From: donovan jeffrey j on
Greetings

I have an older relay system accept ssl on port 25, it seems to be working, but when i test it, STARTTLS shows up but then the session stalls like it's waiting for me to do something. -probably i do.

smtp2:/etc/postfix root# telnet 127.0.0.1 25
Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'.
220 smtp2.beth.k12.pa.us ESMTP Postfix
EHLO beth.k12.pa.us
250-smtp2.beth.k12.pa.us
250-PIPELINING
250-SIZE 26214400
250-VRFY
250-ETRN
250-STARTTLS
250 8BITMIME

what comes next ? i would expect AUTH types. Do I have to initiate an auth sequence ?

postconf

smtpd_enforce_tls = yes
smtpd_pw_server_security_options = login,cram-md5,plain,gssapi
smtpd_recipient_restrictions = permit_sasl_authenticated,permit_mynetworks,reject_unauth_destination,permit
smtpd_sasl_auth_enable = yes
smtpd_tls_cert_file = /etc/certificates/Default.crt
smtpd_tls_key_file = /etc/certificates/Default.key
smtpd_use_pw_server = yes
smtpd_use_tls = yes


-j
From: Magnus =?iso-8859-1?Q?B=E4ck?= on
On Friday, July 30, 2010 at 17:33 CEST,
donovan jeffrey j <donovan(a)beth.k12.pa.us> wrote:

> I have an older relay system accept ssl on port 25, it seems to be
> working, but when i test it, STARTTLS shows up but then the session
> stalls like it's waiting for me to do something. -probably i do.
>
> smtp2:/etc/postfix root# telnet 127.0.0.1 25
> Trying 127.0.0.1...
> Connected to localhost.
> Escape character is '^]'.
> 220 smtp2.beth.k12.pa.us ESMTP Postfix
> EHLO beth.k12.pa.us
> 250-smtp2.beth.k12.pa.us
> 250-PIPELINING
> 250-SIZE 26214400
> 250-VRFY
> 250-ETRN
> 250-STARTTLS
> 250 8BITMIME

As indicated by the lacking hyphen between 250 and 8BITMIME on the final
line, that's the final line of the server's response. It's then the
client's turn to send the next command. There is no AUTH line in the
EHLO response so for some reason Postfix doesn't accept authentication.

> what comes next ? i would expect AUTH types. Do I have to initiate an
> auth sequence ?
>
> postconf
>
> smtpd_enforce_tls = yes
> smtpd_pw_server_security_options = login,cram-md5,plain,gssapi
> smtpd_recipient_restrictions = permit_sasl_authenticated,permit_mynetworks,reject_unauth_destination,permit
> smtpd_sasl_auth_enable = yes
> smtpd_tls_cert_file = /etc/certificates/Default.crt
> smtpd_tls_key_file = /etc/certificates/Default.key
> smtpd_use_pw_server = yes
> smtpd_use_tls = yes

Please post at least full "postconf -n" output, or even better
saslfinger output (Google it).

This thread was started by responding to an old message in another
thread. Don't do that. Start new threads by posting a new message
to the postfix-users address.

--
Magnus B�ck
magnus(a)dsek.lth.se

From: Jerry on
On Fri, 30 Jul 2010 17:50:16 +0200
Magnus Bäck <magnus(a)dsek.lth.se> articulated:

> On Friday, July 30, 2010 at 17:33 CEST,
> donovan jeffrey j <donovan(a)beth.k12.pa.us> wrote:
>
> Please post at least full "postconf -n" output, or even better
> saslfinger output (Google it).

http://ftp.wl0.org/SOURCES/postfinger

--
Jerry ✌
postfix-user(a)seibercom.net

_____________________________________________________________________
TO REPORT A PROBLEM see http://www.postfix.org/DEBUG_README.html#mail
TO (UN)SUBSCRIBE see http://www.postfix.org/lists.html

Kilroe hic erat!

From: donovan jeffrey j on

On Jul 30, 2010, at 11:50 AM, Magnus Bäck wrote:

> On Friday, July 30, 2010 at 17:33 CEST,
> donovan jeffrey j <donovan(a)beth.k12.pa.us> wrote:
>
>> I have an older relay system accept ssl on port 25, it seems to be
>> working, but when i test it, STARTTLS shows up but then the session
>> stalls like it's waiting for me to do something. -probably i do.
>>
>> smtp2:/etc/postfix root# telnet 127.0.0.1 25
>> Trying 127.0.0.1...
>> Connected to localhost.
>> Escape character is '^]'.
>> 220 smtp2.beth.k12.pa.us ESMTP Postfix
>> EHLO beth.k12.pa.us
>> 250-smtp2.beth.k12.pa.us
>> 250-PIPELINING
>> 250-SIZE 26214400
>> 250-VRFY
>> 250-ETRN
>> 250-STARTTLS
>> 250 8BITMIME
>
> As indicated by the lacking hyphen between 250 and 8BITMIME on the final
> line, that's the final line of the server's response. It's then the
> client's turn to send the next command. There is no AUTH line in the
> EHLO response so for some reason Postfix doesn't accept authentication.
>
>> what comes next ? i would expect AUTH types. Do I have to initiate an
>> auth sequence ?
>>
>> postconf
>>
>> smtpd_enforce_tls = yes
>> smtpd_pw_server_security_options = login,cram-md5,plain,gssapi
>> smtpd_recipient_restrictions = permit_sasl_authenticated,permit_mynetworks,reject_unauth_destination,permit
>> smtpd_sasl_auth_enable = yes
>> smtpd_tls_cert_file = /etc/certificates/Default.crt
>> smtpd_tls_key_file = /etc/certificates/Default.key
>> smtpd_use_pw_server = yes
>> smtpd_use_tls = yes
>

alias_maps = hash:/etc/aliases,ldap:/etc/postfix/ldaplocal
always_bcc = basdarchive(a)beth.k12.pa.us
bounce_queue_lifetime = 5m
command_directory = /usr/sbin
config_directory = /etc/postfix
daemon_directory = /usr/libexec/postfix
debug_peer_level = 2
enable_server_options = yes
html_directory = no
inet_interfaces = all
local_recipient_maps = ldap:/etc/postfix/ldaplocal $alias_maps
luser_relay = lukeskywalker
mail_owner = postfix
mailbox_size_limit = 0
mailbox_transport = cyrus
mailq_path = /usr/bin/mailq
manpage_directory = /usr/share/man
message_size_limit = 26214400
mydestination = $myhostname,localhost.$mydomain,localhost,smtp,smtp2
mydomain = beth.k12.pa.us
mydomain_fallback = beth.k12.pa.us
myhostname = smtp2.beth.k12.pa.us
mynetworks = 127.0.0.1/32,etc..
mynetworks_style = host
newaliases_path = /usr/bin/newaliases
owner_request_special = no
queue_directory = /private/var/spool/postfix
readme_directory = /usr/share/doc/postfix
recipient_delimiter = +
sample_directory = /usr/share/doc/postfix/examples
sendmail_path = /usr/sbin/sendmail
setgid_group = postdrop
smtpd_enforce_tls = yes
smtpd_pw_server_security_options = login,cram-md5,plain,gssapi
smtpd_recipient_restrictions = permit_sasl_authenticated,permit_mynetworks,reject_unauth_destination,permit
smtpd_sasl_auth_enable = yes
smtpd_tls_cert_file = /etc/certificates/Default.crt
smtpd_tls_key_file = /etc/certificates/Default.key
smtpd_use_pw_server = yes
smtpd_use_tls = yes
soft_bounce = no
transport_maps = ldap:/etc/postfix/ldaptransport
unknown_local_recipient_reject_code = 550


> Please post at least full "postconf -n" output, or even better
> saslfinger output (Google it).
-- basics --
Postfix: 2.1.5
System: Welcome to Darwin!

-- smtpd is linked to --
../saslfinger: line 1: ldd: command not found
../saslfinger: line 1: ldd: command not found

-- active SMTP AUTH and TLS parameters for smtpd --
smtpd_sasl_auth_enable = yes
smtpd_tls_cert_file = /etc/certificates/Default.crt
smtpd_tls_key_file = /etc/certificates/Default.key
smtpd_use_tls = yes


-- listing of /usr/lib/sasl2 --
total 2416
drwxr-xr-x 40 root wheel 1360 Nov 20 2008 .
drwxr-xr-x 282 root wheel 9588 Dec 8 2009 ..
-rw-r--r-- 1 root wheel 631 Mar 20 2005 apop.la
-r-xr-xr-x 1 root wheel 17496 Mar 20 2005 apop.so
-rwxr-xr-x 1 root wheel 629 Mar 20 2005 dhx.la
-r-xr-xr-x 1 root wheel 598600 Jan 30 2006 dhx.so
-rw-r--r-- 1 root wheel 653 Mar 20 2005 digestmd5WebDAV.la
-r-xr-xr-x 1 root wheel 43132 Mar 20 2005 digestmd5WebDAV.so
drwxr-xr-x 9 root wheel 306 Nov 20 2008 disabled
-r-xr-xr-x 1 root wheel 17660 Mar 20 2005 libanonymous.2.so
-rw-r--r-- 1 root wheel 694 Mar 20 2005 libanonymous.la
-r-xr-xr-x 1 root wheel 17740 Mar 20 2005 libcrammd5.2.so
-rw-r--r-- 1 root wheel 682 Mar 20 2005 libcrammd5.la
-r-xr-xr-x 1 root wheel 47228 Jan 19 2007 libdigestmd5.2.so
-rw-r--r-- 1 root wheel 703 Mar 20 2005 libdigestmd5.la
-r-xr-xr-x 1 root wheel 22688 Jan 19 2007 libgssapiv2.2.0.18.so
-r-xr-xr-x 1 root wheel 22688 Jan 19 2007 libgssapiv2.2.so
-rw-r--r-- 1 root wheel 739 Mar 20 2005 libgssapiv2.la
-r-xr-xr-x 1 root wheel 22504 Mar 20 2005 libkerberos4.2.so
-rw-r--r-- 1 root wheel 628 Mar 20 2005 liblogin.la
-rw-r--r-- 1 root wheel 637 Mar 20 2005 libntlm.la
-r-xr-xr-x 1 root wheel 30816 Mar 20 2005 libntlm.so
-r-xr-xr-x 1 root wheel 67668 Mar 20 2005 libotp.2.so
-rw-r--r-- 1 root wheel 667 Mar 20 2005 libotp.la
-r-xr-xr-x 1 root wheel 17604 Mar 20 2005 libplain.2.so
-rw-r--r-- 1 root wheel 670 Mar 20 2005 libplain.la
-r-xr-xr-x 1 root wheel 17612 Mar 20 2005 login.so
-rwxr-xr-x 1 root wheel 639 Mar 20 2005 mschapv2.la
-r-xr-xr-x 1 root wheel 22792 Mar 20 2005 mschapv2.so
drwxr-xr-x 6 root wheel 204 Nov 9 2007 openldap
-rwxr-xr-x 1 root wheel 641 Mar 25 2005 pwauxprop.la
-r-xr-xr-x 1 root wheel 53192 Dec 3 2006 pwauxprop.so
-r-xr-xr-x 1 root wheel 18580 Mar 20 2005 shadow_auxprop.so
-rwxr-xr-x 1 root wheel 635 Mar 20 2005 smb_lm.la
-r-xr-xr-x 1 root wheel 22316 Mar 20 2005 smb_lm.so
-rwxr-xr-x 1 root wheel 635 Mar 20 2005 smb_nt.la
-r-xr-xr-x 1 root wheel 22316 Mar 20 2005 smb_nt.so
-rwxr-xr-x 1 root wheel 568 Mar 20 2005 smb_ntlmv2.la
-r-xr-xr-x 1 root wheel 22616 Mar 20 2005 smb_ntlmv2.so
-r-xr-xr-x 1 root wheel 21960 Mar 20 2005 twowayrandom.so




There is no smtpd.conf that defines what SASL should do for Postfix.
SMTP AUTH can't work!

smtp2:/usr/local/saslfinger-1.0.3 root# ./saslfinger -c
saslfinger - postfix Cyrus sasl configuration Fri Jul 30 13:46:42 EDT 2010
version: 1.0.2
mode: client-side SMTP AUTH

-- basics --
Postfix: 2.1.5
System: Welcome to Darwin!

-- smtp is linked to --
../saslfinger: line 1: ldd: command not found
../saslfinger: line 1: ldd: command not found

-- active SMTP AUTH and TLS parameters for smtp --
No active SMTP AUTH and TLS parameters for smtp in main.cf!
SMTP AUTH can't work!
smtp2:/usr/local/saslfinger-1.0.3 root#

-- basics --
Postfix: 2.1.5
System: Welcome to Darwin!

-- smtpd is linked to --
../saslfinger: line 1: ldd: command not found
../saslfinger: line 1: ldd: command not found

-- active SMTP AUTH and TLS parameters for smtpd --
smtpd_sasl_auth_enable = yes
smtpd_tls_cert_file = /etc/certificates/Default.crt
smtpd_tls_key_file = /etc/certificates/Default.key
smtpd_use_tls = yes


-- listing of /usr/lib/sasl2 --
total 2416
drwxr-xr-x 40 root wheel 1360 Nov 20 2008 .
drwxr-xr-x 282 root wheel 9588 Dec 8 2009 ..
-rw-r--r-- 1 root wheel 631 Mar 20 2005 apop.la
-r-xr-xr-x 1 root wheel 17496 Mar 20 2005 apop.so
-rwxr-xr-x 1 root wheel 629 Mar 20 2005 dhx.la
-r-xr-xr-x 1 root wheel 598600 Jan 30 2006 dhx.so
-rw-r--r-- 1 root wheel 653 Mar 20 2005 digestmd5WebDAV.la
-r-xr-xr-x 1 root wheel 43132 Mar 20 2005 digestmd5WebDAV.so
drwxr-xr-x 9 root wheel 306 Nov 20 2008 disabled
-r-xr-xr-x 1 root wheel 17660 Mar 20 2005 libanonymous.2.so
-rw-r--r-- 1 root wheel 694 Mar 20 2005 libanonymous.la
-r-xr-xr-x 1 root wheel 17740 Mar 20 2005 libcrammd5.2.so
-rw-r--r-- 1 root wheel 682 Mar 20 2005 libcrammd5.la
-r-xr-xr-x 1 root wheel 47228 Jan 19 2007 libdigestmd5.2.so
-rw-r--r-- 1 root wheel 703 Mar 20 2005 libdigestmd5.la
-r-xr-xr-x 1 root wheel 22688 Jan 19 2007 libgssapiv2.2.0.18.so
-r-xr-xr-x 1 root wheel 22688 Jan 19 2007 libgssapiv2.2.so
-rw-r--r-- 1 root wheel 739 Mar 20 2005 libgssapiv2.la
-r-xr-xr-x 1 root wheel 22504 Mar 20 2005 libkerberos4.2.so
-rw-r--r-- 1 root wheel 628 Mar 20 2005 liblogin.la
-rw-r--r-- 1 root wheel 637 Mar 20 2005 libntlm.la
-r-xr-xr-x 1 root wheel 30816 Mar 20 2005 libntlm.so
-r-xr-xr-x 1 root wheel 67668 Mar 20 2005 libotp.2.so
-rw-r--r-- 1 root wheel 667 Mar 20 2005 libotp.la
-r-xr-xr-x 1 root wheel 17604 Mar 20 2005 libplain.2.so
-rw-r--r-- 1 root wheel 670 Mar 20 2005 libplain.la
-r-xr-xr-x 1 root wheel 17612 Mar 20 2005 login.so
-rwxr-xr-x 1 root wheel 639 Mar 20 2005 mschapv2.la
-r-xr-xr-x 1 root wheel 22792 Mar 20 2005 mschapv2.so
drwxr-xr-x 6 root wheel 204 Nov 9 2007 openldap
-rwxr-xr-x 1 root wheel 641 Mar 25 2005 pwauxprop.la
-r-xr-xr-x 1 root wheel 53192 Dec 3 2006 pwauxprop.so
-r-xr-xr-x 1 root wheel 18580 Mar 20 2005 shadow_auxprop.so
-rwxr-xr-x 1 root wheel 635 Mar 20 2005 smb_lm.la
-r-xr-xr-x 1 root wheel 22316 Mar 20 2005 smb_lm.so
-rwxr-xr-x 1 root wheel 635 Mar 20 2005 smb_nt.la
-r-xr-xr-x 1 root wheel 22316 Mar 20 2005 smb_nt.so
-rwxr-xr-x 1 root wheel 568 Mar 20 2005 smb_ntlmv2.la
-r-xr-xr-x 1 root wheel 22616 Mar 20 2005 smb_ntlmv2.so
-r-xr-xr-x 1 root wheel 21960 Mar 20 2005 twowayrandom.so




There is no smtpd.conf that defines what SASL should do for Postfix.
SMTP AUTH can't work!

smtp2:/usr/local/saslfinger-1.0.3 root# ./saslfinger -c
saslfinger - postfix Cyrus sasl configuration Fri Jul 30 13:46:42 EDT 2010
version: 1.0.2
mode: client-side SMTP AUTH

-- basics --
Postfix: 2.1.5
System: Welcome to Darwin!

-- smtp is linked to --
../saslfinger: line 1: ldd: command not found
../saslfinger: line 1: ldd: command not found

-- active SMTP AUTH and TLS parameters for smtp --
No active SMTP AUTH and TLS parameters for smtp in main.cf!
SMTP AUTH can't work!
smtp2:/usr/local/saslfinger-1.0.3 root#


>
> This thread was started by responding to an old message in another
> thread. Don't do that. Start new threads by posting a new message
> to the postfix-users address.

woops

>
> --
> Magnus Bäck
> magnus(a)dsek.lth.se
>

From: Magnus =?iso-8859-1?Q?B=E4ck?= on
On Friday, July 30, 2010 at 18:21 CEST,
Jerry <postfix-user(a)seibercom.net> wrote:

> On Fri, 30 Jul 2010 17:50:16 +0200
> Magnus B�ck <magnus(a)dsek.lth.se> articulated:
>
> > Please post at least full "postconf -n" output, or even better
> > saslfinger output (Google it).
>
> http://ftp.wl0.org/SOURCES/postfinger

No, I meant saslfinger and not postfinger.

http://postfix.state-of-mind.de/patrick.koetter/saslfinger/

--
Magnus B�ck
magnus(a)dsek.lth.se