[PLUG] Help with Postfix SASL auth to smarthost on RedHat distro

Lee H. Marzke on 11 Feb 2018 19:36:43 -0800

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

[PLUG] Help with Postfix SASL auth to smarthost on RedHat distro

From: "Lee H. Marzke" <lee@marzke.net>
To: Philadelphia Linux User's Group Discussion List <plug@lists.phillylinux.org>
Subject: [PLUG] Help with Postfix SASL auth to smarthost on RedHat distro
Date: Mon, 12 Feb 2018 03:36:36 +0000 (GMT)
Reply-to: Philadelphia Linux User's Group Discussion List <plug@lists.phillylinux.org>
Sender: "plug" <plug-bounces@lists.phillylinux.org>
Thread-index: lyBH24GryL12/LMmWtWNRU87H4MtSw==
Thread-topic: Help with Postfix SASL auth to smarthost on RedHat distro

I'm having trouble with Postfix SMTP authentication to a smarthost on a new install of RH 7.3

This is actually the latest FreePBX SNG7 OS based on RH 7.3 but shouldn't matter. 
https://en.wikipedia.org/wiki/FreePBX_Distro

I have Postfix SMTP auth over TLS  working on an old Ubuntu release, but for some reason the Red Hat distro is giving me permission issues
with nearly the same setup.   Any clues where I should look next ?

Basically SASL authentication strings are in the file   /etc/postfix/sasl_passwd containing two smart hosts:

[smtp.gmail.com]:587      username:password 
[smtp.smarthost2.net]:587 username:password 

and has permissions: 

-rw------- 1 root root 111   Feb 11 18:37 sasl_paswd 
-rw------- 1 root root 12288 Feb 11 19:42 sasl_paswd.db

the hash is updated/created with:
sudo postmap hash:/etc/postfix/sasl_passwd

Notes with CentOS claim that postfix reads the .db map file as root, then drops permissions on startup.

However,  when I send email,  I keep getting errors where postfix can't read the sasl_passwd.db file.

Feb 11 22:12:42 freepbx postfix/smtp[11208]: Trusted TLS connection established to smtp.gmail.com[209.85.232.108]:587: TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)
Feb 11 22:12:42 freepbx postfix/smtp[11208]: warning: hash:/etc/postfix/sasl_passwd is unavailable. open database /etc/postfix/sasl_passwd.db: No such file or directory
Feb 11 22:12:42 freepbx postfix/smtp[11208]: warning: hash:/etc/postfix/sasl_passwd lookup error for "smtp.gmail.com"
Feb 11 22:12:42 freepbx postfix/smtp[11208]: warning: 89DF211780BB: smtp_sasl_passwd lookup error
Feb 11 22:12:42 freepbx postfix/smtp[11208]: 89DF211780BB: local data error while talking to smtp.gmail.com[209.85.232.108]

Now I know the file is there.   And I've tried changing permissions to allow postfix group read, and other combination
but they always fail the same way.


The relevant sections of main.cf are:

#Setup TLS, using default self-signed certs

smtp_tls_security_level = may
smtp_tls_loglevel = 1
smtp_tls_CAfile = /etc/pki/tls/certs/ca-bundle.trust.crt
smtp_tls_cert_file = /etc/pki/tls/certs/localhost.crt
smtp_tls_key_file = /etc/pki/tls/private/localhost.key

# Use smarthost
#relayhost = [smtp.protectedservice.net]:587
relayhost = [smtp.gmail.com]:587

# Setup SASL over TLS for smart host ( Gmail require TLS,  others may not )

smtp_use_tls = yes
smtp_sasl_auth_enable = yes
broken_sasl_auth_clients = yes
smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd
smtp_sasl_security_options = noanonymous
smtp_sasl_tls_security_options = noanonymous
smtp_sasl_type = cyrus 
smtp_tls_security_level = encrypt
smtp_tls_policy_maps = hash:/etc/postfix/tls_policy

###DEBUG
#debug_peer_list=smtp.gmail.com
#debug_peer_level=3


The policy map  tls_policy contains:       (but this isn't causing issues so far)

[smtp.gmail.com]:587 encrypt
[smtp.othersmarhost.net]:587 encrypt


Regards,


Lee

-- 
"Between subtle shading and the absence of light lies the nuance of iqlusion..."  - Kryptos

Lee Marzke,  lee@marzke.net     http://marzke.net/lee/
IT Consultant, VMware, VCenter, SAN storage, infrastructure, SW CM

BEGIN:VCARD
VERSION:3.0
FN:Marzke\, Lee
N:Marzke;Lee;;;
ADR;TYPE=home,postal,parcel:;;119 Pepper Dr.;Collegeville;PA;19426;
TEL;TYPE=cell,voice:610 564 4932
TEL;TYPE=pager:(732) 276-4029
TEL;TYPE=work,voice:800 393 5217
EMAIL;TYPE=internet:lee@marzke.net
EMAIL;TYPE=internet:lmarzke@4aero.com
ORG:4aero
TITLE:Infrastructure Consultant
NOTE: 
CATEGORIES:Family
REV:2018-01-15T02:35:21Z
UID:f5f810f6-3347-4915-9a40-567cf4591450:86081
END:VCARD

BEGIN:VCARD
VERSION:3.0
FN:Marzke\, Lee
N:Marzke;Lee;;;
ADR;TYPE=home,postal,parcel:;;119 Pepper Dr.;Collegeville;PA;19426;
TEL;TYPE=cell,voice:610 564 4932
TEL;TYPE=pager:(732) 276-4029
TEL;TYPE=work,voice:800 393 5217
EMAIL;TYPE=internet:lee@marzke.net
EMAIL;TYPE=internet:lmarzke@4aero.com
ORG:4aero
TITLE:Infrastructure Consultant
NOTE: 
CATEGORIES:Family
REV:2018-01-15T02:35:21Z
UID:f5f810f6-3347-4915-9a40-567cf4591450:86081
END:VCARD

___________________________________________________________________________
Philadelphia Linux Users Group         --        http://www.phillylinux.org
Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce
General Discussion  --   http://lists.phillylinux.org/mailman/listinfo/plug

Follow-Ups:
- Re: [PLUG] Help with Postfix SASL auth to smarthost on RedHat distro
  - From: "Lee H. Marzke" <lee@marzke.net>

Prev by Date: Re: [PLUG] Rant: Goodbye KDE, My Old Friend
Next by Date: Re: [PLUG] Help with Postfix SASL auth to smarthost on RedHat distro
Previous by thread: Re: [PLUG] plug Digest, Vol 159, Issue 16
Next by thread: Re: [PLUG] Help with Postfix SASL auth to smarthost on RedHat distro
Index(es):
- Date
- Thread