fatal: no SASL authentication mechanisms
in [Postfix]
|
Prev: Unknown Users
Next: Race condition in postmap?
From: Jeff Lacki on 11 Feb 2010 18:13 Im trying to setup SASL+TLS+dovecot. Overall Ive gotten things somewhat working, but have a couple questions since Im new to this aspect of postfix. I get 'fatal: no SASL authentication mechanisms' in maillog I ran saslfinger and it showed no mechanisms, my /usr/lib/sasl2/smtpd.conf contains: pwcheck_method: saslauthd mech_list: plain login saslauthd is installed and running I dont think it matters, but I have what many others said they were missing: cyrus-sasl-plain installed. Am I supposed to add other 'mechanisms' and if so, how do I do so? Which packages do I add etc? Thanks! my postconf -n: ddress_verify_map = hash:/etc/postfix/address_verify_map alias_maps = hash:/etc/postfix/aliases allow_percent_hack = yes append_at_myorigin = yes append_dot_mydomain = yes broken_sasl_auth_clients = yes canonical_maps = hash:/etc/postfix/canonical command_directory = /usr/sbin config_directory = /etc/postfix daemon_directory = /usr/libexec/postfix data_directory = /var/lib/postfix debug_peer_level = 2 default_transport = smtp disable_vrfy_command = yes empty_address_recipient = MAILER-DAEMON header_checks = regexp:/etc/postfix/header_checks html_directory = no ignore_mx_lookup_error = no in_flow_delay = 1s inet_interfaces = all mail_owner = postfix mail_spool_directory = /var/spool/mail mailq_path = /usr/bin/mailq.postfix manpage_directory = /usr/share/man message_size_limit = 15000000 mydestination = $myhostname, localhost.$mydomain $mydomain myhostname = mydomain.com mynetworks = 127.0.0.0/8 mynetworks_style = subnet myorigin = $myhostname newaliases_path = /usr/bin/newaliases.postfix notify_classes = resource,software parent_domain_matches_subdomains = queue_directory = /var/spool/postfix readme_directory = /usr/share/doc/postfix-2.4.5/README_FILES relay_domains = $mynetworks sample_directory = /usr/share/doc/postfix-2.4.5/samples sendmail_path = /usr/sbin/sendmail.postfix setgid_group = postdrop smtp_always_send_ehlo = no smtp_connect_timeout = 30s smtp_data_done_timeout = 600s smtp_data_init_timeout = 120s smtp_data_xfer_timeout = 180s smtp_destination_concurrency_limit = 10 smtp_helo_timeout = 300s smtp_mail_timeout = 300s smtp_never_send_ehlo = no smtp_pix_workaround_delay_time = 10s smtp_pix_workaround_threshold_time = 500s smtp_quit_timeout = 300s smtp_rcpt_timeout = 300s smtp_sasl_mechanism_filter = login smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd smtp_sasl_security_options = noanonymous smtp_skip_5xx_greeting = yes smtp_skip_quit_response = yes smtp_tls_note_starttls_offer = yes smtp_use_tls = yes smtpd_client_restrictions = permit_mynetworks, check_client_access hash:/etc/postfix/client_access smtpd_data_restrictions = reject_unauth_pipelining, permit smtpd_hard_error_limit = 6 smtpd_helo_required = yes smtpd_helo_restrictions = permit_mynetworks, check_client_access hash:/etc/postfix/good_clients, hash:/etc/postfix/access, hash:/etc/postfix/bad_ips, reject_unknown_helo_hostname, reject_non_fqdn_hostname, reject_unauth_destination, reject_unauth_pipelining, reject_invalid_hostname,reject_unknown_hostname smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination smtpd_restriction_classes = restrictive, permissive smtpd_sasl_auth_enable = yes smtpd_sasl_authenticated_header = yes smtpd_sasl_local_domain = smtpd_sasl_path = private/auth smtpd_sasl_security_options = noanonymous, noplaintext smtpd_sasl_tls_security_options = $smtpd_sasl_security_options smtpd_sasl_type = dovecot smtpd_sender_login_maps = hash:/etc/postfix/controlled_envelope_senders smtpd_sender_restrictions = reject_unknown_sender_domain smtpd_soft_error_limit = 4 smtpd_tls_CAfile = /etc/postfix/ssl/cacert.pem smtpd_tls_auth_only = yes smtpd_tls_cert_file = /etc/postfix/ssl/smtpd.crt smtpd_tls_key_file = /etc/postfix/ssl/smtpd.key smtpd_tls_loglevel = 1 smtpd_tls_received_header = yes smtpd_tls_session_cache_timeout = 3600s smtpd_use_tls = yes tls_random_source = dev:/dev/urandom unknown_local_recipient_reject_code = 550 unverified_recipient_reject_code = 550 virtual_alias_domains = nim-phila.org virtual_alias_maps = hash:/etc/postfix/virtual
From: Victor Duchovni on 11 Feb 2010 18:38 On Thu, Feb 11, 2010 at 03:13:52PM -0800, Jeff Lacki wrote: > I get 'fatal: no SASL authentication mechanisms' in maillog > smtpd_tls_auth_only = yes Do you know what this parameter setting does? -- Viktor. P.S. Morgan Stanley is looking for a New York City based, Senior Unix system/email administrator to architect and sustain our perimeter email environment. If you are interested, please drop me a note.
From: Jeff Lacki on 11 Feb 2010 18:55 >> I get 'fatal: no SASL authentication mechanisms' in maillog >> smtpd_tls_auth_only = yes > Do you know what this parameter setting does? Not exactly, Ive been reading all kinds of docs and since Im new to some of it, Im a little confused between SASL and TLS. I've used postfix for a while but never dove into the encrypted aspects of things for security. Now Im trying to get secure. I was reading http://www.postfix.org/SASL_README.html to get SASL+TLS (hopefully) setup to allow specific users to relay through my server securely, but maybe Im completely going down the wrong path? I appreciate the help.
From: Wietse Venema on 11 Feb 2010 19:24 Jeff Lacki: > >> I get 'fatal: no SASL authentication mechanisms' in maillog > > >> smtpd_tls_auth_only = yes > > > Do you know what this parameter setting does? > > Not exactly, Ive been reading all kinds of docs and since > Im new to some of it, Im a little confused between > SASL and TLS. I've used postfix for a while but never > dove into the encrypted aspects of things for security. > Now Im trying to get secure. > > I was reading http://www.postfix.org/SASL_README.html > > to get SASL+TLS (hopefully) setup to allow specific > users to relay through my server securely, but maybe > Im completely going down the wrong path? > > I appreciate the help. Instead of random websites, you may want to take a look at the much updated and expanded SASL_README file. http://www.postfix.org/SASL_README.html Wietse
From: Victor Duchovni on 11 Feb 2010 20:30
On Thu, Feb 11, 2010 at 03:55:52PM -0800, Jeff Lacki wrote: > >> smtpd_tls_auth_only = yes > > > Do you know what this parameter setting does? > > Not exactly, Ive been reading all kinds of docs and since > Im new to some of it, Im a little confused between > SASL and TLS. I've used postfix for a while but never > dove into the encrypted aspects of things for security. > Now Im trying to get secure. The parameter, is documented at http://www.postfix.org/postconf.5.html#smtpd_tls_auth_only if you take a moment to reflect on the "yes" setting, you will understand why tools that probe the list of available SASL algorithms may find none. -- Viktor. P.S. Morgan Stanley is looking for a New York City based, Senior Unix system/email administrator to architect and sustain our perimeter email environment. If you are interested, please drop me a note. |