Slight Postfix SMTP issue...

Virtualmin
1

Howdy all,

I have some difficulties using Postfix SMTP when I try to send mail using a different user account than the "Server Owner" or "main" server account. I am sure it is only some minor issue with my Postfix config or something, but who knows!?

Here is what my mail.log shows:

[code:1]Aug 16 15:28:27 mydomain postfix/smtpd[17828]: warning: 83.228.3.226: hostname 226-3-228-83.btc-net.bg verification failed: No address associated with nodename
Aug 16 15:28:27 mydomain postfix/smtpd[17828]: connect from unknown[83.228.3.226]
Aug 16 15:28:30 mydomain postfix/smtpd[17828]: warning: SASL authentication failure: Could not open db

Aug 16 15:28:30 mydomain postfix/smtpd[17828]: warning: SASL authentication failure: no secret in database
Aug 16 15:28:30 mydomain postfix/smtpd[17828]: warning: unknown[83.228.3.226]: SASL CRAM-MD5 authentication failed: authentication failure
Aug 16 15:28:30 mydomain postfix/smtpd[17828]: warning: SASL authentication failure: Could not open db

Aug 16 15:28:30 mydomain postfix/smtpd[17828]: warning: SASL authentication failure: Password verification failed
Aug 16 15:28:30 mydomain postfix/smtpd[17828]: warning: unknown[83.228.3.226]: SASL PLAIN authentication failed: authentication failure
Aug 16 15:28:30 mydomain postfix/smtpd[17828]: warning: SASL authentication failure: Could not open db

Aug 16 15:28:30 mydomain postfix/smtpd[17828]: warning: unknown[83.228.3.226]: SASL LOGIN authentication failed: authentication failure
Aug 16 15:28:43 mydomain postfix/smtpd[17828]: lost connection after AUTH from unknown[83.228.3.226][/code:1]

That happens if I try to send mail using the "second" user account.

Using the "main" account at least I can login and send. The logs also look a bit different then before:

[code:1]Aug 16 15:40:18 mydomain postfix/smtpd[18185]: warning: 83.228.3.226: hostname 226-3-228-83.btc-net.bg verification failed: No address associated with nodename
Aug 16 15:40:18 mydomain postfix/smtpd[18185]: connect from unknown[83.228.3.226]
Aug 16 15:40:19 mydomain postfix/smtpd[18185]: warning: SASL authentication failure: Could not open db

Aug 16 15:40:19 mydomain postfix/smtpd[18185]: warning: SASL authentication failure: no secret in database
Aug 16 15:40:19 mydomain postfix/smtpd[18185]: warning: unknown[83.228.3.226]: SASL CRAM-MD5 authentication failed: authentication failure
Aug 16 15:40:19 mydomain postfix/smtpd[18185]: warning: SASL authentication failure: Could not open db

Aug 16 15:40:19 mydomain postfix/smtpd[18185]: 0AD371B1099: client=unknown[83.228.3.226], sasl_method=PLAIN, sasl_username=mydomain
Aug 16 15:40:19 mydomain postfix/cleanup[18188]: 0AD371B1099: message-id=<46C445B7.2030900@mydomain.net>
Aug 16 15:40:19 mydomain postfix/qmgr[18103]: 0AD371B1099: from=<webmaster@mydomain.net>, size=2540, nrcpt=1 (queue active)
Aug 16 15:40:19 mydomain postfix/smtpd[18185]: disconnect from unknown[83.228.3.226]
Aug 16 15:40:19 mydomain postfix/local[18189]: 0AD371B1099: to=<owner@mail.mydomain.net>, orig_to=<webmaster@mydomain2.com>, relay=local, delay=0.05, delays=0.02/0.01/0/0.02, dsn=2.0.0, status=sent (delivered to command: /usr/bin/procmail-wrapper -o -a $DOMAIN -d $LOGNAME)
Aug 16 15:40:19 mydomain postfix/qmgr[18103]: 0AD371B1099: removed[/code:1]

Looks like SASL is first acting up, but then agrees to "sasl_method=PLAIN" & "sasl_username=mydomain". weird…!

Is this related to SASL or Postfix? I have no clue where I should start looking?! I tried to chroot smtp but no success, same errors.

My main.cf:

[code:1]broken_sasl_auth_clients = yes
command_directory = /opt/local/sbin
config_directory = /opt/local/etc/postfix
daemon_directory = /opt/local/libexec/postfix
debug_peer_level = 2
home_mailbox = Maildir/
html_directory = no
mailbox_command = /usr/bin/procmail-wrapper -o -a $DOMAIN -d $LOGNAME
mailbox_size_limit = 0
mailq_path = /opt/local/bin/mailq
manpage_directory = /opt/local/share/man
mydestination = localhost.$mydomain, localhost, $mydomain, $myhostname, 192.168.2.0/24, 83.228.3.226
mydomain = mail.mydomain.net
myhostname = mail.mydomain.net
mynetworks = localhost.$mydomain, localhost, $mydomain, $myhostname, 192.168.2.0/24, 83.228.3.226
mynetworks_style = host
newaliases_path = /opt/local/bin/newaliases
readme_directory = /opt/local/share/postfix
sample_directory = /opt/local/share/postfix/sample
sendmail_path = /opt/local/sbin/sendmail
setgid_group = postdrop
smtpd_recipient_restrictions = permit_mynetworks,permit_sasl_authenticated,reject_unauth_destination
smtpd_sasl_auth_enable = yes
smtpd_sasl_authenticated_header = yes
smtpd_sasl_security_options = noanonymous
unknown_local_recipient_reject_code = 550
virtual_alias_maps = hash:/etc/postfix/virtual
[/code:1]

smtpd.conf:

[code:1]pwcheck_method: saslauthd
mech_list: PLAIN LOGIN CRAM-MD5 DIGEST-MD5[/code:1]

Thanks in advance…
Tony

ps: "mydomain" in the logs and config is NOT my real hostname of course

EDIT: Allow me one more question regarding this problem… Where does SASL actually get the passwords from?? Would I not need something like this in my main.cf: smtp_sasl_password_maps = hash:/etc/postfix/saslpass<br><br>Post edited by: tony.p, at: 2007/08/16 17:46

2

Your mech_list is wrong. Get rid of everything except PLAIN and LOGIN (these are the only two that work with shadow or PAM). You would need some sort of SASL DB if you wanted to use any of the other types (and then you’d have yet another password/user database to maintain).

I dunno if that’s the only problem–some clients will work anyway with this configuration, while others (Outlook, evil, evil, evil Outlook) will fail in odd and permanent ways (permanent in the sense that you have to restart the whole damned computer to get it to work–at least I think this is one of those circumstances that can put Outlook into that state on permanent non-workage, but I might be misremembering).

3

Thanks Joe…

I figured that I had to remove CRAM-MD5 DIGEST-MD5 again. Well but afterwards it still would not work so I went again to check my DNS and found that my internal IP was not resolving the way it should have. And what can I say… I got rid again of the second account, changed the DNS entry a bit here and there and voila… After adding the account into my MUA again it just worked!

It never fails, if you fiddle long enough with something like DNS or Postfix you will break it eventually without even knowing it.

Well anyway, thanks for answering my post so fast…

Tony

4

Awesome. Thanks for the update. Henceforth, we’ll be referring all Mac OS X queries to you, our resident expert. :wink: