Loading ...
Sorry, an error occurred while loading the content.

Re: Postfix will not use authentication

Expand Messages
  • mouss
    ... borked proxy/router/firewall. ... with HELO, there is no smtp extensions, and thus no authentication. for extended smtp, EHLO is needed instead of HELO.
    Message 1 of 12 , May 2 11:37 AM
    • 0 Attachment
      Gregorics Tamas a écrit :
      > On Thu, 30 Apr 2009 11:02:53 -0400 (EDT), wietse@... (Wietse
      > Venema) wrote:
      >> Gregorics Tamás:
      >>>> Does this command:
      >>>>
      >>>> $ postmap -q mail.t-online.hu hash:/etc/postfix/sasl_password
      >>>>
      >>>> Produce the expected output? There is no need to post
      >>>> your username or password to the mailing list.
      >>>>
      >>> Yes, I get the username and password.
      >> Now you can turn on verbose logging:
      >>
      >> # postconf -e "debug_peer_list = mail.t-online.hu"
      >> # postfix reload
      >>
      >> Try sending mail, post logs, and replace username, password, and other
      >> confidential stuff by XXX. Don't word-wrap the logs into destruction.
      >>
      >> Wietse
      >
      > Here is the verbose log:
      >
      > May 2 20:18:17 xxxxx postfix/smtp[6383]: < mail.t-online.hu[84.2.44.3]:
      > 220 *******************************************************

      borked proxy/router/firewall.

      > May 2 20:18:17 xxxxx postfix/smtp[6383]: > mail.t-online.hu[84.2.44.3]:
      > HELO xxx.hu

      with HELO, there is no smtp extensions, and thus no authentication.

      for extended smtp, EHLO is needed instead of HELO.

      from here:

      $ telnet mail.t-online.hu 25
      Trying 84.2.46.3...
      Connected to mail.t-online.hu.
      Escape character is '^]'.
      220 mail01d.mail.t-online.hu ESMTP You must authenticate before sending mail
      EHLO imlil.netoyen.net
      250-mail01d.mail.t-online.hu
      250-PIPELINING
      250-SIZE 26214400
      250-VRFY
      250-ETRN
      250-STARTTLS
      250-AUTH LOGIN PLAIN
      250-AUTH=LOGIN PLAIN
      250-ENHANCEDSTATUSCODES
      250-8BITMIME
      250 DSN
      QUIT
      221 2.0.0 Bye


      so the broken gateway is between you and t-online, probably on your
      side. if you have a PIX, disable the smtp f*up "feature" (something like
      “no fixup protocol smtp 25”). if it's something else, find out what is...

      > [snip]
    • Gregorics Tamas
      ... Thank you very much! Indeed I had a PIX515 (8.0(2)) as a gateway. As soon as I disabled esmtp inspection everything worked perfectly.
      Message 2 of 12 , May 2 11:47 AM
      • 0 Attachment
        On Sat, 02 May 2009 20:37:01 +0200, mouss <mouss@...> wrote:
        > Gregorics Tamas a écrit :
        >> On Thu, 30 Apr 2009 11:02:53 -0400 (EDT), wietse@... (Wietse
        >> Venema) wrote:
        >>> Gregorics Tamás:
        >>>>> Does this command:
        >>>>>
        >>>>> $ postmap -q mail.t-online.hu hash:/etc/postfix/sasl_password
        >>>>>
        >>>>> Produce the expected output? There is no need to post
        >>>>> your username or password to the mailing list.
        >>>>>
        >>>> Yes, I get the username and password.
        >>> Now you can turn on verbose logging:
        >>>
        >>> # postconf -e "debug_peer_list = mail.t-online.hu"
        >>> # postfix reload
        >>>
        >>> Try sending mail, post logs, and replace username, password, and other
        >>> confidential stuff by XXX. Don't word-wrap the logs into destruction.
        >>>
        >>> Wietse
        >>
        >> Here is the verbose log:
        >>
        >> May 2 20:18:17 xxxxx postfix/smtp[6383]: < mail.t-online.hu[84.2.44.3]:
        >> 220 *******************************************************
        >
        > borked proxy/router/firewall.
        >
        >> May 2 20:18:17 xxxxx postfix/smtp[6383]: > mail.t-online.hu[84.2.44.3]:
        >> HELO xxx.hu
        >
        > with HELO, there is no smtp extensions, and thus no authentication.
        >
        > for extended smtp, EHLO is needed instead of HELO.
        >
        > from here:
        >
        > $ telnet mail.t-online.hu 25
        > Trying 84.2.46.3...
        > Connected to mail.t-online.hu.
        > Escape character is '^]'.
        > 220 mail01d.mail.t-online.hu ESMTP You must authenticate before sending
        > mail
        > EHLO imlil.netoyen.net
        > 250-mail01d.mail.t-online.hu
        > 250-PIPELINING
        > 250-SIZE 26214400
        > 250-VRFY
        > 250-ETRN
        > 250-STARTTLS
        > 250-AUTH LOGIN PLAIN
        > 250-AUTH=LOGIN PLAIN
        > 250-ENHANCEDSTATUSCODES
        > 250-8BITMIME
        > 250 DSN
        > QUIT
        > 221 2.0.0 Bye
        >
        >
        > so the broken gateway is between you and t-online, probably on your
        > side. if you have a PIX, disable the smtp f*up "feature" (something like
        > “no fixup protocol smtp 25”). if it's something else, find out what
        > is...
        >
        >> [snip]


        Thank you very much!
        Indeed I had a PIX515 (8.0(2)) as a gateway. As soon as I disabled esmtp
        inspection everything worked perfectly.
      Your message has been successfully submitted and would be delivered to recipients shortly.