Re: postfix smpt auth no worthy mechs found

To: "netbsd-users" <netbsd-users%NetBSD.org@localhost>
Subject: Re: postfix smpt auth no worthy mechs found
From: queshaw%sonic.net@localhost
Date: Thu, 27 Jan 2011 19:48:58 -0800

>> Hi,
>>
>> After reading documentation and posts about this common error message, I
>> have not found a solution.
>>
>> I am running netbsd 5.1 on x86. I want to send mail through a relay host
>> (comcast). So, I have installed postfix and saslauthd from pkgsrc with
>> sasl and tls options.
>>
>> But, when sending mail I get:
>>
>> setting up TLS connection to smtp.comcast.net[76.96.30.117]:587
>> Trusted TLS connection established to
>> smtp.comcast.net[76.96.30.117]:587:
>> TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)
>> warning: SASL authentication failure: No worthy mechs found
>> ... (SASL authentication failed; cannot authenticate to server
>> smtp.comcast.net[76.96.30.117]: no mechanism available)
>>
>> /usr/pkg/sbin/saslauthd -d -a getpwent:
>>
>> saslauthd[9096] :main            : num_procs  : 5
>> saslauthd[9096] :main            : mech_option: NULL
>> saslauthd[9096] :main            : run_path   : /var/run/saslauthd
>> saslauthd[9096] :main            : auth_mech  : getpwent
>> saslauthd[9096] :ipc_init        : using accept lock file:
>> /var/run/saslauthd/mux.accept
>> saslauthd[9096] :detach_tty      : master pid is: 0
>> saslauthd[9096] :ipc_init        : listening on socket:
>> /var/run/saslauthd/mux
>> saslauthd[9096] :main            : using process model
>> saslauthd[9096] :have_baby       : forked child: 11511
>> saslauthd[11511] :get_accept_lock : acquired accept lock
>> saslauthd[9096] :have_baby       : forked child: 9988
>> saslauthd[9096] :have_baby       : forked child: 9312
>> saslauthd[9096] :have_baby       : forked child: 4148
>>
>> /usr/pkg/sbin/postconf -n:
>>
>> broken_sasl_auth_clients = yes
>> command_directory = /usr/pkg/sbin
>> config_directory = /usr/pkg/etc/postfix
>> daemon_directory = /usr/pkg/libexec/postfix
>> data_directory = /var/db/postfix
>> debug_peer_level = 2
>> html_directory = no
>> inet_interfaces = all
>> inet_protocols = all
>> mail_owner = postfix
>> mailq_path = /usr/pkg/bin/mailq
>> manpage_directory = /usr/pkg/man
>> myhostname = neti
>> mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128
>> myorigin = /etc/mailname
>> newaliases_path = /usr/pkg/bin/newaliases
>> queue_directory = /var/spool/postfix
>> readme_directory = /usr/pkg/share/doc/postfix
>> relayhost = smtp.comcast.net:587
>> sample_directory = /usr/pkg/share/examples/postfix
>> sendmail_path = /usr/pkg/sbin/sendmail
>> setgid_group = maildrop
>> smtp_enforce_tls = no
>> smtp_sasl_auth_enable = yes
>> smtp_sasl_password_maps = hash:/usr/pkg/etc/postfix/sasl_passwd
>> smtp_sasl_security_options = noanonymous, noplaintext
>> smtp_sasl_tls_security_options = noanonymous
>> smtp_tls_CAfile = /etc/ssl/certs/comcast.pem
>> smtp_tls_loglevel = 1
>> smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
>> smtp_use_tls = yes
>> unknown_local_recipient_reject_code = 550
>>
>> /etc/ssl/certs:
>>
>> lrwxr-xr-x  1 root  wheel    55 Jan 27 07:54 comcast.pem -> Class 3
>> Public
>> Primary Certification Authority - G2.pem
>>
>> /usr/pkg/lib/sasl2/smtpd.conf:
>>
>> pwcheck_method: saslauthd
>> mech_list: PLAIN LOGIN
>>
>> Do you have any advice, other than keep reading?
>>
>> Kendall
>
> Hello,
>
> I believe the smtpd.conf file is used for clients authenticating to your
> server, not for your server authenticating to another server.
>
> /usr/pkg/lib/sasl2/smtpd.conf:
>
> pwcheck_method: saslauthd
> mech_list: PLAIN LOGIN
>
> Regardless of that, this looks promising. Something about Postfix not
> using LOGIN or PLAIN by default (because they send the password in the
> clear).
>
> http://wiki.zimbra.com/wiki/Outgoing_SMTP_Authentication

Thanks. The debug_peer_list option is like what I was hoping for, but I
still get:

> Hello,
>
> I believe the smtpd.conf file is used for clients authenticating to your
> server, not for your server authenticating to another server.
>
> /usr/pkg/lib/sasl2/smtpd.conf:
>
> pwcheck_method: saslauthd
> mech_list: PLAIN LOGIN
>
> Regardless of that, this looks promising. Something about Postfix not
> using LOGIN or PLAIN by default (because they send the password in the
> clear).
>
> http://wiki.zimbra.com/wiki/Outgoing_SMTP_Authentication

Thanks. The debug_peer_list option is like what I was hoping for. I still
get:

maps_find: smtp_sasl_passwd: smtp.comcast.net: not found
maps_find: smtp_sasl_passwd:
hash:/usr/pkg/etc/postfix/sasl_passwd(0,lock|fold_fix):
smtp.comcast.net:587 = <user>:<passwd>

followed by no worthy mechs found.

So, maybe postfix won't use port 587?

Follow-Ups:
- Re: postfix smpt auth no worthy mechs found
  - From: Matthias Scheler

References:
- postfix smpt auth no worthy mechs found
  - From: queshaw

Prev by Date: Re: installing nrpe with ssl
Next by Date: Re: mkisofs CD/DVD size question
Previous by Thread: postfix smpt auth no worthy mechs found
Next by Thread: Re: postfix smpt auth no worthy mechs found
Indexes:

Home | Main Index | Thread Index | Old Index