> From: owner-postfix-us...@postfix.org [mailto:owner-postfix-
> us...@postfix.org] On Behalf Of Victor Duchovni
> On Thu, Apr 07, 2011 at 04:53:59PM +0200, Simon Brereton wrote:
>
> > However, when I test I get a SASL auth error. If I switch my
> client back to port 25, there is no SASL error.
> >
> > Connecting to port 25
> > Apr 7 10:00:30 donald postfix/smtpd[21028]: connect from
> > 18.myvzw.com[174.252.18.98] Apr 7 10:00:31 donald
> > postfix/smtpd[21028]: setting up TLS connection from
> > 18.myvzw.com[174.252.18.98] Apr 7 10:00:32 donald
> > postfix/smtpd[21028]: TLS connection established from
> > 18.myvzw.com[174.252.18.98]: TLSv1 with cipher DHE-RSA-AES256-SHA
> > (256/256 bits) Apr 7 10:00:34 donald postfix/smtpd[21028]:
> disconnect
> > from 18.myvzw.com[174.252.18.98]
>
> Did you actually login here? I see no evidence of SASL, send a
> message and show the logging.
That's because the software (on my phone) doesn't actually send a message -
it's simply confirms that the parameters are correct. The only difference
between the two is to change the port number. All the username and password
details remained untouched.
But since you ask, here's the test actually sending a message:
Apr 7 12:38:50 donald postfix/smtpd[22046]: connect from
3.myvzw.com[174.252.3.219]
Apr 7 12:38:51 donald postfix/smtpd[22046]: setting up TLS connection from
3.myvzw.com[174.252.3.219]
Apr 7 12:38:53 donald postfix/smtpd[22046]: TLS connection established from
3.myvzw.com[174.252.3.219]: TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)
Apr 7 12:38:55 donald postfix/smtpd[22046]: disconnect from
3.myvzw.com[174.252.3.219]
Apr 7 12:40:00 donald postfix/smtpd[22046]: connect from
3.myvzw.com[174.252.3.219]
Apr 7 12:40:01 donald postfix/smtpd[22046]: setting up TLS connection from
3.myvzw.com[174.252.3.219]
Apr 7 12:40:02 donald postfix/smtpd[22046]: TLS connection established from
3.myvzw.com[174.252.3.219]: TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)
Apr 7 12:40:03 donald postfix/smtpd[22046]: B7BADA940A5:
client=3.myvzw.com[174.252.3.219], sasl_method=PLAIN,
sasl_username=myu...@mydomain.net
Apr 7 12:40:06 donald postfix/cleanup[22072]: B7BADA940A5:
message-id=<bd52213d-41c8-41e9-b87e-d2d4371b0...@email.android.com>
Apr 7 12:40:06 donald postfix/qmgr[22038]: B7BADA940A5:
from=<myu...@mydomain.net>, size=920, nrcpt=1 (queue active)
> > Connecting from port 587
> > Apr 7 10:01:04 donald postfix/smtpd[21032]: connect from
> > 18.myvzw.com[174.252.18.98] Apr 7 10:01:06 donald
> > postfix/smtpd[21032]: setting up TLS connection from
> > 18.myvzw.com[174.252.18.98] Apr 7 10:01:07 donald
> > postfix/smtpd[21032]: TLS connection established from
> > 18.myvzw.com[174.252.18.98]: TLSv1 with cipher DHE-RSA-AES256-SHA
> > (256/256 bits) Apr 7 10:01:09 donald postfix/smtpd[21032]:
> warning:
> > SASL authentication failure: Password verification failed Apr 7
> > 10:01:09 donald postfix/smtpd[21032]: warning:
> > 18.myvzw.com[174.252.18.98]: SASL PLAIN authentication failed:
> > authentication failure
I attempted to increase logging before doing this. Changing the value in
/etc/postfix/sasl/smtpd.conf didn't appear to have an effect. Adding -v to the
submission line in master.cf created far too much logging. However, I have -v
on the smtpd line in master.cf and I don't get the same amount of logging when
I connect to port 25 (I assume because it's not specified twice and therefore
increasing the verbosity).
However, here's the sending test on port 587 (even though the client says it
won't work).
Apr 7 12:37:24 donald postfix/smtpd[22019]: smtp_get: EOF
Apr 7 12:37:24 donald postfix/smtpd[22019]: match_hostname: 3.myvzw.com ~?
127.0.0.0/8
Apr 7 12:37:24 donald postfix/smtpd[22019]: match_hostaddr: 174.252.3.219 ~?
127.0.0.0/8
Apr 7 12:37:24 donald postfix/smtpd[22019]: match_list_match: 3.myvzw.com: no
match
Apr 7 12:37:24 donald postfix/smtpd[22019]: match_list_match: 174.252.3.219:
no match
Apr 7 12:37:24 donald postfix/smtpd[22019]: warning: problem talking to server
private/anvil: Success
Apr 7 12:37:25 donald postfix/smtpd[22019]: auto_clnt_close: disconnect
private/anvil stream
Apr 7 12:37:25 donald postfix/smtpd[22019]: auto_clnt_open: connected to
private/anvil
Apr 7 12:37:25 donald postfix/smtpd[22019]: send attr request = disconnect
Apr 7 12:37:25 donald postfix/smtpd[22019]: send attr ident =
submission:174.252.3.219
Apr 7 12:37:25 donald postfix/smtpd[22019]: private/anvil: wanted attribute:
status
Apr 7 12:37:25 donald postfix/smtpd[22019]: input attribute name: status
Apr 7 12:37:25 donald postfix/smtpd[22019]: input attribute value: 0
Apr 7 12:37:25 donald postfix/smtpd[22019]: private/anvil: wanted attribute:
(list terminator)
Apr 7 12:37:25 donald postfix/smtpd[22019]: input attribute name: (end)
Apr 7 12:37:25 donald postfix/smtpd[22019]: lost connection after AUTH from
3.myvzw.com[174.252.3.219]
Apr 7 12:37:25 donald postfix/smtpd[22019]: disconnect from
3.myvzw.com[174.252.3.219]
Apr 7 12:37:25 donald postfix/smtpd[22019]: master_notify: status 1: Broken
pipe
Apr 7 12:37:25 donald postfix/smtpd[22019]: master disconnect -- exiting
Apr 7 12:37:27 donald postfix/smtpd[22043]: connect from
3.myvzw.com[174.252.3.219]
Apr 7 12:37:28 donald postfix/smtpd[22043]: setting up TLS connection from
3.myvzw.com[174.252.3.219]
Apr 7 12:37:30 donald postfix/smtpd[22043]: TLS connection established from
3.myvzw.com[174.252.3.219]: TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)
Apr 7 12:37:31 donald postfix/smtpd[22043]: warning: SASL authentication
failure: Password verification failed
Apr 7 12:37:31 donald postfix/smtpd[22043]: warning:
3.myvzw.com[174.252.3.219]: SASL PLAIN authentication failed: authentication
failure
Apr 7 12:37:32 donald postfix/smtpd[22043]: disconnect from
3.myvzw.com[174.252.3.219]
Apr 7 12:37:33 donald postfix/smtpd[22043]: connect from
3.myvzw.com[174.252.3.219]
Apr 7 12:37:34 donald postfix/smtpd[22043]: setting up TLS connection from
3.myvzw.com[174.252.3.219]
Apr 7 12:37:38 donald postfix/smtpd[22043]: TLS connection established from
3.myvzw.com[174.252.3.219]: TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)
Apr 7 12:37:40 donald postfix/smtpd[22043]: warning: SASL authentication
failure: Password verification failed
Apr 7 12:37:40 donald postfix/smtpd[22043]: warning:
3.myvzw.com[174.252.3.219]: SASL PLAIN authentication failed: authentication
failure
Apr 7 12:37:44 donald postfix/smtpd[22043]: lost connection after AUTH from
3.myvzw.com[174.252.3.219]
Apr 7 12:37:44 donald postfix/smtpd[22043]: disconnect from
3.myvzw.com[174.252.3.219]
> Most likely, you are sending the wrong username or the wrong
> password.
Granted, that's what the error says, but the only change I make between tests
is changing the port number. SASL appears to work fine on port 25. I really
feel like I'm need to specify something in main.cf to tell postfix how to use
sasl the same way I did for normal smtpd connections.
For example, just relooking at the SASL readme on postfix.org something like:
Encrypted SMTP session (TLS)
A separate parameter controls Postfix SASL mechanism policy during a
TLS-encrypted SMTP session. The default is to copy the settings from the
unencrypted session:
/etc/postfix/main.cf:
smtpd_sasl_tls_security_options = $smtpd_sasl_security_options
I've added this in and restarted both, but it makes no difference. But since
my smtpd_sasl_security_options are only noanonymous, I can't see that this
would make a difference.
Perhaps I need to set smtpd_sasl_path? It's not set in main.cf
smptd.conf is located at /etc/postfix/sasl/smtpd.conf
> > Why is your software bro.. What did I do wrong? :) I assumed that
> > main.cf sasl parameters would apply to any port that used sasl.
> >
> > smtpd_sasl_auth_enable = yes
> > smtpd_sasl_local_domain = mydomain.net smtpd_sasl_security_options
> =
> > noanonymous
> >
> > Let me know if you want the whole thing.
>
> Are you using Cyrus SASL or Dovecot SASL? What backends are
> configured for the PLAIN mechanism?
Damnit. You spend hours crafting the mail with the problem outline making sure
you include ALL the relevant details and then you forget the simple things..
It's Cyrus.
