Hi, I followed instructions on The Perfect Server - Fedora 12 x86_64 [ISPConfig 3]. Everything works fine except smtp client auth. I switched on debug level logging in saslauth, and now I have the following error: Anonymous TLS connection established from unknown[192.168.1.110]: TLSv1 with cipher RC4-MD5 (128/128 bits) warning: SASL authentication problem: unable to open Berkeley db /etc/sasldb2: No such file or directory warning: SASL authentication problem: unable to open Berkeley db /etc/sasldb2: No such file or directory warning: unknown[192.168.1.110]: SASL LOGIN authentication failed: authentication failure SSL3 alert write:fatalrotocol version warning: TLS library problem: 12957:error:1408F10B:SSL routines:SSL3_GET_RECORD:wrong version number:s3_pkt.c:338: There is no /etc/sasldb2. This file does not exists in my computer. here's my /usr/lib64/sasl2/smtpd.conf: pwcheck_method: authdaemond log_level: 4 mech_list: PLAIN LOGIN authdaemond_path:/var/spool/authdaemon/socket here's my /etc/sysconfig/saslauthd: SOCKETDIR=/var/run/saslauthd MECH=pam FLAGS= here's my /etc/postfix/main.cf: queue_directory = /var/spool/postfix command_directory = /usr/sbin daemon_directory = /usr/libexec/postfix data_directory = /var/lib/postfix mail_owner = postfix inet_interfaces = all inet_protocols = all mydestination = mail.test.domain, localhost, localhost.localdomain unknown_local_recipient_reject_code = 550 debug_peer_level = 2 debugger_command = PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin ddd $daemon_directory/$process_name $process_id & sleep 5 sendmail_path = /usr/sbin/sendmail.postfix newaliases_path = /usr/bin/newaliases.postfix mailq_path = /usr/bin/mailq.postfix setgid_group = postdrop html_directory = no manpage_directory = /usr/share/man sample_directory = /usr/share/doc/postfix-2.6.5/samples readme_directory = /usr/share/doc/postfix-2.6.5/README_FILES myhostname = mail.test.domain mynetworks = 127.0.0.0/8 [::1]/128 virtual_alias_domains = virtual_alias_maps = proxy:mysql:/etc/postfix/mysql-virtual_forwardings.cf, mysql:/etc/postfix/mysql-virtual_email2email.cf virtual_mailbox_domains = proxy:mysql:/etc/postfix/mysql-virtual_domains.cf virtual_mailbox_maps = proxy:mysql:/etc/postfix/mysql-virtual_mailboxes.cf virtual_mailbox_base = /var/vmail virtual_uid_maps = static:5000 virtual_gid_maps = static:5000 smtpd_sasl_auth_enable = yes smtpd_sasl_path = /usr/lib64/sasl2/smtpd.conf broken_sasl_auth_clients = yes smtpd_sasl_authenticated_header = yes disable_vrfy_command = yes smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, check_recipient_access mysql:/etc/postfix/mysql-virtual_recipient.cf, reject_unauth_destination smtpd_use_tls = yes smtpd_tls_security_level = may smtpd_tls_cert_file = /etc/postfix/mail.test.domain.cer smtpd_tls_key_file = /etc/postfix/mail.test.domain.key smtpd_tls_loglevel = 3 tls_cipher_list = all tls_random_source = dev:/dev/urandom transport_maps = proxy:mysql:/etc/postfix/mysql-virtual_transports.cf relay_domains = mysql:/etc/postfix/mysql-virtual_relaydomains.cf virtual_create_maildirsize = yes virtual_maildir_extended = yes virtual_mailbox_limit_maps = proxy:mysql:/etc/postfix/mysql-virtual_mailbox_limit_maps.cf virtual_mailbox_limit_override = yes virtual_maildir_limit_message = "The user you are trying to reach is over quota." virtual_overquota_bounce = yes proxy_read_maps = $local_recipient_maps $mydestination $virtual_alias_maps $virtual_alias_domains $virtual_mailbox_maps $virtual_mailbox_domains $relay_recipient_maps $relay_domains $canonical_maps $sender_canonical_maps $recipient_canonical_maps $relocated_maps $transport_maps $mynetworks $virtual_mailbox_limit_maps smtpd_sender_restrictions = check_sender_access mysql:/etc/postfix/mysql-virtual_sender.cf smtpd_client_restrictions = check_client_access mysql:/etc/postfix/mysql-virtual_client.cf maildrop_destination_concurrency_limit = 1 maildrop_destination_recipient_limit = 1 virtual_transport = maildrop header_checks = regexp:/etc/postfix/header_checks mime_header_checks = regexp:/etc/postfix/mime_header_checks nested_header_checks = regexp:/etc/postfix/nested_header_checks body_checks = regexp:/etc/postfix/body_checks content_filter = amavis:[127.0.0.1]:10024 receive_override_options = no_address_mappings relayhost = mailbox_size_limit = 0 message_size_limit = 0 here's my /etc/postfix/master.cf: # service type private unpriv chroot wakeup maxproc command + args # (yes) (yes) (yes) (never) (100) smtp inet n - n - - smtpd pickup fifo n - n 60 1 pickup cleanup unix n - n - 0 cleanup qmgr fifo n - n 300 1 qmgr #qmgr fifo n - n 300 1 oqmgr tlsmgr unix - - n 1000? 1 tlsmgr rewrite unix - - n - - trivial-rewrite bounce unix - - n - 0 bounce defer unix - - n - 0 bounce trace unix - - n - 0 bounce verify unix - - n - 1 verify flush unix n - n 1000? 0 flush proxymap unix - - n - - proxymap proxywrite unix - - n - 1 proxymap smtp unix - - n - - smtp relay unix - - n - - smtp -o smtp_fallback_relay= showq unix n - n - - showq error unix - - n - - error retry unix - - n - - error discard unix - - n - - discard local unix - n n - - local virtual unix - n n - - virtual lmtp unix - - n - - lmtp anvil unix - - n - 1 anvil scache unix - - n - 1 scache maildrop unix - n n - - pipe flags=DRhu user=vmail argv=/usr/bin/maildrop -d ${recipient} ${extension} ${recipient} ${user} ${nexthop} ${sender} amavis unix - - - - 2 smtp -o smtp_data_done_timeout=1200 -o smtp_send_xforward_command=yes 127.0.0.1:10025 inet n - - - - smtpd -o content_filter= -o local_recipient_maps= -o relay_recipient_maps= -o smtpd_restriction_classes= -o smtpd_client_restrictions= -o smtpd_helo_restrictions= -o smtpd_sender_restrictions= -o smtpd_recipient_restrictions=permit_mynetworks,reject -o mynetworks=127.0.0.0/8 -o strict_rfc821_envelopes=yes -o receive_override_options=no_unknown_recipient_checks,no_header_body_checks -o smtpd_bind_address=127.0.0.1 I changed the following things after the installation: -replaced the certificates of postfix -set up two new mail users via ispconfig web -set up relayhost via ispconfig email routing : * smtp:[sms.test.domain] # brightmail I use my Windows client with Outlook Express for testing, I can recive mail via POP3S. I cannot send with the error up (at client side it looks like wrong password). The following versions I have: postfix-2.6.5-2.fc12.x86_64 cyrus-sasl-2.1.23-8.fc12.x86_64 cyrus-sasl-lib-2.1.23-8.fc12.x86_64 cyrus-sasl-plain-2.1.23-8.fc12.x86_64 cyrus-sasl-devel-2.1.23-8.fc12.x86_64 courier-authlib-mysql-0.62.4-1.fc12.x86_64 courier-authlib-devel-0.62.4-1.fc12.x86_64 courier-imap-4.6.0-1.12.x86_64 courier-authlib-0.62.4-1.fc12.x86_64 many thanks for any idea BB
Some more info: # saslauthd -v saslauthd 2.1.23 authentication mechanisms: getpwent kerberos5 pam rimap shadow ldap /etc/pam.d/smtp auth required pam_mysql.so user=ispconfig passwd=XXXXXXX host=127.0.0.1 db=dbispconfig table=mail_user usercolumn=email passwdcolumn=password crypt=1 account sufficient pam_mysql.so user=ispconfig passwd=XXXXXXX host=127.0.0.1 db=dbispconfig table=mail_user usercolumn=email passwdcolumn=password crypt=1
This error is really SSL3 related. I made the following tests: openssl s_client -starttls smtp -connect localhost:25 -works fine openssl s_client -ssl2 -state -debug -msg -connect localhost:25 - works fine openssl s_client -ssl3 -state -debug -msg -connect localhost:25 - gives the same error Please HELP!!!!
Hello again I changed the email client to Incredimail and the SSLv3 error has disappeared from my log. It's still not working, but reading these logs it's rather some authentication problem than SSL. (If I change back to Outlook Express I have still the same error) Apr 17 17:40:12 mail postfix/smtpd[2835]: warning: SASL authentication problem: unable to open Berkeley db /etc/sasldb2: No such file or directory Apr 17 17:40:12 mail postfix/smtpd[2835]: warning: SASL authentication problem: unable to open Berkeley db /etc/sasldb2: No such file or directory Apr 17 17:40:12 mail postfix/smtpd[2835]: warning: SASL authentication problem: unable to open Berkeley db /etc/sasldb2: No such file or directory Apr 17 17:40:12 mail postfix/smtpd[2835]: warning: SASL authentication problem: unable to open Berkeley db /etc/sasldb2: No such file or directory Apr 17 17:40:12 mail postfix/smtpd[2835]: warning: unknown[192.168.7.110]: SASL LOGIN authentication failed: authentication failure client's log is the following: 535 5.7.8 Error: authentication failed: authentication failure Help still needed
I wonder why it tries to access /etc/sasldb2 - this shouldn't be needed. What's the output of Code: uname -a ?
Hello! # uname -a Linux mail.domain.test 2.6.32.11-99.fc12.x86_64 #1 SMP Mon Apr 5 19:59:38 UTC 2010 x86_64 x86_64 x86_64 GNU/Linux One friend looked to my config and made some changes: 1. stopped saslauthd - it is unnecessary -he told 2. moved the socket of authdaemond to /var/spool/postfix/var/spool/authdaeomn/socket (or created a link - it was totally not clear for me what he did actually) 3. copied the the file /usr/lib64/sasl2/smtpd.conf to /etc/postfix/sasl/smtpd.conf 4. the warning: SASL authentication problem: unable to open Berkeley db /etc/sasldb2: No such file or directory error is a small bug and irrevelant. After placing an empty sasldb2 file to the /etc/ it disappeared - but again, it is irrevelant Now it's woking fine except one thing. Microsoft email clients cannot send email. It works with thunderbird but with Outlook Express or Live Mail it gives me relaying denied error at client side. The server side error is the following: Apr 19 13:00:49 mail postfix/smtpd[9557]: initializing the server-side TLS engine Apr 19 13:00:53 mail postfix/smtpd[9557]: connect from unknown[192.168.1.197] Apr 19 13:00:53 mail postfix/smtpd[9557]: setting up TLS connection from unknown[192.168.7.197] Apr 19 13:00:53 mail postfix/smtpd[9557]: unknown[192.168.1.197]: TLS cipher list "ALL:!EXPORT:!LOW:+RC4STRENGTH" Apr 19 13:00:53 mail postfix/smtpd[9557]: SSL_accept:before/accept initialization Apr 19 13:00:53 mail postfix/smtpd[9557]: SSL_accept:SSLv3 read client hello B Apr 19 13:00:53 mail postfix/smtpd[9557]: SSL_accept:SSLv3 write server hello A Apr 19 13:00:53 mail postfix/smtpd[9557]: SSL_accept:SSLv3 write certificate A Apr 19 13:00:53 mail postfix/smtpd[9557]: SSL_accept:SSLv3 write server done A Apr 19 13:00:53 mail postfix/smtpd[9557]: SSL_accept:SSLv3 flush data Apr 19 13:00:53 mail postfix/smtpd[9557]: SSL_accept:SSLv3 read client key exchange A Apr 19 13:00:53 mail postfix/smtpd[9557]: SSL_accept:SSLv3 read finished A Apr 19 13:00:53 mail postfix/smtpd[9557]: SSL_accept:SSLv3 write change cipher spec A Apr 19 13:00:53 mail postfix/smtpd[9557]: SSL_accept:SSLv3 write finished A Apr 19 13:00:53 mail postfix/smtpd[9557]: SSL_accept:SSLv3 flush data Apr 19 13:00:53 mail postfix/smtpd[9557]: Anonymous TLS connection established from unknown[192.168.1.197]: TLSv1 with cipher AES128-SHA (128/128 bits) Apr 19 13:00:54 mail postfix/smtpd[9557]: NOQUEUE: reject: RCPT from unknown[192.168.1.197]: 554 5.7.1 <unknown[192.168.1.197]>: Client host rejected: Access denied; from=<[email protected]> to=<[email protected]> proto=ESMTP helo=<BBAJMOCZI> Apr 19 13:00:54 mail postfix/smtpd[9557]: disconnect from unknown[192.168.1.197] Any idea for MS clients?
Hi all, It finally works Previos comment line 3 (copied the the file /usr/lib64/sasl2/smtpd.conf to /etc/postfix/sasl/smtpd.conf) does nothing. It uses the original /usr/lib64/sasl2/smtpd.conf file. mech_list: PLAIN LOGIN LOGIN was missing from there. Thanks
