| Lee H. Marzke on 11 Feb 2018 19:45:27 -0800 |
[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]
| Re: [PLUG] Help with Postfix SASL auth to smarthost on RedHat distro |
Wow, just typing this message out helped me find the likely error already. > -rw------- 1 root root 111 Feb 11 18:37 sasl_paswd > -rw------- 1 root root 12288 Feb 11 19:42 sasl_paswd.db Looks like passwd is missing an 's' both places. How did I miss that. I'll let everyone know if that fixes it. Lee ----- Original Message ----- > From: "Lee H. Marzke" <lee@marzke.net> > To: "Philadelphia Linux User's Group Discussion List" <plug@lists.phillylinux.org> > Sent: Sunday, February 11, 2018 10:36:36 PM > Subject: [PLUG] Help with Postfix SASL auth to smarthost on RedHat distro > I'm having trouble with Postfix SMTP authentication to a smarthost on a new > install of RH 7.3 > > This is actually the latest FreePBX SNG7 OS based on RH 7.3 but shouldn't > matter. > https://en.wikipedia.org/wiki/FreePBX_Distro > > I have Postfix SMTP auth over TLS working on an old Ubuntu release, but for > some reason the Red Hat distro is giving me permission issues > with nearly the same setup. Any clues where I should look next ? > > Basically SASL authentication strings are in the file /etc/postfix/sasl_passwd > containing two smart hosts: > > [smtp.gmail.com]:587 username:password > [smtp.smarthost2.net]:587 username:password > > and has permissions: > > -rw------- 1 root root 111 Feb 11 18:37 sasl_paswd > -rw------- 1 root root 12288 Feb 11 19:42 sasl_paswd.db > > the hash is updated/created with: > sudo postmap hash:/etc/postfix/sasl_passwd > > Notes with CentOS claim that postfix reads the .db map file as root, then drops > permissions on startup. > > However, when I send email, I keep getting errors where postfix can't read the > sasl_passwd.db file. > > Feb 11 22:12:42 freepbx postfix/smtp[11208]: Trusted TLS connection established > to smtp.gmail.com[209.85.232.108]:587: TLSv1.2 with cipher > ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits) > Feb 11 22:12:42 freepbx postfix/smtp[11208]: warning: > hash:/etc/postfix/sasl_passwd is unavailable. open database > /etc/postfix/sasl_passwd.db: No such file or directory > Feb 11 22:12:42 freepbx postfix/smtp[11208]: warning: > hash:/etc/postfix/sasl_passwd lookup error for "smtp.gmail.com" > Feb 11 22:12:42 freepbx postfix/smtp[11208]: warning: 89DF211780BB: > smtp_sasl_passwd lookup error > Feb 11 22:12:42 freepbx postfix/smtp[11208]: 89DF211780BB: local data error > while talking to smtp.gmail.com[209.85.232.108] > > Now I know the file is there. And I've tried changing permissions to allow > postfix group read, and other combination > but they always fail the same way. > > > The relevant sections of main.cf are: > > #Setup TLS, using default self-signed certs > > smtp_tls_security_level = may > smtp_tls_loglevel = 1 > smtp_tls_CAfile = /etc/pki/tls/certs/ca-bundle.trust.crt > smtp_tls_cert_file = /etc/pki/tls/certs/localhost.crt > smtp_tls_key_file = /etc/pki/tls/private/localhost.key > > # Use smarthost > #relayhost = [smtp.protectedservice.net]:587 > relayhost = [smtp.gmail.com]:587 > > # Setup SASL over TLS for smart host ( Gmail require TLS, others may not ) > > smtp_use_tls = yes > smtp_sasl_auth_enable = yes > broken_sasl_auth_clients = yes > smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd > smtp_sasl_security_options = noanonymous > smtp_sasl_tls_security_options = noanonymous > smtp_sasl_type = cyrus > smtp_tls_security_level = encrypt > smtp_tls_policy_maps = hash:/etc/postfix/tls_policy > > ###DEBUG > #debug_peer_list=smtp.gmail.com > #debug_peer_level=3 > > > The policy map tls_policy contains: (but this isn't causing issues so > far) > > [smtp.gmail.com]:587 encrypt > [smtp.othersmarhost.net]:587 encrypt > > > Regards, > > > Lee > > -- > "Between subtle shading and the absence of light lies the nuance of iqlusion..." > - Kryptos > > Lee Marzke, lee@marzke.net http://marzke.net/lee/ > IT Consultant, VMware, VCenter, SAN storage, infrastructure, SW CM > > ___________________________________________________________________________ > Philadelphia Linux Users Group -- http://www.phillylinux.org > Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce > General Discussion -- http://lists.phillylinux.org/mailman/listinfo/plug -- "Between subtle shading and the absence of light lies the nuance of iqlusion..." - Kryptos Lee Marzke, lee@marzke.net http://marzke.net/lee/ IT Consultant, VMware, VCenter, SAN storage, infrastructure, SW CM +1 800-393-5217 office +1 484-348-2230 fax ___________________________________________________________________________ Philadelphia Linux Users Group -- http://www.phillylinux.org Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce General Discussion -- http://lists.phillylinux.org/mailman/listinfo/plug