The ff. are the suggested configurations:
1. smtp.conf may have: pwcheck_method:saslauthd mech_list: plain login
# cat sasl/smtpd.conf pwcheck_method: saslauthd mech_list: plain login #log_level: 7 saslauthd_path: /var/spool/postfix/var/run/saslauthd/mux
2. /etc/default/saslauthd shall have: <snipped> MECHANISMS=shadow </snipped>
# cat /etc/default/saslauthd START=yes MECHANISMS="shadow" PARAMS="-m /var/spool/postfix/var/run/saslauthd"
3. /etc/postfix/main.cf shall have the ff: mydomain=<yourdomain> myhostname=<yourhostname> mynetworks=192.168.1.0/24,127.0.0.0/8
I have mynetworks commented out, so using the default as I want it to listen on all interfaces anyway (incl ippp0)
alias_maps=hash:/etc/postfix/aliases alias_database=hash:/etc/postfix/aliases # # enable sasl support smtpd_sasl_auth_enable=yes smtpd_sasl_security_options=noanonymous smtpd_sasl_local_domain=$myhostname broken_sasl_auth_clients=yes # search for relay_domains, then add smtpd_recipient_restrictions= permit_sasl_authenticated, permit_mynetworks, check_relay_domains # tls support smtpd_use_tls=yes smtpd_tls_auth_only=yes smtpd_tls_cert_file=/etc/postfix/servercrt.pem smtpd_tls_key_file=/etc/postfix/serverkey.pem smtpd_tls_CAfile=/etc/postfix/cacert.pem smtpd_tls_loglevel=3 smtpd_tls_received_header=yes smtpd_tls_session_cache_timeout=3600s tls_random_source=dev:/dev/urandom
got all that
The above setup will show this. # telnet localhost 25; ehlo localhost, will show: [EMAIL PROTECTED] RPMS]# telnet localhost 25 Trying 127.0.0.1... Connected to localhost (127.0.0.1). Escape character is '^]'. 220 hdtv.noy.com.au ESMTP Postfix ehlo hdtv 250-hdtv.noy.com.au 250-PIPELINING 250-SIZE 10240000 250-VRFY 250-ETRN 250-STARTTLS 250 8BITMIME
yep
I can comment out # smtpd_tls_auth_only=yes and 'telnet localhost 25' and 'ehlo localhost' will show: [EMAIL PROTECTED] RPMS]# telnet localhost 25 Trying 127.0.0.1... Connected to localhost (127.0.0.1). Escape character is '^]'. 220 hdtv.noy.com.au ESMTP Postfix ehlo hdtv 250-hdtv.noy.com.au 250-PIPELINING 250-SIZE 10240000 250-VRFY 250-ETRN 250-STARTTLS 250-AUTH PLAIN LOGIN 250-AUTH=PLAIN LOGIN 250 8BITMIME
yep, except for me it's: AUTH LOGIN PLAIN CRAM-MD5 GSSAPI DIGEST-MD5
I setup postfix, TLS, and SASL this morning to test.
BTW, I am using TLS and SASL on sendmail-MTA in my network. I find it easier to set-up and maintain compared to postfix because I have to deal with only one file to re-configure. This file is 'sendmail.mc'.
I dislike sendmail and much prefer postfix, anyway...
the above settings all work, and my mailserver keeps functioning accepting normal mail and so on. Problem is I still can't relay through it remotely.
I dialed in via another ISP like as if I was "on the road" and trying to send mail out through my mailserver. Note I can connect with imaps and receive fine.
I'm using thunderbird, first I set the smtp server settings to use tls but didn't tick "use name and passwd".
errors are:
May 5 21:01:12 gw postfix/smtpd[15992]: connect from 203-217-6-209.dyn.iinet.net.au[203.217.6.209]
May 5 21:01:29 gw postfix/smtpd[15992]: warning: support for restriction "reject_maps_rbl" will be removed from Postfix; use "reject_rbl_client domain-name" instead
May 5 21:01:34 gw postfix/smtpd[15992]: warning: support for restriction "check_relay_domains" will be removed from Postfix; use "reject_unauth_destination" instead
May 5 21:01:34 gw postfix/smtpd[15992]: NOQUEUE: reject: RCPT from 203-217-6-209.dyn.iinet.net.au[203.217.6.209]: 554 <[EMAIL PROTECTED]>: Recipient address rejected: Relay access denied; from=<[EMAIL PROTECTED]> to=<[EMAIL PROTECTED]> proto=ESMTP helo=<[203.217.6.209]>
May 5 21:01:43 gw postfix/smtpd[15992]: lost connection after RCPT from 203-217-6-209.dyn.iinet.net.au[203.217.6.209]
May 5 21:01:43 gw postfix/smtpd[15992]: disconnect from 203-217-6-209.dyn.iinet.net.au[203.217.6.209]
So then I ticked the "use name and passwd" box and entered my username "davidf". It kept popping up a box asking for my passwd, which I entered.
errors are:
May 5 21:02:13 gw postfix/smtpd[15992]: connect from 203-217-6-209.dyn.iinet.net.au[203.217.6.209]
May 5 21:02:34 gw postfix/smtpd[15992]: warning: 203-217-6-209.dyn.iinet.net.au[203.217.6.209]: SASL CRAM-MD5 authentication failed
May 5 21:02:35 gw postfix/smtpd[15992]: warning: SASL authentication problem: unrecognized plaintext verifier saslauthd
May 5 21:02:35 gw postfix/smtpd[15992]: warning: 203-217-6-209.dyn.iinet.net.au[203.217.6.209]: SASL PLAIN authentication failed
May 5 21:02:39 gw postfix/smtpd[15992]: warning: SASL authentication problem: unrecognized plaintext verifier saslauthd
May 5 21:02:39 gw postfix/smtpd[15992]: warning: 203-217-6-209.dyn.iinet.net.au[203.217.6.209]: SASL LOGIN authentication failed
May 5 21:02:50 gw postfix/smtpd[15992]: warning: 203-217-6-209.dyn.iinet.net.au[203.217.6.209]: SASL CRAM-MD5 authentication failed
May 5 21:02:51 gw postfix/smtpd[15992]: warning: SASL authentication problem: unrecognized plaintext verifier saslauthd
May 5 21:02:51 gw postfix/smtpd[15992]: warning: 203-217-6-209.dyn.iinet.net.au[203.217.6.209]: SASL PLAIN authentication failed
May 5 21:02:55 gw postfix/smtpd[15992]: warning: SASL authentication problem: unrecognized plaintext verifier saslauthd
May 5 21:02:55 gw postfix/smtpd[15992]: warning: 203-217-6-209.dyn.iinet.net.au[203.217.6.209]: SASL LOGIN authentication failed
May 5 21:03:06 gw postfix/smtpd[15992]: warning: 203-217-6-209.dyn.iinet.net.au[203.217.6.209]: SASL CRAM-MD5 authentication failed
May 5 21:03:07 gw postfix/smtpd[15992]: warning: SASL authentication problem: unrecognized plaintext verifier saslauthd
May 5 21:03:07 gw postfix/smtpd[15992]: warning: 203-217-6-209.dyn.iinet.net.au[203.217.6.209]: SASL PLAIN authentication failed
May 5 21:03:11 gw postfix/smtpd[15992]: warning: SASL authentication problem: unrecognized plaintext verifier saslauthd
May 5 21:03:11 gw postfix/smtpd[15992]: warning: 203-217-6-209.dyn.iinet.net.au[203.217.6.209]: SASL LOGIN authentication failed
May 5 21:03:19 gw postfix/smtpd[15992]: warning: 203-217-6-209.dyn.iinet.net.au[203.217.6.209]: SASL CRAM-MD5 authentication failed
May 5 21:03:19 gw postfix/smtpd[15992]: too many errors after AUTH from 203-217-6-209.dyn.iinet.net.au[203.217.6.209]
May 5 21:03:19 gw postfix/smtpd[15992]: disconnect from 203-217-6-209.dyn.iinet.net.au[203.217.6.209]
(I'm not ticking the "ssl" box, cos then it uses port 465)
Dave. -- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
