Authentication problem with Thunderbird
in [Postfix]
|
From: mohamad rahimi on 25 Apr 2010 12:35 Hi all In our group we are using suse and Postfix SMTP server 2.3.2. Every thing was fine until when we restarted our mail server and also firewall. The first problem is that when we use Thunderbird with security and Authentication it is impossible to send a email. we receive this error âUnable to authentication to SMTP server mx.mydomain.. The server does not support any compatible secure authentication mechanism but you have chosen secure authentication. Try switching off secure authenticationâ. however , it is possible to send email without Authentication in local network. The second problem is that we can not send email via Thunderbird from outside of our local network. if I send a email to X(a)Y.com I will receive this error âMail server responded 5.7.1 < X(a)Y.com> relay access denied. Please check the message recipient X(a)Y.com and try againâ. we also have web mail (Squirrelmail) and it works without any problems everywhere. I am completely beginner in postfix so I don't know which information is useful, if you need more information tell me. You can find postfix out here. Thanks in advance. alias_maps = hash:/etc/aliases hash:/var/lib/mailman/data/aliases biff = no broken_sasl_auth_clients = yes canonical_maps = hash:/etc/postfix/canonical regexp:/etc/postfix/canonical-regexp command_directory = /usr/sbin config_directory = /etc/postfix daemon_directory = /usr/lib/postfix debug_peer_level = 2 defer_transports = delay_warning_time = 4 disable_dns_lookups = no html_directory = /usr/share/doc/packages/postfix/html inet_protocols = all mail_spool_directory = /var/mail mailbox_command = mailbox_size_limit = 0 mailbox_transport = mailq_path = /usr/bin/mailq manpage_directory = /usr/share/man masquerade_classes = envelope_sender, header_sender, header_recipient masquerade_domains = masquerade_exceptions = root message_size_limit = 20480000 mydestination = $myhostname localhost.$mydomain localhost $mydomain mydomain = theo.chemie.site myhostname = mx.theo.chemie.tu-darmstadt.de mynetworks = 127.0..0.0/8 130.83.159.160/28 [::1]/128 [fe80::]/64 10.0.0.0/16 myorigin = $mydomain newaliases_path = /usr/bin/newaliases proxy_read_maps = $local_recipient_maps $mydestination $virtual_alias_maps $virtual_alias_domains $virtual_mailbox_maps $virtual_mailbox_domains $relay_recipient_maps $relay_domains $canonical_maps $sender_canonical_maps $recipient_canonical_maps $relocated_maps $transport_maps $mynetworks $virtual_mailbox_limit_maps readme_directory = /usr/share/doc/packages/postfix/README_FILES recipient_delimiter = + relayhost = mailout.hrz.tu-darmstadt.de relocated_maps = hash:/etc/postfix/relocated sample_directory = /usr/share/doc/packages/postfix/samples sender_canonical_maps = hash:/etc/postfix/sender_canonical sendmail_path = /usr/sbin/sendmail setgid_group = maildrop smtp_helo_name = mx.theo.chemie.tu-darmstadt.de smtp_tls_security_level = may smtp_tls_session_cache_database = btree:/var/spool/postfix/smtp_tls_session_cache smtp_use_tls = no smtpd_client_restrictions = smtpd_helo_required = no smtpd_helo_restrictions = smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination smtpd_sasl_auth_enable = yes smtpd_sasl_authenticated_header = yes smtpd_sasl_local_domain = theo.chemie.tu-darmstadt.de smtpd_sasl_path = smtpd smtpd_sasl_security_options = noanonymous smtpd_sender_restrictions = check_sender_access hash:/etc/postfix/access, reject_unknown_sender_domain smtpd_tls_CAfile = /etc/postfix/ssl.crt/cacert.pem smtpd_tls_cert_file = /etc/postfix/ssl.crt/bromma-cert.pem smtpd_tls_key_file = /etc/postfix/ssl.crt/bromma-key.pem smtpd_tls_received_header = yes smtpd_tls_security_level = may smtpd_tls_session_cache_database = btree:/var/spool/postfix/smtpd_tls_session_cache strict_rfc821_envelopes = no tls_random_source = dev:/dev/urandom transport_maps = hash:/etc/postfix/transport unknown_local_recipient_reject_code = 550 virtual_alias_maps = proxy:mysql:/etc/postfix/mysql_virtual_alias_maps.cf hash:/var/lib/mailman/data/virtual virtual_gid_maps = static:51 virtual_mailbox_base = /var/mail/virtual virtual_mailbox_domains = proxy:mysql:/etc/postfix/mysql_virtual_domains_maps.cf virtual_mailbox_limit = 51200000 virtual_mailbox_maps = proxy:mysql:/etc/postfix/mysql_virtual_mailbox_maps.cf virtual_minimum_uid = 51 virtual_transport = virtual virtual_uid_maps = static:51
From: Victor Duchovni on 25 Apr 2010 12:46 On Sun, Apr 25, 2010 at 09:35:37AM -0700, mohamad rahimi wrote: > "Unable to authentication to SMTP server mx.mydomain. The server does not > support any compatible secure authentication mechanism but you have chosen > secure authentication. Try switching off secure authentication." "Secure Authentication" means no plaintext passwords, i.e. GSSAPI, CRAM-MD5, ... Are you sure you have support for mechanisms other than "PLAIN"? If not, don't tell Thunderbird to try and use them... -- Viktor. P.S. Morgan Stanley is looking for a New York City based, Senior Unix system/email administrator to architect and sustain our perimeter email environment. If you are interested, please drop me a note.
From: "Franck MAHE" on 25 Apr 2010 12:49 Hello, Try this : smtpd_recipient_restrictions = permit_sasl_authenticated, permit_mynetworks, reject_unauth_destination permit_sasl_authenticated must precede everything to be able to authenticate from outside. You should define something in master.cf to allow different behavior depending on your internal and external (I think you have several NIC with different IPs) Regards Franck ------------------------------------------- M: +33 6 6042 7249 E: mahe(a)civis.net De : owner-postfix-users(a)postfix.org [mailto:owner-postfix-users(a)postfix.org] De la part de mohamad rahimi Envoyé : dimanche 25 avril 2010 18:36 à : postfix Objet : Authentication problem with Thunderbird Hi all In our group we are using suse and Postfix SMTP server 2.3.2. Every thing was fine until when we restarted our mail server and also firewall. The first problem is that when we use Thunderbird with security and Authentication it is impossible to send a email. we receive this error âUnable to authentication to SMTP server mx.mydomain. The server does not support any compatible secure authentication mechanism but you have chosen secure authentication. Try switching off secure authenticationâ. however , it is possible to send email without Authentication in local network. The second problem is that we can not send email via Thunderbird from outside of our local network. if I send a email to <mailto:X(a)Y.com> X(a)Y.com I will receive this error âMail server responded 5.7.1 < X(a)Y.com> relay access denied. Please check the message recipient X(a)Y.com and try againâ. we also have web mail (Squirrelmail) and it works without any problems everywhere. I am completely beginner in postfix so I don't know which information is useful, if you need more information tell me. You can find postfix out here. Thanks in advance. alias_maps = hash:/etc/aliases hash:/var/lib/mailman/data/aliases biff = no broken_sasl_auth_clients = yes canonical_maps = hash:/etc/postfix/canonical regexp:/etc/postfix/canonical-regexp command_directory = /usr/sbin config_directory = /etc/postfix daemon_directory = /usr/lib/postfix debug_peer_level = 2 defer_transports = delay_warning_time = 4 disable_dns_lookups = no html_directory = /usr/share/doc/packages/postfix/html inet_protocols = all mail_spool_directory = /var/mail mailbox_command = mailbox_size_limit = 0 mailbox_transport = mailq_path = /usr/bin/mailq manpage_directory = /usr/share/man masquerade_classes = envelope_sender, header_sender, header_recipient masquerade_domains = masquerade_exceptions = root message_size_limit = 20480000 mydestination = $myhostname localhost.$mydomain localhost $mydomain mydomain = theo.chemie.site myhostname = mx.theo.chemie.tu-darmstadt.de mynetworks = 127.0.0.0/8 130.83.159.160/28 [::1]/128 [fe80::]/64 10.0.0.0/16 myorigin = $mydomain newaliases_path = /usr/bin/newaliases proxy_read_maps = $local_recipient_maps $mydestination $virtual_alias_maps $virtual_alias_domains $virtual_mailbox_maps $virtual_mailbox_domains $relay_recipient_maps $relay_domains $canonical_maps $sender_canonical_maps $recipient_canonical_maps $relocated_maps $transport_maps $mynetworks $virtual_mailbox_limit_maps readme_directory = /usr/share/doc/packages/postfix/README_FILES recipient_delimiter = + relayhost = mailout.hrz.tu-darmstadt.de relocated_maps = hash:/etc/postfix/relocated sample_directory = /usr/share/doc/packages/postfix/samples sender_canonical_maps = hash:/etc/postfix/sender_canonical sendmail_path = /usr/sbin/sendmail setgid_group = maildrop smtp_helo_name = mx.theo.chemie.tu-darmstadt.de smtp_tls_security_level = may smtp_tls_session_cache_database = btree:/var/spool/postfix/smtp_tls_session_cache smtp_use_tls = no smtpd_client_restrictions = smtpd_helo_required = no smtpd_helo_restrictions = smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination smtpd_sasl_auth_enable = yes smtpd_sasl_authenticated_header = yes smtpd_sasl_local_domain = theo.chemie.tu-darmstadt.de smtpd_sasl_path = smtpd smtpd_sasl_security_options = noanonymous smtpd_sender_restrictions = check_sender_access hash:/etc/postfix/access, reject_unknown_sender_domain smtpd_tls_CAfile = /etc/postfix/ssl.crt/cacert.pem smtpd_tls_cert_file = /etc/postfix/ssl.crt/bromma-cert.pem smtpd_tls_key_file = /etc/postfix/ssl.crt/bromma-key.pem smtpd_tls_received_header = yes smtpd_tls_security_level = may smtpd_tls_session_cache_database = btree:/var/spool/postfix/smtpd_tls_session_cache strict_rfc821_envelopes = no tls_random_source = dev:/dev/urandom transport_maps = hash:/etc/postfix/transport unknown_local_recipient_reject_code = 550 virtual_alias_maps = proxy:mysql:/etc/postfix/mysql_virtual_alias_maps.cf hash:/var/lib/mailman/data/virtual virtual_gid_maps = static:51 virtual_mailbox_base = /var/mail/virtual virtual_mailbox_domains = proxy:mysql:/etc/postfix/mysql_virtual_domains_maps.cf virtual_mailbox_limit = 51200000 virtual_mailbox_maps = proxy:mysql:/etc/postfix/mysql_virtual_mailbox_maps.cf virtual_minimum_uid = 51 virtual_transport = virtual virtual_uid_maps = static:51
From: mohamad rahimi on 25 Apr 2010 13:18 ________________________________ From: Victor Duchovni <Victor.Duchovni(a)morganstanley.com> To: postfix-users(a)postfix.org Sent: Sun, April 25, 2010 6:46:55 PM Subject: Re: Authentication problem with Thunderbird >On Sun, Apr 25, 2010 at 09:35:37AM -0700, mohamad rahimi wrote: >> "Unable to authentication to SMTP server mx.mydomain. The server does not > >support any compatible secure authentication mechanism but you have chosen > >secure authentication. Try switching off secure authentication." >"Secure Authentication" means no plaintext passwords, i.e. GSSAPI, >CRAM-MD5, ... Are you sure you have support for mechanisms other than >"PLAIN"? If not, don't tell Thunderbird to try and use them... -- I am sure our mail server had the mechanisms for Secure Authentication. my question is that how can I understand that now our mail server support this mechanisms and how can I run this.
From: Victor Duchovni on 25 Apr 2010 14:17
On Sun, Apr 25, 2010 at 10:18:57AM -0700, mohamad rahimi wrote: > >> "Unable to authentication to SMTP server mx.mydomain. The server does not > > >support any compatible secure authentication mechanism but you have chosen > > >secure authentication. Try switching off secure authentication." > > >"Secure Authentication" means no plaintext passwords, i.e. GSSAPI, > >CRAM-MD5, ... Are you sure you have support for mechanisms other than > >"PLAIN"? If not, don't tell Thunderbird to try and use them... > > I am sure our mail server had the mechanisms for Secure Authentication. What do you mean when you say this? Which non-plaintext SASL mechanisms does your server support, and how? > my question is that how can I understand that now our mail server > support this mechanisms and how can I run this. The above sentence does not make sense in English I am afraid. :-( -- P.S. Morgan Stanley is looking for a New York City based, Senior Unix system/email administrator to architect and sustain our perimeter email environment. If you are interested, please drop me a note. |