Sandy Drobic wrote:
[snip]
smtpd_sasl_application_name = smtpd smtpd_sasl_auth_enable = no
Unless you "yes" here, Postfix will not offer the option to authenticate.
Set to 'YES', then postfix failed to end this mail (workstation running thunderbird) so I set it back to 'NO' for now as it raises other issues!
Set back to 'YES' last night, about 01:30 and lost all emails until I checked the logs about 09:00 this morning. Error message was:
'Jun 27 09:35:00 General postfix/smtpd[29907]: fatal: no SASL authentication mechanisms' Set it back to 'NO' and was deluged!
Little question has smtp auth ever worked for you before or is this your first try?
I'm not sure that it has; I tried this last year (Thread '[SLE] at wits end with postfix & SASL') and thought I'd gotten it sorted but when I was abroad recently, it still failed, so obviously, I hadn't.
If you enable smtpd_auth and restart the server, do you see any warnings in your maillog?
Nothing specific; I've written a script which allows me to look at the last n lines of all four log files and I've attached the results from this test for inspection. You can see that I tried this at 12:43:41!
smtpd_sasl_local_domain = smtpd_sasl_security_options = noanonymous, noplaintext smtpd_sasl_tls_security_options = noanonymous
Now it gets a little tricky. The options themselves are reasonable, provided your server can offer auth mechanism other than PLAIN and LOGIN.
To see what your server can offer please post the output of "ls -l /usr/lib/sasl2" and the content of /usr/lib/sasl2/smtpd.conf.
Attached
If you are using Cyrus as Imapserver and saslauthd for authentication, you are out of luck. Saslauthd only supports plaintext mechanisms (PLAIN and LOGIN).
Am I trying to flog the proverbial dead horse in getting my phone to be allowed to use my postfix server, then?
No, you still have some hope left. (^-^)
Your phone supports SSL or at least TLS. That means you can use plaintext mechs like PLAIN or LOGIN if you encrypt the connection.
------------------------------------------------------------------------
pwcheck_method: saslauthd log_level: 3 mech_list: PLAIN LOGIN
Okay, you NEED either SSL or TLS, otherwise your passwords are transmitted over the wire as clear text (only binhex64 encoded but not encrypted).
The neccessary Cyrus libraries are installed. Please for test purposes, enable smtp auth without encryption and check that the server now offers AUTH:
postconf -e "smtpd_tls_auth_only = no" postconf -e "smtpd_enable_sasl_auth = yes" postfix reload
Then check at the console of your server:
telnet localhost 25
ehlo localhost
Now you should see the capabilities of your server. One of the lines should start with "250-AUTH PLAIN LOGIN"
With smtpd_sasl_auth_enable set 'YES' , all I see is: General:/etc/postfix # telnet localhost 25 ehlo localhost Trying 127.0.0.1... Connected to localhost. Escape character is '^]'. Connection closed by foreign host. General:/etc/postfix Set this parameter to 'NO' and I see: General:/etc/postfix # telnet localhost 25 Trying 127.0.0.1... Connected to localhost. Escape character is '^]'. 220 General.DMJ-Consultancy.local ESMTP Postfix ehlo localhost 250-General.DMJ-Consultancy.local 250-PIPELINING 250-SIZE 10240000 250-VRFY 250-ETRN 250-STARTTLS 250 8BITMIME quit 221 Bye Connection closed by foreign host. General:/etc/postfix # Now, since I've seen the two lines: 250-AUTH LOGIN PLAIN 250-AUTH=LOGIN PLAIN before, something has been changed in my attempt to get this sorted. Could be the starttls line? Mail Jun 27 12:41:23 General postfix/qmgr[29923]: E2AE31D5A7: removed Jun 27 12:41:23 General postfix/smtpd[30260]: disconnect from sc157.sjc.collab.net[204.16.104.146] Jun 27 12:43:31 General postfix/postfix-script: refreshing the Postfix mail system Jun 27 12:43:31 General postfix/anvil[30262]: statistics: max connection rate 1/60s for (smtp:204.16.104.146) at Jun 27 12:41:22 Jun 27 12:43:31 General postfix/anvil[30262]: statistics: max connection count 1 for (smtp:204.16.104.146) at Jun 27 12:41:22 Jun 27 12:43:31 General postfix/anvil[30262]: statistics: max cache size 1 at Jun 27 12:41:22 ------------ Mail.err Jun 27 09:35:00 General postfix/smtpd[29912]: fatal: no SASL authentication mechanisms ------------ Mail.warn Jun 27 12:06:13 General postfix/smtpd[30195]: warning: 125.235.64.36: hostname 125.235.64.36.adsl.viettel.vn verification failed: Name or service not known ------------ Mail.info Jun 27 12:41:23 General postfix/qmgr[29923]: E2AE31D5A7: removed Jun 27 12:41:23 General postfix/smtpd[30260]: disconnect from sc157.sjc.collab.net[204.16.104.146] Jun 27 12:43:31 General postfix/postfix-script: refreshing the Postfix mail system Jun 27 12:43:31 General postfix/anvil[30262]: statistics: max connection rate 1/60s for (smtp:204.16.104.146) at Jun 27 12:41:22 Jun 27 12:43:31 General postfix/anvil[30262]: statistics: max connection count 1 for (smtp:204.16.104.146) at Jun 27 12:41:22 Jun 27 12:43:31 General postfix/anvil[30262]: statistics: max cache size 1 at Jun 27 12:41:22 ------------