Thank you for the helpful comments, Victor. > Have you tested the exact same credentials with an MUA such as > Thunderbird, Outlook Express, Mail.app, ...
Yes, Outlook 2007 SMTP with identical settings and credentials. I've included a screenshot of my exact settings, but they are exactly what I described earlier. I also used Wireshark to verify that the same server:port 208.127.0.5:587 were the same server Postfix is using. http://cera.us/tmp/outlook_smtp.png > Generally, you should have such relayhost names in [], both in main.cf > and in the lookup key in smtp_sasl_password_maps. Done. > chmod 0600 /etc/postfix/sasl/sasl_passwd* Done. There an invalid certificate mentioned in the postfix logs, but I don't think this would affect anything with the authentication. Jul 4 12:54:34 psico postfix/smtp[31120]: certificate verification failed for smtpauth.exchangecarrier.net[208.127.0.5]:587: untrusted issuer /CN=owa1.exchangecarrier.net I also tried [blindly] messing with different combinations of the following options I read by other trouble-shooters on the net, but none of them seemed to add anything new: smtp_sasl_security_options = noplaintext,noanonymous smtp_sasl_mechanism_filter = !gssapi, !external, static:all smtpd_sasl_authenticated_header = yes smtp_sasl_type=cyrus > Either ch...@cera.us is not the right username, or the password > in smtp_sasl_password_maps is not the right password or the > server is not working. I tried changing my password just in case, same problem. The username/password is still being printed correctly in the log files (currently only numbers and letters), so I'm baffled. I also tried changing the password to something arbitrary, and the error message is same "535 5.7.3 Authentication unsuccessful" I would love to hear suggestions on what to try next. I don't know how to reverse-engineer the Outlook stream captured by Wireshark, and possibly replay it with Postfix somehow. It seems there should be something simpler, so any additional pointers are greatly appreciated. -Chris * Victor Duchovni <victor.ducho...@morganstanley.com> [090704 20:05]: > On Sat, Jul 04, 2009 at 02:29:51PM -0400, Chris Cera wrote: > > > I'm having an issue relaying to DNAMail Exchange Server with > > SASL. I'm receiving the following error, despite being very > > confident I have the correct credentials: > > > > 535 5.7.3 Authentication unsuccessful > > > > smtp_sasl_password_maps = hash:/etc/postfix/sasl/sasl_passwd > > Have you tested the exact same credentials with an MUA such as Thunderbird, > Outlook Express, Mail.app, ... > > If the server does not accept the credentials, your confidence is > immaterial. Either ch...@cera.us is not the right username, or the > password in smtp_sasl_password_maps is not the right password or > the server is not working. > > > Jul 4 12:54:35 psico postfix/smtp[31120]: > > > smtpauth.exchangecarrier.net[208.127.0.5]:587: AUTH NTLM > > TlRMTVNTUAABAAAABwIAAAAAAAAgAAAAAAAAACAAAAA= > > Jul 4 12:54:35 psico postfix/smtp[31120]: < > > smtpauth.exchangecarrier.net[208.127.0.5]:587: 334 > > TlRMTVNTUAACAAAACAAIADgAAAAFAoEChQG+04pLfAMAAAAAAAAAAKQApABAAAAABQLODgAAAA9NAEEASQBMAAIACABNAEEA > > Jul 4 12:54:35 psico postfix/smtp[31120]: > > > smtpauth.exchangecarrier.net[208.127.0.5]:587: > > TlRMTVNTUAADAAAAAAAAAEAAAAAYABgAQAAAAAgACABYAAAAGgAaAGAAAAAAAAAAegAAAAAAAAB6AAAABQIAAIT+12cigyI2s9yxfVBRW+6DRa8UBCC6UE0AQQBJAEwAYwBoAHIAaQBzAEAAYwBlAHIAYQAuAHUAcwA= > > Jul 4 12:54:40 psico postfix/smtp[31120]: < > > smtpauth.exchangecarrier.net[208.127.0.5]:587: 535 5.7.3 Authentication > > unsuccessful > > The Challenge/response nature of NTLM makes it difficult to extract your > password from the above, all one can say is that the server declined the > handshake for ch...@cera.us, most likely because the username or password > is not right, but perhaps something else is wrong. First test with Thunderbird > or similar. > > > relayhost = smtpauth.exchangecarrier.net:587 > > Generally, you should have such relayhost names in [], both in main.cf > and in the lookup key in smtp_sasl_password_maps. > > main.cf: > relayhost = [smtpauth.exchangecarrier.net]:587 > > sasl_password: > [smtpauth.exchangecarrier.net]:587 user:pass > > > -rw-r--r-- 1 root root 51 2009-07-04 11:50 /etc/postfix/sasl/sasl_passwd > > -rw-r--r-- 1 root root 12288 2009-07-04 14:09 > > /etc/postfix/sasl/sasl_passwd.db > > Should not be group or world readable: > > chmod 0600 /etc/postfix/sasl/sasl_passwd* > > -- > Viktor. > > Disclaimer: off-list followups get on-list replies or get ignored. > Please do not ignore the "Reply-To" header. > > To unsubscribe from the postfix-users list, visit > http://www.postfix.org/lists.html or click the link below: > <mailto:majord...@postfix.org?body=unsubscribe%20postfix-users> > > If my response solves your problem, the best way to thank me is to not > send an "it worked, thanks" follow-up. If you must respond, please put > "It worked, thanks" in the "Subject" so I can delete these quickly.
