Getting SASL to work

Questions and answers about how to do stuff
Post Reply
mattch
Posts: 49
Joined: 28 Mar 2018 22:26

Getting SASL to work

Post by mattch »

I followed this post from 2017, but I think some things change since then. EFA-4.0.4
https://forum.efa-project.org/viewtopi ... 85#p11085

Make sure you've already ran the LetsEncrypt setup (option 15)...
-enable HTTPS, redirect is fine, open port 80.

1) /etc/postfix/main.cf

Code: Select all

smtpd_sasl_path = smtpd
smtpd_sasl_auth_enable = yes
2) Create a sasl user in the db.

Code: Select all

saslpasswd2 -c -u adomain.com username
# ie username@adomain.com

Code: Select all

sasldblistusers2 
# to verify the user is in the db.

Code: Select all

(you can skip this)

testsaslauthd -u username@adomain.com -p secret  
or
testsaslauthd -u username@adomain.com -p secret -s smtp

# testing it with testsaslauthd, it always says "NO authentication failed". idk how to fix that
# HOWever, testing AUTH LOGIN through an smtp session, it is authenticating ok. 
 
3) Last step took me about a day and a half to figure out :clap: :lol: :idea:

Code: Select all

systemctl start saslauthd
systemctl enable saslauthd
systemctl restart postfix

# enable sasl lol
4) Test with your favorite smtp tester, using AUTH LOGIN

----------------------------------------------------------

it seems like most of the steps from the 2017 post were added in recent versions. such as;
-uncomment in master.cf
-and /etc/sasl2/smtpd.conf

----------------------------------------------------------

My intention for enabling sasl is to allow an external service to relay through using auth login, for alerts and stuff. The regular relay based on ip address (menu 7/menu 1) works fine but im moving my external service to azure which totally blocks outbound port 25, must use tls/587.
Next step is configure my external service (postfix) to relay through efa using login.
Last edited by mattch on 01 Apr 2024 18:56, edited 1 time in total.
mattch
Posts: 49
Joined: 28 Mar 2018 22:26

Re: Getting SASL to work

Post by mattch »

Well.... I am halfway there :lol:

I did my 'auth login' test using port 25 :doh:
Port 25 authenticates ok but not on 587

testing on port 587 i get:

Code: Select all

535 5.7.8 Error: authentication failed: UGFzc3dvcmQ6
i tested with openssl:

Code: Select all

 
> openssl s_client -starttls smtp -connect server:587 -crlf -ign_eof
 ---
250 SMTPUTF8
ehlo dude
250-server
250-PIPELINING
250-SIZE 133169152
250-ETRN
250-AUTH PLAIN LOGIN
250-ENHANCEDSTATUSCODES
250-8BITMIME
250-DSN
250 SMTPUTF8

auth login

334 VXNlcm5hbWU6
xxxxx

334 UGFzc3dvcmQ6
xxxxx

535 5.7.8 Error: authentication failed: UGFzc3dvcmQ6

 
Anyone have a suggestion on where to look to get authentication working on port 587? :pray:
It seems like it is not looking towards the sasl database but idk.

Thank you!!
Post Reply