* tho...@zaph.org <tho...@zaph.org>: > I have to relay my mail through an SMTP server that uses authentication. > > I think I have Postfix configured correctly, but messages I send out get > queued with this error: > > 90EC0137A88 337 Thu Jul 16 19:12:09 u...@myhostname.foocorp.net > (SASL authentication failed; cannot authenticate to server > smtp.foocorp.net[10.1.1.2]: generic failure) u...@example.org > > And the logs say this: > > Jul 16 15:12:09 myhostname postfix/pickup[51310]: 90EC0137A88: > uid=2124367927 from=<username> > Jul 16 15:12:09 myhostname postfix/cleanup[51312]: 90EC0137A88: > message-id=<20090716191209.90ec0137...@myhostname.foocorp.net> > Jul 16 15:12:09 myhostname postfix/qmgr[51311]: 90EC0137A88: > from=<usern...@myhostname.foocorp.net>, size=337, nrcpt=1 (queue active) > Jul 16 15:12:09 myhostname postfix/smtp[51314]: warning: SASL > authentication failure: GSSAPI Error: Unspecified GSS failure. Minor code > may provide more information (No credentials cache found) > Jul 16 15:12:09 myhostname postfix/smtp[51314]: 90EC0137A88: > to=<us...@exmaple.org>, relay=smtp.foocorp.net[10.1.1.2]:25, delay=0.02, > delays=0.01/0/0.01/0, dsn=4.7.0, s tatus=deferred (SASL authentication > failed; cannot authenticate to server smtp.foocorp.net[10.1.1.2]: generic > failure)
The server offers GSSAPI (Kerberos) and your Postfix client (better: Cyrus SASL providing authentication service to Postfix) was not configured to handle GSSAPI. a) configure it to handle GSSAPI b) forget that and set $smtp_sasl_mechanism_filter to filter GSSAPI away and choose from the remaining mechanisms. See also: man 5 postconf | less +/^smtp_sasl_mechanism_filter p...@rick > > My username and password is correct, I have verified this by telnetting > into the SMTP box in question (an Exchange box) and was successfully > able to send an email to the outside world. > > The only thing that I can think that could be wrong is that my password > contains a comma and a bang (exclamation point). When I telnetted into > the SMTP server, I had to supply a base64 encoded username and password, > but in the sasl password map, the password is not quoted or escaped in > any way. > > This is what it looks like: > > $ cat sasl_passwd > smtp.foocorp.net username:password,withcomma!andbang > $ postmap -s /etc/postfix/sasl_passwd > smtp.foocorp.net username:password,withcomma!andbang > > Here is the output of postconf -n: > > command_directory = /usr/sbin > config_directory = /etc/postfix > daemon_directory = /usr/libexec/postfix > debug_peer_level = 2 > html_directory = no > inet_interfaces = loopback-only > mail_owner = _postfix > mailq_path = /usr/bin/mailq > manpage_directory = /usr/share/man > message_size_limit = 10485760 > mydomain = $myhostname > mydomain_fallback = localhost > myhostname = myhostname.foocorp.net > mynetworks_style = host > myorigin = $mydomain > newaliases_path = /usr/bin/newaliases > queue_directory = /private/var/spool/postfix > readme_directory = /usr/share/doc/postfix > relayhost = smtp.foocorp.net > sample_directory = /usr/share/doc/postfix/examples > sendmail_path = /usr/sbin/sendmail > setgid_group = _postdrop > smtp_sasl_auth_enable = yes > smtp_sasl_mechanism_filter = login > smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd > smtp_sasl_security_options = > unknown_local_recipient_reject_code = 550 > > Any help appreciated. > > thanks, > Thomas -- All technical answers asked privately will be automatically answered on the list and archived for public access unless privacy is explicitely required and justified. saslfinger (debugging SMTP AUTH): <http://postfix.state-of-mind.de/patrick.koetter/saslfinger/>
