Ubuntu Servers :: Postfix Smarthost + Authentication: Get 535 Incorrect Authentication Data Error
Mar 14, 2011
On Ubuntu server 10.10, with a relay smtp server with authentication via postfix; I keep getting 535: Incorrect authentication data. I'm sure my username and password is correct. Heres how I set up postfix: I created a file called smarthosts.conf in my /etc/postfix/ directory that contains the following:
[Code].....
my server uses plain text authentication on port 25. I would like to use security like SSL, but this particular server is unsecured.
I'm a NOOB setting up Postfix but managed quite well by following the Ubuntu Server guide. I have managed to set it up using SSL but testing a mail client like thunderbird I can also connect to port 25 using no authentication. Connecting using SSL on port 465 by editing "master.cf" file works but 25 i still open.
1. How do I prevent clients to connect to port 25 without authentication? 2. I guess I have to have port 25 open in order to receive mail from the outside world?
I have been faithfully following the postfix/sasl/etc install docs from [URL] and seem to have hit a minor snag with SASL authentication for SMTP. KMail cryptically leaves me with a generic auth fail notice and tailing the mail logs gives me
I setup Postfix on my Ubuntu 10.04 LTS server but I am getting an error saying: Code: Technical details of permanent failure: Google tried to deliver your message, but it was rejected by the recipient domain. We recommend contacting the other email provider for further information about the cause of this error. The error that the other server returned was: 530 530 SMTP authentication is required. (state 14).
I'm working on configuring a mail server on Ubuntu 8.04 using Postfix 2.5.1 and Courier 0.59.0. I don't want to have to open up specific networks for SMTP relaying, so I want my server to require authenticated SMTP sessions. I'm just confused on how to do this. Here's my main.cf file from Postfix:
[Code]...
It seems like getting this enabled is way more complicated than I expected, assuming I'm not on the wrong path.
If I am running a script, let's say a install script. Is there a way to make Su repeat authentication rather then just returning "Authentication failed" and continuing the script?
I need to make a choice on what authentication protocol I want to use for Authentication and Authorization. I was looking at Radius and then literature suggested that Diameter was a better protocol. Keep in mind I need this on a hetrogeneous setup ( linux & windows together). Diameter seemed like a good fit until I discovered that the open source code no longer seems to be maintained ( C/C++).
I was also looking at Kerberos as an option though there is alot overhead with the server. SSL/TLS or EAP? I am looking for simple but secure and am new at the security protocols.
I have postfix installed on my computer to let scripts send email. I want to use my isp as the smtp server. In /etc/postfix/main.cf I have told postfix to use gmail as my smtp server using "relayhost = outgoing.verizon.net". However, when I send an email, it gets returned. The full email is included below (my server's address has been replaced with ***.com).
[code]...
I believe that I need to authenticate to [URL]... from postfix, but I am not sure how to add these directives to the config file.
I have a problem with ldap client authentication in ubuntu. I am using rhel5 as openldap server and I configured ubuntu as client, when I am trying to login the following message is coming."su: Authentication service cannot retrieve authentication info. Sorry" But when I do search through "ldapsearch" command output is coming without any errors, Can anybody explain what would be problem.
I just upgraded my Ubuntu 8.04 server to 10.04 and now I cannot receive mail on my Ubuntu 10.04 Evolution client, although I can send mail. No errors appear in auth.log or mail.log when I attempt to log in from my Evolution client, in fact mail.log shows 'pop3d-ssl: connection' from my laptop IP, followed by 'pop3d: Disconnected' when the log-in attempts fail.
I'm able to ssh into the server using the same log-on and password as before the upgrade, however I haven't changed the public or private keys in my .ssh directory. I updated the ssl keys in /etc/postfix/ssl but wasn't able to receive mail before or after the update.
The error in the client reads: 'Unable to connect to POP server mail.mydomain.com, error sending username'
I ran this test and the output appears to be related:
Is the pop3 server not running TLS? /etc/postfix/main.cf says it should, and I get no errors restarting / reloading postfix.
I am receiving messages in /home/user/Maildir, but I cannot download them.
I checked for supported authentication types in my Evolution client - 'Password' is the only one supported, as was true before. The client is not using any certificates.
The output of openssl s_client -tls1 -connect 127.0.0.1:995 shows 'certificate has expired' on the 'Verify return code' entry, not sure if that's significant.
What's different about incoming versus outgoing mail authentication?
I'm using postfix with unix accounts for a while now and I just realized today that SASL authentication, instead of working only with the USERNAME, it also works if the username is followed by ANYDOMAIN.COM
So, let's say I have the following UNIX users: tim, mike, john. If I set the Outgoing Username:[URL]..(where whatever.com can be any name you can think of) IT WORKS, even though it shouldn't, it should only work with tim, mike and john without any domain name. Does anyone know what might cause this and what's the workaround to this problem?
When I send an email via TLS I see the following log entries.
Code: Oct 14 11:53:06 ns2 postfix/smtpd[11372]: connect from unknown[172.16.1.159] Oct 14 11:53:06 ns2 postfix/smtpd[11372]: setting up TLS connection from unknown[172.16.1.159] [Code]....
What I'm really curious about is there is an intial TLS connection with a 256 bit cipher, but then.. The last entry states "sasl_method=PLAIN" - so surely this is not encrypted? Or am I misunderstanding how it works?
I am re setting up a server of mine running red hat enterprise Linux server 6 and I had all of this working befor but for some reason I had troubles getting sasl to work and now when I login my smtp server I get an error stating that my username or password is incorrect though I am sure I am entering both correctly. Would anyone know what could be happening? I have been spending days on the web looking for the solution and only went from sasl not working when started as a service to this. For some reason I can't use Pam with saslauthd and had to use shadow instead of which from what I hear I get to use better methods of secure authentication with smtp
I followed this How To (https://help.ubuntu.com/community/Postfix) in order to add smtp authentication to my Postfix installation used as spam filter for my exhange server, and it'seem all ok; the only thing that I don't understand is where I list all the users (with passwords) that I authorize to send mail through my server...
I have been following this guide (I went through it twice actually): [URL] Since bellsouth blocks port 25 (except to their smarthost) I set up postfix with the option "internet site with smarthost" (not sure if that was exact wording). The final goal of this is to set up a couple mailing lists. When I try to test it I get:
Code:
joel@themis:~$ telnet localhost 25 Trying ::1... Connected to localhost. Escape character is '^]'.
make install then i got this error: postfix: fatal: chdir(/usr/libexec/postfix): No such file or directory make: *** [install] Error 1 I don't understand why it's checking the usr/libexec folder for the daemons although I've set the folder to /opt/product/postfix-2.6.5/libexec in the makefile. Here is also the cat of my makedefs.out:
I have a RHEL 4.5 with Postfix 2.2.10 configured as a smart host for an Exchange 2003 server. Its been running well for three years like this. We have some users that are configured with alternate SMTP addresses for a secondary email domain in Exchange. One user is not getting his email for the secondary SMTP. All the others are. After some digging, the maillog indicates Postfix is not relaying his email to Exchange but to the Postfix local mail folder under /var/spool/mail. What in the configuration would cause this? His email is in the relay_recipients file as the others are.
My first post here. I've been using Ubuntu to run our internal mail server for a while now on Ubuntu server 9.04 and ISPconfig 2. I've read a lot of threads on poeple that have difficulty connecting to their server using SSH from outside the LAN and it is not the same problem I have. Well, not entirely the same.
My problem is that my authentication fails from outside the LAn, but I can connect to the SSH port from outside my LAN. The other threads pointed towards checking the router port forwarding etc, but I can see my SSH log in asking for my username and password. So, at this stage I know the port forwarding worked, otherwise I wouldn't even see the log in prompt.
Has anyone see this before where you can connect, but the authentication fails? I can use the correct username and password from inside the LAN, but using the same credentials from outside fails.
I try to install a server based on Ubuntu. It will provide many different services as SMTP, IMAP, Jabber, SVN(via Apache),maybe a groupware and some other web applications.I'm looking for a way of authenticating the same set of users (a user essentially has a username, a domain it is belonging to and some passwords) against all of the services.What is the most flexible and elegant way? I need a method which is not too bloated (mysql or ldap would be okay) and is easily applyable to all those services and all services which maybe will come later.
I've read some documentation about sasl, mysql-authentication, ldap-authentication, pam, cyrus, apache, ... and i'm somewhat confused now about the proper way.For now I suspect MySQL to be the best method for that, but i'm not sure about the flexibility for embedding it into all the services.
i am currently working in a windows server 2003 domain environment and i want to install and configure a ubuntu server 9.10 as a samba file server and i want to allow windows domain users to access the samba shares with windows authentication from the AD , so they can use their windows user names and passwords to access samba shares.i followed the wiki docs and configured kerb5.conf , smb.conf and winbind but i am unable to add the samba pc to the windows domain
I've just installed Ubuntu Server for the first time with the goal as setting it up as a proxy server for our Apple computers here since I can get neither ISA of OS X Server's firewall to play properly. So far I have the machine authenticating against our OS X OpenLDAP server and multiple NIC's setup ready to be connected to the outside world. My question is does anyone have a preference on what proxy I should be using? So far my search efforts seem to of turned up Squid Proxy as a favorite among Ubuntu users but I can't seem to work out how to get it authenticating against my OpenLDAP server.
I have created the passwords file with htpasswd and defiantly have the right password for bob. However, when I try to log in the box just comes up over and over again and never authenticates. What am I doing wrong? I'm a newbie, so please bear with me if I've missed something really stupid.
I have set up a Ubuntu server to handle Dan's Guardian for protection of the children. I need next to set up a centralized file server and some kind of authentication method.
We are dual booting the computers just now since we need to use "Rosetta Stone" language software and they will not release a certain plugin for Linux according to our assigned help person. We also use pure Windows XP in some classrooms for now, and will do so until the school's children gets used to Ubuntu.
So, what is the best authentication method for a mixed environment? Where might I find a Ubuntu "howto" on the method?
What is the best way to set up a file server? Howto? Can the box running Dan's Guardian also be the authentication box and file server? (it is our newest box, only 2 years old and has a large hard drive)
To begin, this is the thread that I always use to set up my Ubuntu boxes for AD authentication:
[URL]
I've had this 10.04 server running for about three months with AD authentication running on it perfect. I have multiple Samba shares that authenticate from AD as well. For some reason, this week it decided to completely stop accepting any authentication from AD.
I checked all of my config files, they are all untouched. I have restarted the machine multiple times. I have unjoined and rejoined the domain on the Ubuntu server. I have no audit failures in my security logs on the domain controller.
Output of /var/log/auth.log whenever I try to log on via an AD user:
Code: Nov 4 11:58:50 caribbean sshd[1869]: Invalid user justin from 10.3.17.12 Nov 4 11:58:50 caribbean sshd[1869]: Failed none for invalid user justin from 10.3.17.12 port 54738 ssh2 Nov 4 11:58:51 caribbean sshd[1869]: pam_winbind(sshd:auth): getting password
