Postfix and SMTP-AUTH again

Discussion in 'Server Operation' started by joerg, Jan 27, 2008.

  1. joerg

    joerg New Member

    Hello all,

    sorry for asking the same thing (nearly) again, but in the existing threads I was not able to find the silver bullet so far.

    Based on SuSE 10.3 (64bit) I try to set up a working Postfix / Courier-authlib solution. Being logged on the host itself, via telnet it is possible to send my test mails to external addresses. But so far I was neither able to do the same from remote, nor to connect my Outlook / Outlook Express / Evolution client to my mail server (yes, I have set the "outbound server requires authentication" flag).

    What information do you need to narrow down the problem? As a starting point, the corresponding log entry (/var/log/mail) looks:

    postfix/smtpd[9610]: NOQUEUE: reject: RCPT from[xx.xx.xx.xx]: 554 5.7.1 <[email protected]>: Relay access denied; from=<[email protected]> to=<[email protected]> proto=ESMTP helo=<myclient>
    My /etc/sasl2/smtpd.conf reads:

    pwcheck_method: authdaemond
    mech_list: login
    authdaemond_path: /var/run/authdaemon.courier-imap/socket
    log_level: 3
    And the uncommented lines of my /etc/authlib/authdaemonrc are:

    authmodulelistorig="authuserdb authpam authpgsql authldap authmysql authcustom authpipe"
    And the /etc/authlib/authmysqlrc is:

    MYSQL_USERNAME mysql_mail_user
    MYSQL_PASSWORD mysql_mail_user_password
    MYSQL_PORT 3306
    MYSQL_USER_TABLE mailboxes
    MYSQL_HOME_FIELD "/var/mail/vmail"
    MYSQL_MAILDIR_FIELD concat(substring_index(email,'@',-1),'/',substring_index(email,'@',1),'/')
    I would appreciate any advice, thank you in advance,

    Last edited: Jan 27, 2008
  2. joerg

    joerg New Member

    Supplied more information, see above. Thank you for digging through...
  3. falko

    falko Super Moderator ISPConfig Developer

    I'd try
    mech_list: login plain
    in the smtpd.conf.
  4. joerg

    joerg New Member


    thanks for replying!

    I think I had declared the plain mechanism before, but to be on the safe side, I inserted it again. It had absolutely no effect, everything behaves exactly as before.

    Btw, just to understand what I'm doing: Shouldn't the declaration of plain in the smtpd.conf mean, that I hadn't to provide a password at all?

    Either way, as it still doesn't work - any other ideas?

    Thank you very much!
  5. falko

    falko Super Moderator ISPConfig Developer

    Do you use the right username (must be an email address) and password in your email client?
  6. joerg

    joerg New Member


    yes, sure, the username is the full email address. I'll post the in a few moments, if you think it can help...?

  7. joerg

    joerg New Member

    Here now, see the below:

    queue_directory = /var/spool/postfix
    command_directory = /usr/sbin
    daemon_directory = /usr/lib/postfix
    mail_owner = postfix
    unknown_local_recipient_reject_code = 550
    debug_peer_level = 2
    debugger_command =
    	 xxgdb $daemon_directory/$process_name $process_id & sleep 5
    sendmail_path = /usr/sbin/sendmail
    newaliases_path = /usr/bin/newaliases
    mailq_path = /usr/bin/mailq
    setgid_group = maildrop
    html_directory = /usr/share/doc/packages/postfix/html
    manpage_directory = /usr/share/man
    sample_directory = /usr/share/doc/packages/postfix/samples
    readme_directory = /usr/share/doc/packages/postfix/README_FILES
    inet_protocols = all
    biff = no
    mail_spool_directory = /var/mail
    canonical_maps = hash:/etc/postfix/canonical
    virtual_alias_maps = mysql:/etc/postfix/
    virtual_alias_domains = hash:/etc/postfix/virtual
    virtual_mailbox_domains = mysql:/etc/postfix/
    virtual_mailbox_base = /var/mail/vmail
    virtual_mailbox_maps = mysql:/etc/postfix/
    virtual_minimum_uid = 200
    virtual_uid_maps = static:1000
    virtual_gid_maps = static:1000
    relocated_maps = hash:/etc/postfix/relocated
    transport_maps = hash:/etc/postfix/transport
    sender_canonical_maps = hash:/etc/postfix/sender_canonical
    masquerade_exceptions = root
    masquerade_classes = envelope_sender, header_sender, header_recipient
    myhostname =
    program_directory = /usr/lib/postfix
    inet_interfaces = all
    masquerade_domains = 
    mydestination = $myhostname
    defer_transports = 
    mynetworks_style = host
    disable_dns_lookups = no
    relayhost = 
    mailbox_command = 
    mailbox_transport = 
    strict_8bitmime = no
    disable_mime_output_conversion = no
    smtpd_sender_restrictions = hash:/etc/postfix/access
    smtpd_client_restrictions = permit_sasl_authenticated,
    smtpd_helo_required = no
    smtpd_helo_restrictions = 
    strict_rfc821_envelopes = no
    smtpd_recipient_restrictions = permit_sasl_authenticated, permit_mynetworks,reject_unauth_destination
    smtp_sasl_auth_enable = no
    smtpd_sasl_auth_enable = yes
    smtpd_use_tls = no
    smtp_use_tls = no
    alias_maps = hash:/etc/aliases
    mailbox_size_limit = 0
    message_size_limit = 8388608
    broken_sasl_auth_clients = yes
    Thanks for your time.
  8. joerg

    joerg New Member

    Sorry for possible irritations so far, but i had to learn something new, and maybe this leads to a different track:

    By now, I have not issued any AUTH LOGIN, when I was trying to connect from my remote client via telnet (but I didn't need to do so when telnet'ting from the server locally - why?).

    When I now do so, there are some points to note, which possibly leads to a new track:

    Firstly, the server's opening after the EHLO doesn't offer the PLAIN mechanism, though I inserted it in the smtpd.conf on Falko's advice, and also restarted the postfix daemon afterwards. Do I have to restart any other service?

    Secondly, when I continue with AUTH LOGIN, the server returns an error message. I give you the complete dialog:

    Thirdly and possibly most important, the corresponding lines in the mail log read as follows:

    Who needs permission where? Can anyone give my an overview, which item has to belong to whom, and which rights have to be given?

    Thanks again to anybody thinking hard ;)
  9. falko

    falko Super Moderator ISPConfig Developer

    I'm not sure, but maybe SuSE is using another smtpd.conf than /etc/sasl2/smtpd.conf?
    What's the output of
    locate smtpd.conf

    You don't need to authenticate from localhost because you're using mynetworks_style = host.
  10. joerg

    joerg New Member


    there is neither an updatedb, nor an executable locate on my system. The only file named locate is under /etc/sysconfig and contains the single line

    Am I missing a package?

    But above that, there ist no other smtpd.conf than the one under /etc/sasl2.

    What do you think about the "Permission denied" in the mail log (see above)?
  11. joerg

    joerg New Member

    Okay, found out the following:

    On SuSE, updatedb and locate are in a subpackage to findutils, called findutils-locate. I installed it and issued the commands that you asked for, but the result is the same: /etc/sasl2/smtpd.conf is the only file with this name (I had issued a "find / -name smtpd.conf -print" before my last posting).
  12. falko

    falko Super Moderator ISPConfig Developer

    Do you have a directory called /usr/lib/sasl or /usr/lib/sasl2? You can try to copy the smtpd.conf there.
  13. joerg

    joerg New Member


    thanks for keeping the track, but unfortunately your last hint didn't lead to success, either.

    I copied the smtpd.conf both to /usr/lib/sasl2 and /usr/lib64/sasl2 (both directories exist on my system), and restarted the authdaemon and the postfix afterwards.

    But the behaviour is exactly the same as before. Please note my quote from my mail log in post #8 of this thread, I've got exactly the same this time.

    I would appreciate if you persisted on this problem!

  14. falko

    falko Super Moderator ISPConfig Developer

    IS Courier authdaemond running? Do you see it in the output of
    ps aux

    Does Courier authdaemond have a socket somewhere, maybe in /var/run? What's the output of
    ls -la /var/run
  15. joerg

    joerg New Member

    Yes, the authdaemond runs (I restarted it after copying the smtpd.conf to /usr/lib/sasl2 on your advice). The output of "ps aux | grep -v grep | grep authdaemond" is:

    And the socket seems to be there, the output of "ls -la /var/run" and "ls -la /var/run/authdaemon.courier-imap" are, in turn:

    In my very first post, in the smtpd.conf, I stated the path to that socket to the value of key authdaemond_path:

    Is this correct?
  16. falko

    falko Super Moderator ISPConfig Developer

    Looks ok. Strange... :confused:

Share This Page