[Postfix-es] problema de auth con relay

Mar Mayo 8 07:47:51 CEST 2007

El Martes, 8 de Mayo de 2007 a las 03:53, Maxnux escribió:
> Hola a ver si alguien me puede ayudar con esto
>  Estoy configurando un postfix para que haga relay atraves de un isp (
> fibertel para los que sean de argentina) este requiere autentificacion
> usando de http://www.postfix.org/SASL_README.html#client_sasl
> Puse esto
>
>     /etc/postfix/main.cf <http://www.postfix.org/postconf.5.html>:
>         smtp_sasl_auth_enable
> <http://www.postfix.org/postconf.5.html#smtp_sasl_auth_enable> = yes
> smtp_sasl_password_maps
> <http://www.postfix.org/postconf.5.html#smtp_sasl_password_maps> =
> hash:/etc/postfix/sasl_passwd smtp_sasl_type
> <http://www.postfix.org/postconf.5.html#smtp_sasl_type> = cyrus
> smtp_sasl_security_options
> <http://www.postfix.org/postconf.5.html#smtp_sasl_security_options> =
> noanonymous
>
>
>     /etc/postfix/sasl_passwd:
>
>         [smtp.fibertel.com.ar] username:password
>
>
> y sale este error
>
> May  7 22:22:48 mail postfix/qmgr[11953]: B1C4C29C7: from=<root en mail>,
> size=427, nrcpt=1 (queue active)
> May  7 22:22:49 mail postfix/smtp[12291]: warning: SASL authentication
> failure: No worthy mechs found
> May  7 22:22:49 mail postfix/smtp[12292]: warning: SASL authentication
> failure: No worthy mechs found
> May  7 22:22:49 mail postfix/smtp[12292]: B1C4C29C7:
> to=<test en dominio.com>, relay=smtp.fibertel.com.ar[24.232.0.227],
> delay=11804, status=deferred (Authentication failed: cannot SASL
> authenticate to server smtp.fibertel.com.ar[24.232.0.227]: no mechanism
> available)
> May  7 22:22:49 mail postfix/smtp[12291]: 91D762A01:
> to=<test en dominio.com>, relay=smtp.fibertel.com.ar[24.232.0.227],
> delay=11444, status=deferred (Authentication failed: cannot SASL
> authenticate to server smtp.fibertel.com.ar[24.232.0.227]: no mechanism
> available)
>
>  El smtp de fibertel responde con esto
>
> maxnux en maxnux-n:~$ telnet smtp.fibertel.com.ar 25
> Trying 24.232.0.227...
> Connected to smtp.fibertel.com.ar.
> Escape character is '^]'.
> 220 avas-mr14.fibertel.com.ar ESMTP (NO UCE,UBE,SPAM) Alerce-MR listo
> Mon, 7 May 2007 22:41:16 -0300
> EHLO dns.liocba.com.ar
> 250-avas-mr14.fibertel.com.ar expected "EHLO cpe-6-239.bvconline.com.ar"
> 250-SIZE 10485760
> 250-8BITMIME
> 250-PIPELINING
> 250-CHUNKING
> 250-ENHANCEDSTATUSCODES
> 250-DSN
> 250-AUTH=LOGIN
> 250-AUTH LOGIN
> 250 HELP
>
> alguna idea por que da ese error ???
>
>
> root en mail:/home/admin_remoto# postconf -n
> alias_database = hash:/etc/postfix/aliases
> alias_maps = hash:/etc/postfix/aliases
> body_checks = regexp:/etc/postfix/body_checks
> command_directory = /usr/sbin
> config_directory = /etc/postfix
> daemon_directory = /usr/lib/postfix
> debug_peer_level = 2
> disable_vrfy_command = yes
> header_checks = regexp:/etc/postfix/header_checks
> home_mailbox = Maildir/
> html_directory = /usr/doc/postfix-2.2.10/html
> inet_interfaces = all
> local_recipient_maps = unix:passwd.byname $alias_maps
> mail_owner = postfix
> mailq_path = /usr/bin/mailq.postfix
> manpage_directory = /usr/man
> message_size_limit = 5120000
> mydestination = $myhostname, localhost.$mydomain, localhost, $mydomain
> myhostname = mail.local.com.ar
> mynetworks = 192.168.0.0/24, 127.0.0.0/8
> newaliases_path = /usr/bin/newaliases.postfix
> queue_directory = /var/spool/postfix
> readme_directory = /usr/doc/postfix-2.2.10/readme
> relayhost = [smtp.fibertel.com.ar]
> sample_directory = /usr/doc/postfix-2.2.10/samples
> sendmail_path = /usr/sbin/sendmail.postfix
> setgid_group = postdrop
> smtp_sasl_auth_enable = yes
> smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd
> smtpd_data_restrictions = reject_unauth_pipelining,    permit
> smtpd_helo_required = yes
> smtpd_helo_restrictions = permit_mynetworks,     reject_invalid_hostname
> smtpd_recipient_restrictions = reject_non_fqdn_sender,
> reject_non_fqdn_recipient,    reject_unknown_sender_domain,
> reject_unknown_recipient_domain,    reject_unauth_pipelining,
> permit_mynetworks,    reject_invalid_hostname,
> reject_non_fqdn_hostname,    reject_unauth_destination,
> reject_rbl_client relays.mail-abuse.org,    reject_rbl_client
> list.dsbl.org,    reject_rbl_client sbl.spamhaus.org,
> reject_rbl_client cbl.abuseat.org,    reject_rbl_client
> dul.dnsbl.sorbs.net,    reject_rbl_client web.dnsbl.sorbs.net,
> reject_rbl_client dialups.mail-abuse.net,    permit
> unknown_local_recipient_reject_code = 550
>
> _______________________________________________
> List de correo Postfix-es para tratar temas del MTA postfix en espaÃ±ol
> Postfix-es en lists.wl0.org
> http://lists.wl0.org/mailman/listinfo/postfix-es

Parece ser que el servidor de fibertel solamente te ofrece AUTH LOGIN. 
Comprueba qué tienes configurado en los siguientes parámetros:
smtp_sasl_mechanism_filter
smtp_sasl_security_options

Por defecto, smtp_sasl_mechanism_filter estará vacío, por tanto no creo que 
sea éste el que te esté molestando. En cambio, si ejecutas:
	postconf smtp_sasl_security_options
si no lo has cambiado valdrá:
	smtp_sasl_security_options = noplaintext, noanonymous

Eso significa que estás rechazando los métodos de autentificación en texto 
claro, es decir, LOGIN y PLAIN. Lo puedes dejar así:
	smtp_sasl_security_options = noanonymous
Supongo que te funcionará.

Más información en 
http://www.postfix.org/postconf.5.html#smtp_sasl_security_options