Go Back   HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials > ISPConfig 3 > General

Do you like HowtoForge? Please consider supporting us by becoming a subscriber.
Reply
 
Thread Tools Display Modes
  #1  
Old 17th April 2012, 23:15
morten44 morten44 is offline
Member
 
Join Date: Apr 2012
Posts: 37
Thanks: 3
Thanked 0 Times in 0 Posts
Default Cant get SMTP AUTH to work Ispconfig3/postfix

Hi
I have setup a ispconfg on Ubuntu 11.10 using the manual:
http://www.howtoforge.com/perfect-se...10-ispconfig-3

I can use squirrelmail ok to send and receive because i am on localhost, but when i try from outlook 2007 I can not send

I enable the SMTP Authentication in my mail client, and then make a test in outlook. It popup asking for password, but it does not work.
This only happen when i enable the SMTP Authentication. If i do not do it I do not get prompted for password. POP3 works perfect so password is correct

This is how i trouble shooted

I did:
administrator@server1:~$ telnet localhost 25
Trying 127.0.0.1...
Connected to localhost.localdomain.
Escape character is '^]'.
220 server1.example.com ESMTP Postfix (Ubuntu)
ehlo localhost
250-server1.example.com
250-PIPELINING
250-SIZE
250-VRFY
250-ETRN
250-STARTTLS
250-AUTH PLAIN LOGIN
250-AUTH=PLAIN LOGIN
250-ENHANCEDSTATUSCODES
250-8BITMIME
250 DSN

I then read that that the 2 lines
250-AUTH PLAIN LOGIN
250-AUTH=PLAIN LOGIN

shoud read something like this for SMTP AUTH to work:
250-AUTH PLAIN LOGIN DIGEST-MD5 CRAM-MD5 GSSAPI
250-AUTH=PLAIN LOGIN DIGEST-MD5 CRAM-MD5 GSSAPI

I then found an forum post about this on
http://linux.about.com/od/ubusrv_doc/a/ubusg29t06.htm

Where it explain to reinstall some of the packets with more
I have followed

I have reload and restarted postfix

I try the telnet command again but its the same

Any idea what could be wrong?

Here is my main.cf

Quote:
complete version


# Debian specific: Specifying a file name will cause the first
# line of that file to be used as the name. The Debian default
# is /etc/mailname.
#myorigin = /etc/mailname

smtpd_banner = $myhostname ESMTP $mail_name (Ubuntu)
biff = no

# appending .domain is the MUA's job.
append_dot_mydomain = no

# Uncomment the next line to generate "delayed mail" warnings
#delay_warning_time = 4h

readme_directory = /usr/share/doc/postfix

# TLS parameters
smtpd_tls_cert_file = /etc/postfix/smtpd.cert
smtpd_tls_key_file = /etc/postfix/smtpd.key
smtpd_use_tls = yes
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache

# See /usr/share/doc/postfix/TLS_README.gz in the postfix-doc package for
# information on enabling SSL in the smtp client.

myhostname = server1.example.com

alias_maps = hash:/etc/aliases, hash:/var/lib/mailman/data/aliases
alias_database = hash:/etc/aliases, hash:/var/lib/mailman/data/aliases
myorigin = /etc/mailname
mydestination = server1.example.com, localhost, localhost.localdomain
relayhost =
mynetworks = 127.0.0.0/8 [::1]/128
mailbox_size_limit = 0
recipient_delimiter = +
inet_interfaces = all
html_directory = /usr/share/doc/postfix/html
virtual_alias_domains =
virtual_alias_maps = proxy:mysql:/etc/postfix/mysql-virtual_forwardings.cf, proxy:mysql:/etc/postfix/mysql-virtual_email2email.cf, hash:/var/lib/mailman/data/virtual-mailman
virtual_mailbox_domains = proxy:mysql:/etc/postfix/mysql-virtual_domains.cf
virtual_mailbox_maps = proxy:mysql:/etc/postfix/mysql-virtual_mailboxes.cf
virtual_mailbox_base = /var/vmail
virtual_uid_maps = static:5000
virtual_gid_maps = static:5000
smtpd_sasl_auth_enable = yes
broken_sasl_auth_clients = yes
smtpd_sasl_authenticated_header = yes
smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, check_replay_domains, check_recipient_access mysql:/etc/postfix/mysql-virtual_recipient.cf, reject_unauth_destination
smtpd_tls_security_level = may
transport_maps = proxy:mysql:/etc/postfix/mysql-virtual_transports.cf
relay_domains = mysql:/etc/postfix/mysql-virtual_relaydomains.cf
relay_recipient_maps = mysql:/etc/postfix/mysql-virtual_relayrecipientmaps.cf
proxy_read_maps = $local_recipient_maps $mydestination $virtual_alias_maps $virtual_alias_domains $virtual_mailbox_maps $virtual_mailbox_domains $relay_recipient_maps $relay_domains $canonical_maps $sender_canonical_maps $recipient_canonical_maps $relocated_maps $transport_maps $mynetworks $virtual_mailbox_limit_maps
smtpd_sender_restrictions = check_sender_access mysql:/etc/postfix/mysql-virtual_sender.cf
smtpd_client_restrictions = check_client_access mysql:/etc/postfix/mysql-virtual_client.cf
smtpd_client_message_rate_limit = 100
maildrop_destination_concurrency_limit = 1
maildrop_destination_recipient_limit = 1
virtual_transport = maildrop
header_checks = regexp:/etc/postfix/header_checks
mime_header_checks = regexp:/etc/postfix/mime_header_checks
nested_header_checks = regexp:/etc/postfix/nested_header_checks
body_checks = regexp:/etc/postfix/body_checks
owner_request_special = no
content_filter = amavis:[127.0.0.1]:10024
receive_override_options = no_address_mappings
message_size_limit = 0


smtpd_sasl_local_domain = $myhostname
smtpd_sasl_security_options = noanonymous
#smtpd_recipient_restrictions =

virtual_maps = hash:/etc/postfix/virtusertable
werkvoorafrika.nl = /etc/postfix/local-host-names
The last 5 lines I have added through trying varios trouble shooting and was not there after default installation


Kind Regards
Morten
Reply With Quote
Sponsored Links
  #2  
Old 18th April 2012, 00:49
pititis pititis is offline
Senior Member
 
Join Date: Dec 2010
Location: München
Posts: 364
Thanks: 38
Thanked 90 Times in 68 Posts
Default

Check if saslauthd is running and/or restart it.

Any error in your mail.log?

Also check this:

http://www.howtoforge.com/ubuntu-11....nism-available
Reply With Quote
  #3  
Old 18th April 2012, 12:27
morten44 morten44 is offline
Member
 
Join Date: Apr 2012
Posts: 37
Thanks: 3
Thanked 0 Times in 0 Posts
Default Update

Hi
Thanks for your reply

I checked the link and and installed a previous version
I restarted the services and server

At some point after i ran the telnet command again and now i got:
Quote:
administrator@server1:~$ sudo telnet localhost 25
[sudo] password for administrator:
Trying 127.0.0.1...
Connected to localhost.localdomain.
Escape character is '^]'.
220 server1.example.com ESMTP Postfix (Ubuntu)
ehlo localhost 25
250-server1.example.com
250-PIPELINING
250-SIZE
250-VRFY
250-ETRN
250-STARTTLS
250-AUTH LOGIN PLAIN NTLM CRAM-MD5 DIGEST-MD5
250-AUTH=LOGIN PLAIN NTLM CRAM-MD5 DIGEST-MD5
250-ENHANCEDSTATUSCODES
250-8BITMIME
250 DSN
This now looks good
I still have problem with authenticate from Outlook
I do a test and it asks me for user and massword
I write my email and password (that works in Squirrelmail)
and the login box pops up again


My smtpd.conf file looks like this
Quote:
pwcheck_method: saslauthd
#mech_list: plain login
allow_plaintext: true
auxprop_plugin: mysql
sql_hostnames: 127.0.0.1
sql_user: ispconfig
sql_passwd: c92cbb745055a882cd3ca9132472f233
sql_database: dbispconfig
sql_select: select password from mail_user where login = '%u'
I had to comment out the Mech_list like to get the telnet to show:
250-AUTH LOGIN PLAIN NTLM CRAM-MD5 DIGEST-MD5
250-AUTH=LOGIN PLAIN NTLM CRAM-MD5 DIGEST-MD5

I can see in the link provided that there are many commends and suggestions to alteration to this file, but i think most of them referes to if you do not downgrate?
How to I go about finding out if my smtpd.conf file is correct?


Here is the last part of my mail.log file that shows the autentication failure. I think the error mesage has changed from before i downgraded the packets.
Just adding the last lanes that capture the autentication error

Quote:
Apr 18 12:00:11 server1 postfix/smtpd[4665]: connect from localhost.localdomain[127.0.0.1]
Apr 18 12:00:39 server1 pop3d: Connection, ip=[::ffff:81.132.62.171]
Apr 18 12:00:39 server1 pop3d: LOGIN, user=info@werkvoorafrika.nl, ip=[::ffff:81.132.62.171], port=[49913]
Apr 18 12:00:39 server1 pop3d: LOGOUT, user=info@werkvoorafrika.nl, ip=[::ffff:81.132.62.171], port=[49913], top=0, retr=0, rcvd=12, sent=39, time=0
Apr 18 12:00:39 server1 postfix/smtpd[4671]: connect from host81-132-62-171.range81-132.btcentralplus.com[81.132.62.171]
Apr 18 12:00:40 server1 postfix/smtpd[4671]: warning: SASL authentication failure: no secret in database
Apr 18 12:00:40 server1 postfix/smtpd[4671]: warning: host81-132-62-171.range81-132.btcentralplus.com[81.132.62.171]: SASL NTLM authentication failed: authentication failure
Apr 18 12:00:40 server1 postfix/smtpd[4671]: warning: SASL authentication failure: realm changed: authentication aborted
Apr 18 12:00:40 server1 postfix/smtpd[4671]: warning: host81-132-62-171.range81-132.btcentralplus.com[81.132.62.171]: SASL DIGEST-MD5 authentication failed: authentication failure
Apr 18 12:00:40 server1 postfix/smtpd[4671]: warning: SASL authentication failure: cannot connect to saslauthd server: No such file or directory
Apr 18 12:00:40 server1 postfix/smtpd[4671]: warning: host81-132-62-171.range81-132.btcentralplus.com[81.132.62.171]: SASL LOGIN authentication failed: generic failure
Apr 18 12:00:40 server1 postfix/smtpd[4671]: lost connection after AUTH from host81-132-62-171.range81-132.btcentralplus.com[81.132.62.171]
Apr 18 12:00:40 server1 postfix/smtpd[4671]: disconnect from host81-132-62-171.range81-132.btcentralplus.com[81.132.62.171]
Apr 18 12:00:44 server1 postfix/smtpd[4671]: connect from host81-132-62-171.range81-132.btcentralplus.com[81.132.62.171]
Apr 18 12:00:45 server1 postfix/smtpd[4671]: warning: SASL authentication failure: no secret in database
Apr 18 12:00:45 server1 postfix/smtpd[4671]: warning: host81-132-62-171.range81-132.btcentralplus.com[81.132.62.171]: SASL NTLM authentication failed: authentication failure
Apr 18 12:00:45 server1 postfix/smtpd[4671]: warning: SASL authentication failure: realm changed: authentication aborted
Apr 18 12:00:45 server1 postfix/smtpd[4671]: warning: host81-132-62-171.range81-132.btcentralplus.com[81.132.62.171]: SASL DIGEST-MD5 authentication failed: authentication failure
Apr 18 12:00:45 server1 postfix/smtpd[4671]: warning: SASL authentication failure: cannot connect to saslauthd server: No such file or directory
Apr 18 12:00:45 server1 postfix/smtpd[4671]: warning: host81-132-62-171.range81-132.btcentralplus.com[81.132.62.171]: SASL LOGIN authentication failed: generic failure
Apr 18 12:00:45 server1 postfix/smtpd[4671]: lost connection after AUTH from host81-132-62-171.range81-132.btcentralplus.com[81.132.62.171]
Apr 18 12:00:45 server1 postfix/smtpd[4671]: disconnect from host81-132-62-171.range81-132.btcentralplus.com[81.132.62.171]
Apr 18 12:02:15 server1 postfix/smtpd[4665]: lost connection after EHLO from localhost.localdomain[127.0.0.1]
Apr 18 12:02:15 server1 postfix/smtpd[4665]: disconnect from localhost.localdomain[127.0.0.1]
Apr 18 12:04:06 server1 postfix/anvil[4672]: statistics: max connection rate 2/60s for (smtp:81.132.62.171) at Apr 18 12:00:44
Apr 18 12:04:06 server1 postfix/anvil[4672]: statistics: max connection count 1 for (smtp:81.132.62.171) at Apr 18 12:00:39
Apr 18 12:04:06 server1 postfix/anvil[4672]: statistics: max cache size 1 at Apr 18 12:00:39
Apr 18 12:05:01 server1 postfix/pickup[4652]: 39A2B118148: uid=5001 from=<getmail>
Apr 18 12:05:01 server1 postfix/cleanup[5439]: 39A2B118148: message-id=<20120418100501.39A2B118148@server1.example.com >
Apr 18 12:05:01 server1 postfix/qmgr[4653]: 39A2B118148: from=<getmail@server1.example.com>, size=672, nrcpt=1 (queue active)
Apr 18 12:05:01 server1 imapd: Connection, ip=[::ffff:127.0.0.1]
Apr 18 12:05:01 server1 pop3d: Connection, ip=[::ffff:127.0.0.1]
Apr 18 12:05:01 server1 pop3d: Disconnected, ip=[::ffff:127.0.0.1]
Apr 18 12:05:01 server1 imapd: Disconnected, ip=[::ffff:127.0.0.1], time=0
Apr 18 12:05:01 server1 postfix/smtpd[5465]: connect from localhost.localdomain[127.0.0.1]
Apr 18 12:05:01 server1 postfix/smtpd[5465]: lost connection after CONNECT from localhost.localdomain[127.0.0.1]
Apr 18 12:05:01 server1 postfix/smtpd[5465]: disconnect from localhost.localdomain[127.0.0.1]
Apr 18 12:05:06 server1 postfix/smtpd[5501]: connect from localhost.localdomain[127.0.0.1]
Apr 18 12:05:06 server1 postfix/smtpd[5501]: C8F1811812D: client=localhost.localdomain[127.0.0.1]
Apr 18 12:05:06 server1 postfix/cleanup[5439]: C8F1811812D: message-id=<20120418100501.39A2B118148@server1.example.com >
Apr 18 12:05:06 server1 postfix/qmgr[4653]: C8F1811812D: from=<getmail@server1.example.com>, size=1161, nrcpt=1 (queue active)
Apr 18 12:05:06 server1 amavis[4663]: (04663-01) Passed CLEAN, <getmail@server1.example.com> -> <getmail@server1.example.com>, Message-ID: <20120418100501.39A2B118148@server1.example.com> , mail_id: D932w5VLsNFH, Hits: 1.179, size: 672, queued_as: C8F1811812D, 5539 ms
Apr 18 12:05:06 server1 postfix/smtp[5445]: 39A2B118148: to=<getmail@server1.example.com>, orig_to=<getmail>, relay=127.0.0.1[127.0.0.1]:10024, delay=5.7, delays=0.13/0.03/0.04/5.5, dsn=2.0.0, status=sent (250 2.0.0 from MTA([127.0.0.1]:10025): 250 2.0.0 Ok: queued as C8F1811812D)
Apr 18 12:05:06 server1 postfix/qmgr[4653]: 39A2B118148: removed
Apr 18 12:05:06 server1 postfix/local[5502]: C8F1811812D: to=<getmail@server1.example.com>, relay=local, delay=0.06, delays=0.02/0.03/0/0.01, dsn=2.0.0, status=sent (delivered to mailbox)
Apr 18 12:05:06 server1 postfix/qmgr[4653]: C8F1811812D: removed

Any idea what i have to do next?

Regards
Morten
Reply With Quote
  #4  
Old 18th April 2012, 12:34
till till is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 35,457
Thanks: 813
Thanked 5,230 Times in 4,099 Posts
Default

Quote:
I had to comment out the Mech_list like to get the telnet to show:
250-AUTH LOGIN PLAIN NTLM CRAM-MD5 DIGEST-MD5
250-AUTH=LOGIN PLAIN NTLM CRAM-MD5 DIGEST-MD5
Please undo that. The mech list has to be "mech_list: plain login", cram-md5 is not supported and by enabling it, all auth attemts that use this mechanism will fail. The link you followed http://linux.about.com/od/ubusrv_doc/a/ubusg29t06.htm is for a different kind of setup.

Quote:
How to I go about finding out if my smtpd.conf file is correct?
the file you posted is correct, when you fix the removal of the mech_list.

Pleasecheck the settings in your mail client and ensure that it uses the full email address for smtp authentication and not just the part in front of the @.
__________________
Till Brehm
--
Get ISPConfig support and the ISPConfig 3 manual from ispconfig.org.

Last edited by till; 18th April 2012 at 12:37.
Reply With Quote
  #5  
Old 18th April 2012, 12:52
morten44 morten44 is offline
Member
 
Join Date: Apr 2012
Posts: 37
Thanks: 3
Thanked 0 Times in 0 Posts
Default Update 2

Hi
Thanks for very fast reply

Quote:
the file you posted is correct, when you fix the removal of the mech_list.
Does that mean that its ok or I have to find a way to get it to work without comment out that line?

Yes the client are setup correct
the only authentication i use is this
I use my domain name as SMTP. The domain name has been made in ispconfig.
I guess this is ok because it does register the attemt to logon in mail file

I attach 2 screenshot from my outlook 2007 client that shows the setup.
I have checket its using deafault port 25

hm..

Kind Regards
Morten
Attached Images
  
Reply With Quote
  #6  
Old 18th April 2012, 13:43
pititis pititis is offline
Senior Member
 
Join Date: Dec 2010
Location: München
Posts: 364
Thanks: 38
Thanked 90 Times in 68 Posts
Default

No, you must use

mech_list: plain login

If your problem is the authentication security, just use TLS
Reply With Quote
  #7  
Old 18th April 2012, 14:46
morten44 morten44 is offline
Member
 
Join Date: Apr 2012
Posts: 37
Thanks: 3
Thanked 0 Times in 0 Posts
Default

Hi
Ok i see, so have to uncomment that line again than. I just think i did something right

Cound you give me a link to som reading on how to change it from
saslauthd --> TLS?

Does this involved using different port insteead of 25?

Sorry I am totally new to Linux but really want to get into it.
Our old webserver was Windows 2003 and we are trying to convince them to scrap that and use Linux/ISPConfig

Kind Regards
Morten
Reply With Quote
  #8  
Old 18th April 2012, 15:05
till till is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 35,457
Thanks: 813
Thanked 5,230 Times in 4,099 Posts
Default

Quote:
Cound you give me a link to som reading on how to change it from
saslauthd --> TLS?
saslauthd and tls are different things, so nothing that you can change between. Especially as tls is not related to authentication, tls is transport ayer security and saslauthd is a smtp authentication daemon.

My recommendation is that you redor each step of the mails etup from the guide and afterwards run a manual ispconfig update and choose to reconfigure services during update.
__________________
Till Brehm
--
Get ISPConfig support and the ISPConfig 3 manual from ispconfig.org.
Reply With Quote
  #9  
Old 20th April 2012, 13:46
morten44 morten44 is offline
Member
 
Join Date: Apr 2012
Posts: 37
Thanks: 3
Thanked 0 Times in 0 Posts
Default udpate

Hi
I tried to run the setup again and I have the same problem

However i went back to what you said about TLS

I did find a place in Outlook to set this and if I disable SMTP Authentication it does work
Wow

Question:
The reason why we use SMTP Authentication is to make sure no one else than local users can send from our SMTP

Does TLS do the same job, meaning that no one else than with an email address and password on our system can send from our SMTP

Is this as secure as SMTP Authentication?

See attached

Kind Regards
Morten
Attached Images
 
Reply With Quote
  #10  
Old 20th April 2012, 13:52
till till is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 35,457
Thanks: 813
Thanked 5,230 Times in 4,099 Posts
 
Default

Quote:
The reason why we use SMTP Authentication is to make sure no one else than local users can send from our SMTP
Yes.

Quote:
Does TLS do the same job, meaning that no one else than with an email address and password on our system can send from our SMTP
No. TLS and smtp authentication are different things:

SMTP authentication: Server asks for a password to send emails to a external destination.
TLS: The connection between server and client is secured with SSL.

Have you tried to send a email to a mailbox that is on your server? If yes, then sending does not work as you did not tested smtp auth in that case. Sending to a mailbox on the server is always possible without authentication, otherwise nobody would be able to send you a email.

If you like to test sending capability of your server, you have to send a email to a address that is not on your server like a gmail address. Sending to gmail trough your server should not be possible without smtp authentication.
__________________
Till Brehm
--
Get ISPConfig support and the ISPConfig 3 manual from ispconfig.org.
Reply With Quote
Reply

Bookmarks

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
SMTP and Courier auth with full mail address becks87 Installation/Configuration 1 26th October 2010 15:07
Forcing SMTP AUTH with Postfix 2.5.1/Ubuntu 8.04 elorc Server Operation 10 12th August 2010 14:04
ERROR: Connection dropped by IMAP server. [Centos 5.4, courier imap,squirrel, etc] darevil HOWTO-Related Questions 7 9th June 2010 14:49
deb 3.1 smtp auth with vhcs2 adam HOWTO-Related Questions 9 31st August 2006 23:52
SMTP Auth problem maxx General 12 1st February 2006 02:48


All times are GMT +2. The time now is 23:08.


Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.