[postfix-es] Problema autenticación SMTP Postfix 2.10.1.

Jose Alberto j.sejo1 en gmail.com
Mie Mayo 27 00:24:36 CEST 2015 

RoundCube u otros Webmail no autentican debido que van como 127.0.0.1, al
menos que el webmail este en servidor A y el smtp en el servidor B. alli si
tendrias que autenticar.

Prueba primero solo SASL sin TLS.

Prueba esto en tu main.cf

*#Parametros para SASL (SMTP Autenticado)*
smtpd_sasl_auth_enable = yes
smtpd_sasl_security_options = noanonymous
smtpd_sasl_local_domain =
broken_sasl_auth_clients = yes
smtpd_helo_required = yes
disable_vrfy_command = no

*# Listas de Control de Acceso:*
*smtpd_helo_restrictions =*
permit_mynetworks,
permit_sasl_authenticated,
reject_invalid_helo_hostname,
reject_non_fqdn_helo_hostname

*smtpd_sender_restrictions =*
reject_non_fqdn_sender,
reject_unknown_sender_domain,
permit_mynetworks,
permit_sasl_authenticated

*smtpd_recipient_restrictions =*
reject_non_fqdn_recipient,
reject_unknown_recipient_domain,

permit_mynetworks,
permit_sasl_authenticated,
reject_unauth_destination,
reject_unlisted_recipient,
permit

*smtpd_data_restrictions =*
reject_multi_recipient_bounce,
reject_unauth_pipelining


ref: https://jpertuz.wordpress.com/postfix-smtp-autenticado-con-sasl/





On Tue, May 26, 2015 at 9:10 AM, Wilmer Arambula <
tecnologiaterabyte en gmail.com> wrote:

> Tengo problemas para autenticar desde thunderbird en SMTP, pero si envio
> desde rouncubemail, anexo config.
>
> Main.cf:
>
> # ------------------------- SASL PART START -------------------------
> broken_sasl_auth_clients = yes
> smtpd_helo_required = yes
> smtpd_sasl_auth_enable = yes
> smtpd_sasl_local_domain = $myhostname
> smtpd_sasl_security_options = noanonymous
> smtpd_sasl_tls_security_options = $smtpd_sasl_security_options
> smtpd_sasl_type = dovecot
> # Can be an absolute path, or relative to $queue_directory
> smtpd_sasl_path = private/auth
> # -------------------------- SASL PART END --------------------------
>
> # -------------------------- TLS PART START -------------------------
> smtpd_use_tls = yes
> smtpd_tls_auth_only = yes
> smtpd_tls_cert_file = /etc/pki/tls/certs/server.example.crt
> smtpd_tls_key_file = /etc/pki/tls/certs/server.example.key
> smtpd_tls_mandatory_protocols = !SSLv2,!SSLv3
> smtpd_tls_received_header = yes
> smtpd_tls_loglevel = 1
> tls_random_source = dev:/dev/urandom
> # --------------------------- TLS PART END --------------------------
>
> # ------------------ SMTPD RESTRICTIONS PART START ------------------
> disable_vrfy_command = yes
> non_fqdn_reject_code = 450
> invalid_hostname_reject_code = 450
> maps_rbl_reject_code = 450
> unverified_sender_reject_code = 550
> #header_checks = pcre:$config_directory/header_checks
> #body_checks = pcre:$config_directory/body_checks
> #warning: the restrictions reject_unknown_(sender|recipient)_domain
> #will trigger if your DNS becomes unavailable
> smtpd_recipient_restrictions =
> permit_mynetworks
> permit_sasl_authenticated
> reject_unauth_destination
> reject_invalid_helo_hostname
> warn_if_reject reject_non_fqdn_helo_hostname
> warn_if_reject reject_unknown_helo_hostname
> warn_if_reject reject_unknown_client
> reject_non_fqdn_sender
> reject_non_fqdn_recipient
> reject_unknown_sender_domain
> reject_unknown_recipient_domain
> check_client_access hash:$config_directory/rbl_override
> reject_rbl_client zen.spamhaus.org
> reject_rbl_client bl.spamcop.net
> reject_rbl_client dnsbl.sorbs.net=127.0.0.2
> reject_rbl_client dnsbl.sorbs.net=127.0.0.3
> reject_rbl_client dnsbl.sorbs.net=127.0.0.4
> reject_rbl_client dnsbl.sorbs.net=127.0.0.5
> reject_rbl_client dnsbl.sorbs.net=127.0.0.7
> reject_rbl_client dnsbl.sorbs.net=127.0.0.9
> reject_rbl_client dnsbl.sorbs.net=127.0.0.11
> reject_rbl_client dnsbl.sorbs.net=127.0.0.12
> permit_mx_backup
>
> smtpd_data_restrictions =
> permit_mynetworks
> reject_unauth_pipelining
> reject_multi_recipient_bounce
>
> smtpd_client_new_tls_session_rate_limit = 5
> anvil_rate_time_unit = 60s
>
> smtpd_client_message_rate_limit=50
> anvil_rate_time_unit = 60s
> # ------------------- SMTPD RESTRICTIONS PART END --------------------
>
>
> Error Log:
>
> 2015 May 26 09:37:30 postfix/smtps/smtpd[20936]: warning: TLS library
> problem: 20936:error:140A1175:SSL
> routines:SSL_BYTES_TO_CIPHER_LIST:inappropriate fallback:ssl_lib.c:1496:
>
> Gracias de Antemano por la ayuda,
>
> Saludos,
>
> Nota: Por si acaso le quite la frase de proteccion al archivo .key ya que
> lei que postfix no soportaba la misma.
>
>
> --
> *Wilmer Arambula. *
>
> _______________________________________________
> List de correo postfix-es para tratar temas del MTA postfix en español
> postfix-es en lists.wl0.org
> http://lists.wl0.org/mailman/listinfo/postfix-es
>



-- 
#############################
#   Sistema Operativo: Debian      #
#        Caracas, Venezuela          #
#############################
------------ próxima parte ------------
Se ha borrado un adjunto en formato HTML...
URL: <http://lists.wl0.org/pipermail/postfix-es/attachments/20150526/2640cacd/attachment-0001.html>

Más información sobre la lista de distribución postfix-es