Learn how to a build a cloud-first strategyRegister Now

x
?
Solved

Postfix - How do I set up a relay so that external users who are logged into the server can email outside the domain?

Posted on 2006-05-21
45
Medium Priority
?
498 Views
Last Modified: 2010-05-18
I didn't see any specific area to post Postfix questions so I hope that this is acceptable.

I have recently setup a postfix email server to replace the "old" sendmail server.  Everything appears to be working correct except that when a road warrior logs on to the postfix email serve from outside the building, he cannot send email out to anyone outside the company.

When I log on from insdie the firewall, I can send to local email address as well as outside.  The road warriors can receive their email and send to people within the company, but not outside (they use to be able to).

I believe that the problem is in the /etc/postfix/main.cf file.  There is an area in the file for relayhost.  I believe that it can be configured so that if a person from the outside can log on to the server and receive his email, he will be authorized to relay his email.  

Could someone tell me specifically what I need to do?


Tomorrow morning I need to get to work early and hopefully with your help, I'll be able to have this working before people show up.


Thank-you in advance.
0
Comment
Question by:CME-IT
  • 27
  • 14
  • 2
  • +2
45 Comments
 
LVL 15

Assisted Solution

by:DonConsolio
DonConsolio earned 300 total points
ID: 16730800
What your are looking for is "authenticated smtp"
check your postfix documentation for "smtpd_sasl_auth_enable = yes"

0
 
LVL 3

Expert Comment

by:fajar79
ID: 16731468
enable smtp auth mechanisms, these are some settings that you may need to configure in your postfix to support smtp auth.

smtpd_sender_restrictions = reject_non_fqdn_sender permit_sasl_authenticated reject_unknown_sender_domain reject_unauth_pipelining permit

smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_non_fqdn_recipient, reject_non_fqdn_sender, reject_unknown_sender_domain, reject_unknown_recipient_domain, reject_unauth_pipelining, reject_unauth_destination, reject_unlisted_recipient

smtpd_sasl_auth_enable = yes
broken_sasl_auth_clients = yes
smtpd_sasl_security_options = noanonymous
smtpd_sasl_local_domain =

but firstly you need to install make sure your postfix support SASL and after that you'll need to install cyrus-sasl package.
0
 

Author Comment

by:CME-IT
ID: 16734031
I made all the changes that fajar79 suggested.  Everything is working as before, however the road warriors still cannot send emails.

0
Windows Server 2016: All you need to know

Learn about Hyper-V features that increase functionality and usability of Microsoft Windows Server 2016. Also, throughout this eBook, you’ll find some basic PowerShell examples that will help you leverage the scripts in your environments!

 
LVL 12

Expert Comment

by:Heem14
ID: 16736982
make sure your "road warriors" have set their mail client to send their username and password along with their smtp request. I've yet to come across a mail client that does not have this option available.
0
 
LVL 25

Expert Comment

by:Cyclops3590
ID: 16737581
you need to make postfix aware of the cyrus-sasl as well.
Look at this previous question.
http://www.experts-exchange.com/Operating_Systems/Linux/Linux_Setup/Q_21798494.html
0
 
LVL 3

Assisted Solution

by:fajar79
fajar79 earned 500 total points
ID: 16739082
here is the smtp banner when you type ehlo in your smtp server.

ehlo test
250-xxx.yyyyyyy.zzz
250-PIPELINING
250-SIZE 10240000
250-ETRN
250-AUTH PLAIN LOGIN
250-AUTH=PLAIN LOGIN
250 8BITMIME

if you don't see the AUTH banner there, i believe the the postfix sasl is not available, but if thereis, and you have setup the mailclient to send the username & password when sending email, but still failed, i think there is something wrong with the cyrus-sasl installation.
0
 
LVL 25

Accepted Solution

by:
Cyclops3590 earned 1200 total points
ID: 16741619
fajar79, that's just it, if you add the sasl lines in the config, then postfix thinks it has sasl auth capabilities.  you have to tell it what method to use, what password mechanisms are ok, etc.  And if you use the sasldb method, then you have to create a sasl account for each user needing to send email.  That is why a person should really use the saslauthd with shadow verification to authenticate.  Much easier.

The reason I think this is the problem is because it wasn't stated anywhere else that he did the rest of the steps outlined in the URL I posted.
0
 

Author Comment

by:CME-IT
ID: 16741809
At / while logged in as root on the mail server, I typed in ehlo and I got an error message:
command not found

I did make a change to the main.cf file.  I added the bosses home ip address to the mynetworks = line.

The boss can now email out, but I don't like this solution.  I still want to work on using SASL_AUTHMECH

I have created a directory /etc/postfix/sasl

I have created a file smtpd.conf  Does this file go in /etc/postfix or /etc/postfix/sasl   ?

I have edit the /etc/sysconfig/saslauthd file to include SASL_AUTHMECH="shadow"

Once I know that I have place the smtpd.conf file in the right place, should I restart the postfix service or is there something else that I need to do?

Thank-you

0
 
LVL 25

Expert Comment

by:Cyclops3590
ID: 16741872
goes in /etc/postfix/sasl/

restart postfix and saslauthd, then you should be good

also, ehlo is a smtp command
from the command line type:
telnet <ip of server> 25
then you will be presented with your mail server banner, that is when you issue the ehlo command
0
 

Author Comment

by:CME-IT
ID: 16742158
I restarted postfix and saslauthd but I still have the same problem.  Is it possible that I do not have something set correctly in main.cf?

0
 
LVL 25

Expert Comment

by:Cyclops3590
ID: 16742183
please post your main.cf and /etc/sysconfig/saslauthd and /etc/postfix/sasl/smtpd.conf
0
 

Author Comment

by:CME-IT
ID: 16742456
First I want to thank all of you for your help.  I can't say that enough.

Here are the files, I stripped out the comments, hopefully I didn't strip out something else.

# main.cf
command_directory = /usr/sbin

#
daemon_directory = /usr/libexec/postfix
#

myorigin = $mydomain

mydestination = mailhost.company.com $myhostname localhost.$mydomain $mydomain

#
local_recipient_maps = unix:passwd.byname $alias_maps

#
unknown_local_recipient_reject_code = 550

mynetworks = 71.x.x.x, 127.0.0.0/8

#
relay_domains = $mydestination

alias_maps = hash:/etc/aliases

mail_spool_directory = /var/spool/mail

#
debug_peer_level = 2

debugger_command =
       PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin
       xxgdb $daemon_directory/$process_name $process_id & sleep 5
#
sendmail_path = /usr/sbin/sendmail.postfix

#
newaliases_path = /usr/bin/newaliases.postfix

mailq_path = /usr/bin/mailq.postfix

setgid_group = postdrop
#
html_directory = no

manpage_directory = /usr/share/man
#
sample_directory = /usr/share/doc/postfix-2.1.5/samples

readme_directory = /usr/share/doc/postfix-2.1.5/README_FILES

smtpd_sender_restrictions = reject_non_fqdn_sender permit_sasl_authenticated reject_unknown_sender_domain reject_unauth_pipelining permit

smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_non_fqdn_recipient, reject_non_fqdn_sender, reject_unknown_sender_domain, reject_unknown_recipient_domain, reject_unauth_pipelining, reject_unauth_destination, reject_unlisted_recipient

smtpd_sasl_local_domain =

smtpd_sasl_auth_enable = yes
smtpd_sasl_security_options = noanonymous
broken_sasl_auth_clients = yes

message_size_limit = 20971520
mailbox_size_limit = 104857600

delay_notice_recipient = bwilson@custom-mfg-eng.com
bounce_notice_recipient = bwilson@custom-mfg-eng.com
2bounce_notice_recipient = bwilson@custom-mfg-eng.com
error_notice_recipient = bwilson@custom-mfg-eng.com


 *********** /etc/sysconfg/saslauthd

SOCKETDIR=/var/run/saslauthd

MECH=pam

FLAGS=

SASL_AUTHMECH="shadow"

 *********** /etc/postfix/sasl/smtpd.conf file

mech_list: plain login
pwcheck_method: saslauthd
log_level:    3



0
 
LVL 25

Expert Comment

by:Cyclops3590
ID: 16742648
main.cf - add the following
----------------------
smtpd_sasl_path = /etc/postfix/sasl

/etc/sysconfig/saslauthd - make contents the following
-------------------------------
SASL_AUTHMECH="shadow"
SASL_MECH_OPTIONS=
SASLAUTHD_OPTS=

make sure that the sasl directory and the smtpd.conf are owned by postfix.

also, do you run postfix chroot'd
basically post the contents of /etc/init.d/saslauthd so that we know that postfix has its own hardlink copy of the mux= socket file to saslauthd for authentication.
0
 

Author Comment

by:CME-IT
ID: 16743050
Both the sasl directory and the smtpd.conf are now owned by postfix

I do not understand <do you run postfix chroot'd>

here is the /etc/init.d/saslauthd file.

#! /bin/bash
#
# saslauthd      Start/Stop the SASL authentication daemon.
#
# chkconfig: - 95 05
# description: saslauthd is a server process which handles plaintext \
#              authentication requests on behalf of the cyrus-sasl library.
# processname: saslauthd

# Source function library.
. /etc/init.d/functions

# Source our configuration file for these variables.
SOCKETDIR=/var/run/saslauthd
MECH=shadow
FLAGS=
if [ -f /etc/sysconfig/saslauthd ] ; then
      . /etc/sysconfig/saslauthd
fi

RETVAL=0

# Set up some common variables before we launch into what might be
# considered boilerplate by now.
prog=saslauthd
path=/usr/sbin/saslauthd

# Ugh. Switch to a specific copy of saslauthd if there's one with $MECH
# in its name, in case it wasn't included in the base cyrus-sasl package
# because it would have dragged in too many undesirable dependencies.
if test -x ${path}.${MECH} ; then
      path=/usr/sbin/saslauthd.$MECH
fi

start() {
      echo -n $"Starting $prog: "
      daemon $path -m $SOCKETDIR -a $MECH $FLAGS
      RETVAL=$?
      echo
      [ $RETVAL -eq 0 ] && touch /var/lock/subsys/$prog
      return $RETVAL
}

stop() {
      echo -n $"Stopping $prog: "
      killproc $path
      RETVAL=$?
      echo
      [ $RETVAL -eq 0 ] && rm -f /var/lock/subsys/$prog
      return $RETVAL
}      

restart() {
        stop
      start
}      

case "$1" in
  start)
        start
      ;;
  stop)
        stop
      ;;
  restart)
        restart
      ;;
  status)
      status $path
      ;;
  condrestart)
        [ -f /var/lock/subsys/$prog ] && restart || :
      ;;
  *)
      echo $"Usage: $0 {start|stop|status|reload|restart|condrestart}"
      exit 1
esac

exit $?
0
 
LVL 25

Expert Comment

by:Cyclops3590
ID: 16743208
look in your master.cf, there is a chroot column.  this basically means that if you run postfix chroot'd then even if it gets hacked, the hacker can't compromise the rest of your machine, only postfix's chroot jailed environment.

your saslauthd script doesn't create a hardlink.  I need to look thru mine and find exactly what it does and then I'll post again.
0
 

Author Comment

by:CME-IT
ID: 16744774
Here is my master.cf file.   I see the chroot column.  Do I need to change any of the settings?

Thank-you

#
# ==========================================================================
# service type  private unpriv  chroot  wakeup  maxproc command + args
#               (yes)   (yes)   (yes)   (never) (100)
# ==========================================================================
smtp      inet  n       -       n       -       -       smtpd
smtps      inet      n      -      n      -      -      smtpd -o smtpd_tls_wrappermode=yes -o smtpd_sasl_auth_enable=yes
submission      inet      n      -      n      -      -      smtpd -o smtpd_enforce_tls=yes -o smtpd_sasl_auth_enable=yes -o smtpd_etrn_restrictions=reject
#628      inet  n       -       n       -       -       qmqpd
pickup    fifo  n       -       n       60      1       pickup
cleanup   unix  n       -       n       -       0       cleanup
qmgr      fifo  n       -       n       300     1       qmgr
#qmgr     fifo  n       -       n       300     1       oqmgr
#tlsmgr   fifo  -       -       n       300     1       tlsmgr
rewrite   unix  -       -       n       -       -       trivial-rewrite
bounce    unix  -       -       n       -       0       bounce
defer     unix  -       -       n       -       0       bounce
trace     unix  -       -       n       -       0       bounce
verify    unix  -       -       n       -       1       verify
flush     unix  n       -       n       1000?   0       flush
proxymap  unix  -       -       n       -       -       proxymap
smtp      unix  -       -       n       -       -       smtp
relay     unix  -       -       n       -       -       smtp
#       -o smtp_helo_timeout=5 -o smtp_connect_timeout=5
showq     unix  n       -       n       -       -       showq
error     unix  -       -       n       -       -       error
local     unix  -       n       n       -       -       local
virtual   unix  -       n       n       -       -       virtual
lmtp      unix  -       -       n       -       -       lmtp
anvil     unix  -       -       n       -       1       anvil
#

#
maildrop  unix  -       n       n       -       -       pipe
  flags=DRhu user=vmail argv=/usr/local/bin/maildrop -d ${recipient}
#
# The Cyrus deliver program has changed incompatibly, multiple times.
#
old-cyrus unix  -       n       n       -       -       pipe
  flags=R user=cyrus argv=/usr/lib/cyrus-imapd/deliver -e -m ${extension} ${user}

cyrus     unix  -       n       n       -       -       pipe
  user=cyrus argv=/usr/lib/cyrus-imapd/deliver -e -r ${sender} -m ${extension} ${user}
uucp      unix  -       n       n       -       -       pipe
  flags=Fqhu user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail ($recipient)
ifmail    unix  -       n       n       -       -       pipe
  flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient)
bsmtp     unix  -       n       n       -       -       pipe
  flags=Fq. user=foo argv=/usr/local/sbin/bsmtp -f $sender $nexthop $recipient

0
 
LVL 25

Expert Comment

by:Cyclops3590
ID: 16744844
nope

ok, lets try to see if it is actually working.  restart postfix and saslauthd, then try to send.
then look at the logs "/var/log/mail/info"
do
tail -10000 /var/log/mail/info | grep sasl
that should produce a line with the username you tried to authenticate as and some other sasl info
0
 

Author Comment

by:CME-IT
ID: 16745593
I am waiting for my tester to try to send a message from outside.  In the mean time, I looked for the /var/log/mail/info file.

The only thing in that directory is a file called statistics
0
 

Author Comment

by:CME-IT
ID: 16745838
My tester tried to send an email and it did not work.  

What should I try next?

Thanks
0
 

Author Comment

by:CME-IT
ID: 16745911
My tester is getting a

554 transaction failed

message.

I have been restarting Dovecot, Postfix, and saslauthd

Does it matter what order I restart them in?
0
 
LVL 25

Expert Comment

by:Cyclops3590
ID: 16746134
dovecot is just the pop3/imap server so you can disregard that. and no, it doesn't matter, you just need to restart them to ensure that the daemons re-read the configs.

you can also look at /var/log/syslog and modify the previous command to do this
tail -10000 /var/log/syslog | grep postfix | grep sasl

what is the client of your remote test, also you can test it out yourself even though you are on one of the mynetworks because the logs should show the sasl_username line.  also change this line in the master.cf
smtp      inet  n       -       n       -       -       smtpd
to this
smtp      inet  n       -       n       -       -       smtpd -v -v

this will turn on verbose logging and show the smtp communication that is happening.  also, look in the /etc/syslog.conf to see where the mail logs are being stored if they even are broken off, there isn't any lines specifically saying mail, then the /var/log/syslog log file contains those logs.
0
 

Author Comment

by:CME-IT
ID: 16746357
I will make the change to the master.cf file as soon as I post this.

/var/log/maillog  output

mailhost postfix/smtpd[4062]: warning: SASL authentication problem: unable to open Berkeley db /etc/sasldb2: No such file or directory

mailhost postfix/smtpd[4062]: 3ACC93F9107: client=unknown[192.x.x.x], sasl_method=PLAIN, sasl_username=xxxxxx
(this was one of our users who forgot his password)
0
 

Author Comment

by:CME-IT
ID: 16746375
I made the change to master.cf  

Do I need to restart it?  (How?) :(
0
 
LVL 25

Expert Comment

by:Cyclops3590
ID: 16746520
/etc/init.d/postfix restart

before you do though, i think postfix is grabbing its sasl parameters from a different file than we want it to. you did put
smtpd_sasl_path = /etc/postfix/sasl
into the main.cf, correct?
0
 

Author Comment

by:CME-IT
ID: 16746680
let me check
0
 

Author Comment

by:CME-IT
ID: 16746714
I double checked and it is in the correct

0
 
LVL 25

Expert Comment

by:Cyclops3590
ID: 16746811
what are the results of this:
find / -name smtpd.conf
0
 

Author Comment

by:CME-IT
ID: 16746865
/etc/postfix/sasl/smtpd.conf
/var/ftp/pub/smtpd.conf
/usr/lib/sasl2/smtpd.conf
/usr/lib/sasl/smtpd.conf
0
 

Author Comment

by:CME-IT
ID: 16746927
the /etc/postfix/sasl/smtpd.conf file has the changes that you recommended

The two /usr files are different.

the /var/ftp  is a copy of the /etc/postfix file

0
 

Author Comment

by:CME-IT
ID: 16747086
modified the two /usr files so that they are the same as /etc/postfix/sasl/smtpd.conf

I will be restarting postfix and running another test
0
 

Author Comment

by:CME-IT
ID: 16750129
I ran the test and I got the same error message
0
 
LVL 25

Expert Comment

by:Cyclops3590
ID: 16750217
what do the logs say....and to go back to an earlier post, you did configure the client to say that your server requires authentication, right? what client are you using again
0
 

Author Comment

by:CME-IT
ID: 16750279

pop-before-smtp has been suggested to me.  Do any of you experts have any experiece with it?

Thank-you

0
 
LVL 25

Expert Comment

by:Cyclops3590
ID: 16750325
Change
smtpd_sasl_local_domain =
to
smtpd_sasl_local_domain = $myhostname
0
 

Author Comment

by:CME-IT
ID: 16750681
I made the change and restarted postfix.  I will repost after I test
0
 

Author Comment

by:CME-IT
ID: 16750717
no change
0
 
LVL 25

Expert Comment

by:Cyclops3590
ID: 16750773
can I see some output from the logs, also, your positive that the client is configured right, correct?
0
 

Author Comment

by:CME-IT
ID: 16750827
Here is the result of the maillog  The last entry is one of our people who apparently entered the wrong password.

May 24 09:02:31 mailhost postfix/smtpd[13808]: generic_checks: name=permit_sasl_authenticated
May 24 09:02:31 mailhost postfix/smtpd[13808]: generic_checks: name=permit_sasl_authenticated status=0
May 24 09:02:31 mailhost postfix/smtpd[13808]: generic_checks: name=permit_sasl_authenticated
May 24 09:02:31 mailhost postfix/smtpd[13808]: generic_checks: name=permit_sasl_authenticated status=0
May 24 09:02:38 mailhost postfix/smtpd[13886]: smtpd_sasl_authenticate: sasl_method PLAIN, init_response AHJicnVubwBwYXNzd29yZA==
May 24 09:02:38 mailhost postfix/smtpd[13886]: smtpd_sasl_authenticate: decoded initial response
May 24 09:02:38 mailhost postfix/smtpd[13886]: generic_checks: name=permit_sasl_authenticated
May 24 09:02:38 mailhost postfix/smtpd[13886]: generic_checks: name=permit_sasl_authenticated status=1
May 24 09:02:38 mailhost postfix/smtpd[13886]: generic_checks: name=permit_sasl_authenticated
May 24 09:02:38 mailhost postfix/smtpd[13886]: generic_checks: name=permit_sasl_authenticated status=1
May 24 09:02:38 mailhost postfix/smtpd[13886]: D27133F9115: client=unknown[192.x.x.x], sasl_method=PLAIN, sasl_username=name@mailhost.company.com
0
 

Author Comment

by:CME-IT
ID: 16750850
Today we used a different client that we did yesterday.  The client can logon to the mailserver and download their mail as well as send email to people internally.  Several diffenent people have mentioned that they cannot send emails out, but no one has mentioned that they cannot receive their emails from outside.  There have been no complaints about anything internally.
0
 

Author Comment

by:CME-IT
ID: 16750872
The client who was testing yesterday was able to relay emails when we added his ip to the file.  We did that as a test.  Afterwards we removed that ip.  We are going thru a firewall, but once again, when a specific ip was added, emails could be relayed.
0
 

Author Comment

by:CME-IT
ID: 16751074

in main.cf we had added a specific ip and that did work for that one person.  I noticed that the ip is still there.  could that be causing problems?  the line is listed below with the ip number replaced with x

mynetworks = 71.x.x.x, 127.0.0.0/8

0
 
LVL 25

Expert Comment

by:Cyclops3590
ID: 16751378
can we get a little more of the logs, for mine a session looks like this



May 24 09:48:58 mail postfix/smtpd[3179]: dict_lookup: smtpd_recipient_restrictions = permit_mynetworks  permit_sasl_authenticated  reject_unauth_destination  check_helo_access pcre:/etc/postfix/helo_checks
May 24 09:48:58 mail postfix/smtpd[3179]: mac_parse: permit_mynetworks  permit_sasl_authenticated  reject_unauth_destination  check_helo_access pcre:/etc/postfix/helo_checks
May 24 09:48:58 mail postfix/smtpd[3179]: dict_eval: const  permit_mynetworks  permit_sasl_authenticated  reject_unauth_destination  check_helo_access pcre:/etc/postfix/helo_checks
May 24 09:48:58 mail postfix/smtpd[3179]: dict_lookup: smtpd_sasl_security_options = noanonymous
May 24 09:48:58 mail postfix/smtpd[3179]: dict_lookup: smtpd_sasl_application_name = (notfound)
May 24 09:48:58 mail postfix/smtpd[3179]: dict_update: smtpd_sasl_application_name = smtpd
May 24 09:48:58 mail postfix/smtpd[3179]: dict_lookup: smtpd_sasl_path = /etc/postfix/sasl:/usr/lib/sasl2
May 24 09:48:58 mail postfix/smtpd[3179]: mac_parse: /etc/postfix/sasl:/usr/lib/sasl2
May 24 09:48:58 mail postfix/smtpd[3179]: dict_eval: const  /etc/postfix/sasl:/usr/lib/sasl2
May 24 09:48:58 mail postfix/smtpd[3179]: dict_lookup: smtpd_sasl_local_domain = mail.satolabeling.com
May 24 09:48:58 mail postfix/smtpd[3179]: dict_lookup: smtpd_sasl_exceptions_networks = (notfound)
May 24 09:48:58 mail postfix/smtpd[3179]: dict_update: smtpd_sasl_exceptions_networks =
May 24 09:48:58 mail postfix/smtpd[3179]: dict_lookup: smtpd_sasl_tls_security_options = (notfound)
May 24 09:48:58 mail postfix/smtpd[3179]: mac_parse: $smtpd_sasl_security_options
May 24 09:48:58 mail postfix/smtpd[3179]: dict_lookup: smtpd_sasl_security_options = noanonymous
May 24 09:48:58 mail postfix/smtpd[3179]: dict_eval: expand $smtpd_sasl_security_options -> noanonymous
May 24 09:48:58 mail postfix/smtpd[3179]: dict_update: smtpd_sasl_tls_security_options = noanonymous
May 24 09:48:58 mail postfix/smtpd[3179]: dict_lookup: smtpd_sasl_auth_enable = yes
May 24 09:48:58 mail postfix/smtpd[3179]: dict_lookup: smtpd_sasl_authenticated_header = (notfound)
May 24 09:48:58 mail postfix/smtpd[3179]: dict_update: smtpd_sasl_authenticated_header = no
May 24 09:48:58 mail postfix/smtpd[3179]: dict_lookup: broken_sasl_auth_clients = yes
May 24 09:48:58 mail postfix/smtpd[3179]: smtpd_sasl_initialize: SASL config file is smtpd.conf
May 24 09:48:58 mail postfix/smtpd[3179]: SASL verifyfile conf: /etc/postfix/sasl/smtpd.conf
May 24 09:48:58 mail postfix/smtpd[3179]: SASL verifyfile plugin: /usr/lib/sasl2/libplain.so.2
May 24 09:48:58 mail postfix/smtpd[3179]: SASL verifyfile plugin: /usr/lib/sasl2/libdigestmd5.so.2
May 24 09:48:58 mail postfix/smtpd[3179]: SASL verifyfile plugin: /usr/lib/sasl2/liblogin.so.2
May 24 09:48:58 mail postfix/smtpd[3179]: SASL verifyfile plugin: /usr/lib/sasl2/libcrammd5.so.2
May 24 09:48:59 mail postfix/smtpd[3179]: generic_checks: name=permit_sasl_authenticated
May 24 09:48:59 mail postfix/smtpd[3179]: generic_checks: name=permit_sasl_authenticated status=0
May 24 09:48:59 mail postfix/smtpd[3179]: generic_checks: name=permit_sasl_authenticated
May 24 09:48:59 mail postfix/smtpd[3179]: generic_checks: name=permit_sasl_authenticated status=0
May 24 09:49:02 mail postfix/smtpd[3228]: A877ADEE67: client=X.X.X.X, sasl_method=LOGIN, sasl_username=user@mail.example.com

0
 

Author Comment

by:CME-IT
ID: 16751476
We are using dovecot.  This launches postfix (correct)

What launches saslauthd and should it be set to -a pam (or shadow or what?)

my log doesn't show what you are showing

0
 

Author Comment

by:CME-IT
ID: 16751713
does this help?

May 24 10:27:20 mailhost postfix/smtpd[16571]: dict_lookup: smtpd_sender_restrictions = reject_non_fqdn_sender permit_sasl_authenticated reject_unknown_sender_domain reject_unauth_pipelining permit
May 24 10:27:20 mailhost postfix/smtpd[16571]: dict_eval[1] reject_non_fqdn_sender permit_sasl_authenticated reject_unknown_sender_domain reject_unauth_pipelining permit
May 24 10:27:20 mailhost postfix/smtpd[16571]: mac_parse: reject_non_fqdn_sender permit_sasl_authenticated reject_unknown_sender_domain reject_unauth_pipelining permit
May 24 10:27:20 mailhost postfix/smtpd[16571]: dict_eval_action: type literal buf reject_non_fqdn_sender permit_sasl_authenticated reject_unknown_sender_domain reject_unauth_pipelining permit context mail_dict "" recursive
May 24 10:27:20 mailhost postfix/smtpd[16571]: dict_eval[1] result reject_non_fqdn_sender permit_sasl_authenticated reject_unknown_sender_domain reject_unauth_pipelining permit
May 24 10:27:20 mailhost postfix/smtpd[16571]: dict_lookup: smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_non_fqdn_recipient, reject_non_fqdn_sender, reject_unknown_sender_domain, reject_unknown_recipient_domain, reject_unauth_pipelining, reject_unauth_destination, reject_unlisted_recipient
May 24 10:27:20 mailhost postfix/smtpd[16571]: dict_eval[1] permit_mynetworks, permit_sasl_authenticated, reject_non_fqdn_recipient, reject_non_fqdn_sender, reject_unknown_sender_domain, reject_unknown_recipient_domain, reject_unauth_pipelining, reject_unauth_destination, reject_unlisted_recipient
May 24 10:27:20 mailhost postfix/smtpd[16571]: mac_parse: permit_mynetworks, permit_sasl_authenticated, reject_non_fqdn_recipient, reject_non_fqdn_sender, reject_unknown_sender_domain, reject_unknown_recipient_domain, reject_unauth_pipelining, reject_unauth_destination, reject_unlisted_recipient
May 24 10:27:20 mailhost postfix/smtpd[16571]: dict_eval_action: type literal buf permit_mynetworks, permit_sasl_authenticated, reject_non_fqdn_recipient, reject_non_fqdn_sender, reject_unknown_sender_domain, reject_unknown_recipient_domain, reject_unauth_pipelining, reject_unauth_destination, reject_unlisted_recipient context mail_dict "reject_non_fqdn_sender permit_sasl_authenticated reject_unknown_sender_domain reject_unauth_pipelining permit" recursive
May 24 10:27:20 mailhost postfix/smtpd[16571]: dict_eval[1] result permit_mynetworks, permit_sasl_authenticated, reject_non_fqdn_recipient, reject_non_fqdn_sender, reject_unknown_sender_domain, reject_unknown_recipient_domain, reject_unauth_pipelining, reject_unauth_destination, reject_unlisted_recipient
May 24 10:27:20 mailhost postfix/smtpd[16571]: dict_eval[1] result permit_mynetworks, permit_sasl_authenticated, reject_non_fqdn_recipient, reject_non_fqdn_sender, reject_unknown_sender_domain, reject_unknown_recipient_domain, reject_unauth_pipelining, reject_unauth_destination, reject_unlisted_recipient
May 24 10:27:20 mailhost postfix/smtpd[16571]: dict_lookup: smtpd_sasl_security_options = noanonymous
May 24 10:27:20 mailhost postfix/smtpd[16571]: dict_lookup: smtpd_sasl_application_name = (notfound)
May 24 10:27:20 mailhost postfix/smtpd[16571]: dict_update: smtpd_sasl_application_name = smtpd
May 24 10:27:20 mailhost postfix/smtpd[16571]: dict_lookup: smtpd_sasl_local_domain = $myhostname
May 24 10:27:20 mailhost postfix/smtpd[16571]: dict_lookup: smtpd_sasl_exceptions_networks = (notfound)
May 24 10:27:20 mailhost postfix/smtpd[16571]: dict_update: smtpd_sasl_exceptions_networks =
May 24 10:27:20 mailhost postfix/smtpd[16571]: dict_lookup: smtpd_sasl_tls_security_options = (notfound)
May 24 10:27:20 mailhost postfix/smtpd[16571]: dict_eval[1] $smtpd_sasl_security_options
May 24 10:27:20 mailhost postfix/smtpd[16571]: mac_parse: $smtpd_sasl_security_options
May 24 10:27:20 mailhost postfix/smtpd[16571]: dict_eval_action: type variable buf smtpd_sasl_security_options context mail_dict "" recursive
May 24 10:27:20 mailhost postfix/smtpd[16571]: dict_lookup: smtpd_sasl_security_options = noanonymous
May 24 10:27:20 mailhost postfix/smtpd[16571]: dict_update: smtpd_sasl_tls_security_options = noanonymous
May 24 10:27:20 mailhost postfix/smtpd[16571]: dict_lookup: smtpd_sasl_auth_enable = yes
May 24 10:27:20 mailhost postfix/smtpd[16571]: dict_lookup: broken_sasl_auth_clients = yes
May 24 10:27:20 mailhost postfix/smtpd[16571]: smtpd_sasl_initialize: SASL config file is smtpd.conf
May 24 10:27:20 mailhost postfix/smtpd[16571]: generic_checks: name=permit_sasl_authenticated
May 24 10:27:20 mailhost postfix/smtpd[16571]: generic_checks: name=permit_sasl_authenticated status=0
May 24 10:27:20 mailhost postfix/smtpd[16571]: generic_checks: name=permit_sasl_authenticated
May 24 10:27:20 mailhost postfix/smtpd[16571]: generic_checks: name=permit_sasl_authenticated status=0
May 24 10:27:20 mailhost postfix/smtpd[16573]: dict_lookup: smtpd_sender_restrictions = reject_non_fqdn_sender permit_sasl_authenticated reject_unknown_sender_domain reject_unauth_pipelining permit
May 24 10:27:20 mailhost postfix/smtpd[16573]: dict_eval[1] reject_non_fqdn_sender permit_sasl_authenticated reject_unknown_sender_domain reject_unauth_pipelining permit
May 24 10:27:20 mailhost postfix/smtpd[16573]: mac_parse: reject_non_fqdn_sender permit_sasl_authenticated reject_unknown_sender_domain reject_unauth_pipelining permit
May 24 10:27:20 mailhost postfix/smtpd[16573]: dict_eval_action: type literal buf reject_non_fqdn_sender permit_sasl_authenticated reject_unknown_sender_domain reject_unauth_pipelining permit context mail_dict "" recursive
May 24 10:27:20 mailhost postfix/smtpd[16573]: dict_eval[1] result reject_non_fqdn_sender permit_sasl_authenticated reject_unknown_sender_domain reject_unauth_pipelining permit
May 24 10:27:20 mailhost postfix/smtpd[16573]: dict_lookup: smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_non_fqdn_recipient, reject_non_fqdn_sender, reject_unknown_sender_domain, reject_unknown_recipient_domain, reject_unauth_pipelining, reject_unauth_destination, reject_unlisted_recipient
May 24 10:27:20 mailhost postfix/smtpd[16573]: dict_eval[1] permit_mynetworks, permit_sasl_authenticated, reject_non_fqdn_recipient, reject_non_fqdn_sender, reject_unknown_sender_domain, reject_unknown_recipient_domain, reject_unauth_pipelining, reject_unauth_destination, reject_unlisted_recipient
May 24 10:27:20 mailhost postfix/smtpd[16573]: mac_parse: permit_mynetworks, permit_sasl_authenticated, reject_non_fqdn_recipient, reject_non_fqdn_sender, reject_unknown_sender_domain, reject_unknown_recipient_domain, reject_unauth_pipelining, reject_unauth_destination, reject_unlisted_recipient
May 24 10:27:20 mailhost postfix/smtpd[16573]: dict_eval_action: type literal buf permit_mynetworks, permit_sasl_authenticated, reject_non_fqdn_recipient, reject_non_fqdn_sender, reject_unknown_sender_domain, reject_unknown_recipient_domain, reject_unauth_pipelining, reject_unauth_destination, reject_unlisted_recipient context mail_dict "reject_non_fqdn_sender permit_sasl_authenticated reject_unknown_sender_domain reject_unauth_pipelining permit" recursive
May 24 10:27:20 mailhost postfix/smtpd[16573]: dict_eval[1] result permit_mynetworks, permit_sasl_authenticated, reject_non_fqdn_recipient, reject_non_fqdn_sender, reject_unknown_sender_domain, reject_unknown_recipient_domain, reject_unauth_pipelining, reject_unauth_destination, reject_unlisted_recipient
May 24 10:27:20 mailhost postfix/smtpd[16573]: dict_eval[1] result permit_mynetworks, permit_sasl_authenticated, reject_non_fqdn_recipient, reject_non_fqdn_sender, reject_unknown_sender_domain, reject_unknown_recipient_domain, reject_unauth_pipelining, reject_unauth_destination, reject_unlisted_recipient
May 24 10:27:20 mailhost postfix/smtpd[16573]: dict_lookup: smtpd_sasl_security_options = noanonymous
May 24 10:27:20 mailhost postfix/smtpd[16573]: dict_lookup: smtpd_sasl_application_name = (notfound)
May 24 10:27:20 mailhost postfix/smtpd[16573]: dict_update: smtpd_sasl_application_name = smtpd
May 24 10:27:20 mailhost postfix/smtpd[16573]: dict_lookup: smtpd_sasl_local_domain = $myhostname
May 24 10:27:20 mailhost postfix/smtpd[16573]: dict_lookup: smtpd_sasl_exceptions_networks = (notfound)
May 24 10:27:20 mailhost postfix/smtpd[16573]: dict_update: smtpd_sasl_exceptions_networks =
May 24 10:27:20 mailhost postfix/smtpd[16573]: dict_lookup: smtpd_sasl_tls_security_options = (notfound)
May 24 10:27:20 mailhost postfix/smtpd[16573]: dict_eval[1] $smtpd_sasl_security_options
May 24 10:27:20 mailhost postfix/smtpd[16573]: mac_parse: $smtpd_sasl_security_options
May 24 10:27:20 mailhost postfix/smtpd[16573]: dict_eval_action: type variable buf smtpd_sasl_security_options context mail_dict "" recursive
0
 

Author Comment

by:CME-IT
ID: 16762703
I will be closing this question out.  The decision has been made to work at installing "Pop-before-smtp".  

I appreciate all the help and the knowledge that I got from you guys and as a result I will be splitting up the points.  

Thank-you all.

I'll probably be posting a new question about "Pop-before-smtp" next week.
0

Featured Post

Restore individual SQL databases with ease

Veeam Explorer for Microsoft SQL Server delivers an easy-to-use, wizard-driven interface for restoring your databases from a backup. No expert SQL background required. Web interface provides a complete view of all available SQL databases to simplify the recovery of lost database

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

If you have a server on collocation with the super-fast CPU, that doesn't mean that you get it running at full power. Here is a preamble. When doing inventory of Linux servers, that I'm administering, I've found that some of them are running on l…
I have written articles previously comparing SARDU and YUMI.  I also included a couple of lines about Easy2boot (easy2boot.com).  I have now been using, and enjoying easy2boot as my sole multiboot utility for some years and realize that it deserves …
Learn several ways to interact with files and get file information from the bash shell. ls lists the contents of a directory: Using the -a flag displays hidden files: Using the -l flag formats the output in a long list: The file command gives us mor…
Learn how to get help with Linux/Unix bash shell commands. Use help to read help documents for built in bash shell commands.: Use man to interface with the online reference manuals for shell commands.: Use man to search man pages for unknown command…
Suggested Courses
Course of the Month21 days, 6 hours left to enroll

810 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question