Another issue with SMTPD AUTH

Mon, 16 Apr 2012 17:12:07 -0700 

All,

 

I'm lost and I don't understand why it is not working (I did the same
configuration from another machine who is working).

 

[root@fsrv02 postfix]# postconf -n

broken_sasl_auth_clients = yes

command_directory = /usr/sbin

config_directory = /etc/postfix

daemon_directory = /usr/lib64/postfix

data_directory = /var/lib/postfix

disable_vrfy_command = yes

html_directory = /usr/share/doc/postfix/html

mail_owner = postfix

mailq_path = /usr/bin/mailq

manpage_directory = /usr/share/man

mydomain = domain.tld

myhostname = mail.domain.tld

mynetworks = 172.31.1.0/28

mynetworks_style = subnet

myorigin = $mydomain

newaliases_path = /usr/bin/newaliases

queue_directory = /var/spool/postfix

readme_directory = /usr/share/doc/postfix/README_FILES

relay_domains = domain.tld

sender_bcc_maps = hash:/etc/postfix/sender_bcc

sendmail_path = /usr/sbin/sendmail.postfix

setgid_group = postdrop

smtp_generic_maps = hash:/etc/postfix/generic

smtp_pix_workarounds =

smtp_sasl_auth_enable = yes

smtp_sasl_mechanism_filter =

smtp_sasl_password_maps = hash:/etc/postfix/sasl/sasl_client

smtp_sasl_security_options = noplaintext, noanonymous

smtp_sasl_tls_security_options = $smtp_sasl_security_options

smtp_sasl_tls_verified_security_options = $smtp_sasl_tls_security_options

smtp_sasl_type = cyrus

smtp_tls_CAfile = /etc/postfix/tls/cacert.pem

smtp_tls_loglevel = 1

smtp_tls_security_level = may

smtp_use_tls = yes

smtpd_banner = $myhostname ESMTP

smtpd_delay_reject = no

smtpd_helo_required = yes

smtpd_sasl_auth_enable = yes

smtpd_sasl_authenticated_header = yes

smtpd_sasl_path = smtpd

smtpd_sasl_security_options =

smtpd_sasl_type = cyrus

smtpd_tls_CAfile = /etc/postfix/tls/cacert.pem

smtpd_tls_auth_only = yes

smtpd_tls_cert_file = /etc/postfix/tls/mail.domain.tld.crt

smtpd_tls_key_file = /etc/postfix/tls/mail.domain.tld.key

smtpd_tls_loglevel = 1

smtpd_tls_security_level = may

smtpd_use_tls = yes

transport_maps = hash:/etc/postfix/transport

unknown_local_recipient_reject_code = 450

 

saslauthd is working and when I test it

 

[root@fsrv02 postfix]# testsaslauthd -u admin -p goodpass -f
/var/spool/postfix/var/lib/sasl2/mux -s smtp

saslauthd[3529] :released accept lock

saslauthd[3525] :acquired accept lock

saslauthd[3529] :auth success: [user=admin] [service=smtp] [realm=]
[mech=shadow]

saslauthd[3529] :response: OK

0: OK "Success."

[root@fsrv02 postfix]# testsaslauthd -u admin -p wrongpass -f
/var/spool/postfix/var/lib/sasl2/mux -s smtp

saslauthd[3525] :released accept lock

saslauthd[3527] :acquired accept lock

saslauthd[3525] :auth failure: [user=admin] [service=smtp] [realm=]
[mech=shadow] [reason=Unknown]

saslauthd[3525] :response: NO

0: NO "authentication failed"

 

When I try from a remote machine

 

[root@fsrv03 ~]# openssl s_client -starttls smtp -crlf -connect
172.31.1.x:587

CONNECTED(00000003)

[.]

---

New, TLSv1/SSLv3, Cipher is DHE-RSA-AES256-SHA

Server public key is 1024 bit

Secure Renegotiation IS supported

Compression: NONE

Expansion: NONE

SSL-Session:

    Protocol  : TLSv1

    Cipher    : DHE-RSA-AES256-SHA

    Session-ID:
9E4768DE661155833EA0363C8D435D9DA895D3BE3F62649E2E8FF15C3E8CC4B2

    Session-ID-ctx:

    Master-Key:
6C276F363AE2CDC28745567028C262C10045BFEFEBB10DCA25B966B1DAEA6A868E2F978697FA
C92B23A9ADBB2661C362

    Key-Arg   : None

    Start Time: 1334620318

    Timeout   : 300 (sec)

    Verify return code: 18 (self signed certificate)

---

250 DSN

read:errno=0

 

The connection is broken and on the fsrv02, 

 

[root@fsrv02 postfix]# tail /var/log/mail/errors.log

Apr 17 01:59:09 fsrv02 postfix/smtpd[7889]: fatal: no SASL authentication
mechanisms

[root@fsrv02 postfix]# tail /var/log/mail/warnings.log

Apr 17 01:59:09 fsrv02 postfix/smtpd[7889]: warning:
xsasl_cyrus_server_get_mechanism_list: no applicable SASL mechanisms

Apr 17 01:59:10 fsrv02 postfix/master[7318]: warning: process
/usr/lib64/postfix/smtpd pid 7889 exit status 1

Apr 17 01:59:10 fsrv02 postfix/master[7318]: warning:
/usr/lib64/postfix/smtpd: bad command startup - throttling

[root@fsrv02 postfix]# tail /var/log/mail/access.log

Apr 17 01:59:09 fsrv02 postfix/smtpd[7889]: Anonymous TLS connection
established from unknown[172.31.1.3]: TLSv1 with cipher DHE-RSA-AES256-SHA
(256/256 bits)

Apr 17 01:59:09 fsrv02 postfix/smtpd[7889]: xsasl_cyrus_server_create: SASL
service=smtp, realm=(null)

 

And in master.cf, I've 

submission      inet    n       -       n       -       -       smtpd -v

 

I spent a lot of time to look on the internet, I tried a lot of thing
without any success, so any idea?

 

 

Franck
-------------------------------------------
E:  <mailto:m...@civis.net> m...@civis.net

Reply via email to