The default installation of smtp server from virtualmin , isn’t it required SSL and smtp authentication to send email ?
SSL isn’t required to send email… however, the email client would need to be configured to enable authentication for Outgoing SMTP messages.
If you would like to use SSL, it’s something you can enable – you can edit /etc/postfix/master.cf, and uncomment the sections near the top relating to SMTPS and Submission, then restart Postfix with “/etc/init.d/postfix restart”.
In the future, Virtualmin installations will enable SSL in Postfix by default.
-Eric
If i enabled ssl in postfix master.cf, any other task need to be done for example generating some kind of ssl cert.
And which authentication method should I use ?
Under thunderbird there are four methods
Password, transmitted insecurely; Encyrpted password; Kerberos/gssapi; NTLM
If i enabled ssl in postfix master.cf, any other task need to be done for example generating some kind of ssl cert.
What Linux distribution are you using?
Debian and Ubuntu don’t require additional work. CentOS does 
Under thunderbird there are four methods Password, transmitted insecurely; Encyrpted password; Kerberos/gssapi; NTLM
Well, you could probably leave that at the default.
If you’re enabling SSL, the password will be “secure” even if the password itself is not encrypted.
If you wan to experiment with the options though – you could try either of the first two. You would not use Kerberos/gssapi or NTLM though.
-Eric
My client could not able to send out email.
A error message reported from thunderbird
"
The message could not be sent because one of the recipients was rejected by the server. The rejected e-mail address was ‘peter@msn.com’. Subject ‘just to say hi 17:09’, Account: ‘mail.mydomain.com’, Server: ‘smtp.mydomain.com’, Protocol: SMTP, Server Response: ‘554 5.7.1 peter@msn.com: Relay access denied’, Port: 25, Secure(SSL): No, Server Error: 554, Error Number: 0x800CCC7"
For security purpose, I replaced server domain and email address with fake info.
It seems remote client cannot be authenticated. What is the smtp username should be ?
Same as imap/pop3 username ?
I tried authentication method, “password, transmitted insecurly” and encrypted password" on thunderbird both not work.
ps pop3 is working properly
I checked postfix with following returned
250-PIPELINING
250-SIZE 10240000
250-VRFY
250-ETRN
250-AUTH LOGIN PLAIN
250-AUTH=LOGIN PLAIN
250-ENHANCEDSTATUSCODES
250-8BITMIME
250 DSN
smtp authentication is listed
I did try to use testsaslauthd to check but return authentication failed
the email account login id is in pattern of username.domain
After digging on google, I found that
/etc/sysconfig/saslauthd has something wrong ?
The MECH should be shadow instead of pam
SOCKETDIR=/var/run/saslauthd
MECH=shadow
FLAGS=
after modifying, testsaslauthd -u username -p password returned success.
However if testing smtp server on localhost with telnet localhost 25
ehlo localhost
AUTH PLAIN AHRlc3QxLnRlc3RpbmcKMzQ1Ng==
it returned 535 5.7.0 Error: authentication failed: bad protocol / cancel
the string is generated by
perl -MMIME::Base64 -e ‘print encode_base64("\0test1.testing\0123456")’
I tailed with /var/log/maillog and got following errors
warning: SASL authentication failure: Can only find author (no password)
I read this post https://www.virtualmin.com/node/17401
And andreychek said that saslauthd demon should run with flag -r which I missed in /etc/sysconfig/saslauthd config file
Isn’t the cause of my problem ?
And andreychek said that saslauthd demon should run with flag -r which I missed in /etc/sysconfig/saslauthd config file
Having the “-r” in the saslauthd params won’t hurt, but that only solves a problem if the username’s you’re using are in the user@domain.tld format.
You mentioned above that you’re using user.domain, which doesn’t require the -r parameter. So unfortunately, that’s not likely to resolve your problem.
The MECH should be shadow instead of pam
Actually, it should be pam CentOS, Ubuntu, and Debian all have a default of “pam” for the MECH – although, either setting may work.
When you attempt to authenticate, what messages are you seeing in the mail logs, in /var/log/maillog?
-Eric
The actual maillog message is
Mar 17 01:03:10 host2 postfix/smtpd[13370]: warning: CPE-61-9-138-105.static.vic.bigpond.net.au[61.9.138.10
5]: SASL LOGIN authentication failed: authentication failure
A side note:
It’s a bit strange.
I checked the “format for usernames that include domain” settings under mail for domain in server template, the pattern is in username.domain
But for every new created email user, their login name will be in username.adminname
Let say the first account created (admin account) for a domain is admin,
then all usernames for email users creation will be for example peter.admin, mary.admin
http://i36.photobucket.com/albums/e28/adrianmak2/Capture2-3.jpg
http://i36.photobucket.com/albums/e28/adrianmak2/Capture3-1.jpg
I use virtualmin for over 10 years. In the past, virtualmin initial configure of smtp is disabled on authentication on local subnet. Over year to year, I use backup & restore function to migrate into new version of virtualmin. Upon few days ago, I perform yum update and I saw that there were something modules updated (postfix or dovecot). Afterthat, the virtualmin is enforced to enable smtp authentication on email client at local network. How can I disable the smtp authentication on local network ONLY?
Thanks in advanced.
This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.