John wrote:
Sandy Drobic wrote:
[snip]
smtpd_sasl_application_name = smtpd smtpd_sasl_auth_enable = no
Unless you "yes" here, Postfix will not offer the option to authenticate.
Set to 'YES', then postfix failed to end this mail (workstation running thunderbird) so I set it back to 'NO' for now as it raises other issues!
Set back to 'YES' last night, about 01:30 and lost all emails until I checked the logs about 09:00 this morning. Error message was:
'Jun 27 09:35:00 General postfix/smtpd[29907]: fatal: no SASL authentication mechanisms'
Uh, oh!! This looks as if you have misconfigured your Cyrus sasl configuration in some way.
Set it back to 'NO' and was deluged!
Little question has smtp auth ever worked for you before or is this your first try?
I'm not sure that it has; I tried this last year (Thread '[SLE] at wits end with postfix & SASL') and thought I'd gotten it sorted but when I was abroad recently, it still failed, so obviously, I hadn't.
In that case we should start from the beginning. You have mixed TLS and SASL parameters, but it seems as if they don't completely work. I usually start with Cyrus sasl, and if that is working reliably I add TLS and set "smtpd_tls_auth_only = yes".
If you enable smtpd_auth and restart the server, do you see any warnings in your maillog?
Nothing specific; I've written a script which allows me to look at the last n lines of all four log files and I've attached the results from this test for inspection. You can see that I tried this at 12:43:41!
I get a log excerpt every day by mail with all the log lines that are not flagged as normal. Great to track trouble before it is reported by users. Mailgraph provides also alsmost real-time stats for email flow (received, delivered, spam, virus, rejected). Additionally I recommend to use pflogsumm as a summary of you email situation.
smtpd_sasl_local_domain = smtpd_sasl_security_options = noanonymous, noplaintext smtpd_sasl_tls_security_options = noanonymous
IIRC you have forbidden plaintext mechs when the connection is not encrypted. smtpd_sasl_security_options = noanonymous, noplaintext Change that to smtpd_sasl_security_options = noanonymous "reload postfix", and then try again. You main problem is that you have activated too many TLS and AUTH parameters without confirming first that the basics work. I am almost tempted to say "let's remove all of those and then start at the beginning."
Now you should see the capabilities of your server. One of the lines should start with "250-AUTH PLAIN LOGIN"
Now, since I've seen the two lines:
250-AUTH LOGIN PLAIN 250-AUTH=LOGIN PLAIN
before, something has been changed in my attempt to get this sorted. Could be the starttls line?
Not exactly. Rather it was the "smtpd_tls_auth_only = yes". As a consequence you can only authenticate if you first encrypt the connection using starttls.
------------------------------------------------------------------------
Mail Jun 27 12:41:23 General postfix/qmgr[29923]: E2AE31D5A7: removed Jun 27 12:41:23 General postfix/smtpd[30260]: disconnect from sc157.sjc.collab.net[204.16.104.146] Jun 27 12:43:31 General postfix/postfix-script: refreshing the Postfix mail system Jun 27 12:43:31 General postfix/anvil[30262]: statistics: max connection rate 1/60s for (smtp:204.16.104.146) at Jun 27 12:41:22 Jun 27 12:43:31 General postfix/anvil[30262]: statistics: max connection count 1 for (smtp:204.16.104.146) at Jun 27 12:41:22 Jun 27 12:43:31 General postfix/anvil[30262]: statistics: max cache size 1 at Jun 27 12:41:22
Business as usual, looks fine.
------------
Mail.err Jun 27 09:35:00 General postfix/smtpd[29912]: fatal: no SASL authentication mechanisms
"Fatal error" means the system can't work due to a serious misconfiguration.
------------
Mail.warn Jun 27 12:06:13 General postfix/smtpd[30195]: warning: 125.235.64.36: hostname 125.235.64.36.adsl.viettel.vn verification failed: Name or service not known
Harmless, a spam zombi does not have a matching reverse dns record. That happens a lot. I get dozens and hundreds of these dns errors every day. This is only informational logging. -- Sandy List replies only please! Please address PMs to: news-reply2 (@) japantest (.) homelinux (.) com -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org