Authentication at MS Exchange as a smarthost fails

Jens Kubieziel Tue, 16 Dec 2014 04:09:08 -0800

Hi,

I'm trying to set up Postfix to use two smarthosts. All mail sent from
domains example.(com|org) should be sent over smtp.gmail.com (default
smarthost) and mails from Domain.A should be sent over mailgw.Domain.A
(MUA is MS Exchange). I set everything up like in the configuration
below. However delivering the mail fails with 535 Authentication
unsuccessful. I have tried to log in via AUTH LOGIN and telnet/openssl.
This worked. So I have no idea, why authnetication doesn't work here. Do
you have any hints what I'm doing wrong?


main.cf:
alias_maps = hash:/etc/aliases
append_dot_mydomain = no
biff = no
broken_sasl_auth_clients = yes
inet_protocols = ipv4
mailbox_command = procmail -a "$EXTENSION"
mailbox_size_limit = 0
mydestination = golgafrincham.example.com, localhost.example.com, localhost
mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128
myorigin = /etc/mailname
readme_directory = no
recipient_delimiter = +
relayhost = [smtp.gmail.com]:587
sender_dependent_relayhost_maps = hash:/etc/postfix/relayhost_map
smtpd_banner = $myhostname ESMTP $mail_name (Debian/GNU)
smtpd_relay_restrictions = permit_mynetworks permit_sasl_authenticated
defer_unauth_destination
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
smtpd_use_tls = yes
smtp_generic_maps = hash:/etc/postfix/generic
smtp_sasl_auth_enable = yes
smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd
smtp_sasl_security_options = noanonymous
smtp_sender_dependent_authentication = yes
smtp_tls_CAfile = /etc/postfix/cacert.pem
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
smtp_use_tls = yes


relayhost_map:
[email protected]    [smtp.gmail.com]:587
[email protected]        [mailgw.Domain.A]:587

sasl_passwd:
[email protected]    [email protected]:Password
[smtp:gmail.com]:587   [email protected]:Password

mail.log:
Dec 16 09:40:12 golgafrincham postfix/qmgr[26914]: 9044318E: 
from=<[email protected]>, size=400, nrcpt=1 (queue active)
Dec 16 09:40:12 golgafrincham postfix/smtp[26921]: smtp_stream_setup: 
maxtime=300 enable_deadline=0
Dec 16 09:40:12 golgafrincham postfix/smtp[26921]: < 
mailgw.Domain.A[192.0.2.11]:587: 220 mailgw.Domain.A Microsoft ESMTP MAIL 
Service ready at Tue, 16 Dec 2014 03:40:12 -0500
Dec 16 09:40:12 golgafrincham postfix/smtp[26921]: > 
mailgw.Domain.A[192.0.2.11]:587: EHLO golgafrincham.example.com
Dec 16 09:40:13 golgafrincham postfix/smtp[26921]: < 
mailgw.Domain.A[192.0.2.11]:587: 250-mailgw.Domain.A Hello [195.202.38.154]
Dec 16 09:40:13 golgafrincham postfix/smtp[26921]: < 
mailgw.Domain.A[192.0.2.11]:587: 250-SIZE 52428800
Dec 16 09:40:13 golgafrincham postfix/smtp[26921]: < 
mailgw.Domain.A[192.0.2.11]:587: 250-PIPELINING
Dec 16 09:40:13 golgafrincham postfix/smtp[26921]: < 
mailgw.Domain.A[192.0.2.11]:587: 250-DSN
Dec 16 09:40:13 golgafrincham postfix/smtp[26921]: < 
mailgw.Domain.A[192.0.2.11]:587: 250-ENHANCEDSTATUSCODES
Dec 16 09:40:13 golgafrincham postfix/smtp[26921]: < 
mailgw.Domain.A[192.0.2.11]:587: 250-STARTTLS
Dec 16 09:40:13 golgafrincham postfix/smtp[26921]: < 
mailgw.Domain.A[192.0.2.11]:587: 250-AUTH GSSAPI NTLM
Dec 16 09:40:13 golgafrincham postfix/smtp[26921]: < 
mailgw.Domain.A[192.0.2.11]:587: 250-8BITMIME
Dec 16 09:40:13 golgafrincham postfix/smtp[26921]: < 
mailgw.Domain.A[192.0.2.11]:587: 250-BINARYMIME
Dec 16 09:40:13 golgafrincham postfix/smtp[26921]: < 
mailgw.Domain.A[192.0.2.11]:587: 250 CHUNKING
Dec 16 09:40:13 golgafrincham postfix/smtp[26921]: server features: 0x903f size 
52428800
Dec 16 09:40:13 golgafrincham postfix/smtp[26921]: Using ESMTP PIPELINING, TCP 
send buffer size is 46080, PIPELINING buffer size is 4096
Dec 16 09:40:13 golgafrincham postfix/smtp[26921]: smtp_stream_setup: 
maxtime=300 enable_deadline=0
Dec 16 09:40:13 golgafrincham postfix/smtp[26921]: > 
mailgw.Domain.A[192.0.2.11]:587: STARTTLS
Dec 16 09:40:13 golgafrincham postfix/smtp[26921]: < 
mailgw.Domain.A[192.0.2.11]:587: 220 2.0.0 SMTP server ready
Dec 16 09:40:13 golgafrincham postfix/smtp[26921]: send attr request = lookup
Dec 16 09:40:13 golgafrincham postfix/smtp[26921]: send attr cache_type = smtp
Dec 16 09:40:13 golgafrincham postfix/smtp[26921]: send attr cache_id = 
smtp&[mailgw.Domain.A]:587&mailgw.Domain.A&192.0.2.11&&777D63B388B5C434AE11B63E1FCB6213CBD88CF0D5772CD420C390CC2CC7F17E
Dec 16 09:40:13 golgafrincham postfix/smtp[26921]: private/tlsmgr: wanted 
attribute: status
Dec 16 09:40:13 golgafrincham postfix/smtp[26921]: input attribute name: status
Dec 16 09:40:13 golgafrincham postfix/smtp[26921]: input attribute value: 
4294967295
Dec 16 09:40:13 golgafrincham postfix/smtp[26921]: private/tlsmgr: wanted 
attribute: session
Dec 16 09:40:13 golgafrincham postfix/smtp[26921]: input attribute name: session
Dec 16 09:40:13 golgafrincham postfix/smtp[26921]: input attribute value: (end)
Dec 16 09:40:13 golgafrincham postfix/smtp[26921]: private/tlsmgr: wanted 
attribute: (list terminator)
Dec 16 09:40:13 golgafrincham postfix/smtp[26921]: input attribute name: (end)
Dec 16 09:40:13 golgafrincham postfix/smtp[26921]: send attr request = seed
Dec 16 09:40:13 golgafrincham postfix/smtp[26921]: send attr size = 32
Dec 16 09:40:13 golgafrincham postfix/smtp[26921]: private/tlsmgr: wanted 
attribute: status
Dec 16 09:40:13 golgafrincham postfix/smtp[26921]: input attribute name: status
Dec 16 09:40:13 golgafrincham postfix/smtp[26921]: input attribute value: 0
Dec 16 09:40:13 golgafrincham postfix/smtp[26921]: private/tlsmgr: wanted 
attribute: seed
Dec 16 09:40:13 golgafrincham postfix/smtp[26921]: input attribute name: seed
Dec 16 09:40:13 golgafrincham postfix/smtp[26921]: input attribute value: 
WiQjwFNyFc+HKey9bSGt46OISHmipEh+ZOV1fFILzr4=
Dec 16 09:40:13 golgafrincham postfix/smtp[26921]: private/tlsmgr: wanted 
attribute: (list terminator)
Dec 16 09:40:13 golgafrincham postfix/smtp[26921]: input attribute name: (end)
Dec 16 09:40:13 golgafrincham postfix/smtp[26921]: send attr request = update
Dec 16 09:40:13 golgafrincham postfix/smtp[26921]: send attr cache_type = smtp
Dec 16 09:40:13 golgafrincham postfix/smtp[26921]: send attr cache_id = 
smtp&[mailgw.Domain.A]:587&mailgw.Domain.A&192.0.2.11&&777D63B388B5C434AE11B63E1FCB6213CBD88CF0D5772CD420C390CC2CC7F17E
Dec 16 09:40:13 golgafrincham postfix/smtp[26921]: send attr session = [data 
1579 bytes]
Dec 16 09:40:13 golgafrincham postfix/smtp[26921]: private/tlsmgr: wanted 
attribute: status
Dec 16 09:40:13 golgafrincham postfix/smtp[26921]: input attribute name: status
Dec 16 09:40:13 golgafrincham postfix/smtp[26921]: input attribute value: 0
Dec 16 09:40:13 golgafrincham postfix/smtp[26921]: private/tlsmgr: wanted 
attribute: (list terminator)
Dec 16 09:40:13 golgafrincham postfix/smtp[26921]: input attribute name: (end)
Dec 16 09:40:13 golgafrincham postfix/smtp[26921]: smtp_stream_setup: 
maxtime=300 enable_deadline=0
Dec 16 09:40:13 golgafrincham postfix/smtp[26921]: > 
mailgw.Domain.A[192.0.2.11]:587: EHLO golgafrincham.example.com
Dec 16 09:40:13 golgafrincham postfix/smtp[26921]: < 
mailgw.Domain.A[192.0.2.11]:587: 250-mailgw.Domain.A Hello [195.202.38.154]
Dec 16 09:40:13 golgafrincham postfix/smtp[26921]: < 
mailgw.Domain.A[192.0.2.11]:587: 250-SIZE 52428800
Dec 16 09:40:13 golgafrincham postfix/smtp[26921]: < 
mailgw.Domain.A[192.0.2.11]:587: 250-PIPELINING
Dec 16 09:40:13 golgafrincham postfix/smtp[26921]: < 
mailgw.Domain.A[192.0.2.11]:587: 250-DSN
Dec 16 09:40:13 golgafrincham postfix/smtp[26921]: < 
mailgw.Domain.A[192.0.2.11]:587: 250-ENHANCEDSTATUSCODES
Dec 16 09:40:13 golgafrincham postfix/smtp[26921]: < 
mailgw.Domain.A[192.0.2.11]:587: 250-AUTH GSSAPI NTLM LOGIN
Dec 16 09:40:13 golgafrincham postfix/smtp[26921]: < 
mailgw.Domain.A[192.0.2.11]:587: 250-8BITMIME
Dec 16 09:40:13 golgafrincham postfix/smtp[26921]: < 
mailgw.Domain.A[192.0.2.11]:587: 250-BINARYMIME
Dec 16 09:40:13 golgafrincham postfix/smtp[26921]: < 
mailgw.Domain.A[192.0.2.11]:587: 250 CHUNKING
Dec 16 09:40:13 golgafrincham postfix/smtp[26921]: server features: 0x902f size 
52428800
Dec 16 09:40:13 golgafrincham postfix/smtp[26921]: Using ESMTP PIPELINING, TCP 
send buffer size is 46080, PIPELINING buffer size is 4096
Dec 16 09:40:13 golgafrincham postfix/smtp[26921]: maps_find: smtp_sasl_passwd: 
hash:/etc/postfix/sasl_passwd(0,lock|fold_fix): [email protected] = 
[email protected]:Password
Dec 16 09:40:13 golgafrincham postfix/smtp[26921]: mail_addr_find: 
[email protected] -> [email protected]:Password
Dec 16 09:40:13 golgafrincham postfix/smtp[26921]: smtp_sasl_passwd_lookup: 
host `mailgw.Domain.A' user `[email protected]' pass `Password'
Dec 16 09:40:13 golgafrincham postfix/smtp[26921]: starting new SASL client
Dec 16 09:40:13 golgafrincham postfix/smtp[26921]: name_mask: noanonymous
Dec 16 09:40:13 golgafrincham postfix/smtp[26921]: smtp_sasl_authenticate: 
mailgw.Domain.A[192.0.2.11]:587: SASL mechanisms GSSAPI NTLM LOGIN
Dec 16 09:40:13 golgafrincham postfix/smtp[26921]: xsasl_cyrus_client_first: 
uncoded initial reply: NTLMSSP\0\1\0\0\0\a\2\0\0\0\0\0\0 \0\0\0\0\0\0\0 \0\0\000
Dec 16 09:40:13 golgafrincham postfix/smtp[26921]: > 
mailgw.Domain.A[192.0.2.11]:587: AUTH NTLM 
TlRMTVNTUAABAAAABwIAAAAAAAAgAAAAAAAAACAAAAA=
Dec 16 09:40:13 golgafrincham postfix/smtp[26921]: < 
mailgw.Domain.A[192.0.2.11]:587: 334 TlRMTVNTUAACAAAABAAEA...
Dec 16 09:40:13 golgafrincham postfix/smtp[26921]: xsasl_cyrus_client_next: 
decoded challenge: NTLMSSP
Dec 16 09:40:13 golgafrincham postfix/smtp[26921]: xsasl_cyrus_client_get_user: 
[email protected]
Dec 16 09:40:13 golgafrincham postfix/smtp[26921]: 
xsasl_cyrus_client_get_passwd: Password
Dec 16 09:40:13 golgafrincham postfix/smtp[26921]: xsasl_cyrus_client_next: 
uncoded client response NTLMSSP
Dec 16 09:40:13 golgafrincham postfix/smtp[26921]: > 
mailgw.Domain.A[192.0.2.11]:587: TlRMTVNTUAADAAAAAAAAAEA...
Dec 16 09:40:18 golgafrincham postfix/smtp[26921]: < 
mailgw.Domain.A[192.0.2.11]:587: 535 5.7.3 Authentication unsuccessful
Dec 16 09:40:18 golgafrincham postfix/smtp[26921]: connect to subsystem 
private/defer
Dec 16 09:40:18 golgafrincham postfix/smtp[26921]: send attr nrequest = 0
Dec 16 09:40:18 golgafrincham postfix/smtp[26921]: send attr flags = 0
Dec 16 09:40:18 golgafrincham postfix/smtp[26921]: send attr queue_id = 9044318E
Dec 16 09:40:18 golgafrincham postfix/smtp[26921]: send attr original_recipient 
= [email protected]
Dec 16 09:40:18 golgafrincham postfix/smtp[26921]: send attr recipient = 
[email protected]
Dec 16 09:40:18 golgafrincham postfix/smtp[26921]: send attr offset = 607
Dec 16 09:40:18 golgafrincham postfix/smtp[26921]: send attr dsn_orig_rcpt = 
rfc822;[email protected]
Dec 16 09:40:18 golgafrincham postfix/smtp[26921]: send attr notify_flags = 0
Dec 16 09:40:18 golgafrincham postfix/smtp[26921]: send attr status = 4.7.3
Dec 16 09:40:18 golgafrincham postfix/smtp[26921]: send attr diag_type = smtp
Dec 16 09:40:18 golgafrincham postfix/smtp[26921]: send attr diag_text = 535 
5.7.3 Authentication unsuccessful
Dec 16 09:40:18 golgafrincham postfix/smtp[26921]: send attr mta_type = dns
Dec 16 09:40:18 golgafrincham postfix/smtp[26921]: send attr mta_mname = 
mailgw.Domain.A
Dec 16 09:40:18 golgafrincham postfix/smtp[26921]: send attr action = delayed
Dec 16 09:40:18 golgafrincham postfix/smtp[26921]: send attr reason = SASL 
authentication failed; server mailgw.Domain.A[192.0.2.11] said: 535 5.7.3 
Authentication unsuccessful
Dec 16 09:40:18 golgafrincham postfix/smtp[26921]: private/defer socket: wanted 
attribute: status
Dec 16 09:40:18 golgafrincham postfix/smtp[26921]: input attribute name: status
Dec 16 09:40:18 golgafrincham postfix/smtp[26921]: input attribute value: 0
Dec 16 09:40:18 golgafrincham postfix/smtp[26921]: private/defer socket: wanted 
attribute: (list terminator)
Dec 16 09:40:18 golgafrincham postfix/smtp[26921]: input attribute name: (end)
Dec 16 09:40:18 golgafrincham postfix/smtp[26921]: 9044318E: 
to=<[email protected]>, relay=mailgw.Domain.A[192.0.2.11]:587, 
delay=71182, delays=71176/0.09/6.2/0, dsn=4.7.3, status=deferred (SASL 
authentication failed; server mailgw.Domain.A[192.0.2.11] said: 535 5.7.3 
Authentication unsuccessful)
Dec 16 09:40:18 golgafrincham postfix/smtp[26921]: flush_add: site example.org 
id 9044318E
Dec 16 09:40:18 golgafrincham postfix/smtp[26921]: match_hostname: example.org 
~? golgafrincham.example.com
Dec 16 09:40:18 golgafrincham postfix/smtp[26921]: match_hostname: example.org 
~? localhost.example.com
Dec 16 09:40:18 golgafrincham postfix/smtp[26921]: match_hostname: example.org 
~? localhost
Dec 16 09:40:18 golgafrincham postfix/smtp[26921]: match_list_match: 
example.org: no match
Dec 16 09:40:18 golgafrincham postfix/smtp[26921]: flush_add: site example.org 
id 9044318E status 4
Dec 16 09:40:18 golgafrincham postfix/smtp[26921]: smtp_stream_setup: 
maxtime=300 enable_deadline=0
Dec 16 09:40:18 golgafrincham postfix/smtp[26921]: > 
mailgw.Domain.A[192.0.2.11]:587: QUIT
Dec 16 09:40:18 golgafrincham postfix/smtp[26921]: name_mask: resource
Dec 16 09:40:18 golgafrincham postfix/smtp[26921]: name_mask: software
Dec 16 09:40:19 golgafrincham postfix/smtp[26921]: disposing SASL state 
information


-- 
In a successful advertisement it's the graphics that grab you,  but it's 
the text that does the selling.
                -- Pablo PigCasso

Authentication at MS Exchange as a smarthost fails

Reply via email to