Dear all,
I try to use Postfix as Relay on a OVH server. The OS is ubuntu
22.04, postfix version is 3.6.4, domain is wika.ovh with DNS in OVH
infrastructure (no DNS service on my server). There is a single user,
called "ubuntu", on the system. I experience a "Client was not
authenticated error". For example the following test :
---
echo "test" |mail -s "Subject" ubu...@wika.ovh
---
leads to the following in the logs :
---
Sep 9 18:06:03 wika postfix/pickup[6344]: E80BA80F6D: uid=1000
from=<ubu...@wika.ovh>
Sep 9 18:06:03 wika postfix/cleanup[6370]: E80BA80F6D:
message-id=<20220909180603.e80ba80...@mailhost.wika.ovh>
Sep 9 18:06:03 wika postfix/qmgr[6345]: E80BA80F6D:
from=<ubu...@wika.ovh>, size=333, nrcpt=1 (queue active)
Sep 9 18:06:04 wika postfix/smtp[6371]: E80BA80F6D:
to=<ubu...@wika.ovh>, relay=ssl0.ovh.net[193.70.18.144]:587,
delay=0.17, delays=0.01/0.01/0.13/0.01, dsn=5.7.1, status=bounced (host
ssl0.ovh.net[193.70.18.144] said: 530 5.7.1 Client was not
authenticated (in reply to MAIL FROM command))
Sep 9 18:06:04 wika postfix/cleanup[6370]: 201FC80F6E:
message-id=<20220909180604.201fc80...@mailhost.wika.ovh>
Sep 9 18:06:04 wika postfix/qmgr[6345]: 201FC80F6E: from=<>,
size=2312, nrcpt=1 (queue active)
Sep 9 18:06:04 wika postfix/bounce[6372]: E80BA80F6D: sender
non-delivery notification: 201FC80F6E
Sep 9 18:06:04 wika postfix/qmgr[6345]: E80BA80F6D: removed
Sep 9 18:06:04 wika postfix/smtp[6371]: 201FC80F6E:
to=<ubu...@wika.ovh>, relay=ssl0.ovh.net[193.70.18.144]:587,
delay=0.08, delays=0/0/0.07/0, dsn=5.7.1, status=bounced (host
ssl0.ovh.net[193.70.18.144] said: 530 5.7.1 Client was not
authenticated (in reply to MAIL FROM command))
Sep 9 18:06:04 wika postfix/qmgr[6345]: 201FC80F6E: removed
---
The service seems to run :
nmap wika.ovh
---
Starting Nmap 7.80 ( https://nmap.org <https://nmap.org/> ) at
2022-09-09 18:12 UTC
Nmap scan report for wika.ovh (127.0.1.1)
Host is up (0.000096s latency).
Not shown: 994 closed ports
PORT STATE SERVICE
22/tcp open ssh
25/tcp open smtp
110/tcp open pop3
143/tcp open imap
993/tcp open imaps
995/tcp open pop3s
---
(as you can see, dovecot is installed to).
Moreover :
telnet wika.ovh 25
---
Trying 127.0.1.1...
Connected to wika.ovh.
Escape character is '^]'.
220 mailhost.wika.ovh ESMTP Postfix (Ubuntu)
---
To work with the sasl protocol, I have an email at OVH, which is
"mai...@wika.ovh". This email has been tested and works on the
"ovhcloud" (roundcube) interface. I use it in the Postfix
configuration. Here is the result for postconf -n :
---
alias_database = hash:/etc/aliases
alias_maps = hash:/etc/aliases
append_dot_mydomain = no
biff = no
compatibility_level = 3.6
debug_peer_list = 51.77.194.141
inet_interfaces = all
inet_protocols = all
mailbox_size_limit = 0
mydestination =
mydomain = wika.ovh
myhostname = mailhost.wika.ovh
mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128
myorigin = wika.ovh
readme_directory = no
recipient_delimiter = +
relayhost = [ssl0.ovh.net]:587
smtp_pix_workarounds =
smtp_sasl_auth_enable = yes
smtp_sasl_mechanism_filter = login, plain
smtp_sasl_password_maps = hash:/etc/postfix/sasl/passwd
smtp_sasl_security_options = noanonymous
smtp_sasl_tls_security_options = noanonymous
smtp_tls_CApath = /etc/ssl/certs
smtp_tls_note_starttls_offer = yes
smtp_tls_security_level = may
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
smtp_use_tls = yes
smtpd_banner = $myhostname ESMTP $mail_name (Ubuntu)
smtpd_relay_restrictions = permit_mynetworks permit_sasl_authenticated
defer_unauth_destination
smtpd_sasl_auth_enable = yes
smtpd_tls_cert_file = /etc/ssl/certs/ssl-cert-snakeoil.pem
smtpd_tls_key_file = /etc/ssl/private/ssl-cert-snakeoil.key
smtpd_tls_security_level = may
---
The /etc/postfix/sasl/password file contains the following :
---
ssl0.ovh.net:587 mai...@wika.ovh:myincrediblepassword
---
As mentionned on the "DEBUG_README" page of the postfix web site, I
installed postfinger and saslfinger. Here are the results :
sudo ./postfinger
---
postfinger - postfix configuration on Fri Sep 9 18:11:26 UTC 2022
version: 1.30
Warning: postfinger output may show private configuration information,
such as ip addresses and/or domain names which you do not want to show
to the public. If this is the case it is your responsibility to modify
the output to hide this private information. [Remove this warning with
the --nowarn option.]
--System Parameters--
mail_version = 3.6.4
hostname = wika
uname = Linux wika 5.15.0-47-generic #51-Ubuntu SMP Thu Aug 11 07:51:15
UTC 2022 x86_64 x86_64 x86_64 GNU/Linux
--Packaging information--
looks like this postfix comes from deb package: postfix-3.6.4-1ubuntu1
--main.cf non-default parameters--
alias_maps = hash:/etc/aliases
append_dot_mydomain = no
biff = no
compatibility_level = 3.6
debug_peer_list = 51.77.194.141
mailbox_size_limit = 0
mydestination =
mydomain = wika.ovh
myhostname = mailhost.wika.ovh
mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128
myorigin = wika.ovh
readme_directory = no
recipient_delimiter = +
relayhost = [ssl0.ovh.net]:587
smtp_pix_workarounds =
smtp_sasl_auth_enable = yes
smtp_sasl_mechanism_filter = login, plain
smtp_sasl_password_maps = hash:/etc/postfix/sasl/passwd
smtp_sasl_security_options = noanonymous
smtp_sasl_tls_security_options = noanonymous
smtp_tls_CApath = /etc/ssl/certs
smtp_tls_note_starttls_offer = yes
smtp_tls_security_level = may
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
smtp_use_tls = yes
smtpd_banner = $myhostname ESMTP $mail_name (Ubuntu)
smtpd_relay_restrictions = permit_mynetworks permit_sasl_authenticated
defer_unauth_destination
smtpd_sasl_auth_enable = yes
smtpd_tls_cert_file = /etc/ssl/certs/ssl-cert-snakeoil.pem
smtpd_tls_key_file = /etc/ssl/private/ssl-cert-snakeoil.key
smtpd_tls_security_level = may
--master.cf--
smtp inet n - y - - smtpd
pickup unix n - y 60 1 pickup
cleanup unix n - y - 0 cleanup
qmgr unix n - n 300 1 qmgr
tlsmgr unix - - y 1000? 1 tlsmgr
rewrite unix - - y - - trivial-rewrite
bounce unix - - y - 0 bounce
defer unix - - y - 0 bounce
trace unix - - y - 0 bounce
verify unix - - y - 1 verify
flush unix n - y 1000? 0 flush
proxymap unix - - n - - proxymap
proxywrite unix - - n - 1 proxymap
smtp unix - - y - - smtp
relay unix - - y - - smtp
-o syslog_name=postfix/$service_name
showq unix n - y - - showq
error unix - - y - - error
retry unix - - y - - error
discard unix - - y - - discard
local unix - n n - - local
virtual unix - n n - - virtual
lmtp unix - - y - - lmtp
anvil unix - - y - 1 anvil
scache unix - - y - 1 scache
postlog unix-dgram n - n - 1 postlogd
maildrop unix - n n - - pipe
flags=DRXhu user=vmail argv=/usr/bin/maildrop -d ${recipient}
uucp unix - n n - - pipe
flags=Fqhu user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail
($recipient)
ifmail unix - n n - - pipe
flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient)
bsmtp unix - n n - - pipe
flags=Fq. user=bsmtp argv=/usr/lib/bsmtp/bsmtp -t$nexthop -f$sender
$recipient
scalemail-backend unix - n n - 2 pipe
flags=R user=scalemail argv=/usr/lib/scalemail/bin/scalemail-store
${nexthop} ${user} ${extension}
mailman unix - n n - - pipe
flags=FRX user=list argv=/usr/lib/mailman/bin/postfix-to-mailman.py
${nexthop} ${user}
-- end of postfinger output --
---
saslfinger -csh
---
saslfinger - postfix Cyrus sasl configuration Fri Sep 9 18:14:30 UTC
2022
version: 1.0.4
mode: client-side SMTP AUTH
-- basics --
Postfix: 3.6.4
System: Ubuntu 22.04.1 LTS \n \l
-- smtp is linked to --
libsasl2.so.2 => /lib/x86_64-linux-gnu/libsasl2.so.2
(0x00007f1f99068000)
-- active SMTP AUTH and TLS parameters for smtp --
relayhost = [ssl0.ovh.net]:587
smtp_sasl_auth_enable = yes
smtp_sasl_mechanism_filter = login, plain
smtp_sasl_password_maps = hash:/etc/postfix/sasl/passwd
smtp_sasl_security_options = noanonymous
smtp_sasl_tls_security_options = noanonymous
smtp_tls_CApath = /etc/ssl/certs
smtp_tls_note_starttls_offer = yes
smtp_tls_security_level = may
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
smtp_use_tls = yes
-- listing of /usr/lib/sasl2 --
total 16
drwxr-xr-x 2 root root 4096 Sep 8 14:04 .
drwxr-xr-x 82 root root 4096 Sep 7 16:14 ..
-rw-r--r-- 1 root root 4 Sep 8 14:04 berkeley_db.active
-rw-r--r-- 1 root root 4 Feb 22 2022 berkeley_db.txt
-- listing of /etc/postfix/sasl --
total 24
drwxr-xr-x 2 root root 4096 Sep 8 13:43 .
drwxr-xr-x 5 root root 4096 Sep 8 13:53 ..
-rw-r--r-- 1 root root 45 Sep 8 13:43 passwd
-rw------- 1 root root 12288 Sep 8 13:43 passwd.db
-- permissions for /etc/postfix/sasl/passwd --
-rw-r--r-- 1 root root 45 Sep 8 13:43 /etc/postfix/sasl/passwd
-- permissions for /etc/postfix/sasl/passwd.db --
-rw------- 1 root root 12288 Sep 8 13:43 /etc/postfix/sasl/passwd.db
/etc/postfix/sasl/passwd.db is up to date.
-- active services in /etc/postfix/master.cf --
# service type private unpriv chroot wakeup maxproc command + args
# (yes) (yes) (no) (never) (100)
smtp inet n - y - - smtpd
pickup unix n - y 60 1 pickup
cleanup unix n - y - 0 cleanup
qmgr unix n - n 300 1 qmgr
tlsmgr unix - - y 1000? 1 tlsmgr
rewrite unix - - y - - trivial-rewrite
bounce unix - - y - 0 bounce
defer unix - - y - 0 bounce
trace unix - - y - 0 bounce
verify unix - - y - 1 verify
flush unix n - y 1000? 0 flush
proxymap unix - - n - - proxymap
proxywrite unix - - n - 1 proxymap
smtp unix - - y - - smtp
relay unix - - y - - smtp
-o syslog_name=postfix/$service_name
showq unix n - y - - showq
error unix - - y - - error
retry unix - - y - - error
discard unix - - y - - discard
local unix - n n - - local
virtual unix - n n - - virtual
lmtp unix - - y - - lmtp
anvil unix - - y - 1 anvil
scache unix - - y - 1 scache
postlog unix-dgram n - n - 1 postlogd
maildrop unix - n n - - pipe
flags=DRXhu user=vmail argv=/usr/bin/maildrop -d ${recipient}
uucp unix - n n - - pipe
flags=Fqhu user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail
($recipient)
ifmail unix - n n - - pipe
flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient)
bsmtp unix - n n - - pipe
flags=Fq. user=bsmtp argv=/usr/lib/bsmtp/bsmtp -t$nexthop -f$sender
$recipient
scalemail-backend unix - n n - 2 pipe
flags=R user=scalemail argv=/usr/lib/scalemail/bin/scalemail-store
${nexthop} ${user} ${extension}
mailman unix - n n - - pipe
flags=FRX user=list argv=/usr/lib/mailman/bin/postfix-to-mailman.py
${nexthop} ${user}
-- mechanisms on ssl0.ovh.net:587 --
-- end of saslfinger output --
---
The problem is that I don't know exactly what to test anymore, or how
the "finger" commands help me to understand what happens. May someone
help ?
Best regards,
Mikhaël
