Page 1 of 1

Getting SASL to work

Posted: 31 Mar 2024 15:55
by mattch
I followed this post from 2017, but I think some things change since then. EFA-4.0.4 ... 85#p11085

Make sure you've already ran the LetsEncrypt setup (option 15)...
-enable HTTPS, redirect is fine, open port 80.

1) /etc/postfix/

Code: Select all

smtpd_sasl_path = smtpd
smtpd_sasl_auth_enable = yes
2) Create a sasl user in the db.

Code: Select all

saslpasswd2 -c -u username
# ie

Code: Select all

# to verify the user is in the db.

Code: Select all

(you can skip this)

testsaslauthd -u -p secret  
testsaslauthd -u -p secret -s smtp

# testing it with testsaslauthd, it always says "NO authentication failed". idk how to fix that
# HOWever, testing AUTH LOGIN through an smtp session, it is authenticating ok. 
3) Last step took me about a day and a half to figure out :clap: :lol: :idea:

Code: Select all

systemctl start saslauthd
systemctl enable saslauthd
systemctl restart postfix

# enable sasl lol
4) Test with your favorite smtp tester, using AUTH LOGIN


it seems like most of the steps from the 2017 post were added in recent versions. such as;
-uncomment in
-and /etc/sasl2/smtpd.conf


My intention for enabling sasl is to allow an external service to relay through using auth login, for alerts and stuff. The regular relay based on ip address (menu 7/menu 1) works fine but im moving my external service to azure which totally blocks outbound port 25, must use tls/587.
Next step is configure my external service (postfix) to relay through efa using login.

Re: Getting SASL to work

Posted: 01 Apr 2024 16:37
by mattch
Well.... I am halfway there :lol:

I did my 'auth login' test using port 25 :doh:
Port 25 authenticates ok but not on 587

testing on port 587 i get:

Code: Select all

535 5.7.8 Error: authentication failed: UGFzc3dvcmQ6
i tested with openssl:

Code: Select all

> openssl s_client -starttls smtp -connect server:587 -crlf -ign_eof
ehlo dude
250-SIZE 133169152

auth login

334 VXNlcm5hbWU6

334 UGFzc3dvcmQ6

535 5.7.8 Error: authentication failed: UGFzc3dvcmQ6

Anyone have a suggestion on where to look to get authentication working on port 587? :pray:
It seems like it is not looking towards the sasl database but idk.

Thank you!!