I made the changes you suggested and still can't authenticate. Here is the log from maillog. Thanks
Jan 2 10:14:41 fedora postfix/smtpd[17435]: connection established Jan 2 10:14:41 fedora postfix/smtpd[17435]: master_notify: status 0 Jan 2 10:14:41 fedora postfix/smtpd[17435]: name_mask: resource Jan 2 10:14:41 fedora postfix/smtpd[17435]: name_mask: software Jan 2 10:14:41 fedora postfix/smtpd[17435]: connect from adsl-012-034-567-890.sip.my.isp.net [12.34.56.78] Jan 2 10:14:41 fedora postfix/smtpd[17435]: match_list_match: adsl-012-034-567-890.sip.my.isp.net : no match Jan 2 10:14:41 fedora postfix/smtpd[17435]: match_list_match: 12.34.56.78: no match Jan 2 10:14:41 fedora postfix/smtpd[17435]: match_list_match: adsl-012-034-567-890.sip.my.isp.net : no match Jan 2 10:14:41 fedora postfix/smtpd[17435]: match_list_match: 12.34.56.78: no match Jan 2 10:14:41 fedora postfix/smtpd[17435]: match_hostname: adsl-012-034-567-890.sip.my.isp.net ~? 192.168.1.0/28 Jan 2 10:14:41 fedora postfix/smtpd[17435]: match_hostaddr: 12.34.56.78 ~? 192.168.1.0/28 Jan 2 10:14:41 fedora postfix/smtpd[17435]: match_hostname: adsl-012-034-567-890.sip.my.isp.net ~? 127.0.0.0/8 Jan 2 10:14:41 fedora postfix/smtpd[17435]: match_hostaddr: 12.34.56.78 ~? 127.0.0.0/8 Jan 2 10:14:41 fedora postfix/smtpd[17435]: match_hostname: adsl-012-034-567-890.sip.my.isp.net ~? 12.34.56.78 Jan 2 10:14:41 fedora postfix/smtpd[17435]: match_hostaddr: 12.34.56.78 ~? 12.34.56.78 Jan 2 10:14:41 fedora postfix/smtpd[17435]: >>> START Client host RESTRICTIONS <<< Jan 2 10:14:41 fedora postfix/smtpd[17435]: generic_checks: name=permit_mynetworks Jan 2 10:14:41 fedora postfix/smtpd[17435]: permit_mynetworks: adsl-012-034-567-890.sip.my.isp.net 12.34.56.78 Jan 2 10:14:41 fedora postfix/smtpd[17435]: match_hostname: adsl-012-034-567-890.sip.my.isp.net ~? 192.168.1.0/28 Jan 2 10:14:41 fedora postfix/smtpd[17435]: match_hostaddr: 12.34.56.78 ~? 192.168.1.0/28 Jan 2 10:14:41 fedora postfix/smtpd[17435]: match_hostname: adsl-012-034-567-890.sip.my.isp.net ~? 127.0.0.0/8 Jan 2 10:14:41 fedora postfix/smtpd[17435]: match_hostaddr: 12.34.56.78 ~? 127.0.0.0/8 Jan 2 10:14:41 fedora postfix/smtpd[17435]: match_hostname: adsl-012-034-567-890.sip.my.isp.net ~? 12.34.56.78 Jan 2 10:14:41 fedora postfix/smtpd[17435]: match_hostaddr: 12.34.56.78 ~? 12.34.56.78 Jan 2 10:14:41 fedora postfix/smtpd[17435]: generic_checks: name=permit_mynetworks status=1 Jan 2 10:14:41 fedora postfix/smtpd[17435]: > adsl-012-034-567-890.sip.my.isp.net [12.34.56.78]: 220 myDomName.com ESMTP Postfix Jan 2 10:14:42 fedora postfix/smtpd[17435]: < adsl-012-034-567-890.sip.my.isp.net [12.34.56.78]: EHLO [192.168.0.105] Jan 2 10:14:42 fedora postfix/smtpd[17435]: >>> START Helo command RESTRICTIONS <<< Jan 2 10:14:42 fedora postfix/smtpd[17435]: generic_checks: name=reject_invalid_hostname Jan 2 10:14:42 fedora postfix/smtpd[17435]: reject_invalid_hostaddr: [192.168.0.105] Jan 2 10:14:42 fedora postfix/smtpd[17435]: generic_checks: name=reject_invalid_hostname status=0 Jan 2 10:14:42 fedora postfix/smtpd[17435]: >>> END Helo command RESTRICTIONS <<< Jan 2 10:14:42 fedora postfix/smtpd[17435]: > adsl-012-034-567-890.sip.my.isp.net [12.34.56.78]: 250-myDomName.com Jan 2 10:14:42 fedora postfix/smtpd[17435]: > adsl-012-034-567-890.sip.my.isp.net [12.34.56.78]: 250-PIPELINING Jan 2 10:14:42 fedora postfix/smtpd[17435]: > adsl-012-034-567-890.sip.my.isp.net [12.34.56.78]: 250-SIZE 10240000 Jan 2 10:14:42 fedora postfix/smtpd[17435]: > adsl-012-034-567-890.sip.my.isp.net [12.34.56.78]: 250-VRFY Jan 2 10:14:42 fedora postfix/smtpd[17435]: > adsl-012-034-567-890.sip.my.isp.net [12.34.56.78]: 250-ETRN Jan 2 10:14:42 fedora postfix/smtpd[17435]: match_list_match: adsl-012-034-567-890.sip.my.isp.net : no match Jan 2 10:14:42 fedora postfix/smtpd[17435]: match_list_match: 12.34.56.78: no match Jan 2 10:14:42 fedora postfix/smtpd[17435]: > adsl-012-034-567-890.sip.my.isp.net [12.34.56.78]: 250-STARTTLS Jan 2 10:14:42 fedora postfix/smtpd[17435]: > adsl-012-034-567-890.sip.my.isp.net [12.34.56.78]: 250-ENHANCEDSTATUSCODES Jan 2 10:14:42 fedora postfix/smtpd[17435]: > adsl-012-034-567-890.sip.my.isp.net [12.34.56.78]: 250-8BITMIME Jan 2 10:14:42 fedora postfix/smtpd[17435]: > adsl-012-034-567-890.sip.my.isp.net [12.34.56.78]: 250 DSN Jan 2 10:14:42 fedora postfix/smtpd[17435]: smtp_get: EOF Jan 2 10:14:42 fedora postfix/smtpd[17435]: match_hostname: adsl-012-034-567-890.sip.my.isp.net ~? 192.168.1.0/28 Jan 2 10:14:42 fedora postfix/smtpd[17435]: match_hostaddr: 12.34.56.78 ~? 192.168.1.0/28 Jan 2 10:14:42 fedora postfix/smtpd[17435]: match_hostname: adsl-012-034-567-890.sip.my.isp.net ~? 127.0.0.0/8 Jan 2 10:14:42 fedora postfix/smtpd[17435]: match_hostaddr: 12.34.56.78 ~? 127.0.0.0/8 Jan 2 10:14:42 fedora postfix/smtpd[17435]: match_hostname: adsl-012-034-567-890.sip.my.isp.net ~? 12.34.56.78 Jan 2 10:14:42 fedora postfix/smtpd[17435]: match_hostaddr: 12.34.56.78 ~? 12.34.56.78 Jan 2 10:14:42 fedora postfix/smtpd[17435]: lost connection after EHLO from adsl-012-034-567-890.sip.my.isp.net [12.34.56.78] Jan 2 10:14:42 fedora postfix/smtpd[17435]: disconnect from adsl-012-034-567-890.sip.my.isp.net [12.34.56.78] Jan 2 10:14:42 fedora postfix/smtpd[17435]: master_notify: status 1 Jan 2 10:14:42 fedora postfix/smtpd[17435]: connection closed On Sat, Jan 2, 2010 at 3:50 AM, Patrick Ben Koetter <p...@state-of-mind.de>wrote: > * froinds J <froi...@gmail.com>: > > My problem is: if I allow TLS I cannot authenticate. Without TLS > everything > > works. Here is the output from saslfinger. > > Thanks for your help. > > > > > > > > > saslfinger - postfix Cyrus sasl configuration Sat Jan 2 02:12:49 EST > 2010 > > version: 1.0.2 > > mode: server-side SMTP AUTH > > > > -- basics -- > > Postfix: 2.6.5 > > System: Fedora release 12 (Constantine) > > > > -- smtpd is linked to -- > > libsasl2.so.2 => /usr/lib/libsasl2.so.2 (0x00110000) > > > > -- active SMTP AUTH and TLS parameters for smtpd -- > > broken_sasl_auth_clients = yes > > smtpd_sasl_auth_enable = yes > > smtpd_sasl_authenticated_header = yes > > smtpd_sasl_local_domain = $myhostname > > smtpd_sasl_security_options = noanonymous, noplaintext > > smtpd_tls_CAfile = /etc/postfix/ssl/cacert.pem > > smtpd_tls_auth_only = yes > > smtpd_tls_cert_file = /etc/postfix/ssl/smtpd.crt > > smtpd_tls_key_file = /etc/postfix/ssl/smtpd.key > > smtpd_tls_loglevel = 3 > > smtpd_tls_received_header = yes > > smtpd_tls_security_level = encrypt > > smtpd_tls_session_cache_timeout = 3600s > > > > > > -- listing of /usr/lib/sasl -- > > total 80 > > drwxr-xr-x. 2 root root 4096 2009-12-29 12:31 . > > dr-xr-xr-x. 150 root root 69632 2010-01-01 16:52 .. > > -rw-r--r--. 1 root root 70 2009-09-16 09:38 smtpd.conf > > Delete /usr/lib/sasl/smtpd.conf. Postfix will not use Cyrus SASL 1.x > anymore. > > > > -- listing of /usr/lib/sasl2 -- > > total 504 > > drwxr-xr-x. 2 root root 4096 2009-12-29 12:31 . > > dr-xr-xr-x. 150 root root 69632 2010-01-01 16:52 .. > > -rwxr-xr-x. 1 root root 14912 2009-09-24 06:20 libanonymous.so > > -rwxr-xr-x. 1 root root 14912 2009-09-24 06:20 libanonymous.so.2 > > -rwxr-xr-x. 1 root root 14912 2009-09-24 06:20 libanonymous.so.2.0.23 > > -rwxr-xr-x. 1 root root 17596 2009-09-24 06:20 libcrammd5.so > > -rwxr-xr-x. 1 root root 17596 2009-09-24 06:20 libcrammd5.so.2 > > -rwxr-xr-x. 1 root root 17596 2009-09-24 06:20 libcrammd5.so.2.0.23 > > -rwxr-xr-x. 1 root root 48032 2009-09-24 06:20 libdigestmd5.so > > -rwxr-xr-x. 1 root root 48032 2009-09-24 06:20 libdigestmd5.so.2 > > -rwxr-xr-x. 1 root root 48032 2009-09-24 06:20 libdigestmd5.so.2.0.23 > > -rwxr-xr-x. 1 root root 15356 2009-09-24 06:20 liblogin.so > > -rwxr-xr-x. 1 root root 15356 2009-09-24 06:20 liblogin.so.2 > > -rwxr-xr-x. 1 root root 15356 2009-09-24 06:20 liblogin.so.2.0.23 > > -rwxr-xr-x. 1 root root 15452 2009-09-24 06:20 libplain.so > > -rwxr-xr-x. 1 root root 15452 2009-09-24 06:20 libplain.so.2 > > -rwxr-xr-x. 1 root root 15452 2009-09-24 06:20 libplain.so.2.0.23 > > -rwxr-xr-x. 1 root root 20872 2009-09-24 06:20 libsasldb.so > > -rwxr-xr-x. 1 root root 20872 2009-09-24 06:20 libsasldb.so.2 > > -rwxr-xr-x. 1 root root 20872 2009-09-24 06:20 libsasldb.so.2.0.23 > > -rw-r--r--. 1 root root 25 2009-09-16 14:55 Sendmail.conf > > -rw-r--r--. 1 root root 138 2010-01-02 01:22 smtpd.conf > > > > -- listing of /etc/sasl2 -- > > total 16 > > drwxr-xr-x. 2 root root 4096 2009-09-24 06:20 . > > drwxr-xr-x. 122 root root 12288 2010-01-01 16:31 .. > > > > > > -- content of /usr/lib/sasl2/smtpd.conf -- > > pwcheck_method: auxprop > > Add: > > auxprop_plugin: sasldb > > > mech_list: PLAIN LOGIN CRAM-MD5 DIGEST-MD5 > > log_level: 4 > > > > > -- active services in /etc/postfix/master.cf -- > > # service type private unpriv chroot wakeup maxproc command + args > > # (yes) (yes) (yes) (never) (100) > > 52525 inet n - n - - smtpd -v > > At a first glance your configuration looks sane. Maybe your problem is not > SASL, but TLS. You are running smtpd verbose. What does the log say about > errors? > > > > pickup fifo n - n 60 1 pickup > > cleanup unix n - n - 0 cleanup > > qmgr fifo n - n 300 1 qmgr > > tlsmgr unix - - n 1000? 1 tlsmgr > > rewrite unix - - n - - trivial-rewrite > > bounce unix - - n - 0 bounce > > defer unix - - n - 0 bounce > > trace unix - - n - 0 bounce > > verify unix - - n - 1 verify > > flush unix n - n 1000? 0 flush > > proxymap unix - - n - - proxymap > > proxywrite unix - - n - 1 proxymap > > smtp unix - - n - - smtp > > relay unix - - n - - smtp > > -o smtp_fallback_relay= > > showq unix n - n - - showq > > error unix - - n - - error > > retry unix - - n - - error > > discard unix - - n - - discard > > local unix - n n - - local > > virtual unix - n n - - virtual > > lmtp unix - - n - - lmtp > > anvil unix - - n - 1 anvil > > scache unix - - n - 1 scache > > > > > > -- mechanisms on localhost -- > > > > > > -- end of saslfinger output -- > > -- > All technical questions asked privately will be automatically answered on > the > list and archived for public access unless privacy is explicitely required > and > justified. > > saslfinger (debugging SMTP AUTH): > <http://postfix.state-of-mind.de/patrick.koetter/saslfinger/> >
