The other side offers only PLAIN and LOGIN: $ telnet 76.96.40.155 25 Trying 76.96.40.155... Connected to 76.96.40.155. Escape character is '^]'. 220 omta20.emeryville.ca.mail.comcast.net comcast ESMTP server ready EHLO foo 250-omta20.emeryville.ca.mail.comcast.net hello [37.5.251.161], pleased to meet you 250-HELP 250-AUTH LOGIN PLAIN 250-SIZE 36700160 250-ENHANCEDSTATUSCODES 250-8BITMIME 250-STARTTLS 250 OK QUIT 221 2.0.0 omta20.emeryville.ca.mail.comcast.net comcast closing connection
PLAIN and LOGIN are disabled on Postfix smtp client side by default, because their usage may be insecure over an unencrypted transport - PLAIN and LOGIN do not crypt, but only encode username and password: smtp_sasl_security_options = noplaintext, noanonymous smtp_sasl_tls_security_options = $smtp_sasl_security_options smtp_sasl_tls_verified_security_options = $smtp_sasl_tls_security_option Change Postfix' SASL policy for TLS shielded connections and it will work: smtp_sasl_security_options = noplaintext, noanonymous smtp_sasl_tls_security_options = noanonymous p@rick * Rich Cook <[email protected]>: > Hello, I am having a maddening problem. I have googled of course for > answers, but I cannot figure out exactly what the issue is. > I am trying to put the final touches on my postfix/fetchmail setup. Mostly > it's working but the crucial piece I'm missing is the ability to send mail to > other hosts through my comcast relay from the command line. > > I can send mail from my mail client but not from the command line via > sendmail, which I would like very much to be able to do. There is just some > little SASL detail or something going on here that I'm missing. I could use > a good pair of eyes for help! > > To put it in a nutshell, here is what I'm seeing in the logs when I do > "postfix flush": > Note that I can telnet to smtp.comcast.net 587 and make a connection, so I > am ignoring "no route to host" messages at the moment. Especially since you > can see it does connect. Config logs are below. Sorry for the long message, > but I'm hopefully anticipating the questions a knowledgable expert might ask > of me. :-) > > I can ramp up the verbosity but you probably get the idea. > Warm thanks for any help! > > ================================================================================ > ============= > # LOG FILE CONTENTS: > Aug 15 12:48:27 RichCookHomeMac postfix/qmgr[60944]: 810762983FD0: > from=<***>, size=332, nrcpt=1 (queue active) > Aug 15 12:48:27 RichCookHomeMac postfix/qmgr[60944]: AED65298168E: > from=<***>, size=327, nrcpt=1 (queue active) > Aug 15 12:48:27 RichCookHomeMac postfix/qmgr[60944]: AF585298168F: > from=<***>, size=327, nrcpt=1 (queue active) > Aug 15 12:48:27 RichCookHomeMac postfix/qmgr[60944]: C873A29816BA: > from=<***>, size=306, nrcpt=1 (queue active) > Aug 15 12:48:27 RichCookHomeMac postfix/qmgr[60944]: CFE0E2983B7C: > from=<***>, size=302, nrcpt=1 (queue active) > Aug 15 12:48:27 RichCookHomeMac postfix/qmgr[60944]: D71C029816E8: > from=<***>, size=307, nrcpt=1 (queue active) > Aug 15 12:48:27 RichCookHomeMac postfix/smtp[61130]: connect to > smtp.comcast.net[2001:558:fe2d:70::30]:587: No route to host > Aug 15 12:48:27 RichCookHomeMac postfix/smtp[61133]: connect to > smtp.comcast.net[2001:558:fe2d:70::30]:587: No route to host > Aug 15 12:48:27 RichCookHomeMac postfix/smtp[61132]: connect to > smtp.comcast.net[2001:558:fe2d:70::30]:587: No route to host > Aug 15 12:48:27 RichCookHomeMac postfix/smtp[61132]: CFE0E2983B7C: to=<***>, > relay=smtp.comcast.net[76.96.40.155]:587, delay=1844, delays=1844/0/0.09/0, > dsn=4.0.0, status=deferred (host smtp.comcast.net[76.96.40.155] refused to > talk to me: 421 omta14.emeryville.ca.mail.comcast.net comcast Too many > sessions opened) > Aug 15 12:48:27 RichCookHomeMac postfix/smtp[61130]: Untrusted TLS connection > established to smtp.comcast.net[76.96.40.155]:587: TLSv1 with cipher > DHE-RSA-AES256-SHA (256/256 bits) > Aug 15 12:48:27 RichCookHomeMac postfix/smtp[61133]: Untrusted TLS connection > established to smtp.comcast.net[76.96.40.155]:587: TLSv1 with cipher > DHE-RSA-AES256-SHA (256/256 bits) > Aug 15 12:48:27 RichCookHomeMac postfix/smtp[61131]: Untrusted TLS connection > established to smtp.comcast.net[76.96.40.155]:587: TLSv1 with cipher > DHE-RSA-AES256-SHA (256/256 bits) > Aug 15 12:48:27 RichCookHomeMac postfix/smtp[61134]: Untrusted TLS connection > established to smtp.comcast.net[76.96.40.155]:587: TLSv1 with cipher > DHE-RSA-AES256-SHA (256/256 bits) > Aug 15 12:48:28 RichCookHomeMac postfix/smtp[61130]: warning: SASL > authentication failure: No worthy mechs found > Aug 15 12:48:28 RichCookHomeMac postfix/smtp[61130]: AED65298168E: to=<***>, > relay=smtp.comcast.net[76.96.40.155]:587, delay=190442, > delays=190441/0/0.39/0, dsn=4.7.0, status=deferred (SASL authentication > failed; cannot authenticate to server smtp.comcast.net[76.96.40.155]: no > mechanism available) > Aug 15 12:48:28 RichCookHomeMac postfix/smtp[61133]: warning: SASL > authentication failure: No worthy mechs found > Aug 15 12:48:28 RichCookHomeMac postfix/smtp[61133]: 810762983FD0: to=<***>, > relay=smtp.comcast.net[76.96.40.155]:587, delay=1162, delays=1161/0/0.4/0, > dsn=4.7.0, status=deferred (SASL authentication failed; cannot authenticate > to server smtp.comcast.net[76.96.40.155]: no mechanism available) > Aug 15 12:48:28 RichCookHomeMac postfix/smtp[61131]: warning: SASL > authentication failure: No worthy mechs found > Aug 15 12:48:28 RichCookHomeMac postfix/smtp[61131]: AF585298168F: SASL > authentication failed; cannot authenticate to server > smtp.comcast.net[76.96.40.155]: no mechanism available > Aug 15 12:48:28 RichCookHomeMac postfix/smtp[61134]: warning: SASL > authentication failure: No worthy mechs found > Aug 15 12:48:28 RichCookHomeMac postfix/smtp[61134]: C873A29816BA: SASL > authentication failed; cannot authenticate to server > smtp.comcast.net[76.96.40.155]: no mechanism available > Aug 15 12:48:28 RichCookHomeMac postfix/error[61137]: D71C029816E8: to=<***>, > relay=none, delay=190645, delays=190645/0.41/0/0, dsn=4.7.0, status=deferred > (delivery temporarily suspended: SASL authentication failed; cannot > authenticate to server smtp.comcast.net[76.96.40.155]: no mechanism available) > Aug 15 12:48:28 RichCookHomeMac postfix/smtp[61131]: connect to > smtp.comcast.net[2001:558:fe2d:70::30]:587: No route to host > Aug 15 12:48:28 RichCookHomeMac postfix/smtp[61131]: AF585298168F: to=<***>, > relay=none, delay=190350, delays=190349/0/0.42/0, dsn=4.4.1, status=deferred > (connect to smtp.comcast.net[2001:558:fe2d:70::30]:587: No route to host) > Aug 15 12:48:28 RichCookHomeMac postfix/smtp[61134]: connect to > smtp.comcast.net[2001:558:fe2d:70::30]:587: No route to host > Aug 15 12:48:28 RichCookHomeMac postfix/smtp[61134]: C873A29816BA: to=<***>, > relay=none, delay=190865, delays=190864/0/0.43/0, dsn=4.4.1, status=deferred > (connect to smtp.comcast.net[2001:558:fe2d:70::30]:587: No route to host) > > > ================================================================================ > ============= > # main.cf: > mydomain_fallback = localhost > # message_size_limit = 10485760 # commented out by Rich > biff = no > #mynetworks = 127.0.0.0/8, [::1]/128 > #smtpd_client_restrictions = permit_mynetworks permit_sasl_authenticated > permit > recipient_delimiter = + > smtpd_tls_ciphers = medium > inet_protocols = all > inet_interfaces = loopback-only > #====================================================================== > # Rich Cook mods: > message_size_limit = 0 > > relayhost=[smtp.comcast.net]:587 > smtp_sasl_auth_enable=yes > smtp_sasl_password_maps=hash:/etc/postfix/sasl_passwd > smtp_use_tls = yes > > smtpd_sasl_auth_enable=yes > smtpd_use_pw_server=yes > enable_server_options=yes > smtpd_pw_server_security_options=plain, login > smtp_tls_loglevel=1 > smtpd_sasl_security_options=noanonymous > smtp_tls_security_level=encrypt > broken_sasl_auth_clients=yes > # commented out as I do not fully understand yet, but does not fix to put it > back in. > # smtpd_recipient_restrictions=check_sender_access hash:/etc/postfix/access, > check_client_access hash:/etc/postfix/access, permit_mynetworks, > permit_sasl_authenticated, reject_unauth_destination, check_recipient_access > hash:/etc/postfix/access > smtpd_sasl_local_domain=$mydomain > smtp_sasl_mechanism_filter = > > # ========================================================================= > root@RichCookHomeMac (postfix ): ls -l /etc/postfix/ > total 392 > -rw-r--r-- 1 root wheel 11942 Feb 8 2014 LICENSE > -rw-r--r-- 1 root wheel 1629 Feb 8 2014 TLS_LICENSE > -rw-r--r-- 1 root wheel 20876 Feb 8 2014 access > -rw-r--r-- 1 root wheel 16384 Aug 15 12:17 access.db > -rw-r--r-- 1 root wheel 8830 Aug 15 12:28 aliases > -rw-r--r-- 1 root wheel 8829 Jun 1 14:57 aliases.desktop > -rw-r--r-- 1 root wheel 3548 Feb 8 2014 bounce.cf.default > -rw-r--r-- 1 root wheel 11681 Feb 8 2014 canonical > -rw-r--r-- 1 root wheel 44 Feb 8 2014 custom_header_checks > -rw------- 1 root wheel 157 Aug 15 11:37 fetchmailrc > -rw-r--r-- 1 root wheel 9904 Feb 8 2014 generic > -rw-r--r-- 1 root wheel 21535 Feb 8 2014 header_checks > -rw-r--r-- 1 root wheel 28864 Aug 15 12:43 main.cf > -rw-r--r-- 1 root wheel 26970 Feb 8 2014 main.cf.default > -rw-r--r-- 1 root wheel 26155 Jun 1 15:04 main.cf.upgradedMtnLion > -rw-r--r-- 1 root wheel 27430 Feb 8 2014 main.cf~orig > -rw-r--r-- 1 root wheel 1441 Feb 8 2014 makedefs.out > -rw-r--r-- 1 root wheel 7443 Feb 8 2014 master.cf > -rw-r--r-- 1 root wheel 7443 Feb 8 2014 master.cf.default > -rw-r--r-- 1 root wheel 18473 Feb 8 2014 postfix-files > -rw-r--r-- 1 root wheel 6816 Feb 8 2014 relocated > -rw-r----- 1 root wheel 44 Aug 15 10:56 sasl_passwd > -rw-r----- 1 root wheel 16384 Aug 15 12:18 sasl_passwd.db > -rw-r--r-- 1 root wheel 12549 Feb 8 2014 transport > -rw-r--r-- 1 root wheel 12494 Feb 8 2014 virtual > > Rich Cook > [email protected] > > ---------------------------------------------- > If you don't laugh enough, you might have humorrhoids, which is an > enlargement of the onus, and the only thing you can pass then is heavy > judgment. -- Swami Beyondananda > > > > > -- [*] sys4 AG https://sys4.de, +49 (89) 30 90 46 64 Franziskanerstraße 15, 81669 München Sitz der Gesellschaft: München, Amtsgericht München: HRB 199263 Vorstand: Patrick Ben Koetter, Marc Schiffbauer Aufsichtsratsvorsitzender: Florian Kirstein
