[Bug 1940603] Re: postfix/smtpd: fatal: no SASL authentication
That change to the file does seem to prevent the error, and I appreciate the help with my immediate problem. I'm still wondering if having the program crash as it did without generating a very useful error message is desirable behavior. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1940603 Title: postfix/smtpd: fatal: no SASL authentication To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/postfix/+bug/1940603/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1940603] Re: postfix/smtpd: fatal: no SASL authentication
** Tags removed: server-next -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1940603 Title: postfix/smtpd: fatal: no SASL authentication To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/postfix/+bug/1940603/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1940603] Re: postfix/smtpd: fatal: no SASL authentication
I finally got around to take another look, sorry for the delay. The problem is the "noplaintext" in smtpd_sasl_security_options Here's a small config diff that fixes the problem: # diff -Naur main.cf.bug main.cf --- main.cf.bug 2021-09-15 19:14:02.919982259 + +++ main.cf 2021-09-15 19:18:04.765338947 + @@ -48,8 +48,7 @@ smtpd_sasl_type = dovecot smtpd_sasl_path = private/auth smtpd_sasl_local_domain = -smtpd_sasl_security_options = noanonymous,noplaintext -smtpd_sasl_tls_security_options = noanonymous +smtpd_tls_auth_only = yes broken_sasl_auth_clients = yes smtpd_sasl_auth_enable = yes smtpd_recipient_restrictions = permit_sasl_authenticated,permit_mynetworks,reject_unauth_destination I believe this confirms the problem to be a local config one so I'll mark the bug as invalid. Let me know if the above diff doesn't make it work for you. ** Changed in: postfix (Ubuntu) Status: New => Invalid -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1940603 Title: postfix/smtpd: fatal: no SASL authentication To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/postfix/+bug/1940603/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1940603] Re: postfix/smtpd: fatal: no SASL authentication
** Tags added: server-next -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1940603 Title: postfix/smtpd: fatal: no SASL authentication To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/postfix/+bug/1940603/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1940603] Re: postfix/smtpd: fatal: no SASL authentication
Any more info you need? I was trying to follow the official Ubuntu server guide ( https://ubuntu.com/server/docs/mail-postfix ) with only a few deviations for things like a different location for SSL files. Are there more problems with that guide? Earlier in this item, you suggested moving authenticated connects off of port 25l but that doesn't happen in thus guide. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1940603 Title: postfix/smtpd: fatal: no SASL authentication To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/postfix/+bug/1940603/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1940603] Re: postfix/smtpd: fatal: no SASL authentication
** Attachment added: "main.cf" https://bugs.launchpad.net/ubuntu/+source/postfix/+bug/1940603/+attachment/5520588/+files/main.cf -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1940603 Title: postfix/smtpd: fatal: no SASL authentication To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/postfix/+bug/1940603/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1940603] Re: postfix/smtpd: fatal: no SASL authentication
** Attachment added: "master.cf" https://bugs.launchpad.net/ubuntu/+source/postfix/+bug/1940603/+attachment/5520589/+files/master.cf -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1940603 Title: postfix/smtpd: fatal: no SASL authentication To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/postfix/+bug/1940603/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1940603] Re: postfix/smtpd: fatal: no SASL authentication
I don't see a 220 message with the nc command either. State Recv-QSend-Q Local Address:PortPeer Address:Port Process LISTEN0 1127.0.0.1:246970.0.0.0:* users:(("IDrive:CDP-serv",pid=15790,fd=4)) LISTEN0 1000.0.0.0:25 0.0.0.0:* users:(("master",pid=2515,fd=13)) LISTEN0 4096 0.0.0.0:4000 0.0.0.0:* users:(("rpc.statd",pid=3079,fd=9)) LISTEN0 1000.0.0.0:993 0.0.0.0:* users:(("dovecot",pid=1471,fd=35)) LISTEN0 1000.0.0.0:143 0.0.0.0:* users:(("dovecot",pid=1471,fd=33)) LISTEN0 4096 0.0.0.0:111 0.0.0.0:* users:(("rpcbind",pid=1103,fd=4),("systemd",pid=1,fd=237)) LISTEN0 4096 127.0.0.53%lo:53 0.0.0.0:* users:(("systemd-resolve",pid=1137,fd=13)) LISTEN0 1280.0.0.0:22 0.0.0.0:* users:(("sshd",pid=1490,fd=3)) LISTEN0 5127.0.0.1:631 0.0.0.0:* users:(("cupsd",pid=8958,fd=7)) LISTEN0 100 [::]:25 [::]:* users:(("master",pid=2515,fd=14)) LISTEN0 4096 [::]:4000[::]:* users:(("rpc.statd",pid=3079,fd=11)) LISTEN0 100 [::]:993 [::]:* users:(("dovecot",pid=1471,fd=36)) LISTEN0 100 [::]:143 [::]:* users:(("dovecot",pid=1471,fd=34)) LISTEN0 4096 [::]:111 [::]:* users:(("rpcbind",pid=1103,fd=6),("systemd",pid=1,fd=239)) LISTEN0 128 [::]:22 [::]:* users:(("sshd",pid=1490,fd=4)) LISTEN0 5[::1]:631 [::]:* users:(("cupsd",pid=8958,fd=6)) -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1940603 Title: postfix/smtpd: fatal: no SASL authentication To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/postfix/+bug/1940603/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1940603] Re: postfix/smtpd: fatal: no SASL authentication
@Todd, I somehow had missed you were already using the smtpd_sasl_tls_security_options config, sorry about that. I don't understand why telnet didn't display the 220 banner as the logs suggest it was sent: Aug 17 04:07:21 kangaroo postfix/smtpd[46495]: > kangaroo.unclet.net[127.0.0.1]: 220 kangaroo.unclet.net ESMTP Postfix (Ubuntu) I doubt it will make a difference but maybe try with `nc -v 127.0.0.1 25` instead? If would be nice if you could provide the output of `sudo ss -nltp`. Also, if you don't mind, please attach the main.cf and master.cf files so I can use them to reproduce here. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1940603 Title: postfix/smtpd: fatal: no SASL authentication To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/postfix/+bug/1940603/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1940603] Re: postfix/smtpd: fatal: no SASL authentication
I didn't think the sasl2-bin package was needed, but someone else suggested I try adding it. Even with the settings that I had, shouldn't I have seen some messages from the server on the telnet connection? (e.g. remote mail server connecting to send mail to an address where this system is the final destination, so no authentication is attempted) If I telnet to port 25 on other servers, I get a 220 message, and then it waits for some command. On this system, I get no message from the server, and the connection is closed within about a second. ** Changed in: postfix (Ubuntu) Status: Incomplete => New -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1940603 Title: postfix/smtpd: fatal: no SASL authentication To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/postfix/+bug/1940603/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1940603] Re: postfix/smtpd: fatal: no SASL authentication
Thank you Simon, marking the bug incomplete until clarification of your configuration hints in regard to the case. ** Changed in: postfix (Ubuntu) Status: New => Incomplete -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1940603 Title: postfix/smtpd: fatal: no SASL authentication To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/postfix/+bug/1940603/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1940603] Re: postfix/smtpd: fatal: no SASL authentication
With postfix using "smtpd_sasl_type = dovecot", you shouldn't need sasl2-bin. I think your test with telnet on port 25 will not work because you have "smtpd_sasl_security_options = noanonymous,noplaintext" which disables "plaintext" type of auth and both LOGIN and PLAIN are in the clear. It's generally advised to enable SASL/authenticated relaying only on TCP/465 and/or TCP/587 where you can (and should) require TLS encryption. Once you use one of those port with mandatory encryption, you can set "smtpd_sasl_tls_security_options = noanonymous" (note the "tls" in the name). For more information, please refer to those: https://doc.dovecot.org/configuration_manual/howto/postfix_and_dovecot_sasl/ http://www.postfix.org/SASL_README.html#smtpd_sasl_security_options HTH, Simon -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1940603 Title: postfix/smtpd: fatal: no SASL authentication To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/postfix/+bug/1940603/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs