Postfix not sending Auth command

classic Classic list List threaded Threaded
25 messages Options
12
Reply | Threaded
Open this post in threaded view
|

Postfix not sending Auth command

shalams
I am running postfix on two Centos boxes.  The main difference in the 2 boxes is they are running off two different ISPs.

Basically i have postfix acting as a relay and it needs to be authorized on the server it is relaying to.  Some reason Postfix will not send the Auth steps on only one of the machines.  Here is a snip of the log on one of the emails:

Jun 24 20:18:12 firewall postfix/smtpd[10918]: connect from unknown[10.110.0.114]
Jun 24 20:18:12 firewall postfix/smtpd[10918]: B36488AA83: client=unknown[10.110.0.114]
Jun 24 20:18:12 firewall postfix/cleanup[10921]: B36488AA83: message-id=<20080625021812.B36488AA83@hostname>
Jun 24 20:18:16 firewall postfix/qmgr[10906]: B36488AA83: from=<Email_address>, size=460531, nrcpt=1 (queue active)
Jun 24 20:18:16 firewall postfix/smtpd[10918]: disconnect from unknown[10.110.0.114]
Jun 24 20:18:16 firewall postfix/smtp[10924]: B36488AA83: to=<shane882@gmail.com>, relay=<Host Information>, delay=4, status=bounced (host <Host_information> said: 554 5.7.1 <emailaddress>: Sender address rejected: Access denied (in reply to RCPT TO command))
Jun 24 20:18:16 firewall postfix/cleanup[10921]: BC88B8AA85: message-id=<id_email_information>
Jun 24 20:18:16 firewall postfix/qmgr[10906]: BC88B8AA85: from=<>, size=52122, nrcpt=1 (queue active)
Jun 24 20:18:16 firewall postfix/qmgr[10906]: B36488AA83: removed
Jun 24 20:18:17 firewall postfix/smtp[10924]: BC88B8AA85: to=<emailaddress>, relay=smtp.emailsrvr.com[66.216.121.100], delay=1, status=bounced (host <smtphostinformation> said: 554 5.7.1 <>: Sender address rejected: Access denied (in reply to RCPT TO command))
Jun 24 20:18:17 firewall postfix/qmgr[10906]: BC88B8AA85: removed

Here is the main.cf on both machines...remember only one of the machines is not working properly yet they have the same settings in the main.cf:

queue_directory = /var/spool/postfix
command_directory = /usr/sbin
daemon_directory = /usr/libexec/postfix
mail_owner = postfix
inet_interfaces = all
mydestination = localhost
unknown_local_recipient_reject_code = 550
alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases
home_mailbox = Maildir/
mail_spool_directory = /var/spool/mail
debug_peer_level = 2
debugger_command =
         PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin
         xxgdb $daemon_directory/$process_name $process_id & sleep 5
sendmail_path = /usr/sbin/sendmail.postfix
newaliases_path = /usr/bin/newaliases.postfix
mailq_path = /usr/bin/mailq.postfix
setgid_group = postdrop
html_directory = no
manpage_directory = /usr/share/man
sample_directory = /usr/share/doc/postfix-2.2.10/samples
readme_directory = /usr/share/doc/postfix-2.2.10/README_FILES
#uncomment the following two lines if you need authentication
smtp_sasl_auth_enable = yes
smtp_sasl_password_maps = hash:/etc/postfix/saslpass
smtp_sasl_security_options = noanonymous
smtpd_client_restrictions = permit_mynetworks, reject
smtpd_recipient_restrictions = permit_mynetworks, reject_unauth_destination
mynetworks = 127.0.0.0/8, 172.16.249.0/24, 172.16.250.0/24, 10.100.0.0/16, 10.110.0.0/16, 10.131.191.0/24
relayhost = [SMTP_Adress]


So...any suggestions?  On the machine that does not work properly I am able to do the whole telnet and auth stuff manually.  Thanks for questions, comments and suggestions :D.
Reply | Threaded
Open this post in threaded view
|

Re: Postfix not sending Auth command

Brian Evans - Postfix List
shalams wrote:

> I am running postfix on two Centos boxes.  The main difference in the 2 boxes
> is they are running off two different ISPs.
>
> Basically i have postfix acting as a relay and it needs to be authorized on
> the server it is relaying to.  Some reason Postfix will not send the Auth
> steps on only one of the machines.  Here is a snip of the log on one of the
> emails:
>
> Jun 24 20:18:12 firewall postfix/smtpd[10918]: connect from
> unknown[10.110.0.114]
> Jun 24 20:18:12 firewall postfix/smtpd[10918]: B36488AA83:
> client=unknown[10.110.0.114]
> Jun 24 20:18:12 firewall postfix/cleanup[10921]: B36488AA83:
> message-id=<20080625021812.B36488AA83@hostname>
> Jun 24 20:18:16 firewall postfix/qmgr[10906]: B36488AA83:
> from=<Email_address>, size=460531, nrcpt=1 (queue active)
> Jun 24 20:18:16 firewall postfix/smtpd[10918]: disconnect from
> unknown[10.110.0.114]
> Jun 24 20:18:16 firewall postfix/smtp[10924]: B36488AA83:
> to=<[hidden email]>, relay=<Host Information>, delay=4, status=bounced
> (host <Host_information> said: 554 5.7.1 <emailaddress>: Sender address
> rejected: Access denied (in reply to RCPT TO command))
> Jun 24 20:18:16 firewall postfix/cleanup[10921]: BC88B8AA85:
> message-id=<id_email_information>
> Jun 24 20:18:16 firewall postfix/qmgr[10906]: BC88B8AA85: from=<>,
> size=52122, nrcpt=1 (queue active)
> Jun 24 20:18:16 firewall postfix/qmgr[10906]: B36488AA83: removed
> Jun 24 20:18:17 firewall postfix/smtp[10924]: BC88B8AA85: to=<emailaddress>,
> relay=smtp.emailsrvr.com[66.216.121.100], delay=1, status=bounced (host
> <smtphostinformation> said: 554 5.7.1 <>: Sender address rejected: Access
> denied (in reply to RCPT TO command))
> Jun 24 20:18:17 firewall postfix/qmgr[10906]: BC88B8AA85: removed
>
> Here is the main.cf on both machines...remember only one of the machines is
> not working properly yet they have the same settings in the main.cf:
>
> queue_directory = /var/spool/postfix
> command_directory = /usr/sbin
> daemon_directory = /usr/libexec/postfix
> mail_owner = postfix
> inet_interfaces = all
> mydestination = localhost
> unknown_local_recipient_reject_code = 550
> alias_maps = hash:/etc/aliases
> alias_database = hash:/etc/aliases
> home_mailbox = Maildir/
> mail_spool_directory = /var/spool/mail
> debug_peer_level = 2
> debugger_command =
>          PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin
>          xxgdb $daemon_directory/$process_name $process_id & sleep 5
> sendmail_path = /usr/sbin/sendmail.postfix
> newaliases_path = /usr/bin/newaliases.postfix
> mailq_path = /usr/bin/mailq.postfix
> setgid_group = postdrop
> html_directory = no
> manpage_directory = /usr/share/man
> sample_directory = /usr/share/doc/postfix-2.2.10/samples
> readme_directory = /usr/share/doc/postfix-2.2.10/README_FILES
> #uncomment the following two lines if you need authentication
> smtp_sasl_auth_enable = yes
> smtp_sasl_password_maps = hash:/etc/postfix/saslpass
> smtp_sasl_security_options = noanonymous
> smtpd_client_restrictions = permit_mynetworks, reject
> smtpd_recipient_restrictions = permit_mynetworks, reject_unauth_destination
>  
> mynetworks = 127.0.0.0/8, 172.16.249.0/24, 172.16.250.0/24, 10.100.0.0/16,
> 10.110.0.0/16, 10.131.191.0/24
> relayhost = [SMTP_Adress]
>
>
> So...any suggestions?  On the machine that does not work properly I am able
> to do the whole telnet and auth stuff manually.  Thanks for questions,
> comments and suggestions :D.
>  
First, do not show main.cf.  Follow the instructions in
http://www.postfix.org/DEBUG_README#mail.

Second, from the machine having problems, telnet to port 25 of the relay
and say "EHLO example.com".
Does it offer AUTH?

What is the EXACT format of /etc/postfix/saslpass? (we don't care about
what the passwords are).

Brian

Reply | Threaded
Open this post in threaded view
|

Re: Postfix not sending Auth command

shalams


On Wed, Jun 25, 2008 at 10:44 AM, Brian Evans <[hidden email]> wrote:
shalams wrote:
I am running postfix on two Centos boxes.  The main difference in the 2 boxes
is they are running off two different ISPs.

Basically i have postfix acting as a relay and it needs to be authorized on
the server it is relaying to.  Some reason Postfix will not send the Auth
steps on only one of the machines.  Here is a snip of the log on one of the
emails:

Jun 24 20:18:12 firewall postfix/smtpd[10918]: connect from
unknown[10.110.0.114]
Jun 24 20:18:12 firewall postfix/smtpd[10918]: B36488AA83:
client=unknown[10.110.0.114]
Jun 24 20:18:12 firewall postfix/cleanup[10921]: B36488AA83:
message-id=<20080625021812.B36488AA83@hostname>
Jun 24 20:18:16 firewall postfix/qmgr[10906]: B36488AA83:
from=<Email_address>, size=460531, nrcpt=1 (queue active)
Jun 24 20:18:16 firewall postfix/smtpd[10918]: disconnect from
unknown[10.110.0.114]
Jun 24 20:18:16 firewall postfix/smtp[10924]: B36488AA83:
to=<[hidden email]>, relay=<Host Information>, delay=4, status=bounced
(host <Host_information> said: 554 5.7.1 <emailaddress>: Sender address
rejected: Access denied (in reply to RCPT TO command))
Jun 24 20:18:16 firewall postfix/cleanup[10921]: BC88B8AA85:
message-id=<id_email_information>
Jun 24 20:18:16 firewall postfix/qmgr[10906]: BC88B8AA85: from=<>,
size=52122, nrcpt=1 (queue active)
Jun 24 20:18:16 firewall postfix/qmgr[10906]: B36488AA83: removed
Jun 24 20:18:17 firewall postfix/smtp[10924]: BC88B8AA85: to=<emailaddress>,
relay=smtp.emailsrvr.com[66.216.121.100], delay=1, status=bounced (host
<smtphostinformation> said: 554 5.7.1 <>: Sender address rejected: Access
denied (in reply to RCPT TO command))
Jun 24 20:18:17 firewall postfix/qmgr[10906]: BC88B8AA85: removed

Here is the main.cf on both machines...remember only one of the machines is
not working properly yet they have the same settings in the main.cf:

queue_directory = /var/spool/postfix
command_directory = /usr/sbin
daemon_directory = /usr/libexec/postfix
mail_owner = postfix
inet_interfaces = all
mydestination = localhost
unknown_local_recipient_reject_code = 550
alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases
home_mailbox = Maildir/
mail_spool_directory = /var/spool/mail
debug_peer_level = 2
debugger_command =
        PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin
        xxgdb $daemon_directory/$process_name $process_id & sleep 5
sendmail_path = /usr/sbin/sendmail.postfix
newaliases_path = /usr/bin/newaliases.postfix
mailq_path = /usr/bin/mailq.postfix
setgid_group = postdrop
html_directory = no
manpage_directory = /usr/share/man
sample_directory = /usr/share/doc/postfix-2.2.10/samples
readme_directory = /usr/share/doc/postfix-2.2.10/README_FILES
#uncomment the following two lines if you need authentication
smtp_sasl_auth_enable = yes
smtp_sasl_password_maps = hash:/etc/postfix/saslpass
smtp_sasl_security_options = noanonymous
smtpd_client_restrictions = permit_mynetworks, reject
smtpd_recipient_restrictions = permit_mynetworks, reject_unauth_destination
 mynetworks = 127.0.0.0/8, 172.16.249.0/24, 172.16.250.0/24, 10.100.0.0/16,
10.110.0.0/16, 10.131.191.0/24
relayhost = [SMTP_Adress]


So...any suggestions?  On the machine that does not work properly I am able
to do the whole telnet and auth stuff manually.  Thanks for questions,
comments and suggestions :D.
 
First, do not show main.cf.  Follow the instructions in http://www.postfix.org/DEBUG_README#mail.

Sorry I just figured it would be brought up in this case.


Second, from the machine having problems, telnet to port 25 of the relay and say "EHLO example.com".
Does it offer AUTH?

Yes - 250-AUTH PLAIN LOGIN
 


What is the EXACT format of /etc/postfix/saslpass? (we don't care about what the passwords are).

<smtp server name>     [hidden email]:Password
 


Brian


Reply | Threaded
Open this post in threaded view
|

Re: Postfix not sending Auth command

Brian Evans - Postfix List
Shane L wrote:

>
>
> On Wed, Jun 25, 2008 at 10:44 AM, Brian Evans <[hidden email]
> <mailto:[hidden email]>> wrote:
>
>     shalams wrote:
>
>         I am running postfix on two Centos boxes.  The main difference
>         in the 2 boxes
>         is they are running off two different ISPs.
>
>         Basically i have postfix acting as a relay and it needs to be
>         authorized on
>         the server it is relaying to.  Some reason Postfix will not
>         send the Auth
>         steps on only one of the machines.  Here is a snip of the log
>         on one of the
>         emails:
>
>         Jun 24 20:18:12 firewall postfix/smtpd[10918]: connect from
>         unknown[10.110.0.114 <http://10.110.0.114>]
>         Jun 24 20:18:12 firewall postfix/smtpd[10918]: B36488AA83:
>         client=unknown[10.110.0.114 <http://10.110.0.114>]
>         Jun 24 20:18:12 firewall postfix/cleanup[10921]: B36488AA83:
>         message-id=<20080625021812.B36488AA83@hostname>
>         Jun 24 20:18:16 firewall postfix/qmgr[10906]: B36488AA83:
>         from=<Email_address>, size=460531, nrcpt=1 (queue active)
>         Jun 24 20:18:16 firewall postfix/smtpd[10918]: disconnect from
>         unknown[10.110.0.114 <http://10.110.0.114>]
>         Jun 24 20:18:16 firewall postfix/smtp[10924]: B36488AA83:
>         to=<[hidden email] <mailto:[hidden email]>>,
>         relay=<Host Information>, delay=4, status=bounced
>         (host <Host_information> said: 554 5.7.1 <emailaddress>:
>         Sender address
>         rejected: Access denied (in reply to RCPT TO command))
>         Jun 24 20:18:16 firewall postfix/cleanup[10921]: BC88B8AA85:
>         message-id=<id_email_information>
>         Jun 24 20:18:16 firewall postfix/qmgr[10906]: BC88B8AA85: from=<>,
>         size=52122, nrcpt=1 (queue active)
>         Jun 24 20:18:16 firewall postfix/qmgr[10906]: B36488AA83: removed
>         Jun 24 20:18:17 firewall postfix/smtp[10924]: BC88B8AA85:
>         to=<emailaddress>,
>         relay=smtp.emailsrvr.com
>         <http://smtp.emailsrvr.com>[66.216.121.100
>         <http://66.216.121.100>], delay=1, status=bounced (host
>         <smtphostinformation> said: 554 5.7.1 <>: Sender address
>         rejected: Access
>         denied (in reply to RCPT TO command))
>         Jun 24 20:18:17 firewall postfix/qmgr[10906]: BC88B8AA85: removed
>
>         Here is the main.cf <http://main.cf> on both
>         machines...remember only one of the machines is
>         not working properly yet they have the same settings in the
>         main.cf <http://main.cf>:
>
>         queue_directory = /var/spool/postfix
>         command_directory = /usr/sbin
>         daemon_directory = /usr/libexec/postfix
>         mail_owner = postfix
>         inet_interfaces = all
>         mydestination = localhost
>         unknown_local_recipient_reject_code = 550
>         alias_maps = hash:/etc/aliases
>         alias_database = hash:/etc/aliases
>         home_mailbox = Maildir/
>         mail_spool_directory = /var/spool/mail
>         debug_peer_level = 2
>         debugger_command =
>                 PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin
>                 xxgdb $daemon_directory/$process_name $process_id &
>         sleep 5
>         sendmail_path = /usr/sbin/sendmail.postfix
>         newaliases_path = /usr/bin/newaliases.postfix
>         mailq_path = /usr/bin/mailq.postfix
>         setgid_group = postdrop
>         html_directory = no
>         manpage_directory = /usr/share/man
>         sample_directory = /usr/share/doc/postfix-2.2.10/samples
>         readme_directory = /usr/share/doc/postfix-2.2.10/README_FILES
>         #uncomment the following two lines if you need authentication
>         smtp_sasl_auth_enable = yes
>         smtp_sasl_password_maps = hash:/etc/postfix/saslpass
>         smtp_sasl_security_options = noanonymous
>         smtpd_client_restrictions = permit_mynetworks, reject
>         smtpd_recipient_restrictions = permit_mynetworks,
>         reject_unauth_destination
>          mynetworks = 127.0.0.0/8 <http://127.0.0.0/8>,
>         172.16.249.0/24 <http://172.16.249.0/24>, 172.16.250.0/24
>         <http://172.16.250.0/24>, 10.100.0.0/16 <http://10.100.0.0/16>,
>         10.110.0.0/16 <http://10.110.0.0/16>, 10.131.191.0/24
>         <http://10.131.191.0/24>
>         relayhost = [SMTP_Adress]
>
>
>         So...any suggestions?  On the machine that does not work
>         properly I am able
>         to do the whole telnet and auth stuff manually.  Thanks for
>         questions,
>         comments and suggestions :D.
>          
>
>     First, do not show main.cf <http://main.cf>.  Follow the
>     instructions in http://www.postfix.org/DEBUG_README#mail.
>
>
> Sorry I just figured it would be brought up in this case.
This means run 'postconf -n', as the link reminds you, if my suggestion
does not help below, please post.

>
>
>
>     Second, from the machine having problems, telnet to port 25 of the
>     relay and say "EHLO example.com <http://example.com>".
>     Does it offer AUTH?
>
>
> Yes - 250-AUTH PLAIN LOGIN
>  
>
>
>
>     What is the EXACT format of /etc/postfix/saslpass? (we don't care
>     about what the passwords are).
>
>
> <smtp server name>     [hidden email]:Password
The left side MUST match what is in relay host exactly.
Example for 'relayhost = [SMTP_Adress]':
[SMTP_Adress]   [hidden email]:Password

It cannot just be:
SMTP_Adress   [hidden email]:Password

Brian
Reply | Threaded
Open this post in threaded view
|

Re: Postfix not sending Auth command

shalams


On Wed, Jun 25, 2008 at 11:00 AM, Brian Evans <[hidden email]> wrote:
Shane L wrote:


On Wed, Jun 25, 2008 at 10:44 AM, Brian Evans <[hidden email] <mailto:[hidden email]>> wrote:

   shalams wrote:

       I am running postfix on two Centos boxes.  The main difference
       in the 2 boxes
       is they are running off two different ISPs.

       Basically i have postfix acting as a relay and it needs to be
       authorized on
       the server it is relaying to.  Some reason Postfix will not
       send the Auth
       steps on only one of the machines.  Here is a snip of the log
       on one of the
       emails:

       Jun 24 20:18:12 firewall postfix/smtpd[10918]: connect from
       unknown[10.110.0.114 <http://10.110.0.114>]

       Jun 24 20:18:12 firewall postfix/smtpd[10918]: B36488AA83:
       client=unknown[10.110.0.114 <http://10.110.0.114>]

       Jun 24 20:18:12 firewall postfix/cleanup[10921]: B36488AA83:
       message-id=<20080625021812.B36488AA83@hostname>
       Jun 24 20:18:16 firewall postfix/qmgr[10906]: B36488AA83:
       from=<Email_address>, size=460531, nrcpt=1 (queue active)
       Jun 24 20:18:16 firewall postfix/smtpd[10918]: disconnect from
       unknown[10.110.0.114 <http://10.110.0.114>]

       Jun 24 20:18:16 firewall postfix/smtp[10924]: B36488AA83:
       to=<[hidden email] <mailto:[hidden email]>>,

       relay=<Host Information>, delay=4, status=bounced
       (host <Host_information> said: 554 5.7.1 <emailaddress>:
       Sender address
       rejected: Access denied (in reply to RCPT TO command))
       Jun 24 20:18:16 firewall postfix/cleanup[10921]: BC88B8AA85:
       message-id=<id_email_information>
       Jun 24 20:18:16 firewall postfix/qmgr[10906]: BC88B8AA85: from=<>,
       size=52122, nrcpt=1 (queue active)
       Jun 24 20:18:16 firewall postfix/qmgr[10906]: B36488AA83: removed
       Jun 24 20:18:17 firewall postfix/smtp[10924]: BC88B8AA85:
       to=<emailaddress>,
       relay=smtp.emailsrvr.com
       <http://smtp.emailsrvr.com>[66.216.121.100
       <http://66.216.121.100>], delay=1, status=bounced (host

       <smtphostinformation> said: 554 5.7.1 <>: Sender address
       rejected: Access
       denied (in reply to RCPT TO command))
       Jun 24 20:18:17 firewall postfix/qmgr[10906]: BC88B8AA85: removed

       Here is the main.cf <http://main.cf> on both

       machines...remember only one of the machines is
       not working properly yet they have the same settings in the
       main.cf <http://main.cf>:


       queue_directory = /var/spool/postfix
       command_directory = /usr/sbin
       daemon_directory = /usr/libexec/postfix
       mail_owner = postfix
       inet_interfaces = all
       mydestination = localhost
       unknown_local_recipient_reject_code = 550
       alias_maps = hash:/etc/aliases
       alias_database = hash:/etc/aliases
       home_mailbox = Maildir/
       mail_spool_directory = /var/spool/mail
       debug_peer_level = 2
       debugger_command =
               PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin
               xxgdb $daemon_directory/$process_name $process_id &
       sleep 5
       sendmail_path = /usr/sbin/sendmail.postfix
       newaliases_path = /usr/bin/newaliases.postfix
       mailq_path = /usr/bin/mailq.postfix
       setgid_group = postdrop
       html_directory = no
       manpage_directory = /usr/share/man
       sample_directory = /usr/share/doc/postfix-2.2.10/samples
       readme_directory = /usr/share/doc/postfix-2.2.10/README_FILES
       #uncomment the following two lines if you need authentication
       smtp_sasl_auth_enable = yes
       smtp_sasl_password_maps = hash:/etc/postfix/saslpass
       smtp_sasl_security_options = noanonymous
       smtpd_client_restrictions = permit_mynetworks, reject
       smtpd_recipient_restrictions = permit_mynetworks,
       reject_unauth_destination
        mynetworks = 127.0.0.0/8 <http://127.0.0.0/8>,
       172.16.249.0/24 <http://172.16.249.0/24>, 172.16.250.0/24
       <http://172.16.250.0/24>, 10.100.0.0/16 <http://10.100.0.0/16>,
       10.110.0.0/16 <http://10.110.0.0/16>, 10.131.191.0/24
       <http://10.131.191.0/24>

       relayhost = [SMTP_Adress]


       So...any suggestions?  On the machine that does not work
       properly I am able
       to do the whole telnet and auth stuff manually.  Thanks for
       questions,
       comments and suggestions :D.
       
   First, do not show main.cf <http://main.cf>.  Follow the

   instructions in http://www.postfix.org/DEBUG_README#mail.


Sorry I just figured it would be brought up in this case.
This means run 'postconf -n', as the link reminds you, if my suggestion does not help below, please post.



   Second, from the machine having problems, telnet to port 25 of the
   relay and say "EHLO example.com <http://example.com>".

   Does it offer AUTH?


Yes - 250-AUTH PLAIN LOGIN
 


   What is the EXACT format of /etc/postfix/saslpass? (we don't care
   about what the passwords are).


<smtp server name>     [hidden email]:Password
The left side MUST match what is in relay host exactly.
Example for 'relayhost = [SMTP_Adress]':
[SMTP_Adress]   [hidden email]:Password

It cannot just be:
SMTP_Adress   [hidden email]:Password

Tried didn't seem to help. 
 


Brian

alias_database = hash:/etc/aliases
alias_maps = hash:/etc/aliases
command_directory = /usr/sbin
config_directory = /etc/postfix
daemon_directory = /usr/libexec/postfix
debug_peer_level = 2
home_mailbox = Maildir/
html_directory = no
inet_interfaces = all
mail_owner = postfix
mail_spool_directory = /var/spool/mail
mailq_path = /usr/bin/mailq.postfix
manpage_directory = /usr/share/man
mydestination = localhost
mynetworks = 127.0.0.0/8, 172.16.249.0/24, 172.16.250.0/24, 10.100.0.0/16, 10.110.0.0/16, 10.131.191.0/24
newaliases_path = /usr/bin/newaliases.postfix
queue_directory = /var/spool/postfix
readme_directory = /usr/share/doc/postfix-2.2.10/README_FILES
relayhost = [smtp.emailsrvr.com]
sample_directory = /usr/share/doc/postfix-2.2.10/samples
sendmail_path = /usr/sbin/sendmail.postfix
setgid_group = postdrop
smtp_sasl_auth_enable = yes
smtp_sasl_password_maps = hash:/etc/postfix/saslpass
smtp_sasl_security_options = noanonymous
smtpd_client_restrictions = permit_mynetworks, reject
smtpd_recipient_restrictions = permit_mynetworks, reject_unauth_destination
unknown_local_recipient_reject_code = 550


Thanks again for your help.

Reply | Threaded
Open this post in threaded view
|

Re: Postfix not sending Auth command

Brian Evans - Postfix List
Shane L wrote:

>
>
> On Wed, Jun 25, 2008 at 11:00 AM, Brian Evans <[hidden email]
> <mailto:[hidden email]>> wrote:
>
>     Shane L wrote:
>
>
>
>         On Wed, Jun 25, 2008 at 10:44 AM, Brian Evans
>         <[hidden email] <mailto:[hidden email]>
>         <mailto:[hidden email]
>         <mailto:[hidden email]>>> wrote:
>
>            shalams wrote:
>
>            
>                So...any suggestions?  On the machine that does not work
>                properly I am able
>                to do the whole telnet and auth stuff manually.  Thanks for
>                questions,
>                comments and suggestions :D.
>                
>
>
>            What is the EXACT format of /etc/postfix/saslpass? (we
>         don't care
>            about what the passwords are).
>
>
>         <smtp server name>     [hidden email]:Password
>
>     The left side MUST match what is in relay host exactly.
>     Example for 'relayhost = [SMTP_Adress]':
>     [SMTP_Adress]   [hidden email]:Password
>
>     It cannot just be:
>     SMTP_Adress   [hidden email]:Password
>
>
> Tried didn't seem to help.
>  
>
>
>
>     Brian
>
>
> alias_database = hash:/etc/aliases
> alias_maps = hash:/etc/aliases
> command_directory = /usr/sbin
> config_directory = /etc/postfix
> daemon_directory = /usr/libexec/postfix
> debug_peer_level = 2
> home_mailbox = Maildir/
> html_directory = no
> inet_interfaces = all
> mail_owner = postfix
> mail_spool_directory = /var/spool/mail
> mailq_path = /usr/bin/mailq.postfix
> manpage_directory = /usr/share/man
> mydestination = localhost
> mynetworks = 127.0.0.0/8 <http://127.0.0.0/8>, 172.16.249.0/24
> <http://172.16.249.0/24>, 172.16.250.0/24 <http://172.16.250.0/24>,
> 10.100.0.0/16 <http://10.100.0.0/16>, 10.110.0.0/16
> <http://10.110.0.0/16>, 10.131.191.0/24 <http://10.131.191.0/24>
> newaliases_path = /usr/bin/newaliases.postfix
> queue_directory = /var/spool/postfix
> readme_directory = /usr/share/doc/postfix-2.2.10/README_FILES
> relayhost = [smtp.emailsrvr.com <http://smtp.emailsrvr.com>]
> sample_directory = /usr/share/doc/postfix-2.2.10/samples
> sendmail_path = /usr/sbin/sendmail.postfix
> setgid_group = postdrop
> smtp_sasl_auth_enable = yes
> smtp_sasl_password_maps = hash:/etc/postfix/saslpass
> smtp_sasl_security_options = noanonymous
> smtpd_client_restrictions = permit_mynetworks, reject
> smtpd_recipient_restrictions = permit_mynetworks,
> reject_unauth_destination
This makes no sense.
If this is a local only sending machine, just set the
'smtpd_recipient_restrictions = permit_mynetworks, reject' and forget
about the client restrictions.
> unknown_local_recipient_reject_code = 550
>
>
> Thanks again for your help.
>
Try to grab saslfinger from
http://postfix.state-of-mind.de/patrick.koetter/saslfinger/ and follow
the directions.

Brian
Reply | Threaded
Open this post in threaded view
|

Re: Postfix not sending Auth command

shalams


On Wed, Jun 25, 2008 at 11:30 AM, Brian Evans <[hidden email]> wrote:
Shane L wrote:


On Wed, Jun 25, 2008 at 11:00 AM, Brian Evans <[hidden email] <mailto:[hidden email]>> wrote:

   Shane L wrote:



       On Wed, Jun 25, 2008 at 10:44 AM, Brian Evans
       <[hidden email] <mailto:[hidden email]>
       <mailto:[hidden email]
       <mailto:[hidden email]>>> wrote:

          shalams wrote:

                          So...any suggestions?  On the machine that does not work
              properly I am able
              to do the whole telnet and auth stuff manually.  Thanks for
              questions,
              comments and suggestions :D.
             

          What is the EXACT format of /etc/postfix/saslpass? (we
       don't care
          about what the passwords are).


       <smtp server name>     [hidden email]:Password

   The left side MUST match what is in relay host exactly.
   Example for 'relayhost = [SMTP_Adress]':
   [SMTP_Adress]   [hidden email]:Password

   It cannot just be:
   SMTP_Adress   [hidden email]:Password


Tried didn't seem to help.  


   Brian


alias_database = hash:/etc/aliases
alias_maps = hash:/etc/aliases
command_directory = /usr/sbin
config_directory = /etc/postfix
daemon_directory = /usr/libexec/postfix
debug_peer_level = 2
home_mailbox = Maildir/
html_directory = no
inet_interfaces = all
mail_owner = postfix
mail_spool_directory = /var/spool/mail
mailq_path = /usr/bin/mailq.postfix
manpage_directory = /usr/share/man
mydestination = localhost
newaliases_path = /usr/bin/newaliases.postfix
queue_directory = /var/spool/postfix
readme_directory = /usr/share/doc/postfix-2.2.10/README_FILES
relayhost = [smtp.emailsrvr.com <http://smtp.emailsrvr.com>]

sample_directory = /usr/share/doc/postfix-2.2.10/samples
sendmail_path = /usr/sbin/sendmail.postfix
setgid_group = postdrop
smtp_sasl_auth_enable = yes
smtp_sasl_password_maps = hash:/etc/postfix/saslpass
smtp_sasl_security_options = noanonymous
smtpd_client_restrictions = permit_mynetworks, reject
smtpd_recipient_restrictions = permit_mynetworks, reject_unauth_destination
This makes no sense. If this is a local only sending machine, just set the 'smtpd_recipient_restrictions = permit_mynetworks, reject' and forget about the client restrictions.

unknown_local_recipient_reject_code = 550


Thanks again for your help.

Try to grab saslfinger from http://postfix.state-of-mind.de/patrick.koetter/saslfinger/ and follow the directions.

Cool little script.


Brian

I ran it and the interesting part is on the mechanisms part I am not getting anything on the broken server...what would cause this?

Working server:
-- mechanisms on smtp.emailsrvr.com --
250-AUTH PLAIN LOGIN
250-AUTH=PLAIN LOGIN

-- end of saslfinger output --


Broken server:
-- mechanisms on [smtp.emailsrvr.com] --

-- end of saslfinger output --

Reply | Threaded
Open this post in threaded view
|

Re: Postfix not sending Auth command

Patrick Ben Koetter
* Shane L <[hidden email]>:

> >>  Try to grab saslfinger from
> > http://postfix.state-of-mind.de/patrick.koetter/saslfinger/ and follow the
> > directions.
>
>
> Cool little script.
>
> >
> >
> > Brian
> >
>
> I ran it and the interesting part is on the mechanisms part I am not getting
> anything on the broken server...what would cause this?

saslfinger was my first major bash script. It's helpful, but probably not correct in
all cases. What do you get, if you telnet on port 25 to the remote server from
your server and send "EHLO foo"?

p@rick

--
The Book of Postfix
<http://www.postfix-book.com>
saslfinger (debugging SMTP AUTH):
<http://postfix.state-of-mind.de/patrick.koetter/saslfinger/>
Reply | Threaded
Open this post in threaded view
|

Re: Postfix not sending Auth command

shalams


On Wed, Jun 25, 2008 at 12:11 PM, Shane L <[hidden email]> wrote:


On Wed, Jun 25, 2008 at 11:59 AM, Patrick Ben Koetter <[hidden email]> wrote:
* Shane L <[hidden email]>:
> >>  Try to grab saslfinger from
> > http://postfix.state-of-mind.de/patrick.koetter/saslfinger/ and follow the
> > directions.
>
>
> Cool little script.
>
> >
> >
> > Brian
> >
>
> I ran it and the interesting part is on the mechanisms part I am not getting
> anything on the broken server...what would cause this?

saslfinger was my first major bash script. It's helpful, but probably not correct in
all cases. What do you get, if you telnet on port 25 to the remote server from
your server and send "EHLO foo"?

ehlo goodbye
250-relay5.relay.sat.mlsrvr.com
250-PIPELINING
250-SIZE 75000000
250-ETRN
250-XXXXXXXA

250-AUTH PLAIN LOGIN
250-AUTH=PLAIN LOGIN
250-ENHANCEDSTATUSCODES
250 8BITMIME

 


p@rick

--
The Book of Postfix
<http://www.postfix-book.com>
saslfinger (debugging SMTP AUTH):


So another thing that I have noticed is when I telnet from the server that is broken i get XXXXs on the tls information.  Example:
Connected to smtp.emailsrvr.com (66.216.121.100).
Escape character is '^]'.
220 ****************************************************************************************************************************************
ehlo test
250-relay10.relay.sat.mlsrvr.com
250-PIPELINING
250-SIZE 75000000
250-ETRN
250-XXXXXXXA
250-AUTH PLAIN LOGIN
250-AUTH=PLAIN LOGIN
250-ENHANCEDSTATUSCODES
250 8BITMIME


The working server here is what it reads:
Connected to smtp.emailsrvr.com (66.216.121.100).
Escape character is '^]'.
220 relay1.relay.sat.mlsrvr.com ESMTP - VA Code Section 18.2-152.3:1 forbids use of this system for unsolicited bulk electronic mail (Spam)
ehlo test
250-relay1.relay.sat.mlsrvr.com
250-PIPELINING
250-SIZE 75000000
250-ETRN
250-STARTTLS
250-AUTH PLAIN LOGIN
250-AUTH=PLAIN LOGIN
250-ENHANCEDSTATUSCODES
250 8BITMIME


I've read a little about this and it is blaming firewalls in most cases.  Is there anything else that would cause this?  If I go back to the customer on this and blame their firewall I better be damn sure.  Thanks.
Reply | Threaded
Open this post in threaded view
|

Re: Postfix not sending Auth command

Patrick Ben Koetter
In reply to this post by Patrick Ben Koetter
Please reply to the list and not my private address.

See comments below:

* Shane L <[hidden email]>:

> > > I ran it and the interesting part is on the mechanisms part I am not
> > getting
> > > anything on the broken server...what would cause this?
> >
> > saslfinger was my first major bash script. It's helpful, but probably not
> > correct in all cases. What do you get, if you telnet on port 25 to the
> > remote server from your server and send "EHLO foo"?
>
>
> ehlo goodbye
> 250-relay5.relay.sat.mlsrvr.com
> 250-PIPELINING
> 250-SIZE 75000000
> 250-ETRN
> 250-XXXXXXXA
> 250-AUTH PLAIN LOGIN
> 250-AUTH=PLAIN LOGIN
> 250-ENHANCEDSTATUSCODES
> 250 8BITMIME

So the relay server answers.

Unfortunately you have decided what the "interesting part" in the output of
saslfinger -c was and left the parts away that I believe are interesting...

Here's my theory: The hostname in your smtp_sasl_password_maps does not match
what you have in your relayhost directive. Maybe you have an IP address in
your relayhost directive.

Send saslfinger -c output to find out.

p@rick






>
>
>
> >
> >
> > p@rick
> >
> > --
> > The Book of Postfix
> > <http://www.postfix-book.com>
> > saslfinger (debugging SMTP AUTH):
> > <http://postfix.state-of-mind.de/patrick.koetter/saslfinger/>
> >

--
state of mind
Agentur für Kommunikation, Design und Softwareentwicklung

Patrick Koetter            Tel: 089 45227227
Echinger Strasse 3         Fax: 089 45227226
85386 Eching               Web: http://www.state-of-mind.de

Amtsgericht München        Partnerschaftsregister PR 563
Reply | Threaded
Open this post in threaded view
|

Re: Postfix not sending Auth command

Patrick Ben Koetter
In reply to this post by shalams
* Shane L <[hidden email]>:

> > ehlo goodbye
> > 250-relay5.relay.sat.mlsrvr.com
> > 250-PIPELINING
> > 250-SIZE 75000000
> > 250-ETRN
> > 250-XXXXXXXA
> > 250-AUTH PLAIN LOGIN
> > 250-AUTH=PLAIN LOGIN
> > 250-ENHANCEDSTATUSCODES
> > 250 8BITMIME
> >
> So another thing that I have noticed is when I telnet from the server that
> is broken i get XXXXs on the tls information.  Example:
> Connected to smtp.emailsrvr.com (66.216.121.100).
> Escape character is '^]'.
> 220
> ehlo test
> 250-relay10.relay.sat.mlsrvr.com
> 250-PIPELINING
> 250-SIZE 75000000
> 250-ETRN
> 250-XXXXXXXA
> 250-AUTH PLAIN LOGIN
> 250-AUTH=PLAIN LOGIN
> 250-ENHANCEDSTATUSCODES
> 250 8BITMIME

This is probably a firewall, but it doesn't seem to intercept the AUTH
capability.

> I've read a little about this and it is blaming firewalls in most cases.  Is
> there anything else that would cause this?  If I go back to the customer on

Probably not.

> this and blame their firewall I better be damn sure.  Thanks.

you might end up barking up the wrong tree.

p@rick



--
The Book of Postfix
<http://www.postfix-book.com>
saslfinger (debugging SMTP AUTH):
<http://postfix.state-of-mind.de/patrick.koetter/saslfinger/>
Reply | Threaded
Open this post in threaded view
|

Re: Postfix not sending Auth command

shalams


On Wed, Jun 25, 2008 at 1:10 PM, Patrick Ben Koetter <[hidden email]> wrote:
* Shane L <[hidden email]>:
> > ehlo goodbye
> > 250-relay5.relay.sat.mlsrvr.com
> > 250-PIPELINING
> > 250-SIZE 75000000
> > 250-ETRN
> > 250-XXXXXXXA
> > 250-AUTH PLAIN LOGIN
> > 250-AUTH=PLAIN LOGIN
> > 250-ENHANCEDSTATUSCODES
> > 250 8BITMIME
> >
> So another thing that I have noticed is when I telnet from the server that
> is broken i get XXXXs on the tls information.  Example:
> Connected to smtp.emailsrvr.com (66.216.121.100).
> Escape character is '^]'.
> 220
> ehlo test
> 250-relay10.relay.sat.mlsrvr.com
> 250-PIPELINING
> 250-SIZE 75000000
> 250-ETRN
> 250-XXXXXXXA
> 250-AUTH PLAIN LOGIN
> 250-AUTH=PLAIN LOGIN
> 250-ENHANCEDSTATUSCODES
> 250 8BITMIME

This is probably a firewall, but it doesn't seem to intercept the AUTH
capability.

> I've read a little about this and it is blaming firewalls in most cases.  Is
> there anything else that would cause this?  If I go back to the customer on

Probably not.

> this and blame their firewall I better be damn sure.  Thanks.

you might end up barking up the wrong tree.

p@rick



--
The Book of Postfix
<http://www.postfix-book.com>
saslfinger (debugging SMTP AUTH):
<http://postfix.state-of-mind.de/patrick.koetter/saslfinger/>



Here is everything...
saslfinger - postfix Cyrus sasl configuration Wed Jun 25 13:02:19 MDT 2008
version: 1.0.2
mode: client-side SMTP AUTH

-- basics --
Postfix: 2.2.10
System: CentOS release 4.6 (Final)

-- smtp is linked to --
 libsasl2.so.2 => /usr/lib/libsasl2.so.2 (0x00449000)

-- active SMTP AUTH and TLS parameters for smtp --
relayhost = [smtp.emailsrvr.com]
smtp_sasl_auth_enable = yes
smtp_sasl_password_maps = hash:/etc/postfix/saslpass
smtp_sasl_security_options = noanonymous


-- listing of /usr/lib/sasl --
total 400
drwxr-xr-x   2 root root  4096 Jun 19 01:12 .
drwxr-xr-x  73 root root 36864 Jun 19 02:05 ..
-rw-r--r--   1 root root  4630 Sep  4  2007 libanonymous.a
-rwxr-xr-x   1 root root   871 Sep  4  2007 libanonymous.la
-rwxr-xr-x   1 root root  5748 Sep  4  2007 libanonymous.so
-rwxr-xr-x   1 root root  5748 Sep  4  2007 libanonymous.so.1
-rwxr-xr-x   1 root root  5748 Sep  4  2007 libanonymous.so.1.0.17
-rw-r--r--   1 root root  9754 Sep  4  2007 libcrammd5.a
-rwxr-xr-x   1 root root   857 Sep  4  2007 libcrammd5.la
-rwxr-xr-x   1 root root  9884 Sep  4  2007 libcrammd5.so
-rwxr-xr-x   1 root root  9884 Sep  4  2007 libcrammd5.so.1
-rwxr-xr-x   1 root root  9884 Sep  4  2007 libcrammd5.so.1.0.19
-rw-r--r--   1 root root 34292 Sep  4  2007 libdigestmd5.a
-rwxr-xr-x   1 root root   880 Sep  4  2007 libdigestmd5.la
-rwxr-xr-x   1 root root 30804 Sep  4  2007 libdigestmd5.so
-rwxr-xr-x   1 root root 30804 Sep  4  2007 libdigestmd5.so.0
-rwxr-xr-x   1 root root 30804 Sep  4  2007 libdigestmd5.so.0.0.20
-rw-r--r--   1 root root 11318 Sep  4  2007 libgssapiv2.a
-rwxr-xr-x   1 root root   906 Sep  4  2007 libgssapiv2.la
-rwxr-xr-x   1 root root 11952 Sep  4  2007 libgssapiv2.so
-rwxr-xr-x   1 root root 11952 Sep  4  2007 libgssapiv2.so.1
-rwxr-xr-x   1 root root 11952 Sep  4  2007 libgssapiv2.so.1.0.19
-rw-r--r--   1 root root  6594 Sep  4  2007 liblogin.a
-rwxr-xr-x   1 root root   847 Sep  4  2007 liblogin.la
-rwxr-xr-x   1 root root  7248 Sep  4  2007 liblogin.so
-rwxr-xr-x   1 root root  7248 Sep  4  2007 liblogin.so.0
-rwxr-xr-x   1 root root  7248 Sep  4  2007 liblogin.so.0.0.7
-rw-r--r--   1 root root  6146 Sep  4  2007 libplain.a
-rwxr-xr-x   1 root root   849 Sep  4  2007 libplain.la
-rwxr-xr-x   1 root root  7000 Sep  4  2007 libplain.so
-rwxr-xr-x   1 root root  7000 Sep  4  2007 libplain.so.1
-rwxr-xr-x   1 root root  7000 Sep  4  2007 libplain.so.1.0.16
-rw-r--r--   1 root root    47 May  2  2007 smtpd.conf

-- listing of /usr/lib/sasl2 --
total 2808
drwxr-xr-x   2 root root   4096 Jun 19 01:12 .
drwxr-xr-x  73 root root  36864 Jun 19 02:05 ..
-rw-r--r--   1 root root     25 May  2  2007 Sendmail.conf
-rwxr-xr-x   1 root root    875 Sep  4  2007 libanonymous.la
-rwxr-xr-x   1 root root  12852 Sep  4  2007 libanonymous.so
-rwxr-xr-x   1 root root  12852 Sep  4  2007 libanonymous.so.2
-rwxr-xr-x   1 root root  12852 Sep  4  2007 libanonymous.so.2.0.19
-rwxr-xr-x   1 root root    863 Sep  4  2007 libcrammd5.la
-rwxr-xr-x   1 root root  15216 Sep  4  2007 libcrammd5.so
-rwxr-xr-x   1 root root  15216 Sep  4  2007 libcrammd5.so.2
-rwxr-xr-x   1 root root  15216 Sep  4  2007 libcrammd5.so.2.0.19
-rwxr-xr-x   1 root root    884 Sep  4  2007 libdigestmd5.la
-rwxr-xr-x   1 root root  42996 Sep  4  2007 libdigestmd5.so
-rwxr-xr-x   1 root root  42996 Sep  4  2007 libdigestmd5.so.2
-rwxr-xr-x   1 root root  42996 Sep  4  2007 libdigestmd5.so.2.0.19
-rwxr-xr-x   1 root root    911 Sep  4  2007 libgssapiv2.la
-rwxr-xr-x   1 root root  25492 Sep  4  2007 libgssapiv2.so
-rwxr-xr-x   1 root root  25492 Sep  4  2007 libgssapiv2.so.2
-rwxr-xr-x   1 root root  25492 Sep  4  2007 libgssapiv2.so.2.0.19
-rwxr-xr-x   1 root root    851 Sep  4  2007 liblogin.la
-rwxr-xr-x   1 root root  13264 Sep  4  2007 liblogin.so
-rwxr-xr-x   1 root root  13264 Sep  4  2007 liblogin.so.2
-rwxr-xr-x   1 root root  13264 Sep  4  2007 liblogin.so.2.0.19
-rwxr-xr-x   1 root root    851 Sep  4  2007 libplain.la
-rwxr-xr-x   1 root root  13392 Sep  4  2007 libplain.so
-rwxr-xr-x   1 root root  13392 Sep  4  2007 libplain.so.2
-rwxr-xr-x   1 root root  13392 Sep  4  2007 libplain.so.2.0.19
-rwxr-xr-x   1 root root    920 Sep  4  2007 libsasldb.la
-rwxr-xr-x   1 root root 783328 Sep  4  2007 libsasldb.so
-rwxr-xr-x   1 root root 783328 Sep  4  2007 libsasldb.so.2
-rwxr-xr-x   1 root root 783328 Sep  4  2007 libsasldb.so.2.0.19
-rw-r--r--   1 root root     26 May  2  2007 smtpd.conf


-- permissions for /etc/postfix/saslpass --
-rw-r--r--  1 root root 64 Jun 25 10:49 /etc/postfix/saslpass

-- permissions for /etc/postfix/saslpass.db --
-rw-r--r--  1 root root 12288 Jun 25 11:23 /etc/postfix/saslpass.db

/etc/postfix/saslpass.db is up to date.

-- active services in /etc/postfix/master.cf --
# service type  private unpriv  chroot  wakeup  maxproc command + args
#               (yes)   (yes)   (yes)   (never) (100)
smtp      inet  n       -       n       -       -       smtpd
pickup    fifo  n       -       n       60      1       pickup
cleanup   unix  n       -       n       -       0       cleanup
qmgr      fifo  n       -       n       300     1       qmgr
tlsmgr    unix  -       -       n       1000?   1       tlsmgr
rewrite   unix  -       -       n       -       -       trivial-rewrite
bounce    unix  -       -       n       -       0       bounce
defer     unix  -       -       n       -       0       bounce
trace     unix  -       -       n       -       0       bounce
verify    unix  -       -       n       -       1       verify
flush     unix  n       -       n       1000?   0       flush
proxymap  unix  -       -       n       -       -       proxymap
smtp      unix  -       -       n       -       -       smtp
relay     unix  -       -       n       -       -       smtp
 -o fallback_relay=
showq     unix  n       -       n       -       -       showq
error     unix  -       -       n       -       -       error
discard   unix  -       -       n       -       -       discard
local     unix  -       n       n       -       -       local
virtual   unix  -       n       n       -       -       virtual
lmtp      unix  -       -       n       -       -       lmtp
anvil     unix  -       -       n       -       1       anvil
scache    unix  -      -    n   -       1       scache
maildrop  unix  -       n       n       -       -       pipe
  flags=DRhu user=vmail argv=/usr/local/bin/maildrop -d ${recipient}
old-cyrus unix  -       n       n       -       -       pipe
  flags=R user=cyrus argv=/usr/lib/cyrus-imapd/deliver -e -m ${extension} ${user}
cyrus     unix  -       n       n       -       -       pipe
  user=cyrus argv=/usr/lib/cyrus-imapd/deliver -e -r ${sender} -m ${extension} ${user}
uucp      unix  -       n       n       -       -       pipe
  flags=Fqhu user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail ($recipient)
ifmail    unix  -       n       n       -       -       pipe
  flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient)
bsmtp     unix  -       n       n       -       -       pipe
  flags=Fq. user=foo argv=/usr/local/sbin/bsmtp -f $sender $nexthop $recipient

-- mechanisms on [smtp.emailsrvr.com] --


-- end of saslfinger output --


Reply | Threaded
Open this post in threaded view
|

Re: Postfix not sending Auth command

Patrick Ben Koetter
* Shane L <[hidden email]>:

> saslfinger - postfix Cyrus sasl configuration Wed Jun 25 13:02:19 MDT 2008
> version: 1.0.2
> mode: client-side SMTP AUTH
>
> -- basics --
> Postfix: 2.2.10
> System: CentOS release 4.6 (Final)
>
> -- smtp is linked to --
>  libsasl2.so.2 => /usr/lib/libsasl2.so.2 (0x00449000)
>
> -- active SMTP AUTH and TLS parameters for smtp --
> relayhost = [smtp.emailsrvr.com]

Do you have smtp.emailsrvr.com in /etc/postfix/saslpass? Can you show the map
without the credentials?

p@rick




> smtp_sasl_auth_enable = yes
> smtp_sasl_password_maps = hash:/etc/postfix/saslpass
> smtp_sasl_security_options = noanonymous
>
>
> -- listing of /usr/lib/sasl --
> total 400
> drwxr-xr-x   2 root root  4096 Jun 19 01:12 .
> drwxr-xr-x  73 root root 36864 Jun 19 02:05 ..
> -rw-r--r--   1 root root  4630 Sep  4  2007 libanonymous.a
> -rwxr-xr-x   1 root root   871 Sep  4  2007 libanonymous.la
> -rwxr-xr-x   1 root root  5748 Sep  4  2007 libanonymous.so
> -rwxr-xr-x   1 root root  5748 Sep  4  2007 libanonymous.so.1
> -rwxr-xr-x   1 root root  5748 Sep  4  2007 libanonymous.so.1.0.17
> -rw-r--r--   1 root root  9754 Sep  4  2007 libcrammd5.a
> -rwxr-xr-x   1 root root   857 Sep  4  2007 libcrammd5.la
> -rwxr-xr-x   1 root root  9884 Sep  4  2007 libcrammd5.so
> -rwxr-xr-x   1 root root  9884 Sep  4  2007 libcrammd5.so.1
> -rwxr-xr-x   1 root root  9884 Sep  4  2007 libcrammd5.so.1.0.19
> -rw-r--r--   1 root root 34292 Sep  4  2007 libdigestmd5.a
> -rwxr-xr-x   1 root root   880 Sep  4  2007 libdigestmd5.la
> -rwxr-xr-x   1 root root 30804 Sep  4  2007 libdigestmd5.so
> -rwxr-xr-x   1 root root 30804 Sep  4  2007 libdigestmd5.so.0
> -rwxr-xr-x   1 root root 30804 Sep  4  2007 libdigestmd5.so.0.0.20
> -rw-r--r--   1 root root 11318 Sep  4  2007 libgssapiv2.a
> -rwxr-xr-x   1 root root   906 Sep  4  2007 libgssapiv2.la
> -rwxr-xr-x   1 root root 11952 Sep  4  2007 libgssapiv2.so
> -rwxr-xr-x   1 root root 11952 Sep  4  2007 libgssapiv2.so.1
> -rwxr-xr-x   1 root root 11952 Sep  4  2007 libgssapiv2.so.1.0.19
> -rw-r--r--   1 root root  6594 Sep  4  2007 liblogin.a
> -rwxr-xr-x   1 root root   847 Sep  4  2007 liblogin.la
> -rwxr-xr-x   1 root root  7248 Sep  4  2007 liblogin.so
> -rwxr-xr-x   1 root root  7248 Sep  4  2007 liblogin.so.0
> -rwxr-xr-x   1 root root  7248 Sep  4  2007 liblogin.so.0.0.7
> -rw-r--r--   1 root root  6146 Sep  4  2007 libplain.a
> -rwxr-xr-x   1 root root   849 Sep  4  2007 libplain.la
> -rwxr-xr-x   1 root root  7000 Sep  4  2007 libplain.so
> -rwxr-xr-x   1 root root  7000 Sep  4  2007 libplain.so.1
> -rwxr-xr-x   1 root root  7000 Sep  4  2007 libplain.so.1.0.16
> -rw-r--r--   1 root root    47 May  2  2007 smtpd.conf
>
> -- listing of /usr/lib/sasl2 --
> total 2808
> drwxr-xr-x   2 root root   4096 Jun 19 01:12 .
> drwxr-xr-x  73 root root  36864 Jun 19 02:05 ..
> -rw-r--r--   1 root root     25 May  2  2007 Sendmail.conf
> -rwxr-xr-x   1 root root    875 Sep  4  2007 libanonymous.la
> -rwxr-xr-x   1 root root  12852 Sep  4  2007 libanonymous.so
> -rwxr-xr-x   1 root root  12852 Sep  4  2007 libanonymous.so.2
> -rwxr-xr-x   1 root root  12852 Sep  4  2007 libanonymous.so.2.0.19
> -rwxr-xr-x   1 root root    863 Sep  4  2007 libcrammd5.la
> -rwxr-xr-x   1 root root  15216 Sep  4  2007 libcrammd5.so
> -rwxr-xr-x   1 root root  15216 Sep  4  2007 libcrammd5.so.2
> -rwxr-xr-x   1 root root  15216 Sep  4  2007 libcrammd5.so.2.0.19
> -rwxr-xr-x   1 root root    884 Sep  4  2007 libdigestmd5.la
> -rwxr-xr-x   1 root root  42996 Sep  4  2007 libdigestmd5.so
> -rwxr-xr-x   1 root root  42996 Sep  4  2007 libdigestmd5.so.2
> -rwxr-xr-x   1 root root  42996 Sep  4  2007 libdigestmd5.so.2.0.19
> -rwxr-xr-x   1 root root    911 Sep  4  2007 libgssapiv2.la
> -rwxr-xr-x   1 root root  25492 Sep  4  2007 libgssapiv2.so
> -rwxr-xr-x   1 root root  25492 Sep  4  2007 libgssapiv2.so.2
> -rwxr-xr-x   1 root root  25492 Sep  4  2007 libgssapiv2.so.2.0.19
> -rwxr-xr-x   1 root root    851 Sep  4  2007 liblogin.la
> -rwxr-xr-x   1 root root  13264 Sep  4  2007 liblogin.so
> -rwxr-xr-x   1 root root  13264 Sep  4  2007 liblogin.so.2
> -rwxr-xr-x   1 root root  13264 Sep  4  2007 liblogin.so.2.0.19
> -rwxr-xr-x   1 root root    851 Sep  4  2007 libplain.la
> -rwxr-xr-x   1 root root  13392 Sep  4  2007 libplain.so
> -rwxr-xr-x   1 root root  13392 Sep  4  2007 libplain.so.2
> -rwxr-xr-x   1 root root  13392 Sep  4  2007 libplain.so.2.0.19
> -rwxr-xr-x   1 root root    920 Sep  4  2007 libsasldb.la
> -rwxr-xr-x   1 root root 783328 Sep  4  2007 libsasldb.so
> -rwxr-xr-x   1 root root 783328 Sep  4  2007 libsasldb.so.2
> -rwxr-xr-x   1 root root 783328 Sep  4  2007 libsasldb.so.2.0.19
> -rw-r--r--   1 root root     26 May  2  2007 smtpd.conf
>
>
> -- permissions for /etc/postfix/saslpass --
> -rw-r--r--  1 root root 64 Jun 25 10:49 /etc/postfix/saslpass
>
> -- permissions for /etc/postfix/saslpass.db --
> -rw-r--r--  1 root root 12288 Jun 25 11:23 /etc/postfix/saslpass.db
>
> /etc/postfix/saslpass.db is up to date.
>
> -- active services in /etc/postfix/master.cf --
> # service type  private unpriv  chroot  wakeup  maxproc command + args
> #               (yes)   (yes)   (yes)   (never) (100)
> smtp      inet  n       -       n       -       -       smtpd
> pickup    fifo  n       -       n       60      1       pickup
> cleanup   unix  n       -       n       -       0       cleanup
> qmgr      fifo  n       -       n       300     1       qmgr
> tlsmgr    unix  -       -       n       1000?   1       tlsmgr
> rewrite   unix  -       -       n       -       -       trivial-rewrite
> bounce    unix  -       -       n       -       0       bounce
> defer     unix  -       -       n       -       0       bounce
> trace     unix  -       -       n       -       0       bounce
> verify    unix  -       -       n       -       1       verify
> flush     unix  n       -       n       1000?   0       flush
> proxymap  unix  -       -       n       -       -       proxymap
> smtp      unix  -       -       n       -       -       smtp
> relay     unix  -       -       n       -       -       smtp
>  -o fallback_relay=
> showq     unix  n       -       n       -       -       showq
> error     unix  -       -       n       -       -       error
> discard   unix  -       -       n       -       -       discard
> local     unix  -       n       n       -       -       local
> virtual   unix  -       n       n       -       -       virtual
> lmtp      unix  -       -       n       -       -       lmtp
> anvil     unix  -       -       n       -       1       anvil
> scache    unix  -      -    n   -       1       scache
> maildrop  unix  -       n       n       -       -       pipe
>   flags=DRhu user=vmail argv=/usr/local/bin/maildrop -d ${recipient}
> old-cyrus unix  -       n       n       -       -       pipe
>   flags=R user=cyrus argv=/usr/lib/cyrus-imapd/deliver -e -m ${extension}
> ${user}
> cyrus     unix  -       n       n       -       -       pipe
>   user=cyrus argv=/usr/lib/cyrus-imapd/deliver -e -r ${sender} -m
> ${extension} ${user}
> uucp      unix  -       n       n       -       -       pipe
>   flags=Fqhu user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail
> ($recipient)
> ifmail    unix  -       n       n       -       -       pipe
>   flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient)
> bsmtp     unix  -       n       n       -       -       pipe
>   flags=Fq. user=foo argv=/usr/local/sbin/bsmtp -f $sender $nexthop
> $recipient
>
> -- mechanisms on [smtp.emailsrvr.com] --
>
>
> -- end of saslfinger output --

--
The Book of Postfix
<http://www.postfix-book.com>
saslfinger (debugging SMTP AUTH):
<http://postfix.state-of-mind.de/patrick.koetter/saslfinger/>
Reply | Threaded
Open this post in threaded view
|

Re: Postfix not sending Auth command

mouss-2
In reply to this post by shalams
Shane L wrote:
> [snip]
>  
>> What is the EXACT format of /etc/postfix/saslpass? (we don't care about
>> what the passwords are).
>>    
>
>
> <smtp server name>     [hidden email]:Password
>  

which DTD do you use? please replace actual text with PLAUSIBLE text.

Anyway, the key (the first parameter) must match the relayhost parameter
(including brackets).

Please send the output (with the commands) of

# postconf -n
# awk '{print $1}' /etc/postfix/saslpass | sed
's/yourdomain\.com/example.com/'
(yes, replace yourdomain\.com with your own domain).
# saslfinger -c

if you should munge private information, do so coherently. In particular
- replace a domain with example.com, example.org, example.net,
foo.example, ...
- similarly, replace a hostname with host5.example.com  (adjust the '5')...
- replace a pblic IP with an address in the 192.0.2.* range
- replace a private IP with 192.168.*.* or other private ranges
- replace a login and passsword with $login:$password
...








Reply | Threaded
Open this post in threaded view
|

Re: Postfix not sending Auth command

shalams


On Wed, Jun 25, 2008 at 2:20 PM, mouss <[hidden email]> wrote:
Shane L wrote:
[snip]

 
What is the EXACT format of /etc/postfix/saslpass? (we don't care about
what the passwords are).
   


<smtp server name>     [hidden email]:Password
 

which DTD do you use? please replace actual text with PLAUSIBLE text.

Anyway, the key (the first parameter) must match the relayhost parameter (including brackets).

Please send the output (with the commands) of

# postconf -n

alias_database = hash:/etc/aliases
alias_maps = hash:/etc/aliases
command_directory = /usr/sbin
config_directory = /etc/postfix

daemon_directory = /usr/libexec/postfix
debug_peer_level = 2
home_mailbox = Maildir/
html_directory = no
inet_interfaces = all
mail_owner = postfix

mail_spool_directory = /var/spool/mail
mailq_path = /usr/bin/mailq.postfix
manpage_directory = /usr/share/man
mydestination = localhost

newaliases_path = /usr/bin/newaliases.postfix
queue_directory = /var/spool/postfix
readme_directory = /usr/share/doc/postfix-2.2.10/README_FILES
relayhost = [smtp.emailsrvr.com]

sample_directory = /usr/share/doc/postfix-2.2.10/samples
sendmail_path = /usr/sbin/sendmail.postfix
setgid_group = postdrop

smtp_sasl_auth_enable = yes
smtp_sasl_password_maps = hash:/etc/postfix/saslpass
smtp_sasl_security_options = noanonymous
smtpd_client_restrictions = permit_mynetworks, reject
smtpd_recipient_restrictions = permit_mynetworks, reject_unauth_destination
unknown_local_recipient_reject
_code = 550


# awk '{print $1}' /etc/postfix/saslpass | sed 's/yourdomain\.com/example.com/'
(yes, replace yourdomain\.com with your own domain).

[smtp.emailsrvr.com]      [hidden email]:$password
 

# saslfinger -c

I have my saslfinger -c in a previous email....don't want to duplicate what has been already posted unless you really want me to ;).
 


if you should munge private information, do so coherently. In particular
- replace a domain with example.com, example.org, example.net, foo.example, ...
- similarly, replace a hostname with host5.example.com  (adjust the '5')...
- replace a pblic IP with an address in the 192.0.2.* range
- replace a private IP with 192.168.*.* or other private ranges
- replace a login and passsword with $login:$password
...









Reply | Threaded
Open this post in threaded view
|

Re: Postfix not sending Auth command

Patrick Ben Koetter
* Shane L <[hidden email]>:

> alias_database = hash:/etc/aliases
> alias_maps = hash:/etc/aliases
> command_directory = /usr/sbin
> config_directory = /etc/postfix
>
> daemon_directory = /usr/libexec/postfix
> debug_peer_level = 2
> home_mailbox = Maildir/
> html_directory = no
> inet_interfaces = all
> mail_owner = postfix
>
> mail_spool_directory = /var/spool/mail
> mailq_path = /usr/bin/mailq.postfix
> manpage_directory = /usr/share/man
> mydestination = localhost
> mynetworks = 127.0.0.0/8, 172.16.249.0/24, 172.16.250.0/24, 10.100.0.0/16,
> 10.110.0.0/16, 10.131.191.0/24
>
> newaliases_path = /usr/bin/newaliases.postfix
> queue_directory = /var/spool/postfix
> readme_directory = /usr/share/doc/postfix-2.2.10/README_FILES
> relayhost = [smtp.emailsrvr.com]
> sample_directory = /usr/share/doc/postfix-2.2.10/samples
> sendmail_path = /usr/sbin/sendmail.postfix
> setgid_group = postdrop
> smtp_sasl_auth_enable = yes
> smtp_sasl_password_maps = hash:/etc/postfix/saslpass
> smtp_sasl_security_options = noanonymous
> smtpd_client_restrictions = permit_mynetworks, reject
> smtpd_recipient_restrictions = permit_mynetworks, reject_unauth_destination
> unknown_local_recipient_reject_code = 550
>
>
> > # awk '{print $1}' /etc/postfix/saslpass | sed 's/yourdomain\.com/
> > example.com/'
> > (yes, replace yourdomain\.com with your own domain).
>
>
> [smtp.emailsrvr.com]      [hidden email]:$password

Let's see what really happens. Set the smtp service that calls the smtp
command verbose. To do so add "-v" at the end of the command in master.cf.

Then send a mail and check the log for "postfix/smtp" entries and, of course,
error messages. Post the output to the list, BUT (!) replace any sections in
the log where Postfix smtp tries to send the authentication string. Since the
remote server offers only PLAIN and LOGIN the authentication string will only
be base64 encoded and it can easily be decoded.


p@rick

--
The Book of Postfix
<http://www.postfix-book.com>
saslfinger (debugging SMTP AUTH):
<http://postfix.state-of-mind.de/patrick.koetter/saslfinger/>
Reply | Threaded
Open this post in threaded view
|

Re: Postfix not sending Auth command

shalams
I'm sorry I'm looking at my master.cf and I do not see a place to put the -v for a command that calls the smtp command mind throwing me some assistance on locating where you want me to add the verbose flag?

On Wed, Jun 25, 2008 at 2:58 PM, Patrick Ben Koetter <[hidden email]> wrote:
* Shane L <[hidden email]>:
> alias_database = hash:/etc/aliases
> alias_maps = hash:/etc/aliases
> command_directory = /usr/sbin
> config_directory = /etc/postfix
>
> daemon_directory = /usr/libexec/postfix
> debug_peer_level = 2
> home_mailbox = Maildir/
> html_directory = no
> inet_interfaces = all
> mail_owner = postfix
>
> mail_spool_directory = /var/spool/mail
> mailq_path = /usr/bin/mailq.postfix
> manpage_directory = /usr/share/man
> mydestination = localhost
> mynetworks = 127.0.0.0/8, 172.16.249.0/24, 172.16.250.0/24, 10.100.0.0/16,
> 10.110.0.0/16, 10.131.191.0/24
>
> newaliases_path = /usr/bin/newaliases.postfix
> queue_directory = /var/spool/postfix
> readme_directory = /usr/share/doc/postfix-2.2.10/README_FILES
> relayhost = [smtp.emailsrvr.com]
> sample_directory = /usr/share/doc/postfix-2.2.10/samples
> sendmail_path = /usr/sbin/sendmail.postfix
> setgid_group = postdrop
> smtp_sasl_auth_enable = yes
> smtp_sasl_password_maps = hash:/etc/postfix/saslpass
> smtp_sasl_security_options = noanonymous
> smtpd_client_restrictions = permit_mynetworks, reject
> smtpd_recipient_restrictions = permit_mynetworks, reject_unauth_destination
> unknown_local_recipient_reject_code = 550
>
>
> > # awk '{print $1}' /etc/postfix/saslpass | sed 's/yourdomain\.com/
> > example.com/'
> > (yes, replace yourdomain\.com with your own domain).
>
>
> [smtp.emailsrvr.com]      [hidden email]:$password

Let's see what really happens. Set the smtp service that calls the smtp
command verbose. To do so add "-v" at the end of the command in master.cf.

Then send a mail and check the log for "postfix/smtp" entries and, of course,
error messages. Post the output to the list, BUT (!) replace any sections in
the log where Postfix smtp tries to send the authentication string. Since the
remote server offers only PLAIN and LOGIN the authentication string will only
be base64 encoded and it can easily be decoded.


p@rick

--
The Book of Postfix
<http://www.postfix-book.com>
saslfinger (debugging SMTP AUTH):
<http://postfix.state-of-mind.de/patrick.koetter/saslfinger/>

Reply | Threaded
Open this post in threaded view
|

Re: Postfix not sending Auth command

Patrick Ben Koetter
* Shane L <[hidden email]>:
> I'm sorry I'm looking at my master.cf and I do not see a place to put the -v
> for a command that calls the smtp command mind throwing me some assistance
> on locating where you want me to add the verbose flag?

# ==========================================================================
# service type  private unpriv  chroot  wakeup  maxproc command + args
#               (yes)   (yes)   (yes)   (never) (100)
# ==========================================================================
smtp      inet  n       -       n       -       -       smtpd
...
...
...
smtp      unix  -       -       n       -       -       smtp -v
                                                        ^^^^^^^

p@rick


>
> On Wed, Jun 25, 2008 at 2:58 PM, Patrick Ben Koetter <[hidden email]>
> wrote:
>
> > * Shane L <[hidden email]>:
> > > alias_database = hash:/etc/aliases
> > > alias_maps = hash:/etc/aliases
> > > command_directory = /usr/sbin
> > > config_directory = /etc/postfix
> > >
> > > daemon_directory = /usr/libexec/postfix
> > > debug_peer_level = 2
> > > home_mailbox = Maildir/
> > > html_directory = no
> > > inet_interfaces = all
> > > mail_owner = postfix
> > >
> > > mail_spool_directory = /var/spool/mail
> > > mailq_path = /usr/bin/mailq.postfix
> > > manpage_directory = /usr/share/man
> > > mydestination = localhost
> > > mynetworks = 127.0.0.0/8, 172.16.249.0/24, 172.16.250.0/24,
> > 10.100.0.0/16,
> > > 10.110.0.0/16, 10.131.191.0/24
> > >
> > > newaliases_path = /usr/bin/newaliases.postfix
> > > queue_directory = /var/spool/postfix
> > > readme_directory = /usr/share/doc/postfix-2.2.10/README_FILES
> > > relayhost = [smtp.emailsrvr.com]
> > > sample_directory = /usr/share/doc/postfix-2.2.10/samples
> > > sendmail_path = /usr/sbin/sendmail.postfix
> > > setgid_group = postdrop
> > > smtp_sasl_auth_enable = yes
> > > smtp_sasl_password_maps = hash:/etc/postfix/saslpass
> > > smtp_sasl_security_options = noanonymous
> > > smtpd_client_restrictions = permit_mynetworks, reject
> > > smtpd_recipient_restrictions = permit_mynetworks,
> > reject_unauth_destination
> > > unknown_local_recipient_reject_code = 550
> > >
> > >
> > > > # awk '{print $1}' /etc/postfix/saslpass | sed 's/yourdomain\.com/
> > > > example.com/'
> > > > (yes, replace yourdomain\.com with your own domain).
> > >
> > >
> > > [smtp.emailsrvr.com]      [hidden email]:$password
> >
> > Let's see what really happens. Set the smtp service that calls the smtp
> > command verbose. To do so add "-v" at the end of the command in master.cf.
> >
> > Then send a mail and check the log for "postfix/smtp" entries and, of
> > course,
> > error messages. Post the output to the list, BUT (!) replace any sections
> > in
> > the log where Postfix smtp tries to send the authentication string. Since
> > the
> > remote server offers only PLAIN and LOGIN the authentication string will
> > only
> > be base64 encoded and it can easily be decoded.
> >
> >
> > p@rick
> >
> > --
> > The Book of Postfix
> > <http://www.postfix-book.com>
> > saslfinger (debugging SMTP AUTH):
> > <http://postfix.state-of-mind.de/patrick.koetter/saslfinger/>
> >

--
The Book of Postfix
<http://www.postfix-book.com>
saslfinger (debugging SMTP AUTH):
<http://postfix.state-of-mind.de/patrick.koetter/saslfinger/>
Reply | Threaded
Open this post in threaded view
|

Re: Postfix not sending Auth command

shalams
The 220 actually suppose to be on one line with the asterisks.  It actually appears on the screen as:
220 *******************...

I brought this up earlier for some reason the 220 message seems to be wrong.  And then when doing a ehlo on the server I get the 250-*******A instead of the 250-STARTTLS.  I'm am unsure what could be causing this and may be the reason it's not being offered.

On Thu, Jun 26, 2008 at 9:51 AM, Patrick Ben Koetter <[hidden email]> wrote:
* Shane L <[hidden email]>:
> Nothing really jumped out to me except the obvious of the auth login not
> being sent even.  Of course I have an untrained eye when it comes to postfix
> :(.  Thanks again for your time assisting me with my problem.
>
> Jun 26 08:16:01 firewall postfix/smtp[1774]: pref    0 host
> smtp.emailsrvr.com/207.97.245.100

$ telnet 207.97.245.100 25
Trying 207.97.245.100...
Connected to 207.97.245.100.
Escape character is '^]'.
220 relay10.relay.iad.mlsrvr.com ESMTP - VA Code Section 18.2-152.3:1 forbids use of this system for unsolicited bulk electronic mail (Spam)
EHLO foo
250-relay10.relay.iad.mlsrvr.com
250-PIPELINING
250-SIZE 75000000
250-ETRN
250-STARTTLS
250-AUTH PLAIN LOGIN
250-AUTH=PLAIN LOGIN
250-ENHANCEDSTATUSCODES
250 8BITMIME
QUIT
221 2.0.0 Bye
Connection closed by foreign host.

This server offers PLAIN and LOGIN.


> Jun 26 08:16:01 firewall postfix/smtp[1774]: pref    0 host
> smtp.emailsrvr.com/66.216.121.100

$ telnet 66.216.121.100 25
Trying 66.216.121.100...
Connected to 66.216.121.100.
Escape character is '^]'.
220 relay3.relay.sat.mlsrvr.com ESMTP - VA Code Section 18.2-152.3:1 forbids use of this system for unsolicited bulk electronic mail (Spam)
EHLO foo
250-relay3.relay.sat.mlsrvr.com
250-PIPELINING
250-SIZE 75000000
250-ETRN
250-STARTTLS
250-AUTH PLAIN LOGIN
250-AUTH=PLAIN LOGIN
250-ENHANCEDSTATUSCODES
250 8BITMIME
QUIT
221 2.0.0 Bye
Connection closed by foreign host.


This server offers PLAIN and LOGIN, too.



> Jun 26 08:16:01 firewall postfix/smtp[1774]: end smtp.emailsrvr.com address
> list
> Jun 26 08:16:01 firewall postfix/smtp[1774]: smtp_connect_addr: trying:
> smtp.emailsrvr.com[207.97.245.100] port 25...
> Jun 26 08:16:02 firewall postfix/smtp[1774]: global TLS level: none
> Jun 26 08:16:02 firewall postfix/smtp[1774]: < smtp.emailsrvr.com[
> 207.97.245.100]: 220
> ************************************************************************************************

I miss some log here. I miss the part where the server introduces itself. IF
it says something like "220 relay3.relay.sat.mlsrvr.com ESMTP" than your
Postfix config is somehow broken.

It it says something like "220 relay3.relay.sat.mlsrvr.com SMTP" (read: NO
ESMTP, just SMTP), then some appliance controls your SMTP communication and
strips off the E from the SMTP.

In that case Postfix would never use SMTP AUTH, because SMTP AUTH is a SMTP
protocol extension that requires the server to offer ESMTP.

> Jun 26 08:16:02 firewall postfix/smtp[1774]: > smtp.emailsrvr.com[
> 207.97.245.100]: HELO example.com

Postfix sends "HELO example.com" and not "EHLO example.com", which makes me
guess ESMTP wasn't offered.

p@rick


--
state of mind
Agentur für Kommunikation, Design und Softwareentwicklung

Patrick Koetter            Tel: 089 45227227
Echinger Strasse 3         Fax: 089 45227226
85386 Eching               Web: http://www.state-of-mind.de

Amtsgericht München        Partnerschaftsregister PR 563

Reply | Threaded
Open this post in threaded view
|

Re: Postfix not sending Auth command

Patrick Ben Koetter
* Shane L <[hidden email]>:
> The 220 actually suppose to be on one line with the asterisks.  It actually
> appears on the screen as:
> 220 *******************...
>
> I brought this up earlier for some reason the 220 message seems to be
> wrong.  And then when doing a ehlo on the server I get the 250-*******A
> instead of the 250-STARTTLS.  I'm am unsure what could be causing this and
> may be the reason it's not being offered.


This is definitely the cause of your problem. If Postfix never sees "ESMTP" it
will never try SMTP AUTH. Find the 'service' provider and stop the
interference. It will probably work out of the box then.

p@rick




>
> On Thu, Jun 26, 2008 at 9:51 AM, Patrick Ben Koetter <[hidden email]>
> wrote:
>
> > * Shane L <[hidden email]>:
> > > Nothing really jumped out to me except the obvious of the auth login not
> > > being sent even.  Of course I have an untrained eye when it comes to
> > postfix
> > > :(.  Thanks again for your time assisting me with my problem.
> > >
> > > Jun 26 08:16:01 firewall postfix/smtp[1774]: pref    0 host
> > > smtp.emailsrvr.com/207.97.245.100
> >
> > $ telnet 207.97.245.100 25
> > Trying 207.97.245.100...
> > Connected to 207.97.245.100.
> > Escape character is '^]'.
> > 220 relay10.relay.iad.mlsrvr.com ESMTP - VA Code Section 18.2-152.3:1
> > forbids use of this system for unsolicited bulk electronic mail (Spam)
> > EHLO foo
> > 250-relay10.relay.iad.mlsrvr.com
> > 250-PIPELINING
> > 250-SIZE 75000000
> > 250-ETRN
> > 250-STARTTLS
> > 250-AUTH PLAIN LOGIN
> > 250-AUTH=PLAIN LOGIN
> > 250-ENHANCEDSTATUSCODES
> > 250 8BITMIME
> > QUIT
> > 221 2.0.0 Bye
> > Connection closed by foreign host.
> >
> > This server offers PLAIN and LOGIN.
> >
> >
> > > Jun 26 08:16:01 firewall postfix/smtp[1774]: pref    0 host
> > > smtp.emailsrvr.com/66.216.121.100
> >
> > $ telnet 66.216.121.100 25
> > Trying 66.216.121.100...
> > Connected to 66.216.121.100.
> > Escape character is '^]'.
> > 220 relay3.relay.sat.mlsrvr.com ESMTP - VA Code Section 18.2-152.3:1
> > forbids use of this system for unsolicited bulk electronic mail (Spam)
> > EHLO foo
> > 250-relay3.relay.sat.mlsrvr.com
> > 250-PIPELINING
> > 250-SIZE 75000000
> > 250-ETRN
> > 250-STARTTLS
> > 250-AUTH PLAIN LOGIN
> > 250-AUTH=PLAIN LOGIN
> > 250-ENHANCEDSTATUSCODES
> > 250 8BITMIME
> > QUIT
> > 221 2.0.0 Bye
> > Connection closed by foreign host.
> >
> >
> > This server offers PLAIN and LOGIN, too.
> >
> >
> >
> > > Jun 26 08:16:01 firewall postfix/smtp[1774]: end smtp.emailsrvr.comaddress
> > > list
> > > Jun 26 08:16:01 firewall postfix/smtp[1774]: smtp_connect_addr: trying:
> > > smtp.emailsrvr.com[207.97.245.100] port 25...
> > > Jun 26 08:16:02 firewall postfix/smtp[1774]: global TLS level: none
> > > Jun 26 08:16:02 firewall postfix/smtp[1774]: < smtp.emailsrvr.com[
> > > 207.97.245.100]: 220
> > >
> > ************************************************************************************************
> >
> > I miss some log here. I miss the part where the server introduces itself.
> > IF
> > it says something like "220 relay3.relay.sat.mlsrvr.com ESMTP" than your
> > Postfix config is somehow broken.
> >
> > It it says something like "220 relay3.relay.sat.mlsrvr.com SMTP" (read: NO
> > ESMTP, just SMTP), then some appliance controls your SMTP communication and
> > strips off the E from the SMTP.
> >
> > In that case Postfix would never use SMTP AUTH, because SMTP AUTH is a SMTP
> > protocol extension that requires the server to offer ESMTP.
> >
> > > Jun 26 08:16:02 firewall postfix/smtp[1774]: > smtp.emailsrvr.com[
> > > 207.97.245.100]: HELO example.com
> >
> > Postfix sends "HELO example.com" and not "EHLO example.com", which makes
> > me
> > guess ESMTP wasn't offered.
> >
> > p@rick
> >
> >
> > --
> > state of mind
> > Agentur für Kommunikation, Design und Softwareentwicklung
> >
> > Patrick Koetter            Tel: 089 45227227
> > Echinger Strasse 3         Fax: 089 45227226
> > 85386 Eching               Web: http://www.state-of-mind.de
> >
> > Amtsgericht München        Partnerschaftsregister PR 563
> >

--
The Book of Postfix
<http://www.postfix-book.com>
saslfinger (debugging SMTP AUTH):
<http://postfix.state-of-mind.de/patrick.koetter/saslfinger/>
12