From: mohamad rahimi on
Hi all
In our group we are using suse and Postfix SMTP server 2.3.2. Every
thing
was fine until when we restarted our mail server and also
firewall.
The first problem is that when we use Thunderbird with
security and
Authentication it is
impossible to send a email. we receive this error
“Unable to
authentication to SMTP server mx.mydomain.. The server does not
support any compatible secure authentication mechanism but you have chosen
secure authentication. Try switching off secure authentication”. however ,
it is possible to send email without Authentication in local network.
The second problem is that we can not send email via Thunderbird from
outside of our local network.
if I send a email to X(a)Y.com I will receive this error “Mail
server
responded 5.7.1 < X(a)Y.com> relay access denied. Please check
the message
recipient X(a)Y.com and try again”.
we also have web
mail (Squirrelmail) and it works without any problems
everywhere.
I am completely beginner in postfix so I don't know which information is
useful, if you need more information tell me. You can find postfix out
here.
Thanks in advance.
alias_maps = hash:/etc/aliases hash:/var/lib/mailman/data/aliases
biff = no
broken_sasl_auth_clients = yes
canonical_maps = hash:/etc/postfix/canonical regexp:/etc/postfix/canonical-regexp
command_directory = /usr/sbin
config_directory = /etc/postfix
daemon_directory = /usr/lib/postfix
debug_peer_level = 2
defer_transports =
delay_warning_time = 4
disable_dns_lookups = no
html_directory = /usr/share/doc/packages/postfix/html
inet_protocols = all
mail_spool_directory = /var/mail
mailbox_command =
mailbox_size_limit = 0
mailbox_transport =
mailq_path = /usr/bin/mailq
manpage_directory = /usr/share/man
masquerade_classes = envelope_sender, header_sender, header_recipient
masquerade_domains =
masquerade_exceptions = root
message_size_limit = 20480000
mydestination = $myhostname localhost.$mydomain localhost $mydomain
mydomain = theo.chemie.site
myhostname = mx.theo.chemie.tu-darmstadt.de
mynetworks = 127.0..0.0/8 130.83.159.160/28 [::1]/128 [fe80::]/64 10.0.0.0/16
myorigin = $mydomain
newaliases_path = /usr/bin/newaliases
proxy_read_maps = $local_recipient_maps $mydestination $virtual_alias_maps $virtual_alias_domains $virtual_mailbox_maps $virtual_mailbox_domains $relay_recipient_maps $relay_domains $canonical_maps $sender_canonical_maps $recipient_canonical_maps $relocated_maps $transport_maps $mynetworks $virtual_mailbox_limit_maps
readme_directory = /usr/share/doc/packages/postfix/README_FILES
recipient_delimiter = +
relayhost = mailout.hrz.tu-darmstadt.de
relocated_maps = hash:/etc/postfix/relocated
sample_directory = /usr/share/doc/packages/postfix/samples
sender_canonical_maps = hash:/etc/postfix/sender_canonical
sendmail_path = /usr/sbin/sendmail
setgid_group = maildrop
smtp_helo_name = mx.theo.chemie.tu-darmstadt.de
smtp_tls_security_level = may
smtp_tls_session_cache_database = btree:/var/spool/postfix/smtp_tls_session_cache
smtp_use_tls = no
smtpd_client_restrictions =
smtpd_helo_required = no
smtpd_helo_restrictions =
smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination
smtpd_sasl_auth_enable = yes
smtpd_sasl_authenticated_header = yes
smtpd_sasl_local_domain = theo.chemie.tu-darmstadt.de
smtpd_sasl_path = smtpd
smtpd_sasl_security_options = noanonymous
smtpd_sender_restrictions = check_sender_access hash:/etc/postfix/access, reject_unknown_sender_domain
smtpd_tls_CAfile = /etc/postfix/ssl.crt/cacert.pem
smtpd_tls_cert_file = /etc/postfix/ssl.crt/bromma-cert.pem
smtpd_tls_key_file = /etc/postfix/ssl.crt/bromma-key.pem
smtpd_tls_received_header = yes
smtpd_tls_security_level = may
smtpd_tls_session_cache_database = btree:/var/spool/postfix/smtpd_tls_session_cache
strict_rfc821_envelopes = no
tls_random_source = dev:/dev/urandom
transport_maps = hash:/etc/postfix/transport
unknown_local_recipient_reject_code = 550
virtual_alias_maps = proxy:mysql:/etc/postfix/mysql_virtual_alias_maps.cf hash:/var/lib/mailman/data/virtual
virtual_gid_maps = static:51
virtual_mailbox_base = /var/mail/virtual
virtual_mailbox_domains = proxy:mysql:/etc/postfix/mysql_virtual_domains_maps.cf
virtual_mailbox_limit = 51200000
virtual_mailbox_maps = proxy:mysql:/etc/postfix/mysql_virtual_mailbox_maps.cf
virtual_minimum_uid = 51
virtual_transport = virtual
virtual_uid_maps = static:51



From: Victor Duchovni on
On Sun, Apr 25, 2010 at 09:35:37AM -0700, mohamad rahimi wrote:

> "Unable to authentication to SMTP server mx.mydomain. The server does not
> support any compatible secure authentication mechanism but you have chosen
> secure authentication. Try switching off secure authentication."

"Secure Authentication" means no plaintext passwords, i.e. GSSAPI,
CRAM-MD5, ... Are you sure you have support for mechanisms other than
"PLAIN"? If not, don't tell Thunderbird to try and use them...

--
Viktor.

P.S. Morgan Stanley is looking for a New York City based, Senior Unix
system/email administrator to architect and sustain our perimeter email
environment. If you are interested, please drop me a note.

From: "Franck MAHE" on
Hello,



Try this :



smtpd_recipient_restrictions = permit_sasl_authenticated, permit_mynetworks, reject_unauth_destination



permit_sasl_authenticated must precede everything to be able to authenticate from outside.



You should define something in master.cf to allow different behavior depending on your internal and external (I think you have several NIC with different IPs)



Regards





Franck
-------------------------------------------
M: +33 6 6042 7249
E: mahe(a)civis.net

De : owner-postfix-users(a)postfix.org [mailto:owner-postfix-users(a)postfix.org] De la part de mohamad rahimi
Envoyé : dimanche 25 avril 2010 18:36
À : postfix
Objet : Authentication problem with Thunderbird



Hi all
In our group we are using suse and Postfix SMTP server 2.3.2. Every thing
was fine until when we restarted our mail server and also firewall.
The first problem is that when we use Thunderbird with security and
Authentication it is impossible to send a email. we receive this error
“Unable to authentication to SMTP server mx.mydomain. The server does not
support any compatible secure authentication mechanism but you have chosen
secure authentication. Try switching off secure authentication”. however ,
it is possible to send email without Authentication in local network.
The second problem is that we can not send email via Thunderbird from
outside of our local network.
if I send a email to <mailto:X(a)Y.com> X(a)Y.com I will receive this error “Mail server
responded 5.7.1 < X(a)Y.com> relay access denied. Please check the message
recipient X(a)Y.com and try again”.
we also have web mail (Squirrelmail) and it works without any problems
everywhere.
I am completely beginner in postfix so I don't know which information is
useful, if you need more information tell me. You can find postfix out
here.
Thanks in advance.
alias_maps = hash:/etc/aliases hash:/var/lib/mailman/data/aliases
biff = no
broken_sasl_auth_clients = yes
canonical_maps = hash:/etc/postfix/canonical regexp:/etc/postfix/canonical-regexp
command_directory = /usr/sbin
config_directory = /etc/postfix
daemon_directory = /usr/lib/postfix
debug_peer_level = 2
defer_transports =
delay_warning_time = 4
disable_dns_lookups = no
html_directory = /usr/share/doc/packages/postfix/html
inet_protocols = all
mail_spool_directory = /var/mail
mailbox_command =
mailbox_size_limit = 0
mailbox_transport =
mailq_path = /usr/bin/mailq
manpage_directory = /usr/share/man
masquerade_classes = envelope_sender, header_sender, header_recipient
masquerade_domains =
masquerade_exceptions = root
message_size_limit = 20480000
mydestination = $myhostname localhost.$mydomain localhost $mydomain
mydomain = theo.chemie.site
myhostname = mx.theo.chemie.tu-darmstadt.de
mynetworks = 127.0.0.0/8 130.83.159.160/28 [::1]/128 [fe80::]/64 10.0.0.0/16
myorigin = $mydomain
newaliases_path = /usr/bin/newaliases
proxy_read_maps = $local_recipient_maps $mydestination $virtual_alias_maps $virtual_alias_domains $virtual_mailbox_maps $virtual_mailbox_domains $relay_recipient_maps $relay_domains $canonical_maps $sender_canonical_maps $recipient_canonical_maps $relocated_maps $transport_maps $mynetworks $virtual_mailbox_limit_maps
readme_directory = /usr/share/doc/packages/postfix/README_FILES
recipient_delimiter = +
relayhost = mailout.hrz.tu-darmstadt.de
relocated_maps = hash:/etc/postfix/relocated
sample_directory = /usr/share/doc/packages/postfix/samples
sender_canonical_maps = hash:/etc/postfix/sender_canonical
sendmail_path = /usr/sbin/sendmail
setgid_group = maildrop
smtp_helo_name = mx.theo.chemie.tu-darmstadt.de
smtp_tls_security_level = may
smtp_tls_session_cache_database = btree:/var/spool/postfix/smtp_tls_session_cache
smtp_use_tls = no
smtpd_client_restrictions =
smtpd_helo_required = no
smtpd_helo_restrictions =
smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination
smtpd_sasl_auth_enable = yes
smtpd_sasl_authenticated_header = yes
smtpd_sasl_local_domain = theo.chemie.tu-darmstadt.de
smtpd_sasl_path = smtpd
smtpd_sasl_security_options = noanonymous
smtpd_sender_restrictions = check_sender_access hash:/etc/postfix/access, reject_unknown_sender_domain
smtpd_tls_CAfile = /etc/postfix/ssl.crt/cacert.pem
smtpd_tls_cert_file = /etc/postfix/ssl.crt/bromma-cert.pem
smtpd_tls_key_file = /etc/postfix/ssl.crt/bromma-key.pem
smtpd_tls_received_header = yes
smtpd_tls_security_level = may
smtpd_tls_session_cache_database = btree:/var/spool/postfix/smtpd_tls_session_cache
strict_rfc821_envelopes = no
tls_random_source = dev:/dev/urandom
transport_maps = hash:/etc/postfix/transport
unknown_local_recipient_reject_code = 550
virtual_alias_maps = proxy:mysql:/etc/postfix/mysql_virtual_alias_maps.cf hash:/var/lib/mailman/data/virtual
virtual_gid_maps = static:51
virtual_mailbox_base = /var/mail/virtual
virtual_mailbox_domains = proxy:mysql:/etc/postfix/mysql_virtual_domains_maps.cf
virtual_mailbox_limit = 51200000
virtual_mailbox_maps = proxy:mysql:/etc/postfix/mysql_virtual_mailbox_maps.cf
virtual_minimum_uid = 51
virtual_transport = virtual
virtual_uid_maps = static:51



From: mohamad rahimi on





________________________________
From: Victor Duchovni <Victor.Duchovni(a)morganstanley.com>
To: postfix-users(a)postfix.org
Sent: Sun, April 25, 2010 6:46:55 PM
Subject: Re: Authentication problem with Thunderbird

>On Sun, Apr 25, 2010 at 09:35:37AM -0700, mohamad rahimi wrote:

>> "Unable to authentication to SMTP server mx.mydomain. The server does not
> >support any compatible secure authentication mechanism but you have chosen
> >secure authentication. Try switching off secure authentication."

>"Secure Authentication" means no plaintext passwords, i.e. GSSAPI,
>CRAM-MD5, ... Are you sure you have support for mechanisms other than
>"PLAIN"? If not, don't tell Thunderbird to try and use them...

--
I am sure our mail server had the mechanisms for Secure Authentication.
my question is that how can I understand that now our mail server support this mechanisms and how can
I run this.


From: Victor Duchovni on
On Sun, Apr 25, 2010 at 10:18:57AM -0700, mohamad rahimi wrote:

> >> "Unable to authentication to SMTP server mx.mydomain. The server does not
> > >support any compatible secure authentication mechanism but you have chosen
> > >secure authentication. Try switching off secure authentication."
>
> >"Secure Authentication" means no plaintext passwords, i.e. GSSAPI,
> >CRAM-MD5, ... Are you sure you have support for mechanisms other than
> >"PLAIN"? If not, don't tell Thunderbird to try and use them...
>
> I am sure our mail server had the mechanisms for Secure Authentication.

What do you mean when you say this? Which non-plaintext SASL mechanisms
does your server support, and how?

> my question is that how can I understand that now our mail server
> support this mechanisms and how can I run this.

The above sentence does not make sense in English I am afraid. :-(

--

P.S. Morgan Stanley is looking for a New York City based, Senior Unix
system/email administrator to architect and sustain our perimeter email
environment. If you are interested, please drop me a note.