Loading ...
Sorry, an error occurred while loading the content.
 

Re: Postfix will not use authentication

Expand Messages
  • Gregorics Tamas
    On Thu, 30 Apr 2009 11:02:53 -0400 (EDT), wietse@porcupine.org (Wietse ... Here is the verbose log: May 2 20:18:17 xxxxx postfix/smtp[6383]:
    Message 1 of 12 , May 2, 2009
      On Thu, 30 Apr 2009 11:02:53 -0400 (EDT), wietse@... (Wietse
      Venema) wrote:
      > Gregorics Tamás:
      >> > Does this command:
      >> >
      >> > $ postmap -q mail.t-online.hu hash:/etc/postfix/sasl_password
      >> >
      >> > Produce the expected output? There is no need to post
      >> > your username or password to the mailing list.
      >> >
      >> Yes, I get the username and password.
      >
      > Now you can turn on verbose logging:
      >
      > # postconf -e "debug_peer_list = mail.t-online.hu"
      > # postfix reload
      >
      > Try sending mail, post logs, and replace username, password, and other
      > confidential stuff by XXX. Don't word-wrap the logs into destruction.
      >
      > Wietse

      Here is the verbose log:

      May 2 20:18:17 xxxxx postfix/smtp[6383]: < mail.t-online.hu[84.2.44.3]:
      220 *******************************************************
      May 2 20:18:17 xxxxx postfix/smtp[6383]: > mail.t-online.hu[84.2.44.3]:
      HELO xxx.hu
      May 2 20:18:17 xxxxx postfix/smtp[6383]: < mail.t-online.hu[84.2.44.3]:
      250 mail01a.mail.t-online.hu
      May 2 20:18:17 xxxxx postfix/smtp[6383]: server features: 0x1040 size 0
      May 2 20:18:17 xxxxx postfix/smtp[6383]: > mail.t-online.hu[84.2.44.3]:
      MAIL FROM:<mcdouglas@...>
      May 2 20:18:17 xxxxx postfix/smtp[6383]: < mail.t-online.hu[84.2.44.3]:
      250 2.1.0 Ok
      May 2 20:18:17 xxxxx postfix/smtp[6383]: > mail.t-online.hu[84.2.44.3]:
      RCPT TO:<mcd@...>
      May 2 20:18:17 xxxxx postfix/smtp[6383]: < mail.t-online.hu[84.2.44.3]:
      554 5.7.1 <mcd@...>: Relay access denied
      May 2 20:18:17 xxxxx postfix/smtp[6383]: connect to subsystem
      private/bounce
      May 2 20:18:17 xxxxx postfix/smtp[6383]: send attr nrequest = 0
      May 2 20:18:17 xxxxx postfix/smtp[6383]: send attr flags = 0
      May 2 20:18:17 xxxxx postfix/smtp[6383]: send attr queue_id = C0AEC45C2DA
      May 2 20:18:17 xxxxx postfix/smtp[6383]: send attr original_recipient =
      mcd@...
      May 2 20:18:17 xxxxx postfix/smtp[6383]: send attr recipient = mcd@...
      May 2 20:18:17 xxxxx postfix/smtp[6383]: send attr offset = 504
      May 2 20:18:17 xxxxx postfix/smtp[6383]: send attr dsn_orig_rcpt =
      rfc822;mcd@...
      May 2 20:18:17 xxxxx postfix/smtp[6383]: send attr notify_flags = 0
      May 2 20:18:17 xxxxx postfix/smtp[6383]: send attr status = 5.7.1
      May 2 20:18:17 xxxxx postfix/smtp[6383]: send attr diag_type = smtp
      May 2 20:18:17 xxxxx postfix/smtp[6383]: send attr diag_text = 554 5.7.1
      <mcd@...>: Relay access denied
      May 2 20:18:17 xxxxx postfix/smtp[6383]: send attr mta_type = dns
      May 2 20:18:17 xxxxx postfix/smtp[6383]: send attr mta_mname =
      mail.t-online.hu
      May 2 20:18:17 xxxxx postfix/smtp[6383]: send attr action = failed
      May 2 20:18:17 xxxxx postfix/smtp[6383]: send attr reason = host
      mail.t-online.hu[84.2.44.3] said: 554 5.7.1 <mcd@...>: Relay access
      denied (in reply to RCPT TO command)
      May 2 20:18:17 xxxxx postfix/smtp[6383]: private/bounce socket: wanted
      attribute: status
      May 2 20:18:17 xxxxx postfix/smtp[6383]: input attribute name: status
      May 2 20:18:17 xxxxx postfix/smtp[6383]: input attribute value: 0
      May 2 20:18:17 xxxxx postfix/smtp[6383]: private/bounce socket: wanted
      attribute: (list terminator)
      May 2 20:18:17 xxxxx postfix/smtp[6383]: input attribute name: (end)
      May 2 20:18:17 xxxxx postfix/smtp[6383]: C0AEC45C2DA: to=<mcd@...>,
      relay=mail.t-online.hu[84.2.44.3]:25, delay=0.62,
      delays=0.25/0.03/0.11/0.24, dsn=5.7.1, status=bounced (host
      mail.t-online.hu[84.2.44.3] said: 554 5.7.1 <mcd@...>: Relay access
      denied (in reply to RCPT TO command))
      May 2 20:18:17 xxxxx postfix/smtp[6383]: > mail.t-online.hu[84.2.44.3]:
      RSET
      May 2 20:18:17 xxxxx postfix/smtp[6383]: < mail.t-online.hu[84.2.44.3]:
      250 2.0.0 Ok
      May 2 20:18:17 xxxxx postfix/smtp[6383]: > mail.t-online.hu[84.2.44.3]:
      QUIT
    • mouss
      ... borked proxy/router/firewall. ... with HELO, there is no smtp extensions, and thus no authentication. for extended smtp, EHLO is needed instead of HELO.
      Message 2 of 12 , May 2, 2009
        Gregorics Tamas a écrit :
        > On Thu, 30 Apr 2009 11:02:53 -0400 (EDT), wietse@... (Wietse
        > Venema) wrote:
        >> Gregorics Tamás:
        >>>> Does this command:
        >>>>
        >>>> $ postmap -q mail.t-online.hu hash:/etc/postfix/sasl_password
        >>>>
        >>>> Produce the expected output? There is no need to post
        >>>> your username or password to the mailing list.
        >>>>
        >>> Yes, I get the username and password.
        >> Now you can turn on verbose logging:
        >>
        >> # postconf -e "debug_peer_list = mail.t-online.hu"
        >> # postfix reload
        >>
        >> Try sending mail, post logs, and replace username, password, and other
        >> confidential stuff by XXX. Don't word-wrap the logs into destruction.
        >>
        >> Wietse
        >
        > Here is the verbose log:
        >
        > May 2 20:18:17 xxxxx postfix/smtp[6383]: < mail.t-online.hu[84.2.44.3]:
        > 220 *******************************************************

        borked proxy/router/firewall.

        > May 2 20:18:17 xxxxx postfix/smtp[6383]: > mail.t-online.hu[84.2.44.3]:
        > HELO xxx.hu

        with HELO, there is no smtp extensions, and thus no authentication.

        for extended smtp, EHLO is needed instead of HELO.

        from here:

        $ telnet mail.t-online.hu 25
        Trying 84.2.46.3...
        Connected to mail.t-online.hu.
        Escape character is '^]'.
        220 mail01d.mail.t-online.hu ESMTP You must authenticate before sending mail
        EHLO imlil.netoyen.net
        250-mail01d.mail.t-online.hu
        250-PIPELINING
        250-SIZE 26214400
        250-VRFY
        250-ETRN
        250-STARTTLS
        250-AUTH LOGIN PLAIN
        250-AUTH=LOGIN PLAIN
        250-ENHANCEDSTATUSCODES
        250-8BITMIME
        250 DSN
        QUIT
        221 2.0.0 Bye


        so the broken gateway is between you and t-online, probably on your
        side. if you have a PIX, disable the smtp f*up "feature" (something like
        “no fixup protocol smtp 25”). if it's something else, find out what is...

        > [snip]
      • Gregorics Tamas
        ... Thank you very much! Indeed I had a PIX515 (8.0(2)) as a gateway. As soon as I disabled esmtp inspection everything worked perfectly.
        Message 3 of 12 , May 2, 2009
          On Sat, 02 May 2009 20:37:01 +0200, mouss <mouss@...> wrote:
          > Gregorics Tamas a écrit :
          >> On Thu, 30 Apr 2009 11:02:53 -0400 (EDT), wietse@... (Wietse
          >> Venema) wrote:
          >>> Gregorics Tamás:
          >>>>> Does this command:
          >>>>>
          >>>>> $ postmap -q mail.t-online.hu hash:/etc/postfix/sasl_password
          >>>>>
          >>>>> Produce the expected output? There is no need to post
          >>>>> your username or password to the mailing list.
          >>>>>
          >>>> Yes, I get the username and password.
          >>> Now you can turn on verbose logging:
          >>>
          >>> # postconf -e "debug_peer_list = mail.t-online.hu"
          >>> # postfix reload
          >>>
          >>> Try sending mail, post logs, and replace username, password, and other
          >>> confidential stuff by XXX. Don't word-wrap the logs into destruction.
          >>>
          >>> Wietse
          >>
          >> Here is the verbose log:
          >>
          >> May 2 20:18:17 xxxxx postfix/smtp[6383]: < mail.t-online.hu[84.2.44.3]:
          >> 220 *******************************************************
          >
          > borked proxy/router/firewall.
          >
          >> May 2 20:18:17 xxxxx postfix/smtp[6383]: > mail.t-online.hu[84.2.44.3]:
          >> HELO xxx.hu
          >
          > with HELO, there is no smtp extensions, and thus no authentication.
          >
          > for extended smtp, EHLO is needed instead of HELO.
          >
          > from here:
          >
          > $ telnet mail.t-online.hu 25
          > Trying 84.2.46.3...
          > Connected to mail.t-online.hu.
          > Escape character is '^]'.
          > 220 mail01d.mail.t-online.hu ESMTP You must authenticate before sending
          > mail
          > EHLO imlil.netoyen.net
          > 250-mail01d.mail.t-online.hu
          > 250-PIPELINING
          > 250-SIZE 26214400
          > 250-VRFY
          > 250-ETRN
          > 250-STARTTLS
          > 250-AUTH LOGIN PLAIN
          > 250-AUTH=LOGIN PLAIN
          > 250-ENHANCEDSTATUSCODES
          > 250-8BITMIME
          > 250 DSN
          > QUIT
          > 221 2.0.0 Bye
          >
          >
          > so the broken gateway is between you and t-online, probably on your
          > side. if you have a PIX, disable the smtp f*up "feature" (something like
          > “no fixup protocol smtp 25”). if it's something else, find out what
          > is...
          >
          >> [snip]


          Thank you very much!
          Indeed I had a PIX515 (8.0(2)) as a gateway. As soon as I disabled esmtp
          inspection everything worked perfectly.
        Your message has been successfully submitted and would be delivered to recipients shortly.