Loading ...
Sorry, an error occurred while loading the content.

Problem with SMTP Authentication

Expand Messages
  • schnell-im-netz GmbH - Dominik Sennfelder
    Hello, I have an Ubuntu 10.04 Server with postfix installed. several of our web servers deliver outgoing mail to this server They do this without
    Message 1 of 4 , Sep 2, 2010
    • 0 Attachment
      Hello,

      I have an Ubuntu 10.04 Server with postfix installed.
      several of our web servers deliver outgoing mail to this server
      They do this without authentication allowed by the
      mynetworks =
      option.

      This works.
      The server is setup to use our mail server as relay host.
      This works with authentication.

      However our new Mailserversystem denies relaying for authenticated
      Users because postfix appends "AUTH=<>" at the end of the "FROM MAIL"
      Line.
      The server of course authenticates with one account and sends
      mails for a lot of other domains.

      Here is an example.

      Sep 1 13:33:42 +0200 16 mail-02 SMTP-IN:000786CD: << MAIL
      FROM:<foobar@...> SIZE=3055 AUTH=<>
      This is how postfix sends the "MAIL FROM" line.

      Sep 1 15:12:30 +0200 16 mail-02 SMTP-IN:00086A89: << MAIL
      FROM:<foobar@...> SIZE=1127
      This is how an exchange sends it.

      This exchange authenticates also with one account and sends for 3 or 4
      other Domains.
      The IP-Addresses of both Servers are allowed to relay Mails for several
      Domains.
      But if I nationally request authentication for them the exchange works
      fine,
      but the postfix does not.

      So how do I get rid of the "AUTH=<>" that postfix sends?

      Thanks in advance for any tips or hints.

      Dominik
    • Wietse Venema
      ... This is part of the SASL authentication RFC. 5. The AUTH parameter to the MAIL FROM command AUTH=addr-spec Arguments: An addr-spec containing the identity
      Message 2 of 4 , Sep 2, 2010
      • 0 Attachment
        schnell-im-netz GmbH - Dominik Sennfelder:
        > Hello,
        >
        > I have an Ubuntu 10.04 Server with postfix installed.
        > several of our web servers deliver outgoing mail to this server
        > They do this without authentication allowed by the
        > mynetworks =
        > option.
        >
        > This works.
        > The server is setup to use our mail server as relay host.
        > This works with authentication.
        >
        > However our new Mailserversystem denies relaying for authenticated
        > Users because postfix appends "AUTH=<>" at the end of the "FROM MAIL"
        > Line.
        > The server of course authenticates with one account and sends
        > mails for a lot of other domains.
        >
        > Here is an example.
        >
        > Sep 1 13:33:42 +0200 16 mail-02 SMTP-IN:000786CD: << MAIL
        > FROM:<foobar@...> SIZE=3055 AUTH=<>
        > This is how postfix sends the "MAIL FROM" line.
        >
        > Sep 1 15:12:30 +0200 16 mail-02 SMTP-IN:00086A89: << MAIL
        > FROM:<foobar@...> SIZE=1127
        > This is how an exchange sends it.
        >
        > This exchange authenticates also with one account and sends for 3 or 4
        > other Domains.
        > The IP-Addresses of both Servers are allowed to relay Mails for several
        > Domains.
        > But if I nationally request authentication for them the exchange works
        > fine,
        > but the postfix does not.
        >
        > So how do I get rid of the "AUTH=<>" that postfix sends?

        This is part of the SASL authentication RFC.

        5. The AUTH parameter to the MAIL FROM command

        AUTH=addr-spec

        Arguments:
        An addr-spec containing the identity which submitted the message
        to the delivery system, or the two character sequence "<>"
        indicating such an identity is unknown or insufficiently
        authenticated. To comply with the restrictions imposed on ESMTP
        parameters, the addr-spec is encoded inside an xtext. The syntax
        of an xtext is described in section 5 of [ESMTP-DSN].

        If you don't want this, disable SASL in the Postfix SMTP client:
        set "smtp_sasl_auth_enable = no" in main.cf, or configure the
        Postfix SMTP client to ignore the AUTH verb in the remote SMTP
        server's EHLO response (smtp_discard_ehlo_keyword_address_maps
        or smtp_discard_ehlo_keywords).

        Wietse

        > Thanks in advance for any tips or hints.
        >
        > Dominik
        >
        >
        >
        >
        >
        >
      • schnell-im-netz GmbH - Dominik Sennfelder
        ... Thanks for your reply. i try to understand it. Postfix adds the AUTH= because of such an identity is unknown or insufficiently authenticated. The main
        Message 3 of 4 , Sep 2, 2010
        • 0 Attachment
          >
          > This is part of the SASL authentication RFC.
          >
          > 5. The AUTH parameter to the MAIL FROM command
          >
          > AUTH=addr-spec
          >
          > Arguments:
          > An addr-spec containing the identity which submitted
          > the message
          > to the delivery system, or the two character sequence "<>"
          > indicating such an identity is unknown or insufficiently
          > authenticated. To comply with the restrictions
          > imposed on ESMTP
          > parameters, the addr-spec is encoded inside an xtext.
          > The syntax
          > of an xtext is described in section 5 of [ESMTP-DSN].
          >
          > If you don't want this, disable SASL in the Postfix SMTP client:
          > set "smtp_sasl_auth_enable = no" in main.cf, or configure the
          > Postfix SMTP client to ignore the AUTH verb in the remote SMTP
          > server's EHLO response (smtp_discard_ehlo_keyword_address_maps
          > or smtp_discard_ehlo_keywords).
          >
          > Wietse

          Thanks for your reply.
          i try to understand it.
          Postfix adds the AUTH=<> because of
          "such an identity is unknown or insufficiently authenticated."

          The main mail server ist not a postfix maschine but an Axigen Server.
          (axigen.com) so i can't set up
          "smtp_discard_ehlo_keyword_address_maps or smtp_discard_ehlo_keywords"

          If "smtp_sasl_auth_enable = no" is configured on the client,
          i won't try to authenticate anymore.

          So at the moment exchange is probably violating RFC but working. :)

          So is it possbile to tell postfix, that all messages are "sufficiently
          authenticated"
          so that it no AUTH=<> is send?


          Here the graphical setup :)

          webserver
          ||
          Postfix Relay
          ||
          Axigen Mailserver

          Thanks Dominik
        • Wietse Venema
          ... If the server does not understand this, then the server is not RFC compliant, and you need complain to those who are responsible for that error, not to the
          Message 4 of 4 , Sep 2, 2010
          • 0 Attachment
            schnell-im-netz GmbH - Dominik Sennfelder:
            > >
            > > This is part of the SASL authentication RFC.
            > >
            > > 5. The AUTH parameter to the MAIL FROM command
            > >
            > > AUTH=addr-spec
            > >
            > > Arguments:
            > > An addr-spec containing the identity which submitted
            > > the message
            > > to the delivery system, or the two character sequence "<>"
            > > indicating such an identity is unknown or insufficiently
            > > authenticated. To comply with the restrictions
            > > imposed on ESMTP
            > > parameters, the addr-spec is encoded inside an xtext.
            > > The syntax
            > > of an xtext is described in section 5 of [ESMTP-DSN].
            > >
            > > If you don't want this, disable SASL in the Postfix SMTP client:
            > > set "smtp_sasl_auth_enable = no" in main.cf, or configure the
            > > Postfix SMTP client to ignore the AUTH verb in the remote SMTP
            > > server's EHLO response (smtp_discard_ehlo_keyword_address_maps
            > > or smtp_discard_ehlo_keywords).
            > >
            > > Wietse
            >
            > Thanks for your reply.
            > i try to understand it.

            If the server does not understand this, then the server is not RFC
            compliant, and you need complain to those who are responsible for
            that error, not to the author of Postfix.

            Wietse
          Your message has been successfully submitted and would be delivered to recipients shortly.