Re: Request help with SASL issue and postfix

Sat, 16 Aug 2014 14:19:16 -0700 

On Sat, Aug 16, 2014 at 01:19:06PM -0700, Rich Cook wrote:

> And it?s still evil in the logs, but I no longer get a bounce email from 
> comcast as I did before.  So it?s ?better? perhaps?  I don?t know.  Sigh, 
> still hoping!  
> 
> Aug 16 13:14:29 RichCookHomeMac postfix/pickup[48035]: 5D63529CAF95: uid=0 
> from=<root>
> Aug 16 13:14:29 RichCookHomeMac postfix/cleanup[48045]: 5D63529CAF95: 
> message-id=<20140816201429.5d63529ca...@richcook.net>
> Aug 16 13:14:29 RichCookHomeMac postfix/qmgr[48036]: 5D63529CAF95: 
> from=<r...@richcook.net>, size=332, nrcpt=1 (queue active)
> Aug 16 13:14:29 RichCookHomeMac postfix/smtp[48038]: connect to 
> smtp.comcast.net[2001:558:fe2d:70::30]:587: No route to host
> Aug 16 13:14:29 RichCookHomeMac postfix/smtp[48038]: warning: SASL 
> authentication failure: No worthy mechs found
> Aug 16 13:14:29 RichCookHomeMac postfix/smtp[48038]: 5D63529CAF95: 
> to=<wealthyc...@gmail.com>, relay=smtp.comcast.net[76.96.40.155]:587, 
> delay=0.42, delays=0/0/0.41/0, dsn=4.7.0, status=deferred (SASL 
> authentication failed; cannot authenticate to server 
> smtp.comcast.net[76.96.40.155]: no mechanism available)

Well, this time Postfix actually knows that authentication is
needed.  So the mail is deferred.

    posttls-finger: Connected to smtp.comcast.net[68.87.26.155]:587
    posttls-finger: < 220 omta05.westchester.pa.mail.comcast.net comcast ESMTP 
server ready
    posttls-finger: > EHLO amnesiac.example
    posttls-finger: < 250-omta05.westchester.pa.mail.comcast.net
    posttls-finger: < 250-HELP
    posttls-finger: < 250-AUTH LOGIN PLAIN
    posttls-finger: < 250-SIZE 36700160
    posttls-finger: < 250-ENHANCEDSTATUSCODES
    posttls-finger: < 250-8BITMIME
    posttls-finger: < 250-STARTTLS
    posttls-finger: < 250 OK
    posttls-finger: > STARTTLS
    posttls-finger: < 220 2.0.0 Ready to start TLS
    posttls-finger: certificate verification failed for 
smtp.comcast.net[68.87.26.155]:587: untrusted issuer /C=SE/O=AddTrust 
AB/OU=AddTrust
    External TTP Network/CN=AddTrust External CA Root
    posttls-finger: Untrusted TLS connection established to 
smtp.comcast.net[68.87.26.155]:587: TLSv1 with cipher DHE-RSA-AES256-SHA 
(256/256
    bits)
    posttls-finger: > EHLO amnesiac.example
    posttls-finger: < 250-omta05.westchester.pa.mail.comcast.net
    posttls-finger: < 250-HELP
    posttls-finger: < 250-AUTH LOGIN PLAIN
    posttls-finger: < 250-SIZE 36700160
    posttls-finger: < 250-ENHANCEDSTATUSCODES
    posttls-finger: < 250-8BITMIME
    posttls-finger: < 250 OK
    posttls-finger: > QUIT
    posttls-finger: < 221 2.0.0 omta05.westchester.pa.mail.comcast.net comcast 
closing connection

This SMTP service supports "LOGIN" and "PLAIN", but your SASL engine
did not enable those mechanisms.

> Current main.cf: 
> 
> smtpd_tls_ciphers = medium

Why?

> inet_protocols = all

Set this to ipv4, you don't have ipv6 connectivity.

> inet_interfaces = loopback-only
> #======================================================================
> relayhost=[smtp.comcast.net]:587
> smtp_sasl_auth_enable=yes
> smtp_sasl_password_maps=hash:/etc/postfix/sasl_passwd

Fine.

> smtp_use_tls = yes 

Change this to "smtp_tls_security_level = may", the "smtp_use_tls"
parameter is deprecated.

And where are the settings Patrick Koetter explained you needed?

-- 
        Viktor.

Reply via email to