(I'm sending this from a different account after several previous
attempts to reply vanished).
> > The TLS part seems to be sorted now (see my reply to Sven). But
> the
> > authentication still fails.
>
> Then, put the "full" Postfix log again so we can check where (and
> why)
> it stops now :-)
Ahem, good point.
The attachments contain the lines written to /var/log/auth.log and
/var/log/mail.log when the attempt to mail via NEWSERVER:587 failed,
also my /etc/postfix/main.cf (without comments).
--
Cheers,
Clive
/var/log/auth.log:
May 10 12:59:35 rimmer postfix/smtp[13763]: NTLM client step 1
May 10 12:59:35 rimmer postfix/smtp[13763]: NTLM client step 2
May 10 12:59:35 rimmer postfix/smtp[13763]: server flags: ff810205
May 10 12:59:35 rimmer postfix/smtp[13763]: server domain: NEWSERVER-NTDOMAIN
May 10 12:59:35 rimmer postfix/smtp[13763]: calculating NT response
/var/log/mail.log:
May 10 12:59:35 rimmer postfix/pickup[13718]: 3BB483982: uid=1000
from=<MY-EMAIL-ADDRESS>
May 10 12:59:35 rimmer postfix/cleanup[13761]: 3BB483982:
resent-message-id=<20100510115935.gf3...@my-mailname>
May 10 12:59:35 rimmer postfix/cleanup[13761]: 3BB483982:
message-id=<20100509200545.ga3...@my-mailname>
May 10 12:59:35 rimmer postfix/qmgr[13719]: 3BB483982: from=<MY-EMAIL-ADDRESS>,
size=855, nrcpt=1 (queue active)
May 10 12:59:35 rimmer postfix/smtp[13763]: initializing the client-side TLS
engine
May 10 12:59:35 rimmer postfix/tlsmgr[13764]: open smtp TLS cache
btree:/var/lib/postfix/smtp_scache
May 10 12:59:35 rimmer postfix/tlsmgr[13764]: tlsmgr_cache_run_event: start TLS
smtp session cache cleanup
May 10 12:59:35 rimmer postfix/smtp[13763]: setting up TLS connection to
NEWSERVER[NEWSERVER-IPADDR]:587
May 10 12:59:35 rimmer postfix/smtp[13763]: NEWSERVER[NEWSERVER-IPADDR]:587:
TLS cipher list "ALL:+RC4:@STRENGTH"
May 10 12:59:35 rimmer postfix/smtp[13763]: looking for session
smtp:NEWSERVER-IPADDR:587:NEWSERVER-OTHERNAME&p=0&c=ALL:+RC4:@STRENGTH in smtp
cache
May 10 12:59:35 rimmer postfix/tlsmgr[13764]: lookup smtp session
id=smtp:NEWSERVER-IPADDR:587:NEWSERVER-OTHERNAME&p=0&c=ALL:+RC4:@STRENGTH
May 10 12:59:35 rimmer postfix/smtp[13763]: SSL_connect:before/connect
initialization
May 10 12:59:35 rimmer postfix/smtp[13763]: SSL_connect:SSLv2/v3 write client
hello A
May 10 12:59:35 rimmer postfix/smtp[13763]: SSL_connect:SSLv3 read server hello
A
May 10 12:59:35 rimmer postfix/smtp[13763]: NEWSERVER[NEWSERVER-IPADDR]:587:
certificate verification depth=3 verify=1 subject=/L=ValiCert Validation
Network/O=ValiCert, Inc./OU=ValiCert Class 2 Policy Validation
Authority/CN=http://www.valicert.com//emailaddress=i...@valicert.com
May 10 12:59:35 rimmer postfix/smtp[13763]: NEWSERVER[NEWSERVER-IPADDR]:587:
certificate verification depth=2 verify=1 subject=/C=US/O=The Go Daddy Group,
Inc./OU=Go Daddy Class 2 Certification Authority
May 10 12:59:35 rimmer postfix/smtp[13763]: NEWSERVER[NEWSERVER-IPADDR]:587:
certificate verification depth=1 verify=1
subject=/C=US/ST=Arizona/L=Scottsdale/O=GoDaddy.com,
Inc./OU=http://certificates.godaddy.com/repository/CN=Go Daddy Secure
Certification Authority/serialNumber=07969287
May 10 12:59:35 rimmer postfix/smtp[13763]: NEWSERVER[NEWSERVER-IPADDR]:587:
certificate verification depth=0 verify=1
subject=/O=*.NEWSERVER-DOMAIN/OU=Domain Control Validated/CN=*.NEWSERVER-DOMAIN
May 10 12:59:35 rimmer postfix/smtp[13763]: SSL_connect:SSLv3 read server
certificate A
May 10 12:59:35 rimmer postfix/smtp[13763]: SSL_connect:SSLv3 read server done A
May 10 12:59:35 rimmer postfix/smtp[13763]: SSL_connect:SSLv3 write client key
exchange A
May 10 12:59:35 rimmer postfix/smtp[13763]: SSL_connect:SSLv3 write change
cipher spec A
May 10 12:59:35 rimmer postfix/smtp[13763]: SSL_connect:SSLv3 write finished A
May 10 12:59:35 rimmer postfix/smtp[13763]: SSL_connect:SSLv3 flush data
May 10 12:59:35 rimmer postfix/smtp[13763]: SSL_connect:SSLv3 read finished A
May 10 12:59:35 rimmer postfix/smtp[13763]: save session
smtp:NEWSERVER-IPADDR:587:NEWSERVER-OTHERNAME&p=0&c=ALL:+RC4:@STRENGTH to smtp
cache
May 10 12:59:35 rimmer postfix/tlsmgr[13764]: put smtp session
id=smtp:NEWSERVER-IPADDR:587:NEWSERVER-OTHERNAME&p=0&c=ALL:+RC4:@STRENGTH [data
1378 bytes]
May 10 12:59:35 rimmer postfix/tlsmgr[13764]: write smtp TLS cache entry
smtp:NEWSERVER-IPADDR:587:NEWSERVER-OTHERNAME&p=0&c=ALL:+RC4:@STRENGTH:
time=1273492775 [data 1378 bytes]
May 10 12:59:35 rimmer postfix/smtp[13763]: Trusted TLS connection established
to NEWSERVER[NEWSERVER-IPADDR]:587: TLSv1 with cipher RC4-MD5 (128/128 bits)
May 10 12:59:40 rimmer postfix/smtp[13763]: 3BB483982: to=<MY-EMAIL-ADDRESS>,
relay=NEWSERVER[NEWSERVER-IPADDR]:587, delay=5.5, delays=0.02/0.03/5.4/0,
dsn=4.7.3, status=deferred (SASL authentication failed; server
NEWSERVER[NEWSERVER-IPADDR] said: 535 5.7.3 Authentication unsuccessful)
/etc/postfix/main.cf:
smtpd_banner = $myhostname ESMTP $mail_name (Debian/GNU)
biff = no
append_dot_mydomain = no
readme_directory = /usr/share/doc/postfix
smtpd_tls_cert_file=/etc/ssl/certs/ssl-cert-snakeoil.pem
smtpd_tls_key_file=/etc/ssl/private/ssl-cert-snakeoil.key
smtpd_use_tls=yes
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
myhostname = rimmer.localdomain
alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases
myorigin = /etc/mailname
mydestination = MY-MAILNAME, rimmer.localdomain, localhost.localdomain,
localhost
relayhost = NEWSERVER:587
mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128
mailbox_command = procmail -a "$EXTENSION"
mailbox_size_limit = 0
recipient_delimiter = +
inet_interfaces = all
html_directory = /usr/share/doc/postfix/html
inet_protocols = ipv4
smtp_sasl_auth_enable = yes
smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd
smtp_sasl_security_options =
smtp_tls_security_level = may
smtp_tls_CApath = /etc/ssl/certs
smtp_tls_note_starttls_offer = yes
smtp_tls_loglevel = 2
