On Tue, Jan 15, 2013 at 07:40:29AM -0800, blast wrote:
> i have a linux box (centos) with postifx working well with exchange, postfix
> just relay the mails to the server using sasl authentication.
>
> My problem is that i m not able to do it in a solaris 10 server.
>
> in main.cf:
>
> relayhost = [exchange_IP]
> smtp_sasl_auth_enable = yes
> smtp_sasl_password_maps = dbm:/etc/postfix/sasl_passwd
> smtp_sasl_security_options =
Make sure you have Berkeley DB support on Solaris, (not just
the obsolete DBM) and "hash" or "btree" instead.
> in smtp_sasl_passwd:
> exchange_IP user:pwd
Why not "[exchange_IP]" (with the enclosing []) for the lookup key.
Also is TLS configured?
indexed = ${default_database_type}:${config_directory}/
cached = btree:${data_directory}/
smtp_tls_security_level = may
smtp_tls_policy_maps = ${indexed}tls_policy
smtp_tls_session_cache_database = ${cached}smtp_scache
smtp_tls_CAfile = ${config_directory}/CAfile
tls_policy:
[exchange_IP] secure match=exchange.example.com
# OR with correct fingerprint:
[exchange_IP] fingerprint match=00:11:22:...
> smtp_sasl_security_options =
> unknown_local_recipient_reject_code = 550
How about set:
smtp_sasl_tls_security_options = noanonymous
Allowing plaintext over unencrypted connections is suboptimal.
> I put it in verbose and in logs it seems that postfix does not initiate auth
> login...in a trace i can see that postfix does not sent the auth login to
> the server.
Solaris may not ship the "LOGIN" mechanism by default, real MTAs offer
"PLAIN". But Microsoft MTAs sometimes prefer "LOGIN" and you need your
Cyrus to provide the corresponding module.
Look in /usr/lib/sasl2 or whereever your SASL modules are kept.
--
Viktor.
