Prev-20 Home Next-20 2 msg postmap header_checks error 10 msg mailbox_command (dovecot lda) stopped working, ... 5 msg mynetworks via LDAP lookup 7 msg Local recipient table in LDAP problem 2 msg proxy_read_maps 1 msg smtpd_restriction_class and it's lookup 8 msg Message Rejected 12 msg Customize to filter attachment ? 2 msg Relay question 14 msg unnecessary routing? 4 msg do not use 'reject_maps_rbl'? 9 msg Fwd: Postfix in OpenVZ. 2 msg bypass body_checks for local mail? 4 msg catchall with relay_recipient_maps 4 msg 'Name server failure' is output smtp_sasl_password_maps lookups \ (Marco d'Itri) (23 Jan 2008) . \ Victor Duchovni (23 Jan 2008) . \ Patrick Ben Koetter (23 Jan 2008) 16 msg Postfix Queues on a Ram Disk 15 msg sendmail compared to smtp sending 3 msg Postfix does not recognize remote emails 2 msg How to disable SSLv2 on smtpd opportunistic TLS? Prev-20 Home Next-20

Prev-Msg Prev-Thread Postfix-users Jan-2008 Next-Thread Next-Msg Subject: Re: smtp_sasl_password_maps lookups Group: Postfix-users From: Patrick Ben Koetter Date: 23 Jan 2008 * Marco d'Itri <md>: > Exactly, what are the keys of smtp_sasl_password_maps lookups? > I have been converting some of my old sendmail servers to postfix, and > some postfix *clients* (managed by customers) stopped authenticating. > Authentication does not fail, they do not even try to authenticate > anymore. Both servers are only offering LOGIN and PLAIN. > > After investigating with the customers I noticed that their systems are > apparently misconfigured, i.e. they use relayhost=[server] or > smtp:[server] in a transport map but the smtp_sasl_password_maps key > lacks the []. > I can understand why this is not working, and adding the hostname with > [] to the password map fixes it, but why did the postfix client > correctly authenticate to the old sendmail servers? Besides the DNS related issues that Viktor already mentioned: One aspect why this might not work out of the box (or why you may get stuck again as soon you've solved the current problem) is that the Postfix smtp client SASL default policy is not to use plaintext mechanisms. As you mentioned above your "servers are only offering LOGIN and PLAIN". In cases like this you usually get "no worthy mechs found" as an error message on the Postfix client side. To solve the problem you can either - offer other, non-plaintext mechanisms such as CRAM-MD5 or DIGEST-MD5 on the server side, which IMO is the preferred solution as authentication credentials will be transmitted encrypted - set "smtp_sasl_security_options = noanonymous" explicitly in main.cf and thus override the default (see: postconf -d smtp_sasl_security_options). In this case you want to enable TLS on the server-side and require your Postfix client server to use TLS. Using TLS will shield the authentication credential transmission from other parties. p@rick -- The Book of Postfix <http://www.postfix-book.com> saslfinger (debugging SMTP AUTH): <http://postfix.state-of-mind.de/patrick.koetter/saslfinger/> Prev-Msg Prev-Thread Postfix-users Jan-2008 Next-Thread Next-Msg

© 2004-2008 readlist.com