Go Back   HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials > Linux Forums > HOWTO-Related Questions

Do you like HowtoForge? Please consider supporting us by becoming a subscriber.
Reply
 
Thread Tools Display Modes
  #11  
Old 4th June 2010, 14:38
Mark_NL Mark_NL is offline
Senior Member
 
Join Date: Sep 2008
Location: The Netherlands
Posts: 912
Thanks: 12
Thanked 100 Times in 96 Posts
Default

i noticed that
Code:
127.0.0.1:10025 inet n - - - - smtpd
-o smtpd_restriction_classes=
-o smtpd_client_restrictions=
-o smtpd_helo_restrictions=
-o smtpd_sender_restrictions=
-o smtpd_recipient_restrictions=permit_mynetworks,rej ect
-o smtpd_bind_address=127.0.0.1
"re ject" @ smtpd_recipient_restriction=... ???

and i've compared my working configs with yours and also noticed that i haven't set this variable: smtpd_sasl_path = /etc/postfix/sasl


edit:
/etc/pam.d/smtp contains
Code:
auth    required   pam_mysql.so user=mail_admin passwd=mail_admin_password host=127.0.0.1 db=mail table=users usercolumn=email passwdcolumn=password crypt=1
account sufficient pam_mysql.so user=mail_admin passwd=mail_admin_password host=127.0.0.1 db=mail table=users usercolumn=email passwdcolumn=password crypt=1
?? check if you didn't mistakenly created a "smtpd" instead of "smtp" file

/etc/courier/authdeamonrc
authmodulelist="authmysql"

and double check authmysqlrc

Last edited by Mark_NL; 4th June 2010 at 14:41.
Reply With Quote
Sponsored Links
  #12  
Old 4th June 2010, 14:46
zeljko zeljko is offline
Junior Member
 
Join Date: Jun 2010
Posts: 13
Thanks: 0
Thanked 0 Times in 0 Posts
Default

I have added that path parameter just to try if it helps, it's not working either ... and for re ject it must be copy/paste error, I have looked at main.cf now ant there is no space there ...
Reply With Quote
  #13  
Old 4th June 2010, 15:12
Mark_NL Mark_NL is offline
Senior Member
 
Join Date: Sep 2008
Location: The Netherlands
Posts: 912
Thanks: 12
Thanked 100 Times in 96 Posts
Default

Well i'm kinda out of idea's .. and it's hard to go all options one by one ..
i could have a look at your system, if you want, you can privmsg me with login data so i can have a look at your settings.
Reply With Quote
  #14  
Old 4th June 2010, 15:34
zeljko zeljko is offline
Junior Member
 
Join Date: Jun 2010
Posts: 13
Thanks: 0
Thanked 0 Times in 0 Posts
Default

Dear Mark ,

first of all thank you for all help! I don't know how and what I did ( I really don't know! ) but sasl seems to be working now in PLAIN and LOGIN when I set in thunderbird username for SMTP server, but when I check the "Use secure authentication" I got this from thunderbird:

Sending of message failed.
An error occurred sending mail: Unable to authenticate to SMTP server 127.0.0.1. The server does not support any compatible secure authentication mechanism but you have chosen secure authentication. Try switching off secure authentication or contact your service provider.

Do you know what "Use secure authentication" means?
And is it secure enough to use STARTTLS and sasl PLAIN ?
Reply With Quote
  #15  
Old 4th June 2010, 15:55
Mark_NL Mark_NL is offline
Senior Member
 
Join Date: Sep 2008
Location: The Netherlands
Posts: 912
Thanks: 12
Thanked 100 Times in 96 Posts
 
Default

Code:
spica:/etc/postfix# openssl s_client -connect zm.gotdns.com:25 -starttls smtp 
CONNECTED(00000003)
depth=0 /C=AU/ST=Some-State/O=Internet Widgits Pty Ltd/emailAddress=postmaster@zm.gotdns.com
verify error:num=18:self signed certificate
verify return:1
depth=0 /C=AU/ST=Some-State/O=Internet Widgits Pty Ltd/emailAddress=postmaster@zm.gotdns.com
verify return:1
---
Certificate chain
 0 s:/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd/emailAddress=postmaster@zm.gotdns.com
   i:/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd/emailAddress=postmaster@zm.gotdns.com
---
Server certificate
-----BEGIN CERTIFICATE-----
MIIEMzCCAxugAwIBAgIJAIf2MlBfiyEgMA0GCSqGSIb3DQEBBQUAMG4xCzAJBgNV
BAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBX
aWRnaXRzIFB0eSBMdGQxJzAlBgkqhkiG9w0BCQEWGHBvc3RtYXN0ZXJAem0uZ290
ZG5zLmNvbTAeFw0xMDA1MTMxNjIyNThaFw0xMTA1MTMxNjIyNThaMG4xCzAJBgNV
BAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBX
aWRnaXRzIFB0eSBMdGQxJzAlBgkqhkiG9w0BCQEWGHBvc3RtYXN0ZXJAem0uZ290
ZG5zLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBANmT1LSYxrjp
IettubpWa4djQfrswPYadhJzTBYlpEGirIbhPOIpPlkOpzvmZmiHNWPUpkoIwE20
aLVKjXC6EvAVr4kP7p42T/YQm8KniOfbFOqyQw1mHb9bWUBWb111zGnqw5k/9Vb1
y8jDjMgJyBm7X2uFn9Yd3J3zMuKmwL/jkvyxynXrjaCiqe20N6j/Jyoe+GISApsu
nnLNCm/gE1ZKchLXtYg+Er4Hk0dg2YlWI+uRbxISxezvUKD+ZRehWJB+L85ueD+F
7GjySlJ+jAewRrgr/BgznbWq+Acz+GUlXN8lNZerjdl2T/rIWaOe5bUV3qcBos3o
psMNtKxNyhcCAwEAAaOB0zCB0DAdBgNVHQ4EFgQU9iTcpz11FdQdfnD39tNLFpU1
V88wgaAGA1UdIwSBmDCBlYAU9iTcpz11FdQdfnD39tNLFpU1V8+hcqRwMG4xCzAJ
BgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5l
dCBXaWRnaXRzIFB0eSBMdGQxJzAlBgkqhkiG9w0BCQEWGHBvc3RtYXN0ZXJAem0u
Z290ZG5zLmNvbYIJAIf2MlBfiyEgMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEF
BQADggEBAAJso0cJR9FYyeUaHekq4HtzG9GnXsTYO9DwlABrrE+AdGc164Pf77SI
CLqc2k5XBFkFQ9wr4LfpNhKb6M2D65cfjcr+lMU94ad+RaRsdAa/nunSUmHuhBAQ
lBFOLv6vAWNPvffWQdT+naL3zjHIClnwn0xwMbBeSepFrhmBxpl+FjUZ/9yF1QUa
/VmEOY6B3otyKyYd3EMMchnYKuGyzw+cAljlNCM1zDHS+pinPPD+Dq6liWpOFgAa
GR5LQyqTs5GBZoQNvvw23hHjPNys8jpQ3EEvEjGylwZJdXDz0FalZmXLWz+XCXsV
T8fiRqE7jcESKs6bu328qW2Zhz1nm5I=
-----END CERTIFICATE-----
subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd/emailAddress=postmaster@zm.gotdns.com
issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd/emailAddress=postmaster@zm.gotdns.com
---
No client certificate CA names sent
---
SSL handshake has read 2023 bytes and written 351 bytes
---
New, TLSv1/SSLv3, Cipher is DHE-RSA-AES256-SHA
Server public key is 2048 bit
Compression: NONE
Expansion: NONE
SSL-Session:
    Protocol  : TLSv1
    Cipher    : DHE-RSA-AES256-SHA
    Session-ID: 25A6617F67E4A2ACC806A9DCF6D0EF68700D05C599308AFA197F92E09FBECF03
    Session-ID-ctx: 
    Master-Key: B9D2C5FD0CFC6E6B742221093180936FDF08BE4DEC4FDAEA99C82ED7FB51FD5B12A47D3FF4A64C7645A3153C51692CE7
    Key-Arg   : None
    Start Time: 1275659460
    Timeout   : 300 (sec)
    Verify return code: 18 (self signed certificate)
---
250 DSN
EHLO mark
250-zm.gotdns.com
250-PIPELINING
250-SIZE 10240000
250-VRFY
250-ETRN
250-AUTH LOGIN PLAIN
250-AUTH=LOGIN PLAIN
250-ENHANCEDSTATUSCODES
250-8BITMIME
250 DSN
looks like TLS is working just fine, i think your client settings aren't correct.
at least, i could make a TLS connection to your MTA .. i just didn't knew any mail accounts to send an email to
Reply With Quote
Reply

Bookmarks

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump


All times are GMT +2. The time now is 01:35.


Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.