Go Back   HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials > Linux Forums > Server Operation

Do you like HowtoForge? Please consider supporting us by becoming a subscriber.
Reply
 
Thread Tools Display Modes
  #1  
Old 27th January 2008, 19:49
joerg joerg is offline
Junior Member
 
Join Date: Jan 2008
Location: Cologne
Posts: 10
Thanks: 0
Thanked 0 Times in 0 Posts
Question Postfix and SMTP-AUTH again

Hello all,

sorry for asking the same thing (nearly) again, but in the existing threads I was not able to find the silver bullet so far.

Based on SuSE 10.3 (64bit) I try to set up a working Postfix / Courier-authlib solution. Being logged on the host itself, via telnet it is possible to send my test mails to external addresses. But so far I was neither able to do the same from remote, nor to connect my Outlook / Outlook Express / Evolution client to my mail server (yes, I have set the "outbound server requires authentication" flag).

What information do you need to narrow down the problem? As a starting point, the corresponding log entry (/var/log/mail) looks:

Code:
postfix/smtpd[9610]: NOQUEUE: reject: RCPT from hostofmy.isp.de[xx.xx.xx.xx]: 554 5.7.1 <external@address.de>: Relay access denied; from=<me@myserver.de> to=<external@address.de> proto=ESMTP helo=<myclient>
My /etc/sasl2/smtpd.conf reads:

Code:
pwcheck_method: authdaemond
mech_list: login
authdaemond_path: /var/run/authdaemon.courier-imap/socket
log_level: 3
And the uncommented lines of my /etc/authlib/authdaemonrc are:

Code:
authmodulelist="authmysql"
authmodulelistorig="authuserdb authpam authpgsql authldap authmysql authcustom authpipe"
daemons=5
authdaemonvar=/var/run/authdaemon.courier-imap
DEBUG_LOGIN=2
DEFAULTOPTIONS=""
LOGGEROPT=""
And the /etc/authlib/authmysqlrc is:

Code:
MYSQL_SERVER myhost.myhoster.de
MYSQL_USERNAME mysql_mail_user
MYSQL_PASSWORD mysql_mail_user_password
MYSQL_PORT 3306
MYSQL_OPT 0
MYSQL_DATABASE mail
MYSQL_USER_TABLE mailboxes
MYSQL_CRYPT_PWFIELD password
MYSQL_UID_FIELD 1000
MYSQL_GID_FIELD 1000
MYSQL_LOGIN_FIELD email
MYSQL_HOME_FIELD "/var/mail/vmail"
MYSQL_MAILDIR_FIELD concat(substring_index(email,'@',-1),'/',substring_index(email,'@',1),'/')
I would appreciate any advice, thank you in advance,

Joerg

Last edited by joerg; 27th January 2008 at 21:39. Reason: Supply more information
Reply With Quote
Sponsored Links
  #2  
Old 27th January 2008, 22:10
joerg joerg is offline
Junior Member
 
Join Date: Jan 2008
Location: Cologne
Posts: 10
Thanks: 0
Thanked 0 Times in 0 Posts
Default

Supplied more information, see above. Thank you for digging through...
Reply With Quote
  #3  
Old 28th January 2008, 17:04
falko falko is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 41,711
Thanks: 1,899
Thanked 2,702 Times in 2,545 Posts
Default

I'd try
Code:
mech_list: login plain
in the smtpd.conf.
__________________
Falko
--
Download the ISPConfig 3 Manual! | Check out the ISPConfig 3 Billing Module!

FB: http://www.facebook.com/howtoforge

nginx-Webhosting: Timme Hosting | Follow me on:
Reply With Quote
  #4  
Old 28th January 2008, 18:30
joerg joerg is offline
Junior Member
 
Join Date: Jan 2008
Location: Cologne
Posts: 10
Thanks: 0
Thanked 0 Times in 0 Posts
Default

Falko,

thanks for replying!

I think I had declared the plain mechanism before, but to be on the safe side, I inserted it again. It had absolutely no effect, everything behaves exactly as before.

Btw, just to understand what I'm doing: Shouldn't the declaration of plain in the smtpd.conf mean, that I hadn't to provide a password at all?

Either way, as it still doesn't work - any other ideas?

Thank you very much!
Reply With Quote
  #5  
Old 29th January 2008, 20:20
falko falko is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 41,711
Thanks: 1,899
Thanked 2,702 Times in 2,545 Posts
Default

Do you use the right username (must be an email address) and password in your email client?
__________________
Falko
--
Download the ISPConfig 3 Manual! | Check out the ISPConfig 3 Billing Module!

FB: http://www.facebook.com/howtoforge

nginx-Webhosting: Timme Hosting | Follow me on:
Reply With Quote
  #6  
Old 29th January 2008, 20:31
joerg joerg is offline
Junior Member
 
Join Date: Jan 2008
Location: Cologne
Posts: 10
Thanks: 0
Thanked 0 Times in 0 Posts
Default

Falko,

yes, sure, the username is the full email address. I'll post the main.cf in a few moments, if you think it can help...?

CU
Reply With Quote
  #7  
Old 29th January 2008, 21:31
joerg joerg is offline
Junior Member
 
Join Date: Jan 2008
Location: Cologne
Posts: 10
Thanks: 0
Thanked 0 Times in 0 Posts
Default

Here now, see the main.cf below:

Code:
queue_directory = /var/spool/postfix
command_directory = /usr/sbin
daemon_directory = /usr/lib/postfix
mail_owner = postfix
unknown_local_recipient_reject_code = 550
debug_peer_level = 2
debugger_command =
	 PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin
	 xxgdb $daemon_directory/$process_name $process_id & sleep 5
sendmail_path = /usr/sbin/sendmail
newaliases_path = /usr/bin/newaliases
mailq_path = /usr/bin/mailq
setgid_group = maildrop
html_directory = /usr/share/doc/packages/postfix/html
manpage_directory = /usr/share/man
sample_directory = /usr/share/doc/packages/postfix/samples
readme_directory = /usr/share/doc/packages/postfix/README_FILES
inet_protocols = all
biff = no
mail_spool_directory = /var/mail
canonical_maps = hash:/etc/postfix/canonical
virtual_alias_maps = mysql:/etc/postfix/mysql-virtual-aliases.cf
virtual_alias_domains = hash:/etc/postfix/virtual
virtual_mailbox_domains = mysql:/etc/postfix/mysql-virtual-domains.cf
virtual_mailbox_base = /var/mail/vmail
virtual_mailbox_maps = mysql:/etc/postfix/mysql-virtual-mailboxes.cf
virtual_minimum_uid = 200
virtual_uid_maps = static:1000
virtual_gid_maps = static:1000
relocated_maps = hash:/etc/postfix/relocated
transport_maps = hash:/etc/postfix/transport
sender_canonical_maps = hash:/etc/postfix/sender_canonical
masquerade_exceptions = root
masquerade_classes = envelope_sender, header_sender, header_recipient
myhostname = myhost.myhoster.de
program_directory = /usr/lib/postfix
inet_interfaces = all
masquerade_domains = 
mydestination = $myhostname
defer_transports = 
mynetworks_style = host
disable_dns_lookups = no
relayhost = 
mailbox_command = 
mailbox_transport = 
strict_8bitmime = no
disable_mime_output_conversion = no
smtpd_sender_restrictions = hash:/etc/postfix/access
smtpd_client_restrictions = permit_sasl_authenticated,
smtpd_helo_required = no
smtpd_helo_restrictions = 
strict_rfc821_envelopes = no
smtpd_recipient_restrictions = permit_sasl_authenticated, permit_mynetworks,reject_unauth_destination
smtp_sasl_auth_enable = no
smtpd_sasl_auth_enable = yes
smtpd_use_tls = no
smtp_use_tls = no
alias_maps = hash:/etc/aliases
mailbox_size_limit = 0
message_size_limit = 8388608
broken_sasl_auth_clients = yes
Thanks for your time.
Reply With Quote
  #8  
Old 29th January 2008, 23:48
joerg joerg is offline
Junior Member
 
Join Date: Jan 2008
Location: Cologne
Posts: 10
Thanks: 0
Thanked 0 Times in 0 Posts
Exclamation

Sorry for possible irritations so far, but i had to learn something new, and maybe this leads to a different track:

By now, I have not issued any AUTH LOGIN, when I was trying to connect from my remote client via telnet (but I didn't need to do so when telnet'ting from the server locally - why?).

When I now do so, there are some points to note, which possibly leads to a new track:

Firstly, the server's opening after the EHLO doesn't offer the PLAIN mechanism, though I inserted it in the smtpd.conf on Falko's advice, and also restarted the postfix daemon afterwards. Do I have to restart any other service?

Secondly, when I continue with AUTH LOGIN, the server returns an error message. I give you the complete dialog:

Quote:
Trying yy.yy.yy.yy...
Connected to myhost.myhoster.de.
Escape character is '^]'.
220 myhost.myhoster.de ESMTP Postfix
EHLO myclient
250-myhost.myhoster.de
250-PIPELINING
250-SIZE 8388608
250-VRFY
250-ETRN
250-AUTH LOGIN
250-AUTH=LOGIN
250-ENHANCEDSTATUSCODES
250-8BITMIME
250 DSN
AUTH LOGIN
334 VXNlcm5hbWU6
<MyBase64encodedUsername>
334 UGFzc3dvcmQ6
<MyBase64encodedPassword>
535 5.7.0 Error: authentication failed: generic failure
QUIT
221 2.0.0 Bye
Connection closed by foreign host.
Thirdly and possibly most important, the corresponding lines in the mail log read as follows:

Quote:
Jan 29 23:08:00 myhost postfix/smtpd[19023]: connect from myhost.isp.de[xx.xx.xx.xx]
Jan 29 23:10:45 myhost postfix/smtpd[19023]: warning: SASL authentication failure: cannot connect to Courier authdaemond: Permission denied
Jan 29 23:10:45 myhost postfix/smtpd[19023]: warning: myhost.isp.de[xx.xx.xx.xx]: SASL LOGIN authentication failed: generic failure
Jan 29 23:10:54 myhost postfix/smtpd[19023]: disconnect from myhost.isp.de[xx.xx.xx.xx]
Who needs permission where? Can anyone give my an overview, which item has to belong to whom, and which rights have to be given?

Thanks again to anybody thinking hard
Reply With Quote
  #9  
Old 30th January 2008, 15:28
falko falko is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 41,711
Thanks: 1,899
Thanked 2,702 Times in 2,545 Posts
Default

I'm not sure, but maybe SuSE is using another smtpd.conf than /etc/sasl2/smtpd.conf?
What's the output of
Code:
updatedb
locate smtpd.conf
?

Quote:
By now, I have not issued any AUTH LOGIN, when I was trying to connect from my remote client via telnet (but I didn't need to do so when telnet'ting from the server locally - why?).
You don't need to authenticate from localhost because you're using mynetworks_style = host.
__________________
Falko
--
Download the ISPConfig 3 Manual! | Check out the ISPConfig 3 Billing Module!

FB: http://www.facebook.com/howtoforge

nginx-Webhosting: Timme Hosting | Follow me on:
Reply With Quote
  #10  
Old 30th January 2008, 16:04
joerg joerg is offline
Junior Member
 
Join Date: Jan 2008
Location: Cologne
Posts: 10
Thanks: 0
Thanked 0 Times in 0 Posts
 
Default

Falko,

there is neither an updatedb, nor an executable locate on my system. The only file named locate is under /etc/sysconfig and contains the single line

Quote:
RUN_UPDATEDB_AS=""
Am I missing a package?

But above that, there ist no other smtpd.conf than the one under /etc/sasl2.

What do you think about the "Permission denied" in the mail log (see above)?
Reply With Quote
Reply

Bookmarks

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Postfix, smtp auth problems fish HOWTO-Related Questions 9 27th September 2007 18:34
Centos 4.4 32bit Hangs, High Server load 3cwired_com Server Operation 11 16th November 2006 15:47
Verify email setup meekish Installation/Configuration 28 27th October 2006 15:36
postfix smtp sasl auth problem hammer Installation/Configuration 1 13th July 2006 18:19
Postfix SMTP Auth Configuration kisong Installation/Configuration 6 20th October 2005 01:06


All times are GMT +2. The time now is 07:56.


Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.