SASL for outgoing mail

Sun, 25 Mar 2012 22:00:58 -0700

I'm having trouble with SASL when relaying and don't know if the problem is with the client (thunderbird), the server, or the fact I've been at this for going on 12 hours now. 

shortened log entries:
SSL_accept:before/accept initialization
...
SSL_accept:SSLv3 read finished A
Reusing old session

Anonymous TLS connection established from ... TLSv1 with cipher 
ECDHE-RSA-AES256-SHA (256/256 bits)

warning: SASL authentication failure: Password verification failed
SASL PLAIN authentication failed: authentication failure
SASL LOGIN authentication failed: authentication failure


I'd enabled TLS because I thought SASL had been finally conquered. But 
i'd forgotten to go back and check outgoing first. Anyway, TLS appears 
to be fine so I've left it on.



$ sudo sasldblistusers2
cyrus@demeter: userPassword
test@demeter: userPassword

$ sudo testsaslauthd -u test -p test
0: OK "Success."

main.cf:
broken_sasl_auth_clients = yes
smtpd_sasl_auth_enable = yes
smtpd_sasl_authenticated_header = no
smtpd_sasl_local_domain = $mydomain
smtpd_sasl_path = smtpd
smtpd_sasl_security_options = noanonymous


/etc/postfix/sasl/smtpd.conf:
pwcheck_method: auxprop
auxprop_plugin: sasldb
mech_list: PLAIN LOGIN

telnet shows me:
250-AUTH PLAIN LOGIN
250-AUTH=PLAIN LOGIN

master.cf:
smtp      inet  n       -       n       -       -       smtpd
submission inet n       -       n       -       -       smtpd
  -o smtpd_sasl_auth_enable=yes

  -o smtpd_client_restrictions=permit_mynetworks, 
permit_sasl_authenticated,reject


I also tried adding the following under submission:

  -o smtpd_sasl_local_domain=DOMAIN.org
  -o smtpd_sasl_path=smtpd


It's not clear to me if these need to be added in master.cf. If so, are 
there other params that need be included?


(BONUS: can I use $mydomain here?)

The mail client's outgoing  server is set to:

port: 587
username: test
secure authentication: no
connection security: STARTTLS

I've tried with both STARTTLS & none.

I've also tried with test & t...@domain.org


I've set up Postfix/CyrusIMAP with SASL & TLS before but always with 
virtual mailboxes. I foolishly thought that this time was going to be a 
piece of cake because there's only going to be a single domain for this 
server.



I've also usually created mailboxes of the form f...@domain.tld but that 
led to several hours of grief for some reason this time. I'm fine with 
just having bare usernames in sasldb2 but don't know if that's the 
problem here.



And it finally works to open inboxes. I just can't send out. As I said, 
it's been 12 hours now and I'm losing my way and loathe to start 
changing things again and breaking something else. Can anyone suggest 
something to check?





















					Reply via email to