John wrote: > Sandy Drobic wrote: >> [snip] >>> smtpd_helo_required = no >>> >> >> If this server is connected to the internet (as it appears) I suggest you >> change this to "yes". Every client is required to send helo. >> >> > Postfix defaults to 'NO' but I've changed it to 'YES'
The (Suse!) default doesn't mean anything. The default configuration for Postfix on a suse installation is a nullclient configuration, meant only for sending mails. Parts of that is to only accept 2 concurrent connections and listen only on localhost. >>> smtpd_recipient_restrictions = permit_mynetworks, >>> permit_sasl_authenticated, >>> permit_tls_clientcerts, >>> reject_unauth_destination >>> >> >> Okay. Though you haven't used any restrictions to reject spam or viruses. >> > Haven't gotten that far yet! Thunderbird provides my spam filter for now. >> >>> smtpd_sasl_application_name = smtpd >>> smtpd_sasl_auth_enable = no >>> >> >> Unless you "yes" here, Postfix will not offer the option to authenticate. >> > Set to 'YES', then postfix failed to end this mail (workstation running > thunderbird) so I set it back to 'NO' for now as it raises other issues! Little question has smtp auth ever worked for you before or is this your first try? If you enable smtpd_auth and restart the server, do you see any warnings in your maillog? >> >>> smtpd_sasl_local_domain = smtpd_sasl_security_options = noanonymous, >>> noplaintext >>> smtpd_sasl_tls_security_options = noanonymous >>> >> >> Now it gets a little tricky. The options themselves are reasonable, >> provided your server can offer auth mechanism other than PLAIN and LOGIN. >> >> To see what your server can offer please post the output of >> "ls -l /usr/lib/sasl2" and the content of /usr/lib/sasl2/smtpd.conf. >> > Attached > > If you are using Cyrus as Imapserver and saslauthd for authentication, you > are out of luck. Saslauthd only supports plaintext mechanisms (PLAIN and > LOGIN). > > Am I trying to flog the proverbial dead horse in getting my phone to be > allowed to use my postfix server, then? No, you still have some hope left. (^-^) Your phone supports SSL or at least TLS. That means you can use plaintext mechs like PLAIN or LOGIN if you encrypt the connection. > ------------------------------------------------------------------------ > > pwcheck_method: saslauthd > log_level: 3 > mech_list: PLAIN LOGIN Okay, you NEED either SSL or TLS, otherwise your passwords are transmitted over the wire as clear text (only binhex64 encoded but not encrypted). The neccessary Cyrus libraries are installed. Please for test purposes, enable smtp auth without encryption and check that the server now offers AUTH: postconf -e "smtpd_tls_auth_only = no" postconf -e "smtpd_enable_sasl_auth = yes" postfix reload Then check at the console of your server: telnet localhost 25 ehlo localhost Now you should see the capabilities of your server. One of the lines should start with "250-AUTH PLAIN LOGIN" Here an example from my server: 250-japantest.homelinux.com 250-PIPELINING 250-SIZE 100000000 250-ETRN 250-AUTH LOGIN PLAIN 250-AUTH=LOGIN PLAIN 250-ENHANCEDSTATUSCODES 250-8BITMIME 250 DSN If you see the auth lines we can work on getting your clients to authenticate. -- Sandy List replies only please! Please address PMs to: news-reply2 (@) japantest (.) homelinux (.) com -- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
