View previous topic :: View next topic |
Author |
Message |
fincoop Tux's lil' helper
Joined: 02 Feb 2004 Posts: 143
|
Posted: Sat Mar 26, 2016 3:56 am Post subject: Postfix + SASL suddenly broke [Fixed] |
|
|
Apologies if this is the wrong list...
I think what happened was I updated a bunch of packages, didn't fully restart until later and now my mail server is broken. My previously working configuration didn't work anymore. So, I managed to rebuild it to the point that I am able to receive mail for the two domains that I host. However, I cannot send mail out. Postfix keeps telling me authentication error. I want authentication to be required when relaying to other domains. I'm using Cyrus SASL and I can use testsaslauth successfully. I've googled and tried lots of stuff, so I am hoping one of you can shed light on this.
main.cf | grep sasl
Code: | broken_sasl_auth_clients = yes
cyrus_sasl_config_path = /etc/sasl2/smtpd.conf
proxy_write_maps = $smtp_sasl_auth_cache_name $lmtp_sasl_auth_cache_name
send_cyrus_sasl_authzid = no
smtp_sasl_auth_cache_name =
smtp_sasl_auth_cache_time = 90d
smtp_sasl_auth_enable = no
smtp_sasl_auth_soft_bounce = yes
smtp_sasl_mechanism_filter =
smtp_sasl_password_maps = hash:/etc/postfix/saslpass
smtp_sasl_path =
smtp_sasl_security_options = noanonymous
smtp_sasl_tls_security_options = $smtp_sasl_security_options
smtp_sasl_tls_verified_security_options = $smtp_sasl_tls_security_options
smtp_sasl_type = cyrus
smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination
#smtpd_relay_restrictions = permit_mynetworks, permit_sasl_authenticated, defer_unauth_destination
smtpd_sasl_auth_enable = yes
smtpd_sasl_authenticated_header = no
smtpd_sasl_exceptions_networks =
smtpd_sasl_local_domain = $myhostname
smtpd_sasl_path = smtpd
smtpd_sasl_security_options = noanonymous
smtpd_sasl_tls_security_options = $smtpd_sasl_security_options
smtpd_sasl_type = cyrus
|
first lines of master.cf
Code: | # ==========================================================================
# service type private unpriv chroot wakeup maxproc command + args
# (yes) (yes) (yes) (never) (100)
# ==========================================================================
smtp inet n - n - - smtpd
2525 inet n - n - - smtpd
#smtp inet n - n - 1 postscreen
#smtpd pass - - n - - smtpd
#dnsblog unix - - n - 0 dnsblog
#tlsproxy unix - - n - 0 tlsproxy
#submission inet n - n - - smtpd
# -o smtpd_tls_security_level=encrypt
# -o smtpd_sasl_auth_enable=yes
# -o smtpd_client_restrictions=permit_sasl_authenticated,reject
# -o milter_macro_daemon_name=ORIGINATING
#smtps inet n - n - - smtpd
# -o smtpd_tls_wrappermode=yes
# -o smtpd_sasl_auth_enable=yes
# -o smtpd_client_restrictions=permit_sasl_authenticated,reject
# -o milter_macro_daemon_name=ORIGINATING
|
/etc/sasl2/smtpd.conf
Code: | # $Header: /var/cvsroot/gentoo-x86/mail-mta/postfix/files/smtp.sasl,v 1.3 2011/05/09 12:36:20 eras Exp $
pwcheck_method: saslauthd
mech_list: plain login
log_level: 9 |
what postfix says after ehlo:
Code: | 250-PIPELINING
250-SIZE 50000000
250-VRFY
250-ETRN
250-STARTTLS
250-AUTH SCRAM-SHA-1 DIGEST-MD5 OTP CRAM-MD5 NTLM PLAIN LOGIN
250-AUTH=SCRAM-SHA-1 DIGEST-MD5 OTP CRAM-MD5 NTLM PLAIN LOGIN
250-ENHANCEDSTATUSCODES
250-8BITMIME
250 DSN |
TIA!! |
|
Back to top |
|
|
fincoop Tux's lil' helper
Joined: 02 Feb 2004 Posts: 143
|
Posted: Sat Mar 26, 2016 4:16 am Post subject: |
|
|
Greatest thing about posting your message, the solution typically comes within 10 minutes.
In my case the last thing to change was clearing this parameter:
Code: | cyrus_sasl_config_path = |
I also upgraded my postfix to the latest 3.2 release, so I'm not 100% sure which of the two changes fixed the problem, I was on 2.8.8 before.
Thanks for reading! |
|
Back to top |
|
|
|
|
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum You cannot vote in polls in this forum
|
|