Cant get SMTP AUTH to work Ispconfig3/postfix

Discussion in 'General' started by morten44, Apr 17, 2012.

  1. morten44

    morten44 New Member

    Hi
    I have setup a ispconfg on Ubuntu 11.10 using the manual:
    http://www.howtoforge.com/perfect-server-ubuntu-11.10-ispconfig-3

    I can use squirrelmail ok to send and receive because i am on localhost, but when i try from outlook 2007 I can not send

    I enable the SMTP Authentication in my mail client, and then make a test in outlook. It popup asking for password, but it does not work.
    This only happen when i enable the SMTP Authentication. If i do not do it I do not get prompted for password. POP3 works perfect so password is correct

    This is how i trouble shooted

    I did:
    administrator@server1:~$ telnet localhost 25
    Trying 127.0.0.1...
    Connected to localhost.localdomain.
    Escape character is '^]'.
    220 server1.example.com ESMTP Postfix (Ubuntu)
    ehlo localhost
    250-server1.example.com
    250-PIPELINING
    250-SIZE
    250-VRFY
    250-ETRN
    250-STARTTLS
    250-AUTH PLAIN LOGIN
    250-AUTH=PLAIN LOGIN
    250-ENHANCEDSTATUSCODES
    250-8BITMIME
    250 DSN

    I then read that that the 2 lines
    250-AUTH PLAIN LOGIN
    250-AUTH=PLAIN LOGIN

    shoud read something like this for SMTP AUTH to work:
    250-AUTH PLAIN LOGIN DIGEST-MD5 CRAM-MD5 GSSAPI
    250-AUTH=PLAIN LOGIN DIGEST-MD5 CRAM-MD5 GSSAPI

    I then found an forum post about this on
    http://linux.about.com/od/ubusrv_doc/a/ubusg29t06.htm

    Where it explain to reinstall some of the packets with more
    I have followed

    I have reload and restarted postfix

    I try the telnet command again but its the same

    Any idea what could be wrong?

    Here is my main.cf

    The last 5 lines I have added through trying varios trouble shooting and was not there after default installation


    Kind Regards
    Morten
     
  2. pititis

    pititis Member

  3. morten44

    morten44 New Member

    Update

    Hi
    Thanks for your reply

    I checked the link and and installed a previous version
    I restarted the services and server

    At some point after i ran the telnet command again and now i got:
    This now looks good
    I still have problem with authenticate from Outlook
    I do a test and it asks me for user and massword
    I write my email and password (that works in Squirrelmail)
    and the login box pops up again


    My smtpd.conf file looks like this
    I had to comment out the Mech_list like to get the telnet to show:
    250-AUTH LOGIN PLAIN NTLM CRAM-MD5 DIGEST-MD5
    250-AUTH=LOGIN PLAIN NTLM CRAM-MD5 DIGEST-MD5

    I can see in the link provided that there are many commends and suggestions to alteration to this file, but i think most of them referes to if you do not downgrate?
    How to I go about finding out if my smtpd.conf file is correct?


    Here is the last part of my mail.log file that shows the autentication failure. I think the error mesage has changed from before i downgraded the packets.
    Just adding the last lanes that capture the autentication error


    Any idea what i have to do next?

    Regards
    Morten
     
  4. till

    till Super Moderator

    Please undo that. The mech list has to be "mech_list: plain login", cram-md5 is not supported and by enabling it, all auth attemts that use this mechanism will fail. The link you followed http://linux.about.com/od/ubusrv_doc/a/ubusg29t06.htm is for a different kind of setup.

    the file you posted is correct, when you fix the removal of the mech_list.

    Pleasecheck the settings in your mail client and ensure that it uses the full email address for smtp authentication and not just the part in front of the @.
     
    Last edited: Apr 18, 2012
  5. morten44

    morten44 New Member

    Update 2

    Hi
    Thanks for very fast reply :)

    Does that mean that its ok or I have to find a way to get it to work without comment out that line?

    Yes the client are setup correct
    the only authentication i use is this
    I use my domain name as SMTP. The domain name has been made in ispconfig.
    I guess this is ok because it does register the attemt to logon in mail file

    I attach 2 screenshot from my outlook 2007 client that shows the setup.
    I have checket its using deafault port 25

    hm..

    Kind Regards
    Morten
     

    Attached Files:

  6. pititis

    pititis Member

    No, you must use

    mech_list: plain login

    If your problem is the authentication security, just use TLS
     
  7. morten44

    morten44 New Member

    Hi
    Ok i see, so have to uncomment that line again than. I just think i did something right :)

    Cound you give me a link to som reading on how to change it from
    saslauthd --> TLS?

    Does this involved using different port insteead of 25?

    Sorry I am totally new to Linux but really want to get into it.
    Our old webserver was Windows 2003 and we are trying to convince them to scrap that and use Linux/ISPConfig

    Kind Regards
    Morten
     
  8. till

    till Super Moderator

    saslauthd and tls are different things, so nothing that you can change between. Especially as tls is not related to authentication, tls is transport ayer security and saslauthd is a smtp authentication daemon.

    My recommendation is that you redor each step of the mails etup from the guide and afterwards run a manual ispconfig update and choose to reconfigure services during update.
     
  9. morten44

    morten44 New Member

    udpate

    Hi
    I tried to run the setup again and I have the same problem

    However i went back to what you said about TLS

    I did find a place in Outlook to set this and if I disable SMTP Authentication it does work :)
    Wow

    Question:
    The reason why we use SMTP Authentication is to make sure no one else than local users can send from our SMTP

    Does TLS do the same job, meaning that no one else than with an email address and password on our system can send from our SMTP

    Is this as secure as SMTP Authentication?

    See attached

    Kind Regards
    Morten
     

    Attached Files:

    • TLS.jpg
      TLS.jpg
      File size:
      58.4 KB
      Views:
      4,121
  10. till

    till Super Moderator

    Yes.

    No. TLS and smtp authentication are different things:

    SMTP authentication: Server asks for a password to send emails to a external destination.
    TLS: The connection between server and client is secured with SSL.

    Have you tried to send a email to a mailbox that is on your server? If yes, then sending does not work as you did not tested smtp auth in that case. Sending to a mailbox on the server is always possible without authentication, otherwise nobody would be able to send you a email.

    If you like to test sending capability of your server, you have to send a email to a address that is not on your server like a gmail address. Sending to gmail trough your server should not be possible without smtp authentication.
     
  11. morten44

    morten44 New Member

    Hi
    Thanks for feedback

    Then i am back to square one! :(
    We need the server to work with SMTP Authentication so its only used by authorized users.

    I re-ran the squirrelmail and ispconfig install scripts but that did not help
    I still cant get it to work with SMTP Authentication.
    It asks me to enter the user and pass (fullmail address/password) but after 5sec it asks again and it does not do anything. Same username and password works in squirrelmail so i know its the right one.

    If i send from localdomain to another domain on same server it works from outlook without smtp authetication as it is supposed to.
    If I send out from our server it does not work.

    I have no idea how to get around it
    I have read that it does not work out of the box with Ubuntu 11.10 and we need to downgrade some packets to 11.04. Others say that I just have to do some changes to the smtp.conf file.

    Is there anymore trouble shooting anyone can advice me to do?
    If not I am really considering installing Debian/ISPConfig as not sure how to mvoe forward from here

    Thanks again
    Morten
     
  12. till

    till Super Moderator

  13. morten44

    morten44 New Member

    Hi
    Thanks again for reply
    I will try that one more time.
    I already did it once.

    My problem with that solution was that i did downgrade but think that I already had done some changes to the smtp.conf file

    So now I have rerun the ispconfig script and therefore believe that the smtp.conf file is back to deafault, so lets see if it will work after downgrade.

    Its not totally clear for me how the smtp.conf file is supposed to look like in that link you sent as the onces attached below in comment are examples of changing without upgrade

    Kind Regards
    Morten
     
  14. till

    till Super Moderator

    The defauklt file that comes with ISPConfig is:

    Code:
    pwcheck_method: saslauthd
    mech_list: plain login
    allow_plaintext: true
    auxprop_plugin: mysql
    sql_hostnames: {mysql_server_ip}
    sql_user: {mysql_server_ispconfig_user}
    sql_passwd: {mysql_server_ispconfig_password}
    sql_database: {mysql_server_database}
    sql_select: select password from mail_user where login = '%u'
    The parts in {} are placeholders and should contain the mysql details for your server already.
     
  15. morten44

    morten44 New Member

    Thanks for posting that
    Will give it a try


    Cheers
     
  16. morten44

    morten44 New Member

    Hi
    It now works :)
    Thanks for your help

    I did the following
    1. Checked that my smtp.conf file was identical to yours
    2. I downgrated the packets as described in your link (did this before as well)
    3. Rebooted and it still did not work

    I then deleted the main.cf file and ran ISPConfig setup script again
    Reboot and now it works

    Thanks again for all your help

    Regards
    morten
     

Share This Page