auth/sasl

classic Classic list List threaded Threaded
5 messages Options
Reply | Threaded
Open this post in threaded view
|

auth/sasl

Tamas Hegedus-2
Hi,

I am running postfix on a RH linux box with SASL authentication. I am using a windows laptop with Thunderbird.
Most of the time from most of the locations (different ISPs, countries) I can send email from my laptop using Thunderbird as the mail client and postfix on my linux box as an SMTP server (username/password auth w SASL). But from some locations I can not. Thunderbird says that 'connecting to SMTP server failed... SMTP server may be unavailable or refusing connections'

I can not see anything in the 'maillog', 'secure', and 'messages' log files.
Even if I started the postfix with -v option.

Any idea/suggestion how to track down?
I have the feeling that the my sasl does not allow authentication from computers from certain (type of) ISP networks.

Thanks for your help in advance,
tamas
Reply | Threaded
Open this post in threaded view
|

Re: auth/sasl

Scott Kitterman-4
On Monday 23 June 2008 22:09, Tamas Hegedus wrote:

> Hi,
>
> I am running postfix on a RH linux box with SASL authentication. I am using
> a windows laptop with Thunderbird.
> Most of the time from most of the locations (different ISPs, countries) I
> can send email from my laptop using Thunderbird as the mail client and
> postfix on my linux box as an SMTP server (username/password auth w SASL).
> But from some locations I can not. Thunderbird says that 'connecting to
> SMTP server failed... SMTP server may be unavailable or refusing
> connections'
>
> I can not see anything in the 'maillog', 'secure', and 'messages' log
> files. Even if I started the postfix with -v option.
>
> Any idea/suggestion how to track down?
> I have the feeling that the my sasl does not allow authentication from
> computers from certain (type of) ISP networks.
>

Most likely you are connecting via ISPs the block port 25.  Configure the
submission service and connect via port 587 should solve it if that is the
problem.

Scott K
Reply | Threaded
Open this post in threaded view
|

Re: auth/sasl

Jorey Bump
In reply to this post by Tamas Hegedus-2
Tamas Hegedus wrote, at 06/23/2008 10:09 PM:

> I am running postfix on a RH linux box with SASL authentication. I am
> using a windows laptop with Thunderbird.
> Most of the time from most of the locations (different ISPs, countries)
> I can send email from my laptop using Thunderbird as the mail client and
> postfix on my linux box as an SMTP server (username/password auth w
> SASL). But from some locations I can not. Thunderbird says that
> 'connecting to SMTP server failed... SMTP server may be unavailable or
> refusing connections'

The ISP is blocking outbound connections to port 25. This is a common
defense against zombies on the network.

> I can not see anything in the 'maillog', 'secure', and 'messages' log files.
> Even if I started the postfix with -v option.

Connections don't reach your server, so there are no log entries.

> Any idea/suggestion how to track down?
> I have the feeling that the my sasl does not allow authentication from
> computers from certain (type of) ISP networks.

No, you just need to enable submission on port 587, which is rarely
blocked. Usually, all you need to do is uncomment the submission line in
master.cf, but you may want to check back here to make sure you've done
it properly. You don't mention the version you're running, but here's an
example for 2.5.1:

  submission inet n       -       n       -       -       smtpd
   -o smtpd_tls_security_level=encrypt
   -o smtpd_sasl_auth_enable=yes
   -o smtpd_client_restrictions=permit_sasl_authenticated,reject
Reply | Threaded
Open this post in threaded view
|

Re: auth/sasl

Victor Duchovni
On Mon, Jun 23, 2008 at 10:29:43PM -0400, Jorey Bump wrote:

> Tamas Hegedus wrote, at 06/23/2008 10:09 PM:
>
> >I am running postfix on a RH linux box with SASL authentication. I am
> >using a windows laptop with Thunderbird.
> >Most of the time from most of the locations (different ISPs, countries)
> >I can send email from my laptop using Thunderbird as the mail client and
> >postfix on my linux box as an SMTP server (username/password auth w
> >SASL). But from some locations I can not. Thunderbird says that
> >'connecting to SMTP server failed... SMTP server may be unavailable or
> >refusing connections'
>
> The ISP is blocking outbound connections to port 25. This is a common
> defense against zombies on the network.
>
> >I can not see anything in the 'maillog', 'secure', and 'messages' log
> >files.
> >Even if I started the postfix with -v option.
>
> Connections don't reach your server, so there are no log entries.
>
> >Any idea/suggestion how to track down?
> >I have the feeling that the my sasl does not allow authentication from
> >computers from certain (type of) ISP networks.
>
> No, you just need to enable submission on port 587, which is rarely
> blocked. Usually, all you need to do is uncomment the submission line in
> master.cf, but you may want to check back here to make sure you've done
> it properly. You don't mention the version you're running, but here's an
> example for 2.5.1:
>
>  submission inet n       -       n       -       -       smtpd
>   -o smtpd_tls_security_level=encrypt
>   -o smtpd_sasl_auth_enable=yes
>   -o smtpd_client_restrictions=permit_sasl_authenticated,reject

Usually also need a self-signed cert (or a cert from a public CA if
appropriate).

    http://www.postfix.org/TLS_README.html#quick-start

--
        Viktor.

Disclaimer: off-list followups get on-list replies or get ignored.
Please do not ignore the "Reply-To" header.

To unsubscribe from the postfix-users list, visit
http://www.postfix.org/lists.html or click the link below:
<mailto:[hidden email]?body=unsubscribe%20postfix-users>

If my response solves your problem, the best way to thank me is to not
send an "it worked, thanks" follow-up. If you must respond, please put
"It worked, thanks" in the "Subject" so I can delete these quickly.
Reply | Threaded
Open this post in threaded view
|

Re: auth/sasl

Tamas Hegedus-2
In reply to this post by Tamas Hegedus-2
Thanks a lot!
Setting submission on port 587 and also setting the firewall :-) solved my problem!
Have a good day,
tamas