sasl problems

[supermagnum]

Hi, none of my sent mails arrives as they should.

My setup is :
Host : mail.privatdemail.net

username : xxxxxxx@privatdemail.net

protocoll : pop3

local user: xxxxxxxx

encrypted: yes

leave copy: no

recive mail:
My setup is :

Outgoing email server (SMTP): mail.privatdemail.net

username : xxxxxxx@privatdemail.net

Use authentication: yes

Use plain text authentication: no

User: xxxxxxx@privatdemail.net

password: xxxxxxxx

setup data from : http://privatdemail.net/en/tech.php
POP3
You can use POP3 with or without SSL/TLS. Server is mail.privatdemail.net
Mode Port
no encryption 110
TLS encryption 110
SSL encryption 995


SMTP

For sending mails we provide SMTP with and without SSL/TLS on mail.privatdemail.net at following ports:
Mode Port
no encryption 25
STARTTLS 25
SSL encryption 465
Submission 587
Submission (STARTTLS) 587
You should not consider to use unencrypted SMTP. If your provider blocks port 25, you can use port 587 without any limitations.


From my mail.warn log file:
Jul 13 17:08:23 b3 postfix/smtp[25643]: warning: SASL authentication failure: No worthy mechs found
Jul 13 17:16:52 b3 postfix/smtp[25716]: warning: SASL authentication failure: No worthy mechs found
Jul 13 17:19:52 b3 postfix/smtp[25743]: warning: SASL authentication failure: No worthy mechs found
Jul 13 17:26:26 b3 postfix/smtp[25807]: warning: SASL authentication failure: No worthy mechs found
Jul 13 17:26:50 b3 postfix/smtp[25807]: warning: SASL authentication failure: No worthy mechs found
Jul 13 17:26:50 b3 postfix/smtp[25813]: warning: SASL authentication failure: No worthy mechs found

How do i solve that ?

[Ubi]

is mail.privatdemail.net a Bubba machine? If not then I have no clue what the problem seems to be. In any case you've provided waaaaayyy to little information for anyone to be any form of help.

[supermagnum]

No, its a mail server located in Mauritius.


A E mail header example :

Return-Path: <xxxxxxxxxxxx>
Received: from b3.localdomain (xxxxxxxxxxxxxx
[xx.xyz.xyz.124]) by mail27.nsc.no (8.14.4/8.14.4) with ESMTP id
p6C16r3Q013431 for <xxxxxxx@xxxxx>; Tue, 12 Jul 2011 03:06:58
+0200 (MEST) Received: by b3.localdomain (Postfix, from userid 33)
id C978C1C00E; Tue, 12 Jul 2011 02:27:31 +0200 (CEST)
Received: from 10.0.0.1 ([10.0.0.1]) by b3.local (Horde Framework) with
HTTP; Tue, 12 Jul 2011 02:27:31 +0200
Message-ID: <20110712022731.15734k30ttq69p2c@b3.local>
Date: Tue, 12 Jul 2011 02:27:31 +0200
From:xxxxxxxxxxxxx
To: xxxxxx@online.no
Subject:test
MIME-Version: 1.0
Content-Type: text/plain;
charset=UTF-8;
DelSp="Yes";
format="flowed"
Content-Disposition: inline
Content-Transfer-Encoding: 7bit
User-Agent: Dynamic Internet Messaging Program (DIMP) H3 (1.1.4)
X-Xxroufqwki: sw=gld ver=1.2 d=0s tld=no st=ok
X-XClient-IP-Addr: xx.xyz.xyz.124

In that header you can clearly spot the IP adress of somebody.
In mail source code the source IP address is always in received visible, at least thats normal. Privat DE mail's server does remove the IP adress in the first received line in your mail header, so your IP address is not visible, if you send mail via Privat DE's mail server. It is replaced by the IP adress of Privat DE's mail server. A account there is free, but requires registration.
Privat DE Mail is a project driven by data retention in Germany and EU. Most people do not want to be subjects of unlimited surveillance, so Privat DE Mail offers a solution to protect privacy of e-mail communication.

a example of a email header sent via privatdemail's server:

Return-Path: <xxxxxxx@privatdemail.net>
Received: from mail.privatdemail.net (mail.privatdemail.net [217.139.17.156])
by mail26.nsc.no (8.14.4/8.14.4) with ESMTP id p6AF47Vi020265
for <xxxxx@xxxxxx>; Sun, 10 Jul 2011 17:04:10 +0200 (MEST)
Received: from localhost (localhost [127.0.0.1])
by mail.privatdemail.net (Postfix) with ESMTP id 1E53E6B652
for <xxxxxee@xxxxxxx>; Sun, 10 Jul 2011 17:47:03 +0300 (EEST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=privatdemail.net;
h=content-transfer-encoding:content-type:content-type
:mime-version:x-mailer:message-id:subject:subject:from:from:date
:date; s=pdm200902; t=1310309221; x=1312123621; bh=3Pouhm3Cionui
zFsM2EF0yXS/VPrqpRnLF36osG7kBU=; b=X0lAPhVjzQ213n7EjRPuofFwNiQME
ww70CyXLd29acoOJVr6WgTcqfwMtgalV7LmazdnD6qz1pBEjq102XfDqe5MQ6kdB
YgUZcc/1duYiUCeyaAG6vopBY8rqQoSRSQJ09iAWoa4w8oQelo8aOQ4L6YcE5i4b
mZoCpWb1c0LzZc=
Received: from mail.privatdemail.net ([127.0.0.1])
by localhost (mail.privatdemail.net [127.0.0.1]) (amavisd-new, port 10026)
with ESMTP id 26s-X8lPTKNc for <xxxxxx@xxxxxxx>;
Sun, 10 Jul 2011 17:47:01 +0300 (EEST)
Date: Sun, 10 Jul 2011 16:46:42 +0200
From: <xxxxx@privatdemail.net>
To: xxxxxxx
Subject: test
Message-ID: <20110710164642.3f7acc9@fxxxxxxxxx>
X-Mailer: Claws Mail 3.7.8 (GTK+ 2.24.4; i686-pc-linux-gnu)
Mime-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
X-Xxroufqwki: sw=gld ver=1.2 d=0s tld=net st=ok
X-XClient-IP-Addr: 217.139.17.156

[Eek]

But what is the problem?
Not sending mail using the smtp server or not getting mail or both?
What is in the mail.log and /etc/postfix/main.cf ?

[supermagnum]

But what is the problem?
Not sending mail using the smtp server or not getting mail or both?
What is in the mail.log and /etc/postfix/main.cf ?

The problem is if that i use my b3 box with my privatdemail.net account, my home IP is revealed

my mail.log file does not exist.

etc/postfix/main.cf :

smtpd_banner = $myhostname ESMTP $mail_name (Debian/GNU)
biff = no

# The command_directory parameter specifies the location of all
# postXXX commands.
#
command_directory = /usr/sbin
daemon_directory = /usr/lib/postfix

mydestination = b3.localdomain, localhost.localdomain, localhost, /etc/postfix/bubbadomains, $myhostname

unknown_local_recipient_reject_code = 550
mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128

alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases

recipient_delimiter = +

home_mailbox = Mail/
mailbox_size_limit = 0

disable_vrfy_command = yes
smtpd_helo_required = yes
smtpd_recipient_restrictions =
permit_mynetworks
reject_unauth_destination
reject_unauth_pipelining
reject_invalid_hostname
reject_non_fqdn_sender
reject_unknown_sender_domain
reject_non_fqdn_recipient
reject_unknown_recipient_domain
reject_rbl_client dnsbl.njabl.org
reject_rbl_client dnsbl.sorbs.net
reject_rbl_client bl.spamcop.net
permit

# TLS parameters
smtpd_tls_cert_file=/etc/ssl/certs/ssl-cert-snakeoil.pem
smtpd_tls_key_file=/etc/ssl/private/ssl-cert-snakeoil.key
smtpd_use_tls=yes
smtpd_tls_session_cache_database = btree:${queue_directory}/smtpd_scache
smtp_tls_session_cache_database = btree:${queue_directory}/smtp_scache


# See /usr/share/doc/postfix/TLS_README.gz in the postfix-doc package for
# information on enabling SSL in the smtp client.

#myhostname = b3.localdomain
#myorigin = /etc/mailname
#relayhost = foo.co.uk
#inet_interfaces = all
#smtp_sasl_security_options = noplaintext, noanonymous
#smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd
#smtp_sasl_auth_enable = no

smtp_sasl_security_options = noplaintext, noanonymous
smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd
relayhost = mail.privatdemail.net
smtp_sasl_auth_enable = yes

[Eek]

Hi

what I see is that you are not using the TLS port

You can change relayhost = mail.privatdemail.net into relayhost = [mail.privatdemail.net]:587

When sending a test mail ( echo "test" |mail -s test someone@somewhere.com )
you should now get something in the mail logs (mail.err, mail.info, mail.log, mail.warn) in /var/log


I have these settings for TLS for using gmail

Code: Select all

## TLS Settings
#
# For no logs set = 0
smtp_tls_loglevel = 1
# 
# smtp_enforce_tls = yes
# Above is commented because doing it site by site below
smtp_tls_per_site = hash:/etc/postfix/tls_per_site
#
smtp_tls_CAfile = /etc/postfix/cacert.pem
#smtp_tls_cert_file = /etc/postfix/FOO-cert.pem
#smtp_tls_key_file = /etc/postfix/FOO-key.pem
#smtp_tls_session_cache_database = btree:/var/run/smtp_tls_session_cache
smtp_use_tls = yes
smtpd_tls_CAfile = /etc/postfix/cacert.pem
smtpd_tls_cert_file = /etc/postfix/FOO-cert.pem
smtpd_tls_key_file = /etc/postfix/FOO-key.pem
smtpd_tls_received_header = yes
#smtpd_tls_session_cache_database = btree:/var/run/smtpd_tls_session_cache
smtpd_use_tls = yes
tls_random_source = dev:/dev/urandom

##  SASL Settings
# This is going in to THIS server
smtpd_sasl_auth_enable = no
# We need this
smtp_sasl_auth_enable = yes
smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd
smtpd_sasl_local_domain = $myhostname
smtp_sasl_security_options = noanonymous
#smtp_sasl_security_options =
smtp_sasl_tls_security_options = noanonymous
smtpd_sasl_application_name = smtpd

## Gmail Relay
relayhost = [smtp.gmail.com]:587
 
## Good for Testing
# sender_bcc_maps = hash:/etc/postfix/bcc_table

# Disable DNS Lookups
disable_dns_lookups = yes
#
# Great New feature Address Mapping 
#  for example may mchirico@localhost to mchirico@gmail.com
smtp_generic_maps = hash:/etc/postfix/generic
#
# 
transport_maps = hash:/etc/postfix/transport

The /etc/postfix/cacert.pem is a link to /usr/share/ca-certificates/mozilla/Thawte_Premium_Server_CA.crt

[supermagnum]

Hi

what I see is that you are not using the TLS port

You can change relayhost = mail.privatdemail.net into relayhost = [mail.privatdemail.net]:587

When sending a test mail ( echo "test" |mail -s test someone@somewhere.com )
you should now get something in the mail logs (mail.err, mail.info, mail.log, mail.warn) in /var/log


I have these settings for TLS for using gmail

Code: Select all

## TLS Settings
#
# For no logs set = 0
smtp_tls_loglevel = 1
# 
# smtp_enforce_tls = yes
# Above is commented because doing it site by site below
smtp_tls_per_site = hash:/etc/postfix/tls_per_site
#
smtp_tls_CAfile = /etc/postfix/cacert.pem
#smtp_tls_cert_file = /etc/postfix/FOO-cert.pem
#smtp_tls_key_file = /etc/postfix/FOO-key.pem
#smtp_tls_session_cache_database = btree:/var/run/smtp_tls_session_cache
smtp_use_tls = yes
smtpd_tls_CAfile = /etc/postfix/cacert.pem
smtpd_tls_cert_file = /etc/postfix/FOO-cert.pem
smtpd_tls_key_file = /etc/postfix/FOO-key.pem
smtpd_tls_received_header = yes
#smtpd_tls_session_cache_database = btree:/var/run/smtpd_tls_session_cache
smtpd_use_tls = yes
tls_random_source = dev:/dev/urandom

##  SASL Settings
# This is going in to THIS server
smtpd_sasl_auth_enable = no
# We need this
smtp_sasl_auth_enable = yes
smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd
smtpd_sasl_local_domain = $myhostname
smtp_sasl_security_options = noanonymous
#smtp_sasl_security_options =
smtp_sasl_tls_security_options = noanonymous
smtpd_sasl_application_name = smtpd

## Gmail Relay
relayhost = [smtp.gmail.com]:587
 
## Good for Testing
# sender_bcc_maps = hash:/etc/postfix/bcc_table

# Disable DNS Lookups
disable_dns_lookups = yes
#
# Great New feature Address Mapping 
#  for example may mchirico@localhost to mchirico@gmail.com
smtp_generic_maps = hash:/etc/postfix/generic
#
# 
transport_maps = hash:/etc/postfix/transport

The /etc/postfix/cacert.pem is a link to /usr/share/ca-certificates/mozilla/Thawte_Premium_Server_CA.crt

Ok, i have changed relayhost = mail.privatdemail.net into relayhost = [mail.privatdemail.net]:587

still, no mail.log or mail.warn files.

my mail.info file says:
Jul 14 11:48:16 b3 postfix/smtp[29952]: 197521C016: to=<someone@somewhere.com>, relay=mail.privatdemail.net[217.139.17.156]:587, delay=938, de$
Jul 14 11:48:16 b3 postfix/smtp[29951]: 83D481C015: to=<someone@somewhere.com>, relay=mail.privatdemail.net[217.139.17.156]:587, delay=1173, d$
Jul 14 11:48:52 b3 postfix/pickup[29593]: 6CBB11C017: uid=0 from=<root>
Jul 14 11:48:52 b3 postfix/cleanup[29961]: 6CBB11C017: message-id=<20110714094852.6CBB11C017@b3.localdomain>
Jul 14 11:48:52 b3 postfix/qmgr[26080]: 6CBB11C017: from=<root@b3.localdomain>, size=334, nrcpt=1 (queue active)
Jul 14 11:48:53 b3 postfix/smtp[29952]: warning: SASL authentication failure: No worthy mechs found
Jul 14 11:48:53 b3 postfix/smtp[29952]: 6CBB11C017: to=<someone@somewhere.com>, relay=mail.privatdemail.net[217.139.17.156]:587, delay=0.81, d$
Jul 14 11:49:39 b3 postfix/pickup[29593]: D1FC51C018: uid=0 from=<root>
Jul 14 11:49:39 b3 postfix/cleanup[29961]: D1FC51C018: message-id=<20110714094939.D1FC51C018@b3.localdomain>
Jul 14 11:49:39 b3 postfix/qmgr[26080]: D1FC51C018: from=<root@b3.localdomain>, size=334, nrcpt=1 (queue active)
Jul 14 11:49:40 b3 postfix/smtp[29951]: warning: SASL authentication failure: No worthy mechs found
Jul 14 11:49:40 b3 postfix/smtp[29951]: D1FC51C018: to=<someone@somewhere.com>, relay=mail.privatdemail.net[217.139.17.156]:587, delay=0.88, d$


maybe i am not using the right ssl certificates ?
They are at the default values at the moment:

Code: Select all

smtpd_tls_cert_file=/etc/ssl/certs/ssl-cert-snakeoil.pem
smtpd_tls_key_file=/etc/ssl/private/ssl-cert-snakeoil.key

/etc/ssl/private contains : dovecot.pem ssl-cert-snakeoil.key
and /etc/ssl/certs# a lot of .pem files.

[Eek]

Did you also try to use my TLS configuration?

[supermagnum]

Did you also try to use my TLS configuration?

No, im an trying that now.

[supermagnum]

Did you also try to use my TLS configuration?

that causes the following error in mail.err :
Jul 14 12:16:22 b3 postfix/smtp[30153]: fatal: open database /etc/postfix/tls_per_site.db: No such file or directory

[Eek]

Oh yeah.

create a file /etc/postfix/tls_per_site with the following contents:

# Contents of /etc/postfix/tls_per_site
# After changes run:
# postmap /etc/postfix/tls_per_site
smtp.gmail.com MUST

then run postmap

Code: Select all

postmap /etc/postfix/tls_per_site

create a file /etc/postfix/transport with the following contents:

# Contents of /etc/postfix/transport
#
# This sends mail to Gmail
gmail.com smtp:[smtp.gmail.com]:587

then run postmap

Code: Select all

postmap /etc/postfix/transport

create a file /etc/postfix/generic with contents like:

eek@localdomain.local eek@gmail.com

then run postmap

Code: Select all

postmap /etc/postfix/generic

[supermagnum]

I did:
create a file /etc/postfix/tls_per_site with the following contents:

# Contents of /etc/postfix/tls_per_site
# After changes run:
# postmap /etc/postfix/tls_per_site
mail.privatdemail.net MUST

then run postmap

Code: Select all

postmap /etc/postfix/tls_per_site

create a file /etc/postfix/transport with the following contents:

# Contents of /etc/postfix/transport
#
# This sends mail to Gmail
mail.privatdemail.net smtp:[mail.privatdemail.net]:587

then run postmap

Code: Select all

postmap /etc/postfix/transport

create a file /etc/postfix/generic with contents like:

supermagnum@localdomain.local supermag@privatdemail.net

then run postmap

Code: Select all

postmap /etc/postfix/generic

[/quote]


No errors, i can receive mail but it seems that they do not arrive ..

[Eek]

Did you also restart postfix?

Code: Select all

/etc/init.d/postfix restart

And what is in the log files?

[supermagnum]

Did you also restart postfix?

Code: Select all

/etc/init.d/postfix restart

And what is in the log files?

I did restart postfix.
The logfiles ( mail.err , mail.warn, mail.log ) is empty.

[Eek]

that is strange.
could you do a

Code: Select all

postconf -n

and a

Code: Select all

cat /etc/postfix/master.cf|grep smtp