Hi, Here is my TLS Setting for smtp client
smtp_tls_security_level = may smtp_tls_CAfile = /etc/postfix/tls/cacert.pem smtp_tls_loglevel = 4 And the TLS log Apr 12 15:32:19 fsrvpsg02 postfix/qmgr[11813]: 206231F85: from=<root@domain>, size=419, nrcpt=1 (queue active) Apr 12 15:32:19 fsrvpsg02 postfix/smtp[13494]: setting up TLS connection to pod51013.outlook.com[157.55.9.168]:587 Apr 12 15:32:19 fsrvpsg02 postfix/smtp[13494]: Trusted TLS connection established to pod51013.outlook.com[157.55.9.168]:587: TLSv1 with cipher AES128-SHA (128/128 bits) Apr 12 15:32:19 fsrvpsg02 postfix/smtp[13494]: 206231F85: to=<mahe@domain>, relay=pod51013.outlook.com[157.55.9.168]:587, delay=591, delays=590/0.03/0.21/0, dsn=4.7.0, status=deferred (SASL authentication failed; cannot authenticate to server pod51013.outlook.com[157.55.9.168]: no mechanism available) Franck ------------------------------------------- E: m...@civis.net -----Message d'origine----- De : owner-postfix-us...@postfix.org [mailto:owner-postfix-us...@postfix.org] De la part de Patrick Ben Koetter Envoyé : jeudi 12 avril 2012 15:10 À : postfix-users@postfix.org Objet : Re: SMTP Client and AUTH on *.outlook.com (Office 365) * Franck MAHE <m...@civis.net>: > All, > > One of my client decided to use Office 365, but some internal servers need > to send some emails. > > > > So I've an issue with the authentication mechanisms with the smtp client. > > > > Here is an extract of the conf > > broken_sasl_auth_clients = yes > cyrus_sasl_config_path = > send_cyrus_sasl_authzid = no > smtp_sasl_auth_cache_name = > smtp_sasl_auth_cache_time = 90d > smtp_sasl_auth_enable = yes > smtp_sasl_auth_soft_bounce = yes > smtp_sasl_mechanism_filter = > smtp_sasl_password_maps = hash:/etc/postfix/sasl/sasl_client > smtp_sasl_path = > smtp_sasl_security_options = > smtp_sasl_tls_security_options = > smtp_sasl_tls_verified_security_options = $smtp_sasl_tls_security_options > smtp_sasl_type = cyrus > > all the sasl modules are installed on the servers. > > Apr 12 14:45:14 fsrv postfix/smtp[4854]: D4B4A23A3: to=<m...@domain.com>, > relay= pod51013.outlook.com[157.55.9.168]:587, delay=1013, > delays=1012/0.03/0.37/0, dsn=4.7.0, status=deferred (SASL authentication > failed; cannot authenticate to server pod51013.outlook.com[157.55.9.168]: no > mechanism available) > > > In the sasl_client, I've the username & password to authenticate. > > Without TLS the server does not offer any mechanism, but AUTH: $ telnet pod51013.outlook.com 587 Trying 157.55.9.168... Connected to pod51013.outlook.com. Escape character is '^]'. 220 pod51013.outlook.com Microsoft ESMTP MAIL Service ready at Thu, 12 Apr 2012 13:03:49 +0000 EHLO foo 250-pod51013.outlook.com Hello [62.245.140.175] 250-SIZE 36700160 250-PIPELINING 250-DSN 250-ENHANCEDSTATUSCODES 250-STARTTLS 250-AUTH 250-8BITMIME 250-BINARYMIME 250 CHUNKING QUIT > With openssl client, I got the following after an EHLO > > 250-pod51013.outlook.com Hello [217.108.200.87] > 250-SIZE 36700160 > 250-PIPELINING > 250-DSN > 250-ENHANCEDSTATUSCODES > 250-AUTH LOGIN > 250-8BITMIME > 250-BINARYMIME > 250 CHUNKING > > With tls loglevel 4, I've the feeling that postfix is not able to get the > AUTH LOGIN, I'm in postfix 2.6.5. Your log above does not prove Postfix uses TLS when it connects to the server. What are your TLS settings for the client. Set a sufficient smtp_tls_loglevel to see what is going on. p@rick -- All technical questions asked privately will be automatically answered on the list and archived for public access unless privacy is explicitely required and justified. saslfinger (debugging SMTP AUTH): <http://postfix.state-of-mind.de/patrick.koetter/saslfinger/>
