Re: No SMTP AUTH when TLS enabled

Patrick Ben Koetter Sat, 02 Jan 2010 00:51:37 -0800

* froinds J <froi...@gmail.com>:
> My problem is: if I allow TLS I cannot authenticate. Without TLS everything
> works. Here is the output from saslfinger.
> Thanks for your help.






> 
> saslfinger - postfix Cyrus sasl configuration Sat Jan  2 02:12:49 EST 2010
> version: 1.0.2
> mode: server-side SMTP AUTH
> 
> -- basics --
> Postfix: 2.6.5
> System: Fedora release 12 (Constantine)
> 
> -- smtpd is linked to --
> libsasl2.so.2 => /usr/lib/libsasl2.so.2 (0x00110000)
> 
> -- active SMTP AUTH and TLS parameters for smtpd --
> broken_sasl_auth_clients = yes
> smtpd_sasl_auth_enable = yes
> smtpd_sasl_authenticated_header = yes
> smtpd_sasl_local_domain = $myhostname
> smtpd_sasl_security_options = noanonymous, noplaintext
> smtpd_tls_CAfile = /etc/postfix/ssl/cacert.pem
> smtpd_tls_auth_only = yes
> smtpd_tls_cert_file = /etc/postfix/ssl/smtpd.crt
> smtpd_tls_key_file = /etc/postfix/ssl/smtpd.key
> smtpd_tls_loglevel = 3
> smtpd_tls_received_header = yes
> smtpd_tls_security_level = encrypt
> smtpd_tls_session_cache_timeout = 3600s
> 
> 
> -- listing of /usr/lib/sasl --
> total 80
> drwxr-xr-x.   2 root root  4096 2009-12-29 12:31 .
> dr-xr-xr-x. 150 root root 69632 2010-01-01 16:52 ..
> -rw-r--r--.   1 root root    70 2009-09-16 09:38 smtpd.conf

Delete /usr/lib/sasl/smtpd.conf. Postfix will not use Cyrus SASL 1.x anymore.


> -- listing of /usr/lib/sasl2 --
> total 504
> drwxr-xr-x.   2 root root  4096 2009-12-29 12:31 .
> dr-xr-xr-x. 150 root root 69632 2010-01-01 16:52 ..
> -rwxr-xr-x.   1 root root 14912 2009-09-24 06:20 libanonymous.so
> -rwxr-xr-x.   1 root root 14912 2009-09-24 06:20 libanonymous.so.2
> -rwxr-xr-x.   1 root root 14912 2009-09-24 06:20 libanonymous.so.2.0.23
> -rwxr-xr-x.   1 root root 17596 2009-09-24 06:20 libcrammd5.so
> -rwxr-xr-x.   1 root root 17596 2009-09-24 06:20 libcrammd5.so.2
> -rwxr-xr-x.   1 root root 17596 2009-09-24 06:20 libcrammd5.so.2.0.23
> -rwxr-xr-x.   1 root root 48032 2009-09-24 06:20 libdigestmd5.so
> -rwxr-xr-x.   1 root root 48032 2009-09-24 06:20 libdigestmd5.so.2
> -rwxr-xr-x.   1 root root 48032 2009-09-24 06:20 libdigestmd5.so.2.0.23
> -rwxr-xr-x.   1 root root 15356 2009-09-24 06:20 liblogin.so
> -rwxr-xr-x.   1 root root 15356 2009-09-24 06:20 liblogin.so.2
> -rwxr-xr-x.   1 root root 15356 2009-09-24 06:20 liblogin.so.2.0.23
> -rwxr-xr-x.   1 root root 15452 2009-09-24 06:20 libplain.so
> -rwxr-xr-x.   1 root root 15452 2009-09-24 06:20 libplain.so.2
> -rwxr-xr-x.   1 root root 15452 2009-09-24 06:20 libplain.so.2.0.23
> -rwxr-xr-x.   1 root root 20872 2009-09-24 06:20 libsasldb.so
> -rwxr-xr-x.   1 root root 20872 2009-09-24 06:20 libsasldb.so.2
> -rwxr-xr-x.   1 root root 20872 2009-09-24 06:20 libsasldb.so.2.0.23
> -rw-r--r--.   1 root root    25 2009-09-16 14:55 Sendmail.conf
> -rw-r--r--.   1 root root   138 2010-01-02 01:22 smtpd.conf
> 
> -- listing of /etc/sasl2 --
> total 16
> drwxr-xr-x.   2 root root  4096 2009-09-24 06:20 .
> drwxr-xr-x. 122 root root 12288 2010-01-01 16:31 ..
> 
> 
> -- content of /usr/lib/sasl2/smtpd.conf --
> pwcheck_method: auxprop

Add:

auxprop_plugin: sasldb

> mech_list: PLAIN LOGIN CRAM-MD5 DIGEST-MD5
> log_level: 4



> -- active services in /etc/postfix/master.cf --
> # service type  private unpriv  chroot  wakeup  maxproc command + args
> #               (yes)   (yes)   (yes)   (never) (100)
> 52525   inet  n - n - - smtpd -v

At a first glance your configuration looks sane. Maybe your problem is not
SASL, but TLS. You are running smtpd verbose. What does the log say about 
errors?


> pickup    fifo  n       -       n       60      1       pickup
> cleanup   unix  n       -       n       -       0       cleanup
> qmgr      fifo  n       -       n       300     1       qmgr
> tlsmgr    unix  -       -       n       1000?   1       tlsmgr
> rewrite   unix  -       -       n       -       -       trivial-rewrite
> bounce    unix  -       -       n       -       0       bounce
> defer     unix  -       -       n       -       0       bounce
> trace     unix  -       -       n       -       0       bounce
> verify    unix  -       -       n       -       1       verify
> flush     unix  n       -       n       1000?   0       flush
> proxymap  unix  -       -       n       -       -       proxymap
> proxywrite unix -       -       n       -       1       proxymap
> smtp      unix  -       -       n       -       -       smtp
> relay     unix  -       -       n       -       -       smtp
> -o smtp_fallback_relay=
> showq     unix  n       -       n       -       -       showq
> error     unix  -       -       n       -       -       error
> retry     unix  -       -       n       -       -       error
> discard   unix  -       -       n       -       -       discard
> local     unix  -       n       n       -       -       local
> virtual   unix  -       n       n       -       -       virtual
> lmtp      unix  -       -       n       -       -       lmtp
> anvil     unix  -       -       n       -       1       anvil
> scache    unix  -       -       n       -       1       scache
> 
> 
> -- mechanisms on localhost --
> 
> 
> -- end of saslfinger output --

-- 
All technical questions asked privately will be automatically answered on the
list and archived for public access unless privacy is explicitely required and
justified.

saslfinger (debugging SMTP AUTH):
<http://postfix.state-of-mind.de/patrick.koetter/saslfinger/>

Re: No SMTP AUTH when TLS enabled

Reply via email to