Discussion:
SMTP authentication not working (but works via telnet)
(too old to reply)
t***@zaph.org
2009-07-16 22:19:53 UTC
Permalink
I have to relay my mail through an SMTP server that uses authentication.

I think I have Postfix configured correctly, but messages I send out get
queued with this error:

90EC0137A88 337 Thu Jul 16 19:12:09 ***@myhostname.foocorp.net
(SASL authentication failed; cannot authenticate to server
smtp.foocorp.net[10.1.1.2]: generic failure) ***@example.org

And the logs say this:

Jul 16 15:12:09 myhostname postfix/pickup[51310]: 90EC0137A88: uid=2124367927 from=<username>
Jul 16 15:12:09 myhostname postfix/cleanup[51312]: 90EC0137A88: message-id=<***@myhostname.foocorp.net>
Jul 16 15:12:09 myhostname postfix/qmgr[51311]: 90EC0137A88: from=<***@myhostname.foocorp.net>, size=337, nrcpt=1 (queue active)
Jul 16 15:12:09 myhostname postfix/smtp[51314]: warning: SASL authentication failure: GSSAPI Error: Unspecified GSS failure. Minor code may provide more information (No credentials cache found)
Jul 16 15:12:09 myhostname postfix/smtp[51314]: 90EC0137A88: to=<***@exmaple.org>, relay=smtp.foocorp.net[10.1.1.2]:25, delay=0.02, delays=0.01/0/0.01/0, dsn=4.7.0, s tatus=deferred (SASL authentication failed; cannot authenticate to server smtp.foocorp.net[10.1.1.2]: generic failure)

My username and password is correct, I have verified this by telnetting
into the SMTP box in question (an Exchange box) and was successfully
able to send an email to the outside world.

The only thing that I can think that could be wrong is that my password
contains a comma and a bang (exclamation point). When I telnetted into
the SMTP server, I had to supply a base64 encoded username and password,
but in the sasl password map, the password is not quoted or escaped in
any way.

This is what it looks like:

$ cat sasl_passwd
smtp.foocorp.net username:password,withcomma!andbang
$ postmap -s /etc/postfix/sasl_passwd
smtp.foocorp.net username:password,withcomma!andbang

Here is the output of postconf -n:

command_directory = /usr/sbin
config_directory = /etc/postfix
daemon_directory = /usr/libexec/postfix
debug_peer_level = 2
html_directory = no
inet_interfaces = loopback-only
mail_owner = _postfix
mailq_path = /usr/bin/mailq
manpage_directory = /usr/share/man
message_size_limit = 10485760
mydomain = $myhostname
mydomain_fallback = localhost
myhostname = myhostname.foocorp.net
mynetworks_style = host
myorigin = $mydomain
newaliases_path = /usr/bin/newaliases
queue_directory = /private/var/spool/postfix
readme_directory = /usr/share/doc/postfix
relayhost = smtp.foocorp.net
sample_directory = /usr/share/doc/postfix/examples
sendmail_path = /usr/sbin/sendmail
setgid_group = _postdrop
smtp_sasl_auth_enable = yes
smtp_sasl_mechanism_filter = login
smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd
smtp_sasl_security_options =
unknown_local_recipient_reject_code = 550

Any help appreciated.

thanks,
Thomas
Patrick Ben Koetter
2009-07-16 22:47:33 UTC
Permalink
Post by t***@zaph.org
I have to relay my mail through an SMTP server that uses authentication.
I think I have Postfix configured correctly, but messages I send out get
(SASL authentication failed; cannot authenticate to server
Jul 16 15:12:09 myhostname postfix/pickup[51310]: 90EC0137A88: uid=2124367927 from=<username>
Jul 16 15:12:09 myhostname postfix/smtp[51314]: warning: SASL authentication failure: GSSAPI Error: Unspecified GSS failure. Minor code may provide more information (No credentials cache found)
The server offers GSSAPI (Kerberos) and your Postfix client (better: Cyrus
SASL providing authentication service to Postfix) was not configured to handle
GSSAPI.

a) configure it to handle GSSAPI
b) forget that and set $smtp_sasl_mechanism_filter to filter GSSAPI away and
choose from the remaining mechanisms.

See also:
man 5 postconf | less +/^smtp_sasl_mechanism_filter
Post by t***@zaph.org
My username and password is correct, I have verified this by telnetting
into the SMTP box in question (an Exchange box) and was successfully
able to send an email to the outside world.
The only thing that I can think that could be wrong is that my password
contains a comma and a bang (exclamation point). When I telnetted into
the SMTP server, I had to supply a base64 encoded username and password,
but in the sasl password map, the password is not quoted or escaped in
any way.
$ cat sasl_passwd
smtp.foocorp.net username:password,withcomma!andbang
$ postmap -s /etc/postfix/sasl_passwd
smtp.foocorp.net username:password,withcomma!andbang
command_directory = /usr/sbin
config_directory = /etc/postfix
daemon_directory = /usr/libexec/postfix
debug_peer_level = 2
html_directory = no
inet_interfaces = loopback-only
mail_owner = _postfix
mailq_path = /usr/bin/mailq
manpage_directory = /usr/share/man
message_size_limit = 10485760
mydomain = $myhostname
mydomain_fallback = localhost
myhostname = myhostname.foocorp.net
mynetworks_style = host
myorigin = $mydomain
newaliases_path = /usr/bin/newaliases
queue_directory = /private/var/spool/postfix
readme_directory = /usr/share/doc/postfix
relayhost = smtp.foocorp.net
sample_directory = /usr/share/doc/postfix/examples
sendmail_path = /usr/sbin/sendmail
setgid_group = _postdrop
smtp_sasl_auth_enable = yes
smtp_sasl_mechanism_filter = login
smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd
smtp_sasl_security_options =
unknown_local_recipient_reject_code = 550
Any help appreciated.
thanks,
Thomas
--
All technical answers asked privately will be automatically answered on
the list and archived for public access unless privacy is explicitely
required and justified.

saslfinger (debugging SMTP AUTH):
<http://postfix.state-of-mind.de/patrick.koetter/saslfinger/>
Loading...