Discussion:
postfix relay: internal no authentication to ISP with authentication...
(too old to reply)
Andrea Buzzi
2015-10-15 10:00:54 UTC
Permalink
Hello,

I'm trying to setup a postfix smtp/smtpd service that should relay internal emails (from subnet 10.58.0.0/16) and forward to ISP's smtpd which require authentication.

In main.cf I've defined:

relayhost = [authsmtp.mic-ebc.eu]
smtp_sasl_auth_enable = yes
smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd
smtp_sasl_security_options = noanonymous
smtp_tls_security_level=

***@smtp:/etc/postfix# cat sasl_passwd
[authsmtp.mic-ebc.eu] ****user****:****pwd****
***@smtp:/etc/postfix#

and logs shows that after the "HELO smtp.mic.eu" postfix is immediately doing a "MAIL FROM" without any "AUTH" command hence the ISP's smtpd reject this saying "you must authenticate".

What am I doing wrong ?

Below the /var/log/syslog messages followed by "postconf -n" output.

Any suggestion is appreciated!
Thx

####### /var/log/syslog #################

Oct 15 11:56:02 smtp postfix/smtpd[1099]: connect from ftp.mic.eu[10.58.2.82]
Oct 15 11:56:02 smtp postfix/smtpd[1099]: 97726E0CAB: client=ftp.mic.eu[10.58.2.82]
Oct 15 11:56:02 smtp postfix/cleanup[1102]: 97726E0CAB: message-id=<freenas-***@ftp.mic.eu>
Oct 15 11:56:02 smtp postfix/qmgr[1084]: 97726E0CAB: from=<***@mic-ebc.eu>, size=506, nrcpt=1 (queue active)
Oct 15 11:56:02 smtp postfix/smtpd[1099]: disconnect from ftp.mic.eu[10.58.2.82]
Oct 15 11:56:02 smtp postfix/smtp[1103]: smtp_stream_setup: maxtime=300 enable_deadline=0
Oct 15 11:56:02 smtp postfix/smtp[1103]: vstream_buf_get_ready: fd 16 got 45
Oct 15 11:56:02 smtp postfix/smtp[1103]: < authsmtp.mic-ebc.eu[81.88.48.66]:25: 220 ***************************************
Oct 15 11:56:02 smtp postfix/smtp[1103]: name_mask: disable_esmtp
Oct 15 11:56:02 smtp postfix/smtp[1103]: name_mask: delay_dotcrlf
Oct 15 11:56:02 smtp postfix/smtp[1103]: 97726E0CAB: enabling PIX workarounds: disable_esmtp delay_dotcrlf for authsmtp.mic-ebc.eu[81.88.48.66]:25
Oct 15 11:56:02 smtp postfix/smtp[1103]: > authsmtp.mic-ebc.eu[81.88.48.66]:25: HELO smtp.mic.eu
Oct 15 11:56:02 smtp postfix/smtp[1103]: vstream_fflush_some: fd 16 flush 18
Oct 15 11:56:02 smtp postfix/smtp[1103]: vstream_buf_get_ready: fd 16 got 59
Oct 15 11:56:02 smtp postfix/smtp[1103]: < authsmtp.mic-ebc.eu[81.88.48.66]:25: 250 paganini32 hello [2.228.173.133], pleased to meet you
Oct 15 11:56:02 smtp postfix/smtp[1103]: server features: 0x31000 size 0
Oct 15 11:56:02 smtp postfix/smtp[1103]: smtp_stream_setup: maxtime=300 enable_deadline=0
Oct 15 11:56:02 smtp postfix/smtp[1103]: > authsmtp.mic-ebc.eu[81.88.48.66]:25: MAIL FROM:<***@mic-ebc.eu>
Oct 15 11:56:02 smtp postfix/smtp[1103]: smtp_stream_setup: maxtime=300 enable_deadline=0
Oct 15 11:56:02 smtp postfix/smtp[1103]: vstream_fflush_some: fd 16 flush 28
Oct 15 11:56:02 smtp postfix/smtp[1103]: vstream_buf_get_ready: fd 16 got 46
Oct 15 11:56:02 smtp postfix/smtp[1103]: < authsmtp.mic-ebc.eu[81.88.48.66]:25: 550 5.1.0 <***@mic-ebc.eu> must authenticate
Oct 15 11:56:02 smtp postfix/smtp[1103]: connect to subsystem private/bounce
Oct 15 11:56:02 smtp postfix/smtp[1103]: send attr nrequest = 0
Oct 15 11:56:02 smtp postfix/smtp[1103]: send attr flags = 0
Oct 15 11:56:02 smtp postfix/smtp[1103]: send attr queue_id = 97726E0CAB
Oct 15 11:56:02 smtp postfix/smtp[1103]: send attr original_recipient = mic-***@cisco.com
Oct 15 11:56:02 smtp postfix/smtp[1103]: send attr recipient = mic-***@cisco.com
Oct 15 11:56:02 smtp postfix/smtp[1103]: send attr offset = 593
Oct 15 11:56:02 smtp postfix/smtp[1103]: send attr dsn_orig_rcpt = rfc822;mic-***@cisco.com
Oct 15 11:56:02 smtp postfix/smtp[1103]: send attr notify_flags = 0
Oct 15 11:56:02 smtp postfix/smtp[1103]: send attr status = 5.1.0
Oct 15 11:56:02 smtp postfix/smtp[1103]: send attr diag_type = smtp
Oct 15 11:56:02 smtp postfix/smtp[1103]: send attr diag_text = 550 5.1.0 <***@mic-ebc.eu> must authenticate
Oct 15 11:56:02 smtp postfix/smtp[1103]: send attr mta_type = dns
Oct 15 11:56:02 smtp postfix/smtp[1103]: send attr mta_mname = authsmtp.mic-ebc.eu
Oct 15 11:56:02 smtp postfix/smtp[1103]: send attr action = failed
Oct 15 11:56:02 smtp postfix/smtp[1103]: send attr reason = host authsmtp.mic-ebc.eu[81.88.48.66] said: 550 5.1.0 <***@mic-ebc.eu> must authenticate (in reply to MAIL FROM command)
Oct 15 11:56:02 smtp postfix/smtp[1103]: vstream_fflush_some: fd 17 flush 444
Oct 15 11:56:02 smtp postfix/smtp[1103]: vstream_buf_get_ready: fd 17 got 10
Oct 15 11:56:02 smtp postfix/smtp[1103]: private/bounce socket: wanted attribute: status
Oct 15 11:56:02 smtp postfix/smtp[1103]: input attribute name: status
Oct 15 11:56:02 smtp postfix/smtp[1103]: input attribute value: 0
Oct 15 11:56:02 smtp postfix/smtp[1103]: private/bounce socket: wanted attribute: (list terminator)
Oct 15 11:56:02 smtp postfix/smtp[1103]: input attribute name: (end)
Oct 15 11:56:02 smtp postfix/smtp[1103]: 97726E0CAB: to=<mic-***@cisco.com>, relay=authsmtp.mic-ebc.eu[81.88.48.66]:25, delay=0.1, delays=0.01/0/0.07/0.02, dsn=5.1.0, status=bounced (host authsmtp.mic-ebc.eu[81.88.48.66] said: 550 5.1.0 <***@mic-ebc.eu> must authenticate (in reply to MAIL FROM command))



####### postconf -n ####################

***@smtp:/etc/postfix# postconf -n
alias_database = hash:/etc/aliases
alias_maps = hash:/etc/aliases
append_dot_mydomain = no
biff = no
config_directory = /etc/postfix
debug_peer_level = 3
debug_peer_list = authsmtp.mic-ebc.eu
inet_interfaces = all
inet_protocols = all
mailbox_size_limit = 0
mydestination = mic-ebc.eu, smtp.mic.eu, localhost.mic.eu, localhost
myhostname = smtp.mic.eu
mynetworks = 10.58.0.0/16
myorigin = /etc/mailname
readme_directory = no
recipient_delimiter = +
relayhost = [authsmtp.mic-ebc.eu]
smtp_sasl_auth_enable = yes
smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd
smtp_sasl_security_options = noanonymous
smtp_tls_security_level =
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
smtpd_banner = $myhostname ESMTP $mail_name (Ubuntu)
smtpd_relay_restrictions = permit_mynetworks permit_sasl_authenticated defer_unauth_destination
smtpd_tls_cert_file = /etc/ssl/certs/ssl-cert-snakeoil.pem
smtpd_tls_key_file = /etc/ssl/private/ssl-cert-snakeoil.key
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
smtpd_use_tls = yes
***@smtp:/etc/postfix#
Andrea Buzzi
2015-10-16 15:49:11 UTC
Permalink
Post by Andrea Buzzi
Hello,
....
any idea/suggestion ?

Thx!
Andrea Buzzi
2015-10-23 15:21:08 UTC
Permalink
still no answers... nobody has suggestions ?

Thx!
a***@gmail.com
2016-04-08 14:27:31 UTC
Permalink
Hi!
Do you find a solution?
I have exactly the same problem...

Thanks, Alexey
a***@gmail.com
2018-02-19 09:11:51 UTC
Permalink
I have found solution. The issue is in smtp_pix_workarounds (which is default: disable_esmtp, delay_dotcrlf). I changed it to smtp_pix_workarounds = delay_dotcrlf.
Loading...