* Mufit Eribol <h...@onart.com.tr>: > Hello, > > I have been running postfix at a small company for years without any > problem. For some reason, now I cannot get 250-AUTH LOGIN PLAIN when > telnetting to port 25. It may be due to a change in the upgraded > packages or a misconfiguration by me. Probably, I "fixed" something > which is not broken. > > I can send and receive mail system on ports 465 and 993 using > SSL/TLS without any issue (seemingly). I am not sure if missing > "250-AUTH LOGIN PLAIN" is a problem.If I telnet to 465 (or 993) I > get no response. > > Please find below conf details of the system.
Great job on the list of configuration items. At first glance your setup sounds sane - not so shure on the runpath /run/saslauthd tough. Have you had a look at the log? Any errors or warnings? Are you running SELinux enabled? What's the output of the getenforce command? p@rick > > I would appreciate any help. > > Mufit Eribol > > > [root@server ~]# telnet mail.xxxxx.com 25 > Trying xxx.xxx.xxx.xxx... > Connected to mail.xxxxx.com. > Escape character is '^]'. > 220 mail.xxxxx.com ESMTP Postfix > ehlo yyyyy.com > 250-mail.xxxxx.com > 250-PIPELINING > 250-SIZE 50000000 > 250-ETRN > 250-STARTTLS > 250-ENHANCEDSTATUSCODES > 250-8BITMIME > 250 DSN > quit > 221 2.0.0 Bye > Connection closed by foreign host. > > Packages on CentOS 7 system: > postfix-2.10.1-6.el7.x86_64 > cyrus-sasl-2.1.26-17.el7.x86_64 > cyrus-sasl-devel-2.1.26-17.el7.x86_64 > cyrus-imapd-2.4.17-8.el7_1.x86_64 > cyrus-sasl-plain-2.1.26-17.el7.x86_64 > cyrus-sasl-lib-2.1.26-17.el7.x86_64 > cyrus-imapd-devel-2.4.17-8.el7_1.x86_64 > cyrus-imapd-utils-2.4.17-8.el7_1.x86_64 > cyrus-sasl-md5-2.1.26-17.el7.x86_64 > > [root@mail ~]# cat /etc/sasl2/smtpd.conf > pwcheck_method: saslauthd > mech_list: plain login > > [root@mail ~]# ps ax|grep saslauthd > 577 ? Ss 0:00 /usr/sbin/saslauthd -m /run/saslauthd -a pam > 578 ? S 0:00 /usr/sbin/saslauthd -m /run/saslauthd -a pam > 579 ? S 0:00 /usr/sbin/saslauthd -m /run/saslauthd -a pam > 580 ? S 0:00 /usr/sbin/saslauthd -m /run/saslauthd -a pam > 581 ? S 0:00 /usr/sbin/saslauthd -m /run/saslauthd -a pam > > [root@mail ~]# cat /etc/sysconfig/saslauthd > SOCKETDIR=/run/saslauthd > MECH=pam > FLAGS= > > [root@mail ~]# cat /etc/pam.d/smtp (imap is the same) > auth sufficient pam_mysql.so user=mail passwd=abcd host=127.0.0.1 > db=mail table=accountuser usercolumn=username passwdcolumn=password > crypt=3 logtable=log logmsgcolumn=msg logusercolumn=user > loghostcolumn=host logpidcolumn=pid logtimecolumn=time sqllog=yes > > account required pam_mysql.so user=mail passwd=abcd host=127.0.0.1 > db=mail table=accountuser usercolumn=username passwdcolumn=password > crypt=3 logtable=log logmsgcolumn=msg logusercolumn=user > loghostcolumn=host logpidcolumn=pid logtimecolumn=time > > [root@mail ~]# postconf -n > alias_maps = $alias_database > append_dot_mydomain = no > biff = no > body_checks = regexp:/etc/postfix/body_checks > broken_sasl_auth_clients = yes > command_directory = /usr/sbin > config_directory = /etc/postfix > content_filter = smtp-amavis:[127.0.0.1]:10024 > daemon_directory = /usr/libexec/postfix > data_directory = /var/lib/postfix > debug_peer_level = 2 > debugger_command = PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin > ddd $daemon_directory/$process_name $process_id & sleep 5 > disable_vrfy_command = yes > header_checks = regexp:/etc/postfix/header_checks > html_directory = no > inet_interfaces = all > local_destination_concurrency_limit = 5 > local_destination_recipient_limit = 300 > local_recipient_maps = proxy:unix:passwd.byname $alias_maps > $virtual_alias_maps > mail_owner = postfix > mailbox_transport = lmtp:unix:/var/lib/imap/socket/lmtp > mailq_path = /usr/bin/mailq.postfix > manpage_directory = /usr/share/man > message_size_limit = 50000000 > milter_default_action = accept > milter_protocol = 2 > mydestination = xxxxx.com, $myhostname, localhost.$mydomain, > localhost, mysql:/etc/postfix/mysql-mydestination.cf > mydomain = xxxxx.com > myhostname = mail.xxxxx.com > mynetworks = 10.0.0.0/24, 127.0.0.0/8 > myorigin = $mydomain > newaliases_path = /usr/bin/newaliases.postfix > non_smtpd_milters = $smtpd_milters > policy_time_limit = 3600s > queue_directory = /var/spool/postfix > readme_directory = no > relay_domains = $mydestination > sample_directory = /usr/share/doc/postfix-2.10.1/samples > sender_canonical_maps = mysql:/etc/postfix/mysql-canonical.cf > sendmail_path = /usr/sbin/sendmail.postfix > setgid_group = postdrop > smtp_tls_note_starttls_offer = yes > smtp_use_tls = yes > smtpd_banner = $myhostname ESMTP $mail_name > smtpd_client_connection_count_limit = 0 > smtpd_client_connection_rate_limit = 0 > smtpd_client_message_rate_limit = 0 > smtpd_client_restrictions = check_client_access > hash:/etc/postfix/client_access, reject_non_fqdn_sender, > reject_unknown_sender_domain, permit_mynetworks, > permit_sasl_authenticated, permit > smtpd_data_restrictions = reject_multi_recipient_bounce, > reject_unauth_pipelining, permit > smtpd_delay_reject = yes > smtpd_error_sleep_time = 1s > smtpd_hard_error_limit = 20 > smtpd_helo_required = yes > smtpd_helo_restrictions = permit_mynetworks, > permit_sasl_authenticated, check_helo_access > hash:/etc/postfix/helo_access, reject_non_fqdn_helo_hostname, > reject_invalid_helo_hostname, warn_if_reject > reject_unknown_helo_hostname, permit > smtpd_milters = inet:127.0.0.1:8891 > smtpd_recipient_restrictions = permit_mynetworks, > permit_sasl_authenticated, check_recipient_access > hash:/etc/postfix/recipient_access, reject_non_fqdn_recipient, > reject_unknown_recipient_domain, reject_unauth_destination, > permit_dnswl_client list.dnswl.org, reject_rbl_client > zen.spamhaus.org, reject_rbl_client bl.spamcop.net, > reject_rbl_client dnsbl.sorbs.net, check_policy_service > unix:private/policy check_policy_service unix:postgrey/socket, > permit > smtpd_sasl_auth_enable = yes > smtpd_sasl_local_domain = > smtpd_sasl_security_options = noanonymous > > > [root@mail ~]# cat master.cf > smtp inet n - n - - smtpd > smtp-amavis unix - - n - 2 smtp > -o smtp_data_done_timeout=1200 > -o smtp_send_xforward_command=yes > -o disable_dns_lookups=yes > -o max_use=20 > > 127.0.0.1:10025 inet n - n - - smtpd > -o content_filter= > -o local_recipient_maps= > -o relay_recipient_maps= > -o smtpd_restriction_classes= > -o smtpd_delay_reject=no > -o smtpd_client_restrictions=permit_mynetworks,reject > -o smtpd_helo_restrictions= > -o smtpd_sender_restrictions= > -o smtpd_recipient_restrictions=permit_mynetworks,reject > -o smtpd_data_restrictions=reject_unauth_pipelining > -o smtpd_end_of_data_restrictions= > -o mynetworks=127.0.0.0/8 > -o smtpd_error_sleep_time=0 > -o smtpd_soft_error_limit=1001 > -o smtpd_hard_error_limit=1000 > -o smtpd_client_connection_count_limit=0 > -o smtpd_client_connection_rate_limit=0 > -o > receive_override_options=no_header_body_checks,no_unknown_recipient_checks,no_milters,no_address_mappings > -o local_header_rewrite_clients= > -o smtpd_milters= > > smtps inet n - n - - smtpd > -o smtpd_tls_wrappermode=yes > > pickup unix n - n 60 1 pickup > cleanup unix n - n - 0 cleanup > qmgr unix n - n 300 1 qmgr > tlsmgr unix - - n 1000? 1 tlsmgr > rewrite unix - - n - - trivial-rewrite > bounce unix - - n - 0 bounce > defer unix - - n - 0 bounce > trace unix - - n - 0 bounce > verify unix - - n - 1 verify > flush unix n - n 1000? 0 flush > proxymap unix - - n - - proxymap > proxywrite unix - - n - 1 proxymap > smtp unix - - n - - smtp > relay unix - - n - - smtp > -o smtp_fallback_relay= > showq unix n - n - - showq > error unix - - n - - error > retry unix - - n - - error > discard unix - - n - - discard > local unix - n n - - local > virtual unix - n n - - virtual > lmtp unix - - n - - lmtp > anvil unix - - n - 1 anvil > scache unix - - n - 1 scache > policy unix - n n - - spawn > user=nobody argv=/usr/bin/perl > /usr/libexec/postfix/postfix-policyd-spf-perl > > [root@mail ~]# cat /etc/cyrus.conf > START { > # do not delete this entry! > recover cmd="ctl_cyrusdb -r" > > # this is only necessary if using idled for IMAP IDLE > idled cmd="idled" > } > > # UNIX sockets start with a slash and are put into /var/lib/imap/sockets > SERVICES { > # add or remove based on preferences > # imap cmd="imapd" listen="imap" prefork=5 > imaplocal cmd="imapd -C /etc/imapd-local.conf" > listen="127.0.0.1:imap" prefork=0 > imaps cmd="imapd -s" listen="imaps" prefork=1 > imapslocal cmd="imapd -C /etc/imapd-local.conf" > listen="127.0.0.1:imaps" prefork=0 > # pop3 cmd="pop3d" listen="pop3" prefork=3 > # pop3s cmd="pop3d -s" listen="pop3s" prefork=1 > sieve cmd="timsieved" listen="sieve" prefork=0 > sievelocal cmd="timsieved -C /etc/imapd-local.conf" > listen="127.0.0.1:sieve" prefork=0 > # nntp cmd="nntpd" listen="nntp" prefork=3 > # nntps cmd="nntpd -s" listen="nntps" prefork=1 > > # at least one LMTP is required for delivery > # lmtp cmd="lmtpd" listen="lmtp" prefork=0 > lmtpunix cmd="lmtpd" listen="/var/lib/imap/socket/lmtp" prefork=0 > > # this is only necessary if using notifications > # notify cmd="notifyd" listen="/var/lib/imap/socket/notify" > proto="udp" prefork=1 > } > > EVENTS { > # this is required > checkpoint cmd="ctl_cyrusdb -c" period=30 > > # this is only necessary if using duplicate delivery suppression, > # Sieve or NNTP > delprune cmd="cyr_expire -E 3" at=0400 > > # this is only necessary if caching TLS sessions > tlsprune cmd="tls_prune" at=0400 > } > > [root@mail ~]# cat /etc/imapd.conf: > postmaster: postmaster > configdirectory: /var/lib/imap > partition-default: /var/spool/imap > #admins: cyrus > allowanonymouslogin: no > allowplaintext: no > #tls_require_cert: 1 > sasl_minimum_layer: 128 > servername: mail.xxxxx.com > autocreatequota: 200000 > maxmessagesize: 0 > reject8bit: 0 > munge8bit: 0 > quotawarn: 90 > timeout: 30 > poptimeout: 10 > dracinterval: 0 > drachost: localhost > sasl_pwcheck_method: saslauthd > sasl_mech_list: PLAIN > sievedir: /var/lib/imap/sieve > sieve_maxscriptsize: 32 > sieve_maxscripts: 5 > sieve_allowplaintext: 1 > sendmail: /usr/sbin/sendmail > #hashimapspool: true > #unixhierarchysep: yes > #autocreateinboxfolders: Sent | Drafts | Trash | Spam > #autocreate_sieve_script: /var/lib/imap/sieve/global/spam > #autocreate_sieve_compiledscript: /var/lib/imap/sieve/global/spam.bc > #generate_compiled_sieve_script: yes > tls_cert_file: /etc/pki/tls/certs/xxxxx.com.crt > tls_key_file: /etc/pki/tls/private/xxxxx.com.key > tls_ca_file: /etc/pki/tls/certs/xxxxx.com.crt > #defaultdomain: mail > > [root@mail ~]# cat /etc/imapd-local.conf: > postmaster: postmaster > configdirectory: /var/lib/imap > partition-default: /var/spool/imap > admins: cyrus > allowanonymouslogin: no > allowplaintext: yes > servername: mail.xxxxx.com > autocreatequota: 1000000 > maxmessagesize: 0 > reject8bit: no > quotawarn: 90 > timeout: 30 > poptimeout: 10 > dracinterval: 0 > drachost: localhost > sasl_pwcheck_method: saslauthd > sasl_mech_list: PLAIN > sievedir: /var/lib/imap/sieve > sieve_maxscriptsize: 32 > sieve_maxscripts: 5 > sendmail: /usr/sbin/sendmail > > -- [*] sys4 AG https://sys4.de, +49 (89) 30 90 46 64 Franziskanerstraße 15, 81669 München Sitz der Gesellschaft: München, Amtsgericht München: HRB 199263 Vorstand: Patrick Ben Koetter, Marc Schiffbauer Aufsichtsratsvorsitzender: Florian Kirstein