Bug 244331 - Postfix smtp sasl auth not working
Summary: Postfix smtp sasl auth not working
Alias: None
Product: Fedora
Classification: Fedora
Component: postfix   
(Show other bugs)
Version: 7
Hardware: All Linux
Target Milestone: ---
Assignee: Thomas Woerner
QA Contact:
Depends On:
TreeView+ depends on / blocked
Reported: 2007-06-15 03:24 UTC by epablo
Modified: 2008-05-28 07:29 UTC (History)
2 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2008-05-28 07:29:28 UTC
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)
Output of postconf -n (869 bytes, application/octet-stream)
2007-06-15 03:24 UTC, epablo
no flags Details

Description epablo 2007-06-15 03:24:09 UTC
Description of probled:
I upgraded from FC5 and saved the config for my postfix setup which basically
had smtp_sasl_auth_enable configured as explained in

But in F7 it is not working.  I rechecked the document and the setting and they
are all correct and being loaded as seen with postconf.  Don't know what else to do.

Version-Release number of selected component (if applicable):

How reproducible:
Follow instructions to configure the feature in postfix

Comment 1 epablo 2007-06-15 03:24:09 UTC
Created attachment 157058 [details]
Output of postconf -n

Comment 2 epablo 2007-06-15 03:28:51 UTC
This is the error message in /var/log/maillog

Jun 14 23:08:10 seraph postfix/smtp[4083]: 284381C0063: to=<user@domain>,
relay=ssmtp.movistar.net.ve[]:25, delay=0.35,
delays=0.09/0.04/0.17/0.05, dsn=5.7.0, status=bounced (host
ssmtp.movistar.net.ve[] said: 530 5.7.0 Authentication required (in
reply to MAIL FROM command))

I riped up wireshark and the conversation basically end when postfix doesn't
issue the AUTH command (as it should be).

This is the contents of my /etc/postfix/transport file:
*       smtp:ssmtp.movistar.net.ve

So all i do is use my ISP as mail relay

Comment 3 Gianluca Varisco 2007-06-17 13:00:35 UTC
If you try to do "telnet IP 25" and write:

- EHLO example.com

What is the output that you received?

If SASL is configured correctly, there should be two new lines similar to:


Comment 4 epablo 2007-06-17 23:17:17 UTC

This is the output.  It looks OK

[seraph.dnsalias.org]:/home/epablo:\>telnet ssmtp.movistar.net.ve 25
Connected to ssmtp.movistar.net.ve.
Escape character is '^]'.
EHLO example.com
220 *********************************************
250-mta01.t-net.net.ve Hello [], pleased to meet you
250 HELP

Remember that I'm using my local postfix server as smtp client, so I can't
control the remote servers behavior (it belongs to my ISP).  I'm using evolution
at the time to send some of my mails, but I need postfix working to be able to
jump back to pine and send myself emails using scripts.

Comment 5 Thomas Woerner 2007-10-04 12:31:30 UTC
Please add "smtpd_sasl_path = smtpd" to your main.cf configuration.

Comment 6 Thomas Woerner 2007-10-04 12:40:35 UTC
If this is not working for you, please have a look at
/usr/share/doc/postfix-<version>/README_FILES/SASL_README. There is a
description how to test the authentication in the section "Cyrus SASL
configuration for the Postfix SMTP server". Do you get a "235 2.0.0
Authentication successful"?

Comment 7 epablo 2007-10-08 02:53:19 UTC

This did not work.  I'm getting a 230 error: Auth required and the server acting
as client is not responding to it.

Oct  7 20:47:48 seraph postfix/smtp[5839]: 024251C00C5: to=<epablo@example.com>,
relay=ssmtp.movistar.net.ve[]:25, delay=5.3, delays=0.04/0/5.2/0.08,
dsn=5.7.0, status=bounced (host ssmtp.movistar.net.ve[] said: 530
5.7.0 Authentication required (in reply to MAIL FROM command))

As you can see I'm trying to use postfix as an smtp client.

I checked and the default RPM does have the cyrus-sasl enabled?
# postconf -A

I checked the document but there is nothing there.
Any other ideas.

Comment 8 Thomas Woerner 2007-11-28 15:23:44 UTC
Have you tried to set smtp_sasl_auth_enable to yes? THis enabled SASL SASL
authentication in the Postfix SMTP client.

Comment 9 epablo 2007-11-28 22:14:27 UTC
This is my config in that section:

smtp_sasl_auth_enable = yes
smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd
smtp_sasl_type = cyrus
smtp_sasl_security_options = noanonymous

any ideas

Comment 10 epablo 2008-05-06 07:24:22 UTC
Found the problem, by default the Pix workaround has 2 modules enabled:
With the first the esmtp behavior is disabled, making postfix start the STMP
protocol with HELO instead of EHLO.

So the solution is the following (all in main.cf):
smtp_pix_workarounds = delay_dotcrlf  #Delete the disable_esmtp
smtp_sasl_auth_enable = yes
smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd
smtp_sasl_type = cyrus
smtp_sasl_security_options = noanonymous

That should work.

Comment 11 Bug Zapper 2008-05-14 13:05:59 UTC
This message is a reminder that Fedora 7 is nearing the end of life. Approximately 30 (thirty) days from now Fedora will stop maintaining and issuing updates for Fedora 7. It is Fedora's policy to close all bug reports from releases that are no longer maintained. At that time this bug will be closed as WONTFIX if it remains open with a Fedora 'version' of '7'.

Package Maintainer: If you wish for this bug to remain open because you plan to fix it in a currently maintained version, simply change the 'version' to a later Fedora version prior to Fedora 7's end of life.

Bug Reporter: Thank you for reporting this issue and we are sorry that we may not be able to fix it before Fedora 7 is end of life. If you would still like to see this bug fixed and are able to reproduce it against a later version of Fedora please change the 'version' of this bug. If you are unable to change the version, please add a comment here and someone will do it for you.

Although we aim to fix as many bugs as possible during every release's lifetime, sometimes those efforts are overtaken by events. Often a more recent Fedora release includes newer upstream software that fixes bugs or makes them obsolete. If possible, it is recommended that you try the newest available Fedora distribution to see if your bug still exists.

Please read the Release Notes for the newest Fedora distribution to make sure it will meet your needs:

The process we are following is described here: http://fedoraproject.org/wiki/BugZappers/HouseKeeping

Note You need to log in before you can comment on or make changes to this bug.