Hi Running 2.3.8 Debian package (I'll be upgrading shortly), I was already supporting TLS and SASL auth. One of my users recently moved to RCN and they block port 25 so I'm trying to open 587.
I added this to my master.cf submission inet n - - - - smtpd -o smtpd_enforce_tls=yes -o smtpd_sasl_auth_enable=yes # -o smtpd_sasl_security_options=noanonymous # I added that to mirror main.cf, but no change -o smtpd_client_restrictions=permit_sasl_authenticated,reject However, when I test I get a SASL auth error. If I switch my client back to port 25, there is no SASL error. Connecting to port 25 Apr 7 10:00:30 donald postfix/smtpd[21028]: connect from 18.myvzw.com[174.252.18.98] Apr 7 10:00:31 donald postfix/smtpd[21028]: setting up TLS connection from 18.myvzw.com[174.252.18.98] Apr 7 10:00:32 donald postfix/smtpd[21028]: TLS connection established from 18.myvzw.com[174.252.18.98]: TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits) Apr 7 10:00:34 donald postfix/smtpd[21028]: disconnect from 18.myvzw.com[174.252.18.98] Connecting from port 587 Apr 7 10:01:04 donald postfix/smtpd[21032]: connect from 18.myvzw.com[174.252.18.98] Apr 7 10:01:06 donald postfix/smtpd[21032]: setting up TLS connection from 18.myvzw.com[174.252.18.98] Apr 7 10:01:07 donald postfix/smtpd[21032]: TLS connection established from 18.myvzw.com[174.252.18.98]: TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits) Apr 7 10:01:09 donald postfix/smtpd[21032]: warning: SASL authentication failure: Password verification failed Apr 7 10:01:09 donald postfix/smtpd[21032]: warning: 18.myvzw.com[174.252.18.98]: SASL PLAIN authentication failed: authentication failure Why is your software bro.. What did I do wrong? :) I assumed that main.cf sasl parameters would apply to any port that used sasl. postconf -n | grep sasl broken_sasl_auth_clients = yes smtpd_recipient_restrictions = reject_non_fqdn_sender, reject_non_fqdn_recipient, permit_sasl_authenticated, reject_sender_login_mismatch, check_client_access hash:/var/lib/pop-before-smtp/hosts, check_helo_access hash:/etc/postfix/helo_checks, check_sender_access hash:/etc/postfix/ip_whitelist, check_recipient_access hash:/etc/postfix/laxdomains, reject_invalid_hostname, reject_non_fqdn_hostname, reject_unknown_sender_domain,reject_unknown_recipient_domain, reject_invalid_helo_hostname, reject_non_fqdn_helo_hostname, reject_unknown_helo_hostname, permit_mynetworks, check_policy_service inet:127.0.0.1:10031, reject_unlisted_recipient, reject_unauth_destination, reject_rbl_client bl.spamcop.net, reject_rbl_client cbl.abuseat.org, reject_rbl_client zen.spamhaus.org, reject_rbl_client blackholes.mail-abuse.org, reject_rbl_client tw.countries.nerd.dk, reject_rbl_client kr.countries.nerd.dk, reject_rbl_client cn.countries.nerd.dk, reject_rbl_client relays.mail-abuse.org, reject_rhsbl_sender dsn.rfc-ignorant.org, warn_if_reject, reject_unknown_client, warn_if_reject, reject_rhsbl_client dsn.rfc-ignorant.org, warn_if_reject, reject_rbl_client dnsbl.sorbs.net, warn_if_reject, reject_rbl_client dnsbl.njabl.org, warn_if_reject, reject_rbl_client dul.dnsbl.sorbs.net, permit smtpd_sasl_auth_enable = yes smtpd_sasl_local_domain = mydomain.net smtpd_sasl_security_options = noanonymous Let me know if you want the whole thing. Is there something else I need to insert in main.cf Thanks.