Bug 244331 - Postfix smtp sasl auth not working
Postfix smtp sasl auth not working
Status: CLOSED WORKSFORME
Product: Fedora
Classification: Fedora
Component: postfix (Show other bugs)
7
All Linux
low Severity medium
: ---
: ---
Assigned To: Thomas Woerner
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2007-06-14 23:24 EDT by epablo
Modified: 2008-05-28 03:29 EDT (History)
2 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2008-05-28 03:29:28 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)
Output of postconf -n (869 bytes, application/octet-stream)
2007-06-14 23:24 EDT, epablo
no flags Details

  None (edit)
Description epablo 2007-06-14 23:24:09 EDT
Description of probled:
I upgraded from FC5 and saved the config for my postfix setup which basically
had smtp_sasl_auth_enable configured as explained in
/usr/share/doc/postfix-<version>/README-Postfix-SASL-RedHat.txt

But in F7 it is not working.  I rechecked the document and the setting and they
are all correct and being loaded as seen with postconf.  Don't know what else to do.


Version-Release number of selected component (if applicable):


How reproducible:
Follow instructions to configure the feature in postfix
Comment 1 epablo 2007-06-14 23:24:09 EDT
Created attachment 157058 [details]
Output of postconf -n
Comment 2 epablo 2007-06-14 23:28:51 EDT
This is the error message in /var/log/maillog

Jun 14 23:08:10 seraph postfix/smtp[4083]: 284381C0063: to=<user@domain>,
relay=ssmtp.movistar.net.ve[200.35.65.10]:25, delay=0.35,
delays=0.09/0.04/0.17/0.05, dsn=5.7.0, status=bounced (host
ssmtp.movistar.net.ve[200.35.65.10] said: 530 5.7.0 Authentication required (in
reply to MAIL FROM command))

I riped up wireshark and the conversation basically end when postfix doesn't
issue the AUTH command (as it should be).

This is the contents of my /etc/postfix/transport file:
*       smtp:ssmtp.movistar.net.ve

So all i do is use my ISP as mail relay

Comment 3 Gianluca Varisco 2007-06-17 09:00:35 EDT
If you try to do "telnet IP 25" and write:

- EHLO example.com

What is the output that you received?

If SASL is configured correctly, there should be two new lines similar to:

250-AUTH PLAIN LOGIN DIGEST-MD5 CRAM-MD5 GSSAPI
250-AUTH=PLAIN LOGIN DIGEST-MD5 CRAM-MD5 GSSAPI


Comment 4 epablo 2007-06-17 19:17:17 EDT
Hi,

This is the output.  It looks OK

<snip>
[seraph.dnsalias.org]:/home/epablo:\>telnet ssmtp.movistar.net.ve 25
Trying 200.35.65.10...
Connected to ssmtp.movistar.net.ve.
Escape character is '^]'.
EHLO example.com
220 *********************************************
250-mta01.t-net.net.ve Hello [200.62.13.73], pleased to meet you
250-ENHANCEDSTATUSCODES
250-XXXA
250-XXXB
250-8BITMIME
250-SIZE
250-DSN
250-XXXC
250-XXXD
250-AUTH PLAIN LOGIN
250 HELP
</snip>

Remember that I'm using my local postfix server as smtp client, so I can't
control the remote servers behavior (it belongs to my ISP).  I'm using evolution
at the time to send some of my mails, but I need postfix working to be able to
jump back to pine and send myself emails using scripts.
Comment 5 Thomas Woerner 2007-10-04 08:31:30 EDT
Please add "smtpd_sasl_path = smtpd" to your main.cf configuration.
Comment 6 Thomas Woerner 2007-10-04 08:40:35 EDT
If this is not working for you, please have a look at
/usr/share/doc/postfix-<version>/README_FILES/SASL_README. There is a
description how to test the authentication in the section "Cyrus SASL
configuration for the Postfix SMTP server". Do you get a "235 2.0.0
Authentication successful"?
Comment 7 epablo 2007-10-07 22:53:19 EDT
Hi,

This did not work.  I'm getting a 230 error: Auth required and the server acting
as client is not responding to it.

Oct  7 20:47:48 seraph postfix/smtp[5839]: 024251C00C5: to=<epablo@example.com>,
relay=ssmtp.movistar.net.ve[200.35.65.10]:25, delay=5.3, delays=0.04/0/5.2/0.08,
dsn=5.7.0, status=bounced (host ssmtp.movistar.net.ve[200.35.65.10] said: 530
5.7.0 Authentication required (in reply to MAIL FROM command))

As you can see I'm trying to use postfix as an smtp client.

I checked and the default RPM does have the cyrus-sasl enabled?
# postconf -A
cyrus

I checked the document but there is nothing there.
Any other ideas.
Comment 8 Thomas Woerner 2007-11-28 10:23:44 EST
Have you tried to set smtp_sasl_auth_enable to yes? THis enabled SASL SASL
authentication in the Postfix SMTP client.
Comment 9 epablo 2007-11-28 17:14:27 EST
This is my config in that section:

smtp_sasl_auth_enable = yes
smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd
smtp_sasl_type = cyrus
smtp_sasl_security_options = noanonymous

any ideas
Comment 10 epablo 2008-05-06 03:24:22 EDT
Found the problem, by default the Pix workaround has 2 modules enabled:
disable_esmtp,delay_dotcrlf.  
With the first the esmtp behavior is disabled, making postfix start the STMP
protocol with HELO instead of EHLO.

So the solution is the following (all in main.cf):
smtp_pix_workarounds = delay_dotcrlf  #Delete the disable_esmtp
smtp_sasl_auth_enable = yes
smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd
smtp_sasl_type = cyrus
smtp_sasl_security_options = noanonymous

That should work.
Comment 11 Bug Zapper 2008-05-14 09:05:59 EDT
This message is a reminder that Fedora 7 is nearing the end of life. Approximately 30 (thirty) days from now Fedora will stop maintaining and issuing updates for Fedora 7. It is Fedora's policy to close all bug reports from releases that are no longer maintained. At that time this bug will be closed as WONTFIX if it remains open with a Fedora 'version' of '7'.

Package Maintainer: If you wish for this bug to remain open because you plan to fix it in a currently maintained version, simply change the 'version' to a later Fedora version prior to Fedora 7's end of life.

Bug Reporter: Thank you for reporting this issue and we are sorry that we may not be able to fix it before Fedora 7 is end of life. If you would still like to see this bug fixed and are able to reproduce it against a later version of Fedora please change the 'version' of this bug. If you are unable to change the version, please add a comment here and someone will do it for you.

Although we aim to fix as many bugs as possible during every release's lifetime, sometimes those efforts are overtaken by events. Often a more recent Fedora release includes newer upstream software that fixes bugs or makes them obsolete. If possible, it is recommended that you try the newest available Fedora distribution to see if your bug still exists.

Please read the Release Notes for the newest Fedora distribution to make sure it will meet your needs:
http://docs.fedoraproject.org/release-notes/

The process we are following is described here: http://fedoraproject.org/wiki/BugZappers/HouseKeeping

Note You need to log in before you can comment on or make changes to this bug.