View previous topic :: View next topic |
Author |
Message |
ngw n00b
![n00b n00b](/images/ranks/rank_rect_0.gif)
Joined: 26 Jul 2003 Posts: 20
|
Posted: Wed Aug 06, 2003 6:41 pm Post subject: postfix + sasl |
|
|
I've installed Postfix and cyrus-sasl (first cyrus-sasl, then postfix) with the sasl use flag setted.
I'm not able ti autenticate to the server, I'm totally lost
main.cf
Code: |
queue_directory = /var/spool/postfix
command_directory = /usr/sbin
daemon_directory = /usr/lib/postfix
mail_owner = postfix
inet_interfaces = all
mydestination = $myhostname, localhost.$mydomain
relayhost = smtp.mail.yahoo.com
canonical_maps = hash:/etc/postfix/canonical
virtual_alias_maps = hash:/etc/postfix/virtual
alias_maps = hash:/etc/mail/aliases
alias_database = hash:/etc/mail/aliases
home_mailbox = .maildir/
smtpd_sasl_auth_enable = yes
smtp_sasl_password_maps = hash:/etc/postfix/saslpass
|
saslpass
Code: |
smtp.mail.yahoo.com usernam:password
|
It seems to me that it doesn't even try to authenticate ...
Help ![Sad :(](images/smiles/icon_sad.gif) |
|
Back to top |
|
![](templates/gentoo/images/spacer.gif) |
patrickbores Apprentice
![Apprentice Apprentice](/images/ranks/rank_rect_2.gif)
![](images/avatars/80895514340c7c2b31dcf6.png)
Joined: 19 May 2003 Posts: 276 Location: Minneapolis, MN, USA
|
Posted: Wed Aug 06, 2003 10:13 pm Post subject: |
|
|
Hello,
Here's how I did mine.
First, make sure you have smtpd_recipient_restrictions set up the way you want. Here's mine:
smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination
I authenticate for all local users, using pam. If this is what you're planning on doing, edit /etc/sasl2/smtpd.conf to read:
pwcheck_method:saslauthd
Then edit /etc/conf.d/saslauthd and set:
SASL_AUTHMECH=pam
Then run:
rc-update add saslauthd default
/etc/runlevels/default/saslauthd start
postfix reload
telnet to your mail server on port 25 and issue an EHLO command. You should see the "250-AUTH" line indicating that the server can accept authorization.
This is just one way to set up SASL. Hope it helps.
Patrick _________________ P.S. - this is what part of the alphabet would look like if Q and R were eliminated. |
|
Back to top |
|
![](templates/gentoo/images/spacer.gif) |
ngw n00b
![n00b n00b](/images/ranks/rank_rect_0.gif)
Joined: 26 Jul 2003 Posts: 20
|
Posted: Thu Aug 07, 2003 9:53 am Post subject: |
|
|
Thank you very much, but it doesn't works for me
Code: |
lorien root # telnet localhost 25
Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'.
220 lorien.ilweran.home ESMTP Postfix
EHLO lorien.ilweran.home
250-lorien.ilweran.home
250-PIPELINING
250-SIZE 10240000
250-VRFY
250-ETRN
250-AUTH LOGIN PLAIN
250-XVERP
250 8BITMIME
|
There must be something else wrong ...
I think my problem is smtpd_recipient_restrictions
Code: |
lorien root # postconf|grep smtpd_recipient_restrictions
smtpd_recipient_restrictions =
***
lorien postfix # telnet localhost 25
Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'.
|
I have to kill postfix if I want to close the connection...
Code: |
lorien root # postconf|grep smtpd_recipient_restrictions
smtpd_recipient_restrictions = permit_mynetworks, reject_unauth_destination
***
lorien postfix # telnet localhost 25
Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'.
220 ilweran.home ESMTP Postfix
EHLO lorien.ilweran.home
250-ilweran.home
250-PIPELINING
250-SIZE 10240000
250-VRFY
250-ETRN
250-AUTH LOGIN PLAIN
250-XVERP
250 8BITMIME
|
But it does *not* authenticate on my ISP
Code: |
host smtp.mail.***.sc5.yahoo.com[216.136.173.12]
said: 530 authentication required - for help go to
http://help.yahoo.com/help/us/mail/pop/pop-11.html (in reply to MAIL FROM
command)
|
Sigh... ![Sad :(](images/smiles/icon_sad.gif) |
|
Back to top |
|
![](templates/gentoo/images/spacer.gif) |
dgt84 Guru
![Guru Guru](/images/ranks/rank_rect_3.gif)
![](images/avatars/1472792041412885a7aef60.png)
Joined: 27 May 2003 Posts: 355 Location: Germany => USA
|
Posted: Thu Aug 07, 2003 1:29 pm Post subject: |
|
|
Just a question: if you are trying to connect to their smtp server, why are you authenticating and using postfix on your machine? I'll admit I don't know much about all this, but it seems like a better choice to use Ximian Evolution or something for that...
Sorry, I'm just confused.... _________________ Lila themes | The Porthole Portage Frontend | SVG-Utils |
|
Back to top |
|
![](templates/gentoo/images/spacer.gif) |
ngw n00b
![n00b n00b](/images/ranks/rank_rect_0.gif)
Joined: 26 Jul 2003 Posts: 20
|
Posted: Thu Aug 07, 2003 2:09 pm Post subject: |
|
|
Well, first of all because I use mutt from about 2 years, and I don't want to change
I have tons of mails and a quite complex configuration, I've never had all that trubles with postfix for something simple as SASL authentication.
I don't like using a client for all my tasks, because I want to use procmail, clamav, spamassassin.
I've tried both nbsmtp and ssmtp but AFAIK I can't answer offline to my mails ... |
|
Back to top |
|
![](templates/gentoo/images/spacer.gif) |
patrickbores Apprentice
![Apprentice Apprentice](/images/ranks/rank_rect_2.gif)
![](images/avatars/80895514340c7c2b31dcf6.png)
Joined: 19 May 2003 Posts: 276 Location: Minneapolis, MN, USA
|
Posted: Thu Aug 07, 2003 2:16 pm Post subject: |
|
|
It doesn't look like you have permit_sasl_authenticated in your smtpd_recipient_restrictions line. You'll need that for relaying.
Your server's output from your EHLO command indicates that the server is ready to accept authentication. You can test the authentication by doing this:
Encode your login information with mimencode (emerge metamail for this program):
# printf 'username\0username\0password' | mimencode
dXNlcm5hbWUAdXNlcm5hbWUAcGFzc3dvcmQ=
Then telnet to your server on port 25, issue the EHLO command, then issue this command, using the output from mimencode:
AUTH PLAIN dXNlcm5hbWUAdXNlcm5hbWUAcGFzc3dvcmQ=
That will tell you if you authenticated successfully or not. If you didn't authenticate successfully, check your system log for the reason. If your system log doesn't contain enough information, you can make it more verbose by changing this line:
smtp inet n - n - - smtpd
to this:
smtp inet n - n - - smtpd -v
Hope this helps,
Patrick _________________ P.S. - this is what part of the alphabet would look like if Q and R were eliminated. |
|
Back to top |
|
![](templates/gentoo/images/spacer.gif) |
|