0

We have application like Jira which needs to send to email to users. Have used Postfix as the email server and have done the below mentioned configuration. Test connection, test email all ok. I want to enable SASL authentication, and did configuration for that as well. But it doesn't look like the authentication really works. I entered a wrong username and password in Jira, but still it is able to connect to the server and able to send email. Can someone please help me ?

In /etc/postfix/sasl_passwd, I entered the following

test-jira@<domainname.com> jira_test:test123

alias_database = hash:/etc/aliases
alias_maps = hash:/etc/aliases
command_directory = /usr/sbin
config_directory = /etc/postfix
daemon_directory = /usr/libexec/postfix
data_directory = /var/lib/postfix
debug_peer_level = 2
debugger_command = PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin ddd $daemon_directory/$process_name $process_id & sleep 5
html_directory = no
inet_interfaces = all
inet_protocols = all
mail_owner = postfix
mailq_path = /usr/bin/mailq.postfix
manpage_directory = /usr/share/man
mydestination = $myhostname,<"all other destination list">
mydomain = <"my domain name">
myhostname =  <"my hotname name">
mynetworks = <"ALL IPS">
myorigin = $mydomain 
newaliases_path = /usr/bin/newaliases.postfix 
queue_directory = /var/spool/postfix
readme_directory = /usr/share/doc/postfix-2.10.1/README_FILES
relay_domains = $mydestination
relayhost = <"MY RELAY HOST SERVER DETAILS">
sample_directory = /usr/share/doc/postfix-2.10.1/samples
sendmail_path = /usr/sbin/sendmail.postfix
setgid_group = postdrop
smtp_sasl_auth_enable = yes 
smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd 
smtp_sender_dependent_authentication = yes
smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination 
unknown_local_recipient_reject_code = 550
Glorfindel
  • 1,213
  • 3
  • 15
  • 22
Naga
  • 11
  • 3

1 Answers1

0

If postfix is acting as the server (i.e. SMTP daemon) and will be performing the authentication, then you need to put the authorization in smtpd_. From the question it seems you've put it in smtp_ (client).

Something like

smtpd_sasl_security_options = noanonymous
smtpd_sasl_auth_enable = yes

Typically the authorization would not go in sasl_passwd as that is to store the passwords for remote servers.

tater
  • 1,395
  • 2
  • 9
  • 12
  • Yes, the postfix is acting as a server, and at the same time, it will also forward the mail to other relay host, but all the configuration is internal to the company, no external emails expected. Thanks a lot, the authentication failure message i am able to get it. – Naga Oct 03 '20 at 09:12
  • Ok, i have enabled it, but what are the configurations i need to make to authenticate, could you please share some information ? – Naga Oct 03 '20 at 09:20
  • There's probably enough tutorials on the internet already, no need for another one. Perhaps see if this describes it well enough for you: https://serverfault.com/questions/547282/postfix-how-to-use-simple-file-for-sasl-authentication or http://www.postfix.org/SASL_README.html – tater Oct 03 '20 at 11:29
  • I tried with information given under the link - serverfault.com/questions/547282/… but getting the below errors in the log. warning: SASL authentication problem: unable to open Berkeley db /etc/sasldb2: Permission denied warning: ip- []: SASL LOGIN authentication failed: generic failure – Naga Oct 05 '20 at 10:28
  • I will close this thread, and open an new one with the other problem. Thanks for your help. – Naga Oct 05 '20 at 14:49