Postfix integration problem

Discuss installation of Scalix software

Moderators: ScalixSupport, admin

lleopold
Posts: 15
Joined: Thu Oct 25, 2007 9:16 am

Postfix integration problem

Postby lleopold » Thu Oct 25, 2007 9:40 am

Hi All,
I am testing Scalix following a recommendation and so far I am very impressed.
For a number of reasons I have installed the test server at home and also used the Scalix 11.2 Community Edition on CentOS 5 as the OS.

I followed the Postfix integration Howto to the letter, and checked it and double check it again, but sending mail does not work.

The maillog does identify the problem, where I get the following error message:
Oct 25 09:28:32 mail postfix/smtpd[31308]: connect from mail.[FQDN].net[192.168.1.199]
Oct 25 09:28:32 mail postfix/smtpd[31308]: warning: mail.[FQDN].net[192.168.1.199]: SASL LOGIN authentication failed: authentication failure
Oct 25 09:28:32 mail postfix/smtpd[31308]: lost connection after AUTH from mail.[FQDN].net[192.168.1.199]
Oct 25 09:28:32 mail postfix/smtpd[31308]: disconnect from mail.[FQDN].net[192.168.1.199]

Trying the command: testsaslauthd -f /var/run/saslauthd/mux -u adminsx -p [real passwd] results in
0: NO "authentication failed"
error message

and this is where I am stuck.
Can you please give some suggestions how to further troubleshoot this?
many thanks in advance!

MailMan
Posts: 30
Joined: Sun Sep 23, 2007 12:56 pm

Postby MailMan » Fri Oct 26, 2007 1:36 pm

Hi,

I have the same problem but i notice it only happens when i email through SWA and not if i am using another MUA such as outlook or whatever. When using a different MUA the mails send successfully.

On another note, i also noticed that when an email is saved in your drafts folder and you open it from there you can set the from address to anyone else in the address book and pretend to be them.

Regards,

Ken

lleopold
Posts: 15
Joined: Thu Oct 25, 2007 9:16 am

Postby lleopold » Tue Oct 30, 2007 11:41 am

Well, I have not made much progress with this one.
The Postfix install works when the transport maps and authentication is removed to send both locally and externally.
If I add the transport maps directive per the integration how-to wiki, postfix does not seem to find any user, therefore both sending and receiveing mail fails.
Can someone please suggesst how to troubleshot the postfix/ldap query in scalix?
I am able to login to the SAC, and verify that all services in the server info tab have started.
Thanks a lot

MailMan
Posts: 30
Joined: Sun Sep 23, 2007 12:56 pm

Postby MailMan » Tue Oct 30, 2007 3:51 pm

Hi lleopold,

I think i figured it out...

SASL doesn't seem to be necessary in this case... Here's how i got around it..

1. Disable all of the SASL stuff in your Postfix config:

#smtpd_sasl_auth_enable = yes
#smtpd_sasl_authenticated_header = no
#smtpd_sasl_local_domain =
#smtpd_sasl_security_options = noanonymous
#broken_sasl_auth_clients = yes

smtpd_client_restrictions =
permit_mynetworks
# permit_sasl_authenticated
reject

smtpd_sender_restrictions =
permit_mynetworks
# permit_sasl_authenticated
reject

smtpd_recipient_restrictions =
permit_mynetworks
# permit_sasl_authenticated
reject_unauth_destination


2. Tell Postfix what domains to forward (we don't want it to be based per user like SASL does, we want it based on each domain)...

transport_maps = hash:/etc/postfix/redirect-transport.cf hash:/etc/postfix/transport

3. In your redirect-transport.cf put your domains in like this:

.example.com smtp:[127.0.0.1]:10025
example.com smtp:[127.0.0.1]:10025

So anything in those domains will be forwarded to Scalix for processing. Anything for anything that's not in your redirect-transport.cf will be dealt with by the appropriate other rules.

It's quick and dirty but it works!

Regards,

Ken
--
I don't like to advertise. *Cough* Buy OpenBSD *Cough*

lleopold
Posts: 15
Joined: Thu Oct 25, 2007 9:16 am

SOLVED - or kind of

Postby lleopold » Sat Nov 03, 2007 1:25 pm

Thanks MailMan!
I tried your suggestion, and indeed works, however, your suggestion eliminates the sasl authentication and I would prefer to have clients authenticate before they can send email.

On the other hand, I think I figured out what was the problem on my install:
First, the smtpd.conf file which was placed in /etc/postfix/sasl in the wiki howto,
on my Centos5 based install has to go under /etc/sasl2/
The other change I had to make is that in the /etc/sysconfig/saslauthd file modify the flag
FLAGS="-O /etc/postfix/saslauthd.conf -c -r"
The -r will cause the realm(domain) to be combined with the username to create the authenticationID used in my Scalix install which is setup as username@domain

If things are set up right, the command:
testsaslauthd -u [scalix authenticationID] -p password should return
0: OK "Success."

With these two changes sending and receiving mail works through the webmail

Now, somewhere along the way sending through an outlook client got broken, so while the webmail works, now outlook does not.

I cannot figure out if the outlook sending email goes through smptd (in my case postfix) or is sent through a proprietary scalix connection? Someone who is more familiar with this could please reply?

MailMan
Posts: 30
Joined: Sun Sep 23, 2007 12:56 pm

Postby MailMan » Sat Nov 03, 2007 2:22 pm

Hi lleopold,

Yeah that's the problem i found and why...:

1. Scalix uses a custom build of LDAP so it's difficult to talk to. I am trying to work backwards to find out how it is structured so i can get Postfix to talk to it.

2. Turn off SASL on Postfix and users Can't authenticate.

3. Tried Pop-before-smtp but it doesn't work because Scalix doesn't log pop / imap logins / logouts in maillog.

4. Set up a single SASL password on OpenLDAP (since Scalix uses it's custom version this is not a problem).

5. SASL authentication works for all outlook users because they can use the same username and password.

6. Sending stops working for SAC because SAC wants to authenticate using the local user's password.

7. Postfix rejects SAC emails because it is using an invalid password, regardless of whether or not the SAC server is allowed to relay based on IP, the fact that it uses an invalid password causes the emails to be rejected.

8. MailMan begins to pull hair out and contemplates becoming an alcoholic.

9. MailMan tries to work backwards in a partially drunken state...

Regards,

Ken

MailMan
Posts: 30
Joined: Sun Sep 23, 2007 12:56 pm

Postby MailMan » Sat Nov 03, 2007 2:28 pm

Did i say SAC? I meant SWA... Looking in all these config files is making my eyes bleed

lleopold
Posts: 15
Joined: Thu Oct 25, 2007 9:16 am

Postby lleopold » Sat Nov 03, 2007 5:08 pm

I think the outlook connector authenticates directly with scalix server and not through postfix/sasl/ldap
The problem with outlook connector I mentioned earlier was solved by uninstalling and reinstalling the scalix outlook connector. I do not what the problem was but works now.
As far as the overall postfix integration, it seems that works fine.

MailMan
Posts: 30
Joined: Sun Sep 23, 2007 12:56 pm

Postby MailMan » Sat Nov 03, 2007 5:11 pm

Hi lleopold,

It's not the outlook connector that i have a problem with but authentication via SMTP (i.e. we have the problem with Thunderbird etc as well).

We can pop mail easily but just not smtp it unless the user's IP is in the mynetworks list.

Regards,

Ken


Return to “Installation”



Who is online

Users browsing this forum: No registered users and 0 guests

cron