smtpd_sasl_auth_enable is true but sasl support is not compiled in (postfix-gento)

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
9 messages Options
Reply | Threaded
Open this post in threaded view
|

smtpd_sasl_auth_enable is true but sasl support is not compiled in (postfix-gento)

Yuri Ferreira
CONTENTS DELETED
The author has deleted this message.
Reply | Threaded
Open this post in threaded view
|

RE: smtpd_sasl_auth_enable is true but sasl support is not compiled in (postfix-gento)

Fazzina, Angelo
Hi,
I put  STARTTLS on port 587     SSL on port 465 and     regular on port 25

Not sure how to do  encrypted and unencrypted on port 25 ?

-ANGELO FAZZINA

UITS Service Manager:
Spam and Virus Prevention
Mass Mailing
G Suite/Gmail

[hidden email]
University of Connecticut,  UITS, SSG, Server Systems
860-486-9075

-----Original Message-----
From: [hidden email] [mailto:[hidden email]] On Behalf Of Yuri Ferreira
Sent: Thursday, November 30, 2017 11:49 AM
To: [hidden email]
Subject: smtpd_sasl_auth_enable is true but sasl support is not compiled in (postfix-gento)

*I'm having problems with cyrus-sasl. testsaslauthd is ok, but when I use
telnet localhost 25, I get this:*

/ root # telnet localhost 25
Trying ::1.....
Espace character is '^]'.
220 postfix.dominio.com.br ESMTP MEU DOMINIO
ehlo postfix
250-postfix.dominio.com.br
250-PIPELINING
250-SIZE 10240000
250-ETRN
250-ENHANCEDSTATUSCODES
250-8BITMIME
250 DNS

AUTH PLAIN
502 5.5.1 Error: command not implemented
AUTH LOGIN
502 5.5.1 Error: command not implemented /

*my mail.log:
/warning smtpd_sasl_auth_enable is true but sasl support is not compiled in
/
*

*my postfix was installed with support for:: *

/[ebuild   R    ] mail-mta/postfix-3.1.6::gentoo  USE="berkdb eai ldap  sasl
ssl mbox -cdb -doc -dovecot-sasl -hardened -ldap-bind (-libressl) -lmdb
-memcached -mysql -nis -postgres (-selinux) -sqlite"/

someone help-me ?





--
Sent from: http://postfix.1071664.n5.nabble.com/Postfix-Users-f2.html
Reply | Threaded
Open this post in threaded view
|

Re: smtpd_sasl_auth_enable is true but sasl support is not compiled in (postfix-gento)

Noel Jones-2
In reply to this post by Yuri Ferreira
On 11/30/2017 10:49 AM, Yuri Ferreira wrote:

> *I'm having problems with cyrus-sasl. testsaslauthd is ok, but when I use
> telnet localhost 25, I get this:*
>
> / root # telnet localhost 25
> Trying ::1.....
> Espace character is '^]'.
> 220 postfix.dominio.com.br ESMTP MEU DOMINIO
> ehlo postfix
> 250-postfix.dominio.com.br
> 250-PIPELINING
> 250-SIZE 10240000
> 250-ETRN
> 250-ENHANCEDSTATUSCODES
> 250-8BITMIME
> 250 DNS
>
> AUTH PLAIN
> 502 5.5.1 Error: command not implemented
> AUTH LOGIN
> 502 5.5.1 Error: command not implemented /
>
> *my mail.log:
> /warning smtpd_sasl_auth_enable is true but sasl support is not compiled in
> /
> *
>
> *my postfix was installed with support for:: *
>
> /[ebuild   R    ] mail-mta/postfix-3.1.6::gentoo  USE="berkdb eai ldap  sasl
> ssl mbox -cdb -doc -dovecot-sasl -hardened -ldap-bind (-libressl) -lmdb
> -memcached -mysql -nis -postgres (-selinux) -sqlite"/
>
> someone help-me ?
>


Please see the SASL_README for checking which sasl is supported by
your postfix install and instructions for testing sasl.
http://www.postfix.org/SASL_README.html

Note that if you've enabled smtpd_tls_auth_only=yes postfix won't
offer nor accept the AUTH command unless you connect with tls.

If you need more help, please see
http://www.postfix.org/DEBUG_README.html#mail




  -- Noel Jones
Reply | Threaded
Open this post in threaded view
|

Re: smtpd_sasl_auth_enable is true but sasl support is not compiled in (postfix-gento)

Benny Pedersen-2
In reply to this post by Yuri Ferreira
Yuri Ferreira skrev den 2017-11-30 17:49:

> someone help-me ?

to get more help:

postconf -nf
postconf -Mf

on pastebin with a link to maillist

you should stop using telnet to test ssl, use openssl s_client ... to
replace it

man openssl

if you see AUTH on port 25 yoy maked a mistake, but if you see STARTTLS
it works as best it could

enable smtpd_sasl on port 587 and 465, i know some will hit me now, but
clients sometimes need port 465 depending on clients
Reply | Threaded
Open this post in threaded view
|

Re: smtpd_sasl_auth_enable is true but sasl support is not compiled in (postfix-gento)

James Reynolds
I have never heard of using openssl s_client instead of telnet so I tried to figure out how to use it.  I could connect to my server with the following.

        openssl s_client -connect 10.0.1.1:25  -starttls smtp

And I can do "HELO" and "MAIL FROM:" but when I try to enter "RCPT TO:" I just get this output and I can't go further.

        RENEGOTIATING
        depth=3 /C=SE/O=AddTrust AB/OU=AddTrust External TTP Network/CN=AddTrust External CA Root
        verify error:num=19:self signed certificate in certificate chain
        verify return:0

Do you know what is going on?  Maybe my certificate on my server is misconfigured and I didn't even know it?...

James


> On Nov 30, 2017, at 1:55 PM, Benny Pedersen <[hidden email]> wrote:
>
> Yuri Ferreira skrev den 2017-11-30 17:49:
>
>> someone help-me ?
>
> to get more help:
>
> postconf -nf
> postconf -Mf
>
> on pastebin with a link to maillist
>
> you should stop using telnet to test ssl, use openssl s_client ... to replace it
>
> man openssl
>
> if you see AUTH on port 25 yoy maked a mistake, but if you see STARTTLS it works as best it could
>
> enable smtpd_sasl on port 587 and 465, i know some will hit me now, but clients sometimes need port 465 depending on clients

Reply | Threaded
Open this post in threaded view
|

RE: smtpd_sasl_auth_enable is true but sasl support is not compiled in (postfix-gento)

Fazzina, Angelo
Mine that I use to test

openssl s_client -connect massmail.uconn.edu:465

openssl s_client -starttls smtp -connect massmail.uconn.edu:587

telnet is just for port 25   YMMV.

-ANGELO FAZZINA

UITS Service Manager:
Spam and Virus Prevention
Mass Mailing
G Suite/Gmail

[hidden email]
University of Connecticut,  UITS, SSG, Server Systems
860-486-9075


-----Original Message-----
From: [hidden email] [mailto:[hidden email]] On Behalf Of James Reynolds
Sent: Thursday, November 30, 2017 4:21 PM
To: Postfix users <[hidden email]>
Subject: Re: smtpd_sasl_auth_enable is true but sasl support is not compiled in (postfix-gento)

I have never heard of using openssl s_client instead of telnet so I tried to figure out how to use it.  I could connect to my server with the following.

        openssl s_client -connect 10.0.1.1:25  -starttls smtp

And I can do "HELO" and "MAIL FROM:" but when I try to enter "RCPT TO:" I just get this output and I can't go further.

        RENEGOTIATING
        depth=3 /C=SE/O=AddTrust AB/OU=AddTrust External TTP Network/CN=AddTrust External CA Root
        verify error:num=19:self signed certificate in certificate chain
        verify return:0

Do you know what is going on?  Maybe my certificate on my server is misconfigured and I didn't even know it?...

James


> On Nov 30, 2017, at 1:55 PM, Benny Pedersen <[hidden email]> wrote:
>
> Yuri Ferreira skrev den 2017-11-30 17:49:
>
>> someone help-me ?
>
> to get more help:
>
> postconf -nf
> postconf -Mf
>
> on pastebin with a link to maillist
>
> you should stop using telnet to test ssl, use openssl s_client ... to replace it
>
> man openssl
>
> if you see AUTH on port 25 yoy maked a mistake, but if you see STARTTLS it works as best it could
>
> enable smtpd_sasl on port 587 and 465, i know some will hit me now, but clients sometimes need port 465 depending on clients

Reply | Threaded
Open this post in threaded view
|

RE: smtpd_sasl_auth_enable is true but sasl support is not compiled in (postfix-gento)

Fazzina, Angelo
....And, if you wanna get more detailed this is all I do to test accounts.


RAN     pamtester smtp ssl_test authenticate
        to test ability to authenticate with account ssl_test  (it worked)
RAN     testsaslauthd -s smtp -u ssl_test -p <password>
        to test Saslauthd  (it worked)
RAN     python -c 'import base64,sys; u,p=sys.argv[1:3]; print base64.encodestring("%s\x00%s\x00%s" % (u,u,p))' ssl_test <password>
        to create hash  (it worked)
RAN     openssl s_client -connect 137.99.203.233:465
        helo uconn.edu
        AUTH PLAIN  <insert hash from python command>




-ANGELO FAZZINA

UITS Service Manager:
Spam and Virus Prevention
Mass Mailing
G Suite/Gmail

[hidden email]
University of Connecticut,  UITS, SSG, Server Systems
860-486-9075


-----Original Message-----
From: [hidden email] [mailto:[hidden email]] On Behalf Of Fazzina, Angelo
Sent: Thursday, November 30, 2017 4:25 PM
To: James Reynolds <[hidden email]>; Postfix users <[hidden email]>
Subject: RE: smtpd_sasl_auth_enable is true but sasl support is not compiled in (postfix-gento)

Mine that I use to test

openssl s_client -connect massmail.uconn.edu:465

openssl s_client -starttls smtp -connect massmail.uconn.edu:587

telnet is just for port 25   YMMV.

-ANGELO FAZZINA

UITS Service Manager:
Spam and Virus Prevention
Mass Mailing
G Suite/Gmail

[hidden email]
University of Connecticut,  UITS, SSG, Server Systems
860-486-9075


-----Original Message-----
From: [hidden email] [mailto:[hidden email]] On Behalf Of James Reynolds
Sent: Thursday, November 30, 2017 4:21 PM
To: Postfix users <[hidden email]>
Subject: Re: smtpd_sasl_auth_enable is true but sasl support is not compiled in (postfix-gento)

I have never heard of using openssl s_client instead of telnet so I tried to figure out how to use it.  I could connect to my server with the following.

        openssl s_client -connect 10.0.1.1:25  -starttls smtp

And I can do "HELO" and "MAIL FROM:" but when I try to enter "RCPT TO:" I just get this output and I can't go further.

        RENEGOTIATING
        depth=3 /C=SE/O=AddTrust AB/OU=AddTrust External TTP Network/CN=AddTrust External CA Root
        verify error:num=19:self signed certificate in certificate chain
        verify return:0

Do you know what is going on?  Maybe my certificate on my server is misconfigured and I didn't even know it?...

James


> On Nov 30, 2017, at 1:55 PM, Benny Pedersen <[hidden email]> wrote:
>
> Yuri Ferreira skrev den 2017-11-30 17:49:
>
>> someone help-me ?
>
> to get more help:
>
> postconf -nf
> postconf -Mf
>
> on pastebin with a link to maillist
>
> you should stop using telnet to test ssl, use openssl s_client ... to replace it
>
> man openssl
>
> if you see AUTH on port 25 yoy maked a mistake, but if you see STARTTLS it works as best it could
>
> enable smtpd_sasl on port 587 and 465, i know some will hit me now, but clients sometimes need port 465 depending on clients

Reply | Threaded
Open this post in threaded view
|

Re: smtpd_sasl_auth_enable is true but sasl support is not compiled in (postfix-gento)

James Reynolds
The "AUTH PLAIN" works also.  When I telnet into the server the "RCPT" command works, but not with openssl s_client.  It's not a big deal.  I am just really happy to find out that I can test this now.  I think my certificate is ok too, so I don't know why I get "RENEGOTIATING" and the other info.

James

> On Nov 30, 2017, at 2:27 PM, Fazzina, Angelo <[hidden email]> wrote:
>
> ....And, if you wanna get more detailed this is all I do to test accounts.
>
>
> RAN     pamtester smtp ssl_test authenticate
>        to test ability to authenticate with account ssl_test  (it worked)
> RAN     testsaslauthd -s smtp -u ssl_test -p <password>
>        to test Saslauthd  (it worked)
> RAN     python -c 'import base64,sys; u,p=sys.argv[1:3]; print base64.encodestring("%s\x00%s\x00%s" % (u,u,p))' ssl_test <password>
>        to create hash  (it worked)
> RAN     openssl s_client -connect 137.99.203.233:465
>        helo uconn.edu
>        AUTH PLAIN  <insert hash from python command>
>
>
>
>
> -ANGELO FAZZINA
>
> UITS Service Manager:
> Spam and Virus Prevention
> Mass Mailing
> G Suite/Gmail
>
> [hidden email]
> University of Connecticut,  UITS, SSG, Server Systems
> 860-486-9075
>
>
> -----Original Message-----
> From: [hidden email] [mailto:[hidden email]] On Behalf Of Fazzina, Angelo
> Sent: Thursday, November 30, 2017 4:25 PM
> To: James Reynolds <[hidden email]>; Postfix users <[hidden email]>
> Subject: RE: smtpd_sasl_auth_enable is true but sasl support is not compiled in (postfix-gento)
>
> Mine that I use to test
>
> openssl s_client -connect massmail.uconn.edu:465
>
> openssl s_client -starttls smtp -connect massmail.uconn.edu:587
>
> telnet is just for port 25   YMMV.
>
> -ANGELO FAZZINA
>
> UITS Service Manager:
> Spam and Virus Prevention
> Mass Mailing
> G Suite/Gmail
>
> [hidden email]
> University of Connecticut,  UITS, SSG, Server Systems
> 860-486-9075
>
>
> -----Original Message-----
> From: [hidden email] [mailto:[hidden email]] On Behalf Of James Reynolds
> Sent: Thursday, November 30, 2017 4:21 PM
> To: Postfix users <[hidden email]>
> Subject: Re: smtpd_sasl_auth_enable is true but sasl support is not compiled in (postfix-gento)
>
> I have never heard of using openssl s_client instead of telnet so I tried to figure out how to use it.  I could connect to my server with the following.
>
> openssl s_client -connect 10.0.1.1:25  -starttls smtp
>
> And I can do "HELO" and "MAIL FROM:" but when I try to enter "RCPT TO:" I just get this output and I can't go further.
>
> RENEGOTIATING
> depth=3 /C=SE/O=AddTrust AB/OU=AddTrust External TTP Network/CN=AddTrust External CA Root
> verify error:num=19:self signed certificate in certificate chain
> verify return:0
>
> Do you know what is going on?  Maybe my certificate on my server is misconfigured and I didn't even know it?...
>
> James
>
>
>> On Nov 30, 2017, at 1:55 PM, Benny Pedersen <[hidden email]> wrote:
>>
>> Yuri Ferreira skrev den 2017-11-30 17:49:
>>
>>> someone help-me ?
>>
>> to get more help:
>>
>> postconf -nf
>> postconf -Mf
>>
>> on pastebin with a link to maillist
>>
>> you should stop using telnet to test ssl, use openssl s_client ... to replace it
>>
>> man openssl
>>
>> if you see AUTH on port 25 yoy maked a mistake, but if you see STARTTLS it works as best it could
>>
>> enable smtpd_sasl on port 587 and 465, i know some will hit me now, but clients sometimes need port 465 depending on clients
>

Reply | Threaded
Open this post in threaded view
|

Re: smtpd_sasl_auth_enable is true but sasl support is not compiled in (postfix-gento)

Benny Pedersen-2
James Reynolds skrev den 2017-11-30 22:52:
> The "AUTH PLAIN" works also.  When I telnet into the server the "RCPT"
> command works, but not with openssl s_client.  It's not a big deal.  I
> am just really happy to find out that I can test this now.  I think my
> certificate is ok too, so I don't know why I get "RENEGOTIATING" and
> the other info.

selfsigned, self problem to solve

EOD from me here