Hi Luvers Just in case you are using Ubuntu 14.04 and Postfix and Dovecot for sasl authentication, there appears to be a bug which seems to only affect Google smtp servers and possibly only for the last few days, but could possibly affect other smtp servers. See: https://bugs.launchpad.net/serverguide/+bug/1340772 What seems to happen is that when the google smtp server connects to your server sasl will fail and google will fail. Other smtp servers (eg Yahoo) seem to issue a warning and continue. So you will still receive emails from non-google smtps, and you may not realise that you are missing on emails, until a sender complains to you! Of course this email may not concern you at all!! Cheers Daniel.
Daniel J Jitnah <djitnah@greenwareit.com.au> writes:
https://bugs.launchpad.net/serverguide/+bug/1340772 What seems to happen is that when the google smtp server connects to your server sasl will fail and google will fail.
Are you talking about opportunistic TLS between MTAs? I don't understand where the SASL comes in. It's not clear to me from LP1340772 either. Just turn off opportunistic TLS (for 25/tcp) and continue to require it for submission (587/tcp).
On 25/08/14 13:28, Trent W. Buck wrote:
Daniel J Jitnah <djitnah@greenwareit.com.au> writes:
https://bugs.launchpad.net/serverguide/+bug/1340772 What seems to happen is that when the google smtp server connects to your server sasl will fail and google will fail. Are you talking about opportunistic TLS between MTAs? I don't understand where the SASL comes in. It's not clear to me from LP1340772 either.
Just turn off opportunistic TLS (for 25/tcp) and continue to require it for submission (587/tcp). What was happening:
Someone sent me an email using Google smtp and it bounced to him, and he told me about it. In my mail.log there where errors: Aug 25 03:25:16 greenwareit postfix/smtpd[7743]: connect from mail-pa0-f48.google.com[209.85.220.48] Aug 25 03:25:17 greenwareit postfix/smtpd[7743]: warning: SASL: Connect to private/auth-client failed: No such file or directory Aug 25 03:25:17 greenwareit postfix/smtpd[7743]: fatal: no SASL authentication mechanisms When I changed it to private/auth in Dovecot master.conf it fixed the error. In the installed dovecot master.conf in Ubuntu 14.04, it is private/auth-client instead of private/auth. So sasl was always failing, but smtps just dropped to port 25 and you still receive email. But it seems that Google does not do that (may be only since a few days ago??) - If I had turned off opportunistic TLS, I think all would have failed. And as I said, receiving emails from other sources was OK. Cheers Daniel
_______________________________________________ luv-main mailing list luv-main@luv.asn.au http://lists.luv.asn.au/listinfo/luv-main
Daniel J Jitnah <djitnah@greenwareit.com.au> writes:
On 25/08/14 13:28, Trent W. Buck wrote:
Daniel J Jitnah <djitnah@greenwareit.com.au> writes:
https://bugs.launchpad.net/serverguide/+bug/1340772 What seems to happen is that when the google smtp server connects to your server sasl will fail and google will fail. Are you talking about opportunistic TLS between MTAs? I don't understand where the SASL comes in. It's not clear to me from LP1340772 either.
Just turn off opportunistic TLS (for 25/tcp) and continue to require it for submission (587/tcp). What was happening:
Someone sent me an email using Google smtp and it bounced to him, and he told me about it.
In my mail.log there where errors:
Aug 25 03:25:16 greenwareit postfix/smtpd[7743]: connect from mail-pa0-f48.google.com[209.85.220.48] Aug 25 03:25:17 greenwareit postfix/smtpd[7743]: warning: SASL: Connect to private/auth-client failed: No such file or directory Aug 25 03:25:17 greenwareit postfix/smtpd[7743]: fatal: no SASL authentication mechanisms
When I changed it to private/auth in Dovecot master.conf it fixed the error.
In the installed dovecot master.conf in Ubuntu 14.04, it is private/auth-client instead of private/auth. So sasl was always failing, but smtps just dropped to port 25 and you still receive email. But it seems that Google does not do that (may be only since a few days ago??) - If I had turned off opportunistic TLS, I think all would have failed.
Sounds like you have SASL turned on for port 25. That's not right. 25 should be unauthenticated; 587 should be authenticated. 25 accepts mail only for you; 587 accepts mail for anyone. Typically 587 will use PLAIN-over-TLS (and therefore should *require* TLS), whereas 25 is normally either no-TLS-ever or opportunistic TLS. You're seeing the problem with gmail because gmail's MTA is trying to opportunistically enable TLS when delivering messages to you, whereas most MTAs don't bother. Postfix can't talk to PAM directly, so for authentication, it talks to dovecot's SASL service (SASL, PAM & RADIUS all do the same job). They talk over a socket, and as you correctly identified in the bug report, your immediate problem is just that postfix and dovecot (apparently) default to different paths for the socket. That's nothing to do with gmail, and I'd expect it to be fixed automatically by Ubuntu.
participants (2)
-
Daniel J Jitnah -
trentbuck@gmail.com