25 Aug
2014
25 Aug
'14
1:23 p.m.
Hi Luvers
Just in case you are using Ubuntu 14.04 and Postfix and Dovecot for sasl
authentication, there appears to be a bug which seems to only affect
Google smtp servers and possibly only for the last few days, but could
possibly affect other smtp servers.
See:
https://bugs.launchpad.net/serverguide/+bug/1340772
What seems to happen is that when the google smtp server connects to
your server sasl will fail and google will fail. Other smtp servers (eg
Yahoo) seem to issue a warning and continue. So you will still receive
emails from non-google smtps, and you may not realise that you are
missing on emails, until a sender complains to you!
Of course this email may not concern you at all!!
Cheers
Daniel.
25 Aug
25 Aug
1:28 p.m.
Daniel J Jitnah
<djitnah(a)greenwareit.com.au> writes:
https://bugs.launchpad.net/serverguide/+bug/1340772
What seems to happen is that when the google smtp server connects to
your server sasl will fail and google will fail.
Are you talking about opportunistic TLS between MTAs?
I don't understand where the SASL comes in.
It's not clear to me from LP1340772 either.
Just turn off opportunistic TLS (for 25/tcp) and continue to require it
for submission (587/tcp).
1:54 p.m.
On 25/08/14 13:28, Trent W. Buck wrote:
Daniel J Jitnah
<djitnah(a)greenwareit.com.au> writes:
What was happening:
Someone sent me an email using Google smtp and it bounced to him, and he
told me about it.
In my mail.log there where errors:
Aug 25 03:25:16 greenwareit postfix/smtpd[7743]: connect from
mail-pa0-f48.google.com[209.85.220.48]
Aug 25 03:25:17 greenwareit postfix/smtpd[7743]: warning: SASL: Connect
to private/auth-client failed: No such file or directory
Aug 25 03:25:17 greenwareit postfix/smtpd[7743]: fatal: no SASL
authentication mechanisms
When I changed it to private/auth in Dovecot master.conf it fixed the error.
In the installed dovecot master.conf in Ubuntu 14.04, it is
private/auth-client instead of private/auth. So sasl was always
failing, but smtps just dropped to port 25 and you still receive email.
But it seems that Google does not do that (may be only since a few days
ago??) - If I had turned off opportunistic TLS, I think all would have
failed.
And as I said, receiving emails from other sources was OK.
Cheers
Daniel
https://bugs.launchpad.net/serverguide/+bug/1340772
What seems to happen is that when the google smtp server connects to
your server sasl will fail and google will fail.
Are you talking about
opportunistic TLS between MTAs?
I don't understand where the SASL comes in.
It's not clear to me from LP1340772 either.
Just turn off opportunistic TLS (for 25/tcp) and continue to require it
for submission (587/tcp).
_______________________________________________
luv-main mailing list
luv-main(a)luv.asn.au
http://lists.luv.asn.au/listinfo/luv-main
26 Aug
26 Aug
11:16 a.m.
Daniel J Jitnah
<djitnah(a)greenwareit.com.au> writes:
On 25/08/14 13:28, Trent W. Buck wrote:
Sounds like you have SASL turned on for port 25.
That's not right.
25 should be unauthenticated; 587 should be authenticated.
25 accepts mail only for you; 587 accepts mail for anyone.
Typically 587 will use PLAIN-over-TLS (and therefore should *require*
TLS), whereas 25 is normally either no-TLS-ever or opportunistic TLS.
You're seeing the problem with gmail because gmail's MTA is trying to
opportunistically enable TLS when delivering messages to you, whereas
most MTAs don't bother.
Postfix can't talk to PAM directly, so for authentication, it talks to
dovecot's SASL service (SASL, PAM & RADIUS all do the same job). They
talk over a socket, and as you correctly identified in the bug report,
your immediate problem is just that postfix and dovecot (apparently)
default to different paths for the socket. That's nothing to do with
gmail, and I'd expect it to be fixed automatically by Ubuntu.
Daniel J Jitnah
<djitnah(a)greenwareit.com.au> writes:
What was happening:
Someone sent me an email using Google smtp and it bounced to him, and he
told me about it.
In my mail.log there where errors:
Aug 25 03:25:16 greenwareit postfix/smtpd[7743]: connect from
mail-pa0-f48.google.com[209.85.220.48]
Aug 25 03:25:17 greenwareit postfix/smtpd[7743]: warning: SASL: Connect
to private/auth-client failed: No such file or directory
Aug 25 03:25:17 greenwareit postfix/smtpd[7743]: fatal: no SASL
authentication mechanisms
When I changed it to private/auth in Dovecot master.conf it fixed the error.
In the installed dovecot master.conf in Ubuntu 14.04, it is
private/auth-client instead of private/auth. So sasl was always
failing, but smtps just dropped to port 25 and you still receive email.
But it seems that Google does not do that (may be only since a few days
ago??) - If I had turned off opportunistic TLS, I think all would have
failed.
https://bugs.launchpad.net/serverguide/+bug/1340772
What seems to happen is that when the google smtp server connects to
your server sasl will fail and google will fail.
Are you talking about
opportunistic TLS between MTAs?
I don't understand where the SASL comes in.
It's not clear to me from LP1340772 either.
Just turn off opportunistic TLS (for 25/tcp) and continue to require it
for submission (587/tcp).
3138
days inactive
3139
days old
3 comments
2 participants
participants (2)
-
Daniel J Jitnah -
trentbuck@gmail.com