Re: Re: Authentication unsuccessful relaying from Postfix to Microsoft ESMTP MAIL Service

[Clive Standbridge <debian-user@tgstandbridges.plus.com>]

(I'm sending this from a different account after several previous
attempts to reply vanished).

> > The TLS part seems to be sorted now (see my reply to Sven). But
> the
> > authentication still fails.
>
> Then, put the "full" Postfix log again so we can check where (and
> why)
> it stops now :-)

Ahem, good point.

The attachments contain the lines written to /var/log/auth.log and
/var/log/mail.log when the attempt to mail via NEWSERVER:587 failed,
also my /etc/postfix/main.cf (without comments).


-- 
Cheers,
Clive

/var/log/auth.log:
May 10 12:59:35 rimmer postfix/smtp[13763]: NTLM client step 1
May 10 12:59:35 rimmer postfix/smtp[13763]: NTLM client step 2
May 10 12:59:35 rimmer postfix/smtp[13763]: server flags: ff810205
May 10 12:59:35 rimmer postfix/smtp[13763]: server domain: NEWSERVER-NTDOMAIN
May 10 12:59:35 rimmer postfix/smtp[13763]: calculating NT response

/var/log/mail.log:
May 10 12:59:35 rimmer postfix/pickup[13718]: 3BB483982: uid=1000 from=<MY-EMAIL-ADDRESS>
May 10 12:59:35 rimmer postfix/cleanup[13761]: 3BB483982: resent-message-id=<20100510115935.GF3779@MY-MAILNAME>
May 10 12:59:35 rimmer postfix/cleanup[13761]: 3BB483982: message-id=<20100509200545.GA3626@MY-MAILNAME>
May 10 12:59:35 rimmer postfix/qmgr[13719]: 3BB483982: from=<MY-EMAIL-ADDRESS>, size=855, nrcpt=1 (queue active)
May 10 12:59:35 rimmer postfix/smtp[13763]: initializing the client-side TLS engine
May 10 12:59:35 rimmer postfix/tlsmgr[13764]: open smtp TLS cache btree:/var/lib/postfix/smtp_scache
May 10 12:59:35 rimmer postfix/tlsmgr[13764]: tlsmgr_cache_run_event: start TLS smtp session cache cleanup
May 10 12:59:35 rimmer postfix/smtp[13763]: setting up TLS connection to NEWSERVER[NEWSERVER-IPADDR]:587
May 10 12:59:35 rimmer postfix/smtp[13763]: NEWSERVER[NEWSERVER-IPADDR]:587: TLS cipher list "ALL:+RC4:@STRENGTH"
May 10 12:59:35 rimmer postfix/smtp[13763]: looking for session smtp:NEWSERVER-IPADDR:587:NEWSERVER-OTHERNAME&p=0&c=ALL:+RC4:@STRENGTH in smtp cache
May 10 12:59:35 rimmer postfix/tlsmgr[13764]: lookup smtp session id=smtp:NEWSERVER-IPADDR:587:NEWSERVER-OTHERNAME&p=0&c=ALL:+RC4:@STRENGTH
May 10 12:59:35 rimmer postfix/smtp[13763]: SSL_connect:before/connect initialization
May 10 12:59:35 rimmer postfix/smtp[13763]: SSL_connect:SSLv2/v3 write client hello A
May 10 12:59:35 rimmer postfix/smtp[13763]: SSL_connect:SSLv3 read server hello A
May 10 12:59:35 rimmer postfix/smtp[13763]: NEWSERVER[NEWSERVER-IPADDR]:587: certificate verification depth=3 verify=1 subject=/L=ValiCert Validation Network/O=ValiCert, Inc./OU=ValiCert Class 2 Policy Validation Authority/CN=http://www.valicert.com//emailAddress=info@valicert.com
May 10 12:59:35 rimmer postfix/smtp[13763]: NEWSERVER[NEWSERVER-IPADDR]:587: certificate verification depth=2 verify=1 subject=/C=US/O=The Go Daddy Group, Inc./OU=Go Daddy Class 2 Certification Authority
May 10 12:59:35 rimmer postfix/smtp[13763]: NEWSERVER[NEWSERVER-IPADDR]:587: certificate verification depth=1 verify=1 subject=/C=US/ST=Arizona/L=Scottsdale/O=GoDaddy.com, Inc./OU=http://certificates.godaddy.com/repository/CN=Go Daddy Secure Certification Authority/serialNumber=07969287
May 10 12:59:35 rimmer postfix/smtp[13763]: NEWSERVER[NEWSERVER-IPADDR]:587: certificate verification depth=0 verify=1 subject=/O=*.NEWSERVER-DOMAIN/OU=Domain Control Validated/CN=*.NEWSERVER-DOMAIN
May 10 12:59:35 rimmer postfix/smtp[13763]: SSL_connect:SSLv3 read server certificate A
May 10 12:59:35 rimmer postfix/smtp[13763]: SSL_connect:SSLv3 read server done A
May 10 12:59:35 rimmer postfix/smtp[13763]: SSL_connect:SSLv3 write client key exchange A
May 10 12:59:35 rimmer postfix/smtp[13763]: SSL_connect:SSLv3 write change cipher spec A
May 10 12:59:35 rimmer postfix/smtp[13763]: SSL_connect:SSLv3 write finished A
May 10 12:59:35 rimmer postfix/smtp[13763]: SSL_connect:SSLv3 flush data
May 10 12:59:35 rimmer postfix/smtp[13763]: SSL_connect:SSLv3 read finished A
May 10 12:59:35 rimmer postfix/smtp[13763]: save session smtp:NEWSERVER-IPADDR:587:NEWSERVER-OTHERNAME&p=0&c=ALL:+RC4:@STRENGTH to smtp cache
May 10 12:59:35 rimmer postfix/tlsmgr[13764]: put smtp session id=smtp:NEWSERVER-IPADDR:587:NEWSERVER-OTHERNAME&p=0&c=ALL:+RC4:@STRENGTH [data 1378 bytes]
May 10 12:59:35 rimmer postfix/tlsmgr[13764]: write smtp TLS cache entry smtp:NEWSERVER-IPADDR:587:NEWSERVER-OTHERNAME&p=0&c=ALL:+RC4:@STRENGTH: time=1273492775 [data 1378 bytes]
May 10 12:59:35 rimmer postfix/smtp[13763]: Trusted TLS connection established to NEWSERVER[NEWSERVER-IPADDR]:587: TLSv1 with cipher RC4-MD5 (128/128 bits)
May 10 12:59:40 rimmer postfix/smtp[13763]: 3BB483982: to=<MY-EMAIL-ADDRESS>, relay=NEWSERVER[NEWSERVER-IPADDR]:587, delay=5.5, delays=0.02/0.03/5.4/0, dsn=4.7.3, status=deferred (SASL authentication failed; server NEWSERVER[NEWSERVER-IPADDR] said: 535 5.7.3 Authentication unsuccessful)

/etc/postfix/main.cf:
smtpd_banner = $myhostname ESMTP $mail_name (Debian/GNU)
biff = no
append_dot_mydomain = no
readme_directory = /usr/share/doc/postfix
smtpd_tls_cert_file=/etc/ssl/certs/ssl-cert-snakeoil.pem
smtpd_tls_key_file=/etc/ssl/private/ssl-cert-snakeoil.key
smtpd_use_tls=yes
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
myhostname = rimmer.localdomain
alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases
myorigin = /etc/mailname
mydestination = MY-MAILNAME, rimmer.localdomain, localhost.localdomain, localhost
relayhost = NEWSERVER:587
mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128
mailbox_command = procmail -a "$EXTENSION"
mailbox_size_limit = 0
recipient_delimiter = +
inet_interfaces = all
html_directory = /usr/share/doc/postfix/html
inet_protocols = ipv4
smtp_sasl_auth_enable = yes
smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd
smtp_sasl_security_options = 
smtp_tls_security_level = may
smtp_tls_CApath = /etc/ssl/certs
smtp_tls_note_starttls_offer = yes
smtp_tls_loglevel = 2