3 Replies Latest reply on Dec 2, 2011 5:59 PM by Dude!

    postfix authentication verification is failure

    xsyang
      [root@mail log]# telnet mail.gl.com 25
      Trying 168.168.1.42...
      Connected to mail.gl.com (168.168.1.42).
      Escape character is '^]'.
      220 mail.gl.com ESMTP Postfix
      ehlo mail.gl.com
      250-mail.gl.com
      250-PIPELINING
      250-SIZE 10240000
      250-VRFY
      250-ETRN
      250-AUTH PLAIN LOGIN
      250-ENHANCEDSTATUSCODES
      250-8BITMIME
      250 DSN
      auth login
      334 VXNlcm5hbWU6
      eGluZ3NodW4=
      334 UGFzc3dvcmQ6
      Y2x5dTEyMZQ=
      535 5.7.8 Error: authentication failed: no mechanism available
      quit
      221 2.0.0 Bye
      Connection closed by foreign host.

      check the maillog:

      Dec 2 09:30:01 localhost postfix/qmgr[16933]: 8836C38280D7: removed
      Dec 2 09:30:29 localhost postfix/smtpd[676]: warning: mail.gl.com[168.168.1.42]: SASL login authentication failed: no mechanism available
      Dec 2 09:35:29 localhost postfix/smtpd[676]: timeout after AUTH from mail.gl.com[168.168.1.42]
      Dec 2 09:35:29 localhost postfix/smtpd[676]: disconnect from mail.gl.com[168.168.1.42]
      Dec 2 09:45:01 localhost postfix/pickup[32228]: 9117138280D7: uid=503 from=<weblogic>
      Dec 2 09:45:01 localhost postfix/cleanup[963]: 9117138280D7: message-id=<20111202144501.9117138280D7@mail.gl.com>
      Dec 2 09:45:01 localhost postfix/qmgr[16933]: 9117138280D7: from=<weblogic@mail.gl.com>, size=775, nrcpt=1 (queue active)
      Dec 2 09:45:01 localhost postfix/local[965]: warning: dict_nis_init: NIS domain name not set - NIS lookups disabled
      Dec 2 09:45:01 localhost postfix/local[965]: 9117138280D7: to=<weblogic@mail.gl.com>, orig_to=<weblogic>, relay=local, delay=0.01, delays=0.01/0/0/0, dsn=2.0.0, status=sent (delivered to maildir)
      Dec 2 09:45:01 localhost postfix/qmgr[16933]: 9117138280D7: removed
      ~

      Please let me know what I am missing? NIS domain name? how to set up this. Thanks a lot!!!

      I set up the postfix for evaluation purpose, so i could be used inter-company and later be link to outside. but I need to show my boss it's full features. Thanks!

      Rgds!
        • 1. Re: postfix authentication verification is failure
          Dude!
          SASL login authentication failed: no mechanism available
          Please show /etc/postfix/sasl/smtpd.conf

          You might want to verify you have set "pwcheck_method: saslauthd" and that the saslauthd daemon is running.

          /sbin/chkconfig --level 345 saslauthd on
          sbin/service saslauthd start

          Edit /etc/sysconfig/saslauthd and verify "MECH=pam"

          Restart Postfix: /sbin/service postfix restart

          Btw, if you are looking for a reliable email system that has all the features one can possibly imagine plus a web interface for the complete administration and use, and easy installation and administration, then check out Communigate Pro. You will need a small budget to buy the product, but you can download a demo version for free. I used it a couple of years go in all sorts of configurations and different platforms and I was very happy with it. For example, I used it on a small 500 Mhz Server as an smtp-relay and front-end filtering system and it processed about 30'000 emails daily without a problem, including defeating constant spam attacks.
          • 2. Re: postfix authentication verification is failure
            xsyang
            my setting as below:

            ********Please show /etc/postfix/sasl/smtpd.conf
            [root@mail postfix]# cat /etc/postfix/sasl/smtpd.conf
            cat: /etc/postfix/sasl/smtpd.conf: No such file or directory


            [root@mail postfix]# cd /etc/postfix
            [root@mail postfix]# ll
            total 260
            -rw-r--r-- 1 root root 20876 Dec 1 14:33 access
            -rw-r--r-- 1 root root 8829 Dec 1 14:33 aliases
            -rw-r--r-- 1 root root 3548 Dec 1 14:33 bounce.cf.default
            -rw-r--r-- 1 root root 11681 Dec 1 14:33 canonical
            -rw-r--r-- 1 root root 9904 Dec 1 14:33 generic
            -rw-r--r-- 1 root root 21535 Dec 1 14:33 header_checks
            -rw-r--r-- 1 root root 11942 Dec 1 14:33 LICENSE
            -rw-r--r-- 1 root root 26165 Dec 1 19:00 main.cf
            -rw-r--r-- 1 root root 21687 Dec 1 17:38 main.cf.default
            -rw-r--r-- 1 root root 573 Dec 1 17:38 makedefs.out
            -rw-r--r-- 1 root root 5695 Dec 1 14:33 master.cf
            -rw-r--r-- 1 root root 17703 Dec 1 17:38 postfix-files
            -rwxr-xr-x 1 root root 6949 Dec 1 17:38 postfix-script
            -rwxr-xr-x 1 root root 22774 Dec 1 17:38 post-install
            -rw-r--r-- 1 root root 6816 Dec 1 14:33 relocated
            -rw-r--r-- 1 root root 1629 Dec 1 14:33 TLS_LICENSE
            -rw-r--r-- 1 root root 12549 Dec 1 14:33 transport
            -rw-r--r-- 1 root root 12494 Dec 1 14:33 virtual

            " there is no such directory sasl"

            but I have followed the instruction and set it in /usr/local/lib/sasl2/smtpd.conf:
            [root@mail postfix]# cat /usr/local/lib/sasl2/smtpd.conf
            pwcheck_method: saslauthd
            mech_list: PLAIN LOGIN


            *********/sbin/chkconfig --level 345 saslauthd on
            [root@mail postfix]# /sbin/chkconfig --list
            ..
            ..
            saslauthd 0:off 1:off 2:off 3:on 4:on 5:on 6:off
            ..
            ..

            *******Edit /etc/sysconfig/saslauthd and verify "MECH=pam"
            [root@mail postfix]# cat /etc/sysconfig/saslauthd
            # Directory in which to place saslauthd's listening socket, pid file, and so
            # on. This directory must already exist.
            SOCKETDIR=/var/run/saslauthd

            # Mechanism to use when checking passwords. Run "saslauthd -v" to get a list
            # of which mechanism your installation was compiled with the ablity to use.
            MECH=pam

            # Additional flags to pass to saslauthd on the command line. See saslauthd(8)
            # for the list of accepted flags.
            FLAGS=

            ***************

            by the way, how to buy the solusion you mentioned? Thanks!!!!


            Rgds!

            Edited by: xsyang on Dec 1, 2011 10:20 PM

            ******************************************************************************
            also I have put the following lines in /etc/postfix/main.cf as:

            smtpd_sasl_auth_enable = yes
            smtpd_recipient_restrictions = permit_mynetworks,permit_sasl_authenticated,reject_unauth_destination,reject_non_fqdn_recipient
            smtpd_sasl_application_name = smtpd

            My plateform is X64 intel and installed Oracle Linux 5.7

            Edited by: xsyang on Dec 2, 2011 2:29 AM

            Edited by: xsyang on Dec 2, 2011 2:31 AM

            Edited by: xsyang on Dec 2, 2011 2:31 AM
            • 3. Re: postfix authentication verification is failure
              Dude!
              Here is another link, perhaps you will find some solution there: http://www.postfix.org/SASL_README.html

              Regarding the other product: http://www.communigate.com. From what I understand, there is a free "trial" and "community" version. The "community" version only allows up to 5 mail accounts and will stop working if you exceed that limit. The "trial" version does not have any limitations, but will add a "Communigate Pro" text banner to every processed mail. Honestly, this product would be my first choice for setting up any mail system of any size, not only because I have very good experience with the product for 10 years, but also because you get quick results and it can simply do everything. There might be some learning curve and familiarizing necessary when using advanced feature, but like with sophisticated product, which doesn't? It isn't the cheapest product if you decide to buy a license, but at the end, you will spend less time and troubleshooting and you can rely on it. The product also runs an any computer platform and OS that is worth mentioning.

              HTH.

              Edited by: Dude on Dec 2, 2011 9:59 AM