Hi,
I'm trying to set up Postfix to use two smarthosts. All mail sent from
domains example.(com|org) should be sent over smtp.gmail.com (default
smarthost) and mails from Domain.A should be sent over mailgw.Domain.A
(MUA is MS Exchange). I set everything up like in the configuration
below. However delivering the mail fails with 535 Authentication
unsuccessful. I have tried to log in via AUTH LOGIN and telnet/openssl.
This worked. So I have no idea, why authnetication doesn't work here. Do
you have any hints what I'm doing wrong?
main.cf:
alias_maps = hash:/etc/aliases
append_dot_mydomain = no
biff = no
broken_sasl_auth_clients = yes
inet_protocols = ipv4
mailbox_command = procmail -a "$EXTENSION"
mailbox_size_limit = 0
mydestination = golgafrincham.example.com, localhost.example.com, localhost
mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128
myorigin = /etc/mailname
readme_directory = no
recipient_delimiter = +
relayhost = [smtp.gmail.com]:587
sender_dependent_relayhost_maps = hash:/etc/postfix/relayhost_map
smtpd_banner = $myhostname ESMTP $mail_name (Debian/GNU)
smtpd_relay_restrictions = permit_mynetworks permit_sasl_authenticated
defer_unauth_destination
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
smtpd_use_tls = yes
smtp_generic_maps = hash:/etc/postfix/generic
smtp_sasl_auth_enable = yes
smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd
smtp_sasl_security_options = noanonymous
smtp_sender_dependent_authentication = yes
smtp_tls_CAfile = /etc/postfix/cacert.pem
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
smtp_use_tls = yes
relayhost_map:
j.kubiez...@example.org [smtp.gmail.com]:587
jkubieziel@Domain.A [mailgw.Domain.A]:587
sasl_passwd:
jkubieziel@Domain.A jkubieziel@Domain.A:Password
[smtp:gmail.com]:587 j.kubiez...@example.org:Password
mail.log:
Dec 16 09:40:12 golgafrincham postfix/qmgr[26914]: 9044318E:
from=<jkubieziel@Domain.A>, size=400, nrcpt=1 (queue active)
Dec 16 09:40:12 golgafrincham postfix/smtp[26921]: smtp_stream_setup:
maxtime=300 enable_deadline=0
Dec 16 09:40:12 golgafrincham postfix/smtp[26921]: <
mailgw.Domain.A[192.0.2.11]:587: 220 mailgw.Domain.A Microsoft ESMTP MAIL
Service ready at Tue, 16 Dec 2014 03:40:12 -0500
Dec 16 09:40:12 golgafrincham postfix/smtp[26921]: >
mailgw.Domain.A[192.0.2.11]:587: EHLO golgafrincham.example.com
Dec 16 09:40:13 golgafrincham postfix/smtp[26921]: <
mailgw.Domain.A[192.0.2.11]:587: 250-mailgw.Domain.A Hello [195.202.38.154]
Dec 16 09:40:13 golgafrincham postfix/smtp[26921]: <
mailgw.Domain.A[192.0.2.11]:587: 250-SIZE 52428800
Dec 16 09:40:13 golgafrincham postfix/smtp[26921]: <
mailgw.Domain.A[192.0.2.11]:587: 250-PIPELINING
Dec 16 09:40:13 golgafrincham postfix/smtp[26921]: <
mailgw.Domain.A[192.0.2.11]:587: 250-DSN
Dec 16 09:40:13 golgafrincham postfix/smtp[26921]: <
mailgw.Domain.A[192.0.2.11]:587: 250-ENHANCEDSTATUSCODES
Dec 16 09:40:13 golgafrincham postfix/smtp[26921]: <
mailgw.Domain.A[192.0.2.11]:587: 250-STARTTLS
Dec 16 09:40:13 golgafrincham postfix/smtp[26921]: <
mailgw.Domain.A[192.0.2.11]:587: 250-AUTH GSSAPI NTLM
Dec 16 09:40:13 golgafrincham postfix/smtp[26921]: <
mailgw.Domain.A[192.0.2.11]:587: 250-8BITMIME
Dec 16 09:40:13 golgafrincham postfix/smtp[26921]: <
mailgw.Domain.A[192.0.2.11]:587: 250-BINARYMIME
Dec 16 09:40:13 golgafrincham postfix/smtp[26921]: <
mailgw.Domain.A[192.0.2.11]:587: 250 CHUNKING
Dec 16 09:40:13 golgafrincham postfix/smtp[26921]: server features: 0x903f size
52428800
Dec 16 09:40:13 golgafrincham postfix/smtp[26921]: Using ESMTP PIPELINING, TCP
send buffer size is 46080, PIPELINING buffer size is 4096
Dec 16 09:40:13 golgafrincham postfix/smtp[26921]: smtp_stream_setup:
maxtime=300 enable_deadline=0
Dec 16 09:40:13 golgafrincham postfix/smtp[26921]: >
mailgw.Domain.A[192.0.2.11]:587: STARTTLS
Dec 16 09:40:13 golgafrincham postfix/smtp[26921]: <
mailgw.Domain.A[192.0.2.11]:587: 220 2.0.0 SMTP server ready
Dec 16 09:40:13 golgafrincham postfix/smtp[26921]: send attr request = lookup
Dec 16 09:40:13 golgafrincham postfix/smtp[26921]: send attr cache_type = smtp
Dec 16 09:40:13 golgafrincham postfix/smtp[26921]: send attr cache_id =
smtp&[mailgw.Domain.A]:587&mailgw.Domain.A&192.0.2.11&&777D63B388B5C434AE11B63E1FCB6213CBD88CF0D5772CD420C390CC2CC7F17E
Dec 16 09:40:13 golgafrincham postfix/smtp[26921]: private/tlsmgr: wanted
attribute: status
Dec 16 09:40:13 golgafrincham postfix/smtp[26921]: input attribute name: status
Dec 16 09:40:13 golgafrincham postfix/smtp[26921]: input attribute value:
4294967295
Dec 16 09:40:13 golgafrincham postfix/smtp[26921]: private/tlsmgr: wanted
attribute: session
Dec 16 09:40:13 golgafrincham postfix/smtp[26921]: input attribute name: session
Dec 16 09:40:13 golgafrincham postfix/smtp[26921]: input attribute value: (end)
Dec 16 09:40:13 golgafrincham postfix/smtp[26921]: private/tlsmgr: wanted
attribute: (list terminator)
Dec 16 09:40:13 golgafrincham postfix/smtp[26921]: input attribute name: (end)
Dec 16 09:40:13 golgafrincham postfix/smtp[26921]: send attr request = seed
Dec 16 09:40:13 golgafrincham postfix/smtp[26921]: send attr size = 32
Dec 16 09:40:13 golgafrincham postfix/smtp[26921]: private/tlsmgr: wanted
attribute: status
Dec 16 09:40:13 golgafrincham postfix/smtp[26921]: input attribute name: status
Dec 16 09:40:13 golgafrincham postfix/smtp[26921]: input attribute value: 0
Dec 16 09:40:13 golgafrincham postfix/smtp[26921]: private/tlsmgr: wanted
attribute: seed
Dec 16 09:40:13 golgafrincham postfix/smtp[26921]: input attribute name: seed
Dec 16 09:40:13 golgafrincham postfix/smtp[26921]: input attribute value:
WiQjwFNyFc+HKey9bSGt46OISHmipEh+ZOV1fFILzr4=
Dec 16 09:40:13 golgafrincham postfix/smtp[26921]: private/tlsmgr: wanted
attribute: (list terminator)
Dec 16 09:40:13 golgafrincham postfix/smtp[26921]: input attribute name: (end)
Dec 16 09:40:13 golgafrincham postfix/smtp[26921]: send attr request = update
Dec 16 09:40:13 golgafrincham postfix/smtp[26921]: send attr cache_type = smtp
Dec 16 09:40:13 golgafrincham postfix/smtp[26921]: send attr cache_id =
smtp&[mailgw.Domain.A]:587&mailgw.Domain.A&192.0.2.11&&777D63B388B5C434AE11B63E1FCB6213CBD88CF0D5772CD420C390CC2CC7F17E
Dec 16 09:40:13 golgafrincham postfix/smtp[26921]: send attr session = [data
1579 bytes]
Dec 16 09:40:13 golgafrincham postfix/smtp[26921]: private/tlsmgr: wanted
attribute: status
Dec 16 09:40:13 golgafrincham postfix/smtp[26921]: input attribute name: status
Dec 16 09:40:13 golgafrincham postfix/smtp[26921]: input attribute value: 0
Dec 16 09:40:13 golgafrincham postfix/smtp[26921]: private/tlsmgr: wanted
attribute: (list terminator)
Dec 16 09:40:13 golgafrincham postfix/smtp[26921]: input attribute name: (end)
Dec 16 09:40:13 golgafrincham postfix/smtp[26921]: smtp_stream_setup:
maxtime=300 enable_deadline=0
Dec 16 09:40:13 golgafrincham postfix/smtp[26921]: >
mailgw.Domain.A[192.0.2.11]:587: EHLO golgafrincham.example.com
Dec 16 09:40:13 golgafrincham postfix/smtp[26921]: <
mailgw.Domain.A[192.0.2.11]:587: 250-mailgw.Domain.A Hello [195.202.38.154]
Dec 16 09:40:13 golgafrincham postfix/smtp[26921]: <
mailgw.Domain.A[192.0.2.11]:587: 250-SIZE 52428800
Dec 16 09:40:13 golgafrincham postfix/smtp[26921]: <
mailgw.Domain.A[192.0.2.11]:587: 250-PIPELINING
Dec 16 09:40:13 golgafrincham postfix/smtp[26921]: <
mailgw.Domain.A[192.0.2.11]:587: 250-DSN
Dec 16 09:40:13 golgafrincham postfix/smtp[26921]: <
mailgw.Domain.A[192.0.2.11]:587: 250-ENHANCEDSTATUSCODES
Dec 16 09:40:13 golgafrincham postfix/smtp[26921]: <
mailgw.Domain.A[192.0.2.11]:587: 250-AUTH GSSAPI NTLM LOGIN
Dec 16 09:40:13 golgafrincham postfix/smtp[26921]: <
mailgw.Domain.A[192.0.2.11]:587: 250-8BITMIME
Dec 16 09:40:13 golgafrincham postfix/smtp[26921]: <
mailgw.Domain.A[192.0.2.11]:587: 250-BINARYMIME
Dec 16 09:40:13 golgafrincham postfix/smtp[26921]: <
mailgw.Domain.A[192.0.2.11]:587: 250 CHUNKING
Dec 16 09:40:13 golgafrincham postfix/smtp[26921]: server features: 0x902f size
52428800
Dec 16 09:40:13 golgafrincham postfix/smtp[26921]: Using ESMTP PIPELINING, TCP
send buffer size is 46080, PIPELINING buffer size is 4096
Dec 16 09:40:13 golgafrincham postfix/smtp[26921]: maps_find: smtp_sasl_passwd:
hash:/etc/postfix/sasl_passwd(0,lock|fold_fix): jkubieziel@Domain.A =
jkubieziel@Domain.A:Password
Dec 16 09:40:13 golgafrincham postfix/smtp[26921]: mail_addr_find:
jkubieziel@Domain.A -> jkubieziel@Domain.A:Password
Dec 16 09:40:13 golgafrincham postfix/smtp[26921]: smtp_sasl_passwd_lookup:
host `mailgw.Domain.A' user `jkubieziel@Domain.A' pass `Password'
Dec 16 09:40:13 golgafrincham postfix/smtp[26921]: starting new SASL client
Dec 16 09:40:13 golgafrincham postfix/smtp[26921]: name_mask: noanonymous
Dec 16 09:40:13 golgafrincham postfix/smtp[26921]: smtp_sasl_authenticate:
mailgw.Domain.A[192.0.2.11]:587: SASL mechanisms GSSAPI NTLM LOGIN
Dec 16 09:40:13 golgafrincham postfix/smtp[26921]: xsasl_cyrus_client_first:
uncoded initial reply: NTLMSSP\0\1\0\0\0\a\2\0\0\0\0\0\0 \0\0\0\0\0\0\0 \0\0\000
Dec 16 09:40:13 golgafrincham postfix/smtp[26921]: >
mailgw.Domain.A[192.0.2.11]:587: AUTH NTLM
TlRMTVNTUAABAAAABwIAAAAAAAAgAAAAAAAAACAAAAA=
Dec 16 09:40:13 golgafrincham postfix/smtp[26921]: <
mailgw.Domain.A[192.0.2.11]:587: 334 TlRMTVNTUAACAAAABAAEA...
Dec 16 09:40:13 golgafrincham postfix/smtp[26921]: xsasl_cyrus_client_next:
decoded challenge: NTLMSSP
Dec 16 09:40:13 golgafrincham postfix/smtp[26921]: xsasl_cyrus_client_get_user:
jkubieziel@Domain.A
Dec 16 09:40:13 golgafrincham postfix/smtp[26921]:
xsasl_cyrus_client_get_passwd: Password
Dec 16 09:40:13 golgafrincham postfix/smtp[26921]: xsasl_cyrus_client_next:
uncoded client response NTLMSSP
Dec 16 09:40:13 golgafrincham postfix/smtp[26921]: >
mailgw.Domain.A[192.0.2.11]:587: TlRMTVNTUAADAAAAAAAAAEA...
Dec 16 09:40:18 golgafrincham postfix/smtp[26921]: <
mailgw.Domain.A[192.0.2.11]:587: 535 5.7.3 Authentication unsuccessful
Dec 16 09:40:18 golgafrincham postfix/smtp[26921]: connect to subsystem
private/defer
Dec 16 09:40:18 golgafrincham postfix/smtp[26921]: send attr nrequest = 0
Dec 16 09:40:18 golgafrincham postfix/smtp[26921]: send attr flags = 0
Dec 16 09:40:18 golgafrincham postfix/smtp[26921]: send attr queue_id = 9044318E
Dec 16 09:40:18 golgafrincham postfix/smtp[26921]: send attr original_recipient
= j.kubiez...@example.org
Dec 16 09:40:18 golgafrincham postfix/smtp[26921]: send attr recipient =
j.kubiez...@example.org
Dec 16 09:40:18 golgafrincham postfix/smtp[26921]: send attr offset = 607
Dec 16 09:40:18 golgafrincham postfix/smtp[26921]: send attr dsn_orig_rcpt =
rfc822;j.kubiez...@example.org
Dec 16 09:40:18 golgafrincham postfix/smtp[26921]: send attr notify_flags = 0
Dec 16 09:40:18 golgafrincham postfix/smtp[26921]: send attr status = 4.7.3
Dec 16 09:40:18 golgafrincham postfix/smtp[26921]: send attr diag_type = smtp
Dec 16 09:40:18 golgafrincham postfix/smtp[26921]: send attr diag_text = 535
5.7.3 Authentication unsuccessful
Dec 16 09:40:18 golgafrincham postfix/smtp[26921]: send attr mta_type = dns
Dec 16 09:40:18 golgafrincham postfix/smtp[26921]: send attr mta_mname =
mailgw.Domain.A
Dec 16 09:40:18 golgafrincham postfix/smtp[26921]: send attr action = delayed
Dec 16 09:40:18 golgafrincham postfix/smtp[26921]: send attr reason = SASL
authentication failed; server mailgw.Domain.A[192.0.2.11] said: 535 5.7.3
Authentication unsuccessful
Dec 16 09:40:18 golgafrincham postfix/smtp[26921]: private/defer socket: wanted
attribute: status
Dec 16 09:40:18 golgafrincham postfix/smtp[26921]: input attribute name: status
Dec 16 09:40:18 golgafrincham postfix/smtp[26921]: input attribute value: 0
Dec 16 09:40:18 golgafrincham postfix/smtp[26921]: private/defer socket: wanted
attribute: (list terminator)
Dec 16 09:40:18 golgafrincham postfix/smtp[26921]: input attribute name: (end)
Dec 16 09:40:18 golgafrincham postfix/smtp[26921]: 9044318E:
to=<j.kubiez...@example.org>, relay=mailgw.Domain.A[192.0.2.11]:587,
delay=71182, delays=71176/0.09/6.2/0, dsn=4.7.3, status=deferred (SASL
authentication failed; server mailgw.Domain.A[192.0.2.11] said: 535 5.7.3
Authentication unsuccessful)
Dec 16 09:40:18 golgafrincham postfix/smtp[26921]: flush_add: site example.org
id 9044318E
Dec 16 09:40:18 golgafrincham postfix/smtp[26921]: match_hostname: example.org
~? golgafrincham.example.com
Dec 16 09:40:18 golgafrincham postfix/smtp[26921]: match_hostname: example.org
~? localhost.example.com
Dec 16 09:40:18 golgafrincham postfix/smtp[26921]: match_hostname: example.org
~? localhost
Dec 16 09:40:18 golgafrincham postfix/smtp[26921]: match_list_match:
example.org: no match
Dec 16 09:40:18 golgafrincham postfix/smtp[26921]: flush_add: site example.org
id 9044318E status 4
Dec 16 09:40:18 golgafrincham postfix/smtp[26921]: smtp_stream_setup:
maxtime=300 enable_deadline=0
Dec 16 09:40:18 golgafrincham postfix/smtp[26921]: >
mailgw.Domain.A[192.0.2.11]:587: QUIT
Dec 16 09:40:18 golgafrincham postfix/smtp[26921]: name_mask: resource
Dec 16 09:40:18 golgafrincham postfix/smtp[26921]: name_mask: software
Dec 16 09:40:19 golgafrincham postfix/smtp[26921]: disposing SASL state
information
--
In a successful advertisement it's the graphics that grab you, but it's
the text that does the selling.
-- Pablo PigCasso
