Hi, i'm having some problems regard authenticating users from internet
that want use my smtp server for delivery to any non-local domain.

here the main.cf about the sasl parameters :

smtpd_sasl_auth_enable = yes
broken_sasl_auth_clients = yes
smtpd_recipient_restrictions = permit_mynetworks,
permit_sasl_authenticated, reject_unauth_destination

then

/etc/postfix/sasl/smtpd.conf

pwcheck_method: auxprop
auxprop_plugin: sql
mech_list: plain login cram-md5 digest-md5
sql_engine: mysql
sql_hostnames: 127.0.0.1
sql_user: xxxx
sql_passwd: xxxx
sql_database: database
sql_select: select password from users where email='%u@%r': login plain
log_level: 7



#tail /var/log/mail.log

Apr 10 17:08:30 mail postfix/smtpd[30633]: connect from *ip_esterno*
Apr 10 17:08:30 mail postfix/smtpd[30633]: NOQUEUE: reject: RCPT from
*ip_esterno* <pippo@gmail.com>: Relay access denied;
from=<asd@miodominio.net> to=<pippo@gmail.com> proto=SMTP
helo=<Assistenza>
Apr 10 17:08:30 mail postfix/smtpd[30633]: disconnect from *ip_esterno*

#tail /var/log/auth.log :

Apr 10 16:39:01 mail CRON[30516]: (pam_unix) session closed for user
root
Apr 10 16:39:41 mail postfix/smtpd[30533]: sql auxprop plugin using
mysql engine
Apr 10 16:39:41 mail postfix/smtpd[30535]: sql auxprop plugin using
mysql engine
Apr 10 16:39:41 mail postfix/smtpd[30537]: sql auxprop plugin using
mysql engine
Apr 10 16:39:41 mail postfix/smtpd[30538]: sql auxprop plugin using
mysql engine
Apr 10 16:50:11 mail postfix/smtpd[30575]: sql auxprop plugin using
mysql engine
Apr 10 16:58:57 mail postfix/smtpd[30607]: sql auxprop plugin using
mysql engine
Apr 10 17:08:30 mail postfix/smtpd[30633]: sql auxprop plugin using
mysql engine
Apr 10 17:09:01 mail CRON[30640]: (pam_unix) session opened for user
root by (uid=0)
Apr 10 17:09:01 mail CRON[30640]: (pam_unix) session closed for user
root

Do you see something strange ?


Unfortunately i don't know where i have to search the problem, i hope
some delucidation.

Tnx

Arkham wrote:
> Unfortunately i don't know where i have to search the problem, i hope
> some delucidation.

Your maillog file should contain some SASL info or errors, and I don't see any; so my
assumption is that the remote SMTP connection was not even trying to authenticate.

Some things to try:

1. See if your SMTP server is offering up the authentication mechanisms.

telnet 127.0.0.1 25
ehlo world.com

(make sure it displays 1 or 2 lines that say:
250-AUTH CRAM-MD5 LOGIN DIGEST-MD5 PLAIN)

quit

2. Test with an email client such as Thunderbird, which allows you to specify an SMTP server
with a login and password.

3. If you are still stuck and need a test method that provides more clues: grab the source code
for Cyrus-IMAP. Compile it, but don't need to install it. It creates an executable called "imtest".
Copy that program to a filename of "smtptest". Type "./smtptest --" for instructions. It allows
you to test the various SASL mechanisms into your SMTP service, and provides some clues.

--
Greg