Howdy all,
I have some difficulties using Postfix SMTP when I try to send mail using a different user account than the "Server Owner" or "main" server account. I am sure it is only some minor issue with my Postfix config or something, but who knows!?
Here is what my mail.log shows: [code:1]Aug 16 15:28:27 mydomain postfix/smtpd[17828]: warning: 83.228.3.226: hostname 226-3-228-83.btc-net.bg verification failed: No address associated with nodename Aug 16 15:28:27 mydomain postfix/smtpd[17828]: connect from unknown[83.228.3.226] Aug 16 15:28:30 mydomain postfix/smtpd[17828]: warning: SASL authentication failure: Could not open db ... Aug 16 15:28:30 mydomain postfix/smtpd[17828]: warning: SASL authentication failure: no secret in database Aug 16 15:28:30 mydomain postfix/smtpd[17828]: warning: unknown[83.228.3.226]: SASL CRAM-MD5 authentication failed: authentication failure Aug 16 15:28:30 mydomain postfix/smtpd[17828]: warning: SASL authentication failure: Could not open db ... Aug 16 15:28:30 mydomain postfix/smtpd[17828]: warning: SASL authentication failure: Password verification failed Aug 16 15:28:30 mydomain postfix/smtpd[17828]: warning: unknown[83.228.3.226]: SASL PLAIN authentication failed: authentication failure Aug 16 15:28:30 mydomain postfix/smtpd[17828]: warning: SASL authentication failure: Could not open db ... Aug 16 15:28:30 mydomain postfix/smtpd[17828]: warning: unknown[83.228.3.226]: SASL LOGIN authentication failed: authentication failure Aug 16 15:28:43 mydomain postfix/smtpd[17828]: lost connection after AUTH from unknown[83.228.3.226][/code:1]
That happens if I try to send mail using the "second" user account.
Using the "main" account at least I can login and send. The logs also look a bit different then before: [code:1]Aug 16 15:40:18 mydomain postfix/smtpd[18185]: warning: 83.228.3.226: hostname 226-3-228-83.btc-net.bg verification failed: No address associated with nodename Aug 16 15:40:18 mydomain postfix/smtpd[18185]: connect from unknown[83.228.3.226] Aug 16 15:40:19 mydomain postfix/smtpd[18185]: warning: SASL authentication failure: Could not open db ... Aug 16 15:40:19 mydomain postfix/smtpd[18185]: warning: SASL authentication failure: no secret in database Aug 16 15:40:19 mydomain postfix/smtpd[18185]: warning: unknown[83.228.3.226]: SASL CRAM-MD5 authentication failed: authentication failure Aug 16 15:40:19 mydomain postfix/smtpd[18185]: warning: SASL authentication failure: Could not open db ... Aug 16 15:40:19 mydomain postfix/smtpd[18185]: 0AD371B1099: client=unknown[83.228.3.226], sasl_method=PLAIN, sasl_username=mydomain Aug 16 15:40:19 mydomain postfix/cleanup[18188]: 0AD371B1099: message-id=<46C445B7.2030900@mydomain.net> Aug 16 15:40:19 mydomain postfix/qmgr[18103]: 0AD371B1099: from=<webmaster@mydomain.net>, size=2540, nrcpt=1 (queue active) Aug 16 15:40:19 mydomain postfix/smtpd[18185]: disconnect from unknown[83.228.3.226] Aug 16 15:40:19 mydomain postfix/local[18189]: 0AD371B1099: to=<owner@mail.mydomain.net>, orig_to=<webmaster@mydomain2.com>, relay=local, delay=0.05, delays=0.02/0.01/0/0.02, dsn=2.0.0, status=sent (delivered to command: /usr/bin/procmail-wrapper -o -a $DOMAIN -d $LOGNAME) Aug 16 15:40:19 mydomain postfix/qmgr[18103]: 0AD371B1099: removed[/code:1]
Looks like SASL is first acting up, but then agrees to "sasl_method=PLAIN" & "sasl_username=mydomain". weird..!
Is this related to SASL or Postfix? I have no clue where I should start looking?! I tried to chroot smtp but no success, same errors.
My main.cf: [code:1]broken_sasl_auth_clients = yes command_directory = /opt/local/sbin config_directory = /opt/local/etc/postfix daemon_directory = /opt/local/libexec/postfix debug_peer_level = 2 home_mailbox = Maildir/ html_directory = no mailbox_command = /usr/bin/procmail-wrapper -o -a $DOMAIN -d $LOGNAME mailbox_size_limit = 0 mailq_path = /opt/local/bin/mailq manpage_directory = /opt/local/share/man mydestination = localhost.$mydomain, localhost, $mydomain, $myhostname, 192.168.2.0/24, 83.228.3.226 mydomain = mail.mydomain.net myhostname = mail.mydomain.net mynetworks = localhost.$mydomain, localhost, $mydomain, $myhostname, 192.168.2.0/24, 83.228.3.226 mynetworks_style = host newaliases_path = /opt/local/bin/newaliases readme_directory = /opt/local/share/postfix sample_directory = /opt/local/share/postfix/sample sendmail_path = /opt/local/sbin/sendmail setgid_group = postdrop smtpd_recipient_restrictions = permit_mynetworks,permit_sasl_authenticated,reject_unauth_destination smtpd_sasl_auth_enable = yes smtpd_sasl_authenticated_header = yes smtpd_sasl_security_options = noanonymous unknown_local_recipient_reject_code = 550 virtual_alias_maps = hash:/etc/postfix/virtual [/code:1]
smtpd.conf: [code:1]pwcheck_method: saslauthd mech_list: PLAIN LOGIN CRAM-MD5 DIGEST-MD5[/code:1]
Thanks in advance... Tony
ps: "mydomain" in the logs and config is NOT my real hostname of course
EDIT: Allow me one more question regarding this problem... Where does SASL actually get the passwords from?? Would I not need something like this in my main.cf: smtp_sasl_password_maps = hash:/etc/postfix/saslpass<br><br>Post edited by: tony.p, at: 2007/08/16 17:46
Your mech_list is wrong. Get rid of everything except PLAIN and LOGIN (these are the only two that work with shadow or PAM). You would need some sort of SASL DB if you wanted to use any of the other types (and then you'd have yet another password/user database to maintain).
I dunno if that's the only problem--some clients will work anyway with this configuration, while others (Outlook, evil, evil, evil Outlook) will fail in odd and permanent ways (permanent in the sense that you have to restart the whole damned computer to get it to work--at least I think this is one of those circumstances that can put Outlook into that state on permanent non-workage, but I might be misremembering).
--
Check out the forum guidelines!
Thanks Joe...
I figured that I had to remove CRAM-MD5 DIGEST-MD5 again. Well but afterwards it still would not work so I went again to check my DNS and found that my internal IP was not resolving the way it should have. And what can I say.. I got rid again of the second account, changed the DNS entry a bit here and there and voila.. After adding the account into my MUA again it just worked!
It never fails, if you fiddle long enough with something like DNS or Postfix you will break it eventually without even knowing it.
Well anyway, thanks for answering my post so fast..
Tony
Awesome. Thanks for the update. Henceforth, we'll be referring all Mac OS X queries to you, our resident expert. ;-)
--
Check out the forum guidelines!