On 2/16/2010 12:37 PM, Jeff Lacki wrote:
No indication that the user authenticated. When someone
authenticates you'll get a log line something like
Feb 12 09:24:06 mgate2 postfix/smtpd[93626]: E4E077978A8:
client=user.example.org[192.168.1.163], sasl_method=CRAM-MD5,
sasl_username=username
Ive been looking at this for a couple days now, still having
problems. Im getting the following now:
Feb 17 13:29:05 202010-1 postfix/smtpd[21553]: connect from
99-74-xxx-xxx.lightspeed.cicril.sbcglobal.net[99.74.xxx.xxx]
Feb 17 13:29:05 202010-1 postfix/smtpd[21553]: setting up TLS connection from
99-74-xxx-xxx.lightspeed.cicril.sbcglobal.net[99.74.xxx.xxx]
Feb 17 13:29:05 202010-1 postfix/smtpd[21553]:
99-74-xxx-xxx.lightspeed.cicril.sbcglobal.net[99.74.xxx.xxx]: TLS cipher list
"ALL:+RC4:@STRENGTH"
Feb 17 13:29:05 202010-1 postfix/smtpd[21553]: SSL_accept:before/accept
initialization
Feb 17 13:29:05 202010-1 postfix/smtpd[21553]:
99-74-xxx-xxx.lightspeed.cicril.sbcglobal.net[99.74.xxx.xxx]: looking up
session 8B580343BBAB1CDFF37061B0F6
AADCBFAE2FC46F96A7BB40B0A73D14C60B7A23&s=44116 in smtpd cache
Feb 17 13:29:05 202010-1 postfix/tlsmgr[21554]: lookup smtpd session
id=8B580343BBAB1CDFF37061B0F6AADCBFAE2FC46F96A7BB40B0A73D14C60B7A23&s=44116
Feb 17 13:29:05 202010-1 postfix/smtpd[21553]: SSL_accept:SSLv3 read client
hello B
Feb 17 13:29:05 202010-1 postfix/smtpd[21553]: SSL_accept:SSLv3 write server
hello A
Feb 17 13:29:05 202010-1 postfix/smtpd[21553]: SSL_accept:SSLv3 write
certificate A
Feb 17 13:29:05 202010-1 postfix/smtpd[21553]: SSL_accept:SSLv3 write key
exchange A
Feb 17 13:29:05 202010-1 postfix/smtpd[21553]: SSL_accept:SSLv3 write server
done A
Feb 17 13:29:05 202010-1 postfix/smtpd[21553]: SSL_accept:SSLv3 flush data
Feb 17 13:29:05 202010-1 postfix/smtpd[21553]: SSL_accept:SSLv3 read client key
exchange A
Feb 17 13:29:05 202010-1 postfix/smtpd[21553]: SSL_accept:SSLv3 read finished A
Feb 17 13:29:05 202010-1 postfix/smtpd[21553]: SSL_accept:SSLv3 write change
cipher spec A
Feb 17 13:29:05 202010-1 postfix/smtpd[21553]: SSL_accept:SSLv3 write finished A
Feb 17 13:29:05 202010-1 postfix/smtpd[21553]: SSL_accept:SSLv3 flush data
Feb 17 13:29:05 202010-1 postfix/smtpd[21553]:
99-74-xxx-xxx.lightspeed.cicril.sbcglobal.net[99.74.xxx.xxx]: save session
4C77493FCAD703043FECE8FEC020E207
78D68D4E951E4EFAE169E18779AE884F&s=44116 to smtpd cache
Feb 17 13:29:05 202010-1 postfix/tlsmgr[21554]: put smtpd session
id=4C77493FCAD703043FECE8FEC020E20778D68D4E951E4EFAE169E18779AE884F&s=44116
[data 127 by
tes]
Feb 17 13:29:05 202010-1 postfix/tlsmgr[21554]: write smtpd TLS cache entry
4C77493FCAD703043FECE8FEC020E20778D68D4E951E4EFAE169E18779AE884F&s=44116: time
=1266431345 [data 127 bytes]
Feb 17 13:29:05 202010-1 postfix/smtpd[21553]: Anonymous TLS connection
established from 99-74-xxx-xxx.lightspeed.cicril.sbcglobal.net[99.74.xxx.xxx]:
TLS
v1 with cipher DHE-RSA-AES256-SHA (256/256 bits)
Feb 17 13:29:05 202010-1 dovecot: auth(default): client in: AUTH 2
PLAIN service=smtp nologin lip=204.12.98.91 rip=99.74.xxx.xxxr
esp=<hidden>
Feb 17 13:29:05 202010-1 dovecot: auth(default):
passwd-file(jeff,99.74.xxx.xxx): lookup: user=jeff file=/etc/shadow
Feb 17 13:29:05 202010-1 dovecot: auth(default): client out: OK 2
user=jeff
Feb 17 13:29:05 202010-1 postfix/smtpd[21553]: NOQUEUE: reject: RCPT from
99-74-xxx-xxx.lightspeed.cicril.sbcglobal.net[99.74.xxx.xxx]: 554 5.7.1<j...@ra
hul.net>: Relay access denied; from=<j...@mydomain.com> to=<j...@rahul.net>
proto=ESMTP helo=<[192.168.2.11]>
Feb 17 13:29:06 202010-1 postfix/smtpd[21553]: disconnect from
99-74-xxx-xxx.lightspeed.cicril.sbcglobal.net[99.74.xxx.xxx]
It appears (afaik) that Im authenticating from the log file above.
I also set 'smtpd_tls_auth_only = no' and manually tested the
authentication as working via telnet.
I still don't see an authentication line from postfix. Turn
off the TLS debug, you don't need it.
250-PIPELINING
250-SIZE 15000000
250-ETRN
250-STARTTLS
250-AUTH PLAIN LOGIN
250-AUTH=PLAIN LOGIN
250-ENHANCEDSTATUSCODES
250-8BITMIME
250 DSN
auth plain AGplZmYAYkhrb3FhMjI=
235 2.7.0 Authentication successful
quit
221 2.0.0 Bye
And did postfix log that this session authenticated?
After you authenticate you need to type in MAIL FROM and RCPT
TO commands to see if you get relaying denied or OK. That
will tell you if the problem is your client or postfix.
and everyone knows that user/password now, so change it.
I still cant seem to get remote relay access (smtp relaying)
to work for single users (u...@mydomain.com). Ive used
mynetworks to relay for static ip's just fine, however I
need it to work with my users who can be located anywhere,
not just from a single static IP address.
Ive gone through the docs several times (and possibly
missed things), but as far as I can tell, Im suppossed to
use:
relay_recipient_maps = hash:/etc/postfix/relay_recipients
relay_domains = hash:/etc/postfix/relay_domains
No, relay_domains and relay_recipients_maps is to define
domains you are responsible for, nothing to do with sasl
authentication.
to get this to work.
relay_recipients contains:
j...@mydomain.com ok
relay_domains contains:
mydomain.com relay
Remove those settings.
Sorry if this is getting old (it is for me also) :)
Im just trying to understand how this thing is suppossed
to work, especially so I dont become an open relay.
I appreciate your patience.
Jeff
Show your current "postconf -n".
-- Noel Jones
