Postfix SMTP Authentication Problem

Posted on 2011-05-05
Medium Priority
Last Modified: 2012-05-11
I've "inherited" the management of a Gentoo Postfix email server and I'm having the following problem...

All new users who are added are not able to send mail when they are connected outside of the office.  Internally, they can send, but externally (or using their Iphones, etc.) they cannot.

If I use a previous users credentials (username/password) for the SMTP server, everything works fine, but I'm unable to use the new Usernames/Passwords for sending.

I'm new to the Linux world so ANY help would be greatly appreciated.

Here is my mail.cf file:
smtpd_banner = $myhostname ESMTP $mail_name
biff = no
append_dot_mydomain = no
myhostname = mail.example.com
alias_maps = hash:/etc/mail/aliases
alias_database = hash:/etc/mail/aliases
myorigin = mail.example.com
mydestination = mail, mail.example.com, example.com, localhost
relayhost =
mynetworks =,
mailbox_size_limit = 0
recipient_delimiter = +
inet_interfaces = all
message_size_limit = 307200000
mailbox_command = /usr/bin/maildrop
home_mailbox = Maildir/
minimal_backoff_time = 500s
queue_run_delay = 500s
smtpd_delay_reject = yes
smtpd_helo_required = yes
smtpd_helo_restrictions = permit_sasl_authenticated, permit_mynetworks, check_helo_access hash:/etc/postfix/helo_access, permit
smtpd_recipient_restrictions = permit_sasl_authenticated, permit_mynetworks, reject_non_fqdn_recipient,  reject_unauth_destination, check_policy_service inet:
smtpd_sasl_auth_enable = yes
smtpd_sasl_security_options = noanonymous
smtpd_sasl_local_domain = $myhostname
broken_sasl_auth_clients = yes

Open in new window

Question by:gcosgrove
LVL 19

Accepted Solution

bevhost earned 2000 total points
ID: 35704270
I depends on how your sasl smtp auth is configured, but the most likely scenario is that smtp auth credentials are being stored in a sasl database and have top added separately.

SASLPASSWD2(8)                                                  SASLPASSWD2(8)

       saslpasswd2 - set a user’s sasl password

       saslpasswd2 [-p] [-d] [-c] [-n] [-f file] [-u domain] [-a appname] [-v] userid

       saslpasswd2 is used by a server administrator to set a user’s sasl password for server programs and SASL mechanisms which use the standard libsasl database of user secrets.

       -p     Pipe mode - saslpasswd2 will neither prompt for the password nor verify that it was entered correctly.  This is the default when standard input is not a terminal.

       -c     Creates an entry for the user if the user doesn’t already exist.  This is mutually exclusive with the -d (delete user) flag.

       -d     Deletes the entry for the user.  This is mutually exclusive with the -c (create user) flag.

       -n     Don’t set the plaintext userPassword property for the user.  Only mechanism-specific secrets will be set (e.g. OTP, SRP)

       -u domain
              use domain for user domain (realm).

       -f file
              use file for sasldb

       -a appname
              use appname as application name.

       -v     Print libsasl2 version number and exit.


       rfc2222 - Simple Authentication and Security Layer (SASL)

CMU SASL                          Mar 7, 2005                   SASLPASSWD2(8)

Open in new window


Author Closing Comment

ID: 35706367
Thanks!  That's what I needed.

Featured Post

Free recovery tool for Microsoft Active Directory

Veeam Explorer for Microsoft Active Directory provides fast and reliable object-level recovery for Active Directory from a single-pass, agentless backup or storage snapshot — without the need to restore an entire virtual machine or use third-party tools.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article outlines some of the reasons why an email message gets flagged as spam on a recipient's end.
Steps to fix “Unable to mount database. (hr=0x80004005, ec=1108)”.
Familiarize people with the process of retrieving data from SQL Server using an Access pass-thru query. Microsoft Access is a very powerful client/server development tool. One of the ways that you can retrieve data from a SQL Server is by using a pa…
This video shows how to quickly and easily deploy an email signature for all users in Office 365 and prevent it from being added to replies and forwards. (the resulting signature is applied on the server level in Exchange Online) The email signat…
Suggested Courses
Course of the Month16 days, 6 hours left to enroll

850 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question