Hi Rob, thanks. I use the reserved adresses because I'm testing the
box via local net (my laptop), I have everything setup straight
through GoDaddy to my router I just forward the ports when I'm ready.
I'll check out the smtpd_sasl_local_domain = $myhostname problem. By
the way, do you know of any docs which list and explain the sasl and
tls options?
this is the result of saslfinger...I'm looking at it now but I
forwarded it to you...
<code>
postfix start
postfix/postfix-script: starting the Postfix mail system
[root@messenger saslfinger-1.0.3]# saslfinger -s
saslfinger - postfix Cyrus sasl configuration Mon Oct 22 17:45:14 EDT 2012
version: 1.0.2
mode: server-side SMTP AUTH
-- basics --
Postfix: 2.9.4
System: Arch Linux \r (\l)
-- smtpd is linked to --
libsasl2.so.2 => /usr/lib/libsasl2.so.2 (0xb7712000)
-- active SMTP AUTH and TLS parameters for smtpd --
broken_sasl_auth_clients = yes
smtpd_sasl_auth_enable = yes
smtpd_sasl_local_domain = $myhostname
smtpd_sasl_security_options = noanonymous
smtpd_sasl_tls_security_options = $smtpd_sasl_security_options
smtpd_sasl_type = cyrus
smtpd_tls_CAfile = /etc/ssl/private/CA-Messenger-key.pem
smtpd_tls_cert_file = /etc/postfix/smtpd.crt
smtpd_tls_key_file = /etc/postfix/smtpdpub.key
smtpd_tls_security_level = may
-- listing of /usr/lib/sasl2 --
total 604
drwxr-xr-x 2 root root 4096 Oct 19 14:21 .
drwxr-xr-x 52 root root 20480 Oct 19 14:14 ..
-rwxr-xr-x 1 root root 17956 Jan 9 2012 libanonymous.so
-rwxr-xr-x 1 root root 17956 Jan 9 2012 libanonymous.so.2
-rwxr-xr-x 1 root root 17956 Jan 9 2012 libanonymous.so.2.0.23
-rwxr-xr-x 1 root root 17956 Jan 9 2012 libcrammd5.so
-rwxr-xr-x 1 root root 17956 Jan 9 2012 libcrammd5.so.2
-rwxr-xr-x 1 root root 17956 Jan 9 2012 libcrammd5.so.2.0.23
-rwxr-xr-x 1 root root 51012 Jan 9 2012 libdigestmd5.so
-rwxr-xr-x 1 root root 51012 Jan 9 2012 libdigestmd5.so.2
-rwxr-xr-x 1 root root 51012 Jan 9 2012 libdigestmd5.so.2.0.23
-rwxr-xr-x 1 root root 17956 Jan 9 2012 liblogin.so
-rwxr-xr-x 1 root root 17956 Jan 9 2012 liblogin.so.2
-rwxr-xr-x 1 root root 17956 Jan 9 2012 liblogin.so.2.0.23
-rwxr-xr-x 1 root root 34436 Jan 9 2012 libntlm.so
-rwxr-xr-x 1 root root 34436 Jan 9 2012 libntlm.so.2
-rwxr-xr-x 1 root root 34436 Jan 9 2012 libntlm.so.2.0.23
-rwxr-xr-x 1 root root 17956 Jan 9 2012 libplain.so
-rwxr-xr-x 1 root root 17956 Jan 9 2012 libplain.so.2
-rwxr-xr-x 1 root root 17956 Jan 9 2012 libplain.so.2.0.23
-rwxr-xr-x 1 root root 21940 Jan 9 2012 libsasldb.so
-rwxr-xr-x 1 root root 21940 Jan 9 2012 libsasldb.so.2
-rwxr-xr-x 1 root root 21940 Jan 9 2012 libsasldb.so.2.0.23
-rw-r--r-- 1 root root 160 Oct 21 12:42 smtpd.conf
-- content of /usr/lib/sasl2/smtpd.conf --
##sasl authentication methods###
pwcheck_method: auxprop
#saslauthd_path: /var/run/saslauthd/mux
mech_list: plain login
auxprop_plugin: sasldb2
log_level: 7
-- active services in /etc/postfix/master.cf --
# service type private unpriv chroot wakeup maxproc command + args
# (yes) (yes) (yes) (never) (100)
smtp inet n - n - - smtpd -v
pickup fifo n - n 60 1 pickup
cleanup unix n - n - 0 cleanup
qmgr fifo n - n 300 1 qmgr
tlsmgr unix - - n 1000? 1 tlsmgr
rewrite unix - - n - - trivial-rewrite
bounce unix - - n - 0 bounce
defer unix - - n - 0 bounce
trace unix - - n - 0 bounce
verify unix - - n - 1 verify
flush unix n - n 1000? 0 flush
proxymap unix - - n - - proxymap
proxywrite unix - - n - 1 proxymap
smtp unix - - n - - smtp
relay unix - - n - - smtp
showq unix n - n - - showq
error unix - - n - - error
retry unix - - n - - error
discard unix - - n - - discard
local unix - n n - - local
virtual unix - n n - - virtual
lmtp unix - - n - - lmtp
anvil unix - - n - 1 anvil
scache unix - - n - 1 scache
-- mechanisms on localhost --
250-AUTH PLAIN LOGIN
250-AUTH=PLAIN LOGIN
-- end of saslfinger output --
[root@messenger saslfinger-1.0.3]#
</code>
Thanks.
On Sun, Oct 21, 2012 at 4:15 PM, /dev/rob0 <r...@gmx.co.uk> wrote:
> On Sun, Oct 21, 2012 at 03:51:13PM -0400, William Holt wrote:
>> hi, new to the forum. I'm running arch and have postfix/cyrus.
>
> Generally I recommend Dovecot for SASL and IMAP.
>
>> I can telnet to the smtp daemon, smtp is running and acceptd
>> connection:
>> ---------telnet #.#.#.# 25------
>> [remotehost ~]# telnet #.#.#.# 25
>> Trying 192.168.1.x...
>> Connected to 192.168.1.x.
>
> 1. You are munging an RFC1918 address? Why?
> 2. Typically AUTH should be offered on submission, not smtp. See
> RFC6409 and the commented "submission" example in master.cf.
>
> snip
>> auth plain (base64encodedstring)
>> 535 5.7.8 Error: authentication failed: authentication failure
>
> Cyrus SASL did not like the credentials as presented. Nothing more
> can be said. You might find testsaslauth(1) (provided by, and
> possibly also supported by Cyrus SASL) helpful in debugging.
>
>> ]# cat /etc/postfix/main.cf
>
> As the list welcome message told you, this is not recommended. In
> your case, saslfinger might be useful.
>
> http://www.postfix.org/DEBUG_README.html#mail
>
>> broken_sasl_auth_clients = yes
>
> Why?
>
>> smtpd_sasl_local_domain = $myhostname
>
> My WAG would be that this is the problem. See the Cyrus SASL
> documentation and:
>
> http://www.postfix.org/postconf.5.html#smtpd_sasl_local_domain
>
>> smtpd_recipient_restrictions =
>> permit_sasl_authenticated,permit_mynetworks,check_relay_domains
>
> What? Why are you using check_relay_domains here? Long ago
> deprecated.
> --
> http://rob0.nodns4.us/ -- system administration and consulting
> Offlist GMX mail is seen only if "/dev/rob0" is in the Subject:
