Authentification problem with Postfix

Discussion in 'Server Operation' started by mathieu_, Feb 21, 2011.

  1. mathieu_

    mathieu_ New Member


    I'm know to postfix, and I am experimenting some problems trying to configure a SMTP relay on my server using Postfix.

    I am using Ubuntu 10.04 and I have installed sasl and postfix, using the tutorial here :
    I use my ISP (1and1) to send the mail. When I try to send one using sendmail, I get the following error (using postqueue) :

    (SASL authentication failed; server[] said: 535 Authentication failure)

    The logs in /var/log/mail.log shows a problem with the certificate verification, and I have no clue where this certificate is coming from, since I have created one (as specified in the tutorial)

    Feb 21 17:59:46 scarlatti postfix/master[12295]: terminating on signal 15
    Feb 21 17:59:47 scarlatti postfix/master[12531]: daemon started -- version 2.7.0, configuration /etc/postfix
    Feb 21 18:01:38 scarlatti postfix/master[1279]: daemon started -- version 2.7.0, configuration /etc/postfix
    Feb 21 18:04:00 scarlatti postfix/pickup[1320]: 7C1F385624: uid=1000 from=<xxxx>
    Feb 21 18:04:00 scarlatti postfix/cleanup[1659]: 7C1F385624: message-id=<[email protected]>
    Feb 21 18:04:00 scarlatti postfix/qmgr[1321]: 7C1F385624: from=<[email protected]>, size=312, nrcpt=1 (queue active)
    Feb 21 18:04:01 scarlatti postfix/smtp[1662]: certificate verification failed for[]:587: untrusted issuer /C=ZA/ST=Western Cape/L=Cape Town/O=Thawte Consulting cc/OU=Certification Services Division/CN=Thawte Premium Server CA/[email protected]
    Feb 21 18:04:01 scarlatti postfix/smtp[1662]: 7C1F385624: SASL authentication failed; server[] said: 535 Authentication failure

    Here is my :

    # See /usr/share/postfix/ for a commented, more complete version

    # Debian specific: Specifying a file name will cause the first
    # line of that file to be used as the name. The Debian default
    # is /etc/mailname.
    #myorigin = /etc/mailname

    smtpd_banner = $myhostname ESMTP $mail_name (Ubuntu)
    biff = no

    # appending .domain is the MUA's job.
    append_dot_mydomain = no

    # Uncomment the next line to generate "delayed mail" warnings
    #delay_warning_time = 4h

    readme_directory = no

    # TLS parameters
    smtpd_tls_key_file = /etc/ssl/private/smtpd.key
    smtpd_tls_cert_file = /etc/ssl/certs/smtpd.crt
    smtpd_tls_CAfile = /etc/ssl/certs/cacert.pem
    smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
    smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache

    smtp_sasl_auth_enable = yes
    smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd
    smtp_sasl_security_options =

    smtpd_sasl_local_domain =
    smtpd_sasl_auth_enable = yes
    smtpd_sasl_security_options = noanonymous
    broken_sasl_auth_clients = yes
    smtpd_recipient_restrictions = permit_sasl_authenticated,permit_mynetworks,reject_unauth_destination

    smtp_tls_security_level = may
    smtpd_tls_security_level = may
    smtpd_tls_auth_only = no
    smtp_tls_note_starttls_offer = yes
    smtpd_tls_loglevel = 1
    smtpd_tls_received_header = yes
    smtpd_tls_session_cache_timeout = 3600s
    tls_random_source = dev:/dev/urandom

    # See /usr/share/doc/postfix/TLS_README.gz in the postfix-doc package for
    # information on enabling SSL in the smtp client.
    myhostname = xxxx
    alias_maps = hash:/etc/aliases
    alias_database = hash:/etc/aliases
    myorigin = /etc/mailname
    mydestination = xxxx, xxxx, localhost.localdomain, localhost
    relayhost = []:587
    mailbox_size_limit = 0
    recipient_delimiter = +
    inet_interfaces = all
    inet_protocols = all
    mynetworks =
    home_mailbox = Maildir/

    Thanks for your help !
  2. falko

    falko Super Moderator ISPConfig Developer

  3. mathieu_

    mathieu_ New Member

Share This Page