* Mufit Eribol <h...@onart.com.tr>:
> Hello,
>
> I have been running postfix at a small company for years without any
> problem. For some reason, now I cannot get 250-AUTH LOGIN PLAIN when
> telnetting to port 25. It may be due to a change in the upgraded
> packages or a misconfiguration by me. Probably, I "fixed" something
> which is not broken.
>
> I can send and receive mail system on ports 465 and 993 using
> SSL/TLS without any issue (seemingly). I am not sure if missing
> "250-AUTH LOGIN PLAIN" is a problem.If I telnet to 465 (or 993) I
> get no response.
>
> Please find below conf details of the system.
Great job on the list of configuration items. At first glance your setup
sounds sane - not so shure on the runpath /run/saslauthd tough.
Have you had a look at the log? Any errors or warnings? Are you running
SELinux enabled? What's the output of the getenforce command?
p@rick
>
> I would appreciate any help.
>
> Mufit Eribol
>
>
> [root@server ~]# telnet mail.xxxxx.com 25
> Trying xxx.xxx.xxx.xxx...
> Connected to mail.xxxxx.com.
> Escape character is '^]'.
> 220 mail.xxxxx.com ESMTP Postfix
> ehlo yyyyy.com
> 250-mail.xxxxx.com
> 250-PIPELINING
> 250-SIZE 50000000
> 250-ETRN
> 250-STARTTLS
> 250-ENHANCEDSTATUSCODES
> 250-8BITMIME
> 250 DSN
> quit
> 221 2.0.0 Bye
> Connection closed by foreign host.
>
> Packages on CentOS 7 system:
> postfix-2.10.1-6.el7.x86_64
> cyrus-sasl-2.1.26-17.el7.x86_64
> cyrus-sasl-devel-2.1.26-17.el7.x86_64
> cyrus-imapd-2.4.17-8.el7_1.x86_64
> cyrus-sasl-plain-2.1.26-17.el7.x86_64
> cyrus-sasl-lib-2.1.26-17.el7.x86_64
> cyrus-imapd-devel-2.4.17-8.el7_1.x86_64
> cyrus-imapd-utils-2.4.17-8.el7_1.x86_64
> cyrus-sasl-md5-2.1.26-17.el7.x86_64
>
> [root@mail ~]# cat /etc/sasl2/smtpd.conf
> pwcheck_method: saslauthd
> mech_list: plain login
>
> [root@mail ~]# ps ax|grep saslauthd
> 577 ? Ss 0:00 /usr/sbin/saslauthd -m /run/saslauthd -a pam
> 578 ? S 0:00 /usr/sbin/saslauthd -m /run/saslauthd -a pam
> 579 ? S 0:00 /usr/sbin/saslauthd -m /run/saslauthd -a pam
> 580 ? S 0:00 /usr/sbin/saslauthd -m /run/saslauthd -a pam
> 581 ? S 0:00 /usr/sbin/saslauthd -m /run/saslauthd -a pam
>
> [root@mail ~]# cat /etc/sysconfig/saslauthd
> SOCKETDIR=/run/saslauthd
> MECH=pam
> FLAGS=
>
> [root@mail ~]# cat /etc/pam.d/smtp (imap is the same)
> auth sufficient pam_mysql.so user=mail passwd=abcd host=127.0.0.1
> db=mail table=accountuser usercolumn=username passwdcolumn=password
> crypt=3 logtable=log logmsgcolumn=msg logusercolumn=user
> loghostcolumn=host logpidcolumn=pid logtimecolumn=time sqllog=yes
>
> account required pam_mysql.so user=mail passwd=abcd host=127.0.0.1
> db=mail table=accountuser usercolumn=username passwdcolumn=password
> crypt=3 logtable=log logmsgcolumn=msg logusercolumn=user
> loghostcolumn=host logpidcolumn=pid logtimecolumn=time
>
> [root@mail ~]# postconf -n
> alias_maps = $alias_database
> append_dot_mydomain = no
> biff = no
> body_checks = regexp:/etc/postfix/body_checks
> broken_sasl_auth_clients = yes
> command_directory = /usr/sbin
> config_directory = /etc/postfix
> content_filter = smtp-amavis:[127.0.0.1]:10024
> daemon_directory = /usr/libexec/postfix
> data_directory = /var/lib/postfix
> debug_peer_level = 2
> debugger_command = PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin
> ddd $daemon_directory/$process_name $process_id & sleep 5
> disable_vrfy_command = yes
> header_checks = regexp:/etc/postfix/header_checks
> html_directory = no
> inet_interfaces = all
> local_destination_concurrency_limit = 5
> local_destination_recipient_limit = 300
> local_recipient_maps = proxy:unix:passwd.byname $alias_maps
> $virtual_alias_maps
> mail_owner = postfix
> mailbox_transport = lmtp:unix:/var/lib/imap/socket/lmtp
> mailq_path = /usr/bin/mailq.postfix
> manpage_directory = /usr/share/man
> message_size_limit = 50000000
> milter_default_action = accept
> milter_protocol = 2
> mydestination = xxxxx.com, $myhostname, localhost.$mydomain,
> localhost, mysql:/etc/postfix/mysql-mydestination.cf
> mydomain = xxxxx.com
> myhostname = mail.xxxxx.com
> mynetworks = 10.0.0.0/24, 127.0.0.0/8
> myorigin = $mydomain
> newaliases_path = /usr/bin/newaliases.postfix
> non_smtpd_milters = $smtpd_milters
> policy_time_limit = 3600s
> queue_directory = /var/spool/postfix
> readme_directory = no
> relay_domains = $mydestination
> sample_directory = /usr/share/doc/postfix-2.10.1/samples
> sender_canonical_maps = mysql:/etc/postfix/mysql-canonical.cf
> sendmail_path = /usr/sbin/sendmail.postfix
> setgid_group = postdrop
> smtp_tls_note_starttls_offer = yes
> smtp_use_tls = yes
> smtpd_banner = $myhostname ESMTP $mail_name
> smtpd_client_connection_count_limit = 0
> smtpd_client_connection_rate_limit = 0
> smtpd_client_message_rate_limit = 0
> smtpd_client_restrictions = check_client_access
> hash:/etc/postfix/client_access, reject_non_fqdn_sender,
> reject_unknown_sender_domain, permit_mynetworks,
> permit_sasl_authenticated, permit
> smtpd_data_restrictions = reject_multi_recipient_bounce,
> reject_unauth_pipelining, permit
> smtpd_delay_reject = yes
> smtpd_error_sleep_time = 1s
> smtpd_hard_error_limit = 20
> smtpd_helo_required = yes
> smtpd_helo_restrictions = permit_mynetworks,
> permit_sasl_authenticated, check_helo_access
> hash:/etc/postfix/helo_access, reject_non_fqdn_helo_hostname,
> reject_invalid_helo_hostname, warn_if_reject
> reject_unknown_helo_hostname, permit
> smtpd_milters = inet:127.0.0.1:8891
> smtpd_recipient_restrictions = permit_mynetworks,
> permit_sasl_authenticated, check_recipient_access
> hash:/etc/postfix/recipient_access, reject_non_fqdn_recipient,
> reject_unknown_recipient_domain, reject_unauth_destination,
> permit_dnswl_client list.dnswl.org, reject_rbl_client
> zen.spamhaus.org, reject_rbl_client bl.spamcop.net,
> reject_rbl_client dnsbl.sorbs.net, check_policy_service
> unix:private/policy check_policy_service unix:postgrey/socket,
> permit
> smtpd_sasl_auth_enable = yes
> smtpd_sasl_local_domain =
> smtpd_sasl_security_options = noanonymous
>
>
> [root@mail ~]# cat master.cf
> smtp inet n - n - - smtpd
> smtp-amavis unix - - n - 2 smtp
> -o smtp_data_done_timeout=1200
> -o smtp_send_xforward_command=yes
> -o disable_dns_lookups=yes
> -o max_use=20
>
> 127.0.0.1:10025 inet n - n - - smtpd
> -o content_filter=
> -o local_recipient_maps=
> -o relay_recipient_maps=
> -o smtpd_restriction_classes=
> -o smtpd_delay_reject=no
> -o smtpd_client_restrictions=permit_mynetworks,reject
> -o smtpd_helo_restrictions=
> -o smtpd_sender_restrictions=
> -o smtpd_recipient_restrictions=permit_mynetworks,reject
> -o smtpd_data_restrictions=reject_unauth_pipelining
> -o smtpd_end_of_data_restrictions=
> -o mynetworks=127.0.0.0/8
> -o smtpd_error_sleep_time=0
> -o smtpd_soft_error_limit=1001
> -o smtpd_hard_error_limit=1000
> -o smtpd_client_connection_count_limit=0
> -o smtpd_client_connection_rate_limit=0
> -o
> receive_override_options=no_header_body_checks,no_unknown_recipient_checks,no_milters,no_address_mappings
> -o local_header_rewrite_clients=
> -o smtpd_milters=
>
> smtps inet n - n - - smtpd
> -o smtpd_tls_wrappermode=yes
>
> pickup unix n - n 60 1 pickup
> cleanup unix n - n - 0 cleanup
> qmgr unix n - n 300 1 qmgr
> tlsmgr unix - - n 1000? 1 tlsmgr
> rewrite unix - - n - - trivial-rewrite
> bounce unix - - n - 0 bounce
> defer unix - - n - 0 bounce
> trace unix - - n - 0 bounce
> verify unix - - n - 1 verify
> flush unix n - n 1000? 0 flush
> proxymap unix - - n - - proxymap
> proxywrite unix - - n - 1 proxymap
> smtp unix - - n - - smtp
> relay unix - - n - - smtp
> -o smtp_fallback_relay=
> showq unix n - n - - showq
> error unix - - n - - error
> retry unix - - n - - error
> discard unix - - n - - discard
> local unix - n n - - local
> virtual unix - n n - - virtual
> lmtp unix - - n - - lmtp
> anvil unix - - n - 1 anvil
> scache unix - - n - 1 scache
> policy unix - n n - - spawn
> user=nobody argv=/usr/bin/perl
> /usr/libexec/postfix/postfix-policyd-spf-perl
>
> [root@mail ~]# cat /etc/cyrus.conf
> START {
> # do not delete this entry!
> recover cmd="ctl_cyrusdb -r"
>
> # this is only necessary if using idled for IMAP IDLE
> idled cmd="idled"
> }
>
> # UNIX sockets start with a slash and are put into /var/lib/imap/sockets
> SERVICES {
> # add or remove based on preferences
> # imap cmd="imapd" listen="imap" prefork=5
> imaplocal cmd="imapd -C /etc/imapd-local.conf"
> listen="127.0.0.1:imap" prefork=0
> imaps cmd="imapd -s" listen="imaps" prefork=1
> imapslocal cmd="imapd -C /etc/imapd-local.conf"
> listen="127.0.0.1:imaps" prefork=0
> # pop3 cmd="pop3d" listen="pop3" prefork=3
> # pop3s cmd="pop3d -s" listen="pop3s" prefork=1
> sieve cmd="timsieved" listen="sieve" prefork=0
> sievelocal cmd="timsieved -C /etc/imapd-local.conf"
> listen="127.0.0.1:sieve" prefork=0
> # nntp cmd="nntpd" listen="nntp" prefork=3
> # nntps cmd="nntpd -s" listen="nntps" prefork=1
>
> # at least one LMTP is required for delivery
> # lmtp cmd="lmtpd" listen="lmtp" prefork=0
> lmtpunix cmd="lmtpd" listen="/var/lib/imap/socket/lmtp" prefork=0
>
> # this is only necessary if using notifications
> # notify cmd="notifyd" listen="/var/lib/imap/socket/notify"
> proto="udp" prefork=1
> }
>
> EVENTS {
> # this is required
> checkpoint cmd="ctl_cyrusdb -c" period=30
>
> # this is only necessary if using duplicate delivery suppression,
> # Sieve or NNTP
> delprune cmd="cyr_expire -E 3" at=0400
>
> # this is only necessary if caching TLS sessions
> tlsprune cmd="tls_prune" at=0400
> }
>
> [root@mail ~]# cat /etc/imapd.conf:
> postmaster: postmaster
> configdirectory: /var/lib/imap
> partition-default: /var/spool/imap
> #admins: cyrus
> allowanonymouslogin: no
> allowplaintext: no
> #tls_require_cert: 1
> sasl_minimum_layer: 128
> servername: mail.xxxxx.com
> autocreatequota: 200000
> maxmessagesize: 0
> reject8bit: 0
> munge8bit: 0
> quotawarn: 90
> timeout: 30
> poptimeout: 10
> dracinterval: 0
> drachost: localhost
> sasl_pwcheck_method: saslauthd
> sasl_mech_list: PLAIN
> sievedir: /var/lib/imap/sieve
> sieve_maxscriptsize: 32
> sieve_maxscripts: 5
> sieve_allowplaintext: 1
> sendmail: /usr/sbin/sendmail
> #hashimapspool: true
> #unixhierarchysep: yes
> #autocreateinboxfolders: Sent | Drafts | Trash | Spam
> #autocreate_sieve_script: /var/lib/imap/sieve/global/spam
> #autocreate_sieve_compiledscript: /var/lib/imap/sieve/global/spam.bc
> #generate_compiled_sieve_script: yes
> tls_cert_file: /etc/pki/tls/certs/xxxxx.com.crt
> tls_key_file: /etc/pki/tls/private/xxxxx.com.key
> tls_ca_file: /etc/pki/tls/certs/xxxxx.com.crt
> #defaultdomain: mail
>
> [root@mail ~]# cat /etc/imapd-local.conf:
> postmaster: postmaster
> configdirectory: /var/lib/imap
> partition-default: /var/spool/imap
> admins: cyrus
> allowanonymouslogin: no
> allowplaintext: yes
> servername: mail.xxxxx.com
> autocreatequota: 1000000
> maxmessagesize: 0
> reject8bit: no
> quotawarn: 90
> timeout: 30
> poptimeout: 10
> dracinterval: 0
> drachost: localhost
> sasl_pwcheck_method: saslauthd
> sasl_mech_list: PLAIN
> sievedir: /var/lib/imap/sieve
> sieve_maxscriptsize: 32
> sieve_maxscripts: 5
> sendmail: /usr/sbin/sendmail
>
>
--
[*] sys4 AG
https://sys4.de, +49 (89) 30 90 46 64
Franziskanerstraße 15, 81669 München
Sitz der Gesellschaft: München, Amtsgericht München: HRB 199263
Vorstand: Patrick Ben Koetter, Marc Schiffbauer
Aufsichtsratsvorsitzender: Florian Kirstein
