Kolab doesn't alow to send e-mail from outside the network
Thomas Spuhler
thomas at btspuhler.com
Fri Sep 14 06:40:32 CEST 2007
On Monday 10 September 2007 12:40, Thomas Spuhler wrote:
> On Mon, 2007-09-10 at 07:15 +0200, Gunnar Wrobel wrote:
> > Thomas Spuhler <thomas at btspuhler.com> writes:
> > > On Sunday 09 September 2007 11:23, Alain Spineux wrote:
> > >> On 9/9/07, Thomas Spuhler <thomas at btspuhler.com> wrote:
> > >> > Kolab doesn't allow to send e-mail from outside the network
> > >> > The setup is that sasl_authenticated should be allowed to send
> > >> > e-mail from outside the local network.
> > >>
> > >> It is!
> > >>
> > >> > However I am being asked for the password in an infinite loop. It
> > >> > seems that the sasl path may not be correct
> > >>
> > >> The error reported by postfix in the log could help us a lot :-)
> > >>
> > >> Did you allowed
> > >>
> > >> > --
> > >> > Thomas Spuhler
> > >> >
> > >> > _______________________________________________
> > >> > Kolab-users mailing list
> > >> > Kolab-users at kolab.org
> > >> > https://kolab.org/mailman/listinfo/kolab-users
> > >
> > > I did use authentication from inside just to get the error log (easier
> > > than go outside), I don't need them from the internal network:
> > >
> > > From /var/log/mail/info.log
> >
> > "/var/log/mail/info.log" does not look like you are using a standard
> > Kolab Server. When reporting errors/problems, please follow the
> > guidelines detailed at http://wiki.kolab.org/index.php/Error_reporting
>
> Yes, it's a Mandriva install (2007.0).
>
> > > Sep 9 21:35:00 aargau postfix/smtpd[10336]: connection established
> > > Sep 9 21:35:00 aargau postfix/smtpd[10336]: master_notify: status 0
> > > Sep 9 21:35:00 aargau postfix/smtpd[10336]: name_mask: resource
> > > Sep 9 21:35:00 aargau postfix/smtpd[10336]: name_mask: software
> > > Sep 9 21:35:00 aargau postfix/smtpd[10336]: xsasl_cyrus_server_create:
> > > SASL service=smtp, realm=(null)
> > > Sep 9 21:35:00 aargau postfix/smtpd[10336]: name_mask: noanonymous
> > > Sep 9 21:35:00 aargau postfix/smtpd[10336]: connect from
> > > aargau.btspuhler.com[127.0.0.1]
> > > Sep 9 21:35:00 aargau postfix/smtpd[10336]: match_list_match:
> > > aargau.btspuhler.com: no match
> > > Sep 9 21:35:00 aargau postfix/smtpd[10336]: match_list_match:
> > > 127.0.0.1: no match
> > > Sep 9 21:35:00 aargau postfix/smtpd[10336]: match_list_match:
> > > aargau.btspuhler.com: no match
> > > Sep 9 21:35:00 aargau postfix/smtpd[10336]: match_list_match:
> > > 127.0.0.1: no match
> > > Sep 9 21:35:00 aargau postfix/smtpd[10336]: send attr request = seed
> > > Sep 9 21:35:00 aargau postfix/smtpd[10336]: send attr size = 32
> > > Sep 9 21:35:00 aargau postfix/smtpd[10336]: private/tlsmgr: wanted
> > > attribute: status
> > > Sep 9 21:35:00 aargau postfix/smtpd[10336]: input attribute name:
> > > status Sep 9 21:35:00 aargau postfix/smtpd[10336]: input attribute
> > > value: 0 Sep 9 21:35:00 aargau postfix/smtpd[10336]: private/tlsmgr:
> > > wanted attribute: seed
> > > Sep 9 21:35:00 aargau postfix/smtpd[10336]: input attribute name: seed
> > > Sep 9 21:35:00 aargau postfix/smtpd[10336]: input attribute value:
> > > xXhiDtFxRCWVc0zl45K3+1na8rpR5nQwaN2riOYxk=
> > > Sep 9 21:35:00 aargau postfix/smtpd[10336]: private/tlsmgr: wanted
> > > attribute: (list terminator)
> > > Sep 9 21:35:00 aargau postfix/smtpd[10336]: input attribute name:
> > > (end) Sep 9 21:35:00 aargau postfix/smtpd[10336]: match_hostname:
> > > aargau.btspuhler.com ~? 127.0.0.0/8
> > > Sep 9 21:35:00 aargau postfix/smtpd[10336]: match_hostaddr: 127.0.0.1
> > > ~? 127.0.0.0/8
> > > Sep 9 21:35:00 aargau postfix/smtpd[10336]: >
> > > aargau.btspuhler.com[127.0.0.1]: 220 aargau.btspuhler.com ESMTP Postfix
> > > Sep 9 21:35:00 aargau postfix/smtpd[10336]: <
> > > aargau.btspuhler.com[127.0.0.1]: EHLO aargau.btspuhler.com
> > > Sep 9 21:35:00 aargau postfix/smtpd[10336]: >
> > > aargau.btspuhler.com[127.0.0.1]: 250-aargau.btspuhler.com
> > > Sep 9 21:35:00 aargau postfix/smtpd[10336]: >
> > > aargau.btspuhler.com[127.0.0.1]: 250-PIPELINING
> > > Sep 9 21:35:00 aargau postfix/smtpd[10336]: >
> > > aargau.btspuhler.com[127.0.0.1]: 250-SIZE 5000000
> > > Sep 9 21:35:00 aargau postfix/smtpd[10336]: >
> > > aargau.btspuhler.com[127.0.0.1]: 250-VRFY
> > > Sep 9 21:35:00 aargau postfix/smtpd[10336]: >
> > > aargau.btspuhler.com[127.0.0.1]: 250-ETRN
> > > Sep 9 21:35:00 aargau postfix/smtpd[10336]: >
> > > aargau.btspuhler.com[127.0.0.1]: 250-AUTH GSSAPI CRAM-MD5 DIGEST-MD5
> > > LOGIN PLAIN
> > > Sep 9 21:35:00 aargau postfix/smtpd[10336]: match_list_match:
> > > aargau.btspuhler.com: no match
> > > Sep 9 21:35:00 aargau postfix/smtpd[10336]: match_list_match:
> > > 127.0.0.1: no match
> > > Sep 9 21:35:00 aargau postfix/smtpd[10336]: >
> > > aargau.btspuhler.com[127.0.0.1]: 250-AUTH=GSSAPI CRAM-MD5 DIGEST-MD5
> > > LOGIN PLAIN
> > > Sep 9 21:35:00 aargau postfix/smtpd[10336]: >
> > > aargau.btspuhler.com[127.0.0.1]: 250-ENHANCEDSTATUSCODES
> > > Sep 9 21:35:00 aargau postfix/smtpd[10336]: >
> > > aargau.btspuhler.com[127.0.0.1]: 250-8BITMIME
> > > Sep 9 21:35:00 aargau postfix/smtpd[10336]: >
> > > aargau.btspuhler.com[127.0.0.1]: 250 DSN
> > > Sep 9 21:35:00 aargau postfix/smtpd[10336]: <
> > > aargau.btspuhler.com[127.0.0.1]: AUTH PLAIN
> > > dGhvbWFzQGJ0c3B1aGxlci5jAdGhvbWFzQGJ0c3B1aGxlci5jb20AYnJ1bm81MA==
> > > Sep 9 21:35:00 aargau postfix/smtpd[10336]: xsasl_cyrus_server_first:
> > > sasl_method PLAIN, init_response
> > > dGhvbWFzQGJ0c3B1aGxlci5jAdGhvbWFzQGJ0c3B1aGxlci5jb20AYnJ1bm81MA==
> > > Sep 9 21:35:00 aargau postfix/smtpd[10336]: xsasl_cyrus_server_first:
> > > decoded initial response thomas at btspuhler.com
> > > Sep 9 21:35:00 aargau postfix/smtpd[10336]: >
> > > aargau.btspuhler.com[127.0.0.1]: 535 5.7.0 Error: authentication
> > > failed: authentication failure
> > > Sep 9 21:35:00 aargau postfix/smtpd[10336]: smtp_get: EOF
> > > Sep 9 21:35:00 aargau postfix/smtpd[10336]: match_hostname:
> > > aargau.btspuhler.com ~? 127.0.0.0/8
> > > Sep 9 21:35:00 aargau postfix/smtpd[10336]: match_hostaddr: 127.0.0.1
> > > ~? 127.0.0.0/8
> > > Sep 9 21:35:00 aargau postfix/smtpd[10336]: lost connection after AUTH
> > > from aargau.btspuhler.com[127.0.0.1]
> > > Sep 9 21:35:00 aargau postfix/smtpd[10336]: disconnect from
> > > aargau.btspuhler.com[127.0.0.1]
> > > Sep 9 21:35:00 aargau postfix/smtpd[10336]: master_notify: status 1
> > > Sep 9 21:35:00 aargau postfix/smtpd[10336]: connection closed
> > >
> > > and from /var/log/auth.log
> > > Sep 9 21:38:29 aargau postfix/smtpd[10396]: auxpropfunc error invalid
> > > parameter supplied
> > > Sep 9 21:38:29 aargau postfix/smtpd[10396]: _sasl_plugin_load failed
> > > on sasl_auxprop_plug_init for plugin: ldapdb
> >
> > Does the basic SASL troubleshooting work
> > (http://wiki.kolab.org/index.php/Kolab2_Server_Troubleshooting_-_SASL)?
> > Can you log in from the command line?
>
> This works great.
> # testsaslauthd -u thomas at btspuhler.com -p mypasswd
> 0: OK "Success."
>
> > Cheers,
> >
> > Gunnar
> >
> > > I altered the passwords slightly
> > > --
> > >
> > > Thomas Spuhler
> > >
> > > _____________________
>
> I commented out the tls-only for debuging.
> No I get this when trying to authenticate from outside using telnet:
>
> $ telnet aargau.btspuhler.com 25
> Trying 168.103.242.218...
> Connected to aargau.btspuhler.com (168.103.242.218).
> Escape character is '^]'.
> 220 aargau.btspuhler.com ESMTP Postfix
> EHLO mydomain.com
> 250-aargau.btspuhler.com
> 250-PIPELINING
> 250-SIZE 5000000
> 250-VRFY
> 250-ETRN
> 250-STARTTLS
> 250-AUTH GSSAPI CRAM-MD5 DIGEST-MD5 LOGIN PLAIN
> 250-AUTH=GSSAPI CRAM-MD5 DIGEST-MD5 LOGIN PLAIN
> 250-ENHANCEDSTATUSCODES
> 250-8BITMIME
> 250 DSN
> AUTH PLAIN AHRob21hc3NwdWhsZXIAYnJ1
> 535 5.7.0 Error: authentication failed: authentication failure
>
> I noticed that I have
> 250-AUTH GSSAPI CRAM-MD5 DIGEST-MD5 LOGIN PLAIN
>
> twice but i have smtpd.conf
> pwcheck_method: saslauthd
> mech_list: PLAIN
>
> on the old server that works I have the same in smtpd.conf but I get
>
> 250 AUTH PLAIN and only once
> *****
> 250-SIZE 10240000
> 250-VRFY
> 250-ETRN
> 250-STARTTLS
> 250-AUTH PLAIN
> 250 8BITMIME
> ****
> maybe the /var/log/auth.log gives the clue?
>
> Thanks
> Thomas
>
> _______________________________________________
> Kolab-users mailing list
> Kolab-users at kolab.org
> https://kolab.org/mailman/listinfo/kolab-users
Problem got magically resolved overnight. Did some security upgrades.
Thanks to everybody who tried to help.
--
Thomas
More information about the users
mailing list