John wrote: > Sandy Drobic wrote: >> [snip] >>>> >>>> >>>>> smtpd_sasl_application_name = smtpd >>>>> smtpd_sasl_auth_enable = no >>>>> >>>> Unless you "yes" here, Postfix will not offer the option to >>>> authenticate. >>>> >>> Set to 'YES', then postfix failed to end this mail (workstation running >>> thunderbird) so I set it back to 'NO' for now as it raises other issues! >>> > Set back to 'YES' last night, about 01:30 and lost all emails until I > checked the logs about 09:00 this morning. Error message was: > > 'Jun 27 09:35:00 General postfix/smtpd[29907]: fatal: no SASL > authentication mechanisms'
Uh, oh!! This looks as if you have misconfigured your Cyrus sasl configuration in some way. > Set it back to 'NO' and was deluged! >> Little question has smtp auth ever worked for you before or is this your >> first try? >> > I'm not sure that it has; I tried this last year (Thread '[SLE] at wits > end with postfix & SASL') and thought I'd gotten it sorted but when I > was abroad recently, it still failed, so obviously, I hadn't. In that case we should start from the beginning. You have mixed TLS and SASL parameters, but it seems as if they don't completely work. I usually start with Cyrus sasl, and if that is working reliably I add TLS and set "smtpd_tls_auth_only = yes". >> If you enable smtpd_auth and restart the server, do you see any warnings >> in your maillog? >> > > Nothing specific; I've written a script which allows me to look at the > last n lines of all four log files and I've attached the results from > this test for inspection. You can see that I tried this at 12:43:41! I get a log excerpt every day by mail with all the log lines that are not flagged as normal. Great to track trouble before it is reported by users. Mailgraph provides also alsmost real-time stats for email flow (received, delivered, spam, virus, rejected). Additionally I recommend to use pflogsumm as a summary of you email situation. >> >>>> >>>> >>>>> smtpd_sasl_local_domain = smtpd_sasl_security_options = noanonymous, >>>>> noplaintext >>>>> smtpd_sasl_tls_security_options = noanonymous IIRC you have forbidden plaintext mechs when the connection is not encrypted. smtpd_sasl_security_options = noanonymous, noplaintext Change that to smtpd_sasl_security_options = noanonymous "reload postfix", and then try again. You main problem is that you have activated too many TLS and AUTH parameters without confirming first that the basics work. I am almost tempted to say "let's remove all of those and then start at the beginning." >> Now you should see the capabilities of your server. One of the lines >> should start with "250-AUTH PLAIN LOGIN" > Now, since I've seen the two lines: > > 250-AUTH LOGIN PLAIN > 250-AUTH=LOGIN PLAIN > > before, something has been changed in my attempt to get this sorted. > Could be the starttls line? Not exactly. Rather it was the "smtpd_tls_auth_only = yes". As a consequence you can only authenticate if you first encrypt the connection using starttls. > > ------------------------------------------------------------------------ > > Mail > Jun 27 12:41:23 General postfix/qmgr[29923]: E2AE31D5A7: removed > Jun 27 12:41:23 General postfix/smtpd[30260]: disconnect from > sc157.sjc.collab.net[204.16.104.146] > Jun 27 12:43:31 General postfix/postfix-script: refreshing the Postfix mail > system > Jun 27 12:43:31 General postfix/anvil[30262]: statistics: max connection rate > 1/60s for (smtp:204.16.104.146) at Jun 27 12:41:22 > Jun 27 12:43:31 General postfix/anvil[30262]: statistics: max connection > count 1 for (smtp:204.16.104.146) at Jun 27 12:41:22 > Jun 27 12:43:31 General postfix/anvil[30262]: statistics: max cache size 1 at > Jun 27 12:41:22 > Business as usual, looks fine. > ------------ > > Mail.err > Jun 27 09:35:00 General postfix/smtpd[29912]: fatal: no SASL authentication > mechanisms "Fatal error" means the system can't work due to a serious misconfiguration. > > ------------ > > Mail.warn > Jun 27 12:06:13 General postfix/smtpd[30195]: warning: 125.235.64.36: > hostname 125.235.64.36.adsl.viettel.vn verification failed: Name or service > not known Harmless, a spam zombi does not have a matching reverse dns record. That happens a lot. I get dozens and hundreds of these dns errors every day. This is only informational logging. -- Sandy List replies only please! Please address PMs to: news-reply2 (@) japantest (.) homelinux (.) com -- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
