Help with SMTP AUTH

Drew Tomlinson drew at mykitchentable.net
Sat Mar 15 23:48:52 UTC 2014 

On 3/15/2014 11:30 AM, Charles Swiger wrote:
> Hi--
>
> On Mar 15, 2014, at 11:10 AM, Drew Tomlinson <drew at mykitchentable.net> wrote:
>> I'm wondering if Postfix is even attempting to query saslauthd.  I'm not sure how to tell.  Should I see something in my maillog?  This is all I see in my log when testing:
>>
>> Mar 15 10:56:38 blacklamb postfix/smtpd[85529]: connect from unknown[X.X.X.X]
>> Mar 15 10:56:39 blacklamb postfix/smtpd[85529]: Anonymous TLS connection established from unknown[X.X.X.X]: TLSv1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits)
>> Mar 15 10:56:39 blacklamb postfix/smtpd[85529]: NOQUEUE: reject: RCPT from unkno
>> wn[X.X.X.X]: 454 4.7.1 <drew.tomlinson@<removed>.com>: Relay access denied; from=<drew at mykitchentable.net> to=<drew.tomlinson@<removed>.com> proto=ESMTP helo=<[127.0.0.1]>
>>
>> Any help on where to begin to solve this would be appreciated.
> The log messages imply that the client didn't try to perform SMTP AUTH before trying to send the message.
> Or you've obfuscated the logs to an extent such that the issue can't be debugged reliably, take your pick.
Thank you for your reply.  I did not obfuscate the logs beyond email and 
IP addresses.  That was the entire session between a test client and 
postfix so I pick the former. :)

Another poster suggested my master.cf contain:

   -o smtpd_sasl_auth_enable=yes

This was commented out.  Since enabling, it appears postfix now offers 
SMTP_AUTH:

Mar 15 16:38:40 blacklamb postfix/smtpd[86502]: connect from 
unknown[x.x.x.x]
Mar 15 16:38:41 blacklamb postfix/smtpd[86502]: Anonymous TLS connection 
established from unknown[x.x.x.x]: TLSv1 with cipher 
ECDHE-RSA-AES256-SHA (256/256 bits)
Mar 15 16:38:41 blacklamb postfix/smtpd[86502]: warning: SASL 
authentication failure: no user in db
Mar 15 16:38:41 blacklamb postfix/smtpd[86502]: warning: SASL 
authentication failure: no user in db
Mar 15 16:38:41 blacklamb postfix/smtpd[86502]: warning: SASL 
authentication failure: Password verification failed
Mar 15 16:38:41 blacklamb postfix/smtpd[86502]: warning: 
unknown[x.x.x.x]: SASL PLAIN authentication failed: authentication failure
Mar 15 16:38:41 blacklamb postfix/smtpd[86502]: warning: SASL 
authentication failure: no user in db
Mar 15 16:38:41 blacklamb postfix/smtpd[86502]: warning: SASL 
authentication failure: no user in db
Mar 15 16:38:41 blacklamb postfix/smtpd[86502]: warning: 
unknown[x.x.x.x]: SASL LOGIN authentication failed: authentication failure
Mar 15 16:38:44 blacklamb postfix/smtpd[86502]: disconnect from 
unknown[x.x.x.x]

So now I'm wondering if postfix is trying to authenticate directly and 
bypassing saslauthd?  I'm trying to use saslauthd to use the system 
logins via PAM.  My smtpd.conf file contains:

  # cat /usr/local/lib/sasl2/smtpd.conf
pwcheck_method: saslauthd
mech_list: PLAIN LOGIN
log_level: 9

These are all the lines that contain "*sasl*" in my config :

  # grep sasl main.cf
smtp_sasl_auth_enable = yes
smtp_sasl_security_options = noanonymous
smtpd_sasl_path = /usr/local/lib/sasl2/smtpd
smtp_sasl_password_maps = hash:/usr/local/etc/postfix/sasl_passwd
smtp_sasl_mechanism_filter = !CRAM-MD5,!DIGEST-MD5, static:all
smtp_sasl_type = cyrus
smtpd_sasl_local_domain =
broken_sasl_auth_clients = yes
smtpd_recipient_restrictions =
    permit_sasl_authenticated,

Thanks,

Drew

-- 
Like card tricks?

Visit The Alchemist's Warehouse to
learn card magic secrets for free!

http://alchemistswarehouse.com

More information about the freebsd-questions mailing list