Re: sasl authentication failed
On Tue, 10 Jan 2012 13:12:25 -0500, Tony Baldwin wrote:
> On Tue, Jan 10, 2012 at 01:05:16PM -0500, Tony Baldwin wrote:
>> On Tue, Jan 10, 2012 at 04:58:06PM +0000, Camaleón wrote:
(...)
>> > Mmmm, my guess is that your are having problems (or at least "one" of
>> > the problems, the other can be indeed with saslauth :-) ) with the
>> > SSL certificate you have generated, described in this step of your
>> > guide¹.
>> >
>> > To verify this point, test if your smtp is working fine (port 25, no
>> > SSL) and post here the results.
>>
>> Okay, at this point, I am getting different errors. I think I resolved
>> the sasl issue by correcting an error I had made in /etc/pam.d/smtpd
>>
>> But, now, if I telnet to localhost 25, either the connection drops
>> immediately, or anything I try to do (like elho localhost) hangs for a
>> long time, and then, again, just dumps the connection without result.
>>
>> Oddly, before correcting the error in /etc/pam.d/smtpd I would get
>> expected results with
>> telnet localhost 25
>> ehlo localhost
>>
>> (such as indication
>> 250 - STARTTLS
>> etc.
>> )
>>
>> but now, no joy...weird.
What kind of change/correction did you do at the "/etc/pam.d/smtpd" file?
>> > Also, review your Postfix logs (omit sensitive data if you post them
>> > here), they're usually the best source for solving problems :-)
>> >
>> > ¹http://library.linode.com/email/postfix/dovecot-mysql-debian-6-squeeze#sph_create-an-ssl-certificate-for-postfix
>>
>> I was using precisely these instructions, and believe my cert is
>> correct (I've redone it about 20 times now, too). I've gone over this
>> whole tutorial like 20 times now.
When generating the SSL cert you only have to care about the domain name,
it has to match your current Postfix domain name to avoid "mismatching"
warnings on the client side.
As stated in the guide:
***
Be sure to enter the fully qualified domain name you used for the system
mailname in place of "server.example.com".
***
>> One thing:
>> Initially my fqdn was set at server.linode.com, because I had somehow
>> set it before my domain was resolving, or whatever. but I've changed it
>> (echo server.tonybaldwin.org > /etc/hostname, hostname -F
>> /etc/hostname), but when I've done dpkg --reconfigure postfix, it still
>> wants to do server.linode.com
>> and I fix that by hand in main.cf, and anywhere else I find it then
>> restart postfix.
>> This is the only thing odd I can identify.
"dpkg --reconfigure postfix" will use your current "hostname" as the
default "myhostname" paramenter. Run "postconf -d | grep myhostname" to
get the current value.
>> I pasted some of the errors from /var/log/mail.* here
>> http://tonybaldwin.me/paste/index.php?6
Hey, you have to correct that, it's a fatal error (Postfix quits).
***
(none) postfix/smtpd[22358]: fatal: parameter "smtpd_recipient_restrictions": specify at least one working instance of: check_relay_domains, reject_unauth_destination, reject, defer or defer_if_permit
***
Edit your "smtpd_recipient_restrictions" accordingly. Let's see:
smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination
It seems right... check for trailing whitespaces and also for any collision
with "/etc/postfif/master.cf" (variables have to be defined only at one place).
>> I could paste any of the relevant other files (etc/postfix/main.cf or
>> whatever) if it would help.
>
> I went ahead and pasted my main.cf
> http://tonybaldwin.me/paste/index.php?5
Well, in my Postfix I have commented:
#myorigin = /etc/mailname
Because I prefer to use:
myhostname = server.example.com
To do not mix the linux system hostname with Postfix e-mail service.
But I'd say the hostname is at this point irrelevant, the big error is
that Postfix service is exiting because of the above warning.
Greetings,
--
Camaleón
Reply to: