Hi
Running 2.3.8 Debian package (I'll be upgrading shortly), I was already
supporting TLS and SASL auth. One of my users recently moved to RCN and they
block port 25 so I'm trying to open 587.
I added this to my master.cf
submission inet n - - - - smtpd
-o smtpd_enforce_tls=yes
-o smtpd_sasl_auth_enable=yes
# -o smtpd_sasl_security_options=noanonymous
# I added that to mirror main.cf, but no change
-o smtpd_client_restrictions=permit_sasl_authenticated,reject
However, when I test I get a SASL auth error. If I switch my client back to
port 25, there is no SASL error.
Connecting to port 25
Apr 7 10:00:30 donald postfix/smtpd[21028]: connect from
18.myvzw.com[174.252.18.98]
Apr 7 10:00:31 donald postfix/smtpd[21028]: setting up TLS connection from
18.myvzw.com[174.252.18.98]
Apr 7 10:00:32 donald postfix/smtpd[21028]: TLS connection established from
18.myvzw.com[174.252.18.98]: TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)
Apr 7 10:00:34 donald postfix/smtpd[21028]: disconnect from
18.myvzw.com[174.252.18.98]
Connecting from port 587
Apr 7 10:01:04 donald postfix/smtpd[21032]: connect from
18.myvzw.com[174.252.18.98]
Apr 7 10:01:06 donald postfix/smtpd[21032]: setting up TLS connection from
18.myvzw.com[174.252.18.98]
Apr 7 10:01:07 donald postfix/smtpd[21032]: TLS connection established from
18.myvzw.com[174.252.18.98]: TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)
Apr 7 10:01:09 donald postfix/smtpd[21032]: warning: SASL authentication
failure: Password verification failed
Apr 7 10:01:09 donald postfix/smtpd[21032]: warning:
18.myvzw.com[174.252.18.98]: SASL PLAIN authentication failed: authentication
failure
Why is your software bro.. What did I do wrong? :) I assumed that main.cf
sasl parameters would apply to any port that used sasl.
postconf -n | grep sasl
broken_sasl_auth_clients = yes
smtpd_recipient_restrictions = reject_non_fqdn_sender,
reject_non_fqdn_recipient, permit_sasl_authenticated,
reject_sender_login_mismatch, check_client_access
hash:/var/lib/pop-before-smtp/hosts, check_helo_access
hash:/etc/postfix/helo_checks, check_sender_access
hash:/etc/postfix/ip_whitelist, check_recipient_access
hash:/etc/postfix/laxdomains, reject_invalid_hostname,
reject_non_fqdn_hostname,
reject_unknown_sender_domain,reject_unknown_recipient_domain,
reject_invalid_helo_hostname, reject_non_fqdn_helo_hostname,
reject_unknown_helo_hostname, permit_mynetworks, check_policy_service
inet:127.0.0.1:10031, reject_unlisted_recipient,
reject_unauth_destination, reject_rbl_client bl.spamcop.net,
reject_rbl_client cbl.abuseat.org, reject_rbl_client zen.spamhaus.org,
reject_rbl_client blackholes.mail-abuse.org, reject_rbl_client
tw.countries.nerd.dk, reject_rbl_client kr.countries.nerd.dk,
reject_rbl_client cn.countries.nerd.dk, reject_rbl_client
relays.mail-abuse.org, reject_rhsbl_sender dsn.rfc-ignorant.org,
warn_if_reject, reject_unknown_client, warn_if_reject,
reject_rhsbl_client dsn.rfc-ignorant.org, warn_if_reject,
reject_rbl_client dnsbl.sorbs.net, warn_if_reject,
reject_rbl_client dnsbl.njabl.org, warn_if_reject,
reject_rbl_client dul.dnsbl.sorbs.net, permit
smtpd_sasl_auth_enable = yes
smtpd_sasl_local_domain = mydomain.net
smtpd_sasl_security_options = noanonymous
Let me know if you want the whole thing.
Is there something else I need to insert in main.cf
Thanks.
