Looks that way to me (although I haven't used it personally). The howto
says that postfix uses parts of cyrus for sasl implementation. Perhaps
there's a courier equivalent? Note, it's using only the sasl component,
which is used for authentication. Yes, it's used for smtp (submission),
although it has nothing to do with the imap component.
--
-Eric 'shubes'
Bryan O'Neal wrote:
Even though I am only having the issue with SMTP? IMAP works perfectly
with stranded password auth?
BTW I am using courier not cyrus
On Thu, May 6, 2010 at 1:29 PM, Eric Shubert <[email protected]> wrote:
Bryan O'Neal wrote:
Ok, I have a smart phone that can not auth for SMTP on this postfix box
The error I get is
May 6 09:53:39 GNUbox postfix/smtpd[16233]: TLS connection
established from 2.sub-75-244-219.myvzw.com[75.244.219.2]: SSLv3 with
cipher RC4-MD5 (128/128 bits)
May 6 09:53:41 GNUbox postfix/smtpd[16233]: warning: SASL
authentication problem: unable to open Berkeley db /etc/sasldb2: No
such file or directory
May 6 09:53:41 GNUbox postfix/smtpd[16233]: warning: SASL
authentication problem: unable to open Berkeley db /etc/sasldb2: No
such file or directory
May 6 09:53:41 GNUbox postfix/smtpd[16233]: warning: SASL
authentication failure: no secret in database
May 6 09:53:41 GNUbox postfix/smtpd[16233]: warning:
2.sub-75-244-219.myvzw.com[75.244.219.2]: SASL CRAM-MD5 authentication
failed: authentication failure
May 6 09:53:42 GNUbox postfix/smtpd[16233]: lost connection after
AUTH from 2.sub-75-244-219.myvzw.com[75.244.219.2]
May 6 09:53:42 GNUbox postfix/smtpd[16233]: disconnect from
2.sub-75-244-219.myvzw.com[75.244.219.2]
So after trying to fix SASL (And failing - I would have to set it up
again from scratch which I am not prepared to do rite now) I said - Ok
- I'll just turn it off and see what happens but I still get and SASL
error - see above - And this is what I find odd. If the server is not
advertising SASL why is the client trying to negotiate it and why is
the server looking to comply? Desktop clients work fine using TSL and
password auth against the LDAP server. Which is what I would like to
do for the phones at this point.
Could I please get some help from some one smarter then I.
Here is the appropriate segment of my main.cf file
content_filter = smtp-amavis:[127.0.0.1]:10024
smtp_use_tls = yes
smtp_tls_note_starttls_offer = yes
smtp_tls_enforce_peername = no
smtpd_use_tls = yes
smtpd_enforce_tls = no
smtp_tls_CApath = /usr/share/ssl/certs
smtpd_tls_cert_file = /etc/postfix/ssl/mail.cmaz.com.crt
smtpd_tls_key_file = /etc/postfix/ssl/mail.cmaz.com.key
smtpd_tls_wrappermode = no
smtpd_tls_auth_only = yes
smtpd_tls_loglevel = 2
smtpd_tls_received_header = yes
smtpd_tls_session_cache_timeout = 3600s
tls_random_source = dev:/dev/urandom
tls_daemon_random_source = dev:/dev/urandom
smtpd_sasl_auth_enable = no
smtpd_sasl2_auth_enable = no
#smtpd_sasl_local_domain = $myhostname
#smtpd_sasl_security_options = noanonymous
#smtpd_sasl_path = smtpd
smtpd_client_restrictions = permit_mynetworks
# permit_sasl_authenticated
#smtpd_sasl_tls_security_options = $smtpd_sasl_security_options
mime_header_checks = regexp:/etc/postfix/mime_header_checks
smtpd_recipient_restrictions =
permit_sasl_authenticated,
permit_mynetworks,
check_sender_access hash:/etc/postfix/whitelist,
# check_sender_access ldap:whitelist,
check_sender_access hash:/etc/postfix/spoofed-domains,
reject_non_fqdn_sender,
reject_non_fqdn_recipient,
reject_unknown_sender_domain,
reject_unknown_recipient_domain,
reject_unauth_destination,
# reject_unauth_pipelining,
#reject_rbl_client cbl.abuseat.org,
#reject_rbl_client combined.njabl.org,
#reject_rbl_client sbl-xbl.spamhaus.org,
#reject_rbl_client relays.ordb.org,
#reject_rbl_client list.dsbl.org,
#reject_rhsbl_client blackhole.securitysage.com,
#reject_rhsbl_sender blackhole.securitysage.com,
# reject_non_fqdn_helo_hostname
# reject_invalid_helo_hostname
check_policy_service unix:/var/spool/postfix/postgrey/socket
smtpd_data_restrictions =
reject_multi_recipient_bounce
# sleep 1
reject_unauth_pipelining
Looks to me like perhaps you need to configure Cyrus SASL.
See http://www.postfix.org/SASL_README.html#server_cyrus
--
-Eric 'shubes'
---------------------------------------------------
PLUG-discuss mailing list - [email protected]
To subscribe, unsubscribe, or to change your mail settings:
http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss
---------------------------------------------------
PLUG-discuss mailing list - [email protected]
To subscribe, unsubscribe, or to change your mail settings:
http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss
