POSTFIX, problems using SMTP authenticacion.

[Ense]

Hello,

We are using postfix without authenticacion and works correctly, but my company now requires smtp user/password.

I have configurated password file in /etc/postfix/sasl_passwd

[smtp.domain1.com]:portused app1@emaildomain.com:password

When i try to send email i got this message on log: (Host or domain name not found. Name service error for name=emaildomain.com type=A: Host found but no data record of requested type)

emaildomain.com is not a DNS zone and you cant resolve it, but we can use it on this server without smtp authenticacion and in another servers with outlook for example.

This is my main.cf:

Code: Select all

# See /usr/share/postfix/main.cf.dist for a commented, more complete version

# Debian specific:  Specifying a file name will cause the first
# line of that file to be used as the name.  The Debian default
# is /etc/mailname.
#myorigin = /etc/mailname

smtpd_banner = $myhostname ESMTP $mail_name (Debian/GNU)
biff = no

# appending .domain is the MUA's job.
append_dot_mydomain = no

# Uncomment the next line to generate "delayed mail" warnings
#delay_warning_time = 4h

readme_directory = no

# See http://www.postfix.org/COMPATIBILITY_README.html -- default to 2 on
# fresh installs.
compatibility_level = 2

# TLS parameters
# smtpd_tls_cert_file=/etc/ssl/certs/ssl-cert-snakeoil.pem
# smtpd_tls_key_file=/etc/ssl/private/ssl-cert-snakeoil.key
# smtpd_tls_security_level=may
# smtp_tls_CApath=/etc/ssl/certs
# smtp_tls_security_level=may
# smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache


# smtpd_relay_restrictions = permit_mynetworks permit_sasl_authenticated defer_unauth_destination
# myhostname = Servername
 alias_maps = hash:/etc/aliases
 alias_database = hash:/etc/aliases
 myorigin = /etc/mailname
 mydestination = $myhostname, localhost, Servername, emaildomain.com
 relayhost = [smtp.domain1.com]:portused
 smtp_use_tls = yes
 smtp_sasl_auth_enable = yes
 smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd
 smtp_tls_CAfile = /etc/ssl/certs/ca-bundle.crt
 smtp_sasl_security_options = noanonymous
 smtp_sasl_tls_security_options = noanonymous
 mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128 ourIPrange
 mailbox_command = procmail -a "$EXTENSION"
 mailbox_size_limit = 0
 recipient_delimiter = +
 inet_interfaces = all
 inet_protocols = ipv4

Thanks,

[dilberts_left_nut]

Hello,

We are using postfix without authenticacion and works correctly, but my company now requires smtp user/password.

I have configurated password file in /etc/postfix/sasl_passwd

[smtp.domain1.com]:1025 app1@emaildomain.com:password

Is the username on your relay server exactly "app1@emaildomain.com"?
Did you create the hash db with 'postmap /etc/postfix/sasl_passwd' ?
Can you send mail using those credentials with a regular mail client?

When i try to send email i got this message on log: (Host or domain name not found. Name service error for name=emaildomain.com type=A: Host found but no data record of requested type)

Which server generated that message?
It would be easier to post the actual log snippet rather than paraphrasing.

[Ense]

Hello,

We are using postfix without authenticacion and works correctly, but my company now requires smtp user/password.

I have configurated password file in /etc/postfix/sasl_passwd

[smtp.domain1.com]:1025 app1@emaildomain.com:password

Is the username on your relay server exactly "app1@emaildomain.com"?
Did you create the hash db with 'postmap /etc/postfix/sasl_passwd' ?
Can you send mail using those credentials with a regular mail client?

When i try to send email i got this message on log: (Host or domain name not found. Name service error for name=emaildomain.com type=A: Host found but no data record of requested type)

Which server generated that message?
It would be easier to post the actual log snippet rather than paraphrasing.

I have asked the mail department if the user is that or has another name, I will test after that with a smtp client from windows and if it works I will start with the postfix configuration

yes, I have created the database with > sudo postmap /etc/postfix/sasl_passwd

Im using postfix to send message from a nagios server, the error message appears in the log /var/log/mail.log of this server

thanks for the help, I will let you know

[Ense]

Hello again.

I'm trying with valid username and password and it keeps failing, I'm seeing in the log that it is not detecting the realyhost and I don't understand why:

Code: Select all

postfix/cleanup[2526328]: 51D0F803D6: message-id=<20240730092806.51D0F803D6@SERVERNAME.localdomain>
postfix/qmgr[2526323]: 51D0F803D6: from=<root@SERVERNAME.localdomain>, size=456, nrcpt=1 (queue active)
postfix/smtp[2526335]: 51D0F803D6: to=<destinationmail@emaildomain.com>, relay=none, delay=0.01, delays=0/0/0/0, dsn=5.4.4, status=bounced (Host or domain name not found. Name service error for name=emaildomain.com type=A: Host found but no data record of requested type)
postfix/cleanup[2526328]: 553E0803D8: message-id=<20240730092806.553E0803D8@SERVERNAME.localdomain>
postfix/bounce[2526336]: 51D0F803D6: sender non-delivery notification: 553E0803D8
postfix/qmgr[2526323]: 553E0803D8: from=<>, size=2734, nrcpt=1 (queue active)

Regards,

[dilberts_left_nut]

it is not detecting the realyhost

Code: Select all

 relay=none

It's not using a relayhost, but attempting direct delivery.

Code: Select all

Host or domain name not found. Name service error for name=emaildomain.com type=A: Host found but no data record of requested type)

Looks like your problem is DNS, either the records of emaildomain.com, or your local resolver.

[Ense]

Why is not using relay if is in main.cf ?

emaildomain.com is not a DNS zone and you cant resolve it, but we can use it on this server without smtp authenticacion and in another servers with outlook for example

[dilberts_left_nut]

Why is not using relay if is in main.cf ?

Probably because you have:

Code: Select all

mydestination = ...., emaildomain.com

[Ense]

Why is not using relay if is in main.cf ?

Probably because you have:

Code: Select all

mydestination = ...., emaildomain.com

I have removed it and still use relay local, i have also commented mydestination line to test.

[dilberts_left_nut]

Ok, so how about

Code: Select all

postconf -n

and logs from sending to a real address and then your 'special' one.

[Ense]

Ok, so how about

Code: Select all

postconf -n

and logs from sending to a real address and then your 'special' one.

Hello again, let me explain a little better:

Im on a nagios server, im trying to configure it to send mail alerts througt the relay server > smtp.domain1.com

Now i have this main.cf:

Code: Select all

# See /usr/share/postfix/main.cf.dist for a commented, more complete version

# Debian specific:  Specifying a file name will cause the first
# line of that file to be used as the name.  The Debian default
# is /etc/mailname.
#myorigin = /etc/mailname

smtpd_banner = $myhostname ESMTP $mail_name (Debian/GNU)
biff = no

# appending .domain is the MUA's job.
append_dot_mydomain = no

# Uncomment the next line to generate "delayed mail" warnings
#delay_warning_time = 4h

readme_directory = no

# See http://www.postfix.org/COMPATIBILITY_README.html -- default to 2 on
# fresh installs.
compatibility_level = 2

# TLS parameters
# smtpd_tls_cert_file=/etc/ssl/certs/ssl-cert-snakeoil.pem
# smtpd_tls_key_file=/etc/ssl/private/ssl-cert-snakeoil.key
# smtpd_tls_security_level=may
# smtp_tls_CApath=/etc/ssl/certs
# smtp_tls_security_level=may
# smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache

# smtpd_relay_restrictions = permit_mynetworks permit_sasl_authenticated defer_unauth_destination
# myhostname = Servername
alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases
# myorigin = /etc/mailname
mydestination = $myhostname, Servername, localhost
relayhost = [smtp.domain1.com]:portused
smtp_use_tls = yes
smtp_sasl_auth_enable = yes
smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd
# smtp_tls_CAfile = /etc/ssl/certs/ca-bundle.crt
smtp_sasl_security_options = noanonymous
smtp_sasl_tls_security_options = noanonymous
mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128 ourIPrange
mailbox_command = procmail -a "$EXTENSION"
mailbox_size_limit = 0
recipient_delimiter = +
inet_interfaces = all
inet_protocols = all

This is postconf -n

Code: Select all

root@servername:/etc/postfix# postconf -n
alias_database = hash:/etc/aliases
alias_maps = hash:/etc/aliases
append_dot_mydomain = no
biff = no
compatibility_level = 2
inet_interfaces = all
inet_protocols = all
mailbox_command = procmail -a "$EXTENSION"
mailbox_size_limit = 0
mydestination = $myhostname, servername, localhost
mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128 ourIPrange
readme_directory = no
recipient_delimiter = +
relayhost = [smtp.domain1.com]:portused
smtp_sasl_auth_enable = yes
smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd
smtp_sasl_security_options = noanonymous
smtp_sasl_tls_security_options = noanonymous
smtp_use_tls = yes
smtpd_banner = $myhostname ESMTP $mail_name (Debian/GNU)

And now i got this error:

Code: Select all

postfix/qmgr[3326557]: B14A1803DA: from=<root@servername.localdomain>, size=453, nrcpt=1 (queue active)
postfix/smtp[3326569]: warning: SASL authentication failure: No worthy mechs found
postfix/smtp[3326569]: B14A1803DA: to=<destinationmail@emaildomain.com>, relay=smtp.domain1.com[smtpIP]:portused, delay=0.07, delays=0.01/0.01/0.05/0, dsn=4.7.0, status=deferred (SASL authentication failed; cannot authenticate to server smtp.domain1.com[smtpIP]: no mechanism available)

I'm seeing https://forum.howtoforge.com/threads/so ... ver.53920/ thread from 2011 talking about libsasl2-modules, I guess my debian already has that library installed, I'm going to try to install it anyway.

EDIT: i got this one
ldconfig -p | grep libsasl2
libsasl2.so.2 (libc6,x86-64) => /lib/x86_64-linux-gnu/libsasl2.so.2

Thanks a lot !

[dilberts_left_nut]

So now you are getting a different error - what did you change?

What auth mechs is the server offering?
Can you send mail using those credentials with a regular mail client?

[Ense]

So now you are getting a different error - what did you change?

What auth mechs is the server offering?
Can you send mail using those credentials with a regular mail client?

I have only commented on these lines "myorigin" and "smtp_tls_CAfile".
I dont know what auth methods use the mail server, im going to ask them.
Yes, i can send test mail with powershell for example, user/password are correct.

Im looking this article > https://wiki.debian.org/PostfixAndSASL
But i dont know what i must configurate to use and external relay as in my case.

EDIT: Installing package sasl2-bin works correctly, problem solved.

Many thanks for your help

[dilberts_left_nut]

This:
https://wiki.debian.org/PostfixAndSASL# ... MTP_client