issue with sasl on postfix 3.5.9

issue with sasl on postfix 3.5.9

Postby danbuchanan » Apr 30th, '21, 16:38

ok so I'm missing something here. I've already done a lot of searching and can't seem to find the proper answer for mageia. The package cyrus-sasl-plain doesn't exist.
this is from a fresh install so there shouldn't be any 'garbage' lying around. my outgoing mail is sent to the submission port (578). I'm using directions found here: https://datacadamia.com/marketing/email ... ssion_conf
I've had this working before on a mageia 6 version but not on 8, I'm using dovecot, which is working, and imap as the mailbox type. My internal domain and external are different. Also I've made some changes to the main.cf as part of the debugging process.

I've listed the warnings from the syslog and my main.cf file.
Apr 30 09:52:57 pokedex postfix/smtpd[662453]: warning: SASL authentication problem: unknown password verifier(s) auxprop
Apr 30 09:52:57 pokedex postfix/smtpd[662453]: warning: SASL authentication failure: Password verification failed
Apr 30 09:52:57 pokedex postfix/smtpd[662453]: warning: unknown[10.1.1.214]: SASL PLAIN authentication failed: no mechanism available
Apr 30 09:52:57 pokedex postfix/smtpd[662453]: warning: SASL authentication problem: unknown password verifier(s) auxprop
Apr 30 09:52:57 pokedex postfix/smtpd[662453]: warning: unknown[10.1.1.214]: SASL LOGIN authentication failed: no mechanism available

Code: Select all
# This file contains only the parameters changed from a default install
# see /etc/postfix/main.cf.dist for a commented, fuller version of this file.

# These are changed by postfix install script
readme_directory = /usr/share/doc/postfix/README_FILES
html_directory = /usr/share/doc/postfix/html
sendmail_path = /usr/sbin/sendmail.postfix
setgid_group = postdrop
command_directory = /usr/sbin
manpage_directory = /usr/share/man
daemon_directory = /usr/libexec/postfix
data_directory = /var/lib/postfix
newaliases_path = /usr/bin/newaliases
mailq_path = /usr/bin/mailq

# User configurable parameters

compatibility_level = 2
inet_protocols = all
mynetworks_style = subnet
#delay_warning_time = 4h
smtpd_banner = $myhostname ESMTP $mail_name ($mail_version) (Mageia Linux)
unknown_local_recipient_reject_code = 450
smtp-filter_destination_concurrency_limit = 2
lmtp-filter_destination_concurrency_limit = 2
# enable opportunistic TLS when receiving
smtpd_use_tls = yes
smtpd_tls_cert_file = /etc/pki/tls/certs/postfix.pem
smtpd_tls_key_file = /etc/pki/tls/private/postfix.pem
smtpd_tls_CAfile = /etc/pki/tls/certs/ca-bundle.crt
# enable opportunistic TLS when sending
smtp_tls_security_level = may
smtp_tls_CAfile = /etc/pki/tls/certs/ca-bundle.crt
meta_directory = /etc/postfix
shlib_directory = /usr/lib64
mydestination = $myhostname, localhost.$mydomain, $mydomain, laureltree.org
mynetworks = 127.0.0.0/8 10.1.1.0/24
relayhost = [mailout2.zoneedit.com]:587
myorigin = laureltree.org
myhostname = pokeball.pokemon
mydomain = pokemon
mail_spool_directory = /var/spool/mail
mailbox_command = /bin/procmail
smtpd_recipient_restrictions = permit_mynetworks permit_sasl_authenticated
smtpd_sasl_auth_enable = yes
smtpd_tls_auth_only = no
smtpd_relay_restrictions = ${{$compatibility_level} < {1} ? {} : {permit_mynetworks, permit_sasl_authenticated, defer_unauth_destination}}
smtp_sasl_password_maps = hash:/etc/postfix/smtp_sasl_password_map
virtual_alias_maps = hash:/etc/postfix/vdomain
smtpd_sasl_security_options = noanonymous
smtp_use_tls = yes
smtp_sasl_security_options = noanonymous


Guess the master file is needed as well...
Code: Select all
#
# Postfix master process configuration file.  For details on the format
# of the file, see the master(5) manual page (command: "man 5 master" or
# on-line: http://www.postfix.org/master.5.html).
#
# Do not forget to execute "postfix reload" after editing this file.
#
# The script postfix-chroot.sh can be used to set up a Postfix chroot
# environment on your Mageia System.
#
# ==========================================================================
# service type  private unpriv  chroot  wakeup  maxproc command + args
#               (yes)   (yes)   (no)    (never) (100)
# ==========================================================================
smtp   inet   n   -   y   -   -   smtpd
#smtp      inet  n       -       n       -       1       postscreen
#smtpd     pass  -       -       n       -       -       smtpd
#dnsblog   unix  -       -       n       -       0       dnsblog
#tlsproxy  unix  -       -       n       -       0       tlsproxy
submission inet n       -       n       -       -       smtpd
  -o syslog_name=postfix/submission
  -o smtpd_tls_security_level=encrypt
  -o smtpd_sasl_auth_enable=yes
  -o smtpd_tls_auth_only=yes
  -o smtpd_reject_unlisted_recipient=no
  -o smtpd_client_restrictions=$mua_client_restrictions
  -o smtpd_helo_restrictions=$mua_helo_restrictions
  -o smtpd_sender_restrictions=$mua_sender_restrictions
  -o smtpd_recipient_restrictions=
  -o smtpd_relay_restrictions=permit_sasl_authenticated,reject
  -o milter_macro_daemon_name=ORIGINATING
#smtps     inet  n       -       n       -       -       smtpd
#  -o syslog_name=postfix/smtps
#  -o smtpd_tls_wrappermode=yes
#  -o smtpd_sasl_auth_enable=yes
#  -o smtpd_reject_unlisted_recipient=no
#  -o smtpd_client_restrictions=$mua_client_restrictions
#  -o smtpd_helo_restrictions=$mua_helo_restrictions
#  -o smtpd_sender_restrictions=$mua_sender_restrictions
#  -o smtpd_recipient_restrictions=
#  -o smtpd_relay_restrictions=permit_sasl_authenticated,reject
#  -o milter_macro_daemon_name=ORIGINATING
#628       inet  n       -       n       -       -       qmqpd
pickup   unix   n   -   y   60   1   pickup
  -o content_filter=
  -o receive_override_options=
cleanup   unix   n   -   y   -   0   cleanup
qmgr   unix   n   -   y   300   1   qmgr
#qmgr     unix  n       -       n       300     1       oqmgr
tlsmgr   unix   -   -   y   1000?   1   tlsmgr
rewrite   unix   -   -   y   -   -   trivial-rewrite
bounce   unix   -   -   y   -   0   bounce
defer   unix   -   -   y   -   0   bounce
trace   unix   -   -   y   -   0   bounce
verify   unix   -   -   y   -   1   verify
flush   unix   n   -   y   1000?   0   flush
proxymap  unix  -       -       n       -       -       proxymap
proxywrite unix -       -       n       -       1       proxymap
smtp   unix   -   -   y   -   -   smtp
relay   unix   -   -   y   -   -   smtp
        -o syslog_name=postfix/$service_name
#       -o smtp_helo_timeout=5 -o smtp_connect_timeout=5
showq   unix   n   -   y   -   -   showq
error   unix   -   -   y   -   -   error
retry   unix   -   -   y   -   -   error
discard   unix   -   -   y   -   -   discard
local     unix  -       n       n       -       -       local
virtual   unix  -       n       n       -       -       virtual
lmtp   unix   -   -   y   -   -   lmtp
anvil   unix   -   -   y   -   1   anvil
scache   unix   -   -   y   -   1   scache
postlog   unix-dgram   n   -   y   -   1   postlogd
#
# ====================================================================
# Interfaces to non-Postfix software. Be sure to examine the manual
# pages of the non-Postfix software to find out what options it wants.
#
# Many of the following services use the Postfix pipe(8) delivery
# agent.  See the pipe(8) man page for information about ${recipient}
# and other message envelope options.
# ====================================================================
#
# maildrop. See the Postfix MAILDROP_README file for details.
# Also specify in main.cf: maildrop_destination_recipient_limit=1
#
#maildrop  unix  -       n       n       -       -       pipe
#  flags=DRXhu user=nobody argv=/usr/bin/maildrop -d ${recipient}
#
# ====================================================================
#
# Please See the Postfix CYRUS_README file for details
# deliver interface (deprecated), to use this also use
# postconf -e cyrus-deliver_destination_recipient_limit=1
cyrus-deliver     unix  -       n       n       -       -       pipe
  flags=DRX user=cyrus argv=/usr/lib/cyrus-imapd/deliver -e -r ${sender} -m ${extension} ${user}
#
# for default cyrus socket placement
#cyrus     unix  -       n       n       -       -       lmtp
#  -o lmtp_cache_connection=yes
#
# if you configure cyrus socket in the chroot jail
#cyrus-chroot     unix  -       -       y       -       -       lmtp
#  -o lmtp_cache_connection=yes
#
# for lmtp to cyrus via tcp
cyrus-inet   unix   -   -   y   -   -   lmtp
  -o lmtp_sasl_auth_enable=yes
  -o lmtp_sasl_password_maps=hash:/etc/postfix/cyrus_lmtp_sasl_pass
  -o lmtp_sasl_security_options=noanonymous
#  -o lmtp_cache_connection=yes
#
# ====================================================================
#
# See the Postfix UUCP_README file for configuration details.
#
#uucp      unix  -       n       n       -       -       pipe
#  flags=Fqhu user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail ($recipient)
#
# ====================================================================
#
# Other external delivery methods.
# These are not distributed with Mageia
#
#ifmail    unix  -       n       n       -       -       pipe
#  flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient)
#
#bsmtp     unix  -       n       n       -       -       pipe
#  flags=Fq. user=bsmtp argv=/usr/local/sbin/bsmtp -f $sender $nexthop $recipient
#
#scalemail-backend unix -       n       n       -       2       pipe
#  flags=R user=scalemail argv=/usr/lib/scalemail/bin/scalemail-store
#  ${nexthop} ${user} ${extension}
#
#mailman   unix  -       n       n       -       -       pipe
#  flags=FRX user=list argv=/usr/lib/mailman/bin/postfix-to-mailman.py
#  ${nexthop} ${user}
#
##### START OF CONTENT FILTER CUSTOMIZATIONS #####
# Please see the Postfix FILTER_README for details.
# These sample entries expect your content filter to
# listen on port 10025 and to inject mail back into
# postfix on port 10026.
#
# to enable such content filter run the command
#    postconf -e content_filter=smtp-filter:127.0.0.1:10025
#    postconf -e smtp-filter_destination_concurrency_limit=2
# or
#    postconf -e content_filter=lmtp-filter:127.0.0.1:10025
#    postconf -e lmtp-filter_destination_concurrency_limit=2
# and the command
#    postconf -e receive_override_options=no_address_mappings
#
# adjust the value of ?mtp-filter_destination_concurrency_limit
# to match the maximum number of process your content filter
# will spawn.
#
127.0.0.1:10026   inet   n   -   y   -   -   smtpd
  -o content_filter=
  -o smtpd_restriction_classes=
  -o smtpd_client_restrictions=permit_mynetworks,reject
  -o smtpd_helo_restrictions=
  -o smtpd_sender_restrictions=
  -o smtpd_end_of_data_restrictions=
  -o smtpd_etrn_restrictions=
  -o smtpd_data_restrictions=
  -o smtpd_delay_reject=no
  -o smtpd_recipient_restrictions=permit_mynetworks,reject
  -o mynetworks=127.0.0.0/8
  -o smtpd_authorized_xforward_hosts=127.0.0.0/8
  -o strict_rfc821_envelopes=yes
  -o smtpd_error_sleep_time=0
  -o smtpd_soft_error_limit=1001
  -o smtpd_hard_error_limit=1000
  -o receive_override_options=no_unknown_recipient_checks,no_header_body_checks
#
lmtp-filter   unix   -   -   y   -   -   lmtp
  -o lmtp_data_done_timeout=1200
  -o lmtp_send_xforward_command=yes
  -o max_use=20
#  -o lmtp_cache_connection=no
#
smtp-filter   unix   -   -   y   -   -   smtp
  -o smtp_data_done_timeout=1200
  -o smtp_send_xforward_command=yes
  -o max_use=20
#
##### END OF CONTENT FILTER CUSTOMIZATIONS #####

danbuchanan
 
Posts: 9
Joined: Mar 10th, '21, 18:27

Re: issue with sasl on postfix 3.5.9

Postby danbuchanan » May 5th, '21, 20:52

Ok i see a lot of views but no one has answered, yet. so either this is a common and unsolved problem or I've done something very silly and obvious. if the latter is the case, please know that my life right now is very strained and i could just use a second pair of eyes to tell me what I've missed. I promise to forehead myself after...
danbuchanan
 
Posts: 9
Joined: Mar 10th, '21, 18:27

Re: issue with sasl on postfix 3.5.9

Postby doktor5000 » May 6th, '21, 00:33

Dumb question, you only want to send mail via postfix IIRC, because you have e.g. both smtp_tls_ and smtpd_tls_ settings enabled ?
I also don't see any setting for smtpd_sasl_type? Might also be helpful if you could check your /etc/sysconfig/saslauthd. Although I've not yet set this up myself, so could be talking out my arse here ...
What do you get currently if you connect to localhost on port 25 and send EHLO ?

Also FWIW the package you're looking for should be called cyrus-sasl which should pull in libsasl2-plug-plain IIRC.

And for some example setups you may want to compare a few things against e.g.
https://www.howtoforge.com/virtual-user ... -x86_64-p2
http://www.postfix.org/SASL_README.html
Cauldron is not for the faint of heart!
Caution: Hot, bubbling magic inside. May explode or cook your kittens!
----
Disclaimer: Beware of allergic reactions in answer to unconstructive complaint-type posts
User avatar
doktor5000
 
Posts: 16741
Joined: Jun 4th, '11, 10:10
Location: Leipzig, Germany

Re: issue with sasl on postfix 3.5.9

Postby danbuchanan » May 11th, '21, 16:20

when I send ehlo i get the 250 status messages back. As for the sasl package, i already have that installed. I used webmin to do the setup so i must have missed something there. I'll use the links you gave and go over them once i get healthier. I have chronic asthma and it's active right now. which is why I'm so late in getting back. Thanks for the reply. I'll forehead my self when i can do so without falling over....
danbuchanan
 
Posts: 9
Joined: Mar 10th, '21, 18:27

Re: issue with sasl on postfix 3.5.9

Postby doktor5000 » May 11th, '21, 16:48

Maybe it would be helpful if you could also post the status messages, as those indicate whether e.g. SASL is enabled for a client or not.
Cauldron is not for the faint of heart!
Caution: Hot, bubbling magic inside. May explode or cook your kittens!
----
Disclaimer: Beware of allergic reactions in answer to unconstructive complaint-type posts
User avatar
doktor5000
 
Posts: 16741
Joined: Jun 4th, '11, 10:10
Location: Leipzig, Germany


Return to Networking

Who is online

Users browsing this forum: No registered users and 1 guest