I'm having an issue relaying to DNAMail Exchange Server with
SASL. I'm receiving the following error, despite being very
confident I have the correct credentials:
535 5.7.3 Authentication unsuccessful
$ postconf -n
command_directory = /usr/sbin
config_directory = /etc/postfix
daemon_directory = /usr/lib/postfix
debug_peer_level = 2
debug_peer_list = smtpauth.exchangecarrier.net
html_directory = /usr/share/doc/postfix-2.3.6/html
mail_owner = postfix
mail_spool_directory = /var/spool/mail
mailbox_size_limit = 102400000000
mailq_path = /usr/bin/mailq
manpage_directory = /usr/share/man
message_size_limit = 102400000
myhostname = DOMAIN.COM
newaliases_path = /usr/bin/newaliases
queue_directory = /var/spool/postfix
readme_directory = /usr/share/doc/postfix-2.3.6/readme
relayhost = smtpauth.exchangecarrier.net:587
sample_directory = /etc/postfix
sendmail_path = /usr/sbin/sendmail
setgid_group = postdrop
smtp_sasl_auth_enable = yes
smtp_sasl_password_maps = hash:/etc/postfix/sasl/sasl_passwd
smtp_sasl_security_options = noplaintext
unknown_local_recipient_reject_code = 550
I've run the required postmap command:
$ sudo postmap /etc/postfix/sasl/sasl_passwd
So I have the following in my sasl directory:
/etc/postfix/sasl/sasl_passwd
/etc/postfix/sasl/sasl_passwd.db
I've attached a debug level #2 logfile and saslfinger output. I
sincerely appreciate any help. -Chris
Jul 4 12:54:34 psico postfix/pickup[31099]: 77F901D0F70: uid=500
from=<n...@domain.com>
Jul 4 12:54:34 psico postfix/cleanup[31114]: 77F901D0F70:
message-id=<20090704165434.gb30...@domain.com>
Jul 4 12:54:34 psico postfix/qmgr[31101]: 77F901D0F70: from=<n...@domain.com>,
size=511, nrcpt=1 (queue active)
Jul 4 12:54:34 psico postfix/smtp[31120]: <
smtpauth.exchangecarrier.net[208.127.0.5]:587: 220 owa1.exchangecarrier.net
Microsoft ESMTP MAIL Service ready at Sat, 4 Jul 2009 09:57:10 -0700
Jul 4 12:54:34 psico postfix/smtp[31120]: >
smtpauth.exchangecarrier.net[208.127.0.5]:587: EHLO SUB.DOMAIN.COM
Jul 4 12:54:34 psico postfix/smtp[31120]: <
smtpauth.exchangecarrier.net[208.127.0.5]:587: 250-owa1.exchangecarrier.net
Hello [76.124.109.32]
Jul 4 12:54:34 psico postfix/smtp[31120]: <
smtpauth.exchangecarrier.net[208.127.0.5]:587: 250-SIZE 52428800
Jul 4 12:54:34 psico postfix/smtp[31120]: <
smtpauth.exchangecarrier.net[208.127.0.5]:587: 250-PIPELINING
Jul 4 12:54:34 psico postfix/smtp[31120]: <
smtpauth.exchangecarrier.net[208.127.0.5]:587: 250-DSN
Jul 4 12:54:34 psico postfix/smtp[31120]: <
smtpauth.exchangecarrier.net[208.127.0.5]:587: 250-ENHANCEDSTATUSCODES
Jul 4 12:54:34 psico postfix/smtp[31120]: <
smtpauth.exchangecarrier.net[208.127.0.5]:587: 250-STARTTLS
Jul 4 12:54:34 psico postfix/smtp[31120]: <
smtpauth.exchangecarrier.net[208.127.0.5]:587: 250-AUTH GSSAPI NTLM
Jul 4 12:54:34 psico postfix/smtp[31120]: <
smtpauth.exchangecarrier.net[208.127.0.5]:587: 250-8BITMIME
Jul 4 12:54:34 psico postfix/smtp[31120]: <
smtpauth.exchangecarrier.net[208.127.0.5]:587: 250-BINARYMIME
Jul 4 12:54:34 psico postfix/smtp[31120]: <
smtpauth.exchangecarrier.net[208.127.0.5]:587: 250 CHUNKING
Jul 4 12:54:34 psico postfix/smtp[31120]: server features: 0x903f size 52428800
Jul 4 12:54:34 psico postfix/smtp[31120]: Using ESMTP PIPELINING, TCP send
buffer size is 4096
Jul 4 12:54:34 psico postfix/smtp[31120]: >
smtpauth.exchangecarrier.net[208.127.0.5]:587: STARTTLS
Jul 4 12:54:34 psico postfix/smtp[31120]: <
smtpauth.exchangecarrier.net[208.127.0.5]:587: 220 2.0.0 SMTP server ready
Jul 4 12:54:34 psico postfix/smtp[31120]: send attr request = seed
Jul 4 12:54:34 psico postfix/smtp[31120]: send attr size = 32
Jul 4 12:54:34 psico postfix/smtp[31120]: private/tlsmgr: wanted attribute:
status
Jul 4 12:54:34 psico postfix/smtp[31120]: input attribute name: status
Jul 4 12:54:34 psico postfix/smtp[31120]: input attribute value: 0
Jul 4 12:54:34 psico postfix/smtp[31120]: private/tlsmgr: wanted attribute:
seed
Jul 4 12:54:34 psico postfix/smtp[31120]: input attribute name: seed
Jul 4 12:54:34 psico postfix/smtp[31120]: input attribute value:
DHF4WWbzKiBSCMdYx7JqVL6c0FGuJOkNeZqGJpTK2C4=
Jul 4 12:54:34 psico postfix/smtp[31120]: private/tlsmgr: wanted attribute:
(list terminator)
Jul 4 12:54:34 psico postfix/smtp[31120]: input attribute name: (end)
Jul 4 12:54:34 psico postfix/smtp[31120]: certificate verification failed for
smtpauth.exchangecarrier.net[208.127.0.5]:587: untrusted issuer
/CN=owa1.exchangecarrier.net
Jul 4 12:54:35 psico postfix/smtp[31120]: >
smtpauth.exchangecarrier.net[208.127.0.5]:587: EHLO SUB.DOMAIN.COM
Jul 4 12:54:35 psico postfix/smtp[31120]: <
smtpauth.exchangecarrier.net[208.127.0.5]:587: 250-owa1.exchangecarrier.net
Hello [76.124.109.32]
Jul 4 12:54:35 psico postfix/smtp[31120]: <
smtpauth.exchangecarrier.net[208.127.0.5]:587: 250-SIZE 52428800
Jul 4 12:54:35 psico postfix/smtp[31120]: <
smtpauth.exchangecarrier.net[208.127.0.5]:587: 250-PIPELINING
Jul 4 12:54:35 psico postfix/smtp[31120]: <
smtpauth.exchangecarrier.net[208.127.0.5]:587: 250-DSN
Jul 4 12:54:35 psico postfix/smtp[31120]: <
smtpauth.exchangecarrier.net[208.127.0.5]:587: 250-ENHANCEDSTATUSCODES
Jul 4 12:54:35 psico postfix/smtp[31120]: <
smtpauth.exchangecarrier.net[208.127.0.5]:587: 250-AUTH GSSAPI NTLM LOGIN
Jul 4 12:54:35 psico postfix/smtp[31120]: <
smtpauth.exchangecarrier.net[208.127.0.5]:587: 250-8BITMIME
Jul 4 12:54:35 psico postfix/smtp[31120]: <
smtpauth.exchangecarrier.net[208.127.0.5]:587: 250-BINARYMIME
Jul 4 12:54:35 psico postfix/smtp[31120]: <
smtpauth.exchangecarrier.net[208.127.0.5]:587: 250 CHUNKING
Jul 4 12:54:35 psico postfix/smtp[31120]: server features: 0x902f size 52428800
Jul 4 12:54:35 psico postfix/smtp[31120]: Using ESMTP PIPELINING, TCP send
buffer size is 4096
Jul 4 12:54:35 psico postfix/smtp[31120]: maps_find: smtp_sasl_passwd:
hash:/etc/postfix/sasl/sasl_passwd(0,lock|fold_fix):
smtpauth.exchangecarrier.net = n...@domain.com:PASSWORD
Jul 4 12:54:35 psico postfix/smtp[31120]: smtp_sasl_passwd_lookup: host
`smtpauth.exchangecarrier.net' user `n...@domain.com' pass `PASSWORD'
Jul 4 12:54:35 psico postfix/smtp[31120]: starting new SASL client
Jul 4 12:54:35 psico postfix/smtp[31120]: name_mask: noplaintext
Jul 4 12:54:35 psico postfix/smtp[31120]: smtp_sasl_authenticate:
smtpauth.exchangecarrier.net[208.127.0.5]:587: SASL mechanisms GSSAPI NTLM LOGIN
Jul 4 12:54:35 psico postfix/smtp[31120]: xsasl_cyrus_client_first: uncoded
initial reply: NTLMSSP\0\1\0\0\0\a\2\0\0\0\0\0\0 \0\0\0\0\0\0\0 \0\0\0
Jul 4 12:54:35 psico postfix/smtp[31120]: >
smtpauth.exchangecarrier.net[208.127.0.5]:587: AUTH NTLM
TlRMTVNTUAABAAAABwIAAAAAAAAgAAAAAAAAACAAAAA=
Jul 4 12:54:35 psico postfix/smtp[31120]: <
smtpauth.exchangecarrier.net[208.127.0.5]:587: 334
TlRMTVNTUAACAAAACAAIADgAAAAFAoEChQG+04pLfAMAAAAAAAAAAKQApABAAAAABQLODgAAAA9NAEEASQBMAAIACABNAEEA
Jul 4 12:54:35 psico postfix/smtp[31120]: xsasl_cyrus_client_next: decoded
challenge: NTLMSSP
Jul 4 12:54:35 psico postfix/smtp[31120]: xsasl_cyrus_client_get_user:
n...@domain.com
Jul 4 12:54:35 psico postfix/smtp[31120]: xsasl_cyrus_client_get_passwd:
PASSWORD
Jul 4 12:54:35 psico postfix/smtp[31120]: xsasl_cyrus_client_next: uncoded
client response NTLMSSP
Jul 4 12:54:35 psico postfix/smtp[31120]: >
smtpauth.exchangecarrier.net[208.127.0.5]:587:
TlRMTVNTUAADAAAAAAAAAEAAAAAYABgAQAAAAAgACABYAAAAGgAaAGAAAAAAAAAAegAAAAAAAAB6AAAABQIAAIT+12cigyI2s9yxfVBRW+6DRa8UBCC6UE0AQQBJAEwAYwBoAHIAaQBzAEAAYwBlAHIAYQAuAHUAcwA=
Jul 4 12:54:40 psico postfix/smtp[31120]: <
smtpauth.exchangecarrier.net[208.127.0.5]:587: 535 5.7.3 Authentication
unsuccessful
Jul 4 12:54:40 psico postfix/smtp[31120]: connect to subsystem private/defer
Jul 4 12:54:40 psico postfix/smtp[31120]: send attr nrequest = 0
Jul 4 12:54:40 psico postfix/smtp[31120]: send attr flags = 0
Jul 4 12:54:40 psico postfix/smtp[31120]: send attr queue_id = 77F901D0F70
Jul 4 12:54:40 psico postfix/smtp[31120]: send attr original_recipient =
recipi...@domain.com
Jul 4 12:54:40 psico postfix/smtp[31120]: send attr recipient =
recipi...@domain.com
Jul 4 12:54:40 psico postfix/smtp[31120]: send attr offset = 181
Jul 4 12:54:40 psico postfix/smtp[31120]: send attr dsn_orig_rcpt =
Jul 4 12:54:40 psico postfix/smtp[31120]: send attr notify_flags = 0
Jul 4 12:54:40 psico postfix/smtp[31120]: send attr status = 4.7.3
Jul 4 12:54:40 psico postfix/smtp[31120]: send attr diag_type = smtp
Jul 4 12:54:40 psico postfix/smtp[31120]: send attr diag_text = 535 5.7.3
Authentication unsuccessful
Jul 4 12:54:40 psico postfix/smtp[31120]: send attr mta_type = dns
Jul 4 12:54:40 psico postfix/smtp[31120]: send attr mta_mname =
smtpauth.exchangecarrier.net
Jul 4 12:54:40 psico postfix/smtp[31120]: send attr action = delayed
Jul 4 12:54:40 psico postfix/smtp[31120]: send attr reason = SASL
authentication failed; server smtpauth.exchangecarrier.net[208.127.0.5] said:
535 5.7.3 Authentication unsuccessful
Jul 4 12:54:40 psico postfix/smtp[31120]: private/defer socket: wanted
attribute: status
Jul 4 12:54:40 psico postfix/smtp[31120]: input attribute name: status
Jul 4 12:54:40 psico postfix/smtp[31120]: input attribute value: 0
Jul 4 12:54:40 psico postfix/smtp[31120]: private/defer socket: wanted
attribute: (list terminator)
Jul 4 12:54:40 psico postfix/smtp[31120]: input attribute name: (end)
Jul 4 12:54:40 psico postfix/smtp[31120]: 77F901D0F70:
to=<recipi...@domain.com>, relay=smtpauth.exchangecarrier.net[208.127.0.5]:587,
delay=5.8, delays=0.05/0.03/5.7/0, dsn=4.7.3, status=deferred (SASL
authentication failed; server smtpauth.exchangecarrier.net[208.127.0.5] said:
535 5.7.3 Authentication unsuccessful)
Jul 4 12:54:40 psico postfix/smtp[31120]: flush_add: site vuzit.com id
77F901D0F70
Jul 4 12:54:40 psico postfix/smtp[31120]: match_hostname: vuzit.com ~?
SUB.DOMAIN.COM
Jul 4 12:54:40 psico postfix/smtp[31120]: match_hostname: vuzit.com ~?
localhost.DOMAIN.COM
Jul 4 12:54:40 psico postfix/smtp[31120]: match_hostname: vuzit.com ~?
localhost
Jul 4 12:54:40 psico postfix/smtp[31120]: match_list_match: vuzit.com: no match
Jul 4 12:54:40 psico postfix/smtp[31120]: flush_add: site vuzit.com id
77F901D0F70 status 4
Jul 4 12:54:40 psico postfix/smtp[31120]: >
smtpauth.exchangecarrier.net[208.127.0.5]:587: QUIT
saslfinger - postfix Cyrus sasl configuration Sat Jul 4 14:21:24 EDT 2009
version: 1.0.2
mode: client-side SMTP AUTH
-- basics --
Postfix: 2.5.5
System: Ubuntu 8.10 \n \l
-- smtp is linked to --
libsasl2.so.2 => /usr/lib/libsasl2.so.2 (0xb7ca1000)
-- active SMTP AUTH and TLS parameters for smtp --
relayhost = smtpauth.exchangecarrier.net:587
smtp_sasl_auth_enable = yes
smtp_sasl_password_maps = hash:/etc/postfix/sasl/sasl_passwd
smtp_sasl_security_options = noplaintext
-- listing of /usr/lib/sasl2 --
total 792
drwxr-xr-x 2 root root 4096 2008-10-29 18:54 .
drwxr-xr-x 188 root root 61440 2009-06-06 16:02 ..
-rw-r--r-- 1 root root 13860 2008-10-10 10:40 libanonymous.a
-rw-r--r-- 1 root root 988 2008-10-10 10:39 libanonymous.la
-rw-r--r-- 1 root root 13752 2008-10-10 10:40 libanonymous.so
-rw-r--r-- 1 root root 13752 2008-10-10 10:40 libanonymous.so.2
-rw-r--r-- 1 root root 13752 2008-10-10 10:40 libanonymous.so.2.0.22
-rw-r--r-- 1 root root 16382 2008-10-10 10:40 libcrammd5.a
-rw-r--r-- 1 root root 974 2008-10-10 10:39 libcrammd5.la
-rw-r--r-- 1 root root 17848 2008-10-10 10:40 libcrammd5.so
-rw-r--r-- 1 root root 17848 2008-10-10 10:40 libcrammd5.so.2
-rw-r--r-- 1 root root 17848 2008-10-10 10:40 libcrammd5.so.2.0.22
-rw-r--r-- 1 root root 47752 2008-10-10 10:40 libdigestmd5.a
-rw-r--r-- 1 root root 997 2008-10-10 10:39 libdigestmd5.la
-rw-r--r-- 1 root root 46828 2008-10-10 10:40 libdigestmd5.so
-rw-r--r-- 1 root root 46828 2008-10-10 10:40 libdigestmd5.so.2
-rw-r--r-- 1 root root 46828 2008-10-10 10:40 libdigestmd5.so.2.0.22
-rw-r--r-- 1 root root 13902 2008-10-10 10:40 liblogin.a
-rw-r--r-- 1 root root 968 2008-10-10 10:39 liblogin.la
-rw-r--r-- 1 root root 13748 2008-10-10 10:40 liblogin.so
-rw-r--r-- 1 root root 13748 2008-10-10 10:40 liblogin.so.2
-rw-r--r-- 1 root root 13748 2008-10-10 10:40 liblogin.so.2.0.22
-rw-r--r-- 1 root root 30316 2008-10-10 10:40 libntlm.a
-rw-r--r-- 1 root root 962 2008-10-10 10:39 libntlm.la
-rw-r--r-- 1 root root 30196 2008-10-10 10:40 libntlm.so
-rw-r--r-- 1 root root 30196 2008-10-10 10:40 libntlm.so.2
-rw-r--r-- 1 root root 30196 2008-10-10 10:40 libntlm.so.2.0.22
-rw-r--r-- 1 root root 14222 2008-10-10 10:40 libplain.a
-rw-r--r-- 1 root root 968 2008-10-10 10:39 libplain.la
-rw-r--r-- 1 root root 17844 2008-10-10 10:40 libplain.so
-rw-r--r-- 1 root root 17844 2008-10-10 10:40 libplain.so.2
-rw-r--r-- 1 root root 17844 2008-10-10 10:40 libplain.so.2.0.22
-rw-r--r-- 1 root root 22394 2008-10-10 10:40 libsasldb.a
-rw-r--r-- 1 root root 999 2008-10-10 10:39 libsasldb.la
-rw-r--r-- 1 root root 21804 2008-10-10 10:40 libsasldb.so
-rw-r--r-- 1 root root 21804 2008-10-10 10:40 libsasldb.so.2
-rw-r--r-- 1 root root 21804 2008-10-10 10:40 libsasldb.so.2.0.22
-- permissions for /etc/postfix/sasl/sasl_passwd --
-rw-r--r-- 1 root root 51 2009-07-04 11:50 /etc/postfix/sasl/sasl_passwd
-- permissions for /etc/postfix/sasl/sasl_passwd.db --
-rw-r--r-- 1 root root 12288 2009-07-04 14:09 /etc/postfix/sasl/sasl_passwd.db
/etc/postfix/sasl/sasl_passwd.db is up to date.
-- active services in /etc/postfix/master.cf --
# service type private unpriv chroot wakeup maxproc command + args
# (yes) (yes) (yes) (never) (100)
smtp inet n - - - - smtpd
pickup fifo n - - 60 1 pickup
cleanup unix n - - - 0 cleanup
qmgr fifo n - n 300 1 qmgr
tlsmgr unix - - - 1000? 1 tlsmgr
rewrite unix - - - - - trivial-rewrite
bounce unix - - - - 0 bounce
defer unix - - - - 0 bounce
trace unix - - - - 0 bounce
verify unix - - - - 1 verify
flush unix n - - 1000? 0 flush
proxymap unix - - n - - proxymap
proxywrite unix - - n - 1 proxymap
smtp unix - - - - - smtp
relay unix - - - - - smtp
-o smtp_fallback_relay=
showq unix n - - - - showq
error unix - - - - - error
retry unix - - - - - error
discard unix - - - - - discard
local unix - n n - - local
virtual unix - n n - - virtual
lmtp unix - - - - - lmtp
anvil unix - - - - 1 anvil
scache unix - - - - 1 scache
maildrop unix - n n - - pipe
flags=DRhu user=vmail argv=/usr/bin/maildrop -d ${recipient}
uucp unix - n n - - pipe
flags=Fqhu user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail ($recipient)
ifmail unix - n n - - pipe
flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient)
bsmtp unix - n n - - pipe
flags=Fq. user=bsmtp argv=/usr/lib/bsmtp/bsmtp -t$nexthop -f$sender $recipient
scalemail-backend unix - n n - 2 pipe
flags=R user=scalemail argv=/usr/lib/scalemail/bin/scalemail-store ${nexthop}
${user} ${extension}
mailman unix - n n - - pipe
flags=FR user=list argv=/usr/lib/mailman/bin/postfix-to-mailman.py
${nexthop} ${user}
-- mechanisms on smtpauth.exchangecarrier.net --
-- end of saslfinger output --
