Date: Sat, 15 Mar 2014 16:47:41 -0700 From: Drew Tomlinson <drew@mykitchentable.net> To: Charles Swiger <cswiger@mac.com> Cc: FreeBSD - <freebsd-questions@FreeBSD.org> Subject: Re: Help with SMTP AUTH Message-ID: <BLU0-SMTP2736CDA2133102F8B42D129B3730@phx.gbl> In-Reply-To: <AB784515-ADD7-4C63-B5BC-6C108AA090D8@mac.com> References: <BLU0-SMTP4079D728856FBE24B0A93C9B3730@phx.gbl> <AB784515-ADD7-4C63-B5BC-6C108AA090D8@mac.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On 3/15/2014 11:30 AM, Charles Swiger wrote:
> Hi--
>
> On Mar 15, 2014, at 11:10 AM, Drew Tomlinson <drew@mykitchentable.net> wrote:
>> I'm wondering if Postfix is even attempting to query saslauthd. I'm not sure how to tell. Should I see something in my maillog? This is all I see in my log when testing:
>>
>> Mar 15 10:56:38 blacklamb postfix/smtpd[85529]: connect from unknown[X.X.X.X]
>> Mar 15 10:56:39 blacklamb postfix/smtpd[85529]: Anonymous TLS connection established from unknown[X.X.X.X]: TLSv1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits)
>> Mar 15 10:56:39 blacklamb postfix/smtpd[85529]: NOQUEUE: reject: RCPT from unkno
>> wn[X.X.X.X]: 454 4.7.1 <drew.tomlinson@<removed>.com>: Relay access denied; from=<drew@mykitchentable.net> to=<drew.tomlinson@<removed>.com> proto=ESMTP helo=<[127.0.0.1]>
>>
>> Any help on where to begin to solve this would be appreciated.
> The log messages imply that the client didn't try to perform SMTP AUTH before trying to send the message.
> Or you've obfuscated the logs to an extent such that the issue can't be debugged reliably, take your pick.
Thank you for your reply. I did not obfuscate the logs beyond email and
IP addresses. That was the entire session between a test client and
postfix so I pick the former. :)
Another poster suggested my master.cf contain:
-o smtpd_sasl_auth_enable=yes
This was commented out. Since enabling, it appears postfix now offers
SMTP_AUTH:
Mar 15 16:38:40 blacklamb postfix/smtpd[86502]: connect from
unknown[x.x.x.x]
Mar 15 16:38:41 blacklamb postfix/smtpd[86502]: Anonymous TLS connection
established from unknown[x.x.x.x]: TLSv1 with cipher
ECDHE-RSA-AES256-SHA (256/256 bits)
Mar 15 16:38:41 blacklamb postfix/smtpd[86502]: warning: SASL
authentication failure: no user in db
Mar 15 16:38:41 blacklamb postfix/smtpd[86502]: warning: SASL
authentication failure: no user in db
Mar 15 16:38:41 blacklamb postfix/smtpd[86502]: warning: SASL
authentication failure: Password verification failed
Mar 15 16:38:41 blacklamb postfix/smtpd[86502]: warning:
unknown[x.x.x.x]: SASL PLAIN authentication failed: authentication failure
Mar 15 16:38:41 blacklamb postfix/smtpd[86502]: warning: SASL
authentication failure: no user in db
Mar 15 16:38:41 blacklamb postfix/smtpd[86502]: warning: SASL
authentication failure: no user in db
Mar 15 16:38:41 blacklamb postfix/smtpd[86502]: warning:
unknown[x.x.x.x]: SASL LOGIN authentication failed: authentication failure
Mar 15 16:38:44 blacklamb postfix/smtpd[86502]: disconnect from
unknown[x.x.x.x]
So now I'm wondering if postfix is trying to authenticate directly and
bypassing saslauthd? I'm trying to use saslauthd to use the system
logins via PAM. My smtpd.conf file contains:
# cat /usr/local/lib/sasl2/smtpd.conf
pwcheck_method: saslauthd
mech_list: PLAIN LOGIN
log_level: 9
These are all the lines that contain "*sasl*" in my config :
# grep sasl main.cf
smtp_sasl_auth_enable = yes
smtp_sasl_security_options = noanonymous
smtpd_sasl_path = /usr/local/lib/sasl2/smtpd
smtp_sasl_password_maps = hash:/usr/local/etc/postfix/sasl_passwd
smtp_sasl_mechanism_filter = !CRAM-MD5,!DIGEST-MD5, static:all
smtp_sasl_type = cyrus
smtpd_sasl_local_domain =
broken_sasl_auth_clients = yes
smtpd_recipient_restrictions =
permit_sasl_authenticated,
Thanks,
Drew
--
Like card tricks?
Visit The Alchemist's Warehouse to
learn card magic secrets for free!
http://alchemistswarehouse.com
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?BLU0-SMTP2736CDA2133102F8B42D129B3730>