subject:"Re\: Re\: Authentication unsuccessful relaying from Postfix to Microsoft ESMTP MAIL Service"

Re: Re: Authentication unsuccessful relaying from Postfix to Microsoft ESMTP MAIL Service

2010-05-13 Thread Clive Standbridge

(I'm sending this from a different account after several previous
attempts to reply vanished).

  The TLS part seems to be sorted now (see my reply to Sven). But
 the
  authentication still fails.

 Then, put the full Postfix log again so we can check where (and
 why)
 it stops now :-)

Ahem, good point.

The attachments contain the lines written to /var/log/auth.log and
/var/log/mail.log when the attempt to mail via NEWSERVER:587 failed,
also my /etc/postfix/main.cf (without comments).


-- 
Cheers,
Clive
/var/log/auth.log:
May 10 12:59:35 rimmer postfix/smtp[13763]: NTLM client step 1
May 10 12:59:35 rimmer postfix/smtp[13763]: NTLM client step 2
May 10 12:59:35 rimmer postfix/smtp[13763]: server flags: ff810205
May 10 12:59:35 rimmer postfix/smtp[13763]: server domain: NEWSERVER-NTDOMAIN
May 10 12:59:35 rimmer postfix/smtp[13763]: calculating NT response
/var/log/mail.log:
May 10 12:59:35 rimmer postfix/pickup[13718]: 3BB483982: uid=1000 
from=MY-EMAIL-ADDRESS
May 10 12:59:35 rimmer postfix/cleanup[13761]: 3BB483982: 
resent-message-id=20100510115935.gf3...@my-mailname
May 10 12:59:35 rimmer postfix/cleanup[13761]: 3BB483982: 
message-id=20100509200545.ga3...@my-mailname
May 10 12:59:35 rimmer postfix/qmgr[13719]: 3BB483982: from=MY-EMAIL-ADDRESS, 
size=855, nrcpt=1 (queue active)
May 10 12:59:35 rimmer postfix/smtp[13763]: initializing the client-side TLS 
engine
May 10 12:59:35 rimmer postfix/tlsmgr[13764]: open smtp TLS cache 
btree:/var/lib/postfix/smtp_scache
May 10 12:59:35 rimmer postfix/tlsmgr[13764]: tlsmgr_cache_run_event: start TLS 
smtp session cache cleanup
May 10 12:59:35 rimmer postfix/smtp[13763]: setting up TLS connection to 
NEWSERVER[NEWSERVER-IPADDR]:587
May 10 12:59:35 rimmer postfix/smtp[13763]: NEWSERVER[NEWSERVER-IPADDR]:587: 
TLS cipher list ALL:+RC4:@STRENGTH
May 10 12:59:35 rimmer postfix/smtp[13763]: looking for session 
smtp:NEWSERVER-IPADDR:587:NEWSERVER-OTHERNAMEp=0c=ALL:+RC4:@STRENGTH in smtp 
cache
May 10 12:59:35 rimmer postfix/tlsmgr[13764]: lookup smtp session 
id=smtp:NEWSERVER-IPADDR:587:NEWSERVER-OTHERNAMEp=0c=ALL:+RC4:@STRENGTH
May 10 12:59:35 rimmer postfix/smtp[13763]: SSL_connect:before/connect 
initialization
May 10 12:59:35 rimmer postfix/smtp[13763]: SSL_connect:SSLv2/v3 write client 
hello A
May 10 12:59:35 rimmer postfix/smtp[13763]: SSL_connect:SSLv3 read server hello 
A
May 10 12:59:35 rimmer postfix/smtp[13763]: NEWSERVER[NEWSERVER-IPADDR]:587: 
certificate verification depth=3 verify=1 subject=/L=ValiCert Validation 
Network/O=ValiCert, Inc./OU=ValiCert Class 2 Policy Validation 
Authority/CN=http://www.valicert.com//emailaddress=i...@valicert.com
May 10 12:59:35 rimmer postfix/smtp[13763]: NEWSERVER[NEWSERVER-IPADDR]:587: 
certificate verification depth=2 verify=1 subject=/C=US/O=The Go Daddy Group, 
Inc./OU=Go Daddy Class 2 Certification Authority
May 10 12:59:35 rimmer postfix/smtp[13763]: NEWSERVER[NEWSERVER-IPADDR]:587: 
certificate verification depth=1 verify=1 
subject=/C=US/ST=Arizona/L=Scottsdale/O=GoDaddy.com, 
Inc./OU=http://certificates.godaddy.com/repository/CN=Go Daddy Secure 
Certification Authority/serialNumber=07969287
May 10 12:59:35 rimmer postfix/smtp[13763]: NEWSERVER[NEWSERVER-IPADDR]:587: 
certificate verification depth=0 verify=1 
subject=/O=*.NEWSERVER-DOMAIN/OU=Domain Control Validated/CN=*.NEWSERVER-DOMAIN
May 10 12:59:35 rimmer postfix/smtp[13763]: SSL_connect:SSLv3 read server 
certificate A
May 10 12:59:35 rimmer postfix/smtp[13763]: SSL_connect:SSLv3 read server done A
May 10 12:59:35 rimmer postfix/smtp[13763]: SSL_connect:SSLv3 write client key 
exchange A
May 10 12:59:35 rimmer postfix/smtp[13763]: SSL_connect:SSLv3 write change 
cipher spec A
May 10 12:59:35 rimmer postfix/smtp[13763]: SSL_connect:SSLv3 write finished A
May 10 12:59:35 rimmer postfix/smtp[13763]: SSL_connect:SSLv3 flush data
May 10 12:59:35 rimmer postfix/smtp[13763]: SSL_connect:SSLv3 read finished A
May 10 12:59:35 rimmer postfix/smtp[13763]: save session 
smtp:NEWSERVER-IPADDR:587:NEWSERVER-OTHERNAMEp=0c=ALL:+RC4:@STRENGTH to smtp 
cache
May 10 12:59:35 rimmer postfix/tlsmgr[13764]: put smtp session 
id=smtp:NEWSERVER-IPADDR:587:NEWSERVER-OTHERNAMEp=0c=ALL:+RC4:@STRENGTH [data 
1378 bytes]
May 10 12:59:35 rimmer postfix/tlsmgr[13764]: write smtp TLS cache entry 
smtp:NEWSERVER-IPADDR:587:NEWSERVER-OTHERNAMEp=0c=ALL:+RC4:@STRENGTH: 
time=1273492775 [data 1378 bytes]
May 10 12:59:35 rimmer postfix/smtp[13763]: Trusted TLS connection established 
to NEWSERVER[NEWSERVER-IPADDR]:587: TLSv1 with cipher RC4-MD5 (128/128 bits)
May 10 12:59:40 rimmer postfix/smtp[13763]: 3BB483982: to=MY-EMAIL-ADDRESS, 
relay=NEWSERVER[NEWSERVER-IPADDR]:587, delay=5.5, delays=0.02/0.03/5.4/0, 
dsn=4.7.3, status=deferred (SASL authentication failed; server 
NEWSERVER[NEWSERVER-IPADDR] said: 535 5.7.3 Authentication unsuccessful)
/etc/postfix/main.cf:
smtpd_banner = $myhostname ESMTP $mail_name (Debian/GNU)
biff = no
append_dot_mydomain = no
readme_directory =

Re: Re: Authentication unsuccessful relaying from Postfix to Microsoft ESMTP MAIL Service

2010-05-09 Thread Clive Standbridge

 The problem with postfix is that it runs chrooted and the CA
 certificates are not copied into the chroot.  See #287795¹.
 
 Sven
 
 ¹ http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=287795

Hi Sven,

Thanks for that suggestion. I had seen that bug and discounted it
because the patch is only effective if smtp_tls_CApath is set, and
mine wasn't set. But your mail prompted another look, and with both
smtp_tls_CApath = /etc/ssl/certs and applying the patch from #287795,
it banished the certificate verification failed and changed
Untrusted TLS connection established to Trusted TLS connection
established.

So that's progress :-)

Unfortunately it's still failing to authenticate. From mail.log:
May  9 21:49:18 rimmer postfix/smtp[8121]: 5DE243A66: to=MY-EMAIL-ADDRESS, 
relay=NEWSERVER[NEWSERVER-IPADDR]:587, delay=5.5, delays=0.02/0.03/5.4/0, 
dsn=4.7.3, status=deferred (SASL authentication failed; server 
NEWSERVER[NEWSERVER-IPADDR] said: 535 5.7.3 Authentication unsuccessful)

Thanks,
Clive


-- 
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org 
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/20100509223356.ga13...@rimmer.esmertec.com

Re: Re: Authentication unsuccessful relaying from Postfix to Microsoft ESMTP MAIL Service

2010-05-09 Thread Clive Standbridge

 I don't have a solution, just one possibly helpful bit of advice: swaks
 is the tool for troubleshooting this sort of thing.  You have gotten
 lots of useful information from Postfix and telnet, but I'd try using
 swaks to communicate with the server with and without TLS, and you'll
 see, for any combination of connection and authentication options
 that you try, what works and what errors are received on failure.

Hi Celejar,

Thanks for that advice. I will take a look at swaks.
I have run out of weekend now, so it may take a day or two.

-- 
Cheers,
Clive


-- 
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org 
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/20100509231514.ga13...@rimmer.esmertec.com

Re: Re: Authentication unsuccessful relaying from Postfix to Microsoft ESMTP MAIL Service

Re: Re: Authentication unsuccessful relaying from Postfix to Microsoft ESMTP MAIL Service

Re: Re: Authentication unsuccessful relaying from Postfix to Microsoft ESMTP MAIL Service

3 matches

Site Navigation

Mail list logo

Footer information