. . .
> OK, here goes -
>
> Using version 3.4.7 packaged by Suse. I use "fetchmail" to retrieve email
> via imap one of which is gmail. The fetched mail is all sent to a local "off
> box" machine, via postfix, spamassassin and clamav, all on the same server.
> The off box machine let's call it "fubar", runs a rather dated groupware
> product I used to support.
>
> I send mail to one upstream provider They require authentication. Seem to
> have successfully setup per user SASL authentication, with one "problem"
> remaining.
>
> Since I would sometimes forget to check the gmail account, added that
> account to fetchmail. It would deliver to fubar via the means described
> above, with a unique fubar user, via the means mentioned above. It became
> convenient to occasionally use the gmail account to test changes I might
> make to my local system. That worked well, till now.
>
> Now when I set "smtp_sender_dependent_authentication = yes" any email I send
> to the gmail account from fubar, upon being "fetched", fails to deliver to
> "fubar" with postfix reporting "501 Authentication failed" and the mail is
> deferred. If I set "smtp_sender_dependent_authentication = no" and restart
> postfix, the deferred mail is delivered. Any mail that arrives at the gmail
> account by any other means delivers normally regardless of the value of
> "smtp_sender_dependent_authentication".
>
> Ultimately, I determined the attempt to authenticate to fubar happens with
> any mail I send to the gmail account, where the "from" address is any valid
> user on the fubar system. That includes test emails sent using swaks, via
> the same upstream provider.
>
> On the receiving end I can see logged information that shows fubar is
> attempting to authenticate, which it does not attempt to do when sender
> dependent authentication is not enabled. At least, not in any visible way or
> even any configured way, While from the point of view of the professionals
> this may "not be a real problem" perhaps for myriad uttered reasons including
> "WFT dude"?, it still seems odd at the least. Probably it will be due to
> "something you did and should have known better".
>
Resubmitting with a bit more information, hopefully useful. It seems
inescapable to conclude that postfix is initiating the attempt to authenticate
in this odd case. Why that is so escapes me at the moment. The server on the
receiving end is set to not authenticate, which does raise the question of why
it seems to be attempting to at all. In any case, I submit below the output of
postfinger and saslfinger as the debugging page suggests. I see some of the
information in each section is redundant, but I did not want to risk causing
any further confusion and consternation.
-- postfinger:
postfinger - postfix configuration on Tue Jan 18 11:54:49 EST 2022
version: 1.30
--System Parameters--
mail_version = 3.4.7
hostname = auxilary
uname = Linux auxilary 5.3.18-lp152.87-default #1 SMP Sun Aug 8 21:53:57 UTC
2021 (44d702a) x86_64 x86_64 x86_64 GNU/Linux
--Packaging information--
looks like this postfix comes from RPM package: postfix-3.4.7-lp152.2.9.1.x86_64
--Mailbox locking methods--
flock fcntl dotlock
--Supported Lookup tables--
btree cidr environ fail hash inline internal ldap lmdb memcache mysql nis pcre
pgsql pipemap proxy randmap regexp socketmap static tcp texthash unionmap unix
--main.cf non-default parameters--
alias_maps = hash:/etc/aliases
biff = no
canonical_maps = hash:/etc/postfix/canonical
compatibility_level = 2
daemon_directory = /usr/lib/postfix/bin/
debugger_command = PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin ddd
$daemon_directory/$process_name $process_id & sleep 5
delay_warning_time = 1h
disable_dns_lookups = yes
disable_vrfy_command = yes
html_directory = /usr/share/doc/packages/postfix-doc/html
inet_protocols = ipv4
mailbox_size_limit = 0
maillog_file = /var/log/postfix.log
manpage_directory = /usr/share/man
masquerade_exceptions = root
message_size_limit = 0
message_strip_characters = \0
milter_default_action = accept
mydestination = $myhostname, localhost.$mydomain
myhostname = AAA.AAAAAA.com
mynetworks = DDD.DDD.DDD.221/32,DDD.DDD.DDD.222,DDD.DDD.DDD.211/32,127.0.0.0/8
mynetworks_style = subnet
readme_directory = /usr/share/doc/packages/postfix-doc/README_FILES
relay_domains = $mydestination, hash:/etc/postfix/relay
relocated_maps = hash:/etc/postfix/relocated
sample_directory = /usr/share/doc/packages/postfix-doc/samples
sender_canonical_maps = hash:/etc/postfix/sender_canonical
sender_dependent_relayhost_maps = hash:/etc/postfix/sender_relay
setgid_group = maildrop
smtp_enforce_tls = yes
smtp_sasl_auth_enable = yes
smtp_sasl_mechanism_filter = login
smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd
smtp_sasl_security_options = noanonymous
smtp_tls_CAfile = /etc/postfix/ssl/certs/cacert.pem
smtp_tls_CApath = /etc/postfix/ssl/certs/
smtp_tls_cert_file = /etc/postfix/ssl/certs/pf-cert.pem
smtp_tls_key_file = /etc/postfix/ssl/certs/pf-key.pem
smtp_tls_loglevel = 2
smtp_tls_security_level = may
smtp_use_tls = yes
smtpd_banner = $myhostname ESMTP
smtpd_milters = unix:/var/run/clamav/clamav-milter.socket
smtpd_recipient_restrictions = permit_mynetworks
smtpd_sender_restrictions = hash:/etc/postfix/access
smtpd_tls_CAfile = /etc/postfix/ssl/certs/cacert.pem
smtpd_tls_CApath = /etc/postfix/ssl/certs/
smtpd_tls_cert_file = /etc/postfix/ssl/certs/pf-cert.pem
smtpd_tls_key_file = /etc/postfix/ssl/certs/pf-key.pem
smtpd_tls_loglevel = 1
smtpd_use_tls = yes
transport_maps = hash:/etc/postfix/transport
virtual_alias_domains = hash:/etc/postfix/virtual
virtual_alias_maps = hash:/etc/postfix/virtual
--master.cf--
smtp inet n - n - - smtpd -o
content_filter=spamassassin
pickup fifo n - n 60 1 pickup
cleanup unix n - n - 0 cleanup
qmgr fifo n - n 300 1 qmgr
rewrite unix - - n - - trivial-rewrite
bounce unix - - n - 0 bounce
defer unix - - n - 0 bounce
trace unix - - n - 0 bounce
verify unix - - n - 1 verify
flush unix n - n 1000? 0 flush
proxymap unix - - n - - proxymap
proxywrite unix - - n - 1 proxymap
smtp unix - - n - - smtp
relay unix - - n - - smtp
-o smtp_fallback_relay=
showq unix n - n - - showq
error unix - - n - - error
retry unix - - n - - error
discard unix - - n - - discard
local unix - n n - - local
virtual unix - n n - - virtual
lmtp unix - - n - - lmtp
anvil unix - - n - 1 anvil
scache unix - - n - 1 scache
spamassassin unix - n n - - pipe
flags=Rq user=spamfilter argv=/usr/local/bin/spamass.sh -e /usr/sbin/sendmail
-oi -f ${sender} -- ${recipient}
tlsmgr unix - - n 1000? 1 tlsmgr
postlog unix-dgram n - n - 1 postlogd
--Specific file and directory permissions--
drwx-wx--- 1 postfix maildrop 0 Jan 18 11:40 /var/spool/postfix/maildrop
drwx--x--- 1 postfix maildrop 68 Jan 18 10:41 /var/spool/postfix/public
total 0
srw-rw-rw- 1 postfix postfix 0 Jan 18 10:41 cleanup
srw-rw-rw- 1 postfix postfix 0 Jan 18 10:41 flush
prw--w--w- 1 postfix postfix 0 Jan 18 11:54 pickup
srw-rw-rw- 1 postfix postfix 0 Jan 18 10:41 postlog
prw--w--w- 1 postfix postfix 0 Jan 18 11:51 qmgr
srw-rw-rw- 1 postfix postfix 0 Jan 18 10:41 showq
drwx------ 1 postfix root 248 Jan 18 10:41 /var/spool/postfix/private
total 0
srw-rw-rw- 1 postfix postfix 0 Feb 26 2021 amavis
srw-rw-rw- 1 postfix postfix 0 Jan 18 10:41 anvil
srw-rw-rw- 1 postfix postfix 0 Jan 18 10:41 bounce
srw-rw-rw- 1 postfix postfix 0 Jan 18 10:41 defer
srw-rw-rw- 1 postfix postfix 0 Jan 18 10:41 discard
srw-rw-rw- 1 postfix postfix 0 Jan 18 10:41 error
srw-rw-rw- 1 postfix postfix 0 Jan 18 10:41 lmtp
srw-rw-rw- 1 postfix postfix 0 Jan 18 10:41 local
srw-rw-rw- 1 postfix postfix 0 Jan 18 10:41 proxymap
srw-rw-rw- 1 postfix postfix 0 Jan 18 10:41 proxywrite
srw-rw-rw- 1 postfix postfix 0 Jan 18 10:41 relay
srw-rw-rw- 1 postfix postfix 0 Jan 18 10:41 retry
srw-rw-rw- 1 postfix postfix 0 Jan 18 10:41 rewrite
srw-rw-rw- 1 postfix postfix 0 Jan 18 10:41 scache
srw-rw-rw- 1 postfix postfix 0 Jan 18 10:41 smtp
srw-rw-rw- 1 postfix postfix 0 Jan 18 10:41 spamassassin
srw-rw-rw- 1 postfix postfix 0 Jan 18 10:41 tlsmgr
srw-rw-rw- 1 postfix postfix 0 Jan 18 10:41 trace
srw-rw-rw- 1 postfix postfix 0 Jan 18 10:41 verify
srw-rw-rw- 1 postfix postfix 0 Jan 18 10:41 virtual
-rwxr-sr-x 1 root maildrop 14512 Jun 28 2021 /usr/sbin/postdrop
-rwxr-sr-x 1 root maildrop 22664 Jun 28 2021 /usr/sbin/postqueue
--Library dependencies--
/usr/lib/postfix/bin//smtpd:
linux-vdso.so.1 (0x00007ffea73e0000)
libpostfix-master.so => /usr/lib/postfix/libpostfix-master.so
(0x00007fbbd3998000)
libpostfix-tls.so => /usr/lib/postfix/libpostfix-tls.so
(0x00007fbbd3776000)
libpostfix-dns.so => /usr/lib/postfix/libpostfix-dns.so
(0x00007fbbd356e000)
libpostfix-global.so => /usr/lib/postfix/libpostfix-global.so
(0x00007fbbd3328000)
libpostfix-util.so => /usr/lib/postfix/libpostfix-util.so
(0x00007fbbd30e3000)
libsasl2.so.3 => /usr/lib64/libsasl2.so.3 (0x00007fbbd2ec6000)
libc.so.6 => /lib64/libc.so.6 (0x00007fbbd2b0b000)
libssl.so.1.1 => /usr/lib64/libssl.so.1.1 (0x00007fbbd287c000)
libcrypto.so.1.1 => /usr/lib64/libcrypto.so.1.1 (0x00007fbbd2396000)
libresolv.so.2 => /lib64/libresolv.so.2 (0x00007fbbd217f000)
libdb-4.8.so => /usr/lib64/libdb-4.8.so (0x00007fbbd1e01000)
libnsl.so.2 => /usr/lib64/libnsl.so.2 (0x00007fbbd1be8000)
libdl.so.2 => /lib64/libdl.so.2 (0x00007fbbd19e4000)
libicuuc.so.suse65.1 => /usr/lib64/libicuuc.so.suse65.1
(0x00007fbbd1605000)
/lib64/ld-linux-x86-64.so.2 (0x00007fbbd3de0000)
libpthread.so.0 => /lib64/libpthread.so.0 (0x00007fbbd13e6000)
libtirpc.so.3 => /lib64/libtirpc.so.3 (0x00007fbbd11b4000)
libicudata.so.suse65.1 => /usr/lib64/libicudata.so.suse65.1
(0x00007fbbd0fb3000)
libstdc++.so.6 => /usr/lib64/libstdc++.so.6 (0x00007fbbd0bd9000)
libm.so.6 => /lib64/libm.so.6 (0x00007fbbd08a1000)
libgcc_s.so.1 => /lib64/libgcc_s.so.1 (0x00007fbbd0688000)
libgssapi_krb5.so.2 => /usr/lib64/libgssapi_krb5.so.2
(0x00007fbbd043c000)
libkrb5.so.3 => /usr/lib64/libkrb5.so.3 (0x00007fbbd0160000)
libk5crypto.so.3 => /usr/lib64/libk5crypto.so.3 (0x00007fbbcff2e000)
libcom_err.so.2 => /lib64/libcom_err.so.2 (0x00007fbbcfd2a000)
libkrb5support.so.0 => /usr/lib64/libkrb5support.so.0
(0x00007fbbcfb1d000)
libkeyutils.so.1 => /usr/lib64/libkeyutils.so.1 (0x00007fbbcf919000)
libselinux.so.1 => /lib64/libselinux.so.1 (0x00007fbbcf6f0000)
libpcre.so.1 => /usr/lib64/libpcre.so.1 (0x00007fbbcf465000)
-- end of postfinger output --
-saslfinger -client
saslfinger - postfix Cyr:us sasl configuration Tue Jan 18 12:23:38 EST 2022
version: 1.0.4
mode: client-side SMTP AUTH
-- basics --
Postfix: 3.4.7
System: Welcome to \S - Kernel \r (\l).
-- smtp is linked to --
libsasl2.so.3 => /usr/lib64/libsasl2.so.3 (0x00007ff32b98c000)
-- active SMTP AUTH and TLS parameters for smtp --
smtp_sasl_auth_enable = yes
smtp_sasl_mechanism_filter = login
smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd
smtp_sasl_security_options = noanonymous
smtp_sasl_type = cyrus
smtp_tls_CAfile = /etc/postfix/ssl/certs/cacert.pem
smtp_tls_CApath = /etc/postfix/ssl/certs/
smtp_tls_cert_file = /etc/postfix/ssl/certs/pf-cert.pem
smtp_tls_key_file = /etc/postfix/ssl/certs/pf-key.pem
smtp_tls_loglevel = 2
smtp_tls_security_level = may
smtp_tls_session_cache_database =
smtp_use_tls = yes
-- listing of /usr/lib64/sasl2 --
total 612
drwxr-xr-x 1 root root 658 Feb 20 2021 .
drwxr-xr-x 1 root root 50092 Jan 16 14:34 ..
-rwxr-xr-x 1 root root 18856 May 16 2020 libanonymous.so
-rwxr-xr-x 1 root root 18856 May 16 2020 libanonymous.so.3
-rwxr-xr-x 1 root root 18856 May 16 2020 libanonymous.so.3.0.0
-rwxr-xr-x 1 root root 22984 May 16 2020 libcrammd5.so
-rwxr-xr-x 1 root root 22984 May 16 2020 libcrammd5.so.3
-rwxr-xr-x 1 root root 22984 May 16 2020 libcrammd5.so.3.0.0
-rwxr-xr-x 1 root root 56272 May 16 2020 libdigestmd5.so
-rwxr-xr-x 1 root root 56272 May 16 2020 libdigestmd5.so.3
-rwxr-xr-x 1 root root 56272 May 16 2020 libdigestmd5.so.3.0.0
-rwxr-xr-x 1 root root 35640 May 16 2020 libgssapiv2.so
-rwxr-xr-x 1 root root 35640 May 16 2020 libgssapiv2.so.3
-rwxr-xr-x 1 root root 35640 May 16 2020 libgssapiv2.so.3.0.0
-rwxr-xr-x 1 root root 18856 May 16 2020 liblogin.so
-rwxr-xr-x 1 root root 18856 May 16 2020 liblogin.so.3
-rwxr-xr-x 1 root root 18856 May 16 2020 liblogin.so.3.0.0
-rwxr-xr-x 1 root root 18888 May 16 2020 libplain.so
-rwxr-xr-x 1 root root 18888 May 16 2020 libplain.so.3
-rwxr-xr-x 1 root root 18888 May 16 2020 libplain.so.3.0.0
-rwxr-xr-x 1 root root 26960 May 16 2020 libsasldb.so
-rwxr-xr-x 1 root root 26960 May 16 2020 libsasldb.so.3
-rwxr-xr-x 1 root root 26960 May 16 2020 libsasldb.so.3.0.0
-- listing of /etc/sasl2 --
total 4
drwxr-xr-x 1 root root 20 Jun 28 2021 .
drwxr-xr-x 1 root root 5258 Jan 16 14:34 ..
-rw------- 1 root root 49 Jun 28 2021 smtpd.conf
-- permissions for /etc/postfix/sasl_passwd --
-rw-r--r-- 1 root root 201 Jan 17 17:12 /etc/postfix/sasl_passwd
-- permissions for /etc/postfix/sasl_passwd.db --
-rw------- 1 root root 12288 Jan 17 17:12 /etc/postfix/sasl_passwd.db
/etc/postfix/sasl_passwd.db is up to date.
-- active services in /etc/postfix/master.cf --
# service type private unpriv chroot wakeup maxproc command + args
# (yes) (yes) (no) (never) (100)
smtp inet n - n - - smtpd -o
content_filter=spamassassin
pickup fifo n - n 60 1 pickup
cleanup unix n - n - 0 cleanup
qmgr fifo n - n 300 1 qmgr
rewrite unix - - n - - trivial-rewrite
bounce unix - - n - 0 bounce
defer unix - - n - 0 bounce
trace unix - - n - 0 bounce
verify unix - - n - 1 verify
flush unix n - n 1000? 0 flush
proxymap unix - - n - - proxymap
proxywrite unix - - n - 1 proxymap
smtp unix - - n - - smtp
relay unix - - n - - smtp
-o smtp_fallback_relay=
showq unix n - n - - showq
error unix - - n - - error
retry unix - - n - - error
discard unix - - n - - discard
local unix - n n - - local
virtual unix - n n - - virtual
lmtp unix - - n - - lmtp
anvil unix - - n - 1 anvil
scache unix - - n - 1 scache
spamassassin unix - n n - - pipe
flags=Rq user=spamfilter argv=/usr/local/bin/spamass.sh -e /usr/sbin/sendmail
-oi -f ${sender} -- ${recipient}
tlsmgr unix - - n 1000? 1 tlsmgr
postlog unix-dgram n - n - 1 postlogd
-- mechanisms on j...@a.com --
-- mechanisms on j...@ad.com --
-- mechanisms on [mail.AAAA-host.com]:587 --
-- end of saslfinger output --
-saslfinger -server
saslfinger - postfix Cyrus sasl configuration Tue Jan 18 12:25:32 EST 2022
version: 1.0.4
mode: server-side SMTP AUTH
-- basics --
Postfix: 3.4.7
System: Welcome to \S - Kernel \r (\l).
-- smtpd is linked to --
libsasl2.so.3 => /usr/lib64/libsasl2.so.3 (0x00007efd8c352000)
-- active SMTP AUTH and TLS parameters for smtpd --
smtpd_sasl_auth_enable = no
smtpd_tls_CAfile = /etc/postfix/ssl/certs/cacert.pem
smtpd_tls_CApath = /etc/postfix/ssl/certs/
smtpd_tls_ask_ccert = no
smtpd_tls_cert_file = /etc/postfix/ssl/certs/pf-cert.pem
smtpd_tls_key_file = /etc/postfix/ssl/certs/pf-key.pem
smtpd_tls_loglevel = 1
smtpd_tls_received_header = no
smtpd_use_tls = yes
-- listing of /usr/lib64/sasl2 --
total 612
drwxr-xr-x 1 root root 658 Feb 20 2021 .
drwxr-xr-x 1 root root 50092 Jan 16 14:34 ..
-rwxr-xr-x 1 root root 18856 May 16 2020 libanonymous.so
-rwxr-xr-x 1 root root 18856 May 16 2020 libanonymous.so.3
-rwxr-xr-x 1 root root 18856 May 16 2020 libanonymous.so.3.0.0
-rwxr-xr-x 1 root root 22984 May 16 2020 libcrammd5.so
-rwxr-xr-x 1 root root 22984 May 16 2020 libcrammd5.so.3
-rwxr-xr-x 1 root root 22984 May 16 2020 libcrammd5.so.3.0.0
-rwxr-xr-x 1 root root 56272 May 16 2020 libdigestmd5.so
-rwxr-xr-x 1 root root 56272 May 16 2020 libdigestmd5.so.3
-rwxr-xr-x 1 root root 56272 May 16 2020 libdigestmd5.so.3.0.0
-rwxr-xr-x 1 root root 35640 May 16 2020 libgssapiv2.so
-rwxr-xr-x 1 root root 35640 May 16 2020 libgssapiv2.so.3
-rwxr-xr-x 1 root root 35640 May 16 2020 libgssapiv2.so.3.0.0
-rwxr-xr-x 1 root root 18856 May 16 2020 liblogin.so
-rwxr-xr-x 1 root root 18856 May 16 2020 liblogin.so.3
-rwxr-xr-x 1 root root 18856 May 16 2020 liblogin.so.3.0.0
-rwxr-xr-x 1 root root 18888 May 16 2020 libplain.so
-rwxr-xr-x 1 root root 18888 May 16 2020 libplain.so.3
-rwxr-xr-x 1 root root 18888 May 16 2020 libplain.so.3.0.0
-rwxr-xr-x 1 root root 26960 May 16 2020 libsasldb.so
-rwxr-xr-x 1 root root 26960 May 16 2020 libsasldb.so.3
-rwxr-xr-x 1 root root 26960 May 16 2020 libsasldb.so.3.0.0
-- listing of /etc/sasl2 --
total 4
drwxr-xr-x 1 root root 20 Jun 28 2021 .
drwxr-xr-x 1 root root 5258 Jan 16 14:34 ..
-rw------- 1 root root 49 Jun 28 2021 smtpd.conf
-- content of /etc/sasl2/smtpd.conf --
pwcheck_method: saslauthd
mech_list: plain login
-- active services in /etc/postfix/master.cf --
# service type private unpriv chroot wakeup maxproc command + args
# (yes) (yes) (no) (never) (100)
smtp inet n - n - - smtpd -o
content_filter=spamassassin
pickup fifo n - n 60 1 pickup
cleanup unix n - n - 0 cleanup
qmgr fifo n - n 300 1 qmgr
rewrite unix - - n - - trivial-rewrite
bounce unix - - n - 0 bounce
defer unix - - n - 0 bounce
trace unix - - n - 0 bounce
verify unix - - n - 1 verify
flush unix n - n 1000? 0 flush
proxymap unix - - n - - proxymap
proxywrite unix - - n - 1 proxymap
smtp unix - - n - - smtp
relay unix - - n - - smtp
-o smtp_fallback_relay=
showq unix n - n - - showq
error unix - - n - - error
retry unix - - n - - error
discard unix - - n - - discard
local unix - n n - - local
virtual unix - n n - - virtual
lmtp unix - - n - - lmtp
anvil unix - - n - 1 anvil
scache unix - - n - 1 scache
spamassassin unix - n n - - pipe
flags=Rq user=spamfilter argv=/usr/local/bin/spamass.sh -e /usr/sbin/sendmail
-oi -f ${sender} -- ${recipient}
tlsmgr unix - - n 1000? 1 tlsmgr
postlog unix-dgram n - n - 1 postlogd
-- mechanisms on localhost --
-- end of saslfinger output --
I hope that is sufficient. Thanks for any and all assistance.
joe a
