Erik Paulsen Skaalerud wrote:
> The weird part: EHLO doesnt mention AUTH at all, but if I type "AUTH
> LOGIN" it responds with "334 VXNlcm5hbWU6", AUTH PLAIN and AUTH
> CRAM-MD5 also responds with similar challenges.
>
Interesting. I have the same 'issue' on my home server; AUTH is not
advertised when using Dovecot SASL. I never bothered with it because
everything just works. Rereading the SASL readme, I gather that this is
not the expected response.
[root@postal ~]# telnet localhost 587
Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'.
220 postal.lucasit.com ESMTP Postfix
EHLO localhost
250-postal.lucasit.com
250-PIPELINING
250-SIZE 10240000
250-VRFY
250-ETRN
250-STARTTLS
250-ENHANCEDSTATUSCODES
250-8BITMIME
250 DSN
QUIT
221 2.0.0 Bye
Connection closed by foreign host.
[root@postal ~]#
If it is, then no biggie. I've attached (inline) the usual requests in
case anybody would like to take a look. Maybe it is just dumb luck that
it works and I do actually have a broken config, however, AFAICT, it
works as expected. FYI, this particular box is built strictly from
source (loosely following LFS).
[root@postal ~]# postconf -n
alias_maps = hash:/etc/aliases
broken_sasl_auth_clients = yes
command_directory = /usr/sbin
config_directory = /etc/postfix
daemon_directory = /usr/lib/postfix
data_directory = /var/lib/postfix
debug_peer_level = 2
header_checks = regexp:/etc/postfix/header_checks
html_directory = /usr/share/doc/postfix-2.3.3/html
local_recipient_maps = $virtual_mailbox_maps, $alias_maps,
proxy:unix:passwd.byname
mail_owner = postfix
mailq_path = /usr/bin/mailq
manpage_directory = /usr/share/man
mydestination = $transport_maps, localhost, $myhostname,
localhost.$mydomain, $mydomain
myhostname = postal.lucasit.com
mynetworks_style = host
newaliases_path = /usr/bin/newaliases
queue_directory = /var/spool/postfix
readme_directory = /usr/share/doc/postfix-2.3.3/README
recipient_bcc_maps = ldap:vfm
relayhost = smtp.charter.net
sample_directory = /etc/postfix
sendmail_path = /usr/sbin/sendmail
setgid_group = postdrop
smtp_sasl_auth_enable = yes
smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd
smtp_sasl_security_options =
smtpd_recipient_restrictions = reject_non_fqdn_sender,
reject_unknown_recipient_domain, reject_unauth_pipelining,
reject_non_fqdn_recipient, permit_mynetworks,
permit_sasl_authenticated, reject_unauth_destination,
reject_rbl_client zen.spamhaus.org, check_policy_service
unix:postgrey/socket, regexp:/etc/postfix/envelope.regex, permit
smtpd_sasl_auth_enable = yes
smtpd_sasl_path = private/auth
smtpd_sasl_type = dovecot
smtpd_sender_login_maps = ldap:accounts, proxy:unix:passwd.byname
smtpd_sender_restrictions = permit_mynetworks, check_sender_access
hash:/etc/postfix/blacklist, check_client_access
hash:/etc/postfix/hosts_bypass,
reject_unauthenticated_sender_login_mismatch, permit
smtpd_tls_CApath = /etc/postfix/cacerts
smtpd_tls_auth_only = yes
smtpd_tls_cert_file = /etc/postfix/certs/mail.lucasit.com.crt
smtpd_tls_key_file = /etc/postfix/certs/mail.lucasit.com.key
smtpd_tls_loglevel = 0
smtpd_tls_received_header = yes
smtpd_tls_security_level = may
smtpd_tls_session_cache_database = hash:/var/lib/postfix/smtpd_tls_cache
smtpd_tls_session_cache_timeout = 3600s
tls_random_source = dev:/dev/urandom
transport_maps = hash:/etc/postfix/transport, ldap:transport
unknown_local_recipient_reject_code = 550
virtual_alias_maps = ldap:virtualforward, ldap:aliases,
ldap:accountsmap
virtual_gid_maps = static:35
virtual_mailbox_base = /srv/vmail/domains
virtual_mailbox_maps = ldap:accounts
virtual_minimum_uid = 35
virtual_uid_maps = static:35
[root@postal ~]#
[root@postal ~]# grep "^[^#]" /etc/postfix/master.cf
smtp inet n - - - - smtpd
submission inet n - - - - smtpd
pickup fifo n - - 60 1 pickup
cleanup unix n - - - 0 cleanup
qmgr fifo n - - 300 1 qmgr
tlsmgr unix - - - 1000? 1 tlsmgr
rewrite unix - - - - - trivial-rewrite
bounce unix - - - - 0 bounce
defer unix - - - - 0 bounce
trace unix - - - - 0 bounce
verify unix - - - - 1 verify
flush unix n - - 1000? 0 flush
proxymap unix - - n - - proxymap
proxywrite unix - - n - 1 proxymap
smtp unix - - - - - smtp
relay unix - - - - - smtp
-o smtp_fallback_relay=
showq unix n - - - - showq
error unix - - - - - error
retry unix - - - - - error
discard unix - - - - - discard
local unix - n n - - local
virtual unix - n n - - virtual
lmtp unix - - - - - lmtp
anvil unix - - - - 1 anvil
scache unix - - - - 1 scache
<SNIP the extras for spam/virus filter, though I can post if needs be>
And a slightly modified log snippet sending myself a test message outbound.
Sep 6 00:04:31 postal postfix/smtpd[17675]: 0328681E08B:
client=unknown[192.168.143.229], sasl_method=PLAIN,
sasl_username=dj[_ATSYMBOL_]lucasit.com
Sep 6 00:04:31 postal postfix/cleanup[17678]: 0328681E08B: hold: header
Received: from [192.168.143.229] (unknown [192.168.143.229])??(using
TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits))??(No client
certificate requested)??by postal.lucasit.com (Postfix) with ESMTP from
unknown[192.168.143.229]; from=<dj[_ATSYMBOL_]lucasit.com>
to=<dj[_ATSYMBOL_]linuxfromscratch.org> proto=ESMTP helo=<[192.168.143.229]>
Sep 6 00:04:31 postal postfix/cleanup[17678]: 0328681E08B:
message-id=<
[hidden email]>
Sep 6 00:04:31 postal postfix/smtpd[17675]: disconnect from
unknown[192.168.143.229]
While I don't have failure logs handy right now, bad password or no auth
does fail. If you'd like me to validate that statement, I'll be more
than happy to tomorrow day when I have a bit more time. I'm off, but
I'm always open to other suggestions on that config.
Thanks.
-- DJ Lucas
--
This message has been scanned for viruses and
dangerous content, and is believed to be clean.
Locked
