Re: Relay between 2 Postfix : SASL authentication failure

Tue, 20 Apr 2010 12:37:28 -0700 


Victor Duchovni a écrit :

On Tue, Apr 20, 2010 at 12:21:35PM +0200, Gregory BELLIER wrote:
Did you read the logs? 
I did.

Why are you offering CRAM-MD5 and NTLM on mta1, when only PLAIN works?
Because in my file sasl/smtpd.conf, every time I set a mech_list, it doesn't work. So I didn't set any mech in the mech_list because it does no harm for the moment. However, I did some tests. 

The server at 10.0.0.6 is not configured to offer PLAIN, even over TLS.

   

Then why does it work if my MUA sends an email directly to each MTA ?

   

Apr 20 12:02:01 mta2 postfix/smtpd[2954]: connect from mta1.local[10.0.0.5]
Apr 20 12:02:01 mta2 xxx/pkcs11: Anonymous TLS connection established from 
mta1.local[10.0.0.5]: TLSv1 with cipher ADH-XXX-SHA (256/256 bits)
Apr 20 12:02:01 mta2 xxx/pkcs11: disconnect from mta1.local[10.0.0.5]

     


Why is "smtpd" calling itself "pkcs11"? Are you loading shared libraries
that call openlog() and mess-up the application's syslog name?

   

Yes.

In any case, it sure looks like no PLAIN authentication support is configured
on mta2, and you are showing no evidence of which mechanisms are available
on this MTA via TLS (sasl-finger does not use TLS).

You need to disable verbose TLS logging, and enable verbose non-TLS logging

     mta2:main.cf:
        debug_peer_list=10.0.0.5

   

Thanks for this option I haven't come across. TLS is now disabled.


To answer your questions in the other email :

- saslauthd is running with the following options : saslauthd -a shadow 
-c -m /var/run/saslauthd -n 5

Moreover, I can identify myself with testsaslauthd -u username -p password


- /etc/postfix/sasl/smtpd.conf is where this file is expected by default 
(I found it somewhere).
Anyway, I added cyrus_sasl_config_path and my file is taken into account 
because I added the line mech_list with only plain, looked at the log, 
added login, and saw "login plain".



I did 4 tests, please take a look at the logs at the end of this email :

1) login, plain and sasldb2 with secret inside and reachable
pwcheck_method: saslauthd
mech_list: LOGIN PLAIN

2) sasldb2 with secret inside and reachable
pwcheck_method: saslauthd
# mech_list: LOGIN PLAIN <- commented

3) login, plain but sasldb2 file unreachable
Same as n°1 (I don't provide a log for this one, it's useless)

4) sasldb2 unreachable
pwcheck_method: saslauthd
# mech_list: LOGIN PLAIN <- commented



-> The test n°2 is the only one "working". Because of the tests my 
main.cf changed, at the end of this email, you can find my postconf -n.
I also did a test disabling the chroot in master.cf and it didn't change 
the behaviour.



I hope this is clear for you because it isn't for me. ^^

Thanks for your help !

Greg.



PS: My first email has been rejected because it was too long. The logs 
and postconf are in attachment.

1) login, plain and sasldb2 with secret inside and reachable
Apr 20 18:26:24 mta2 postfix/smtpd[5447]: connect from mta1.local[10.0.0.5]
Apr 20 18:26:24 mta2 postfix/smtpd[5447]: match_hostname: mta1.local ~? 
127.0.0.0/8
Apr 20 18:26:24 mta2 postfix/smtpd[5447]: match_hostaddr: 10.0.0.5 ~? 
127.0.0.0/8
Apr 20 18:26:24 mta2 postfix/smtpd[5447]: match_hostname: mta1.local ~? 
[::ffff:127.0.0.0]/104
Apr 20 18:26:24 mta2 postfix/smtpd[5447]: match_hostaddr: 10.0.0.5 ~? 
[::ffff:127.0.0.0]/104
Apr 20 18:26:24 mta2 postfix/smtpd[5447]: match_hostname: mta1.local ~? 
[::1]/128
Apr 20 18:26:24 mta2 postfix/smtpd[5447]: match_hostaddr: 10.0.0.5 ~? [::1]/128
Apr 20 18:26:24 mta2 postfix/smtpd[5447]: match_list_match: mta1.local: no match
Apr 20 18:26:24 mta2 postfix/smtpd[5447]: match_list_match: 10.0.0.5: no match
Apr 20 18:26:24 mta2 postfix/smtpd[5447]: auto_clnt_open: connected to 
private/anvil
Apr 20 18:26:24 mta2 postfix/smtpd[5447]: send attr request = connect
Apr 20 18:26:24 mta2 postfix/smtpd[5447]: send attr ident = smtp:10.0.0.5
Apr 20 18:26:24 mta2 postfix/smtpd[5447]: private/anvil: wanted attribute: 
status
Apr 20 18:26:24 mta2 postfix/smtpd[5447]: input attribute name: status
Apr 20 18:26:24 mta2 postfix/smtpd[5447]: input attribute value: 0
Apr 20 18:26:24 mta2 postfix/smtpd[5447]: private/anvil: wanted attribute: count
Apr 20 18:26:24 mta2 postfix/smtpd[5447]: input attribute name: count
Apr 20 18:26:24 mta2 postfix/smtpd[5447]: input attribute value: 1
Apr 20 18:26:24 mta2 postfix/smtpd[5447]: private/anvil: wanted attribute: rate
Apr 20 18:26:24 mta2 postfix/smtpd[5447]: input attribute name: rate
Apr 20 18:26:24 mta2 postfix/smtpd[5447]: input attribute value: 1
Apr 20 18:26:24 mta2 postfix/smtpd[5447]: private/anvil: wanted attribute: 
(list terminator)
Apr 20 18:26:24 mta2 postfix/smtpd[5447]: input attribute name: (end)
Apr 20 18:26:24 mta2 postfix/smtpd[5447]: > mta1.local[10.0.0.5]: 220 
mta2.local ESMTP Postfix (Debian/GNU)
Apr 20 18:26:24 mta2 postfix/smtpd[5447]: watchdog_pat: 0xb7f34ac8
Apr 20 18:26:24 mta2 postfix/smtpd[5447]: < mta1.local[10.0.0.5]: EHLO 
mta1.local
Apr 20 18:26:24 mta2 postfix/smtpd[5447]: > mta1.local[10.0.0.5]: 250-mta2.local
Apr 20 18:26:24 mta2 postfix/smtpd[5447]: > mta1.local[10.0.0.5]: 250-PIPELINING
Apr 20 18:26:24 mta2 postfix/smtpd[5447]: > mta1.local[10.0.0.5]: 250-SIZE
Apr 20 18:26:24 mta2 postfix/smtpd[5447]: > mta1.local[10.0.0.5]: 250-VRFY
Apr 20 18:26:24 mta2 postfix/smtpd[5447]: > mta1.local[10.0.0.5]: 250-ETRN
Apr 20 18:26:24 mta2 postfix/smtpd[5447]: match_list_match: mta1.local: no match
Apr 20 18:26:24 mta2 postfix/smtpd[5447]: match_list_match: 10.0.0.5: no match
Apr 20 18:26:24 mta2 postfix/smtpd[5447]: > mta1.local[10.0.0.5]: 250-AUTH 
LOGIN PLAIN
Apr 20 18:26:24 mta2 postfix/smtpd[5447]: > mta1.local[10.0.0.5]: 
250-ENHANCEDSTATUSCODES
Apr 20 18:26:24 mta2 postfix/smtpd[5447]: > mta1.local[10.0.0.5]: 250-8BITMIME
Apr 20 18:26:24 mta2 postfix/smtpd[5447]: > mta1.local[10.0.0.5]: 250 DSN
Apr 20 18:26:24 mta2 postfix/smtpd[5447]: watchdog_pat: 0xb7f34ac8
Apr 20 18:26:24 mta2 postfix/smtpd[5447]: < mta1.local[10.0.0.5]: QUIT
Apr 20 18:26:24 mta2 postfix/smtpd[5447]: > mta1.local[10.0.0.5]: 221 2.0.0 Bye
Apr 20 18:26:24 mta2 postfix/smtpd[5447]: match_hostname: mta1.local ~? 
127.0.0.0/8
Apr 20 18:26:24 mta2 postfix/smtpd[5447]: match_hostaddr: 10.0.0.5 ~? 
127.0.0.0/8
Apr 20 18:26:24 mta2 postfix/smtpd[5447]: match_hostname: mta1.local ~? 
[::ffff:127.0.0.0]/104
Apr 20 18:26:24 mta2 postfix/smtpd[5447]: match_hostaddr: 10.0.0.5 ~? 
[::ffff:127.0.0.0]/104
Apr 20 18:26:24 mta2 postfix/smtpd[5447]: match_hostname: mta1.local ~? 
[::1]/128
Apr 20 18:26:24 mta2 postfix/smtpd[5447]: match_hostaddr: 10.0.0.5 ~? [::1]/128
Apr 20 18:26:24 mta2 postfix/smtpd[5447]: match_list_match: mta1.local: no match
Apr 20 18:26:24 mta2 postfix/smtpd[5447]: match_list_match: 10.0.0.5: no match
Apr 20 18:26:24 mta2 postfix/smtpd[5447]: send attr request = disconnect
Apr 20 18:26:24 mta2 postfix/smtpd[5447]: send attr ident = smtp:10.0.0.5
Apr 20 18:26:24 mta2 postfix/smtpd[5447]: private/anvil: wanted attribute: 
status
Apr 20 18:26:24 mta2 postfix/smtpd[5447]: input attribute name: status
Apr 20 18:26:24 mta2 postfix/smtpd[5447]: input attribute value: 0
Apr 20 18:26:24 mta2 postfix/smtpd[5447]: private/anvil: wanted attribute: 
(list terminator)
Apr 20 18:26:24 mta2 postfix/smtpd[5447]: input attribute name: (end)
Apr 20 18:26:24 mta2 postfix/smtpd[5447]: disconnect from mta1.local[10.0.0.5]



2) sasldb2 with secret inside and reachable
[...]
Apr 20 18:33:23 mta2 postfix/smtpd[5498]: > mta1.local[10.0.0.5]: 220 
mta2.local ESMTP Postfix (Debian/GNU)
Apr 20 18:33:23 mta2 postfix/smtpd[5498]: watchdog_pat: 0xb7fffab8
Apr 20 18:33:23 mta2 postfix/smtpd[5498]: < mta1.local[10.0.0.5]: EHLO 
mta1.local
Apr 20 18:33:23 mta2 postfix/smtpd[5498]: > mta1.local[10.0.0.5]: 250-mta2.local
Apr 20 18:33:23 mta2 postfix/smtpd[5498]: > mta1.local[10.0.0.5]: 250-PIPELINING
Apr 20 18:33:23 mta2 postfix/smtpd[5498]: > mta1.local[10.0.0.5]: 250-SIZE
Apr 20 18:33:23 mta2 postfix/smtpd[5498]: > mta1.local[10.0.0.5]: 250-VRFY
Apr 20 18:33:23 mta2 postfix/smtpd[5498]: > mta1.local[10.0.0.5]: 250-ETRN
Apr 20 18:33:23 mta2 postfix/smtpd[5498]: match_list_match: mta1.local: no match
Apr 20 18:33:23 mta2 postfix/smtpd[5498]: match_list_match: 10.0.0.5: no match
Apr 20 18:33:23 mta2 postfix/smtpd[5498]: > mta1.local[10.0.0.5]: 250-AUTH 
LOGIN CRAM-MD5 DIGEST-MD5 NTLM PLAIN
Apr 20 18:33:23 mta2 postfix/smtpd[5498]: > mta1.local[10.0.0.5]: 
250-ENHANCEDSTATUSCODES
Apr 20 18:33:23 mta2 postfix/smtpd[5498]: > mta1.local[10.0.0.5]: 250-8BITMIME
Apr 20 18:33:23 mta2 postfix/smtpd[5498]: > mta1.local[10.0.0.5]: 250 DSN
Apr 20 18:33:23 mta2 postfix/smtpd[5498]: watchdog_pat: 0xb7fffab8
Apr 20 18:33:23 mta2 postfix/smtpd[5498]: < mta1.local[10.0.0.5]: AUTH 
DIGEST-MD5
Apr 20 18:33:23 mta2 postfix/smtpd[5498]: xsasl_cyrus_server_first: sasl_method 
DIGEST-MD5
Apr 20 18:33:23 mta2 postfix/smtpd[5498]: SASL authentication debug: DIGEST-MD5 
server step 1
Apr 20 18:33:23 mta2 postfix/smtpd[5498]: xsasl_cyrus_server_auth_response: 
uncoded server challenge: 
nonce="1klrjdtpuSouxL3dZ3RwJTvn1kqY4Y2uJymRt8mlZVI=",realm="mta2.local",qop="auth",charset=utf-8,algorithm=md5-sess
Apr 20 18:33:23 mta2 postfix/smtpd[5498]: > mta1.local[10.0.0.5]: 334 
bm9uY2U9IjFrbHJqZHRwdVNvdXhMM2RaM1J3SlR2bjFrcVk0WTJ1SnltUnQ4bWxaVkk9IixyZWFsbT0ibXRhMi5sb2NhbCIscW9wPSJhdXRoIixjaGFyc2V0PXV0Zi04LGFsZ29yaXRobT1tZDUtc2Vzcw==
Apr 20 18:33:23 mta2 postfix/smtpd[5498]: < mta1.local[10.0.0.5]: 
dXNlcm5hbWU9ImRlc3QiLHJlYWxtPSJtdGEyLmxvY2FsIixub25jZT0iMWtscmpkdHB1U291eEwzZFozUndKVHZuMWtxWTRZMnVKeW1SdDhtbFpWST0iLGNub25jZT0iRUl2cXR4NksvK3ZtbHcvVlZsa3J3aUxNWS9Za0x4SFdob1NGQ28vNzluST0iLG5jPTAwMDAwMDAxLHFvcD1hdXRoLGRpZ2VzdC11cmk9InNtdHAvMTAuMC4wLjYiLHJlc3BvbnNlPTg5MjkxMWFkOWU4YmMzOTE0MTMxYjZhMmM3YWUwOGRh
Apr 20 18:33:23 mta2 postfix/smtpd[5498]: xsasl_cyrus_server_next: decoded 
response: 
username="dest",realm="mta2.local",nonce="1klrjdtpuSouxL3dZ3RwJTvn1kqY4Y2uJymRt8mlZVI=",cnonce="EIvqtx6K/+vmlw/VVlkrwiLMY/YkLxHWhoSFCo/79nI=",nc=00000001,qop=auth,digest-uri="smtp/10.0.0.6",response=892911ad9e8bc3914131b6a2c7ae08da
Apr 20 18:33:23 mta2 postfix/smtpd[5498]: SASL authentication debug: DIGEST-MD5 
server step 2
Apr 20 18:33:23 mta2 postfix/smtpd[5498]: xsasl_cyrus_server_auth_response: 
uncoded server challenge: rspauth=5086bb9f0ca54c11c5a1c73063858ba5
Apr 20 18:33:23 mta2 postfix/smtpd[5498]: > mta1.local[10.0.0.5]: 334 
cnNwYXV0aD01MDg2YmI5ZjBjYTU0YzExYzVhMWM3MzA2Mzg1OGJhNQ==
Apr 20 18:33:23 mta2 postfix/smtpd[5498]: < mta1.local[10.0.0.5]:
Apr 20 18:33:23 mta2 postfix/smtpd[5498]: xsasl_cyrus_server_next: decoded 
response:
Apr 20 18:33:23 mta2 postfix/smtpd[5498]: > mta1.local[10.0.0.5]: 235 2.7.0 
Authentication successful
[...]
Apr 20 18:33:23 mta2 postfix/smtpd[5498]: input attribute name: (end)
Apr 20 18:33:23 mta2 postfix/smtpd[5498]: dict_proxy_lookup: 
table=unix:passwd.byname flags=lock|fold_fix key=...@mta2.local -> status=1 
result=
Apr 20 18:33:23 mta2 postfix/smtpd[5498]: maps_find: local_recipient_maps: 
g...@mta2.local: not found
Apr 20 18:33:23 mta2 postfix/smtpd[5498]: send attr request = lookup
Apr 20 18:33:23 mta2 postfix/smtpd[5498]: send attr table = unix:passwd.byname
Apr 20 18:33:23 mta2 postfix/smtpd[5498]: send attr flags = 16448
Apr 20 18:33:23 mta2 postfix/smtpd[5498]: send attr key = gch
Apr 20 18:33:23 mta2 postfix/smtpd[5498]: private/proxymap socket: wanted 
attribute: status
Apr 20 18:33:23 mta2 postfix/smtpd[5498]: input attribute name: status
Apr 20 18:33:23 mta2 postfix/smtpd[5498]: input attribute value: 0
Apr 20 18:33:23 mta2 postfix/smtpd[5498]: private/proxymap socket: wanted 
attribute: value
Apr 20 18:33:23 mta2 postfix/smtpd[5498]: input attribute name: value
Apr 20 18:33:23 mta2 postfix/smtpd[5498]: input attribute value: 
gch:x:1001:1001:GregCharb,,,:/home/gch:/bin/bash
Apr 20 18:33:23 mta2 postfix/smtpd[5498]: private/proxymap socket: wanted 
attribute: (list terminator)
Apr 20 18:33:23 mta2 postfix/smtpd[5498]: input attribute name: (end)
Apr 20 18:33:23 mta2 postfix/smtpd[5498]: dict_proxy_lookup: 
table=unix:passwd.byname flags=lock|fold_fix key=gch -> status=0 
result=gch:x:1001:1001:GregCharb,,,:/home/gch:/bin/bash
Apr 20 18:33:23 mta2 postfix/smtpd[5498]: maps_find: local_recipient_maps: 
proxy:unix:passwd.byname(0,lock|fold_fix): gch = 
gch:x:1001:1001:GregCharb,,,:/home/gch:/bin/bash
Apr 20 18:33:23 mta2 postfix/smtpd[5498]: mail_addr_find: g...@mta2.local -> 
gch:x:1001:1001:GregCharb,,,:/home/gch:/bin/bash
Apr 20 18:33:23 mta2 postfix/smtpd[5498]: smtpd_check_rewrite: trying: 
permit_inet_interfaces
Apr 20 18:33:23 mta2 postfix/smtpd[5498]: permit_inet_interfaces: mta1.local 
10.0.0.5
Apr 20 18:33:23 mta2 postfix/smtpd[5498]: before input_transp_cleanup: cleanup 
flags = enable_header_body_filter enable_automatic_bcc enable_address_mapping 
enable_milters
Apr 20 18:33:23 mta2 postfix/smtpd[5498]: after input_transp_cleanup: cleanup 
flags = enable_header_body_filter enable_automatic_bcc enable_address_mapping
Apr 20 18:33:23 mta2 postfix/smtpd[5498]: connect to subsystem public/cleanup
Apr 20 18:33:23 mta2 postfix/smtpd[5498]: public/cleanup socket: wanted 
attribute: queue_id
Apr 20 18:33:23 mta2 postfix/smtpd[5498]: input attribute name: queue_id
Apr 20 18:33:23 mta2 postfix/smtpd[5498]: input attribute value: F165746306
Apr 20 18:33:23 mta2 postfix/smtpd[5498]: public/cleanup socket: wanted 
attribute: (list terminator)
Apr 20 18:33:23 mta2 postfix/smtpd[5498]: input attribute name: (end)
Apr 20 18:33:23 mta2 postfix/smtpd[5498]: send attr flags = 178
Apr 20 18:33:23 mta2 postfix/smtpd[5498]: F165746306: 
client=mta1.local[10.0.0.5], sasl_method=DIGEST-MD5, sasl_username=dest
Apr 20 18:33:23 mta2 postfix/smtpd[5498]: > mta1.local[10.0.0.5]: 250 2.1.5 Ok
Apr 20 18:33:23 mta2 postfix/smtpd[5498]: watchdog_pat: 0xb7fffab8
Apr 20 18:33:23 mta2 postfix/smtpd[5498]: < mta1.local[10.0.0.5]: DATA
Apr 20 18:33:23 mta2 postfix/smtpd[5498]: > mta1.local[10.0.0.5]: 354 End data 
with <CR><LF>.<CR><LF>
Apr 20 18:33:23 mta2 postfix/cleanup[5502]: F165746306: 
message-id=<4bcdd759.4070...@mta1.local>
Apr 20 18:33:24 mta2 postfix/qmgr[5497]: F165746306: from=<d...@mta1.local>, 
size=745, nrcpt=1 (queue active)
Apr 20 18:33:24 mta2 postfix/smtpd[5498]: public/cleanup socket: wanted 
attribute: status
Apr 20 18:33:24 mta2 postfix/smtpd[5498]: input attribute name: status
Apr 20 18:33:24 mta2 postfix/smtpd[5498]: input attribute value: 0
Apr 20 18:33:24 mta2 postfix/smtpd[5498]: public/cleanup socket: wanted 
attribute: reason
Apr 20 18:33:24 mta2 postfix/smtpd[5498]: input attribute name: reason
Apr 20 18:33:24 mta2 postfix/smtpd[5498]: input attribute value: (end)
Apr 20 18:33:24 mta2 postfix/smtpd[5498]: public/cleanup socket: wanted 
attribute: (list terminator)
Apr 20 18:33:24 mta2 postfix/smtpd[5498]: input attribute name: (end)
Apr 20 18:33:24 mta2 postfix/smtpd[5498]: > mta1.local[10.0.0.5]: 250 2.0.0 Ok: 
queued as F165746306
Apr 20 18:33:24 mta2 postfix/smtpd[5498]: watchdog_pat: 0xb7fffab8
Apr 20 18:33:24 mta2 postfix/smtpd[5498]: < mta1.local[10.0.0.5]: QUIT
Apr 20 18:33:24 mta2 postfix/smtpd[5498]: > mta1.local[10.0.0.5]: 221 2.0.0 Bye
[...]



4) sasldb2 unreachable
[...]
Apr 20 18:40:38 mta2 postfix/smtpd[5535]: > mta1.local[10.0.0.5]: 220 
mta2.local ESMTP Postfix (Debian/GNU)
Apr 20 18:40:38 mta2 postfix/smtpd[5535]: watchdog_pat: 0xb7f18ab8
Apr 20 18:40:38 mta2 postfix/smtpd[5535]: < mta1.local[10.0.0.5]: EHLO 
mta1.local
Apr 20 18:40:38 mta2 postfix/smtpd[5535]: > mta1.local[10.0.0.5]: 250-mta2.local
Apr 20 18:40:38 mta2 postfix/smtpd[5535]: > mta1.local[10.0.0.5]: 250-PIPELINING
Apr 20 18:40:38 mta2 postfix/smtpd[5535]: > mta1.local[10.0.0.5]: 250-SIZE
Apr 20 18:40:38 mta2 postfix/smtpd[5535]: > mta1.local[10.0.0.5]: 250-VRFY
Apr 20 18:40:38 mta2 postfix/smtpd[5535]: > mta1.local[10.0.0.5]: 250-ETRN
Apr 20 18:40:38 mta2 postfix/smtpd[5535]: match_list_match: mta1.local: no match
Apr 20 18:40:38 mta2 postfix/smtpd[5535]: match_list_match: 10.0.0.5: no match
Apr 20 18:40:38 mta2 postfix/smtpd[5535]: > mta1.local[10.0.0.5]: 250-AUTH 
LOGIN CRAM-MD5 DIGEST-MD5 NTLM PLAIN
Apr 20 18:40:38 mta2 postfix/smtpd[5535]: > mta1.local[10.0.0.5]: 
250-ENHANCEDSTATUSCODES
Apr 20 18:40:38 mta2 postfix/smtpd[5535]: > mta1.local[10.0.0.5]: 250-8BITMIME
Apr 20 18:40:38 mta2 postfix/smtpd[5535]: > mta1.local[10.0.0.5]: 250 DSN
Apr 20 18:40:38 mta2 postfix/smtpd[5535]: watchdog_pat: 0xb7f18ab8
Apr 20 18:40:38 mta2 postfix/smtpd[5535]: < mta1.local[10.0.0.5]: AUTH 
DIGEST-MD5
Apr 20 18:40:38 mta2 postfix/smtpd[5535]: xsasl_cyrus_server_first: sasl_method 
DIGEST-MD5
Apr 20 18:40:38 mta2 postfix/smtpd[5535]: SASL authentication debug: DIGEST-MD5 
server step 1
Apr 20 18:40:38 mta2 postfix/smtpd[5535]: xsasl_cyrus_server_auth_response: 
uncoded server challenge: 
nonce="PIoI0zZs1twVo9aFaldD/NHeQKkvORcl7XGZmTFywag=",realm="mta2.local",qop="auth",charset=utf-8,algorithm=md5-sess
Apr 20 18:40:38 mta2 postfix/smtpd[5535]: > mta1.local[10.0.0.5]: 334 
bm9uY2U9IlBJb0kwelpzMXR3Vm85YUZhbGREL05IZVFLa3ZPUmNsN1hHWm1URnl3YWc9IixyZWFsbT0ibXRhMi5sb2NhbCIscW9wPSJhdXRoIixjaGFyc2V0PXV0Zi04LGFsZ29yaXRobT1tZDUtc2Vzcw==
Apr 20 18:40:38 mta2 postfix/smtpd[5535]: < mta1.local[10.0.0.5]: 
dXNlcm5hbWU9ImRlc3QiLHJlYWxtPSJtdGEyLmxvY2FsIixub25jZT0iUElvSTB6WnMxdHdWbzlhRmFsZEQvTkhlUUtrdk9SY2w3WEdabVRGeXdhZz0iLGNub25jZT0ia01IQ25yamw0ZjVtNTJHc3J1MUhsMXhOY1JCeTdwV2tCNHFIcnR2Q3FMUT0iLG5jPTAwMDAwMDAxLHFvcD1hdXRoLGRpZ2VzdC11cmk9InNtdHAvMTAuMC4wLjYiLHJlc3BvbnNlPWFlMTFiODllNDcyOWI1ODIxOTFhMWY3MjA3NGEwNWNh
Apr 20 18:40:38 mta2 postfix/smtpd[5535]: xsasl_cyrus_server_next: decoded 
response: 
username="dest",realm="mta2.local",nonce="PIoI0zZs1twVo9aFaldD/NHeQKkvORcl7XGZmTFywag=",cnonce="kMHCnrjl4f5m52Gsru1Hl1xNcRBy7pWkB4qHrtvCqLQ=",nc=00000001,qop=auth,digest-uri="smtp/10.0.0.6",response=ae11b89e4729b582191a1f72074a05ca
Apr 20 18:40:38 mta2 postfix/smtpd[5535]: SASL authentication debug: DIGEST-MD5 
server step 2
Apr 20 18:40:38 mta2 postfix/smtpd[5535]: warning: SASL authentication problem: 
unable to open Berkeley db /etc/sasldb2: No such file or directory
Apr 20 18:40:38 mta2 postfix/smtpd[5535]: warning: SASL authentication problem: 
unable to open Berkeley db /etc/sasldb2: No such file or directory
Apr 20 18:40:38 mta2 postfix/smtpd[5535]: warning: SASL authentication failure: 
no secret in database
Apr 20 18:40:38 mta2 postfix/smtpd[5535]: warning: mta1.local[10.0.0.5]: SASL 
DIGEST-MD5 authentication failed: authentication failure
Apr 20 18:40:38 mta2 postfix/smtpd[5535]: > mta1.local[10.0.0.5]: 535 5.7.8 
Error: authentication failed: authentication failure
Apr 20 18:40:38 mta2 postfix/smtpd[5535]: watchdog_pat: 0xb7f18ab8
Apr 20 18:40:38 mta2 postfix/smtpd[5535]: < mta1.local[10.0.0.5]: QUIT
Apr 20 18:40:38 mta2 postfix/smtpd[5535]: > mta1.local[10.0.0.5]: 221 2.0.0 Bye
[...]



Mta2's postconf :

mta2:/var/spool/postfix# postconf -n
alias_database = hash:/etc/aliases
alias_maps = hash:/etc/aliases
append_dot_mydomain = no
biff = no
config_directory = /etc/postfix
cyrus_sasl_config_path = /etc/postfix/sasl
debug_peer_list = 10.0.0.5
home_mailbox = Maildir/
inet_interfaces = all
mailbox_command = procmail -a "$EXTENSION"
mailbox_size_limit = 0
message_size_limit = 0
mydestination = mta2.local, localhost.local, , localhost
myhostname = mta2.local
mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128
myorigin = /etc/mailname
readme_directory = no
recipient_delimiter = +
relayhost = [10.0.0.5]
smtp_sasl_auth_enable = yes
smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd
smtp_sasl_type = cyrus
smtpd_banner = $myhostname ESMTP $mail_name (Debian/GNU)
smtpd_recipient_restrictions = permit_sasl_authenticated,           
reject_unauth_destination
smtpd_sasl_auth_enable = yes
smtpd_sasl_authenticated_header = yes
smtpd_sasl_type = cyrus 






















					Reply via email to