Wierd postfix/cyrus SASL error...
Amarendra Godbole
amarendra.godbole at gmail.com
Fri Jun 1 09:25:24 UTC 2007
On 5/31/07, Paul Schmehl <pauls at utdallas.edu> wrote:
> I have a similar setup:
> smtpd_sasl_auth_enable = yes
> smtpd_sasl_security_options = noanonymous
> smtpd_sasl_local_domain = $myhostname
> smtpd_sasl_application_name = smtpd
> broken_sasl_auth_clients = yes
> permit_sasl_authenticated
>
> But I don't use a db password file. Have you tried re-running the postfix
> hash utility (postmap) on the db? That's the first thing that I would try.
[...]
Okay, after a lot of digging around, I got the error. Somehow
something messed up during the portupgrade, and postfix started
negotiating GSSAPI authentication with the smtp server. Since GSSAPI
needs krb (kerberos) support, which was not configured, the auth
failed. Adding the following lines to main.cf solved the problem, and
postfix now happily chugs along:
smtp_sasl_security_options = noanonymous, noplaintext
smtp_sasl_mechanism_filter = login, ntlm
Now it negotiates login or ntlm with the server, and the auth works
fine. Thanks for all the help. My next stop is to figure out *what*
changed during portupgrade (as my postfix config files were the same
as before) that created this issue.
-Amarendra
More information about the freebsd-questions
mailing list