SASL On Postfix/Dovecot running on Freebsd 8.1

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
3 messages Options
Reply | Threaded
Open this post in threaded view
|

SASL On Postfix/Dovecot running on Freebsd 8.1

jason hirsh
I was getting some relay issues when my local IP changed so I realized or thought that perhaps my SASL wasn’t working

I did a bunch of tweaking which is never good but 

when i switched my mail to port 587 i was able to once again send with no problem

BUT when i did the telnet test froth postfix.org as follow 

EHL0
502 5.5.2 Error: command not recognized
EHLO
501 Syntax: EHLO hostname
250-PIPELINING
250-SIZE 10240000
250-ETRN
250-STARTTLS
250-AUTH PLAIN LOGIN
250-ENHANCEDSTATUSCODES
250-8BITMIME
250 DSN
AUTH PLAIN base64 gibberish
535 5.7.8 Error: authentication failed: 


the base 64 encodes  (\0user\@doman.com\0Password)

I also tried   (\0user\@doman\.com\0Password)

I am running postfix 2.12-20140709 Dovecot version 1.2.17


Postconf -n is as follows


body_checks = regexp:/usr/local/etc/postfix/body_check
bounce_size_limit = 50000
command_directory = /usr/local/sbin
config_directory = /usr/local/etc/postfix
content_filter = smtp-amavis:[127.0.0.1]:10024
daemon_directory = /usr/local/libexec/postfix
daemon_timeout = 36000s
data_directory = /var/db/postfix
debugger_command = PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin xxgdb $daemon_directory/$process_name $process_id & sleep 5
delay_warning_time = 2h
disable_vrfy_command = yes
header_checks = regexp:/usr/local/etc/postfix/header_checks
home_mailbox = Maildir/
html_directory = /usr/local/share/doc/postfix
inet_protocols = ipv4
mail_owner = postfix
mail_spool_directory = /var/mail/vmail
mailq_path = /usr/local/bin/mailq
manpage_directory = /usr/local/man
maps_rbl_domains = bl.spamcop.net
mydestination = localhost.$mydomain, localhost
mynetworks = 127.0.0.0/32, 127.0.0.1,209.160.65.133, 209.160.68.112, kasdivi.is-a-geek.com, webmail.kasdivi.com,bowmasair.com, hsd1.nj.comcast.net
myorigin = $mydomain
newaliases_path = /usr/local/bin/newaliases
queue_directory = /var/spool/postfix
readme_directory = /usr/local/share/doc/postfix
recipient_bcc_maps = hash:/usr/local/etc/postfix/recipient_bcc
relay_recipient_maps = hash:/usr/local/etc/postfix/relay_recipients
sample_directory = /usr/local/etc/postfix
sendmail_path = /usr/local/sbin/sendmail
setgid_group = maildrop
slow_destination_concurrency_failed_cohort_limit = 10
slow_destination_concurrency_limit = 1
slow_initial_destination_concurrency = 1
smtp_tls_note_starttls_offer = yes
smtpd_banner = $myhostname ESMTP
smtpd_delay_reject = yes
smtpd_helo_required = yes
smtpd_helo_restrictions = permit_sasl_authenticated,check_helo_access hash:/usr/local/etc/postfix/helo_access,reject_invalid_hostname,permit
smtpd_recipient_restrictions = permit_mynetworks, check_sender_access <a href="pcre://usr/local/etc/postfix/sender_access" class="">pcre://usr/local/etc/postfix/sender_access reject_rhsbl_sender fresh.spameatingmonkey.net, reject_unauth_destination, check_client_access hash:/usr/local/etc/postfix/rbl_override, reject_rbl_client zen.spamhaus.org, reject_rbl_client bl.spam, reject_rbl_client bl.spameatingmonkey.net, reject_rhsbl_client fresh.spameatingmonkey.net, reject_rhsbl_sender urired.spameatingmonkey.net,permit_sasl_authenticated
smtpd_relay_restrictions = permit_mynetworks permit_sasl_authenticated reject
smtpd_sasl_auth_enable = yes
smtpd_sasl_path = private/auth
smtpd_sasl_type = dovecot
smtpd_sender_restrictions = permit_sasl_authenticated, reject_unknown_sender_domain, reject_unauthenticated_sender_login_mismatch, check_sender_access <a href="pcre://usr/local/etc/postfix/sender_access" class="">pcre://usr/local/etc/postfix/sender_access permit_mynetworks
smtpd_tls_CAfile = /usr/local/etc/keys/root.crt
smtpd_tls_cert_file = /usr/local/etc/keys/server.cert
smtpd_tls_key_file = /usr/local/etc/keys/private.key
smtpd_tls_loglevel = 3
smtpd_tls_received_header = yes
smtpd_tls_security_level = may
smtpd_tls_session_cache_timeout = 3600s
tls_random_source = dev:/dev/urandom
transport_maps = hash:/usr/local/etc/postfix/transport
unknown_local_recipient_reject_code = 550
virtual_alias_maps = hash:/usr/local/etc/postfix/virtual
virtual_gid_maps = static:1000
virtual_mailbox_base = /var/mail/vmail
virtual_mailbox_domains = hash:/usr/local/etc/postfix/virtual_domains
virtual_mailbox_maps = hash:/usr/local/etc/postfix/virtual_mailbox
virtual_minimum_uid = 100
virtual_uid_maps = static:1003



I AM sending mail through the SMTP server so maybe I should just leave it alone ??

Any insights or suggestions of point out dumb errors would be appreciate



Reply | Threaded
Open this post in threaded view
|

Fwd: SASL On Postfix/Dovecot running on Freebsd 8.1

jason hirsh
I had forgotten to put info on the contents of the master.cf


mtp       inet  n       -       n       -       -       smtpd
2500       inet  n       -       n       -       -       smtpd
submission inet  n       -       n       -       -       smtpd -o smtpd_tls_security_level=encrypt -o smtpd_sasl_auth_enable=yes -o smtpd_sasl_type=dovecot -o smtpd_sasl_path=private/auth -o smtpd_sasl_security_options=noanonymous -o smtpd_sasl_local_domain=$myhostname -o smtpd_client_restrictions=permit_sasl_authenticated,reject -o smtpd_sender_login_maps=hash:/usr/local/etc/postfix/virtual -o smtpd_sender_restrictions=reject_sender_login_mismatch -o smtpd_recipient_restrictions=reject_non_fqdn_recipient,reject_unknown_recipient_domain,permit_sasl_authenticated,reject
smtps      inet  n       -       n       -       -       smtpd -o smtpd_tls_wrappermode=yes -o smtpd_sasl_auth_enable=yes -o smtpd_client_restrictions=permit_sasl_authenticated,reject
pickup     fifo  n       -       n       60      1       pickup -o content_filter= -o receive_override_options=no_header_body_checks
cleanup    unix  n       -       n       -       0       cleanup
qmgr       fifo  n       -       n       300     1       qmgr
tlsmgr     unix  -       -       n       300     1       tlsmgr
rewrite    unix  -       -       n       -       -       trivial-rewrite
bounce     unix  -       -       n       -       0       bounce
defer      unix  -       -       n       -       0       bounce
trace      unix  -       -       n       -       0       bounce
verify     unix  -       -       n       -       1       verify
flush      unix  n       -       n       1000?   0       flush
proxymap   unix  -       -       n       -       -       proxymap
smtp       unix  -       -       n       -       -       smtp
relay      unix  -       -       n       -       -       smtp -o fallback_relay=
showq      unix  n       -       n       -       -       showq
error      unix  -       -       n       -       -       error
discard    unix  -       -       n       -       -       discard
local      unix  -       n       n       -       -       local
virtual    unix  -       n       n       -       -       virtual
lmtp       unix  -       -       n       -       -       lmtp
anvil      unix  -       -       n       -       1       anvil
scache     unix  -       -       n       -       1       scache
maildrop   unix  -       n       n       -       -       pipe flags=DRhu user=vmail argv=/usr/local/bin/maildrop -d ${recipient}
old-cyrus  unix  -       n       n       -       -       pipe flags=R user=cyrus argv=/cyrus/bin/deliver -e -m ${extension} ${user}
cyrus      unix  -       n       n       -       -       pipe user=cyrus argv=/cyrus/bin/deliver -e -r ${sender} -m ${extension} ${user}
uucp       unix  -       n       n       -       -       pipe flags=Fqhu user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail ($recipient)
ifmail     unix  -       n       n       -       -       pipe flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient)
bsmtp      unix  -       n       n       -       -       pipe flags=Fq. user=foo argv=/usr/local/sbin/bsmtp -f $sender $nexthop $recipient
scan       unix  -       -       n       -       16      smtp -o smtp_send_xforward_command=yes user=nobody argv=/usr/bin/perl /usr/local/libexec/postfix/smtpd-policy.pl user=nobody argv=/usr/bin/perl /usr/local/libexec/postfix/greylist.pl
smtp-amavis unix -       -       -       -       2       lmtp -o smtp_data_done_timeout=1200 -o smtp_send_xforward_command=yes -o disable_dns_lookups=yes -o max_use=20
127.0.0.1:10025 inet n   -       -       -       -       smtpd -o content_filter= -o smtpd_restriction_classes= -o smtpd_delay_reject=no -o smtpd_client_restrictions=permit_sasl_authenticated,permit_mynetworks,reject -o smtpd_helo_restrictions= -o smtpd_sender_restrictions= -o smtpd_recipient_restrictions=permit_sasl_authenticated,permit_mynetworks,reject -o smtpd_data_restrictions=reject_unauth_pipelining -o smtpd_end_of_data_restrictions= -o mynetworks=127.0.0.1/32 -o smtpd_error_sleep_time=0 -o smtpd_soft_error_limit=1001 -o smtpd_hard_error_limit=1000 -o smtpd_client_connection_count_limit=0 -o smtpd_client_connection_rate_limit=0 -o smtpd_milters= -o local_header_rewrite_clients= -o local_recipient_maps= -o relay_recipient_maps= -o receive_override_options=no_address_mappings,no_header_body_checks,no_unknown_recipient_checks
retry      unix  -       -       n       -       -       error
proxywrite unix  -       -       n       -       1       proxymap
submission inet  n       -       n       -       -       smtpd -o smtpd_etrn_restrictions=reject -o smtpd_sasl_type=dovecot -o smtpd_sasl_path=private/auth -o smtpd_sasl_auth_enable=yes -o smtpd_reject_unlisted_sender=yes -o smtpd_recipient_restrictions=permit_mynetworks,permit_sasl_authenticated,reject
slow       unix  -       -       n       -       -       smtp -o smtp_connection_cache_on_demand=no



Begin forwarded message:

From: jason hirsh <[hidden email]>
Subject: SASL On Postfix/Dovecot running on Freebsd 8.1
Date: February 25, 2015 at 2:15:43 PM AST
To: Postfix users <[hidden email]>

I was getting some relay issues when my local IP changed so I realized or thought that perhaps my SASL wasn’t working

I did a bunch of tweaking which is never good but 

when i switched my mail to port 587 i was able to once again send with no problem

BUT when i did the telnet test froth postfix.org as follow 

EHL0
502 5.5.2 Error: command not recognized
EHLO
501 Syntax: EHLO hostname
250-PIPELINING
250-SIZE 10240000
250-ETRN
250-STARTTLS
250-AUTH PLAIN LOGIN
250-ENHANCEDSTATUSCODES
250-8BITMIME
250 DSN
AUTH PLAIN base64 gibberish
535 5.7.8 Error: authentication failed: 


the base 64 encodes  (\0user\@doman.com\0Password)

I also tried   (\0user\@doman\.com\0Password)

I am running postfix 2.12-20140709 Dovecot version 1.2.17


Postconf -n is as follows


body_checks = regexp:/usr/local/etc/postfix/body_check
bounce_size_limit = 50000
command_directory = /usr/local/sbin
config_directory = /usr/local/etc/postfix
content_filter = smtp-amavis:[127.0.0.1]:10024
daemon_directory = /usr/local/libexec/postfix
daemon_timeout = 36000s
data_directory = /var/db/postfix
debugger_command = PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin xxgdb $daemon_directory/$process_name $process_id & sleep 5
delay_warning_time = 2h
disable_vrfy_command = yes
header_checks = regexp:/usr/local/etc/postfix/header_checks
home_mailbox = Maildir/
html_directory = /usr/local/share/doc/postfix
inet_protocols = ipv4
mail_owner = postfix
mail_spool_directory = /var/mail/vmail
mailq_path = /usr/local/bin/mailq
manpage_directory = /usr/local/man
maps_rbl_domains = bl.spamcop.net
mydestination = localhost.$mydomain, localhost
mynetworks = 127.0.0.0/32, 127.0.0.1,209.160.65.133, 209.160.68.112, kasdivi.is-a-geek.com, webmail.kasdivi.com,bowmasair.com, hsd1.nj.comcast.net
myorigin = $mydomain
newaliases_path = /usr/local/bin/newaliases
queue_directory = /var/spool/postfix
readme_directory = /usr/local/share/doc/postfix
recipient_bcc_maps = hash:/usr/local/etc/postfix/recipient_bcc
relay_recipient_maps = hash:/usr/local/etc/postfix/relay_recipients
sample_directory = /usr/local/etc/postfix
sendmail_path = /usr/local/sbin/sendmail
setgid_group = maildrop
slow_destination_concurrency_failed_cohort_limit = 10
slow_destination_concurrency_limit = 1
slow_initial_destination_concurrency = 1
smtp_tls_note_starttls_offer = yes
smtpd_banner = $myhostname ESMTP
smtpd_delay_reject = yes
smtpd_helo_required = yes
smtpd_helo_restrictions = permit_sasl_authenticated,check_helo_access hash:/usr/local/etc/postfix/helo_access,reject_invalid_hostname,permit
smtpd_recipient_restrictions = permit_mynetworks, check_sender_access <a href="pcre://usr/local/etc/postfix/sender_access" class="">pcre://usr/local/etc/postfix/sender_access reject_rhsbl_sender fresh.spameatingmonkey.net, reject_unauth_destination, check_client_access hash:/usr/local/etc/postfix/rbl_override, reject_rbl_client zen.spamhaus.org, reject_rbl_client bl.spam, reject_rbl_client bl.spameatingmonkey.net, reject_rhsbl_client fresh.spameatingmonkey.net, reject_rhsbl_sender urired.spameatingmonkey.net,permit_sasl_authenticated
smtpd_relay_restrictions = permit_mynetworks permit_sasl_authenticated reject
smtpd_sasl_auth_enable = yes
smtpd_sasl_path = private/auth
smtpd_sasl_type = dovecot
smtpd_sender_restrictions = permit_sasl_authenticated, reject_unknown_sender_domain, reject_unauthenticated_sender_login_mismatch, check_sender_access <a href="pcre://usr/local/etc/postfix/sender_access" class="">pcre://usr/local/etc/postfix/sender_access permit_mynetworks
smtpd_tls_CAfile = /usr/local/etc/keys/root.crt
smtpd_tls_cert_file = /usr/local/etc/keys/server.cert
smtpd_tls_key_file = /usr/local/etc/keys/private.key
smtpd_tls_loglevel = 3
smtpd_tls_received_header = yes
smtpd_tls_security_level = may
smtpd_tls_session_cache_timeout = 3600s
tls_random_source = dev:/dev/urandom
transport_maps = hash:/usr/local/etc/postfix/transport
unknown_local_recipient_reject_code = 550
virtual_alias_maps = hash:/usr/local/etc/postfix/virtual
virtual_gid_maps = static:1000
virtual_mailbox_base = /var/mail/vmail
virtual_mailbox_domains = hash:/usr/local/etc/postfix/virtual_domains
virtual_mailbox_maps = hash:/usr/local/etc/postfix/virtual_mailbox
virtual_minimum_uid = 100
virtual_uid_maps = static:1003



I AM sending mail through the SMTP server so maybe I should just leave it alone ??

Any insights or suggestions of point out dumb errors would be appreciate




Reply | Threaded
Open this post in threaded view
|

Re: SASL On Postfix/Dovecot running on Freebsd 8.1

Wietse Venema
In reply to this post by jason hirsh
jason hirsh:
> I was getting some relay issues when my local IP changed so I realized or thought that perhaps my SASL wasn?t working
>
> I did a bunch of tweaking which is never good but when i switched
> my mail to port 587 i was able to once again send with no problem

And you were not satisfied that it worked...

> BUT when i did the telnet test froth postfix.org as follow
>
[smtp example trimmed]
> AUTH PLAIN base64 gibberish
> 535 5.7.8 Error: authentication failed:
>
> the base 64 encodes  (\0user\@doman.com\0Password)
> I also tried   (\0user\@doman\.com\0Password)
> I am running postfix 2.12-20140709 Dovecot version 1.2.17

I suspect that you erred while constructing the base64 text.
If you don't follow the examples with bash, printf, or perl
carefully, then it is unlikely to work.

        Wietse