MDK 10, Postfix auth w/other SMTP server**SOLVED**

[Guest sleepyhead]

My ISP is Earthlink, and I have a dynamic IP. I run an MTA (Postfix) on Mandrake 10 official. I occasionally get mail rejected due to my IP address being listed on DUN RBLs. I finally decided it was time to fix my setup and route my outgoing mail through my ISP's MTA. My ISP is Earthlink, and they require SMTP authentication to relay mail through their MTA. I'm having lots of trouble getting this working. I'm using the packages provided by Mandrake (postfix-2.1.1-0.1.100mdk and cyrus-sasl-2.1.15-10mdk). The Earthlink MTA is smtpauth.earthlink.net. Here is the relevant output from postconf:

smtp_sasl_auth_enable = yes
smtp_sasl_password_maps = hash:/etc/postfix/sasl/sasl_passwd
smtp_sasl_path =
smtp_sasl_security_options =
smtp_sasl_tls_security_options = $var_smtp_sasl_opts
smtp_sasl_tls_verified_security_options = $var_smtp_sasl_tls_opts
transport_maps = hash:/etc/postfix/transport

Here is my sasl_password file (modified):

smtpauth.earthlink.net          myusername@earthlink.net:mypasswd

Here is my transport file:

yahoo.com               smtp:smtpauth.earthlink.net
.yahoo.com              smtp:smtpauth.earthlink.net

Opening an smtp session with smtpauth.earthlink.net reveals that the server supports the following auth methods: PLAIN LOGIN CRAM-MD5

When I try to send email to to my yahoo.com address, postfix tries to relay through smtpauth.earthlink.net as expected, but has trouble authenticating:

 

Jul 7 19:11:43 www postfix/smtp[15519]: 30DD570C51B: Authentication failed: cannot SASL authenticate to server smtpauth.earthlink.net[207.217.121.156]: no mechanism available

 

Jul 7 19:11:44 www postfix/smtp[15519]: 30DD570C51B: to=<eqluzer@yahoo.com>, relay=smtpauth.earthlink.net[207.217.121.150],

delay=2, status=deferred (Authentication failed: cannot SASL authenticate

to server smtpauth.earthlink.net[207.217.121.150]: no mechanism available)

 

Jul 7 19:11:43 www postfix/smtp[15519]: warning: SASL authentication

failure: No worthy mechs found

 

How do I enable these mechanisms? Everything I've googled leads me to believe that I have the configuration correct. Do I need to install some additional RPMs for each auth method? Do I need to recompile Postfix from source to enable SASL?

 

Thanks for any help!

Edited July 8, 2004 by sleepyhead

[streeter]

No need to compile - sasl is included in the mdk postfix rpm.

 

I have this working, but cannot really remember what I did (!!).

I do however maintain a file I keep setup notes of all sorts in, so this extract may help, particularly the URL:

 

#To enable relaying through isp (allow auth):

echo auth.smtp.myisp.co.uk user:pass >> /etc/postfix/isp_auth (I made this filename up)

#To hash passwd list do:

postmap hash:/etc/postfix/isp_auth

 

/etc/postfix/main.cf: (see /usr/share/doc/postfix/samples/sample-auth.cf)

smtp_sasl_auth_enable = yes

smtp_sasl_password_maps = hash:/etc/postfix/isp_auth

smtp_sasl_security_options = (blank. allows any auth. including plain text)

 

See http://postfix.state-of-mind.de/patrick.koetter/smtpauth/

 

error message after upgrade from 9.1 - 10.0: (Authentication failed: cannot SASL authenticate to server auth.smtp.myisp.co.uk[xxx.xxx.xxx.xxx]: no mechanism available)

Reinstalling cyrix-sasl fixed it

[Guest sleepyhead]

Thanks for the post! It verified that I have the config correct, and that I don't need to compile a custom Postfix. In the how-to you linked, I learned that possibly I need to install seperate packages for each of the auth methods. However, urpmi was not finding any of the packages. So, I went over to http://urpmi.org/easyurpmi/ and used their tool to add contrib and external add-on sources, and then urpmi found packages for all auth methods. I installed libsasl2-plug-crammd5, and everything works fine now.

 

Now, what would be the best option, route ALL uotgoing mail through Earthlink's MTA? Or, only do so for outgoing mail destined for domains that reject my mail due to DUN RBLs?