Hello,
I have been running postfix at a small company for years without any
problem. For some reason, now I cannot get 250-AUTH LOGIN PLAIN when
telnetting to port 25. It may be due to a change in the upgraded
packages or a misconfiguration by me. Probably, I "fixed" something
which is not broken.
I can send and receive mail system on ports 465 and 993 using SSL/TLS
without any issue (seemingly). I am not sure if missing "250-AUTH LOGIN
PLAIN" is a problem.If I telnet to 465 (or 993) I get no response.
Please find below conf details of the system.
I would appreciate any help.
Mufit Eribol
[root@server ~]# telnet mail.xxxxx.com 25
Trying xxx.xxx.xxx.xxx...
Connected to mail.xxxxx.com.
Escape character is '^]'.
220 mail.xxxxx.com ESMTP Postfix
ehlo yyyyy.com
250-mail.xxxxx.com
250-PIPELINING
250-SIZE 50000000
250-ETRN
250-STARTTLS
250-ENHANCEDSTATUSCODES
250-8BITMIME
250 DSN
quit
221 2.0.0 Bye
Connection closed by foreign host.
Packages on CentOS 7 system:
postfix-2.10.1-6.el7.x86_64
cyrus-sasl-2.1.26-17.el7.x86_64
cyrus-sasl-devel-2.1.26-17.el7.x86_64
cyrus-imapd-2.4.17-8.el7_1.x86_64
cyrus-sasl-plain-2.1.26-17.el7.x86_64
cyrus-sasl-lib-2.1.26-17.el7.x86_64
cyrus-imapd-devel-2.4.17-8.el7_1.x86_64
cyrus-imapd-utils-2.4.17-8.el7_1.x86_64
cyrus-sasl-md5-2.1.26-17.el7.x86_64
[root@mail ~]# cat /etc/sasl2/smtpd.conf
pwcheck_method: saslauthd
mech_list: plain login
[root@mail ~]# ps ax|grep saslauthd
577 ? Ss 0:00 /usr/sbin/saslauthd -m /run/saslauthd -a pam
578 ? S 0:00 /usr/sbin/saslauthd -m /run/saslauthd -a pam
579 ? S 0:00 /usr/sbin/saslauthd -m /run/saslauthd -a pam
580 ? S 0:00 /usr/sbin/saslauthd -m /run/saslauthd -a pam
581 ? S 0:00 /usr/sbin/saslauthd -m /run/saslauthd -a pam
[root@mail ~]# cat /etc/sysconfig/saslauthd
SOCKETDIR=/run/saslauthd
MECH=pam
FLAGS=
[root@mail ~]# cat /etc/pam.d/smtp (imap is the same)
auth sufficient pam_mysql.so user=mail passwd=abcd host=127.0.0.1
db=mail table=accountuser usercolumn=username passwdcolumn=password
crypt=3 logtable=log logmsgcolumn=msg logusercolumn=user
loghostcolumn=host logpidcolumn=pid logtimecolumn=time sqllog=yes
account required pam_mysql.so user=mail passwd=abcd host=127.0.0.1
db=mail table=accountuser usercolumn=username passwdcolumn=password
crypt=3 logtable=log logmsgcolumn=msg logusercolumn=user
loghostcolumn=host logpidcolumn=pid logtimecolumn=time
[root@mail ~]# postconf -n
alias_maps = $alias_database
append_dot_mydomain = no
biff = no
body_checks = regexp:/etc/postfix/body_checks
broken_sasl_auth_clients = yes
command_directory = /usr/sbin
config_directory = /etc/postfix
content_filter = smtp-amavis:[127.0.0.1]:10024
daemon_directory = /usr/libexec/postfix
data_directory = /var/lib/postfix
debug_peer_level = 2
debugger_command = PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin ddd
$daemon_directory/$process_name $process_id & sleep 5
disable_vrfy_command = yes
header_checks = regexp:/etc/postfix/header_checks
html_directory = no
inet_interfaces = all
local_destination_concurrency_limit = 5
local_destination_recipient_limit = 300
local_recipient_maps = proxy:unix:passwd.byname $alias_maps
$virtual_alias_maps
mail_owner = postfix
mailbox_transport = lmtp:unix:/var/lib/imap/socket/lmtp
mailq_path = /usr/bin/mailq.postfix
manpage_directory = /usr/share/man
message_size_limit = 50000000
milter_default_action = accept
milter_protocol = 2
mydestination = xxxxx.com, $myhostname, localhost.$mydomain, localhost,
mysql:/etc/postfix/mysql-mydestination.cf
mydomain = xxxxx.com
myhostname = mail.xxxxx.com
mynetworks = 10.0.0.0/24, 127.0.0.0/8
myorigin = $mydomain
newaliases_path = /usr/bin/newaliases.postfix
non_smtpd_milters = $smtpd_milters
policy_time_limit = 3600s
queue_directory = /var/spool/postfix
readme_directory = no
relay_domains = $mydestination
sample_directory = /usr/share/doc/postfix-2.10.1/samples
sender_canonical_maps = mysql:/etc/postfix/mysql-canonical.cf
sendmail_path = /usr/sbin/sendmail.postfix
setgid_group = postdrop
smtp_tls_note_starttls_offer = yes
smtp_use_tls = yes
smtpd_banner = $myhostname ESMTP $mail_name
smtpd_client_connection_count_limit = 0
smtpd_client_connection_rate_limit = 0
smtpd_client_message_rate_limit = 0
smtpd_client_restrictions = check_client_access
hash:/etc/postfix/client_access, reject_non_fqdn_sender,
reject_unknown_sender_domain, permit_mynetworks,
permit_sasl_authenticated, permit
smtpd_data_restrictions = reject_multi_recipient_bounce,
reject_unauth_pipelining, permit
smtpd_delay_reject = yes
smtpd_error_sleep_time = 1s
smtpd_hard_error_limit = 20
smtpd_helo_required = yes
smtpd_helo_restrictions = permit_mynetworks, permit_sasl_authenticated,
check_helo_access hash:/etc/postfix/helo_access,
reject_non_fqdn_helo_hostname, reject_invalid_helo_hostname,
warn_if_reject reject_unknown_helo_hostname, permit
smtpd_milters = inet:127.0.0.1:8891
smtpd_recipient_restrictions = permit_mynetworks,
permit_sasl_authenticated, check_recipient_access
hash:/etc/postfix/recipient_access, reject_non_fqdn_recipient,
reject_unknown_recipient_domain, reject_unauth_destination,
permit_dnswl_client list.dnswl.org, reject_rbl_client zen.spamhaus.org,
reject_rbl_client bl.spamcop.net, reject_rbl_client dnsbl.sorbs.net,
check_policy_service unix:private/policy check_policy_service
unix:postgrey/socket, permit
smtpd_sasl_auth_enable = yes
smtpd_sasl_local_domain =
smtpd_sasl_security_options = noanonymous
[root@mail ~]# cat master.cf
smtp inet n - n - - smtpd
smtp-amavis unix - - n - 2 smtp
-o smtp_data_done_timeout=1200
-o smtp_send_xforward_command=yes
-o disable_dns_lookups=yes
-o max_use=20
127.0.0.1:10025 inet n - n - - smtpd
-o content_filter=
-o local_recipient_maps=
-o relay_recipient_maps=
-o smtpd_restriction_classes=
-o smtpd_delay_reject=no
-o smtpd_client_restrictions=permit_mynetworks,reject
-o smtpd_helo_restrictions=
-o smtpd_sender_restrictions=
-o smtpd_recipient_restrictions=permit_mynetworks,reject
-o smtpd_data_restrictions=reject_unauth_pipelining
-o smtpd_end_of_data_restrictions=
-o mynetworks=127.0.0.0/8
-o smtpd_error_sleep_time=0
-o smtpd_soft_error_limit=1001
-o smtpd_hard_error_limit=1000
-o smtpd_client_connection_count_limit=0
-o smtpd_client_connection_rate_limit=0
-o
receive_override_options=no_header_body_checks,no_unknown_recipient_checks,no_milters,no_address_mappings
-o local_header_rewrite_clients=
-o smtpd_milters=
smtps inet n - n - - smtpd
-o smtpd_tls_wrappermode=yes
pickup unix n - n 60 1 pickup
cleanup unix n - n - 0 cleanup
qmgr unix n - n 300 1 qmgr
tlsmgr unix - - n 1000? 1 tlsmgr
rewrite unix - - n - - trivial-rewrite
bounce unix - - n - 0 bounce
defer unix - - n - 0 bounce
trace unix - - n - 0 bounce
verify unix - - n - 1 verify
flush unix n - n 1000? 0 flush
proxymap unix - - n - - proxymap
proxywrite unix - - n - 1 proxymap
smtp unix - - n - - smtp
relay unix - - n - - smtp
-o smtp_fallback_relay=
showq unix n - n - - showq
error unix - - n - - error
retry unix - - n - - error
discard unix - - n - - discard
local unix - n n - - local
virtual unix - n n - - virtual
lmtp unix - - n - - lmtp
anvil unix - - n - 1 anvil
scache unix - - n - 1 scache
policy unix - n n - - spawn
user=nobody argv=/usr/bin/perl
/usr/libexec/postfix/postfix-policyd-spf-perl
[root@mail ~]# cat /etc/cyrus.conf
START {
# do not delete this entry!
recover cmd="ctl_cyrusdb -r"
# this is only necessary if using idled for IMAP IDLE
idled cmd="idled"
}
# UNIX sockets start with a slash and are put into /var/lib/imap/sockets
SERVICES {
# add or remove based on preferences
# imap cmd="imapd" listen="imap" prefork=5
imaplocal cmd="imapd -C /etc/imapd-local.conf"
listen="127.0.0.1:imap" prefork=0
imaps cmd="imapd -s" listen="imaps" prefork=1
imapslocal cmd="imapd -C /etc/imapd-local.conf"
listen="127.0.0.1:imaps" prefork=0
# pop3 cmd="pop3d" listen="pop3" prefork=3
# pop3s cmd="pop3d -s" listen="pop3s" prefork=1
sieve cmd="timsieved" listen="sieve" prefork=0
sievelocal cmd="timsieved -C /etc/imapd-local.conf"
listen="127.0.0.1:sieve" prefork=0
# nntp cmd="nntpd" listen="nntp" prefork=3
# nntps cmd="nntpd -s" listen="nntps" prefork=1
# at least one LMTP is required for delivery
# lmtp cmd="lmtpd" listen="lmtp" prefork=0
lmtpunix cmd="lmtpd" listen="/var/lib/imap/socket/lmtp" prefork=0
# this is only necessary if using notifications
# notify cmd="notifyd" listen="/var/lib/imap/socket/notify"
proto="udp" prefork=1
}
EVENTS {
# this is required
checkpoint cmd="ctl_cyrusdb -c" period=30
# this is only necessary if using duplicate delivery suppression,
# Sieve or NNTP
delprune cmd="cyr_expire -E 3" at=0400
# this is only necessary if caching TLS sessions
tlsprune cmd="tls_prune" at=0400
}
[root@mail ~]# cat /etc/imapd.conf:
postmaster: postmaster
configdirectory: /var/lib/imap
partition-default: /var/spool/imap
#admins: cyrus
allowanonymouslogin: no
allowplaintext: no
#tls_require_cert: 1
sasl_minimum_layer: 128
servername: mail.xxxxx.com
autocreatequota: 200000
maxmessagesize: 0
reject8bit: 0
munge8bit: 0
quotawarn: 90
timeout: 30
poptimeout: 10
dracinterval: 0
drachost: localhost
sasl_pwcheck_method: saslauthd
sasl_mech_list: PLAIN
sievedir: /var/lib/imap/sieve
sieve_maxscriptsize: 32
sieve_maxscripts: 5
sieve_allowplaintext: 1
sendmail: /usr/sbin/sendmail
#hashimapspool: true
#unixhierarchysep: yes
#autocreateinboxfolders: Sent | Drafts | Trash | Spam
#autocreate_sieve_script: /var/lib/imap/sieve/global/spam
#autocreate_sieve_compiledscript: /var/lib/imap/sieve/global/spam.bc
#generate_compiled_sieve_script: yes
tls_cert_file: /etc/pki/tls/certs/xxxxx.com.crt
tls_key_file: /etc/pki/tls/private/xxxxx.com.key
tls_ca_file: /etc/pki/tls/certs/xxxxx.com.crt
#defaultdomain: mail
[root@mail ~]# cat /etc/imapd-local.conf:
postmaster: postmaster
configdirectory: /var/lib/imap
partition-default: /var/spool/imap
admins: cyrus
allowanonymouslogin: no
allowplaintext: yes
servername: mail.xxxxx.com
autocreatequota: 1000000
maxmessagesize: 0
reject8bit: no
quotawarn: 90
timeout: 30
poptimeout: 10
dracinterval: 0
drachost: localhost
sasl_pwcheck_method: saslauthd
sasl_mech_list: PLAIN
sievedir: /var/lib/imap/sieve
sieve_maxscriptsize: 32
sieve_maxscripts: 5
sendmail: /usr/sbin/sendmail
