Re: Relay between 2 Postfix : SASL authentication failure

Tue, 20 Apr 2010 12:47:47 -0700 

On Tue, Apr 20, 2010 at 09:37:48PM +0200, Gregory BELLIER wrote:

In the session below, the client did not want to use PLAIN, presumably
because TLS was not in effect. Leave TLS enabled. I asked you to disable
TLS very verbose logging (smtp*_tls_loglevel=0 or 1) not TLS.

Now test with a client that supports PLAIN without TLS, or that uses TLS.
If you read your logs carefully, there is enough there to figure it all
out... You should be able to solve the problem now that you can see everything
in the logs.

> Apr 20 18:26:24 mta2 postfix/smtpd[5447]: > mta1.local[10.0.0.5]: 220 
> mta2.local ESMTP Postfix (Debian/GNU)
> Apr 20 18:26:24 mta2 postfix/smtpd[5447]: < mta1.local[10.0.0.5]: EHLO 
> mta1.local
> Apr 20 18:26:24 mta2 postfix/smtpd[5447]: > mta1.local[10.0.0.5]: 
> 250-mta2.local
> Apr 20 18:26:24 mta2 postfix/smtpd[5447]: > mta1.local[10.0.0.5]: 
> 250-PIPELINING
> Apr 20 18:26:24 mta2 postfix/smtpd[5447]: > mta1.local[10.0.0.5]: 250-SIZE
> Apr 20 18:26:24 mta2 postfix/smtpd[5447]: > mta1.local[10.0.0.5]: 250-VRFY
> Apr 20 18:26:24 mta2 postfix/smtpd[5447]: > mta1.local[10.0.0.5]: 250-ETRN
> Apr 20 18:26:24 mta2 postfix/smtpd[5447]: > mta1.local[10.0.0.5]: 250-AUTH 
> LOGIN PLAIN
> Apr 20 18:26:24 mta2 postfix/smtpd[5447]: > mta1.local[10.0.0.5]: 
> 250-ENHANCEDSTATUSCODES
> Apr 20 18:26:24 mta2 postfix/smtpd[5447]: > mta1.local[10.0.0.5]: 250-8BITMIME
> Apr 20 18:26:24 mta2 postfix/smtpd[5447]: > mta1.local[10.0.0.5]: 250 DSN
> Apr 20 18:26:24 mta2 postfix/smtpd[5447]: < mta1.local[10.0.0.5]: QUIT
> Apr 20 18:26:24 mta2 postfix/smtpd[5447]: > mta1.local[10.0.0.5]: 221 2.0.0 
> Bye

However, it does not mind doing CRAM-MD5, but this requires unhashed
passwords, and so cannot work with "shadow".

> Apr 20 18:33:23 mta2 postfix/smtpd[5498]: > mta1.local[10.0.0.5]: 220 
> mta2.local ESMTP Postfix (Debian/GNU)
> Apr 20 18:33:23 mta2 postfix/smtpd[5498]: < mta1.local[10.0.0.5]: EHLO 
> mta1.local
> Apr 20 18:33:23 mta2 postfix/smtpd[5498]: > mta1.local[10.0.0.5]: 
> 250-mta2.local
> Apr 20 18:33:23 mta2 postfix/smtpd[5498]: > mta1.local[10.0.0.5]: 
> 250-PIPELINING
> Apr 20 18:33:23 mta2 postfix/smtpd[5498]: > mta1.local[10.0.0.5]: 250-SIZE
> Apr 20 18:33:23 mta2 postfix/smtpd[5498]: > mta1.local[10.0.0.5]: 250-VRFY
> Apr 20 18:33:23 mta2 postfix/smtpd[5498]: > mta1.local[10.0.0.5]: 250-ETRN
> Apr 20 18:33:23 mta2 postfix/smtpd[5498]: > mta1.local[10.0.0.5]: 250-AUTH 
> LOGIN CRAM-MD5 DIGEST-MD5 NTLM PLAIN
> Apr 20 18:33:23 mta2 postfix/smtpd[5498]: > mta1.local[10.0.0.5]: 
> 250-ENHANCEDSTATUSCODES
> Apr 20 18:33:23 mta2 postfix/smtpd[5498]: > mta1.local[10.0.0.5]: 250-8BITMIME
> Apr 20 18:33:23 mta2 postfix/smtpd[5498]: > mta1.local[10.0.0.5]: 250 DSN
> Apr 20 18:33:23 mta2 postfix/smtpd[5498]: < mta1.local[10.0.0.5]: AUTH 
> DIGEST-MD5
> Apr 20 18:33:23 mta2 postfix/smtpd[5498]: > mta1.local[10.0.0.5]: 235 2.7.0 
> Authentication successful


-- 
        Viktor.

P.S. Morgan Stanley is looking for a New York City based, Senior Unix
system/email administrator to architect and sustain our perimeter email
environment.  If you are interested, please drop me a note.

Reply via email to