On Sat, Jan 2, 2010 at 2:26 AM, Patrick Ben Koetter <p...@state-of-mind.de>wrote:
> * froinds J <froi...@gmail.com>: > > Hello, > > I'm having a problem with postfix in F12. > > I used to have my email server setup with F10. My setup had TLS > > enabled (self signed certs) with SASL using pwcheck_method=auxprop and > > CRAM-MD5 DIGEST-MD5. I had virtual accounts. > > Everything worked great until I installed F12. It was a clean install. > > My issue now is the following: > > If I disable TLS, postfix works as expected. If I enable it, I cannot > > authenticate. Without TLS I can telnet to my server and I get 250-AUTH > > CRAM-MD5 DIGEST-MD5 > > 250-AUTH=CRAM-MD5 DIGEST-MD5. However, once I enable TLS this doesn't > show. > > My mail client says the server does not support CRAM-MD5 or any other > method > > of authentication I try when TLS is on. > > > > I've tested the certs with openssl and I don't get any errors. > > > > I've been running my mail server on Fedora since FC3 and I've never > > encountered this issue. > > Has anyone had this problem? > > Blind guess: You have set $smtpd_tls_auth_only to yes and AUTH only shows > up > in a TLS session. > > If that is not the case follow the instructions at > <http://de.postfix.org/httpmirror/DEBUG_README.html#mail> to provide debug > output. > > p...@rick My problem is: if I allow TLS I cannot authenticate. Without TLS everything works. Here is the output from saslfinger. Thanks for your help. saslfinger - postfix Cyrus sasl configuration Sat Jan 2 02:12:49 EST 2010 version: 1.0.2 mode: server-side SMTP AUTH -- basics -- Postfix: 2.6.5 System: Fedora release 12 (Constantine) -- smtpd is linked to -- libsasl2.so.2 => /usr/lib/libsasl2.so.2 (0x00110000) -- active SMTP AUTH and TLS parameters for smtpd -- broken_sasl_auth_clients = yes smtpd_sasl_auth_enable = yes smtpd_sasl_authenticated_header = yes smtpd_sasl_local_domain = $myhostname smtpd_sasl_security_options = noanonymous, noplaintext smtpd_tls_CAfile = /etc/postfix/ssl/cacert.pem smtpd_tls_auth_only = yes smtpd_tls_cert_file = /etc/postfix/ssl/smtpd.crt smtpd_tls_key_file = /etc/postfix/ssl/smtpd.key smtpd_tls_loglevel = 3 smtpd_tls_received_header = yes smtpd_tls_security_level = encrypt smtpd_tls_session_cache_timeout = 3600s -- listing of /usr/lib/sasl -- total 80 drwxr-xr-x. 2 root root 4096 2009-12-29 12:31 . dr-xr-xr-x. 150 root root 69632 2010-01-01 16:52 .. -rw-r--r--. 1 root root 70 2009-09-16 09:38 smtpd.conf -- listing of /usr/lib/sasl2 -- total 504 drwxr-xr-x. 2 root root 4096 2009-12-29 12:31 . dr-xr-xr-x. 150 root root 69632 2010-01-01 16:52 .. -rwxr-xr-x. 1 root root 14912 2009-09-24 06:20 libanonymous.so -rwxr-xr-x. 1 root root 14912 2009-09-24 06:20 libanonymous.so.2 -rwxr-xr-x. 1 root root 14912 2009-09-24 06:20 libanonymous.so.2.0.23 -rwxr-xr-x. 1 root root 17596 2009-09-24 06:20 libcrammd5.so -rwxr-xr-x. 1 root root 17596 2009-09-24 06:20 libcrammd5.so.2 -rwxr-xr-x. 1 root root 17596 2009-09-24 06:20 libcrammd5.so.2.0.23 -rwxr-xr-x. 1 root root 48032 2009-09-24 06:20 libdigestmd5.so -rwxr-xr-x. 1 root root 48032 2009-09-24 06:20 libdigestmd5.so.2 -rwxr-xr-x. 1 root root 48032 2009-09-24 06:20 libdigestmd5.so.2.0.23 -rwxr-xr-x. 1 root root 15356 2009-09-24 06:20 liblogin.so -rwxr-xr-x. 1 root root 15356 2009-09-24 06:20 liblogin.so.2 -rwxr-xr-x. 1 root root 15356 2009-09-24 06:20 liblogin.so.2.0.23 -rwxr-xr-x. 1 root root 15452 2009-09-24 06:20 libplain.so -rwxr-xr-x. 1 root root 15452 2009-09-24 06:20 libplain.so.2 -rwxr-xr-x. 1 root root 15452 2009-09-24 06:20 libplain.so.2.0.23 -rwxr-xr-x. 1 root root 20872 2009-09-24 06:20 libsasldb.so -rwxr-xr-x. 1 root root 20872 2009-09-24 06:20 libsasldb.so.2 -rwxr-xr-x. 1 root root 20872 2009-09-24 06:20 libsasldb.so.2.0.23 -rw-r--r--. 1 root root 25 2009-09-16 14:55 Sendmail.conf -rw-r--r--. 1 root root 138 2010-01-02 01:22 smtpd.conf -- listing of /etc/sasl2 -- total 16 drwxr-xr-x. 2 root root 4096 2009-09-24 06:20 . drwxr-xr-x. 122 root root 12288 2010-01-01 16:31 .. -- content of /usr/lib/sasl/smtpd.conf -- pwcheck_method: saslauthd mech_list: plain login saslauthd_version: 2 -- content of /usr/lib/sasl2/smtpd.conf -- pwcheck_method: auxprop mech_list: PLAIN LOGIN CRAM-MD5 DIGEST-MD5 log_level: 4 -- active services in /etc/postfix/master.cf -- # service type private unpriv chroot wakeup maxproc command + args # (yes) (yes) (yes) (never) (100) 52525 inet n - n - - smtpd -v pickup fifo n - n 60 1 pickup cleanup unix n - n - 0 cleanup qmgr fifo n - n 300 1 qmgr tlsmgr unix - - n 1000? 1 tlsmgr rewrite unix - - n - - trivial-rewrite bounce unix - - n - 0 bounce defer unix - - n - 0 bounce trace unix - - n - 0 bounce verify unix - - n - 1 verify flush unix n - n 1000? 0 flush proxymap unix - - n - - proxymap proxywrite unix - - n - 1 proxymap smtp unix - - n - - smtp relay unix - - n - - smtp -o smtp_fallback_relay= showq unix n - n - - showq error unix - - n - - error retry unix - - n - - error discard unix - - n - - discard local unix - n n - - local virtual unix - n n - - virtual lmtp unix - - n - - lmtp anvil unix - - n - 1 anvil scache unix - - n - 1 scache -- mechanisms on localhost -- -- end of saslfinger output --
