postfix-users October 2010 archive
Main Archive Page > Month Archives  > postfix-users archives
postfix-users: Re: SMTPD AUTH broke ... ?

Re: SMTPD AUTH broke ... ?

From: Matt Hayes <dominian_at_nospam>
Date: Mon Oct 04 2010 - 02:03:05 GMT
To: postfix-users@postfix.org

On 10/03/2010 09:58 PM, Nicholas Sideris wrote:
>
> On Oct 4, 2010, at 4:39 AM, Matt Hayes wrote:
>
>> On 10/03/2010 09:32 PM, Nicholas Sideris wrote:
>>> Hello,
>>>
>>> I have the following trouble with enabling the smtpd auth for postfix ...
>>>
>>> First of all I am using Dovecot 1.2.x and I have enabled everything
>>> according to the available on-line HOW TOs. Everything seems fine to me
>>> and the appropriate socket is created under private/auth so there's no
>>> problem there.
>>>
>>> Now I had modified main.cf to enable SMTP AUTH as follows (I do also
>>> include a few lines of other config, because I think it may be useful
>>> for you):
>>>
>>> html_directory = /server/html/postfix
>>> manpage_directory = /server/man
>>> sample_directory = /server/etc/postfix
>>> readme_directory = /server/readme/postfix
>>> data_directory = /var/lib/postfix
>>>
>>>
>>> virtual_mailbox_maps = mysql:/server/etc/postfix/virtual.sql
>>> virtual_mailbox_base = /
>>> virtual_minimum_uid = 1500
>>> virtual_uid_maps = mysql:/server/etc/postfix/uids.sql
>>> virtual_gid_maps = mysql:/server/etc/postfix/gids.sql
>>> virtual_mailbox_limit_maps = mysql:/server/etc/postfix/quota.sql
>>> content_filter = avscan:[127.0.0.1]:10025
>>>
>>> smtpd_sasl_type = dovecot
>>> smtpd_sasl_path = private/auth
>>> smtpd_sasl_auth_enable = yes
>>> #broken_sasl_auth_clients = yes
>>> smtpd_sasl_security_options = noanonymous
>>>
>>>
>>> smtpd_recipient_restrictions =
>>> permit_mynetworks
>>> permit_sasl_authenticated
>>> reject_unauth_destination
>>>
>>>
>>> Now when I am trying to test if it works, I get this
>>>
>>> telnet> open xxxxx.xxxxxx.xxx 25
>>> Trying 127.0.0.1...
>>> Connected to localbase.
>>> Escape character is '^]'.
>>> 220 eurovision.oikotimes.net <http://eurovision.oikotimes.net>
>>> <http://eurovision.oikotimes.net> ESMTP Postfix
>>> EHLO client.test.gr <http://client.test.gr> <http://client.test.gr>
>>> 250-xxxxx.xxxxxx.xxx
>>> 250-PIPELINING
>>> 250-SIZE 10240000
>>> 250-VRFY
>>> 250-ETRN
>>> 250-ENHANCEDSTATUSCODES
>>> 250-8BITMIME
>>> 250 DSN
>>> AUTH PLAIN ncjdskl=
>>> 502 5.5.2 Error: command not recognized
>>> AUTH PLAIN bchjdbckjdsc=
>>> 502 5.5.2 Error: command not recognized
>>>
>>> So actually there's no SMTP authentication available.
>>> Any ideas of what I need to check?
>>>
>>> PS: My server is custom compiled using this command ...
>>>
>>> make AUXLIBS='-L/server/lib/mysql -lmysqlclient -lz -lm -lpcre'
>>> CCARGS='-DDEF_CONFIG_DIR=\"/server/etc/postfix\"
>>> -DDEF_COMMAND_DIR=\"/server/sbin\"
>>> -DDEF_DAEMON_DIR=\"/server/libexec/postfix\"
>>> -DDEF_MAILQ_PATH=\"/usr/bin/mailq\"
>>> -DDEF_HTML_DIR=\"/server/html/postfix\"
>>> -DDEF_MANPAGE_DIR=\"/server/man\"
>>> -DDEF_NEWALIAS_PATH=\"/usr/bin/newaliases\"
>>> -DDEF_README_DIR=\"/server/readme/postfix\"
>>> -DDEF_SENDMAIL_PATH=\"/usr/sbin/sendmail\" -DHAS_MYSQL
>>> -I/server/include/mysql -DHAS_PCRE -DUSE_SASL_AUTH
>>> -DDEF_SERVER_SASL_TYPE=\"dovecot\"' OPT='-O' DEBUG='-g'
>>>
>>> PS2: Obtaining mail works as it should ... everything is ok.
>>>
>>
>>
>> You might want to look at using smtpd_sasl_auth_enable for your smtpd
>> listener.
>>
>> I'd suggest using submisstion port 587 as well for your authenticated
>> clients.
>>
>> -Matt
>
> Still I get the same message. Well I had opened port 587 and tried it as
> well. Here's my master.cf, could be the antivirus I mean {avscan] the
> real problem? From the other hand the server doesn;t even recognize the
> command ...
>
> #
> # Postfix master process configuration file. For details on the format
> # of the file, see the master(5) manual page (command: "man 5 master").
> #
> # ==========================================================================
> # service type private unpriv chroot wakeup maxproc command + args
> # (yes) (yes) (yes) (never) (100)
> # ==========================================================================
> postspam unix - n n - - pipe
> flags=Rq user=spamdu argv=/server/bin/postspam -f ${sender} -- ${recipient}
> #policy unix - n n - - spawn
> # user=nobody argv=/usr/bin/perl /inertia/mailserver/bin/greylist.pl -v
> smtp inet n - n - - smtpd
> -o content_filter=postspam:dummy
> submission inet n - n - - smtpd
> -o smtpd_enforce_tls=no
> -o smtpd_sasl_auth_enable=yes
> -o smtpd_client_restrictions=permit_sasl_authenticated,reject
> #smtps inet n - n - - smtpd
> # -o smtpd_tls_wrappermode=yes
> # -o smtpd_sasl_auth_enable=yes
> # -o smtpd_client_restrictions=permit_sasl_authenticated,reject
> #628 inet n - n - - qmqpd
> pickup fifo n - n 60 1 pickup
> cleanup unix n - n - 0 cleanup
> qmgr fifo n - n 300 1 qmgr
> #qmgr fifo n - n 300 1 oqmgr
> tlsmgr unix - - n 1000? 1 tlsmgr
> rewrite unix - - n - - trivial-rewrite
> bounce unix - - n - 0 bounce
> defer unix - - n - 0 bounce
> trace unix - - n - 0 bounce
> verify unix - - n - 1 verify
> flush unix n - n 1000? 0 flush
> proxymap unix - - n - - proxymap
> smtp unix - - n - - smtp
> # When relaying mail as backup MX, disable fallback_relay to avoid MX loops
> relay unix - - n - - smtp
> -o fallback_relay=
> # -o smtp_helo_timeout=5 -o smtp_connect_timeout=5
> showq unix n - n - - showq
> error unix - - n - - error
> retry unix - - n - - error
> discard unix - - n - - discard
> local unix - n n - - local
> virtual unix - n n - - virtual
> lmtp unix - - n - - lmtp
> anvil unix - - n - 1 anvil
> scache unix - - n - 1 scache
> #
> # ====================================================================
> # Interfaces to non-Postfix software. Be sure to examine the manual
> # pages of the non-Postfix software to find out what options it wants.
> #
> # Many of the following services use the Postfix pipe(8) delivery
> # agent. See the pipe(8) man page for information about ${recipient}
> # and other message envelope options.
> # ====================================================================
> #
> # maildrop. See the Postfix MAILDROP_README file for details.
> # Also specify in main.cf: maildrop_destination_recipient_limit=1
> #
> #maildrop unix - n n - - pipe
> # flags=DRhu user=vmail argv=/server/bin/maildrop -d ${recipient}
> #
> # ====================================================================
> #
> # The Cyrus deliver program has changed incompatibly, multiple times.
> #
> #old-cyrus unix - n n - - pipe
> # flags=R user=cyrus argv=/cyrus/bin/deliver -e -m ${extension} ${user}
> #
> # ====================================================================
> #
> # Cyrus 2.1.5 (Amos Gouaux)
> # Also specify in main.cf: cyrus_destination_recipient_limit=1
> #
> #cyrus unix - n n - - pipe
> # user=cyrus argv=/cyrus/bin/deliver -e -r ${sender} -m ${extension} ${user}
> #
> # ====================================================================
> #
> # See the Postfix UUCP_README file for configuration details.
> #
> #uucp unix - n n - - pipe
> # flags=Fqhu user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail
> ($recipient)
> #
> # ====================================================================
> #
> # Other external delivery methods.
> #
> #ifmail unix - n n - - pipe
> # flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient)
> #
> #bsmtp unix - n n - - pipe
> # flags=Fq. user=bsmtp argv=/usr/local/sbin/bsmtp -f $sender $nexthop
> $recipient
> #
> #scalemail-backend unix - n n - 2 pipe
> # flags=R user=scalemail argv=/usr/lib/scalemail/bin/scalemail-store
> # ${nexthop} ${user} ${extension}
> #
> #mailman unix - n n - - pipe
> # flags=FR user=list argv=/usr/lib/mailman/bin/postfix-to-mailman.py
> # ${nexthop} ${user}
>
> # ==========================================================================
> # service type private unpriv chroot wakeup maxproc command + args
> # (yes) (yes) (yes) (never) (100)
> # ==========================================================================
>
> avscan unix - - n - 16 smtp
> -o smtp_send_xforward_command=yes
> -o smtp_enforce_tls=no
> 127.0.0.1:10026 inet n - n - 16 smtpd
> -o content_filter=
> -o
> receive_override_options=no_unknown_recipient_checks,no_header_body_checks
> -o smtpd_helo_restrictions=
> -o smtpd_client_restrictions=
> -o smtpd_sender_restrictions=
> -o
> smtpd_recipient_restrictions=permit_mynetworks,permit_sasl_authenticated,reject
> -o mynetworks_style=host
> -o smtpd_authorized_xforward_hosts=127.0.0.0/8
>
> proxywrite unix - - n - 1 proxymap
>
>

Do you have logs of the transaction when trying to send outbound through
port 587 using authentication?

-Matt