Loading ...
Sorry, an error occurred while loading the content.
 

SMTP AUTH killing 220 response.

Expand Messages
  • Bbt Lists
    Hi there... I have setup a postfix server for relaying outbound mail using SMTP Auth, and TLS. Now for some reason when I add: smtpd_sasl_auth_enable = yes to
    Message 1 of 11 , Jul 31, 2006
      Hi there... I have setup a postfix server for relaying outbound mail
      using SMTP Auth, and TLS. Now for some reason when I add:

      smtpd_sasl_auth_enable = yes

      to my main.cf the typical "220 smtp.dom.com ESMTP Postfix" response is
      gone and I can't test my server via telnet.

      I have been searching hte archives to no result.


      Does anyone have any ideas?

      I am running centos 4.3 (latest patches) with the postfix RPM's provided
      by centos 4.3/RHEL4 update 3.

      Thanks in advance!

      --
      dnk
    • Magnus Bäck
      On Monday, July 31, 2006 at 23:50 CEST, ... Read your logs. They will tell you what s wrong. [...] -- Magnus Bäck magnus@dsek.lth.se
      Message 2 of 11 , Jul 31, 2006
        On Monday, July 31, 2006 at 23:50 CEST,
        Bbt Lists <mailinglists@...> wrote:

        > Hi there... I have setup a postfix server for relaying outbound mail
        > using SMTP Auth, and TLS. Now for some reason when I add:
        >
        > smtpd_sasl_auth_enable = yes
        >
        > to my main.cf the typical "220 smtp.dom.com ESMTP Postfix" response is
        > gone and I can't test my server via telnet.

        Read your logs. They will tell you what's wrong.

        [...]

        --
        Magnus Bäck
        magnus@...
      • Patrick Ben Koetter
        ... Yep, the log is your friend. And while you are at it, get saslfinger (see my signature), run it saslfinger -s and send the output to the list. p@rick --
        Message 3 of 11 , Jul 31, 2006
          * Magnus Bäck <magnus@...>:
          > On Monday, July 31, 2006 at 23:50 CEST,
          > Bbt Lists <mailinglists@...> wrote:
          >
          > > Hi there... I have setup a postfix server for relaying outbound mail
          > > using SMTP Auth, and TLS. Now for some reason when I add:
          > >
          > > smtpd_sasl_auth_enable = yes
          > >
          > > to my main.cf the typical "220 smtp.dom.com ESMTP Postfix" response is
          > > gone and I can't test my server via telnet.
          >
          > Read your logs. They will tell you what's wrong.

          Yep, the log is your friend. And while you are at it, get saslfinger (see my
          signature), run it "saslfinger -s" and send the output to the list.

          p@rick


          --
          The Book of Postfix
          <http://www.postfix-book.com>
          saslfinger (debugging SMTP AUTH):
          <http://postfix.state-of-mind.de/patrick.koetter/saslfinger/>
        • Bbt Lists
          ... My apologies - I forgot to paste in the error that was in my logs with the original post..... I am getting: SASL per-process initialization failed -- dnk
          Message 4 of 11 , Jul 31, 2006
            Magnus Bäck wrote:
            On Monday, July 31, 2006 at 23:50 CEST,
                 Bbt Lists <mailinglists@...> wrote:
            
              
            Hi there... I have setup a postfix server for relaying outbound mail 
            using SMTP Auth, and TLS. Now for some reason when I add:
            
            smtpd_sasl_auth_enable = yes
            
            to my main.cf the typical "220 smtp.dom.com ESMTP Postfix"  response is 
            gone and I can't test my server via telnet.
                
            Read your logs. They will tell you what's wrong.
            
            [...]
            
              
            My apologies - I forgot to paste in the error that was in my logs with the original post..... I am getting:

            SASL per-process initialization failed



            -- 
            dnk
          • Bbt Lists
            ... Here is my output from the tool..... (PS - that is pretty slick). saslfinger - postfix Cyrus sasl configuration Mon Jul 31 18:02:00 PDT 2006 version: 1.0
            Message 5 of 11 , Jul 31, 2006
              Patrick Ben Koetter wrote:
              > Yep, the log is your friend. And while you are at it, get saslfinger (see my
              > signature), run it "saslfinger -s" and send the output to the list.
              >
              > p@rick
              >
              >
              >
              Here is my output from the tool..... (PS - that is pretty slick).





              saslfinger - postfix Cyrus sasl configuration Mon Jul 31 18:02:00 PDT 2006
              version: 1.0
              mode: server-side SMTP AUTH

              -- basics --
              Postfix: 2.1.5
              System: CentOS release 4.3 (Final)

              -- smtpd is linked to --
              libsasl2.so.2 => /usr/lib/libsasl2.so.2 (0x00d1f000)

              -- active SMTP AUTH and TLS parameters for smtpd --
              broken_sasl_auth_clients = yes
              smtpd_sasl_auth_enable = yes
              smtpd_sasl_local_domain =
              smtpd_sasl_security_options = noanonymous


              -- listing of /usr/lib/sasl --
              total 520
              drwxr-xr-x 2 root root 4096 Jul 31 13:42 .
              drwxr-xr-x 102 root root 49152 Jul 31 12:41 ..
              -rw-r--r-- 1 root root 4634 Feb 21 2005 libanonymous.a
              -rwxr-xr-x 1 root root 871 Feb 21 2005 libanonymous.la
              -rwxr-xr-x 1 root root 5748 Feb 21 2005 libanonymous.so
              -rwxr-xr-x 1 root root 5748 Feb 21 2005 libanonymous.so.1
              -rwxr-xr-x 1 root root 5748 Feb 21 2005 libanonymous.so.1.0.17
              -rw-r--r-- 1 root root 9758 Feb 21 2005 libcrammd5.a
              -rwxr-xr-x 1 root root 857 Feb 21 2005 libcrammd5.la
              -rwxr-xr-x 1 root root 9884 Feb 21 2005 libcrammd5.so
              -rwxr-xr-x 1 root root 9884 Feb 21 2005 libcrammd5.so.1
              -rwxr-xr-x 1 root root 9884 Feb 21 2005 libcrammd5.so.1.0.19
              -rw-r--r-- 1 root root 34264 Feb 21 2005 libdigestmd5.a
              -rwxr-xr-x 1 root root 880 Feb 21 2005 libdigestmd5.la
              -rwxr-xr-x 1 root root 30804 Feb 21 2005 libdigestmd5.so
              -rwxr-xr-x 1 root root 30804 Feb 21 2005 libdigestmd5.so.0
              -rwxr-xr-x 1 root root 30804 Feb 21 2005 libdigestmd5.so.0.0.20
              -rw-r--r-- 1 root root 11322 Feb 21 2005 libgssapiv2.a
              -rwxr-xr-x 1 root root 906 Feb 21 2005 libgssapiv2.la
              -rwxr-xr-x 1 root root 11952 Feb 21 2005 libgssapiv2.so
              -rwxr-xr-x 1 root root 11952 Feb 21 2005 libgssapiv2.so.1
              -rwxr-xr-x 1 root root 11952 Feb 21 2005 libgssapiv2.so.1.0.19
              -rw-r--r-- 1 root root 6598 Feb 21 2005 liblogin.a
              -rwxr-xr-x 1 root root 847 Feb 21 2005 liblogin.la
              -rwxr-xr-x 1 root root 7248 Feb 21 2005 liblogin.so
              -rwxr-xr-x 1 root root 7248 Feb 21 2005 liblogin.so.0
              -rwxr-xr-x 1 root root 7248 Feb 21 2005 liblogin.so.0.0.7
              -rw-r--r-- 1 root root 6150 Feb 21 2005 libplain.a
              -rwxr-xr-x 1 root root 849 Feb 21 2005 libplain.la
              -rwxr-xr-x 1 root root 7000 Feb 21 2005 libplain.so
              -rwxr-xr-x 1 root root 7000 Feb 21 2005 libplain.so.1
              -rwxr-xr-x 1 root root 7000 Feb 21 2005 libplain.so.1.0.16
              -rw-r--r-- 1 root root 47 Mar 16 2005 smtpd.conf

              -- listing of /usr/lib/sasl2 --
              total 2908
              drwxr-xr-x 2 root root 4096 Jul 31 13:42 .
              drwxr-xr-x 102 root root 49152 Jul 31 12:41 ..
              -rwxr-xr-x 1 root root 875 Feb 21 2005 libanonymous.la
              -rwxr-xr-x 1 root root 12820 Feb 21 2005 libanonymous.so
              -rwxr-xr-x 1 root root 12820 Feb 21 2005 libanonymous.so.2
              -rwxr-xr-x 1 root root 12820 Feb 21 2005 libanonymous.so.2.0.19
              -rwxr-xr-x 1 root root 863 Feb 21 2005 libcrammd5.la
              -rwxr-xr-x 1 root root 15216 Feb 21 2005 libcrammd5.so
              -rwxr-xr-x 1 root root 15216 Feb 21 2005 libcrammd5.so.2
              -rwxr-xr-x 1 root root 15216 Feb 21 2005 libcrammd5.so.2.0.19
              -rwxr-xr-x 1 root root 884 Feb 21 2005 libdigestmd5.la
              -rwxr-xr-x 1 root root 42964 Feb 21 2005 libdigestmd5.so
              -rwxr-xr-x 1 root root 42964 Feb 21 2005 libdigestmd5.so.2
              -rwxr-xr-x 1 root root 42964 Feb 21 2005 libdigestmd5.so.2.0.19
              -rwxr-xr-x 1 root root 911 Feb 21 2005 libgssapiv2.la
              -rwxr-xr-x 1 root root 22292 Feb 21 2005 libgssapiv2.so
              -rwxr-xr-x 1 root root 22292 Feb 21 2005 libgssapiv2.so.2
              -rwxr-xr-x 1 root root 22292 Feb 21 2005 libgssapiv2.so.2.0.19
              -rwxr-xr-x 1 root root 851 Feb 21 2005 liblogin.la
              -rwxr-xr-x 1 root root 13296 Feb 21 2005 liblogin.so
              -rwxr-xr-x 1 root root 13296 Feb 21 2005 liblogin.so.2
              -rwxr-xr-x 1 root root 13296 Feb 21 2005 liblogin.so.2.0.19
              -rwxr-xr-x 1 root root 851 Feb 21 2005 libplain.la
              -rwxr-xr-x 1 root root 13360 Feb 21 2005 libplain.so
              -rwxr-xr-x 1 root root 13360 Feb 21 2005 libplain.so.2
              -rwxr-xr-x 1 root root 13360 Feb 21 2005 libplain.so.2.0.19
              -rwxr-xr-x 1 root root 931 Feb 21 2005 libsasldb.la
              -rwxr-xr-x 1 root root 783456 Feb 21 2005 libsasldb.so
              -rwxr-xr-x 1 root root 783456 Feb 21 2005 libsasldb.so.2
              -rwxr-xr-x 1 root root 783456 Feb 21 2005 libsasldb.so.2.0.19
              -rw-r--r-- 1 root root 25 Jun 14 11:37 Sendmail.conf
              -rw-r--r-- 1 root root 223 Jul 31 17:34 smtpd.conf




              -- content of /usr/lib/sasl/smtpd.conf --
              pwcheck_method: saslauthd
              saslauthd_version: 2

              -- content of /usr/lib/sasl2/smtpd.conf --
              # This sets smtpd to authenticate using the saslauthd daemon.
              pwcheck_method: saslauthd
              # This allows only plain, login, cram-md5 and digest-md5 as the
              authentication mechanisms.
              mech_list: plain login cram-md5 digest-md5


              -- active services in /etc/postfix/master.cf --
              # service type private unpriv chroot wakeup maxproc command + args
              # (yes) (yes) (yes) (never) (100)
              smtp inet n - n - - smtpd
              pickup fifo n - n 60 1 pickup
              cleanup unix n - n - 0 cleanup
              qmgr fifo n - n 300 1 qmgr
              rewrite unix - - n - - trivial-rewrite
              bounce unix - - n - 0 bounce
              defer unix - - n - 0 bounce
              trace unix - - n - 0 bounce
              verify unix - - n - 1 verify
              flush unix n - n 1000? 0 flush
              proxymap unix - - n - - proxymap
              smtp unix - - n - - smtp
              relay unix - - n - - smtp
              showq unix n - n - - showq
              error unix - - n - - error
              local unix - n n - - local
              virtual unix - n n - - virtual
              lmtp unix - - n - - lmtp
              anvil unix - - n - 1 anvil
              maildrop unix - n n - - pipe
              flags=DRhu user=vmail argv=/usr/local/bin/maildrop -d ${recipient}
              old-cyrus unix - n n - - pipe
              flags=R user=cyrus argv=/usr/lib/cyrus-imapd/deliver -e -m
              ${extension} ${user}
              cyrus unix - n n - - pipe
              user=cyrus argv=/usr/lib/cyrus-imapd/deliver -e -r ${sender} -m
              ${extension} ${user}
              uucp unix - n n - - pipe
              flags=Fqhu user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail
              ($recipient)
              ifmail unix - n n - - pipe
              flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient)
              bsmtp unix - n n - - pipe
              flags=Fq. user=foo argv=/usr/local/sbin/bsmtp -f $sender $nexthop
              $recipient

              -- mechanisms on localhost --

              --
              dnk
            • Patrick Ben Koetter
              ... okay. ... okay. ... Are you missing a # comment in the line above or is it just a line break that was introduced when you pasted the output in this mail?
              Message 6 of 11 , Jul 31, 2006
                * Bbt Lists <mailinglists@...>:
                > Patrick Ben Koetter wrote:
                > >Yep, the log is your friend. And while you are at it, get saslfinger (see
                > >my signature), run it "saslfinger -s" and send the output to the list.
                > >
                > Here is my output from the tool..... (PS - that is pretty slick).
                >
                >
                > saslfinger - postfix Cyrus sasl configuration Mon Jul 31 18:02:00 PDT 2006
                > version: 1.0
                > mode: server-side SMTP AUTH
                >
                > -- basics --
                > Postfix: 2.1.5
                > System: CentOS release 4.3 (Final)
                >
                > -- smtpd is linked to --
                > libsasl2.so.2 => /usr/lib/libsasl2.so.2 (0x00d1f000)
                >
                > -- active SMTP AUTH and TLS parameters for smtpd --
                > broken_sasl_auth_clients = yes
                > smtpd_sasl_auth_enable = yes
                > smtpd_sasl_local_domain =
                > smtpd_sasl_security_options = noanonymous

                okay.

                > -- listing of /usr/lib/sasl2 --
                > total 2908
                > drwxr-xr-x 2 root root 4096 Jul 31 13:42 .
                > drwxr-xr-x 102 root root 49152 Jul 31 12:41 ..
                > -rwxr-xr-x 1 root root 875 Feb 21 2005 libanonymous.la
                > -rwxr-xr-x 1 root root 12820 Feb 21 2005 libanonymous.so
                > -rwxr-xr-x 1 root root 12820 Feb 21 2005 libanonymous.so.2
                > -rwxr-xr-x 1 root root 12820 Feb 21 2005 libanonymous.so.2.0.19
                > -rwxr-xr-x 1 root root 863 Feb 21 2005 libcrammd5.la
                > -rwxr-xr-x 1 root root 15216 Feb 21 2005 libcrammd5.so
                > -rwxr-xr-x 1 root root 15216 Feb 21 2005 libcrammd5.so.2
                > -rwxr-xr-x 1 root root 15216 Feb 21 2005 libcrammd5.so.2.0.19
                > -rwxr-xr-x 1 root root 884 Feb 21 2005 libdigestmd5.la
                > -rwxr-xr-x 1 root root 42964 Feb 21 2005 libdigestmd5.so
                > -rwxr-xr-x 1 root root 42964 Feb 21 2005 libdigestmd5.so.2
                > -rwxr-xr-x 1 root root 42964 Feb 21 2005 libdigestmd5.so.2.0.19
                > -rwxr-xr-x 1 root root 911 Feb 21 2005 libgssapiv2.la
                > -rwxr-xr-x 1 root root 22292 Feb 21 2005 libgssapiv2.so
                > -rwxr-xr-x 1 root root 22292 Feb 21 2005 libgssapiv2.so.2
                > -rwxr-xr-x 1 root root 22292 Feb 21 2005 libgssapiv2.so.2.0.19
                > -rwxr-xr-x 1 root root 851 Feb 21 2005 liblogin.la
                > -rwxr-xr-x 1 root root 13296 Feb 21 2005 liblogin.so
                > -rwxr-xr-x 1 root root 13296 Feb 21 2005 liblogin.so.2
                > -rwxr-xr-x 1 root root 13296 Feb 21 2005 liblogin.so.2.0.19
                > -rwxr-xr-x 1 root root 851 Feb 21 2005 libplain.la
                > -rwxr-xr-x 1 root root 13360 Feb 21 2005 libplain.so
                > -rwxr-xr-x 1 root root 13360 Feb 21 2005 libplain.so.2
                > -rwxr-xr-x 1 root root 13360 Feb 21 2005 libplain.so.2.0.19
                > -rwxr-xr-x 1 root root 931 Feb 21 2005 libsasldb.la
                > -rwxr-xr-x 1 root root 783456 Feb 21 2005 libsasldb.so
                > -rwxr-xr-x 1 root root 783456 Feb 21 2005 libsasldb.so.2
                > -rwxr-xr-x 1 root root 783456 Feb 21 2005 libsasldb.so.2.0.19
                > -rw-r--r-- 1 root root 25 Jun 14 11:37 Sendmail.conf
                > -rw-r--r-- 1 root root 223 Jul 31 17:34 smtpd.conf

                okay.

                > -- content of /usr/lib/sasl2/smtpd.conf --
                > # This sets smtpd to authenticate using the saslauthd daemon.
                > pwcheck_method: saslauthd
                > # This allows only plain, login, cram-md5 and digest-md5 as the
                > authentication mechanisms.

                Are you missing a "#" comment in the line above or is it just a line break
                that was introduced when you pasted the output in this mail?


                > mech_list: plain login cram-md5 digest-md5
                >
                >
                > -- active services in /etc/postfix/master.cf --
                > # service type private unpriv chroot wakeup maxproc command + args
                > # (yes) (yes) (yes) (never) (100)
                > smtp inet n - n - - smtpd

                okay.

                Everything else looks okay.

                p@rick


                --
                The Book of Postfix
                <http://www.postfix-book.com>
                saslfinger (debugging SMTP AUTH):
                <http://postfix.state-of-mind.de/patrick.koetter/saslfinger/>
              • Tony Earnshaw
                ty den 01.08.2006 Klokka 08:36 (+0200) skreiv Patrick Ben Koetter: [...] ... IMHO saslauthd doesn t support cram-md5 or digest-md5 - auxprop is needed. --Tonni
                Message 7 of 11 , Aug 1, 2006
                  ty den 01.08.2006 Klokka 08:36 (+0200) skreiv Patrick Ben Koetter:


                  [...]

                  > > -- content of /usr/lib/sasl2/smtpd.conf --
                  > > # This sets smtpd to authenticate using the saslauthd daemon.
                  > > pwcheck_method: saslauthd
                  > > # This allows only plain, login, cram-md5 and digest-md5 as the
                  > > authentication mechanisms.
                  >
                  > Are you missing a "#" comment in the line above or is it just a line break
                  > that was introduced when you pasted the output in this mail?
                  >
                  >
                  > > mech_list: plain login cram-md5 digest-md5
                  > >
                  > >
                  > > -- active services in /etc/postfix/master.cf --
                  > > # service type private unpriv chroot wakeup maxproc command + args
                  > > # (yes) (yes) (yes) (never) (100)
                  > > smtp inet n - n - - smtpd
                  >
                  > okay.
                  >
                  > Everything else looks okay.

                  IMHO saslauthd doesn't support cram-md5 or digest-md5 - auxprop is
                  needed.

                  --Tonni

                  --
                  Tony Earnshaw
                  tonni at barlaeus.nl
                • Patrick Ben Koetter
                  ... Hmmm, you are correct about saslauthd not being able to process cram-md5 or digest-md5 mechanisms. I didn t notice that and the OP needs to fix that, but
                  Message 8 of 11 , Aug 1, 2006
                    * Tony Earnshaw <tericssonearnshaw@...>:
                    > ty den 01.08.2006 Klokka 08:36 (+0200) skreiv Patrick Ben Koetter:
                    >
                    >
                    > [...]
                    >
                    > > > -- content of /usr/lib/sasl2/smtpd.conf --
                    > > > # This sets smtpd to authenticate using the saslauthd daemon.
                    > > > pwcheck_method: saslauthd
                    > > > # This allows only plain, login, cram-md5 and digest-md5 as the
                    > > > authentication mechanisms.
                    > >
                    > > Are you missing a "#" comment in the line above or is it just a line break
                    > > that was introduced when you pasted the output in this mail?
                    > >
                    > >
                    > > > mech_list: plain login cram-md5 digest-md5
                    > > >
                    > > >
                    > > > -- active services in /etc/postfix/master.cf --
                    > > > # service type private unpriv chroot wakeup maxproc command + args
                    > > > # (yes) (yes) (yes) (never) (100)
                    > > > smtp inet n - n - - smtpd
                    > >
                    > > okay.
                    > >
                    > > Everything else looks okay.
                    >
                    > IMHO saslauthd doesn't support cram-md5 or digest-md5 - auxprop is
                    > needed.

                    Hmmm, you are correct about saslauthd not being able to process cram-md5 or
                    digest-md5 mechanisms. I didn't notice that and the OP needs to fix that, but
                    this will not throttle the smtpd daemon...

                    Which reminds me that the OP still needs to send /var/log/maillog output
                    showing the error...

                    p@rick

                    --
                    The Book of Postfix
                    <http://www.postfix-book.com>
                    saslfinger (debugging SMTP AUTH):
                    <http://postfix.state-of-mind.de/patrick.koetter/saslfinger/>
                  • mouss
                    ... It s been a hard day s night I should be sleeping like a log like what? If you still can t see: you forgot to post your logs ;-p
                    Message 9 of 11 , Aug 1, 2006
                      Bbt Lists wrote:
                      > Patrick Ben Koetter wrote:
                      >> Yep, the log is your friend. And while you are at it, get saslfinger
                      >> (see my
                      >> signature), run it "saslfinger -s" and send the output to the list.
                      >>
                      >> p@rick
                      >>
                      >>
                      >>
                      > Here is my output from the tool..... (PS - that is pretty slick).
                      >
                      It's been a hard day's night
                      I should be sleeping like a log

                      like what?

                      If you still can't see: you forgot to post your logs ;-p
                    • Bbt Lists
                      ... I never posted them because I got the issue figured out.... I had posted to the list informing of that as well. it was a line carriage from a comment that
                      Message 10 of 11 , Aug 2, 2006
                        mouss wrote:
                        >>
                        > It's been a hard day's night
                        > I should be sleeping like a log
                        >
                        > like what?
                        >
                        > If you still can't see: you forgot to post your logs ;-p
                        I never posted them because I got the issue figured out.... I had posted
                        to the list informing of that as well. it was a line carriage from a
                        comment that was messing up my smtpd.conf file.



                        --
                        dnk
                      • mouss
                        ... I ve seen a later mail of yourself. happy postfixing.
                        Message 11 of 11 , Aug 2, 2006
                          Bbt Lists wrote:
                          > mouss wrote:
                          >>>
                          >> It's been a hard day's night
                          >> I should be sleeping like a log
                          >>
                          >> like what?
                          >>
                          >> If you still can't see: you forgot to post your logs ;-p
                          > I never posted them because I got the issue figured out.... I had
                          > posted to the list informing of that as well. it was a line carriage
                          > from a comment that was messing up my smtpd.conf file.
                          >
                          >
                          >
                          I've seen a later mail of yourself. happy postfixing.
                        Your message has been successfully submitted and would be delivered to recipients shortly.