From owner-freebsd-questions@FreeBSD.ORG Fri Jun 1 09:25:24 2007 Return-Path: X-Original-To: freebsd-questions@freebsd.org Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 95BF716A41F for ; Fri, 1 Jun 2007 09:25:24 +0000 (UTC) (envelope-from amarendra.godbole@gmail.com) Received: from an-out-0708.google.com (an-out-0708.google.com [209.85.132.241]) by mx1.freebsd.org (Postfix) with ESMTP id 5571613C45D for ; Fri, 1 Jun 2007 09:25:24 +0000 (UTC) (envelope-from amarendra.godbole@gmail.com) Received: by an-out-0708.google.com with SMTP id c14so190873anc for ; Fri, 01 Jun 2007 02:25:23 -0700 (PDT) DKIM-Signature: a=rsa-sha1; c=relaxed/relaxed; d=gmail.com; s=beta; h=domainkey-signature:received:received:message-id:date:from:to:subject:cc:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references; b=ZKQSBosJec7W6IKtW0TsXcE8tVX8tvVFENezHMNiQX9j3Y/0ethwDx3RRZ0w7AkOjN1nRZM1hUIyHijPCDbthuO85OgvX0Md/TpR2KCduNUan3YxvIDlYBfA1NXWAM1hdtR4/xEFbi5xKcoVvkLM+zWJDpyk5eMM/aj6a3UCXvE= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=beta; h=received:message-id:date:from:to:subject:cc:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references; b=fyw9S68llqJ0CYHc5nUZJv57qcWcnwWaPs30fTuWQx8LXIAdugTPq96HPEeJpF9ofr8k08NVhACxfl2A5rBkX7okYVN6E6ZnZEkHXJ/dUbCAwcQads9bqSsuBr/ORqq5CozTnY5rYfTrezB1NtPCWoOTus8Vl4bSpMBZyNnR0xA= Received: by 10.100.94.3 with SMTP id r3mr906321anb.1180689923628; Fri, 01 Jun 2007 02:25:23 -0700 (PDT) Received: by 10.100.92.12 with HTTP; Fri, 1 Jun 2007 02:25:23 -0700 (PDT) Message-ID: <294439d20706010225p2bfff3ebp41019dcb7b311ad2@mail.gmail.com> Date: Fri, 1 Jun 2007 14:55:23 +0530 From: "Amarendra Godbole" To: "Paul Schmehl" In-Reply-To: <4215074055BD1BFDD24D2509@utd59514.utdallas.edu> MIME-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Content-Disposition: inline References: <294439d20705310218q5a8f65c0jb6b30c6dfc9a51a7@mail.gmail.com> <4215074055BD1BFDD24D2509@utd59514.utdallas.edu> Cc: freebsd-questions@freebsd.org Subject: Re: Wierd postfix/cyrus SASL error... X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 01 Jun 2007 09:25:24 -0000 On 5/31/07, Paul Schmehl wrote: > I have a similar setup: > smtpd_sasl_auth_enable = yes > smtpd_sasl_security_options = noanonymous > smtpd_sasl_local_domain = $myhostname > smtpd_sasl_application_name = smtpd > broken_sasl_auth_clients = yes > permit_sasl_authenticated > > But I don't use a db password file. Have you tried re-running the postfix > hash utility (postmap) on the db? That's the first thing that I would try. [...] Okay, after a lot of digging around, I got the error. Somehow something messed up during the portupgrade, and postfix started negotiating GSSAPI authentication with the smtp server. Since GSSAPI needs krb (kerberos) support, which was not configured, the auth failed. Adding the following lines to main.cf solved the problem, and postfix now happily chugs along: smtp_sasl_security_options = noanonymous, noplaintext smtp_sasl_mechanism_filter = login, ntlm Now it negotiates login or ntlm with the server, and the auth works fine. Thanks for all the help. My next stop is to figure out *what* changed during portupgrade (as my postfix config files were the same as before) that created this issue. -Amarendra