Hi all,
I'm hoping you can give me a virtual wack in the head, as I seem to have
forgotten something obvious, yet I am not seeing it.
First off the problem: setting up a new server with Ubuntu 8.04; hand
compiling everything. Old server was Ubuntu 6.06 with hand-compiled
Postfix 2.4.6. For the new server, I did a fresh install of 2.5.5.
Apparently I'm missing something in the release notes though, as I'm
getting this error when I attempt to send an e.mail using authentication:
Oct 27 07:31:35 aeryn postfix/master[26422]: daemon started -- version
2.5.5, configuration /etc/postfix
Oct 27 07:33:50 aeryn postfix/smtpd[26557]: connect from
newserver.example.com[1.2.3.4]
Oct 27 07:33:50 aeryn postfix/smtpd[26557]: setting up TLS connection from
newserver.example.com[1.2.3.4]
Oct 27 07:33:50 aeryn postfix/smtpd[26557]: Anonymous TLS connection
established from newserver.example.com[1.2.3.4]: TLSv1 with cipher
AES128-SHA (128/128 bits)
Oct 27 07:33:50 aeryn postfix/smtpd[26557]: warning: SASL authentication
failure: Password verification failed
Oct 27 07:33:50 aeryn postfix/smtpd[26557]: warning:
newserver.example.com[1.2.3.4]: SASL PLAIN authentication failed:
authentication failure
Oct 27 07:33:50 aeryn postfix/smtpd[26557]: disconnect from
newserver.example.com[1.2.3.4]
Yes, I'm typing my password correctly. :)
Connecting to my old server with the same MUA and same userid/password
works fine. Both servers have the same postconf -n, which leads me to
believe that Something has Changed; either a postfix behavior or something
with my TLS, but I have not been able to find the right clue to look in
the right area.
Here is my postconf -n output:
--------------------------------8<--------------------------------8<-------
# postconf -n
alias_database = hash:/etc/aliases, hash:/home/mailman/data/aliases
alias_maps = hash:/etc/aliases, hash:/home/mailman/data/aliases
bounce_queue_lifetime = 3d
broken_sasl_auth_clients = yes
command_directory = /usr/sbin
config_directory = /etc/postfix
daemon_directory = /usr/libexec/postfix
data_directory = /var/lib/postfix
debug_peer_level = 2
default_privs = nobody
delay_warning_time = 16h
html_directory = no
inet_interfaces = all
mail_owner = postfix
mail_spool_directory = /var/mail
mailbox_command = /usr/bin/procmail -Y -a $DOMAIN
mailbox_size_limit = 850200000
mailq_path = /usr/bin/mailq
manpage_directory = /usr/local/man
maximal_queue_lifetime = 3d
message_size_limit = 21000000
mydestination = $myhostname, localhost.$mydomain $mydomain,
mail.$mydomain, www.$mydomain, ftp.$mydomain
mydomain = example.com
myhostname = mail.example.com
mynetworks = 1.2.3.4/32, 1.2.3.5/32, 1.2.3.6/32, 127.0.0.1/32, 1.2.2.1/32
mynetworks_style = host
myorigin = $mydomain
newaliases_path = /usr/bin/newaliases
owner_request_special = no
queue_directory = /var/spool/postfix
readme_directory = no
sample_directory = /etc/postfix
sendmail_path = /usr/sbin/sendmail
setgid_group = postdrop
smtpd_banner = $myhostname ESMTP $mail_name [Linux]
smtpd_recipient_restrictions = permit_mynetworks permit_sasl_authenticated
reject_unauth_destination
smtpd_sasl_auth_enable = yes
smtpd_sasl_security_options = noanonymous
smtpd_tls_CAfile = /etc/postfix/certs/ca2.pem
smtpd_tls_CApath = /etc/postfix/certs
smtpd_tls_auth_only = yes
smtpd_tls_cert_file = /etc/postfix/certs/server.pem
smtpd_tls_key_file = $smtpd_tls_cert_file
smtpd_tls_loglevel = 1
smtpd_tls_received_header = yes
smtpd_tls_session_cache_database = btree:/var/lib/postfix/smtpd_scache
smtpd_tls_session_cache_timeout = 3600s
smtpd_use_tls = yes
tls_random_source = dev:/dev/urandom
unknown_local_recipient_reject_code = 550
virtual_alias_maps = hash:/etc/postfix/virtual
--------------------------------8<--------------------------------8<-----
/etc/default/saslauthd:
START=yes
DESC="SASL Authentication Daemon"
NAME="saslauthd"
MECHANISMS="shadow"
MECH_OPTIONS=""
THREADS=5
OPTIONS="-c -m /var/spool/postfix/var/run/saslauthd"
/etc/postfix/master.cf:
#
==========================================================================
# service type private unpriv chroot wakeup maxproc command + args
# (yes) (yes) (yes) (never) (100)
#
==========================================================================
smtp inet n - n - - smtpd
825 inet n - n - - smtpd
587 inet n - n - - smtpd
#submission inet n - n - - smtpd
# -o smtpd_enforce_tls=yes
# -o smtpd_sasl_auth_enable=yes
# -o smtpd_client_restrictions=permit_sasl_authenticated,reject
#smtps inet n - n - - smtpd
# -o smtpd_tls_wrappermode=yes
# -o smtpd_sasl_auth_enable=yes
# -o smtpd_client_restrictions=permit_sasl_authenticated,reject
#628 inet n - n - - qmqpd
pickup fifo n - n 60 1 pickup
cleanup unix n - n - 0 cleanup
qmgr fifo n - n 300 1 qmgr
#qmgr fifo n - n 300 1 oqmgr
tlsmgr unix - - n 1000? 1 tlsmgr
rewrite unix - - n - - trivial-rewrite
bounce unix - - n - 0 bounce
defer unix - - n - 0 bounce
trace unix - - n - 0 bounce
verify unix - - n - 1 verify
flush unix n - n 1000? 0 flush
proxymap unix - - n - - proxymap
smtp unix - - n - - smtp
# When relaying mail as backup MX, disable fallback_relay to avoid MX
loops
relay unix - - n - - smtp
-o fallback_relay=
# -o smtp_helo_timeout=5 -o smtp_connect_timeout=5
showq unix n - n - - showq
error unix - - n - - error
retry unix - - n - - error
discard unix - - n - - discard
local unix - n n - - local
virtual unix - n n - - virtual
lmtp unix - - n - - lmtp
anvil unix - - n - 1 anvil
scache unix - - n - 1 scache
proxywrite unix - - n - 1 proxymap
tmail unix - n n - - pipe
flags=DR eol=\r\n user=nobody argv=/usr/sbin/tmail ${user}
/etc/postfix/sasl2/smtpd.conf:
log_level: 3
mech_list: PLAIN LOGIN
pwcheck_method: saslauthd
# gretchen under mandrake:
#saslauthd_path: /var/lib/sasl2/mux
# ubuntu 6.06:
saslauthd_path: /var/run/saslauthd/mux
Am I leaving anything out? Any bit of enlightenment would be most
appreciated!
/vjl/
--
Vince J. LaMonica Knowledge is knowing a street is one way.
[EMAIL PROTECTED] <*> Wisdom is still looking in both directions.
Donate today, please: http://www.cancer.org/
