I'm having trouble getting SASL support working. The thing is, when i
first installed Postfix i did have it working. But i disabled it because
i decided not to use it. Now, it appears that i will require it once
more. However, working from the H&K Postfix book as a guide, i haven't
been able to undo my disabling of it.
Here are (all?) relevant entries from postconf -n
smtpd_banner = $myhostname NO UCE ESMTP
smtpd_client_restrictions = check_client_access
hash:$config_directory/maps/access
smtpd_delay_reject = no
smtpd_hard_error_limit = 10
smtpd_helo_required = yes
smtpd_helo_restrictions =
smtpd_recipient_restrictions =
permit_mynetworks,
permit_sasl_authenticated,
reject_non_fqdn_hostname,
reject_non_fqdn_sender,
reject_non_fqdn_recipient,
check_recipient_access
hash:$config_directory/maps/filtered_domains,
reject_unknown_sender_domain,
reject_unknown_recipient_domain,
reject_unauth_destination,
reject_non_fqdn_hostname,
reject_invalid_hostname,
reject_unauth_pipelining
smtpd_sasl_auth_enable = yes
smtpd_sasl_local_domain =
smtpd_sasl_security_options = noanonymous
smtpd_soft_error_limit = 2
smtpd_timeout = 30s
smtpd_tls_CAfile = $config_directory/ssl/cacert.pem
smtpd_tls_auth_only = yes
smtpd_tls_cert_file = $config_directory/ssl/smtpd-cert.pem
smtpd_tls_key_file = $config_directory/ssl/smtpd-req.pem
smtpd_tls_loglevel = 1
smtpd_tls_received_header = yes
smtpd_tls_session_cache_timeout = 3600s
smtpd_use_tls = yes
# telnet mail.subtropolix.org 25
Trying 127.0.0.1...
Connected to mail.subtropolix.org.
Escape character is '^]'.
220 subtropolix.org NO UCE ESMTP
EHLO client.subtropolix.org
250-subtropolix.org
250-PIPELINING
250-SIZE 10240000
250-ETRN
250-STARTTLS
250-ENHANCEDSTATUSCODES
250-8BITMIME
250 DSN
I appended "-v" to SMTPD in master.cf and got the following (removed
timestamps for clarity):
: connection established
: master_notify: status 0
: name_mask: resource
: name_mask: software
: xsasl_cyrus_server_create: SASL service=smtp, realm=(null)
: name_mask: noanonymous
: connect from subtropolix.org[127.0.0.1]
: match_list_match: subtropolix.org: no match
: match_list_match: 127.0.0.1: no match
: match_list_match: subtropolix.org: no match
: match_list_match: 127.0.0.1: no match
: match_hostname: subtropolix.org ~? 127.0.0.1
: match_hostaddr: 127.0.0.1 ~? 127.0.0.1
: match_hostname: subtropolix.org ~? 127.0.0.0/8
: match_hostaddr: 127.0.0.1 ~? 127.0.0.0/8
: >>> START Client host RESTRICTIONS <<<
: generic_checks: name=check_client_access
: check_namadr_access: name subtropolix.org addr 127.0.0.1
: check_domain_access: subtropolix.org
: check_addr_access: 127.0.0.1
: generic_checks: name=check_client_access status=0
: >>> END Client host RESTRICTIONS <<<
: > subtropolix.org[127.0.0.1]: 220 subtropolix.org NO UCE ESMTP
: watchdog_pat: 0x8105b38
: < subtropolix.org[127.0.0.1]: EHLO client.subtropolix.org
: > subtropolix.org[127.0.0.1]: 250-subtropolix.org
: > subtropolix.org[127.0.0.1]: 250-PIPELINING
: > subtropolix.org[127.0.0.1]: 250-SIZE 10240000
: > subtropolix.org[127.0.0.1]: 250-ETRN
: match_list_match: subtropolix.org: no match
: match_list_match: 127.0.0.1: no match
: > subtropolix.org[127.0.0.1]: 250-STARTTLS
: > subtropolix.org[127.0.0.1]: 250-ENHANCEDSTATUSCODES
: > subtropolix.org[127.0.0.1]: 250-8BITMIME
: > subtropolix.org[127.0.0.1]: 250 DSN
: watchdog_pat: 0x8105b38
: < subtropolix.org[127.0.0.1]: quit
: > subtropolix.org[127.0.0.1]: 221 2.0.0 Bye
: match_hostname: subtropolix.org ~? 127.0.0.0/8
: match_hostaddr: 127.0.0.1 ~? 127.0.0.0/8
: disconnect from subtropolix.org[127.0.0.1]
: master_notify: status 1
: connection closed
: auto_clnt_close: disconnect private/tlsmgr stream
The line "xsasl_cyrus_server_create: SASL service=smtp, realm=(null)"
suggests to me that SASL is available but i don't understand why it is
not displayed in the SMTP dialogue.
|
