I'm getting relay access denied to an email outside of my domain. It seems the passwords are authenticating because I'm not getting invalid password prompts.
### BEGIN POSTFIX CONF ###
# postconf -n
alias_maps = hash:/etc/aliases
broken_sasl_auth_clients = yes
config_directory = /etc/postfix
mailbox_size_limit = 0
[Code].....
I have been faithfully following the postfix/sasl/etc install docs from [URL] and seem to have hit a minor snag with SASL authentication for SMTP. KMail cryptically leaves me with a generic auth fail notice and tailing the mail logs gives me
[Code]...
I am re setting up a server of mine running red hat enterprise Linux server 6 and I had all of this working befor but for some reason I had troubles getting sasl to work and now when I login my smtp server I get an error stating that my username or password is incorrect though I am sure I am entering both correctly. Would anyone know what could be happening? I have been spending days on the web looking for the solution and only went from sasl not working when started as a service to this. For some reason I can't use Pam with saslauthd and had to use shadow instead of which from what I hear I get to use better methods of secure authentication with smtp
View 2 Replies View RelatedI installed webmin + postfix + dovecot + sasl2-bin to get a webserver running. I have fixed all the problems, but there is still one. I am totally new to sasl, so I am sorry if I made a stupid mistake.
[Code]....
Thunderbird gives the following error when trying to send mail: Sending of message failed. The message could not be sent because the connection to the SMTP server mail.virovene.org was lost in the middle of the transaction. Try again later or contact your network administrator. mail.err Apr 28 23:33:18 virovene postfix/smtpd[6264]: fatal: no SASL authentication mechanisms
i used yum install postfix, but i don't know it's support sasl? how to check it?
View 3 Replies View RelatedI have Postfix up and working perfect. It receives and sends email fine with no TLS and SASL but I installed Dovecot and then generated some self signed certificates using 'openssl' and for some reason I can't send from my IMAP server. I get this in my logs:
Code:
Mar 3 11:20:45 mail dovecot: imap-login: Login: user=<carlos>, method=PLAIN, rip=10.1.1.204, lip=192.168.0.200, TLS
Mar 3 11:21:20 mail postfix/smtpd[1386]: connect from tuna.mydomain.tld[10.1.1.204]
[Code].....
Am unable to send mail from Outlook to my Postfix SMTP server.
Am getting the following in the /var/log/maillog.
Code:
Think I've pretty much followed the instructions correctly here.
[url]
Also, I looked for the PID of the smtpd and did a strace on it.
Code:
Code:
However, when I looked at the permission of this file, it should be accessible by everyone.
Code:
I have an issue where postfix is setup to use dovecot auth and as far as I know it works, if i login using telnet to the mail server i can authorize myself y providing the base64 encoded user & password. so if i can login, why cant my email clients. have tried thunderbird and evolution. this is the mail.log relavant entries for sucessful login via telnet
[Code]...
Login by pop or imap works flawlessly that what i dont get. From what i see it SHOULD be working. It it changes things, im using postfixadmin, postfix, dovecot. passwords and info stored in mysql tables. passwords are md5 encrypted. I thought that may be the issue, but that dosnt make sence.
I'm trying tom compile and install postfix with SASL support, but i have a error messeage when install:
#make makefiles CCARGS="-DUSE_SASL_AUTH -DUSE_CYRUS_SASL -I/usr/local/sasl2/include/sasl" AUXLIBS="-L/usr/local/sasl2/lib -lsasl2"
...
#make install
[code]....
I for some reason can't get Cyrus-sasl to work completely. I have to manually start it via saslauthd -a show if I let it start up itself or do a service saslauthd start or restart testsaslauthd will fail. I need help getting this fixed. I tried setting /etc/sysconfig/saslauthd to shadow instead of Pam but still no luck. Also when I try to login my postfix server I get an error stating that my username or password is incorrect even though it is right and I can receive mail from dovecot.
View 2 Replies View RelatedI'm trying to expand my Courier+MySQL+Postfix+PostfixAdmin server to use SASL logins on Postfix so I can relay on my server. After following several guides I still can't get it to work: Postfix logs show the user transcript and end with "Authentication failure" but it does not tell me what told it that the login failed. The messages log show this:
Feb 19 22:48:55 sportlaan-server saslauthd[7254]: do_auth : auth failure: [user=berend] [service=smtp] [realm=mydomain.com] [mech=pam] [reason=PAM auth error] Which I don't get because I don't think it should be using PAM... I think...
The setup is similar to this one: http://www.howtoforge.org/virtual_users_postfix_courier_mailscanner_clamav_centos_p6
My SASL config has this in it:
/usr/lib/sasl2/smtpd.conf
pwcheck_method: saslauthd
log_level: 3
authdaemond_path: /var/spool/authdaemon/socket
mech_list: plain login
I'm using postfix with unix accounts for a while now and I just realized today that SASL authentication, instead of working only with the USERNAME, it also works if the username is followed by ANYDOMAIN.COM
So, let's say I have the following UNIX users: tim, mike, john. If I set the Outgoing Username:[URL]..(where whatever.com can be any name you can think of) IT WORKS, even though it shouldn't, it should only work with tim, mike and john without any domain name. Does anyone know what might cause this and what's the workaround to this problem?
distro = debian 5
when i tried to send to other domain, i will get "Relay access denied"
below are my configs
main.cf
Code:
# postconf -n
alias_database = hash:/etc/aliases
alias_maps = hash:/etc/aliases
append_dot_mydomain = no
[Code].....
I am running the following on CentOS 5.5 (Final)
dovecot 1.0.7
saslauthd 2.1.22
When I send an email via TLS I see the following log entries.
Code:
Oct 14 11:53:06 ns2 postfix/smtpd[11372]: connect from unknown[172.16.1.159]
Oct 14 11:53:06 ns2 postfix/smtpd[11372]: setting up TLS connection from unknown[172.16.1.159]
[Code]....
What I'm really curious about is there is an intial TLS connection with a 256 bit cipher, but then.. The last entry states "sasl_method=PLAIN" - so surely this is not encrypted? Or am I misunderstanding how it works?
Slackware 13 64 - full installation
Postfix from slackbuilds dot org
Dovecot from same
has anyone recompiled Postfix using the Slackbuild script, modifying the script to include support for Cyrus-SASL, OpenLDAP, and MySQL in the build, while retaining Dovecot SASL and TLS? If so I would appreciate it if they could post the CCARGS and AUXLIBS commands. I am having some difficulty getting this working.
I was reading over and checking the How to section on the Wiki for Postfix TLS / SASL. I followed it completely and everything seems to be working fine however I am confused about the following section:
smtpd_tls_security_level = may
smtpd_tls_key_file = /etc/pki/tls/private/mail.example.com.key
smtpd_tls_cert_file = /etc/pki/tls/certs/mail.example.com.cert[code].....
I'm running a server with Ubuntu 10.04 and I have installed postfix and courier. The server can recieve mail and I can fetch them using POP, but when I try to send mail it doesn't work. Postfix itself can send email if i telnet from localhost and I am using my ISP as a relay because they block port 25. I'm using outlook 2007 on my client computer and it just says that the server rejects the login attempt and tells me to check my username and password. Postfix listens on port 12 as well because the client connection also has outgoing on port 25 blocked. I have tried to use telnet to connect to the server, and I can connect. This is what I get:
[Code]....
Now what? I've tried searching for the answer but all I can come up with is AUTH PLAIN or AUTH LOGIN, but I don't know what to type after that.
I'm a bit lost with the PHP/Sendmail configuration, maybe somebody could help me getting back on the right track. Following situation:
Postfix:
* accepts smtp on port 25 but from his own domains. Some policy and spamchecks through amavisd are made.
* accepts submission on port 587 and 465 from authenticated users only. Quota and spamchecks prevent outgoing spam.
So I'm enforcing a very strong outgoing spam-policy but the users are still able to use the php mail() function to send spam through the /usr/sbin/sendmail command.
My users have access to their own php.ini so my idea was to somehow enforce the delivery through the local postfix on port 587 or 465 and just let them enter their user/pass in their php.ini. (I suppose, their might be a cleaner-solution ).
Unfortunately, my configurations like smtp_host, port, user etc. are getting ignored if the sendmail_path line is active. But if I comment this line out, php just uses the default, which is the same as configured in the sendmail_path line - so it's active whether i use the line or not (setting it to an invalid command breaks the mail() function completely).
how can I enforce my anti-spam policy on the php mail() command?For my ssh users I just blocked the outgoing connection to localhost on port 25 which seems to work so far, but somehow the postfix-sendmail-wrapper just ignores this.
I'm hoping someone here can help, as I've been beating my head on the wall for a week now with little advancement. I've found a number of tutorials on setting this up, however none of them have gotten me 100% of the way there. Here's my situation: home-based Fedora server (Core 8), running sendmail 8.14.2-1. Connecting to hosting company's smtp server over port 587, to bypass Verizon's blocking of port 25.
My /etc/mail/sendmail.mc file looks like this (comment lines removed):Quote:
divert(-1)dnl
define(`SMART_HOST', `smtp2.datarealm.com')dnl
define(`confAUTH_MECHANISMS', `EXTERNAL GSSAPI DIGEST-MD5 CRAM-MD5 PLAIN')dnl
FEATURE(`authinfo',`hash -o /etc/mail/auth/client-info.db')dnl
define(`RELAY_MAILER', `esmtp')dnl
[Code]....
Pam-mysql can not connect to the database and below are my configurations.
saslfinger -s Output:
root@mailbackup:/# saslfinger -s
saslfinger - postfix Cyrus sasl configuration Tue May 10 10:12:10 EAT 2011
version: 1.0.2
mode: server-side SMTP AUTH
-- basics --
Postfix: 2.7.2
System: Slackware 13.1.0
-- smtpd is linked to --libsasl2.so.2 => /usr/local/lib/libsasl2.so.2 (0x00007f74ebfb7000)
-- active SMTP AUTH and TLS parameters for smtpd --
-- listing of /usr/lib64/sasl2 --
-- listing of /usr/local/lib/sasl2 --
-- content of /usr/lib64/sasl2/smtpd.conf --
-- content of /usr/local/lib/sasl2/smtpd.conf --
-- active services in /etc/postfix/master.cf --
-- mechanisms on localhost --
I'm trying to get SASL working with OpenLDAP + TLS. I got it working without TLS with these settings:
[code]...
What i'm doing wrong?
Lately I have been receiving this in my auth.log file. It seems to be repeating over and over, and I didn't know if was anything normal or something I should be worried about...
Code:
I want to use squid Proxy to ask username password to user for internet usage and if username password not correct squid stops user access.I use following installation commands and configuration but still squid not asking for username password, and I can use Internet browsing by defining proxy in my client proxy.I use following installataion commands one by one but non of them works, and configure squid to use ncsa_auth../configure --enable-delay-pools --enable-linux-netfilter --enable-arp-acl --disable-ident-lookups --enable-snmp --enable-removal-policies
then I use
./configure --enable-delay-pools --enable-linux-netfilter --enable-arp-acl --disable-ident-lookups --enable-snmp --enable-removal-policies --enable-basic-auth-helpers
then I use
./configure --enable-delay-pools --enable-linux-netfilter --enable-arp-acl --disable-ident-lookups --enable-snmp --enable-removal-policies --enable-basic-auth-helpers=NCSA
with following squid.conf configuration one by one.
htpasswd /usr/local/squid/etc/passwd testuser
New password:
Re-type new password:
[code]....
No error received in access.log or /var/logs/messages files, nor on client screen, client still using internet browsing without asking username password by squid,
I am trying to setup 2-factor authentication for SSH with PAM. Its working well, but if the password is incorrect, it does not ask for validation code, but rather asks for the password again. Any way not to warn about an incorrect password?
View 2 Replies View RelatedI would like to ask:How do I setup LDAP auth of users/groups on Debian 5.0?Is it using LDAP Migration tools? Can be done differently? Using different tool? Some nice tootorial?Some up to date book for LDAP or I need to dig in openldap.org?I'm learning by book which is a lil bit older so Im bit confused.
View 1 Replies View RelatedLDAP authentication problem on debian squeeze? To my knowledge, I have everything setup properly to do ldap authentication + local authentication on a host. I can login as a local user. I can login as an LDAP user.
When I log in as an LDAP user, my primary group is set properly. It is an LDAP group. I can change the group ownership of files to LDAP groups using chgrp. So far so good. This all works as expected. The commands getent passwd and getent group work wondefully, and generate the expected results. I can newgrp to any *local* group, but if I try to newgrp to an ldap group, I get the following error:
setgid: Operation not permitted. I've tried googling and asked on #debian on irc.debian.org. No luck.
Here is what i do: make clean make makefiles CCARGS='-DEF_CONFIG_DIR="/opt/product/postfix-2.6.5/etc"
-DEF_COMMAND_DIR="/opt/product/postfix-2.6.5"
-DEF_DAEMON_DIR="/opt/product/postfix-2.6.5/libexec"
-DEF_MAILQ_PATH="/opt/product/postfix-2.6.5/bin/mailq"
-DEF_DATA_DIR="/opt/product/postfix-2.6.5/lib"
-DEF_NEWALIAS_DIR="/opt/product/postfix-2.6.5/bin/newaliases"
[Code]...
make install then i got this error: postfix: fatal: chdir(/usr/libexec/postfix): No such file or directory make: *** [install] Error 1 I don't understand why it's checking the usr/libexec folder for the daemons although I've set the folder to /opt/product/postfix-2.6.5/libexec in the makefile. Here is also the cat of my makedefs.out:
[Code]....
Am trying to set Postfix to only allow specific machines in the network to connect and send mail through it. However, it doesn't appear that it's working properly.Some background:Test Outlook Client running on 192.168.10.11
Postfix's main.cf has the following:
mynetworks = 192.168.0.1
smtpd_sasl_auth_enable = yes
[code]....
I am trying to use Postfix as my first step in the learning to send / receive email. I have tried almost all ways but failed to send email. Linux is indeed quit difficult. I installed posfix 2.3 using yum install postfix. I dont have any DNS yet.my postfix main.cf settings are:
myhostname = example.com
mydomain = localhost (even tried example.com, $mydomain here but failed)
myorigin = $mydomain
[code]....
I've got a server running 9.10, and I'm having a few issues with SMTP. It's got Postfix and Dovecot installed, and eventually I'll add content filtering, but I need to get past this issue first.
I know there's a lot of posts out there for Postfix issues, but I haven'tbeen able to find one specific to my issue.
IMAP and POP3 work fine through SSL, and the server can send mail without any problems. That's all fine and dandy, but I need to utilize an e-mail client (like evolution or outlook). Everytime I set up a user in Evolution, the smtp connection times out, or is refused. I know it's not a firewall issue. Port 25 is open, as well as 465. So I should be able to connect through SSL. I want to be able to connect through SMTP using the same credentials as IMAP.
Here's my main.cf file:
Code:
myhostname = mail.adamwgay.com
alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases
myorigin = /etc/mailname
[Code].....
everytime I get things rolling, this issue pops up. I don't know if it's something I'm setting up wrong in the client, or if it's a configuration error on my part in postfix.
I'm also having a bit of an issue with my aliases. I've basically got a lot of addresses going to root, then root going to the main user, but it's not actually delivering the mail to the main user. It sends it straight to root.