[Fwd: Re: [Postfix-es] problema de auth con relay]

Maxnux maxnux en yahoo.com.ar
Mar Mayo 8 21:11:17 CEST 2007 

va de nuevo

root en mail:/var/log# postconf -n
alias_database = hash:/etc/postfix/aliases
alias_maps = hash:/etc/postfix/aliases
body_checks = regexp:/etc/postfix/body_checks
command_directory = /usr/sbin
config_directory = /etc/postfix
daemon_directory = /usr/lib/postfix
debug_peer_level = 5
disable_vrfy_command = yes
header_checks = regexp:/etc/postfix/header_checks
home_mailbox = Maildir/
html_directory = /usr/doc/postfix-2.2.10/html
inet_interfaces = all
local_recipient_maps = unix:passwd.byname $alias_maps
mail_owner = postfix
mailq_path = /usr/bin/mailq.postfix
manpage_directory = /usr/man
message_size_limit = 5120000
mydestination = $myhostname, localhost.$mydomain, localhost, $mydomain
myhostname = mail.local.com.ar
mynetworks = 192.168.0.0/24, 127.0.0.0/8
newaliases_path = /usr/bin/newaliases.postfix
queue_directory = /var/spool/postfix
readme_directory = /usr/doc/postfix-2.2.10/readme
relayhost = [smtp.fibertel.com.ar]
sample_directory = /usr/doc/postfix-2.2.10/samples
sendmail_path = /usr/sbin/sendmail.postfix
setgid_group = postdrop
smtp_sasl_auth_enable = yes
smtp_sasl_mechanism_filter =
smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd
smtpd_data_restrictions = reject_unauth_pipelining,    permit
smtpd_helo_required = yes
smtpd_helo_restrictions = permit_mynetworks,     reject_invalid_hostname
smtpd_recipient_restrictions = reject_non_fqdn_sender,    
reject_non_fqdn_recipient,    reject_unknown_sender_domain,    
reject_unknown_recipient_domain,    reject_unauth_pipelining,    
permit_mynetworks,    reject_invalid_hostname,    
reject_non_fqdn_hostname,    reject_unauth_destination,    
reject_rbl_client relays.mail-abuse.org,    reject_rbl_client 
list.dsbl.org,    reject_rbl_client sbl.spamhaus.org,    
reject_rbl_client cbl.abuseat.org,    reject_rbl_client 
dul.dnsbl.sorbs.net,    reject_rbl_client web.dnsbl.sorbs.net,    
reject_rbl_client dialups.mail-abuse.net,    permit
unknown_local_recipient_reject_code = 550

Miguel Angel Tormo wrote:
> El Martes, 8 de Mayo de 2007 a las 07:47, Miguel Angel Tormo escribió:
>   
>> El Martes, 8 de Mayo de 2007 a las 03:53, Maxnux escribió:
>>     
>>> Hola a ver si alguien me puede ayudar con esto
>>>  Estoy configurando un postfix para que haga relay atraves de un isp (
>>> fibertel para los que sean de argentina) este requiere autentificacion
>>> usando de http://www.postfix.org/SASL_README.html#client_sasl
>>> Puse esto
>>>
>>>     /etc/postfix/main.cf <http://www.postfix.org/postconf.5.html>:
>>>         smtp_sasl_auth_enable
>>> <http://www.postfix.org/postconf.5.html#smtp_sasl_auth_enable> = yes
>>> smtp_sasl_password_maps
>>> <http://www.postfix.org/postconf.5.html#smtp_sasl_password_maps> =
>>> hash:/etc/postfix/sasl_passwd smtp_sasl_type
>>> <http://www.postfix.org/postconf.5.html#smtp_sasl_type> = cyrus
>>> smtp_sasl_security_options
>>> <http://www.postfix.org/postconf.5.html#smtp_sasl_security_options> =
>>> noanonymous
>>>       
> OK, no me había fijado en esto. Tienes esta opción bien configurada, comprueba 
> qué tienes en smtp_sasl_mechanism_filter.
> Por otro lado, la salida de postconf -n no cuadra aparentemente con lo que 
> dices que has puesto... ¿Has probado a recargar la configuración (postfix 
> reload)?
> Y si puedes pegar la salida de 'postconf' en lugar de 'postconf -n', mejor, ya 
> que dependiendo de la versión de postfix, distribución, etc, los valores por 
> defecto pueden ser diferentes.
>
>   
>>>     /etc/postfix/sasl_passwd:
>>>
>>>         [smtp.fibertel.com.ar] username:password
>>>
>>>
>>> y sale este error
>>>
>>> May  7 22:22:48 mail postfix/qmgr[11953]: B1C4C29C7: from=<root en mail>,
>>> size=427, nrcpt=1 (queue active)
>>> May  7 22:22:49 mail postfix/smtp[12291]: warning: SASL authentication
>>> failure: No worthy mechs found
>>> May  7 22:22:49 mail postfix/smtp[12292]: warning: SASL authentication
>>> failure: No worthy mechs found
>>> May  7 22:22:49 mail postfix/smtp[12292]: B1C4C29C7:
>>> to=<test en dominio.com>, relay=smtp.fibertel.com.ar[24.232.0.227],
>>> delay=11804, status=deferred (Authentication failed: cannot SASL
>>> authenticate to server smtp.fibertel.com.ar[24.232.0.227]: no mechanism
>>> available)
>>> May  7 22:22:49 mail postfix/smtp[12291]: 91D762A01:
>>> to=<test en dominio.com>, relay=smtp.fibertel.com.ar[24.232.0.227],
>>> delay=11444, status=deferred (Authentication failed: cannot SASL
>>> authenticate to server smtp.fibertel.com.ar[24.232.0.227]: no mechanism
>>> available)
>>>
>>>  El smtp de fibertel responde con esto
>>>
>>> maxnux en maxnux-n:~$ telnet smtp.fibertel.com.ar 25
>>> Trying 24.232.0.227...
>>> Connected to smtp.fibertel.com.ar.
>>> Escape character is '^]'.
>>> 220 avas-mr14.fibertel.com.ar ESMTP (NO UCE,UBE,SPAM) Alerce-MR listo
>>> Mon, 7 May 2007 22:41:16 -0300
>>> EHLO dns.liocba.com.ar
>>> 250-avas-mr14.fibertel.com.ar expected "EHLO cpe-6-239.bvconline.com.ar"
>>> 250-SIZE 10485760
>>> 250-8BITMIME
>>> 250-PIPELINING
>>> 250-CHUNKING
>>> 250-ENHANCEDSTATUSCODES
>>> 250-DSN
>>> 250-AUTH=LOGIN
>>> 250-AUTH LOGIN
>>> 250 HELP
>>>
>>> alguna idea por que da ese error ???
>>>
>>>
>>> root en mail:/home/admin_remoto# postconf -n
>>> alias_database = hash:/etc/postfix/aliases
>>> alias_maps = hash:/etc/postfix/aliases
>>> body_checks = regexp:/etc/postfix/body_checks
>>> command_directory = /usr/sbin
>>> config_directory = /etc/postfix
>>> daemon_directory = /usr/lib/postfix
>>> debug_peer_level = 2
>>> disable_vrfy_command = yes
>>> header_checks = regexp:/etc/postfix/header_checks
>>> home_mailbox = Maildir/
>>> html_directory = /usr/doc/postfix-2.2.10/html
>>> inet_interfaces = all
>>> local_recipient_maps = unix:passwd.byname $alias_maps
>>> mail_owner = postfix
>>> mailq_path = /usr/bin/mailq.postfix
>>> manpage_directory = /usr/man
>>> message_size_limit = 5120000
>>> mydestination = $myhostname, localhost.$mydomain, localhost, $mydomain
>>> myhostname = mail.local.com.ar
>>> mynetworks = 192.168.0.0/24, 127.0.0.0/8
>>> newaliases_path = /usr/bin/newaliases.postfix
>>> queue_directory = /var/spool/postfix
>>> readme_directory = /usr/doc/postfix-2.2.10/readme
>>> relayhost = [smtp.fibertel.com.ar]
>>> sample_directory = /usr/doc/postfix-2.2.10/samples
>>> sendmail_path = /usr/sbin/sendmail.postfix
>>> setgid_group = postdrop
>>> smtp_sasl_auth_enable = yes
>>> smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd
>>> smtpd_data_restrictions = reject_unauth_pipelining,    permit
>>> smtpd_helo_required = yes
>>> smtpd_helo_restrictions = permit_mynetworks,     reject_invalid_hostname
>>> smtpd_recipient_restrictions = reject_non_fqdn_sender,
>>> reject_non_fqdn_recipient,    reject_unknown_sender_domain,
>>> reject_unknown_recipient_domain,    reject_unauth_pipelining,
>>> permit_mynetworks,    reject_invalid_hostname,
>>> reject_non_fqdn_hostname,    reject_unauth_destination,
>>> reject_rbl_client relays.mail-abuse.org,    reject_rbl_client
>>> list.dsbl.org,    reject_rbl_client sbl.spamhaus.org,
>>> reject_rbl_client cbl.abuseat.org,    reject_rbl_client
>>> dul.dnsbl.sorbs.net,    reject_rbl_client web.dnsbl.sorbs.net,
>>> reject_rbl_client dialups.mail-abuse.net,    permit
>>> unknown_local_recipient_reject_code = 550
>>>
>>> _______________________________________________
>>> List de correo Postfix-es para tratar temas del MTA postfix en español
>>> Postfix-es en lists.wl0.org
>>> http://lists.wl0.org/mailman/listinfo/postfix-es
>>>       
>> Parece ser que el servidor de fibertel solamente te ofrece AUTH LOGIN.
>> Comprueba qué tienes configurado en los siguientes parámetros:
>> smtp_sasl_mechanism_filter
>> smtp_sasl_security_options
>>
>> Por defecto, smtp_sasl_mechanism_filter estará vacío, por tanto no creo que
>> sea éste el que te esté molestando. En cambio, si ejecutas:
>> 	postconf smtp_sasl_security_options
>> si no lo has cambiado valdrá:
>> 	smtp_sasl_security_options = noplaintext, noanonymous
>>
>> Eso significa que estás rechazando los métodos de autentificación en texto
>> claro, es decir, LOGIN y PLAIN. Lo puedes dejar así:
>> 	smtp_sasl_security_options = noanonymous
>> Supongo que te funcionará.
>>
>> Más información en
>> http://www.postfix.org/postconf.5.html#smtp_sasl_security_options
>>
>> _______________________________________________
>> List de correo Postfix-es para tratar temas del MTA postfix en espaol
>> Postfix-es en lists.wl0.org
>> http://lists.wl0.org/mailman/listinfo/postfix-es
>>     
>
>
> _______________________________________________
> List de correo Postfix-es para tratar temas del MTA postfix en español
> Postfix-es en lists.wl0.org
> http://lists.wl0.org/mailman/listinfo/postfix-es
>
>

Más información sobre la lista de distribución Postfix-es