postfix & cyrus-SASL SASLDB2 0: NO "authentication failed"
0
votes
2
answers
3071
views
We are setting up a Postfix mail relay to accept only authenticated smtp sessions and forward them to our backend smarthosts.
CentOS 6.8
postfix-2.6.6-6.el6_7.1.x86_64
cyrus-sasl-lib-2.1.23-15.el6_6.2.x86_64
cyrus-sasl-md5-2.1.23-15.el6_6.2.x86_64
cyrus-sasl-2.1.23-15.el6_6.2.x86_64
cyrus-sasl-plain-2.1.23-15.el6_6.2.x86_64
We have installed and configured Postfix as well as SASL according to a couple of tutorials and references from the postfix manual on postfix.org, although we seem to have a couple of configuration or permission errors. Any help would be appreciated. --- [root@server]# saslpasswd2 -c -u test.com test Password: test123 Again (for verification): test123 [root@server]# sasldblistusers2 test@test.com: userPassword [root@server]# testsaslauthd -u test@test.com -p test123 0: NO "authentication failed" [root@server]# tail -n1 /var/log/messages Jan 13 08:10:19 server saslauthd: do_auth : auth failure: [user=test@test.com] [service=imap] [realm=] [mech=pam] [reason=PAM auth error] [root@server]# postconf -n alias_database = hash:/etc/aliases alias_maps = hash:/etc/aliases broken_sasl_auth_clients = yes command_directory = /usr/sbin config_directory = /etc/postfix daemon_directory = /usr/libexec/postfix data_directory = /var/lib/postfix debug_peer_level = 2 html_directory = no inet_interfaces = all inet_protocols = all mail_owner = postfix mailq_path = /usr/bin/mailq.postfix manpage_directory = /usr/share/man mydestination = $myhostname, localhost.$mydomain, localhost mydomain = testing.com myhostname = smtp.testing.com newaliases_path = /usr/bin/newaliases.postfix queue_directory = /var/spool/postfix readme_directory = /usr/share/doc/postfix-2.6.6/README_FILES relayhost = [mx01.testing.com]:25 sample_directory = /usr/share/doc/postfix-2.6.6/samples sender_dependent_relayhost_maps = hash:/etc/postfix/relayhost_map sendmail_path = /usr/sbin/sendmail.postfix setgid_group = postdrop smtp_fallback_relay = [mx02.testing.com]:25 smtp_tls_CAfile = /etc/postfix/ssl/smtp.testing.com.ca-file smtp_tls_cert_file = /etc/postfix/ssl/smtp.testing.com.crt smtp_tls_key_file = /etc/postfix/ssl/smtp.testing.com.key smtp_use_tls = yes smtpd_banner = $myhostname ESMTP ($mail_version) smtpd_sasl_auth_enable = yes smtpd_sasl_local_domain = smtpd_sasl_security_options = noanonymous smtpd_sasl_tls_security_options = noanonymous smtpd_tls_CAfile = /etc/postfix/ssl/smtp.testing.com.ca-file smtpd_tls_cert_file = /etc/postfix/ssl/smtp.testing.com.crt smtpd_tls_key_file = /etc/postfix/ssl/smtp.testing.com.key smtpd_tls_security_level = may unknown_local_recipient_reject_code = 550 [root@server]# cat /etc/sasl2/smtpd.conf pwcheck_method: auxprop auxprop_plugin: sasldb mech_list: PLAIN LOGIN CRAM-MD5 DIGEST-MD5 log_level: 7 [root@server]# cat /etc/postfix/master.cf smtp inet n - n - - smtpd -v #submission inet n - n - - smtpd # -o smtpd_tls_security_level=encrypt # -o smtpd_sasl_auth_enable=yes # -o smtpd_client_restrictions=permit_sasl_authenticated,reject # -o milter_macro_daemon_name=ORIGINATING smtps inet n - n - - smtpd -v # -o smtpd_tls_wrappermode=yes -o smtpd_sasl_auth_enable=yes -o smtpd_client_restrictions=permit_sasl_authenticated,reject # -o milter_macro_daemon_name=ORIGINATING SMTP Client Log Stat Connected. Recv 13/01/2017 8:34:12 AM: 220 smtp.test.com ESMTP (2.6.6) Sent 13/01/2017 8:34:12 AM: EHLO SendSMTPv2.19.0.1 Recv 13/01/2017 8:34:12 AM: 250-smtp.securmail.net.au250-PIPELINING250-SIZE 10240000250-VRFY250-ETRN250-STARTTLS250-AUTH LOGIN DIGEST-MD5 CRAM-MD5 PLAIN250-AUTH=LOGIN DIGEST-MD5 CRAM-MD5 PLAIN250-ENHANCEDSTATUSCODES250-8BITMIME250 DSN Sent 13/01/2017 8:34:12 AM: STARTTLS Recv 13/01/2017 8:34:12 AM: 220 2.0.0 Ready to start TLS Sent 13/01/2017 8:34:12 AM: EHLO SendSMTPv2.19.0.1 Recv 13/01/2017 8:34:12 AM: 250-smtp.test.com250-PIPELINING250-SIZE 10240000250-VRFY250-ETRN250-AUTH LOGIN DIGEST-MD5 CRAM-MD5 PLAIN250-AUTH=LOGIN DIGEST-MD5 CRAM-MD5 PLAIN250-ENHANCEDSTATUSCODES250-8BITMIME250 DSN Sent 13/01/2017 8:34:12 AM: MAIL FROM: Recv 13/01/2017 8:34:12 AM: 250 2.1.0 Ok Sent 13/01/2017 8:34:12 AM: RCPT TO: Recv 13/01/2017 8:34:12 AM: 554 5.7.1 : Relay access denied Sent 13/01/2017 8:34:12 AM: RSET Recv 13/01/2017 8:34:13 AM: 250 2.0.0 Ok [root@Sserver]# tail -n 50 /var/log/maillog Jan 13 08:34:23 server/smtpd: NOQUEUE: reject: RCPT from xx.xx.xx.xx.isp.com[xx.xx.xx.xx]: 554 5.7.1 : Relay access denied; from= to= proto=ESMTP helo= Jan 13 08:34:23 server/smtpd: generic_checks: name=reject_unauth_destination status=2 Jan 13 08:34:23 server/smtpd: > xx.xx.xx.xx.isp.com[xx.xx.xx.xx]: 554 5.7.1 : Relay access denied Please let me know if any more logs or configuration extracts would be helpful. Thanks in advance
postfix-2.6.6-6.el6_7.1.x86_64
cyrus-sasl-lib-2.1.23-15.el6_6.2.x86_64
cyrus-sasl-md5-2.1.23-15.el6_6.2.x86_64
cyrus-sasl-2.1.23-15.el6_6.2.x86_64
cyrus-sasl-plain-2.1.23-15.el6_6.2.x86_64
We have installed and configured Postfix as well as SASL according to a couple of tutorials and references from the postfix manual on postfix.org, although we seem to have a couple of configuration or permission errors. Any help would be appreciated. --- [root@server]# saslpasswd2 -c -u test.com test Password: test123 Again (for verification): test123 [root@server]# sasldblistusers2 test@test.com: userPassword [root@server]# testsaslauthd -u test@test.com -p test123 0: NO "authentication failed" [root@server]# tail -n1 /var/log/messages Jan 13 08:10:19 server saslauthd: do_auth : auth failure: [user=test@test.com] [service=imap] [realm=] [mech=pam] [reason=PAM auth error] [root@server]# postconf -n alias_database = hash:/etc/aliases alias_maps = hash:/etc/aliases broken_sasl_auth_clients = yes command_directory = /usr/sbin config_directory = /etc/postfix daemon_directory = /usr/libexec/postfix data_directory = /var/lib/postfix debug_peer_level = 2 html_directory = no inet_interfaces = all inet_protocols = all mail_owner = postfix mailq_path = /usr/bin/mailq.postfix manpage_directory = /usr/share/man mydestination = $myhostname, localhost.$mydomain, localhost mydomain = testing.com myhostname = smtp.testing.com newaliases_path = /usr/bin/newaliases.postfix queue_directory = /var/spool/postfix readme_directory = /usr/share/doc/postfix-2.6.6/README_FILES relayhost = [mx01.testing.com]:25 sample_directory = /usr/share/doc/postfix-2.6.6/samples sender_dependent_relayhost_maps = hash:/etc/postfix/relayhost_map sendmail_path = /usr/sbin/sendmail.postfix setgid_group = postdrop smtp_fallback_relay = [mx02.testing.com]:25 smtp_tls_CAfile = /etc/postfix/ssl/smtp.testing.com.ca-file smtp_tls_cert_file = /etc/postfix/ssl/smtp.testing.com.crt smtp_tls_key_file = /etc/postfix/ssl/smtp.testing.com.key smtp_use_tls = yes smtpd_banner = $myhostname ESMTP ($mail_version) smtpd_sasl_auth_enable = yes smtpd_sasl_local_domain = smtpd_sasl_security_options = noanonymous smtpd_sasl_tls_security_options = noanonymous smtpd_tls_CAfile = /etc/postfix/ssl/smtp.testing.com.ca-file smtpd_tls_cert_file = /etc/postfix/ssl/smtp.testing.com.crt smtpd_tls_key_file = /etc/postfix/ssl/smtp.testing.com.key smtpd_tls_security_level = may unknown_local_recipient_reject_code = 550 [root@server]# cat /etc/sasl2/smtpd.conf pwcheck_method: auxprop auxprop_plugin: sasldb mech_list: PLAIN LOGIN CRAM-MD5 DIGEST-MD5 log_level: 7 [root@server]# cat /etc/postfix/master.cf smtp inet n - n - - smtpd -v #submission inet n - n - - smtpd # -o smtpd_tls_security_level=encrypt # -o smtpd_sasl_auth_enable=yes # -o smtpd_client_restrictions=permit_sasl_authenticated,reject # -o milter_macro_daemon_name=ORIGINATING smtps inet n - n - - smtpd -v # -o smtpd_tls_wrappermode=yes -o smtpd_sasl_auth_enable=yes -o smtpd_client_restrictions=permit_sasl_authenticated,reject # -o milter_macro_daemon_name=ORIGINATING SMTP Client Log Stat Connected. Recv 13/01/2017 8:34:12 AM: 220 smtp.test.com ESMTP (2.6.6) Sent 13/01/2017 8:34:12 AM: EHLO SendSMTPv2.19.0.1 Recv 13/01/2017 8:34:12 AM: 250-smtp.securmail.net.au250-PIPELINING250-SIZE 10240000250-VRFY250-ETRN250-STARTTLS250-AUTH LOGIN DIGEST-MD5 CRAM-MD5 PLAIN250-AUTH=LOGIN DIGEST-MD5 CRAM-MD5 PLAIN250-ENHANCEDSTATUSCODES250-8BITMIME250 DSN Sent 13/01/2017 8:34:12 AM: STARTTLS Recv 13/01/2017 8:34:12 AM: 220 2.0.0 Ready to start TLS Sent 13/01/2017 8:34:12 AM: EHLO SendSMTPv2.19.0.1 Recv 13/01/2017 8:34:12 AM: 250-smtp.test.com250-PIPELINING250-SIZE 10240000250-VRFY250-ETRN250-AUTH LOGIN DIGEST-MD5 CRAM-MD5 PLAIN250-AUTH=LOGIN DIGEST-MD5 CRAM-MD5 PLAIN250-ENHANCEDSTATUSCODES250-8BITMIME250 DSN Sent 13/01/2017 8:34:12 AM: MAIL FROM: Recv 13/01/2017 8:34:12 AM: 250 2.1.0 Ok Sent 13/01/2017 8:34:12 AM: RCPT TO: Recv 13/01/2017 8:34:12 AM: 554 5.7.1 : Relay access denied Sent 13/01/2017 8:34:12 AM: RSET Recv 13/01/2017 8:34:13 AM: 250 2.0.0 Ok [root@Sserver]# tail -n 50 /var/log/maillog Jan 13 08:34:23 server/smtpd: NOQUEUE: reject: RCPT from xx.xx.xx.xx.isp.com[xx.xx.xx.xx]: 554 5.7.1 : Relay access denied; from= to= proto=ESMTP helo= Jan 13 08:34:23 server/smtpd: generic_checks: name=reject_unauth_destination status=2 Jan 13 08:34:23 server/smtpd: > xx.xx.xx.xx.isp.com[xx.xx.xx.xx]: 554 5.7.1 : Relay access denied Please let me know if any more logs or configuration extracts would be helpful. Thanks in advance
Asked by ausip
(101 rep)
Jan 12, 2017, 09:39 PM
Last activity: May 1, 2025, 10:04 PM
Last activity: May 1, 2025, 10:04 PM