I'm having an issue relaying to DNAMail Exchange Server with SASL. I'm receiving the following error, despite being very confident I have the correct credentials:
535 5.7.3 Authentication unsuccessful $ postconf -n command_directory = /usr/sbin config_directory = /etc/postfix daemon_directory = /usr/lib/postfix debug_peer_level = 2 debug_peer_list = smtpauth.exchangecarrier.net html_directory = /usr/share/doc/postfix-2.3.6/html mail_owner = postfix mail_spool_directory = /var/spool/mail mailbox_size_limit = 102400000000 mailq_path = /usr/bin/mailq manpage_directory = /usr/share/man message_size_limit = 102400000 myhostname = DOMAIN.COM newaliases_path = /usr/bin/newaliases queue_directory = /var/spool/postfix readme_directory = /usr/share/doc/postfix-2.3.6/readme relayhost = smtpauth.exchangecarrier.net:587 sample_directory = /etc/postfix sendmail_path = /usr/sbin/sendmail setgid_group = postdrop smtp_sasl_auth_enable = yes smtp_sasl_password_maps = hash:/etc/postfix/sasl/sasl_passwd smtp_sasl_security_options = noplaintext unknown_local_recipient_reject_code = 550 I've run the required postmap command: $ sudo postmap /etc/postfix/sasl/sasl_passwd So I have the following in my sasl directory: /etc/postfix/sasl/sasl_passwd /etc/postfix/sasl/sasl_passwd.db I've attached a debug level #2 logfile and saslfinger output. I sincerely appreciate any help. -Chris
Jul 4 12:54:34 psico postfix/pickup[31099]: 77F901D0F70: uid=500 from=<n...@domain.com> Jul 4 12:54:34 psico postfix/cleanup[31114]: 77F901D0F70: message-id=<20090704165434.gb30...@domain.com> Jul 4 12:54:34 psico postfix/qmgr[31101]: 77F901D0F70: from=<n...@domain.com>, size=511, nrcpt=1 (queue active) Jul 4 12:54:34 psico postfix/smtp[31120]: < smtpauth.exchangecarrier.net[208.127.0.5]:587: 220 owa1.exchangecarrier.net Microsoft ESMTP MAIL Service ready at Sat, 4 Jul 2009 09:57:10 -0700 Jul 4 12:54:34 psico postfix/smtp[31120]: > smtpauth.exchangecarrier.net[208.127.0.5]:587: EHLO SUB.DOMAIN.COM Jul 4 12:54:34 psico postfix/smtp[31120]: < smtpauth.exchangecarrier.net[208.127.0.5]:587: 250-owa1.exchangecarrier.net Hello [76.124.109.32] Jul 4 12:54:34 psico postfix/smtp[31120]: < smtpauth.exchangecarrier.net[208.127.0.5]:587: 250-SIZE 52428800 Jul 4 12:54:34 psico postfix/smtp[31120]: < smtpauth.exchangecarrier.net[208.127.0.5]:587: 250-PIPELINING Jul 4 12:54:34 psico postfix/smtp[31120]: < smtpauth.exchangecarrier.net[208.127.0.5]:587: 250-DSN Jul 4 12:54:34 psico postfix/smtp[31120]: < smtpauth.exchangecarrier.net[208.127.0.5]:587: 250-ENHANCEDSTATUSCODES Jul 4 12:54:34 psico postfix/smtp[31120]: < smtpauth.exchangecarrier.net[208.127.0.5]:587: 250-STARTTLS Jul 4 12:54:34 psico postfix/smtp[31120]: < smtpauth.exchangecarrier.net[208.127.0.5]:587: 250-AUTH GSSAPI NTLM Jul 4 12:54:34 psico postfix/smtp[31120]: < smtpauth.exchangecarrier.net[208.127.0.5]:587: 250-8BITMIME Jul 4 12:54:34 psico postfix/smtp[31120]: < smtpauth.exchangecarrier.net[208.127.0.5]:587: 250-BINARYMIME Jul 4 12:54:34 psico postfix/smtp[31120]: < smtpauth.exchangecarrier.net[208.127.0.5]:587: 250 CHUNKING Jul 4 12:54:34 psico postfix/smtp[31120]: server features: 0x903f size 52428800 Jul 4 12:54:34 psico postfix/smtp[31120]: Using ESMTP PIPELINING, TCP send buffer size is 4096 Jul 4 12:54:34 psico postfix/smtp[31120]: > smtpauth.exchangecarrier.net[208.127.0.5]:587: STARTTLS Jul 4 12:54:34 psico postfix/smtp[31120]: < smtpauth.exchangecarrier.net[208.127.0.5]:587: 220 2.0.0 SMTP server ready Jul 4 12:54:34 psico postfix/smtp[31120]: send attr request = seed Jul 4 12:54:34 psico postfix/smtp[31120]: send attr size = 32 Jul 4 12:54:34 psico postfix/smtp[31120]: private/tlsmgr: wanted attribute: status Jul 4 12:54:34 psico postfix/smtp[31120]: input attribute name: status Jul 4 12:54:34 psico postfix/smtp[31120]: input attribute value: 0 Jul 4 12:54:34 psico postfix/smtp[31120]: private/tlsmgr: wanted attribute: seed Jul 4 12:54:34 psico postfix/smtp[31120]: input attribute name: seed Jul 4 12:54:34 psico postfix/smtp[31120]: input attribute value: DHF4WWbzKiBSCMdYx7JqVL6c0FGuJOkNeZqGJpTK2C4= Jul 4 12:54:34 psico postfix/smtp[31120]: private/tlsmgr: wanted attribute: (list terminator) Jul 4 12:54:34 psico postfix/smtp[31120]: input attribute name: (end) Jul 4 12:54:34 psico postfix/smtp[31120]: certificate verification failed for smtpauth.exchangecarrier.net[208.127.0.5]:587: untrusted issuer /CN=owa1.exchangecarrier.net Jul 4 12:54:35 psico postfix/smtp[31120]: > smtpauth.exchangecarrier.net[208.127.0.5]:587: EHLO SUB.DOMAIN.COM Jul 4 12:54:35 psico postfix/smtp[31120]: < smtpauth.exchangecarrier.net[208.127.0.5]:587: 250-owa1.exchangecarrier.net Hello [76.124.109.32] Jul 4 12:54:35 psico postfix/smtp[31120]: < smtpauth.exchangecarrier.net[208.127.0.5]:587: 250-SIZE 52428800 Jul 4 12:54:35 psico postfix/smtp[31120]: < smtpauth.exchangecarrier.net[208.127.0.5]:587: 250-PIPELINING Jul 4 12:54:35 psico postfix/smtp[31120]: < smtpauth.exchangecarrier.net[208.127.0.5]:587: 250-DSN Jul 4 12:54:35 psico postfix/smtp[31120]: < smtpauth.exchangecarrier.net[208.127.0.5]:587: 250-ENHANCEDSTATUSCODES Jul 4 12:54:35 psico postfix/smtp[31120]: < smtpauth.exchangecarrier.net[208.127.0.5]:587: 250-AUTH GSSAPI NTLM LOGIN Jul 4 12:54:35 psico postfix/smtp[31120]: < smtpauth.exchangecarrier.net[208.127.0.5]:587: 250-8BITMIME Jul 4 12:54:35 psico postfix/smtp[31120]: < smtpauth.exchangecarrier.net[208.127.0.5]:587: 250-BINARYMIME Jul 4 12:54:35 psico postfix/smtp[31120]: < smtpauth.exchangecarrier.net[208.127.0.5]:587: 250 CHUNKING Jul 4 12:54:35 psico postfix/smtp[31120]: server features: 0x902f size 52428800 Jul 4 12:54:35 psico postfix/smtp[31120]: Using ESMTP PIPELINING, TCP send buffer size is 4096 Jul 4 12:54:35 psico postfix/smtp[31120]: maps_find: smtp_sasl_passwd: hash:/etc/postfix/sasl/sasl_passwd(0,lock|fold_fix): smtpauth.exchangecarrier.net = n...@domain.com:PASSWORD Jul 4 12:54:35 psico postfix/smtp[31120]: smtp_sasl_passwd_lookup: host `smtpauth.exchangecarrier.net' user `n...@domain.com' pass `PASSWORD' Jul 4 12:54:35 psico postfix/smtp[31120]: starting new SASL client Jul 4 12:54:35 psico postfix/smtp[31120]: name_mask: noplaintext Jul 4 12:54:35 psico postfix/smtp[31120]: smtp_sasl_authenticate: smtpauth.exchangecarrier.net[208.127.0.5]:587: SASL mechanisms GSSAPI NTLM LOGIN Jul 4 12:54:35 psico postfix/smtp[31120]: xsasl_cyrus_client_first: uncoded initial reply: NTLMSSP\0\1\0\0\0\a\2\0\0\0\0\0\0 \0\0\0\0\0\0\0 \0\0\0 Jul 4 12:54:35 psico postfix/smtp[31120]: > smtpauth.exchangecarrier.net[208.127.0.5]:587: AUTH NTLM TlRMTVNTUAABAAAABwIAAAAAAAAgAAAAAAAAACAAAAA= Jul 4 12:54:35 psico postfix/smtp[31120]: < smtpauth.exchangecarrier.net[208.127.0.5]:587: 334 TlRMTVNTUAACAAAACAAIADgAAAAFAoEChQG+04pLfAMAAAAAAAAAAKQApABAAAAABQLODgAAAA9NAEEASQBMAAIACABNAEEA Jul 4 12:54:35 psico postfix/smtp[31120]: xsasl_cyrus_client_next: decoded challenge: NTLMSSP Jul 4 12:54:35 psico postfix/smtp[31120]: xsasl_cyrus_client_get_user: n...@domain.com Jul 4 12:54:35 psico postfix/smtp[31120]: xsasl_cyrus_client_get_passwd: PASSWORD Jul 4 12:54:35 psico postfix/smtp[31120]: xsasl_cyrus_client_next: uncoded client response NTLMSSP Jul 4 12:54:35 psico postfix/smtp[31120]: > smtpauth.exchangecarrier.net[208.127.0.5]:587: TlRMTVNTUAADAAAAAAAAAEAAAAAYABgAQAAAAAgACABYAAAAGgAaAGAAAAAAAAAAegAAAAAAAAB6AAAABQIAAIT+12cigyI2s9yxfVBRW+6DRa8UBCC6UE0AQQBJAEwAYwBoAHIAaQBzAEAAYwBlAHIAYQAuAHUAcwA= Jul 4 12:54:40 psico postfix/smtp[31120]: < smtpauth.exchangecarrier.net[208.127.0.5]:587: 535 5.7.3 Authentication unsuccessful Jul 4 12:54:40 psico postfix/smtp[31120]: connect to subsystem private/defer Jul 4 12:54:40 psico postfix/smtp[31120]: send attr nrequest = 0 Jul 4 12:54:40 psico postfix/smtp[31120]: send attr flags = 0 Jul 4 12:54:40 psico postfix/smtp[31120]: send attr queue_id = 77F901D0F70 Jul 4 12:54:40 psico postfix/smtp[31120]: send attr original_recipient = recipi...@domain.com Jul 4 12:54:40 psico postfix/smtp[31120]: send attr recipient = recipi...@domain.com Jul 4 12:54:40 psico postfix/smtp[31120]: send attr offset = 181 Jul 4 12:54:40 psico postfix/smtp[31120]: send attr dsn_orig_rcpt = Jul 4 12:54:40 psico postfix/smtp[31120]: send attr notify_flags = 0 Jul 4 12:54:40 psico postfix/smtp[31120]: send attr status = 4.7.3 Jul 4 12:54:40 psico postfix/smtp[31120]: send attr diag_type = smtp Jul 4 12:54:40 psico postfix/smtp[31120]: send attr diag_text = 535 5.7.3 Authentication unsuccessful Jul 4 12:54:40 psico postfix/smtp[31120]: send attr mta_type = dns Jul 4 12:54:40 psico postfix/smtp[31120]: send attr mta_mname = smtpauth.exchangecarrier.net Jul 4 12:54:40 psico postfix/smtp[31120]: send attr action = delayed Jul 4 12:54:40 psico postfix/smtp[31120]: send attr reason = SASL authentication failed; server smtpauth.exchangecarrier.net[208.127.0.5] said: 535 5.7.3 Authentication unsuccessful Jul 4 12:54:40 psico postfix/smtp[31120]: private/defer socket: wanted attribute: status Jul 4 12:54:40 psico postfix/smtp[31120]: input attribute name: status Jul 4 12:54:40 psico postfix/smtp[31120]: input attribute value: 0 Jul 4 12:54:40 psico postfix/smtp[31120]: private/defer socket: wanted attribute: (list terminator) Jul 4 12:54:40 psico postfix/smtp[31120]: input attribute name: (end) Jul 4 12:54:40 psico postfix/smtp[31120]: 77F901D0F70: to=<recipi...@domain.com>, relay=smtpauth.exchangecarrier.net[208.127.0.5]:587, delay=5.8, delays=0.05/0.03/5.7/0, dsn=4.7.3, status=deferred (SASL authentication failed; server smtpauth.exchangecarrier.net[208.127.0.5] said: 535 5.7.3 Authentication unsuccessful) Jul 4 12:54:40 psico postfix/smtp[31120]: flush_add: site vuzit.com id 77F901D0F70 Jul 4 12:54:40 psico postfix/smtp[31120]: match_hostname: vuzit.com ~? SUB.DOMAIN.COM Jul 4 12:54:40 psico postfix/smtp[31120]: match_hostname: vuzit.com ~? localhost.DOMAIN.COM Jul 4 12:54:40 psico postfix/smtp[31120]: match_hostname: vuzit.com ~? localhost Jul 4 12:54:40 psico postfix/smtp[31120]: match_list_match: vuzit.com: no match Jul 4 12:54:40 psico postfix/smtp[31120]: flush_add: site vuzit.com id 77F901D0F70 status 4 Jul 4 12:54:40 psico postfix/smtp[31120]: > smtpauth.exchangecarrier.net[208.127.0.5]:587: QUIT
saslfinger - postfix Cyrus sasl configuration Sat Jul 4 14:21:24 EDT 2009 version: 1.0.2 mode: client-side SMTP AUTH -- basics -- Postfix: 2.5.5 System: Ubuntu 8.10 \n \l -- smtp is linked to -- libsasl2.so.2 => /usr/lib/libsasl2.so.2 (0xb7ca1000) -- active SMTP AUTH and TLS parameters for smtp -- relayhost = smtpauth.exchangecarrier.net:587 smtp_sasl_auth_enable = yes smtp_sasl_password_maps = hash:/etc/postfix/sasl/sasl_passwd smtp_sasl_security_options = noplaintext -- listing of /usr/lib/sasl2 -- total 792 drwxr-xr-x 2 root root 4096 2008-10-29 18:54 . drwxr-xr-x 188 root root 61440 2009-06-06 16:02 .. -rw-r--r-- 1 root root 13860 2008-10-10 10:40 libanonymous.a -rw-r--r-- 1 root root 988 2008-10-10 10:39 libanonymous.la -rw-r--r-- 1 root root 13752 2008-10-10 10:40 libanonymous.so -rw-r--r-- 1 root root 13752 2008-10-10 10:40 libanonymous.so.2 -rw-r--r-- 1 root root 13752 2008-10-10 10:40 libanonymous.so.2.0.22 -rw-r--r-- 1 root root 16382 2008-10-10 10:40 libcrammd5.a -rw-r--r-- 1 root root 974 2008-10-10 10:39 libcrammd5.la -rw-r--r-- 1 root root 17848 2008-10-10 10:40 libcrammd5.so -rw-r--r-- 1 root root 17848 2008-10-10 10:40 libcrammd5.so.2 -rw-r--r-- 1 root root 17848 2008-10-10 10:40 libcrammd5.so.2.0.22 -rw-r--r-- 1 root root 47752 2008-10-10 10:40 libdigestmd5.a -rw-r--r-- 1 root root 997 2008-10-10 10:39 libdigestmd5.la -rw-r--r-- 1 root root 46828 2008-10-10 10:40 libdigestmd5.so -rw-r--r-- 1 root root 46828 2008-10-10 10:40 libdigestmd5.so.2 -rw-r--r-- 1 root root 46828 2008-10-10 10:40 libdigestmd5.so.2.0.22 -rw-r--r-- 1 root root 13902 2008-10-10 10:40 liblogin.a -rw-r--r-- 1 root root 968 2008-10-10 10:39 liblogin.la -rw-r--r-- 1 root root 13748 2008-10-10 10:40 liblogin.so -rw-r--r-- 1 root root 13748 2008-10-10 10:40 liblogin.so.2 -rw-r--r-- 1 root root 13748 2008-10-10 10:40 liblogin.so.2.0.22 -rw-r--r-- 1 root root 30316 2008-10-10 10:40 libntlm.a -rw-r--r-- 1 root root 962 2008-10-10 10:39 libntlm.la -rw-r--r-- 1 root root 30196 2008-10-10 10:40 libntlm.so -rw-r--r-- 1 root root 30196 2008-10-10 10:40 libntlm.so.2 -rw-r--r-- 1 root root 30196 2008-10-10 10:40 libntlm.so.2.0.22 -rw-r--r-- 1 root root 14222 2008-10-10 10:40 libplain.a -rw-r--r-- 1 root root 968 2008-10-10 10:39 libplain.la -rw-r--r-- 1 root root 17844 2008-10-10 10:40 libplain.so -rw-r--r-- 1 root root 17844 2008-10-10 10:40 libplain.so.2 -rw-r--r-- 1 root root 17844 2008-10-10 10:40 libplain.so.2.0.22 -rw-r--r-- 1 root root 22394 2008-10-10 10:40 libsasldb.a -rw-r--r-- 1 root root 999 2008-10-10 10:39 libsasldb.la -rw-r--r-- 1 root root 21804 2008-10-10 10:40 libsasldb.so -rw-r--r-- 1 root root 21804 2008-10-10 10:40 libsasldb.so.2 -rw-r--r-- 1 root root 21804 2008-10-10 10:40 libsasldb.so.2.0.22 -- permissions for /etc/postfix/sasl/sasl_passwd -- -rw-r--r-- 1 root root 51 2009-07-04 11:50 /etc/postfix/sasl/sasl_passwd -- permissions for /etc/postfix/sasl/sasl_passwd.db -- -rw-r--r-- 1 root root 12288 2009-07-04 14:09 /etc/postfix/sasl/sasl_passwd.db /etc/postfix/sasl/sasl_passwd.db is up to date. -- active services in /etc/postfix/master.cf -- # service type private unpriv chroot wakeup maxproc command + args # (yes) (yes) (yes) (never) (100) smtp inet n - - - - smtpd pickup fifo n - - 60 1 pickup cleanup unix n - - - 0 cleanup qmgr fifo n - n 300 1 qmgr tlsmgr unix - - - 1000? 1 tlsmgr rewrite unix - - - - - trivial-rewrite bounce unix - - - - 0 bounce defer unix - - - - 0 bounce trace unix - - - - 0 bounce verify unix - - - - 1 verify flush unix n - - 1000? 0 flush proxymap unix - - n - - proxymap proxywrite unix - - n - 1 proxymap smtp unix - - - - - smtp relay unix - - - - - smtp -o smtp_fallback_relay= showq unix n - - - - showq error unix - - - - - error retry unix - - - - - error discard unix - - - - - discard local unix - n n - - local virtual unix - n n - - virtual lmtp unix - - - - - lmtp anvil unix - - - - 1 anvil scache unix - - - - 1 scache maildrop unix - n n - - pipe flags=DRhu user=vmail argv=/usr/bin/maildrop -d ${recipient} uucp unix - n n - - pipe flags=Fqhu user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail ($recipient) ifmail unix - n n - - pipe flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient) bsmtp unix - n n - - pipe flags=Fq. user=bsmtp argv=/usr/lib/bsmtp/bsmtp -t$nexthop -f$sender $recipient scalemail-backend unix - n n - 2 pipe flags=R user=scalemail argv=/usr/lib/scalemail/bin/scalemail-store ${nexthop} ${user} ${extension} mailman unix - n n - - pipe flags=FR user=list argv=/usr/lib/mailman/bin/postfix-to-mailman.py ${nexthop} ${user} -- mechanisms on smtpauth.exchangecarrier.net -- -- end of saslfinger output --