I bet it has something to do with your sasl configuration. Had that back in time too... Check it is working. I have linked the saslauth to pam/ldap - so I can have local and remote users going in... Took me some time to figure this out. It's too long ago for me to remember details - but that's where I would look if I were you... Check your logs mail/sytem and auth for hints.
Cheers Joerg <quote who="Joe Strusz"> > OK, well i disabled the smtpd_tl_auth_only line. > > And now whenever i try to connect via say outlook express on a client > machine... > > I check the box that says, "my outgoing server requires > authentication", and i do get the password prompt, however whichever > login/password i try to use it gets rejected, over and over and over > again... > > > any suggestions? > >>X-Original-To: [EMAIL PROTECTED] >>Delivered-To: [EMAIL PROTECTED] >>Delivered-To: <[email protected]> >>Date: Wed, 5 Oct 2005 15:15:22 +0200 (CEST) >>Subject: Re: [gentoo-security] postfix and SASL >>From: "Joerg Mertin" <[EMAIL PROTECTED]> >>To: [email protected] >>User-Agent: SquirrelMail/1.4.4 >>List-Post: <mailto:[email protected]> >>List-Help: <mailto:[EMAIL PROTECTED]> >>List-Unsubscribe: <mailto:[EMAIL PROTECTED]> >>List-Subscribe: <mailto:[EMAIL PROTECTED]> >>List-Id: Gentoo Linux mail <gentoo-security.gentoo.org> >>X-BeenThere: [email protected] >>Reply-To: [email protected] >>X-Virus-Scanned: ClamAV scanned @ Stargate >>X-MIME-Autoconverted: from quoted-printable to 8bit by >>robin.gentoo.org id j95D76GO003964 >>X-Virus-Scanned: This message was scanned for viruses by ClamAV. >>X-Spam-Status: No, hits=-2.599 tagged_above=-100 required=6.5 >> tests=BAYES_00 >>X-Spam-Level: >> >>OK - as this seem to be quite difficutl for many - here my configuration >>of postfix - TLS and SASL parts only: >> >>## TLS >># Transport Layer Security >># >>smtpd_use_tls = yes >>smtpd_tls_auth_only = yes >>smtpd_tls_key_file = /etc/ssl/postfix/stargate.solsys.org.key >>smtpd_tls_cert_file = /etc/ssl/postfix/stargate.solsys.org.crt >>smtpd_tls_CAfile = /etc/ssl/postfix/stargate.solsys.org.pem >>smtpd_tls_loglevel = 3 >>smtpd_tls_received_header = yes >>smtpd_tls_session_cache_timeout = 3600s >>tls_random_source = dev:/dev/urandom >> >># SASL SUPPORT FOR CLIENTS >># >># The following options set parameters needed by Postfix to enable >># Cyrus-SASL support for authentication of mail clients. >># >>broken_sasl_auth_clients = yes >>smtpd_sasl_auth_enable = yes >>smtpd_sasl_security_options = noanonymous >>smtpd_data_restrictions = reject_unauth_pipelining >>smtpd_sasl_local_domain = >> >> >>This setup works here for 2 Years ... >>Cheers >> >>Joerg >> >> >><quote who="Joe Strusz"> >> > Whenever i telnet to port 25, and issue the AUTH PLAIN command i >> receive >> > this: >> > >> > 538: Encryption required for requested authentication mechanism. >> > >> > What does this mean? >> > >> > I could really use some help on this... its been bugging me for weeks >> now. >> > >> > Also, I do have smtpd_tls_auth_only = yes line >> > >> > >> > Please help >> > >> > blargh. >> > >> > Your fellow befumbled gentoo user. >> > >> > >> > >> >>X-Original-To: [EMAIL PROTECTED] >> >>Delivered-To: [EMAIL PROTECTED] >> >>Delivered-To: <[email protected]> >> >>Date: Wed, 05 Oct 2005 12:36:01 +0100 >> >>From: Jonathan Wright <[EMAIL PROTECTED]> >> >>User-Agent: Mozilla Thunderbird 1.0.6 (X11/20050822) >> >>X-Accept-Language: en-us, en >> >>List-Post: <mailto:[email protected]> >> >>List-Help: <mailto:[EMAIL PROTECTED]> >> >>List-Unsubscribe: <mailto:[EMAIL PROTECTED]> >> >>List-Subscribe: <mailto:[EMAIL PROTECTED]> >> >>List-Id: Gentoo Linux mail <gentoo-security.gentoo.org> >> >>X-BeenThere: [email protected] >> >>Reply-To: [email protected] >> >>To: [email protected] >> >>Subject: Re: [gentoo-security] postfix and SASL >> >>X-Virus-Scanned: This message was scanned for viruses by ClamAV. >> >>X-Spam-Status: No, hits=-2.599 tagged_above=-100 required=6.5 >> >> tests=BAYES_00 >> >>X-Spam-Level: >> >> >> >>Benjamin A'Lee wrote: >> >>>>Not sure but: why on port 25 and not on 465 ? >> >>>I don't think it actually matters which port; IIRC it just enables >> >>>STARTTLS by default on 465. >> >> >> >>Port 465 is for SSL (i.e. secure communication before any >> >>application data is transferred) and Port 25 accepts TLS (where the >> >>data is secured once both parties accept, however, application data >> >>transfer has occurred). >> >> >> >>Anyway, with telnet you can't talk on port 465 :) >> >> >> >> > I have confirmed postfix is indeed compiled with SASL support. And >> i >> >> > have TLS working great. However when i telnet to port 25 and issue >> >> the >> >> > ehlo command, i do receive the starttls etc... yet no AUTH PLAIN >> >> > lines... >> >> >> >>Depending on the configuration, AUTH PLAIN can either be disabled, >> >>or more likely, it's only send should STARTTLS be issued. I have the >> >>following lines in my main.cf: >> >> >> >>-- cut ----------------------------------------- >> >># SMTPD SERVER CONTROLS >> >>smtpd_sasl_auth_enable = yes >> >>smtpd_sasl_security_options = noanonymous, noplaintext >> >>broken_sasl_auth_clients = yes >> >>smtpd_sasl_local_domain = >> >>smtpd_recipient_restrictions = permit_sasl_authenticated, >> >>permit_mynetworks, reject_unauth_destination >> >> >> >>smtpd_use_tls = yes >> >>smtpd_tls_auth_only = yes >> >>smtpd_tls_key_file = /etc/postfix/cacert/kenny.key >> >>smtpd_tls_cert_file = /etc/postfix/cacert/kenny.pem >> >>smtpd_tls_CAfile = /etc/postfix/cacert/cacert.pem >> >>smtpd_tls_loglevel = 1 >> >>smtpd_tls_received_header = yes >> >>smtpd_tls_session_cache_timeout = 3600s >> >>tls_random_source = dev:/dev/urandom >> >>-- cut ----------------------------------------- >> >> >> >>TLS is enabled, but smtpd_tls_auth_only will only permit >> >>authorization from clients who have issued (and successfully >> >>negotiated) the STARTTLS comment. >> >> >> >>Also, you can define what methods Postfix accepts by modifying the >> >>smtp_sasl_security_options directive. >> >> >> >>HTH, >> >> >> >>-- >> >> Jonathan Wright ~ mail at djnauk.co.uk >> >> ~ www.djnauk.co.uk >> >>-- >> >> 2.6.12-gentoo-r6-djnauk-b2 AMD Athlon(tm) XP 2100+ >> >> up 5 days, 3:02, 4 users, load average: 0.72, 0.97, 0.71 >> >>-- >> >> "I don't mind straight people as long as they act gay in >> >> public." >> >> >> >> ~ T-shirt worn by Dennis Rodman of the Chicago Bulls >> >>-- >> >>[email protected] mailing list >> > >> > >> > Joe Strusz >> > >> > IT Assistant >> > Oxford Publishing, Inc. >> > 307 West Jackson Avenue >> > Oxford, MS 38655-2154 >> > 800-247-3881 >> > 662-236-5510x40 >> > [EMAIL PROTECTED] >> > http://www.nightclub.com >> > >> > >> > -- >> > [email protected] mailing list >> > >> > >> >> >>-- >>------------------------------------------------------------------------ >>| Joerg Mertin : [EMAIL PROTECTED] (Home)| >>| in Forchheim/Germany : [EMAIL PROTECTED] (Alt1)| >>| Stardust's LiNUX System : | >>| Web: http://www.solsys.org | >>------------------------------------------------------------------------ >>PGP Fingerprint: AF0F FB75 997B 025F 4538 5AD6 9888 5D97 170B 8B7A >> >> >> >>-- >>[email protected] mailing list > > > Joe Strusz > > IT Assistant > Oxford Publishing, Inc. > 307 West Jackson Avenue > Oxford, MS 38655-2154 > 800-247-3881 > 662-236-5510x40 > [EMAIL PROTECTED] > http://www.nightclub.com > > > -- > [email protected] mailing list > > -- ------------------------------------------------------------------------ | Joerg Mertin : [EMAIL PROTECTED] (Home)| | in Forchheim/Germany : [EMAIL PROTECTED] (Alt1)| | Stardust's LiNUX System : | | Web: http://www.solsys.org | ------------------------------------------------------------------------ PGP Fingerprint: AF0F FB75 997B 025F 4538 5AD6 9888 5D97 170B 8B7A -- [email protected] mailing list
