saslfinger - postfix Cyrus sasl configuration Fri Feb 12 19:51:42 CST 2010
version: 1.0.2
mode: client-side SMTP AUTH
-- basics --
Postfix: 2.3.3
System: CentOS release 5.4 (Final)
-- smtp is linked to --
libsasl2.so.2 => /usr/lib64/libsasl2.so.2 (0x00002b16ec84f000)
-- active SMTP AUTH and TLS parameters for smtp --
relayhost = [smtp.gmail.com]:587
smtp_sasl_auth_enable = yes
smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd
smtp_sasl_security_options = noanonymous, noplaintext
smtp_sasl_tls_security_options = noanonymous
smtp_tls_cert_file = /etc/pki/tls/gmail_relay/gmail.pem
smtp_tls_enforce_peername = no
smtp_tls_key_file = /etc/pki/tls/gmail_relay/gmail.key
smtp_tls_note_starttls_offer = yes
smtp_tls_scert_verifydepth = 5
smtp_use_tls = yes
-- listing of /usr/lib64/sasl2 --
total 2748
drwxr-xr-x 2 root root 4096 Feb 10 19:51 .
drwxr-xr-x 28 root root 20480 Feb 10 21:31 ..
-rwxr-xr-x 1 root root 890 Sep 3 19:04 libanonymous.la
-rwxr-xr-x 1 root root 15880 Sep 3 19:05 libanonymous.so
-rwxr-xr-x 1 root root 15880 Sep 3 19:05 libanonymous.so.2
-rwxr-xr-x 1 root root 15880 Sep 3 19:05 libanonymous.so.2.0.22
-rwxr-xr-x 1 root root 936 Sep 3 19:04 libsasldb.la
-rwxr-xr-x 1 root root 893304 Sep 3 19:05 libsasldb.so
-rwxr-xr-x 1 root root 893304 Sep 3 19:05 libsasldb.so.2
-rwxr-xr-x 1 root root 893304 Sep 3 19:05 libsasldb.so.2.0.22
-rw-r--r-- 1 root root 26 Aug 14 2008 smtpd.conf
-- listing of /usr/lib/sasl2 --
total 2740
drwxr-xr-x 2 root root 4096 Feb 10 23:34 .
drwxr-xr-x 22 root root 12288 Feb 10 23:34 ..
-rwxr-xr-x 1 root root 884 Sep 3 19:04 libanonymous.la
-rwxr-xr-x 1 root root 14372 Sep 3 19:04 libanonymous.so
-rwxr-xr-x 1 root root 14372 Sep 3 19:04 libanonymous.so.2
-rwxr-xr-x 1 root root 14372 Sep 3 19:04 libanonymous.so.2.0.22
-rwxr-xr-x 1 root root 930 Sep 3 19:04 libsasldb.la
-rwxr-xr-x 1 root root 905200 Sep 3 19:04 libsasldb.so
-rwxr-xr-x 1 root root 905200 Sep 3 19:04 libsasldb.so.2
-rwxr-xr-x 1 root root 905200 Sep 3 19:04 libsasldb.so.2.0.22
-- listing of /etc/sasl2 --
total 16
drwxr-xr-x 2 root root 4096 Sep 3 19:04 .
drwxr-xr-x 50 root root 4096 Feb 10 23:34 ..
-- permissions for /etc/postfix/sasl_passwd --
-rw-r----- 1 root postfix 255 Feb 11 17:57 /etc/postfix/sasl_passwd
-- permissions for /etc/postfix/sasl_passwd.db --
-rw-r----- 1 root postfix 12288 Feb 11 17:57 /etc/postfix/sasl_passwd.db
/etc/postfix/sasl_passwd.db is up to date.
-- active services in /etc/postfix/master.cf --
# service type private unpriv chroot wakeup maxproc command + args
# (yes) (yes) (yes) (never) (100)
smtp inet n - n - - smtpd
pickup fifo n - n 60 1 pickup
cleanup unix n - n - 0 cleanup
qmgr fifo n - n 300 1 qmgr
tlsmgr unix - - n 1000? 1 tlsmgr
rewrite unix - - n - - trivial-rewrite
bounce unix - - n - 0 bounce
defer unix - - n - 0 bounce
trace unix - - n - 0 bounce
verify unix - - n - 1 verify
flush unix n - n 1000? 0 flush
proxymap unix - - n - - proxymap
smtp unix - - n - - smtp
relay unix - - n - - smtp
-o fallback_relay=
showq unix n - n - - showq
error unix - - n - - error
discard unix - - n - - discard
local unix - n n - - local
virtual unix - n n - - virtual
lmtp unix - - n - - lmtp
anvil unix - - n - 1 anvil
scache unix - - n - 1 scache
maildrop unix - n n - - pipe
flags=DRhu user=vmail argv=/usr/local/bin/maildrop -d ${recipient}
old-cyrus unix - n n - - pipe
flags=R user=cyrus argv=/usr/lib/cyrus-imapd/deliver -e -m
${extension} ${user}
cyrus unix - n n - - pipe
user=cyrus argv=/usr/lib/cyrus-imapd/deliver -e -r ${sender} -m
${extension} ${user}
uucp unix - n n - - pipe
flags=Fqhu user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail ($recipient)
ifmail unix - n n - - pipe
flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient)
bsmtp unix - n n - - pipe
flags=Fq. user=foo argv=/usr/local/sbin/bsmtp -f $sender $nexthop $recipient
-- mechanisms on smtp.gmail.com:587 --
-- mechanisms on [smtp.gmail.com]:587 --
-- mechanisms on smtp.gmail.com --
-- end of saslfinger output --
end
-- Always glad to help,
--Jay Bendon - Bendon Consults
On Fri, Feb 12, 2010 at 7:22 PM, Wietse Venema <[email protected]> wrote:
>> relayhost = [smtp.gmail.com]:587
>
> This host supports no SASL authentication BEFORE STARTLS:
>
> % telnet smtp.gmail.com 587
> ...
> 220 mx.google.com ESMTP 42sm38391439vws.8
> ehlo hostname.porcupine.org
> 250-mx.google.com at your service, [my.ip.addr]
> 250-SIZE 35651584
> 250-8BITMIME
> 250-STARTTLS
> 250-ENHANCEDSTATUSCODES
> 250 PIPELINING
>
> This host supports the following mechanisms AFTER STARTLS:
>
> % openssl s_client -connect smtp.gmail.com:587 -starttls smtp
> ...
> ehlo hostname.porcupine.org
> 250-mx.google.com at your service, [my.ip.addr]
> 250-SIZE 35651584
> 250-8BITMIME
> 250-AUTH LOGIN PLAIN
> 250-ENHANCEDSTATUSCODES
> 250 PIPELINING
>
>> smtp_sasl_auth_enable = yes
>> smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd
>
> Fine.
>
>> smtp_sasl_security_options = noanonymous, noplaintext
>
> Irrelevant, because gmail does not support SASL over non-TLS connections.
>
>> smtp_sasl_tls_security_options = noanonymous
>> smtp_use_tls = yes
>
> Postfix allows login + plain, and gmail announces login + plain,
> therefore your SASL library is not cooperating.
>
> Run the saslfinger program *AND REPORT ALL ITS OUTPUT*.
>
> Wietse
>
