Re: Postfix SMTP AUTH with TLS Problems
I've spent night night postfix and sasl. I know now how to get it
working, but it's a mess. I assume you un-chrooted postfix in
/etc/postfix/master.cf. There you can say replace "smtp" in the last
column with "smtp -vvv", then you will get incrdibly detailed log.
You don't tell us what you want to authenticate: Do you want a sasl-DB?
Do you want passwd/shadow? LDAP??? pam?
I my case it was always passwd/shadow. If this is the case, these may
# cat /etc/postfix/sasl/smtpd.conf
mech_list: PLAIN LOGIN DIGEST-MD5
# cat /etc/default/saslauthd
Clear?? Of course you have to have those sasl-libs installed, check if
/usr/lib/sasl2/* exists (postfix2 runs with sasl2) und check that you
To check, which sasl options postfix offers in main.cf, type "postconf
I think these are the most important ones:
smtpd_sasl_auth_enable = yes
smtpd_sasl_security_options = noanonymous
smtpd_recipient_restrictions = permit_mynetworks
Since Postfix 2.? you can leave "smtpd_sasl_local_domain =" empty. This
is imporant then postfix asks saslauthd to authenticate user blabla,
because postfix would append the sasl local domain lile
email@example.com. saslauthd will most likely not know the
latter one: You passwd/shadow only knows "blabla", but you could create
a sasl-DB with the user "firstname.lastname@example.org". I took me some time
to get behind this. I hope I remeber it correctly :-)
BTW: TLS is not your Problem yet! After SASL works, you may switch you
customers "Outlook" to "Use Authentication but no encrpytion" (Check
screenshots here: http://www.net-lab.net/e-trolley/page_198/index.html -
only in German but should be clear by position of the buttoons ;))
Then you should take care about TLS and Creating your certs ....
(Write a Mini-Howto on that?)
Adam Dawes wrote:
I know this has come up a few times before, but I'm pulling my hair out
trying to get my Postfix-tls installation working to do SMTP auth. I have
followed the very helpful howto below to the letter.
When I restart my postfix and telnet to localhost 25, my postfix chokes.
Here's what I see in my mail.log:
May 29 14:12:16 sawdois postfix/smtpd: starting TLS engine
May 29 14:12:16 sawdois postfix/smtpd: fatal: no SASL authentication
May 29 14:12:17 sawdois postfix/master: warning: process
/usr/lib/postfix/smtpd pid 9906 exit status 1
May 29 14:12:17 sawdois postfix/master: warning:
/usr/lib/postfix/smtpd: bad command startup -- throttling
Here's background on my installation:
Debian Woody unstable
The above HOWTO is supposed to work with Postfix still running chroot.
I've tried to unchroot Postfix to see if that would work but to no
One thought is that the Postfix packages don't seem to support PAM.
But if this is I haven't found anyone on the net with a similar problem
and I would assume it would have come up already if this were the key
Here are the links that I have:
sawdois:/# ldd /usr/lib/postfix/smtpd
libpostfix-master.so.1 => /usr/lib/libpostfix-master.so.1
libpostfix-global.so.1 => /usr/lib/libpostfix-global.so.1
libpostfix-dns.so.1 => /usr/lib/libpostfix-dns.so.1 (0x40045000)
libpostfix-util.so.1 => /usr/lib/libpostfix-util.so.1 (0x4004a000)
libssl.so.0.9.7 => /usr/lib/i686/cmov/libssl.so.0.9.7 (0x40068000)
libcrypto.so.0.9.7 => /usr/lib/i686/cmov/libcrypto.so.0.9.7
libsasl2.so.2 => /usr/lib/libsasl2.so.2 (0x40196000)
libdb-4.1.so => /usr/lib/libdb-4.1.so (0x401aa000)
libnsl.so.1 => /lib/libnsl.so.1 (0x4026b000)
libresolv.so.2 => /lib/libresolv.so.2 (0x40281000)
libgdbm_compat.so.3 => /usr/lib/libgdbm_compat.so.3 (0x40293000)
libc.so.6 => /lib/libc.so.6 (0x40296000)
libdl.so.2 => /lib/libdl.so.2 (0x403c9000)
libgdbm.so.3 => /usr/lib/libgdbm.so.3 (0x403cc000)
/lib/ld-linux.so.2 => /lib/ld-linux.so.2 (0x40000000)
Any ideas about where I should go from here?
Tel: +49 69 85700331