SMTP Authentication Error using Postfix

Discussion in 'HOWTO-Related Questions' started by Mr.Click, Oct 30, 2011.

  1. Mr.Click

    Mr.Click New Member

    Hi.

    I followed this tutorial http://www.howtoforge.com/virtual-users-and-domains-with-postfix-courier-mysql-and-squirrelmail-debian-squeeze to install functional Email system on my server. Everything works fine If I use a webmail application (I'm using roundcube at the moment). But when I try to use Thunderbird something mess up with SMTP authentication. I can read Emails, move them between folders, but i can't send and, by checking the log i found this error:

    warning: 93-40-75-91.ip37.fastwebnet.it[93.40.75.91]: SASL PLAIN authentication failed:
    warning: 93-40-75-91.ip37.fastwebnet.it[93.40.75.91]: SASL LOGIN authentication failed: UGFzc3dvcmQ6

    il post here below my configuration

    MAIN.CF
    Code:
    # Network/Connections
    myhostname = mydomain.com
    myorigin = /etc/mailname
    mydestination = 
    relayhost = 
    mynetworks = 127.0.0.0/8
    inet_interfaces = all
    default_destination_concurrency_limit = 2
    
    # Databases
    alias_maps = hash:/etc/aliases
    alias_database = hash:/etc/aliases
    
    # SASL / SMTP authentication
    smtpd_sasl_auth_enable = yes
    smtpd_sasl_authenticated_header = yes
    smtpd_sasl_local_domain = 
    smtpd_sasl_path = private/auth
    smtpd_sasl_type = dovecot
    broken_sasl_auth_clients = yes
    
    # TLS parameters
    smtpd_tls_cert_file = /etc/postfix/smtpd.cert
    smtpd_tls_key_file = /etc/postfix/smtpd.key
    smtpd_use_tls = yes
    smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
    smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
    
    # Security/Relay
    smtpd_delay_reject = yes
    smtpd_helo_restrictions = reject_invalid_hostname
    smtpd_sender_restrictions = reject_unknown_address
    smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination
    
    # Mailbox/Message
    home_mailbox = Maildir/
    mailbox_command = procmail -a "$EXTENSION"
    virtual_mailbox_limit = 1073741824
    mailbox_size_limit = 0
    message_size_limit = 104857600
    unknown_local_recipient_reject_code = 550
    recipient_delimiter = +
    
    # misc
    biff = no
    allow_percent_hack = no
    append_at_myorigin = no
    append_dot_mydomain = no
    swap_bangpath = no
    readme_directory = /usr/share/doc/postfix
    html_directory = /usr/share/doc/postfix/html
    virtual_alias_domains = 
    virtual_alias_maps = proxy:mysql:/etc/postfix/mysql-virtual_forwardings.cf, mysql:/etc/postfix/mysql-virtual_email2email.cf
    virtual_mailbox_domains = proxy:mysql:/etc/postfix/mysql-virtual_domains.cf
    virtual_mailbox_maps = proxy:mysql:/etc/postfix/mysql-virtual_mailboxes.cf
    virtual_mailbox_base = /home/vmail
    virtual_uid_maps = static:5000
    virtual_gid_maps = static:5000
    transport_maps = proxy:mysql:/etc/postfix/mysql-virtual_transports.cf
    virtual_create_maildirsize = yes
    virtual_maildir_extended = yes
    virtual_mailbox_limit_maps = proxy:mysql:/etc/postfix/mysql-virtual_mailbox_limit_maps.cf
    virtual_mailbox_limit_override = yes
    virtual_maildir_limit_message = "The user you are trying to reach is over quota."
    virtual_overquota_bounce = yes
    proxy_read_maps = $local_recipient_maps $mydestination $virtual_alias_maps $virtual_alias_domains $virtual_mailbox_maps $virtual_mailbox_domains $relay_recipient_maps $relay_domains $canonical_maps $sender_canonical_maps $recipient_canonical_maps $relocated_maps $transport_maps $mynetworks $virtual_mailbox_limit_maps
    content_filter = amavis:[127.0.0.1]:10024
    receive_override_options = no_address_mappings
    
    MASTER.CF
    Code:
    # Postfix master process configuration file.  For details on the format
    # of the file, see the master(5) manual page (command: "man 5 master").
    #
    # Do not forget to execute "postfix reload" after editing this file.
    #
    # ==========================================================================
    # service type  private unpriv  chroot  wakeup  maxproc command + args
    #               (yes)   (yes)   (yes)   (never) (100)
    # ==========================================================================
    smtp      inet  n       -       -       -       -       smtpd
    #2525      inet  n       -       n       -       -       smtpd -o smtpd_recipient_restrictions=$smtpd_recipient_restrictions_mailfilter
    submission inet n       -       -       -       -       smtpd
      -o smtpd_tls_security_level=encrypt
      -o smtpd_sasl_auth_enable=yes
      -o smtpd_client_restrictions=permit_sasl_authenticated,reject
    #  -o milter_macro_daemon_name=ORIGINATING
    smtps     inet  n       -       -       -       -       smtpd
      -o smtpd_tls_wrappermode=yes
    #  -o smtpd_sasl_auth_enable=yes
    #  -o smtpd_client_restrictions=permit_sasl_authenticated,reject
    #  -o milter_macro_daemon_name=ORIGINATING
    #628      inet  n       -       -       -       -       qmqpd
    pickup    fifo  n       -       -       60      1       pickup
    cleanup   unix  n       -       -       -       0       cleanup
    qmgr      fifo  n       -       n       300     1       qmgr
    #qmgr     fifo  n       -       -       300     1       oqmgr
    tlsmgr    unix  -       -       -       1000?   1       tlsmgr
    rewrite   unix  -       -       -       -       -       trivial-rewrite
    bounce    unix  -       -       -       -       0       bounce
    defer     unix  -       -       -       -       0       bounce
    trace     unix  -       -       -       -       0       bounce
    verify    unix  -       -       -       -       1       verify
    flush     unix  n       -       -       1000?   0       flush
    proxymap  unix  -       -       n       -       -       proxymap
    proxywrite unix -       -       n       -       1       proxymap
    smtp      unix  -       -       -       -       -       smtp
    # When relaying mail as backup MX, disable fallback_relay to avoid MX loops
    relay     unix  -       -       -       -       -       smtp
            -o smtp_fallback_relay=
    #       -o smtp_helo_timeout=5 -o smtp_connect_timeout=5
    showq     unix  n       -       -       -       -       showq
    error     unix  -       -       -       -       -       error
    retry     unix  -       -       -       -       -       error
    discard   unix  -       -       -       -       -       discard
    local     unix  -       n       n       -       -       local
    virtual   unix  -       n       n       -       -       virtual
    lmtp      unix  -       -       -       -       -       lmtp
    anvil     unix  -       -       -       -       1       anvil
    scache    unix  -       -       -       -       1       scache
    #
    # ====================================================================
    # Interfaces to non-Postfix software. Be sure to examine the manual
    # pages of the non-Postfix software to find out what options it wants.
    #
    # Many of the following services use the Postfix pipe(8) delivery
    # agent.  See the pipe(8) man page for information about ${recipient}
    # and other message envelope options.
    # ====================================================================
    #
    # maildrop. See the Postfix MAILDROP_README file for details.
    # Also specify in main.cf: maildrop_destination_recipient_limit=1
    #
    maildrop  unix  -       n       n       -       -       pipe
      flags=DRhu user=vmail argv=/usr/bin/maildrop -d ${recipient}
    #
    # See the Postfix UUCP_README file for configuration details.
    #
    uucp      unix  -       n       n       -       -       pipe
      flags=Fqhu user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail ($recipient)
    #
    # Other external delivery methods.
    #
    ifmail    unix  -       n       n       -       -       pipe
      flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient)
    bsmtp     unix  -       n       n       -       -       pipe
      flags=Fq. user=bsmtp argv=/usr/lib/bsmtp/bsmtp -t$nexthop -f$sender $recipient
    scalemail-backend unix  -       n       n       -       2       pipe
      flags=R user=scalemail argv=/usr/lib/scalemail/bin/scalemail-store ${nexthop} ${user} ${extension}
    mailman   unix  -       n       n       -       -       pipe
      flags=FR user=list argv=/usr/lib/mailman/bin/postfix-to-mailman.py
      ${nexthop} ${user}
    
    amavis unix - - - - 2 smtp
            -o smtp_data_done_timeout=1200
            -o smtp_send_xforward_command=yes
    
    127.0.0.1:10025 inet n - - - - smtpd
            -o content_filter=
            -o local_recipient_maps=
            -o relay_recipient_maps=
            -o smtpd_restriction_classes=
            -o smtpd_client_restrictions=
            -o smtpd_helo_restrictions=
            -o smtpd_sender_restrictions=
            -o smtpd_recipient_restrictions=permit_mynetworks,reject
            -o mynetworks=127.0.0.0/8
            -o strict_rfc821_envelopes=yes
            -o receive_override_options=no_unknown_recipient_checks,no_header_body_checks
            -o smtpd_bind_address=127.0.0.1
    SASLAUTHD
    Code:
    #
    # Settings for saslauthd daemon
    # Please read /usr/share/doc/sasl2-bin/README.Debian for details.
    #
    
    # Should saslauthd run automatically on startup? (default: no)
    START=yes
    
    # Description of this saslauthd instance. Recommended.
    # (suggestion: SASL Authentication Daemon)
    DESC="SASL Authentication Daemon"
    
    # Short name of this saslauthd instance. Strongly recommended.
    # (suggestion: saslauthd)
    NAME="saslauthd"
    
    # Which authentication mechanisms should saslauthd use? (default: pam)
    #
    # Available options in this Debian package:
    # getpwent  -- use the getpwent() library function
    # kerberos5 -- use Kerberos 5
    # pam       -- use PAM
    # rimap     -- use a remote IMAP server
    # shadow    -- use the local shadow password file
    # sasldb    -- use the local sasldb database file
    # ldap      -- use LDAP (configuration is in /etc/saslauthd.conf)
    #
    # Only one option may be used at a time. See the saslauthd man page
    # for more information.
    #
    # Example: MECHANISMS="pam"
    MECHANISMS="pam"
    
    # Additional options for this mechanism. (default: none)
    # See the saslauthd man page for information about mech-specific options.
    MECH_OPTIONS=""
    
    # How many saslauthd processes should we run? (default: 5)
    # A value of 0 will fork a new process for each connection.
    THREADS=5
    
    # Other options (default: -c -m /var/run/saslauthd)
    # Note: You MUST specify the -m option or saslauthd won't run!
    #
    # WARNING: DO NOT SPECIFY THE -d OPTION.
    # The -d option will cause saslauthd to run in the foreground instead of as
    # a daemon. This will PREVENT YOUR SYSTEM FROM BOOTING PROPERLY. If you wish
    # to run saslauthd in debug mode, please run it by hand to be safe.
    #
    # See /usr/share/doc/sasl2-bin/README.Debian for Debian-specific information.
    # See the saslauthd man page and the output of 'saslauthd -h' for general
    # information about these options.
    #
    # Example for postfix users: "-c -m /var/spool/postfix/var/run/saslauthd"
    OPTIONS="-c -m /var/spool/postfix/var/run/saslauthd -r"
    SMTP
    Code:
    auth    required   pam_mysql.so user=mail_admin passwd=secret host=127.0.0.1 db=mail table=users usercolumn=email passwdcolumn=password crypt=1
    account sufficient pam_mysql.so user=mail_admin passwd=secret host=127.0.0.1 db=mail table=users usercolumn=email passwdcolumn=password crypt=1
    
    SMTPD.CONF
    Code:
    pwcheck_method: saslauthd
    mech_list: plain login
    allow_plaintext: true
    auxprop_plugin: mysql
    sql_hostnames: 127.0.0.1
    sql_user: mail_admin
    sql_passwd: secret
    sql_database: mail
    sql_select: select password from users where email = '%u'
    Obviously i replaced password, domain etc with correct values (I changed those values in this post for some kind of privacy :D:D)
    Hope someone can help me

    Best Regards
     
  2. till

    till Super Moderator Staff Member ISPConfig Developer

    Check the smtp settings in thunderbird and make sure that the username is the full email address. There is a bug in thunderbird that removes the part after the @ sign when you create the account.
     
  3. Mr.Click

    Mr.Click New Member

    The SMTP settings in Thunderbird are correct:

    Server name: mydomain.com
    Post: 465
    Security: SSL/TLS
    Auth: Normal password
    Username daniele@mydomain.com

    So yes I'm using the entire Email address as username. The problem appear also using other Email clients (I tried with iPhone, Mail on OSX Snow Leopard, Outlook)

    I really can't understand where is the problem. :(:(:(:(
    Other suggestions?
     
  4. karalitani

    karalitani New Member

    i have the same problem...

    I have the same issue, i cant send email!

    If you want me to post my file info i can too.

    If i get it to work i will let you know how i did it here.
     
  5. karalitani

    karalitani New Member

    submission port

    ok so i remembered i have to enable the submission port,
    but i am still cant send an email with Thunderbird.
    what am i doing wrong?

    i commented out the first line and un-commented the submission,
    did you try this, does it work if you do this?


    vi /etc/postfix/master.cf


    #smtp inet n - - - - smtpd
    submission inet n - - - - smtpd


    postfix reload
     
  6. karalitani

    karalitani New Member

    i added 587 to ispc3 firewall

    i also added 587 to ispc3 firewall,
    still doesnt work
     
  7. karalitani

    karalitani New Member

    i got it all to work

    i got it all to work,

    will post a tutorial this week and link it to this post
     

Share This Page