On Wednesday 11 January 2012 07:14:14 Wietse Venema wrote: > Why do you believe that there is a problem with SASL authentication > between the PHP application and Postfix? >
Because the only error that shows up in the log file is this: ########################################## postfix/smtpd[7310]: connect from www2.domain.com[xx.xx.xx.xx] postfix/smtpd[7310]: warning: www2.domain.com[xx.xx.xx.xx]: SASL LOGIN authentication failed: authentication failure postfix/smtpd[7310]: lost connection after RSET from www2.domain.com[xx.xx.xx.xx] postfix/smtpd[7310]: disconnect from www2.domain.com[xx.xx.xx.xx] ########################################## For comparison, this is what it normally looks like: ########################################## postfix/smtpd[7310]: connect from www2.domain.com[xx.xx.xx.xx] postfix/smtpd[7310]: A406B202D9: client=www2.domain.com[xx.xx.xx.xx], sasl_method=LOGIN, sasl_username=nore...@domain.com postfix/cleanup[7309]: A406B202D9: message- id=<7d3559e19e3c13f1aa342b9d5a33a...@www.domain.com> postfix/qmgr[9970]: A406B202D9: from=<i...@domain.com>, size=733, nrcpt=1 (queue active) postfix/smtpd[7310]: disconnect from www2.domain.com[xx.xx.xx.xx] postfix/smtp[7360]: A406B202D9: to=<u...@web.de>, relay=mx- ha01.web.de[xxx.xx.xxx.xxx]:25, delay=0.21, delays=0.08/0.02/0.05/0.06, dsn=2.0.0, status=sent (250 OK id=1Rg1kQ-0002ax-00) postfix/qmgr[9970]: A406B202D9: removed ########################################## > Your posting provides no concrete symptoms (logging!) that would > allow the list to help you towards a solution. It is not unusual > for people to confuse authentication and encryption. > > http://www.postfix.org/DEBUG_README.html#mail. > > DO NOT TURN ON VERBOSE LOGGING until asked to do so. The default > Postfix logging may look like useless garbage to you, but it provides > a lot of detail that gets drowned out out when you open the firehose. > > Wietse I've enabled debug logging only for the affected hosts, so that my log files don't get overwhelmed with useless noise. Like I said, it's weird. If the affected clients could not send any mail it would be one thing, but why they seem to work fine for weeks and then once in a while simply refuse to authenticate properly, is beyond me. Could it have something to do with smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination which I have in my main.cf? The affected hosts are in my mynetworks list. As far as I understand it, this would mean that the hosts which are listed in "mynetworks" do not HAVE to authenticate. The phpmailer clients in this case are configured to try and authenticate with the proper username and password. Is there a possibility that there is a race condition of some sort? We have 4 webservers. www1, www2, www3, www4. They all use the same username and password to authenticate and send mail via the same account. Could there be a problem if they try to authenticate simultaneously? Or would it be better to remove the "permit_mynetworks" line, so that they are forced to authenticate properly? Whats weird is that the problem gets fixed by simply restarting the services.
