Re: [SASL]: Recipient address rejected: Access denied while SASL/TLS are really enabled

[Patrick Ben Koetter]

* David Touzeau <da...@touzeau.eu>:
> Dear 
> 
> I don't understand why but i think that Postfix did want to send the
> authentication request in the SMTP protocol.
> In this case , the client (thunderbird) cannot send authentication
> parameters trough Internet.
> When executing saslfinger, there is not information in the -- mechanisms
> on localhost -- i think that perhaps this is the problem.
> 
> How can i resolve this situation ? it's like a ghost inside the
> server ???
> 
> Many thanks
> 
> Output of saslfinger, you can see there is no -- mechanisms on localhost

Erhmm... install them then?

$ sudo aptitude install libsasl2-modules sasl2-bin

Then use testsaslauthd to verify authentication works without Postfix. If it
works turn to Postfix and try again.

p...@rick



> --
> 
> saslfinger - postfix Cyrus sasl configuration samedi 23 janvier 2010,
> 15:04:40 (UTC+0100)
> version: 1.0.4
> mode: server-side SMTP AUTH
> 
> -- basics --
> Postfix: 2.5.5
> System: Debian GNU/Linux 5.0 \n \l
> 
> -- smtpd is linked to --
> libsasl2.so.2 => /usr/lib/libsasl2.so.2 (0xb7d7c000)
> 
> -- active SMTP AUTH and TLS parameters for smtpd --
> broken_sasl_auth_clients = yes
> smtpd_sasl_auth_enable = yes
> smtpd_sasl_authenticated_header = yes
> smtpd_sasl_local_domain = $myhostname
> smtpd_sasl_path = smtpd
> smtpd_sasl_security_options = noanonymous
> smtpd_tls_CAfile = /etc/ssl/certs/postfix/ca.csr
> smtpd_tls_ask_ccert = no
> smtpd_tls_auth_only = yes
> smtpd_tls_cert_file = /etc/ssl/certs/postfix/ca.crt
> smtpd_tls_key_file = /etc/ssl/certs/postfix/ca.key
> smtpd_tls_received_header = yes
> smtpd_tls_req_ccert = no
> smtpd_tls_security_level = none
> smtpd_tls_session_cache_database = btree:$data_directory/smtpd_tls_cache
> smtpd_use_tls = yes
> 
> 
> -- content of /usr/lib/sasl2/smtpd.conf --
> pwcheck_method: saslauthd
> mech_list: plain login 
> log_level: 5
> 
> -- content of /etc/postfix/sasl/smtpd.conf --
> pwcheck_method: saslauthd
> mech_list: plain login 
> log_level: 5
> 
> -- content of /etc/postfix/sasl/smtpd.conf --
> pwcheck_method: saslauthd
> mech_list: plain login 
> log_level: 5
> 
> 
> -- active services in /etc/postfix/master.cf --
> # service type  private unpriv  chroot  wakeup  maxproc command + args
> #               (yes)   (yes)   (yes)   (never) (100)
> smtp inet n - n - - smtpd -v 
> pickup fifo n - n 60 1 pickup 
> cleanup unix n - n - 0 cleanup 
> qmgr fifo n - n 300 1 qmgr 
> tlsmgr unix - - n 1000? 1 tlsmgr 
> rewrite unix - - n - - trivial-rewrite 
> bounce unix - - n - 0 bounce 
> defer unix - - n - 0 bounce 
> trace unix - - n - 0 bounce 
> verify unix - - n - 1 verify 
> flush unix n - n 1000? 0 flush 
> proxymap unix - - n - - proxymap 
> proxywrite unix - - n - 1 proxymap 
> smtp unix - - n - - smtp 
> relay unix - - n - - smtp 
> -o fallback_relay=
> showq unix n - n - - showq 
> error unix - - n - - error 
> discard unix - - n - - discard 
> local unix - n n - - local 
> virtual unix - n n - - virtual 
> lmtp unix - - n - - lmtp 
> anvil unix - - n - 1 anvil 
> scache unix - - n - 1 scache 
> scan unix - - n - 10 smtp 
> maildrop unix - n n - - pipe 
> retry unix - - n - - error 
> uucp unix - n n - - pipe 
> flags=Fqhu user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail
> ($recipient)
> ifmail unix - n n - - pipe 
> flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient)
> bsmtp unix - n n - - pipe 
> flags=Fq. user=bsmtp argv=/usr/lib/bsmtp/bsmtp -t$nexthop -f$sender
> $recipient
> scalemail-backend unix - n n - 2 pipe 
> flags=R user=scalemail argv=/usr/lib/scalemail/bin/scalemail-store
> ${nexthop} ${user} ${extension}
> mailman unix - n n - - pipe
> flags=FR user=mail:mail argv=/etc/mailman/postfix-to-mailman.py
> ${nexthop} ${mailbox}
> artica-whitelist    unix  -       n       n       -       -       pipe
>   flags=F  user=mail argv=/usr/share/artica-postfix/bin/artica-whitelist
> -a ${nexthop} -s ${sender} --white
> artica-blacklist    unix  -       n       n       -       -       pipe
>   flags=F  user=mail argv=/usr/share/artica-postfix/bin/artica-whitelist
> -a ${nexthop} -s ${sender} --black
> artica-reportwbl    unix  -       n       n       -       -       pipe
>   flags=F  user=mail argv=/usr/share/artica-postfix/bin/artica-whitelist
> -a ${nexthop} -s ${sender} --report
> artica-reportquar    unix  -       n       n       -       -       pipe
>   flags=F  user=mail argv=/usr/share/artica-postfix/bin/artica-whitelist
> -a ${nexthop} -s ${sender} --quarantines
> artica-filter    unix  -       n       n       -       20       pipe
>   flags=FOh  user=www-data
> argv=/usr/share/artica-postfix/exec.artica-filter.php -f ${sender} --
> -s ${sender} -r ${recipient} -c ${client_address}
> 
> -- mechanisms on localhost --
> 
> -- end of saslfinger output --
> 
> 

-- 
All technical questions asked privately will be automatically answered on the
list and archived for public access unless privacy is explicitely required and
justified.

saslfinger (debugging SMTP AUTH):
<http://postfix.state-of-mind.de/patrick.koetter/saslfinger/>