Hello all,

sorry for asking the same thing (nearly) again, but in the existing threads I was not able to find the silver bullet so far.

Based on SuSE 10.3 (64bit) I try to set up a working Postfix / Courier-authlib solution. Being logged on the host itself, via telnet it is possible to send my test mails to external addresses. But so far I was neither able to do the same from remote, nor to connect my Outlook / Outlook Express / Evolution client to my mail server (yes, I have set the "outbound server requires authentication" flag).

What information do you need to narrow down the problem? As a starting point, the corresponding log entry (/var/log/mail) looks:

postfix/smtpd[9610]: NOQUEUE: reject: RCPT from hostofmy.isp.de[xx.xx.xx.xx]: 554 5.7.1 <external@address.de>: Relay access denied; from=<me@myserver.de> to=<external@address.de> proto=ESMTP helo=<myclient>

My /etc/sasl2/smtpd.conf reads:

pwcheck_method: authdaemond
mech_list: login
authdaemond_path: /var/run/authdaemon.courier-imap/socket
log_level: 3

And the uncommented lines of my /etc/authlib/authdaemonrc are:

authmodulelist="authmysql"
authmodulelistorig="authuserdb authpam authpgsql authldap authmysql authcustom authpipe"
daemons=5
authdaemonvar=/var/run/authdaemon.courier-imap
DEBUG_LOGIN=2
DEFAULTOPTIONS=""
LOGGEROPT=""

And the /etc/authlib/authmysqlrc is:

MYSQL_SERVER myhost.myhoster.de
MYSQL_USERNAME mysql_mail_user
MYSQL_PASSWORD mysql_mail_user_password
MYSQL_PORT 3306
MYSQL_OPT 0
MYSQL_DATABASE mail
MYSQL_USER_TABLE mailboxes
MYSQL_CRYPT_PWFIELD password
MYSQL_UID_FIELD 1000
MYSQL_GID_FIELD 1000
MYSQL_LOGIN_FIELD email
MYSQL_HOME_FIELD "/var/mail/vmail"
MYSQL_MAILDIR_FIELD concat(substring_index(email,'@',-1),'/',substring_index(email,'@',1),'/')

I would appreciate any advice, thank you in advance,

Joerg

Supplied more information, see above. Thank you for digging through...

I'd try
mech_list: login plain
in the smtpd.conf.

Falko,

thanks for replying!

I think I had declared the plain mechanism before, but to be on the safe side, I inserted it again. It had absolutely no effect, everything behaves exactly as before.

Btw, just to understand what I'm doing: Shouldn't the declaration of plain in the smtpd.conf mean, that I hadn't to provide a password at all?

Either way, as it still doesn't work - any other ideas?

Thank you very much!

Do you use the right username (must be an email address) and password in your email client?

Falko,

yes, sure, the username is the full email address. I'll post the main.cf in a few moments, if you think it can help...?

CU

Here now, see the main.cf below:

queue_directory = /var/spool/postfix
command_directory = /usr/sbin
daemon_directory = /usr/lib/postfix
mail_owner = postfix
unknown_local_recipient_reject_code = 550
debug_peer_level = 2
debugger_command =
PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin
xxgdb $daemon_directory/$process_name $process_id & sleep 5
sendmail_path = /usr/sbin/sendmail
newaliases_path = /usr/bin/newaliases
mailq_path = /usr/bin/mailq
setgid_group = maildrop
html_directory = /usr/share/doc/packages/postfix/html
manpage_directory = /usr/share/man
sample_directory = /usr/share/doc/packages/postfix/samples
readme_directory = /usr/share/doc/packages/postfix/README_FILES
inet_protocols = all
biff = no
mail_spool_directory = /var/mail
canonical_maps = hash:/etc/postfix/canonical
virtual_alias_maps = mysql:/etc/postfix/mysql-virtual-aliases.cf
virtual_alias_domains = hash:/etc/postfix/virtual
virtual_mailbox_domains = mysql:/etc/postfix/mysql-virtual-domains.cf
virtual_mailbox_base = /var/mail/vmail
virtual_mailbox_maps = mysql:/etc/postfix/mysql-virtual-mailboxes.cf
virtual_minimum_uid = 200
virtual_uid_maps = static:1000
virtual_gid_maps = static:1000
relocated_maps = hash:/etc/postfix/relocated
transport_maps = hash:/etc/postfix/transport
sender_canonical_maps = hash:/etc/postfix/sender_canonical
masquerade_exceptions = root
masquerade_classes = envelope_sender, header_sender, header_recipient
myhostname = myhost.myhoster.de
program_directory = /usr/lib/postfix
inet_interfaces = all
masquerade_domains =
mydestination = $myhostname
defer_transports =
mynetworks_style = host
disable_dns_lookups = no
relayhost =
mailbox_command =
mailbox_transport =
strict_8bitmime = no
disable_mime_output_conversion = no
smtpd_sender_restrictions = hash:/etc/postfix/access
smtpd_client_restrictions = permit_sasl_authenticated,
smtpd_helo_required = no
smtpd_helo_restrictions =
strict_rfc821_envelopes = no
smtpd_recipient_restrictions = permit_sasl_authenticated, permit_mynetworks,reject_unauth_destination
smtp_sasl_auth_enable = no
smtpd_sasl_auth_enable = yes
smtpd_use_tls = no
smtp_use_tls = no
alias_maps = hash:/etc/aliases
mailbox_size_limit = 0
message_size_limit = 8388608
broken_sasl_auth_clients = yes

Thanks for your time.

Sorry for possible irritations so far, but i had to learn something new, and maybe this leads to a different track:

By now, I have not issued any AUTH LOGIN, when I was trying to connect from my remote client via telnet (but I didn't need to do so when telnet'ting from the server locally - why?).

When I now do so, there are some points to note, which possibly leads to a new track:

Firstly, the server's opening after the EHLO doesn't offer the PLAIN mechanism, though I inserted it in the smtpd.conf on Falko's advice, and also restarted the postfix daemon afterwards. Do I have to restart any other service?

Secondly, when I continue with AUTH LOGIN, the server returns an error message. I give you the complete dialog:

Trying yy.yy.yy.yy...
Connected to myhost.myhoster.de.
Escape character is '^]'.
220 myhost.myhoster.de ESMTP Postfix
EHLO myclient
250-myhost.myhoster.de
250-PIPELINING
250-SIZE 8388608
250-VRFY
250-ETRN
250-AUTH LOGIN
250-AUTH=LOGIN
250-ENHANCEDSTATUSCODES
250-8BITMIME
250 DSN
AUTH LOGIN
334 VXNlcm5hbWU6
<MyBase64encodedUsername>
334 UGFzc3dvcmQ6
<MyBase64encodedPassword>
535 5.7.0 Error: authentication failed: generic failure
QUIT
221 2.0.0 Bye
Connection closed by foreign host.

Thirdly and possibly most important, the corresponding lines in the mail log read as follows:

Jan 29 23:08:00 myhost postfix/smtpd[19023]: connect from myhost.isp.de[xx.xx.xx.xx]
Jan 29 23:10:45 myhost postfix/smtpd[19023]: warning: SASL authentication failure: cannot connect to Courier authdaemond: Permission denied
Jan 29 23:10:45 myhost postfix/smtpd[19023]: warning: myhost.isp.de[xx.xx.xx.xx]: SASL LOGIN authentication failed: generic failure
Jan 29 23:10:54 myhost postfix/smtpd[19023]: disconnect from myhost.isp.de[xx.xx.xx.xx]

Who needs permission where? Can anyone give my an overview, which item has to belong to whom, and which rights have to be given?

Thanks again to anybody thinking hard ;)

I'm not sure, but maybe SuSE is using another smtpd.conf than /etc/sasl2/smtpd.conf?
What's the output of updatedb
locate smtpd.conf?

By now, I have not issued any AUTH LOGIN, when I was trying to connect from my remote client via telnet (but I didn't need to do so when telnet'ting from the server locally - why?).You don't need to authenticate from localhost because you're using mynetworks_style = host.

Falko,

there is neither an updatedb, nor an executable locate on my system. The only file named locate is under /etc/sysconfig and contains the single line

RUN_UPDATEDB_AS=""

Am I missing a package?

But above that, there ist no other smtpd.conf than the one under /etc/sasl2.

What do you think about the "Permission denied" in the mail log (see above)?

Okay, found out the following:

On SuSE, updatedb and locate are in a subpackage to findutils, called findutils-locate. I installed it and issued the commands that you asked for, but the result is the same: /etc/sasl2/smtpd.conf is the only file with this name (I had issued a "find / -name smtpd.conf -print" before my last posting).

Do you have a directory called /usr/lib/sasl or /usr/lib/sasl2? You can try to copy the smtpd.conf there.

Falko,

thanks for keeping the track, but unfortunately your last hint didn't lead to success, either.

I copied the smtpd.conf both to /usr/lib/sasl2 and /usr/lib64/sasl2 (both directories exist on my system), and restarted the authdaemon and the postfix afterwards.

But the behaviour is exactly the same as before. Please note my quote from my mail log in post #8 of this thread, I've got exactly the same this time.

I would appreciate if you persisted on this problem!

CU

IS Courier authdaemond running? Do you see it in the output of ps aux?

Does Courier authdaemond have a socket somewhere, maybe in /var/run? What's the output of ls -la /var/run?

Yes, the authdaemond runs (I restarted it after copying the smtpd.conf to /usr/lib/sasl2 on your advice). The output of "ps aux | grep -v grep | grep authdaemond" is:

root 18521 0.0 0.0 3728 448 ? S Jan31 0:00 /usr/sbin/courierlogger -pid=/var/run/authdaemon.courier-imap/pid -start /usr/lib/courier-authlib/authdaemond
root 18522 0.0 0.1 32416 1492 ? S Jan31 0:00 /usr/lib/courier-authlib/authdaemond
root 18523 0.0 0.0 32416 552 ? S Jan31 0:00 /usr/lib/courier-authlib/authdaemond
root 18524 0.0 0.0 32416 552 ? S Jan31 0:00 /usr/lib/courier-authlib/authdaemond
root 18525 0.0 0.0 32416 552 ? S Jan31 0:00 /usr/lib/courier-authlib/authdaemond
root 18526 0.0 0.0 32416 552 ? S Jan31 0:00 /usr/lib/courier-authlib/authdaemond
root 18527 0.0 0.0 32416 552 ? S Jan31 0:00 /usr/lib/courier-authlib/authdaemond

And the socket seems to be there, the output of "ls -la /var/run" and "ls -la /var/run/authdaemon.courier-imap" are, in turn:

insgesamt 76
drwxr-xr-x 10 root root 4096 31. Jan 09:57 .
drwxr-xr-x 13 root root 4096 16. Okt 13:12 ..
drwx------ 2 root root 4096 31. Jan 21:02 authdaemon.courier-imap
drwxr-xr-x 2 messagebus messagebus 4096 23. Jan 17:18 dbus
-rw-r--r-- 1 root root 5 23. Jan 17:18 dhclient.pid
drwxr-xr-x 2 haldaemon haldaemon 4096 23. Jan 17:18 hal
-rw-r--r-- 1 root root 6 31. Jan 09:57 httpd2.pid
-rw-r--r-- 1 root root 63 23. Jan 17:18 keymap
-rw-r--r-- 1 root root 5 27. Jan 15:45 klogd.pid
lrwxrwxrwx 1 ntp root 22 23. Jan 17:10 ntp -> ../lib/ntp/var/run/ntp
-rw-r--r-- 1 root root 0 23. Jan 17:18 numlock-on
drwxrwxr-x 2 polkituser polkituser 4096 22. Sep 00:21 PolicyKit
drwxr-xr-x 3 root root 4096 16. Okt 13:14 resmgr
-rw-r--r-- 1 root root 5 23. Jan 17:18 resmgr.pid
srw-rw-rw- 1 root root 0 23. Jan 17:18 .resmgr_socket
drwxr-xr-x 2 root root 4096 26. Jan 22:18 sasl2
drwxr-xr-x 2 root root 4096 23. Jan 17:18 screens
-rw-r--r-- 1 root root 0 23. Jan 17:18 setleds-on
-rw-r--r-- 1 root root 5 23. Jan 17:18 sshd.init.pid
-rw------- 1 root root 5 27. Jan 15:45 syslog-ng.pid
drwxrwxrwt 2 root root 4096 23. Jan 17:18 uscreens
-rw-rw-r-- 1 root tty 4992 1. Feb 16:29 utmp

insgesamt 12
drwx------ 2 root root 4096 31. Jan 21:02 .
drwxr-xr-x 10 root root 4096 31. Jan 09:57 ..
-rw-r--r-- 1 root root 6 31. Jan 21:02 pid
-rw------- 1 root root 0 26. Jan 01:08 pid.lock
srwxrwxrwx 1 root root 0 31. Jan 21:02 socket

In my very first post, in the smtpd.conf, I stated the path to that socket to the value of key authdaemond_path:

authdaemond_path: /var/run/authdaemon.courier-imap/socket

Is this correct?

Looks ok. Strange... :confused: