Hi again,
I'm (still) upgrading from 3.4 to 3.11 (on debian testing). After switching to cdb: I've made it past the initial failure, but it's now failing to connect to my outbound relay host. I've read https://www.postfix.org/SASL_README.html carefully, and believe that my previous configuration wrt SASL, which I have not changed, looks correct: smtp_sender_dependent_authentication = yes sender_dependent_relayhost_maps = cdb:/etc/postfix/relay-by-sender smtp_sasl_auth_enable = yes smtp_sasl_password_maps = cdb:/etc/postfix/sasl/sasl_passwd smtp_sasl_security_options = noanonymous, noplaintext smtp_sasl_tls_security_options = noanonymous with debug_peer_level =2 for my relay host, I see the following: smtp2 postfix/smtp[45082]: Untrusted TLS connection established to smtp.mailgun.org[34.160.13.42]:587: TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange ... server-signature RSA-PSS (2048 bits) server-digest SHA256 smtp2 postfix/smtp[45082]: smtp_stream_setup: maxtime=300 enable_deadline=0 min_data_rate=0 smtp2 postfix/smtp[45082]: > smtp.mailgun.org[34.160.13.42]:587: EHLO smtp2.klanderman.net smtp2 postfix/smtp[45082]: < smtp.mailgun.org[34.160.13.42]:587: 250-..... smtp2 postfix/smtp[45082]: < smtp.mailgun.org[34.160.13.42]:587: 250-AUTH PLAIN LOGIN smtp2 postfix/smtp[45082]: < smtp.mailgun.org[34.160.13.42]:587: 250-SIZE 52428800 smtp2 postfix/smtp[45082]: < smtp.mailgun.org[34.160.13.42]:587: 250-8BITMIME smtp2 postfix/smtp[45082]: < smtp.mailgun.org[34.160.13.42]:587: 250-SMTPUTF8 smtp2 postfix/smtp[45082]: < smtp.mailgun.org[34.160.13.42]:587: 250 PIPELINING smtp2 postfix/smtp[45082]: server features: 0x20102f size 52428800 smtp2 postfix/smtp[45082]: Using ESMTP PIPELINING, TCP send buffer size is 87040, PIPELINING buffer size is 4096 [ maps_find: smtp_sasl_password_maps lookups .. successful ] smtp2 postfix/smtp[45082]: starting new SASL client smtp2 postfix/smtp[45082]: name_mask: noanonymous smtp2 postfix/smtp[45082]: smtp_sasl_authenticate: smtp.mailgun.org[34.160.13.42]:587: SASL mechanisms PLAIN LOGIN smtp2 postfix/smtp[45082]: warning: SASL authentication failure: No worthy mechs found So the relay host is offering PLAIN and LOGIN? How do I see what mechanisms the postfix smtp client is willing to accept? The README says: | This same error message will also be logged when the libplain.so or | liblogin.so modules are not installed in the /usr/lib/sasl2 | directory. and I see nothing in that directory, however, that directory is also empty on my old debian 10 mail server running postfix 3.4 which has been working for 6+ years. Also, there is no smtp_sasl_mechanism_filter in effect: postconf | grep '^smtp_sasl_mechanism_filter' smtp_sasl_mechanism_filter = Any ideas? many thanks, Greg _______________________________________________ Postfix-users mailing list -- [email protected] To unsubscribe send an email to [email protected]
