Hello,
I had no time to solve definitely the problem.
Now the result is not error 46 but
Nov 3 17:23:51 jolly postfix/smtpd[5113]: connect from unknown[192.168.5.1]
Nov 3 17:23:51 jolly postfix/smtpd[5113]: Anonymous TLS connection
established from unknown[192.168.5.1]: TLSv1.2 with cipher
ECDHE-RSA-CHACHA20-POLY1305 (256/256 bits)
Nov 3 17:23:51 jolly postfix/smtpd[5113]: warning:
unknown[192.168.5.1]: SASL LOGIN authentication failed: authentication
failure
Nov 3 17:23:51 jolly postfix/smtpd[5113]: lost connection after AUTH
from unknown[192.168.5.1]
Nov 3 17:23:51 jolly postfix/smtpd[5113]: disconnect from
unknown[192.168.5.1] ehlo=2 starttls=1 auth=0/1 commands=3/4
This is strange as I don't do an anonymous connection.
I install saslauth.
# Example: MECHANISMS="pam"
MECHANISMS="shadow"
# Additional options for this mechanism. (default: none)
# See the saslauthd man page for information about mech-specific options.
MECH_OPTIONS=""
# How many saslauthd processes should we run? (default: 5)
# A value of 0 will fork a new process for each connection.
THREADS=5
# Other options (default: -c -m /var/run/saslauthd)
# Note: You MUST specify the -m option or saslauthd won't run!
#
# WARNING: DO NOT SPECIFY THE -d OPTION.
# The -d option will cause saslauthd to run in the foreground instead of as
# a daemon. This will PREVENT YOUR SYSTEM FROM BOOTING PROPERLY. If you
wish
# to run saslauthd in debug mode, please run it by hand to be safe.
#
# See /usr/share/doc/sasl2-bin/README.Debian for Debian-specific
information.
# See the saslauthd man page and the output of 'saslauthd -h' for general
# information about these options.
#
# Example for chroot Postfix users: "-c -m
/var/spool/postfix/var/run/saslauthd"
# Example for non-chroot Postfix users: "-c -m /var/run/saslauthd"
#
# To know if your Postfix is running chroot, check /etc/postfix/master.cf.
# If it has the line "smtp inet n - y - - smtpd" or "smtp inet n - - - -
smtpd"
# then your Postfix is running in a chroot.
# If it has the line "smtp inet n - n - - smtpd" then your Postfix is NOT
# running in a chroot.
OPTIONS="-c -m /var/spool/postfix/var/run/saslauthd"
This is only the end of the conf file. I didn't change anything at the
start of file.
Here is the smtpd part of main.cf
# TLS parameters
broken_sasl_auth_clients = yes
smtpd_tls_cert_file =
/etc/letsencrypt/live/zelec.homelinux.net/fullchain.pem
smtpd_tls_key_file = /etc/letsencrypt/live/zelec.homelinux.net/privkey.pem
smtpd_use_tls=yes
smtpd_tls_security_level = may
smtpd_tls_loglevel = 1
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
smtpd_sasl_auth_enable = yes
broken_sasl_auth_client = yes
#smtpd_tls_CAfile=/etc/letsencrypt/live/zelec.homelinux.net/fullchain.pem
#smtpd_tls_CApath=/etc/ssl/certs/
# See /usr/share/doc/postfix/TLS_README.gz in the postfix-doc package for
# information on enabling SSL in the smtp client.
smtpd_relay_restrictions = permit_mynetworks permit_sasl_authenticated
defer_unauth_destination permit_inet_interfaces
reject_unauth_destination permit_mx_backup
myhostname = jolly.zelec.lan
Here my master.conf
# service type private unpriv chroot wakeup maxproc command + args
# (yes) (yes) (no) (never) (100)
#
==========================================================================
smtp inet n - y - - smtpd
#smtp inet n - y - 1 postscreen
#smtpd pass - - y - - smtpd
#dnsblog unix - - y - 0 dnsblog
#tlsproxy unix - - y - 0 tlsproxy
submission inet n - y - - smtpd
-o syslog_name=postfix/submission
-o smtpd_tls_security_level=encrypt
-o smtpd_sasl_auth_enable=yes
# -o smtpd_reject_unlisted_recipient=no
# -o smtpd_client_restrictions=$mua_client_restrictions
# -o smtpd_helo_restrictions=$mua_helo_restrictions
# -o smtpd_sender_restrictions=$mua_sender_restrictions
# -o smtpd_recipient_restrictions=
-o smtpd_relay_restrictions=permit_sasl_authenticated,reject
# -o milter_macro_daemon_name=ORIGINATING
smtps inet n - y - - smtpd
# -o syslog_name=postfix/smtps
-o smtpd_tls_wrappermode=yes
-o smtpd_sasl_auth_enable=yes
# -o smtpd_reject_unlisted_recipient=no
# -o smtpd_client_restrictions=$mua_client_restrictions
# -o smtpd_helo_restrictions=$mua_helo_restrictions
# -o smtpd_sender_restrictions=$mua_sender_restrictions
# -o smtpd_recipient_restrictions=
-o smtpd_relay_restrictions=permit_sasl_authenticated,reject
# -o milter_macro_daemon_name=ORIGINATING
Thanks for ideas
Benoit
Le 22/09/2019 à 18:15, Viktor Dukhovni a écrit :
On Sun, Sep 22, 2019 at 03:07:54PM +0200, benoit wrote:
I change my cert_file parameter to fullchain.pem. So now I don't have
error for server:
Sep 22 15:00:25 jolly postfix/smtpd[15774]: connect from unknown[192.168.5.1]
Sep 22 15:00:25 jolly postfix/smtpd[15774]: Anonymous TLS connection
established from unknown[192.168.5.1]: TLSv1.2 with cipher
ECDHE-RSA-CHACHA20-POLY1305 (256/256 bits)
Looks like the TLS handshake completes.
Sep 22 15:00:33 jolly postfix/smtpd[15774]: lost connection after EHLO
from unknown[192.168.5.1]
Sep 22 15:00:33 jolly postfix/smtpd[15774]: disconnect from
unknown[192.168.5.1] ehlo=2 starttls=1 commands=3
As also evidenced by the second (post-TLS) "EHLO".
But my client can't connect . the client is my android phone
But the client gives up immediately after seeing the server's EHLO
response. Probably, it does not like the SASL AUTH mechanisms
offered, or AUTH is not offered at all. Perhaps the phone is
connecting to port 25.
See my reply
http://postfix.1071664.n5.nabble.com/Question-getting-Mail-app-working-with-PostFix-SMTP-td102381.html#a102823
to:
http://postfix.1071664.n5.nabble.com/Question-getting-Mail-app-working-with-PostFix-SMTP-tp102381p102822.html
and if you're still unable to resolve the problem after ensuring
that the client is using port 587 (submission), in your next post
include:
1. "postconf -nf" output (as-is, no rewrapping of lines)
2. "postconf -Mf" output (as-is, no rewrapping of lines)
3. Relevant enties from the log file.
