Postfix SMTP Authentication Problem

Posted on 2011-05-05
Last Modified: 2012-05-11
I've "inherited" the management of a Gentoo Postfix email server and I'm having the following problem...

All new users who are added are not able to send mail when they are connected outside of the office.  Internally, they can send, but externally (or using their Iphones, etc.) they cannot.

If I use a previous users credentials (username/password) for the SMTP server, everything works fine, but I'm unable to use the new Usernames/Passwords for sending.

I'm new to the Linux world so ANY help would be greatly appreciated.

Here is my file:
smtpd_banner = $myhostname ESMTP $mail_name
biff = no
append_dot_mydomain = no
myhostname =
alias_maps = hash:/etc/mail/aliases
alias_database = hash:/etc/mail/aliases
myorigin =
mydestination = mail,,, localhost
relayhost =
mynetworks =,
mailbox_size_limit = 0
recipient_delimiter = +
inet_interfaces = all
message_size_limit = 307200000
mailbox_command = /usr/bin/maildrop
home_mailbox = Maildir/
minimal_backoff_time = 500s
queue_run_delay = 500s
smtpd_delay_reject = yes
smtpd_helo_required = yes
smtpd_helo_restrictions = permit_sasl_authenticated, permit_mynetworks, check_helo_access hash:/etc/postfix/helo_access, permit
smtpd_recipient_restrictions = permit_sasl_authenticated, permit_mynetworks, reject_non_fqdn_recipient,  reject_unauth_destination, check_policy_service inet:
smtpd_sasl_auth_enable = yes
smtpd_sasl_security_options = noanonymous
smtpd_sasl_local_domain = $myhostname
broken_sasl_auth_clients = yes

Open in new window

Question by:gcosgrove
    LVL 19

    Accepted Solution

    I depends on how your sasl smtp auth is configured, but the most likely scenario is that smtp auth credentials are being stored in a sasl database and have top added separately.

    SASLPASSWD2(8)                                                  SASLPASSWD2(8)
           saslpasswd2 - set a user’s sasl password
           saslpasswd2 [-p] [-d] [-c] [-n] [-f file] [-u domain] [-a appname] [-v] userid
           saslpasswd2 is used by a server administrator to set a user’s sasl password for server programs and SASL mechanisms which use the standard libsasl database of user secrets.
           -p     Pipe mode - saslpasswd2 will neither prompt for the password nor verify that it was entered correctly.  This is the default when standard input is not a terminal.
           -c     Creates an entry for the user if the user doesn’t already exist.  This is mutually exclusive with the -d (delete user) flag.
           -d     Deletes the entry for the user.  This is mutually exclusive with the -c (create user) flag.
           -n     Don’t set the plaintext userPassword property for the user.  Only mechanism-specific secrets will be set (e.g. OTP, SRP)
           -u domain
                  use domain for user domain (realm).
           -f file
                  use file for sasldb
           -a appname
                  use appname as application name.
           -v     Print libsasl2 version number and exit.
           rfc2222 - Simple Authentication and Security Layer (SASL)
    CMU SASL                          Mar 7, 2005                   SASLPASSWD2(8)

    Open in new window


    Author Closing Comment

    Thanks!  That's what I needed.

    Featured Post

    Threat Intelligence Starter Resources

    Integrating threat intelligence can be challenging, and not all companies are ready. These resources can help you build awareness and prepare for defense.

    Join & Write a Comment

    Email signatures have numerous marketing benefits. Here are 8 top reasons to turn your email signature into a marketing channel.
    Resolve Outlook connectivity issues after moving mailbox to new Exchange 2016 server
    In this video we show how to create a Shared Mailbox in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Recipients >> Sha…
    In this video we show how to create a Resource Mailbox in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: Navigate to the Recipients >> Resources tab.: "Recipients" is our default selection …

    754 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    23 Experts available now in Live!

    Get 1:1 Help Now