On 6/11/2015 2:30 PM, Jithesh AP wrote: > Hi, > > Apologies for long mail, wanted to give all the info i have. > Followed this URL to configure SASL - > http://www.postfix.org/SASL_README.html. Followed the dovecot > portion, did not setup cyrus, as i was bit confused. > > postconf-n is at this location - > https://www.dropbox.com/s/4ktakqpwe89y50m/postconf-n.txt?dl=0
Please paste inline. > > Here is what i am seeing. > 1 ----When i telnet with above config in postconf-n, i get the below > result > 250-PIPELINING > 250-SIZE 10240000 > 250-VRFY > 250-ETRN > 250-AUTH PLAIN LOGIN > 250-AUTH=PLAIN LOGIN > 250-ENHANCEDSTATUSCODES > 250-8BITMIME > 250 DSN > > Looks good as it shows 2 AUTH. I checked auth plain when in telnet > and authentication was successful I don't see STARTTLS offered above, so no encryption offered on port 25. Note you can use "openssl s_client" to test encrypted connections. See google for testing details. > > Now when i try to use my opera client and configure to use 465 port > and also with secure connection (TLS) checked, nothing happens, it I don't know about the opera client, but most desktop clients use the term "TLS" to refer to STARTTLS support, and the term "SSL" to refer to wrappermode encryption as used on port 465 (but supports TLS). Maybe you need to check a different box in your client. > does not tell me auth failed in the client or in the logs as shown > below. Is it an issue with the client maybe? As soon as i change it > to port 25 then the mails go out fine from opera client, even though > i had commented out mynetworks. > > Jun 11 11:23:42 ml dovecot: imap(j...@w8timez.com): Disconnected: > Disconnected in IDLE bytes=886/3033 > Jun 11 11:23:42 ml dovecot: imap(j...@w8timez.com): Disconnected: > Disconnected in IDLE bytes=134/1270 unrelated dovecot logs. > Jun 11 11:23:44 ml postfix/smtpd[23152]: connect from > c-24-6-42-3.hsd1.ca.comcast.net[24.6.42.3] A postfix connection, nothing else. This could be an encryption mismatch -- the client trying to use STARTTLS and the server expecting wrappermode. Or maybe there are further postfix entries not included here. Hard to tell... There's no indication what port is being used here. Set something like " -o syslog_name=postfix/smtps" in your master.cf smtps service entry to differentiate the logs. > Jun 11 11:23:44 ml dovecot: auth: mysql: Connected to 127.0.0.1 > (servermail) ... Unrelated dovecot logs. > > 2 -----Now if i enable this config "smtpd_tls_auth_only=yes", then > the AUTH values disappear in telnet as given below > > 250-PIPELINING > 250-SIZE 10240000 > 250-VRFY > 250-ETRN > 250-ENHANCEDSTATUSCODES > 250-8BITMIME > 250 DSN > > With this auth plain does not work and also opera client is the same > as first scenario, no change, So i dont know if it means the AUTH is > not working. As expected. With smtpd_tls_auth_only=yes, AUTH is neither offered nor allowed unencrypted, and this connection does not offer STARTTLS. > > Now i am stuck, dont know what i am missing :(. >>> Jun 11 06:18:41 ml postfix/smtpd[20765]: connect from >>> c-24-6-42-3.hsd1.ca.comcast.net[24.6.42.3] >>> Jun 11 06:18:41 ml postfix/smtpd[20765]: setting up TLS connection >>> from c-24-6-42-3.hsd1.ca.comcast.net[24.6.42.3] >>> Jun 11 06:18:42 ml postfix/smtpd[20765]: Anonymous TLS connection >>> established from c-24-6-42-3.hsd1.ca.comcast.net[24.6.42.3]: TLSv1 >>> with cipher DHE-RSA-AES256-SHA (256/256 bits) TLS worked at this point in time, but it's unclear if this is port 465 or STARTTLS on another port. "TLS connection established" proves it worked. Or used to. >>> Jun 11 06:18:44 ml postfix/smtpd[20765]: warning: >>> c-24-6-42-3.hsd1.ca.comcast.net[24.6.42.3]: SASL LOGIN >>> authentication >>> failed: authentication failure But your credentials were somehow wrong at that point in time. Some desktop mail clients have separate credentials for IMAP and SMTP. Check your client setup. -- Noel Jones
