On Wednesday 11 January 2012 07:45:46 Robert Krig wrote: > On Wednesday 11 January 2012 07:14:14 Wietse Venema wrote: > > Why do you believe that there is a problem with SASL > > authentication between the PHP application and Postfix? > > Because the only error that shows up in the log file is this: > ########################################## > postfix/smtpd[7310]: connect from www2.domain.com[xx.xx.xx.xx] > > postfix/smtpd[7310]: warning: www2.domain.com[xx.xx.xx.xx]: SASL > LOGIN authentication failed: authentication failure > > postfix/smtpd[7310]: lost connection after RSET from > www2.domain.com[xx.xx.xx.xx] > > postfix/smtpd[7310]: disconnect from www2.domain.com[xx.xx.xx.xx]
Postfix is the messenger, the relay between the authenticating client and the SASL backend. It is only reporting what happened. BTW, unless you actually own "domain.com" (you surely do not) you should not use it as an example. Example.com (.net, .org) and others in gTLDs and many ccTLDs have been set aside for examples. snip > > Your posting provides no concrete symptoms (logging!) that would > > allow the list to help you towards a solution. It is not unusual > > for people to confuse authentication and encryption. > > > > http://www.postfix.org/DEBUG_README.html#mail. > > > > DO NOT TURN ON VERBOSE LOGGING until asked to do so. The default > > Postfix logging may look like useless garbage to you, but it > > provides a lot of detail that gets drowned out out when you open > > the firehose. > > I've enabled debug logging only for the affected hosts, so that my > log files don't get overwhelmed with useless noise. Still useless and not going to help. Either the authentication succeeds or not. You won't find anything useful in Postfix verbose logs. And the logging you did share this time did not indicate a Postfix problem. > Like I said, it's weird. If the affected clients could not send any > mail it would be one thing, but why they seem to work fine for > weeks and then once in a while simply refuse to authenticate > properly, is beyond me. It must be a problem in the SASL backend and/or its data source. > Could it have something to do with > smtpd_recipient_restrictions = permit_mynetworks, > > permit_sasl_authenticated, > > reject_unauth_destination > which I have in my main.cf? No. > The affected hosts are in my mynetworks list. As far as I > understand it, this would mean that the hosts which are listed in > "mynetworks" do not HAVE to authenticate. Correct. > The phpmailer clients in > this case are configured to try and authenticate with the proper > username and password. If they attempted without authentication, and as you say, they are listed in mynetworks, they would succeed. > Is there a possibility that there is a race condition of some sort? No, or at least not something relevant to this list, which is for Postfix support. > We have 4 webservers. www1, www2, www3, www4. They all use the same > username and password to authenticate and send mail via the same > account. Could there be a problem if they try to authenticate > simultaneously? Check the SASL documentation and logs. > Or would it be better to remove the "permit_mynetworks" line, so > that they are forced to authenticate properly? That is a policy decision for you to make. > Whats weird is that the problem gets fixed by simply restarting > the services. Try it without restarting Postfix next time, just your saslauthd and anything it needs for data (e.g., mysqld, postmaster, whatever.) You do not have a Postfix issue. -- http://rob0.nodns4.us/ -- system administration and consulting Offlist GMX mail is seen only if "/dev/rob0" is in the Subject:
