Hello,
On a heavy i/o loaded Postfix (2.11.0) server, i've got this behavior:
=== Connected to x.x.x.x.
<- 220 xx.xx.xx ESMTP Postfix
-> EHLO localhost
<- 250-xx.xx.xx
<- 250-PIPELINING
<- 250-SIZE 10240000
<- 250-VRFY
<- 250-ETRN
<- 250-STARTTLS
<- 250-AUTH CRAM-MD5 DIGEST-MD5
<- 250-ENHANCEDSTATUSCODES
<- 250-8BITMIME
<- 250 DSN
-> AUTH CRAM-MD5
<** 535 5.7.8 Error: authentication failed: Connection lost to
authentication server
*** No authentication type succeeded
-> QUIT
<- 221 2.0.0 Bye
In mail.log:
Mar 10 16:36:58 xxxxxxxxx postfix/smtpd[20613]: connect from xxxxxxxxxx
Mar 10 16:37:04 xxxxxxxxx dovecot: auth: Debug: client in:
AUTH#0111#011CRAM-MD5#011service=smtp#011nologin#011lip=x.x.x.x#011rip=x.x.x.x
Mar 10 16:37:08 xxxxxxxxx postfix/smtpd[20613]: warning: x.x.x[x.x.x.x]: SASL
CRAM-MD5 authentication failed: Connection lost to authentication server
Mar 10 16:37:08 xxxxxxxxx postfix/smtpd[20613]: disconnect from x.x.x[x.x.x.x]
Mar 10 16:37:14 xxxxxxxxx dovecot: auth: Debug: client passdb out: .....
Mar 10 16:39:07 xxxxxxxxx dovecot: auth: Warning: auth client 0 disconnected
with 1 pending requests: Connection reset by peer
Ok, I have an i/o load problem with this server, but a 535 error code is too
much, I was expecting a 454 error code as stated in RFC2554.
As a workaround, I would like to increase the default postfix authentication
server response timeout of 10 seconds but it seems that this is hard-coded.
Relevant postfix SASL configuration:
smtpd_sasl_type = dovecot
smtpd_sasl_path = private/auth
smtpd_sasl_auth_enable = yes
smtpd_sasl_security_options = noanonymous, noplaintext
smtpd_sasl_tls_security_options = noanonymous
smtpd_sasl_authenticated_header = yes
smtpd_sender_login_maps = cdb:/etc/postfix/controlled_enveloppe_senders
So, I am missing something ? Should the error return code be corrected in
postfix ? (and yes, my I/O load problem must be fixed...)
Best regards,
Emmanuel.
