security_options = noanonymous
That was it and it is working now. Wow! Thanks!!
Dec 20 21:58:08 improvise postfix/pickup[7939]: C429F10E3B0: uid=1000
from=<iqbala>
Dec 20 21:58:08 improvise postfix/cleanup[7951]: C429F10E3B0:
message-id=<20081221025808.c429f10e...@improvise.lan>
Dec 20 21:58:08 improvise postfix/qmgr[7941]: C429F10E3B0:
from=<iqb...@improvise.lan>, size=445, nrcpt=1 (queue active)
Dec 20 21:58:09 improvise postfix/smtp[7986]: certificate verification
failed for smtp.gmail.com[209.85.163.109]:587: untrusted issuer
/C=ZA/ST=Western Cape/L=Cape Town/O=Thawte Consulting
cc/OU=Certification Services Division/CN=Thawte Premium Server
CA/emailaddress=premium-ser...@thawte.com
Dec 20 21:58:10 improvise postfix/smtp[7986]: C429F10E3B0:
to=<vad...@gmail.com>, relay=smtp.gmail.com[209.85.163.109]:587,
delay=1.9, delays=0.04/0/0.95/0.96, dsn=2.0.0, status=sent (250 2.0.0
OK 1229828290 t26sm7000666ele.17)
Dec 20 21:58:10 improvise postfix/qmgr[7941]: C429F10E3B0: removed
Here is my working postfix main.conf
iqb...@improvise:~$ postconf -n
alias_database = hash:/etc/aliases
alias_maps = hash:/etc/aliases
append_dot_mydomain = no
biff = no
config_directory = /etc/postfix
home_mailbox = Maildir/
inet_interfaces = loopback-only
inet_protocols = ipv4
mailbox_size_limit = 0
mydestination = improvise.lan, localhost.lan, , localhost
myhostname = improvise.lan
mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128
myorigin = /etc/mailname
readme_directory = no
recipient_delimiter = +
relayhost = [smtp.gmail.com]:submission
smtp_sasl_auth_enable = yes
smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd
smtp_sasl_tls_security_options = noanonymous
smtp_sasl_type = cyrus
smtp_tls_security_level = encrypt
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
smtp_use_tls = yes
I wonder if I make the config file even smaller. I am just using it to
send mail to local and remote addresses
using gmail as relayhost. I don't want to receive any email from
outside. I like to listen to port 25 only on loopback
interface
Thanks again.
I am little confused with SASL and TLS. I guess I have to hit the wikipedia ;-)
>
> (the default is to disallow plaintext login mechanisms).
>
> Wietse
>
--
Asif Iqbal
PGP Key: 0xE62693C5 KeyServer: pgp.mit.edu
