Postfix SMTP not accepting authentication

Hi,

I am working on setting up a mail server using Dovecot and Postfix on Debian Squeeze. So far I am able to connect to secure IMAP via Dovecot, and I am able to receive emails. However, I am unable to get Postfix to accept authentication for SMTP. My email client at home can make the connection initially, but then complains that the server doesn't support authentication and refuses to send messages.

Here are the lines that show up in /var/log/mail.log when I try to send to send a message (my IP is replaced for security):

Aug 31 18:55:23 li283-45 postfix/smtpd[29732]: connect from pool-XXX-XXX-XXX-XXX.pitbpa.fios.verizon.net[XXX.XXX.XXX.XXX]
Aug 31 18:55:34 li283-45 postfix/smtpd[29732]: lost connection after AUTH from pool-XXX-XXX-XXX-XXX.pitbpa.fios.verizon.net[XXX.XXX.XXX.XXX]
Aug 31 18:55:34 li283-45 postfix/smtpd[29732]: disconnect from pool-XXX-XXX-XXX-XXX.pitbpa.fios.verizon.net[XXX.XXX.XXX.XXX]

I've tried doing a google search, and everything suggested stuff with my sasl settings in main.cf, none of which worked (though I did apt-get install all the needed sasl packages). My current /etc/postfix/main.cf:

# See /usr/share/postfix/main.cf.dist for a commented, more complete version

# Debian specific:  Specifying a file name will cause the first
# line of that file to be used as the name.  The Debian default
# is /etc/mailname.
#myorigin = /etc/mailname

smtpd_banner = $myhostname ESMTP $mail_name (Debian/GNU)
biff = no

# appending .domain is the MUA's job.
append_dot_mydomain = no

# Uncomment the next line to generate "delayed mail" warnings
#delay_warning_time = 4h

readme_directory = no

# TLS parameters
smtpd_use_tls=yes
smtpd_tls_auth_only = yes
smtpd_tls_key_file = /etc/postfix/ssl/smtp.key
smtpd_tls_cert_file = /etc/postfix/ssl/smtp.cert
smtpd_tls_received_header = yes
smtpd_tls_session_cache_timeout = 3600s
tls_random_source = dev:/dev/urandom

# See /usr/share/doc/postfix/TLS_README.gz in the postfix-doc package for
# information on enabling SSL in the smtp client.

myhostname = www.youdolinux.com
alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases
virtual_alias_maps = hash:/etc/postfix/virtual
home_mailbox = mail/
myorigin = youdolinux.com
mydestination = $myhostname, localhost.$mydomain, localhost, youdolinux.com, www.youdolinux.com, mail.youdolinux.com
#relayhost =
#mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128
mailbox_size_limit = 0
recipient_delimiter = +
inet_interfaces = all
# SASL SUPPORT
smtpd_sasl_auth_enabled = yes
smtpd_sasl_security_options = noanonymous
smtpd_sasl_local_domain = $myhostname
smtpd_sasl_type = dovecot
smtpd_sasl_path = private/auth
smtpd_recipient_restrictions = permit_sasl_authenticated, permit_mynetworks, check_relay_domains

mailbox_command = /usr/bin/procmail

17 Replies

Need more info.

Follow the steps outlined here.

Thanks!

(Depending on how you're sending the mails, you may need to add the -v switch to the 'smtp' entry instead.)

Nice long log entry for postfix with the "-v" option added…. Once again, I replaced my IP for security.

Sep  5 12:11:19 li283-45 postfix/smtpd[23608]: connection established
Sep  5 12:11:19 li283-45 postfix/smtpd[23608]: master_notify: status 0
Sep  5 12:11:19 li283-45 postfix/smtpd[23608]: name_mask: resource
Sep  5 12:11:19 li283-45 postfix/smtpd[23608]: name_mask: software
Sep  5 12:11:19 li283-45 postfix/smtpd[23608]: connect from pool-XXX-XXX-XXX-XXX.pitbpa.fios.verizon.net[XXX.XXX.XXX.XXX]
Sep  5 12:11:19 li283-45 postfix/smtpd[23608]: match_list_match: pool-XXX-XXX-XXX-XXX.pitbpa.fios.verizon.net: no match
Sep  5 12:11:19 li283-45 postfix/smtpd[23608]: match_list_match: XXX.XXX.XXX.XXX: no match
Sep  5 12:11:19 li283-45 postfix/smtpd[23608]: match_list_match: pool-XXX-XXX-XXX-XXX.pitbpa.fios.verizon.net: no match
Sep  5 12:11:19 li283-45 postfix/smtpd[23608]: match_list_match: XXX.XXX.XXX.XXX: no match
Sep  5 12:11:19 li283-45 postfix/smtpd[23608]: match_hostname: pool-XXX-XXX-XXX-XXX.pitbpa.fios.verizon.net ~? 127.0.0.0/8
Sep  5 12:11:19 li283-45 postfix/smtpd[23608]: match_hostaddr: XXX.XXX.XXX.XXX ~? 127.0.0.0/8
Sep  5 12:11:19 li283-45 postfix/smtpd[23608]: match_hostname: pool-XXX-XXX-XXX-XXX.pitbpa.fios.verizon.net ~? 66.228.33.0/24
Sep  5 12:11:19 li283-45 postfix/smtpd[23608]: match_hostaddr: XXX.XXX.XXX.XXX ~? 66.228.33.0/24
Sep  5 12:11:19 li283-45 postfix/smtpd[23608]: match_list_match: pool-XXX-XXX-XXX-XXX.pitbpa.fios.verizon.net: no match
Sep  5 12:11:19 li283-45 postfix/smtpd[23608]: match_list_match: XXX.XXX.XXX.XXX: no match
Sep  5 12:11:19 li283-45 postfix/smtpd[23608]: send attr request = connect
Sep  5 12:11:19 li283-45 postfix/smtpd[23608]: send attr ident = submission:XXX.XXX.XXX.XXX
Sep  5 12:11:19 li283-45 postfix/smtpd[23608]: private/anvil: wanted attribute: status
Sep  5 12:11:19 li283-45 postfix/smtpd[23608]: input attribute name: status
Sep  5 12:11:19 li283-45 postfix/smtpd[23608]: input attribute value: 0
Sep  5 12:11:19 li283-45 postfix/smtpd[23608]: private/anvil: wanted attribute: count
Sep  5 12:11:19 li283-45 postfix/smtpd[23608]: input attribute name: count
Sep  5 12:11:19 li283-45 postfix/smtpd[23608]: input attribute value: 1
Sep  5 12:11:19 li283-45 postfix/smtpd[23608]: private/anvil: wanted attribute: rate
Sep  5 12:11:19 li283-45 postfix/smtpd[23608]: input attribute name: rate
Sep  5 12:11:19 li283-45 postfix/smtpd[23608]: input attribute value: 1
Sep  5 12:11:19 li283-45 postfix/smtpd[23608]: private/anvil: wanted attribute: (list terminator)
Sep  5 12:11:19 li283-45 postfix/smtpd[23608]: input attribute name: (end)
Sep  5 12:11:19 li283-45 postfix/smtpd[23608]: > pool-XXX-XXX-XXX-XXX.pitbpa.fios.verizon.net[XXX.XXX.XXX.XXX]: 220 www.youdolinux.com ESMTP Postfix (Debian/GNU)
Sep  5 12:11:19 li283-45 postfix/smtpd[23608]: < pool-XXX-XXX-XXX-XXX.pitbpa.fios.verizon.net[XXX.XXX.XXX.XXX]: EHLO debian.home
Sep  5 12:11:19 li283-45 postfix/smtpd[23608]: > pool-XXX-XXX-XXX-XXX.pitbpa.fios.verizon.net[XXX.XXX.XXX.XXX]: 250-www.youdolinux.com
Sep  5 12:11:19 li283-45 postfix/smtpd[23608]: > pool-XXX-XXX-XXX-XXX.pitbpa.fios.verizon.net[XXX.XXX.XXX.XXX]: 250-PIPELINING
Sep  5 12:11:19 li283-45 postfix/smtpd[23608]: > pool-XXX-XXX-XXX-XXX.pitbpa.fios.verizon.net[XXX.XXX.XXX.XXX]: 250-SIZE 10240000
Sep  5 12:11:19 li283-45 postfix/smtpd[23608]: > pool-XXX-XXX-XXX-XXX.pitbpa.fios.verizon.net[XXX.XXX.XXX.XXX]: 250-VRFY
Sep  5 12:11:19 li283-45 postfix/smtpd[23608]: > pool-XXX-XXX-XXX-XXX.pitbpa.fios.verizon.net[XXX.XXX.XXX.XXX]: 250-ETRN
Sep  5 12:11:19 li283-45 postfix/smtpd[23608]: match_list_match: pool-XXX-XXX-XXX-XXX.pitbpa.fios.verizon.net: no match
Sep  5 12:11:19 li283-45 postfix/smtpd[23608]: match_list_match: XXX.XXX.XXX.XXX: no match
Sep  5 12:11:19 li283-45 postfix/smtpd[23608]: > pool-XXX-XXX-XXX-XXX.pitbpa.fios.verizon.net[XXX.XXX.XXX.XXX]: 250-STARTTLS
Sep  5 12:11:19 li283-45 postfix/smtpd[23608]: > pool-XXX-XXX-XXX-XXX.pitbpa.fios.verizon.net[XXX.XXX.XXX.XXX]: 250-ENHANCEDSTATUSCODES
Sep  5 12:11:19 li283-45 postfix/smtpd[23608]: > pool-XXX-XXX-XXX-XXX.pitbpa.fios.verizon.net[XXX.XXX.XXX.XXX]: 250-8BITMIME
Sep  5 12:11:19 li283-45 postfix/smtpd[23608]: > pool-XXX-XXX-XXX-XXX.pitbpa.fios.verizon.net[XXX.XXX.XXX.XXX]: 250 DSN
Sep  5 12:11:19 li283-45 postfix/smtpd[23608]: < pool-XXX-XXX-XXX-XXX.pitbpa.fios.verizon.net[XXX.XXX.XXX.XXX]: STARTTLS
Sep  5 12:11:19 li283-45 postfix/smtpd[23608]: > pool-XXX-XXX-XXX-XXX.pitbpa.fios.verizon.net[XXX.XXX.XXX.XXX]: 220 2.0.0 Ready to start TLS
Sep  5 12:11:19 li283-45 postfix/smtpd[23608]: auto_clnt_open: connected to private/tlsmgr
Sep  5 12:11:19 li283-45 postfix/smtpd[23608]: send attr request = seed
Sep  5 12:11:19 li283-45 postfix/smtpd[23608]: send attr size = 32
Sep  5 12:11:19 li283-45 postfix/smtpd[23608]: private/tlsmgr: wanted attribute: status
Sep  5 12:11:19 li283-45 postfix/smtpd[23608]: input attribute name: status
Sep  5 12:11:19 li283-45 postfix/smtpd[23608]: input attribute value: 0
Sep  5 12:11:19 li283-45 postfix/smtpd[23608]: private/tlsmgr: wanted attribute: seed
Sep  5 12:11:19 li283-45 postfix/smtpd[23608]: input attribute name: seed
Sep  5 12:11:19 li283-45 postfix/smtpd[23608]: input attribute value: FNcLU9CMD+K8kBAspGHrw+GhgwdozRyg0S3MmAmwBGE=
Sep  5 12:11:19 li283-45 postfix/smtpd[23608]: private/tlsmgr: wanted attribute: (list terminator)
Sep  5 12:11:19 li283-45 postfix/smtpd[23608]: input attribute name: (end)
Sep  5 12:11:19 li283-45 postfix/smtpd[23608]: < pool-XXX-XXX-XXX-XXX.pitbpa.fios.verizon.net[XXX.XXX.XXX.XXX]: EHLO debian.home
Sep  5 12:11:19 li283-45 postfix/smtpd[23608]: > pool-XXX-XXX-XXX-XXX.pitbpa.fios.verizon.net[XXX.XXX.XXX.XXX]: 250-www.youdolinux.com
Sep  5 12:11:19 li283-45 postfix/smtpd[23608]: > pool-XXX-XXX-XXX-XXX.pitbpa.fios.verizon.net[XXX.XXX.XXX.XXX]: 250-PIPELINING
Sep  5 12:11:19 li283-45 postfix/smtpd[23608]: > pool-XXX-XXX-XXX-XXX.pitbpa.fios.verizon.net[XXX.XXX.XXX.XXX]: 250-SIZE 10240000
Sep  5 12:11:19 li283-45 postfix/smtpd[23608]: > pool-XXX-XXX-XXX-XXX.pitbpa.fios.verizon.net[XXX.XXX.XXX.XXX]: 250-VRFY
Sep  5 12:11:19 li283-45 postfix/smtpd[23608]: match_list_match: pool-XXX-XXX-XXX-XXX.pitbpa.fios.verizon.net: no match
Sep  5 12:11:19 li283-45 postfix/smtpd[23608]: match_list_match: XXX.XXX.XXX.XXX: no match
Sep  5 12:11:19 li283-45 postfix/smtpd[23608]: > pool-74-111-178-159.pitbpa.fios.verizon.net[74.111.178.159]: 250-ETRN
Sep  5 12:11:19 li283-45 postfix/smtpd[23608]: > pool-XXX-XXX-XXX-XXX.pitbpa.fios.verizon.net[XXX.XXX.XXX.XXX]: 250-ENHANCEDSTATUSCODES
Sep  5 12:11:19 li283-45 postfix/smtpd[23608]: > pool-XXX-XXX-XXX-XXX.pitbpa.fios.verizon.net[XXX.XXX.XXX.XXX]: 250-8BITMIME
Sep  5 12:11:19 li283-45 postfix/smtpd[23608]: > pool-XXX-XXX-XXX-XXX.pitbpa.fios.verizon.net[XXX.XXX.XXX.XXX]: 250 DSN
Sep  5 12:11:19 li283-45 postfix/smtpd[23608]: < pool-XXX-XXX-XXX-XXX.pitbpa.fios.verizon.net[XXX.XXX.XXX.XXX]: AUTH PLAIN <snip>==
Sep  5 12:11:19 li283-45 postfix/smtpd[23608]: > pool-XXX-XXX-XXX-XXX.pitbpa.fios.verizon.net[XXX.XXX.XXX.XXX]: 503 5.5.1 Error: authentication not enabled
Sep  5 12:11:19 li283-45 postfix/smtpd[23608]: smtp_get: EOF
Sep  5 12:11:19 li283-45 postfix/smtpd[23608]: match_hostname: pool-XXX-XXX-XXX-XXX.pitbpa.fios.verizon.net ~? 127.0.0.0/8
Sep  5 12:11:19 li283-45 postfix/smtpd[23608]: match_hostaddr: XXX.XXX.XXX.XXX ~? 127.0.0.0/8
Sep  5 12:11:19 li283-45 postfix/smtpd[23608]: match_hostname: pool-XXX-XXX-XXX-XXX.pitbpa.fios.verizon.net ~? 66.228.33.0/24
Sep  5 12:11:19 li283-45 postfix/smtpd[23608]: match_hostaddr: XXX.XXX.XXX.XXX ~? 66.228.33.0/24
Sep  5 12:11:19 li283-45 postfix/smtpd[23608]: match_list_match: pool-XXX-XXX-XXX-XXX.pitbpa.fios.verizon.net: no match
Sep  5 12:11:19 li283-45 postfix/smtpd[23608]: match_list_match: XXX.XXX.XXX.XXX: no match
Sep  5 12:11:19 li283-45 postfix/smtpd[23608]: send attr request = disconnect
Sep  5 12:11:19 li283-45 postfix/smtpd[23608]: send attr ident = submission:XXX.XXX.XXX.XXX
Sep  5 12:11:19 li283-45 postfix/smtpd[23608]: private/anvil: wanted attribute: status
Sep  5 12:11:19 li283-45 postfix/smtpd[23608]: input attribute name: status
Sep  5 12:11:19 li283-45 postfix/smtpd[23608]: input attribute value: 0
Sep  5 12:11:19 li283-45 postfix/smtpd[23608]: private/anvil: wanted attribute: (list terminator)
Sep  5 12:11:19 li283-45 postfix/smtpd[23608]: input attribute name: (end)
Sep  5 12:11:19 li283-45 postfix/smtpd[23608]: lost connection after AUTH from pool-XXX-XXX-XXX-XXX.pitbpa.fios.verizon.net[XXX.XXX.XXX.XXX]
Sep  5 12:11:19 li283-45 postfix/smtpd[23608]: disconnect from pool-74-111-178-159.pitbpa.fios.verizon.net[XXX.XXX.XXX.XXX]
Sep  5 12:11:19 li283-45 postfix/smtpd[23608]: master_notify: status 1
Sep  5 12:11:19 li283-45 postfix/smtpd[23608]: connection closed
Sep  5 12:11:24 li283-45 postfix/smtpd[23608]: auto_clnt_close: disconnect private/tlsmgr stream</snip>

There are a few references to a match list. Is this related to the "smtpdrecipientrestrictions" option near the end of my config? I want it to permit authenticated, which is there, but I can't authenticate.

What does your dovecot.conf say about exporting authentication services? Is the path to private/auth correct? Is the postfix' user set correctly? Is the listening even enabled?

From dovecot.conf, in the "auth default" section:

socket listen {
         client {
           path = /var/spool/postfix/private/auth
           mode = 0660
           user = postfix
           group = postfix
         }
       }

}

This file exists, along with a bunch of other postfix stuff under /var/spool/postfix:

root@li283-45:~# ls /var/spool/postfix/
active  bounce  corrupt  defer  deferred  dev  etc  flush  hold  incoming  lib  maildrop  pid  private  public  saved  trace  usr  var
root@li283-45:~# ls /var/spool/postfix/private/
anvil  bounce  defer    error   lmtp   maildrop  proxymap    relay  rewrite  scalemail-backend  tlsmgr  uucp    virtual
auth   bsmtp   discard  ifmail  local  mailman   proxywrite  retry  scache   smtp               trace   verify
root@li283-45:~# ls /var/spool/postfix/private/auth
/var/spool/postfix/private/auth

I have both a user and a group called postfix.

What needs to be listening? Postfix and Dovecot both seem to be listening.

How about auth mechanisms? Plain? Login? Set auth_verbose to yes and see if that says anything in dovecot's log file.

You may also wish to snip > Sep 5 12:11:19 li283-45 postfix/smtpd[23608]: < pool-XXX-XXX-XXX-XXX.pitbpa.fios.verizon.net[XXX.XXX.XXX.XXX]: AUTH PLAIN as it contains your login info.

derfy: I don't see my login info in that line?

My system doesn't have a log dedicated to Dovecot, but Dovecot is dumping stuff into mail.log. The only addition to the log (after putting "auth_default = yes" in dovecot.conf and restarting that and Postfix) was Dovecot registering an IMAP connection, though my email client started checking for mail just after I click the send button. I can post the current mail.log, but I seriously doubt the extra Dovecot line would help.

@Piki:

derfy: I don't see my login info in that line?

derfy is correct. heck, even scrappy probably knows there's a base64 encoded string (with your username and password) on that line.

I masked it with . Did I get the right thing? I'm no expert on encoding stuff.

Still having the issue?

Post the output of

# postconf -n

I am able to send email without authenticating with my username/password, but I still want it to require authentication.

Here's the output:

root@li283-45:~# postconf -n
alias_database = hash:/etc/aliases
alias_maps = hash:/etc/aliases
append_dot_mydomain = no
biff = no
config_directory = /etc/postfix
home_mailbox = mail/
inet_interfaces = all
mailbox_command = /usr/bin/procmail
mailbox_size_limit = 0
mydestination = $myhostname, localhost.$mydomain, localhost, youdolinux.com, www.youdolinux.com, mail.youdolinux.com
myhostname = www.youdolinux.com
myorigin = youdolinux.com
readme_directory = no
recipient_delimiter = +
smtpd_banner = $myhostname ESMTP $mail_name (Debian/GNU)
smtpd_recipient_restrictions = permit_sasl_authenticated, permit_mynetworks, check_relay_domains
smtpd_sasl_local_domain = $myhostname
smtpd_sasl_path = private/auth
smtpd_sasl_security_options = noanonymous
smtpd_sasl_type = dovecot
smtpd_tls_auth_only = yes
smtpd_tls_cert_file = /etc/postfix/ssl/smtp.cert
smtpd_tls_key_file = /etc/postfix/ssl/smtp.key
smtpd_tls_received_header = yes
smtpd_tls_session_cache_timeout = 3600s
smtpd_use_tls = yes
tls_random_source = dev:/dev/urandom
virtual_alias_maps = hash:/etc/postfix/virtual

Is this the entire output? If so, two things jump out at me:

1. postconf -n doesn't reflect auth –- where is your "smtpdsaslauth_enabled = yes"? Postfix indicates that is not currently configured. Check your syntax, restart postfix and re-check with postconf -n again.

2. smtpdrecipientrestrictions -- you need to add "rejectunauthdestination" at the end of this configuration. Remove the deprecated "checkrelaydomains" and replace it with "rejectunauthdestination".

Postfix isn't going to support auth without these.

Additionally, you may want to add "brokensaslauth_clients = yes" as an SASL option if you'll be using Outlook Express and/or certain versions of Exchange.

Make those changes and test. If it still fails, post another copy of your postconf -n output. Alternatively you might want to use saslfinger to help you troubleshoot -- you'll want to test server-side with the -s argument:

http://postfix.state-of-mind.de/patrick … aslfinger/">http://postfix.state-of-mind.de/patrick.koetter/saslfinger/

I most certainly won't be using broken clients from certain unmentionable companies :)

"smtpdsaslauth_enabled = yes" is in main.conf, and I've already restarted Postfix several times with that enabled, but it isn't showing that in "postconf -n":

root@li283-45:~# postconf -n | grep smtpd_sasl_auth_enabled
root@li283-45:~# cat /etc/postfix/main.cf | grep smtpd_sasl_auth_enabled
smtpd_sasl_auth_enabled = yes
root@li283-45:~#

Here is a post of main.conf the way it is now (replace checkrelaydomains with rejectunauthdestination):

# See /usr/share/postfix/main.cf.dist for a commented, more complete version

# Debian specific:  Specifying a file name will cause the first
# line of that file to be used as the name.  The Debian default
# is /etc/mailname.
#myorigin = /etc/mailname

smtpd_banner = $myhostname ESMTP $mail_name (Debian/GNU)
biff = no

# appending .domain is the MUA's job.
append_dot_mydomain = no

# Uncomment the next line to generate "delayed mail" warnings
#delay_warning_time = 4h

readme_directory = no

# TLS parameters
smtpd_use_tls=yes
smtpd_tls_auth_only = yes
smtpd_tls_key_file = /etc/postfix/ssl/smtp.key
smtpd_tls_cert_file = /etc/postfix/ssl/smtp.cert
smtpd_tls_received_header = yes
smtpd_tls_session_cache_timeout = 3600s
tls_random_source = dev:/dev/urandom

# See /usr/share/doc/postfix/TLS_README.gz in the postfix-doc package for
# information on enabling SSL in the smtp client.

myhostname = www.youdolinux.com
alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases
virtual_alias_maps = hash:/etc/postfix/virtual
home_mailbox = mail/
myorigin = youdolinux.com
mydestination = $myhostname, localhost.$mydomain, localhost, youdolinux.com, www.youdolinux.com, mail.youdolinux.com
#relayhost =
#mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128
mailbox_size_limit = 0
recipient_delimiter = +
inet_interfaces = all
# SASL SUPPORT
smtpd_sasl_auth_enabled = yes
smtpd_sasl_security_options = noanonymous
smtpd_sasl_local_domain = $myhostname
smtpd_sasl_type = dovecot
smtpd_sasl_path = private/auth
smtpd_recipient_restrictions = permit_sasl_authenticated, permit_mynetworks, reject_unauth_destination

mailbox_command = /usr/bin/procmail

"postconf -n" (after restarting postfix for the change above to take effect):

root@li283-45:~# postconf -n
alias_database = hash:/etc/aliases
alias_maps = hash:/etc/aliases
append_dot_mydomain = no
biff = no
config_directory = /etc/postfix
home_mailbox = mail/
inet_interfaces = all
mailbox_command = /usr/bin/procmail
mailbox_size_limit = 0
mydestination = $myhostname, localhost.$mydomain, localhost, youdolinux.com, www.youdolinux.com, mail.youdolinux.com
myhostname = www.youdolinux.com
myorigin = youdolinux.com
readme_directory = no
recipient_delimiter = +
smtpd_banner = $myhostname ESMTP $mail_name (Debian/GNU)
smtpd_recipient_restrictions = permit_sasl_authenticated, permit_mynetworks, reject_unauth_destination
smtpd_sasl_local_domain = $myhostname
smtpd_sasl_path = private/auth
smtpd_sasl_security_options = noanonymous
smtpd_sasl_type = dovecot
smtpd_tls_auth_only = yes
smtpd_tls_cert_file = /etc/postfix/ssl/smtp.cert
smtpd_tls_key_file = /etc/postfix/ssl/smtp.key
smtpd_tls_received_header = yes
smtpd_tls_session_cache_timeout = 3600s
smtpd_use_tls = yes
tls_random_source = dev:/dev/urandom
virtual_alias_maps = hash:/etc/postfix/virtual

Oops. The correct parameter is:

smtpdsaslauth_enable = yes

take the 'd' off the word 'enabled' to make it 'enable' and restart postfix and test with 'postconf -n' again. If it's still not working, check what shared libraries your smtpd binary are linked against:

ldd /usr/libexec/postfix/smtpd

and post the output.

Aha!

Using the past tense of "enable" was the issue. I'm able to authenticate via SMTP now. Gotta love those typos :-)

Thanks for the help!

Reply

Please enter an answer
Tips:

You can mention users to notify them: @username

You can use Markdown to format your question. For more examples see the Markdown Cheatsheet.

> I’m a blockquote.

I’m a blockquote.

[I'm a link] (https://www.google.com)

I'm a link

**I am bold** I am bold

*I am italicized* I am italicized

Community Code of Conduct