I'm using postfix (incomming port 25) + SpamPD (127.0.0.1:10025 relayhost:127.0.0.1:10026) for filtering incoming email, which are coming from internet for my remote MTA. MTA which holds virtual domains is running on a seperate machine. So for users authentication I'm using SpamPD proxy with postfix.
I'm facing problem with smtp authentication on Microsoft Outlook 2007. However smtp authentication is working with Outlook Express.
postfix debug:
May 31 16:55:19 filter postfix/smtpd[17149]: connect from unknown[192.168.0.33]
May 31 16:55:19 filter postfix/smtpd[17149]: match_hostname: unknown ~? 127.0.0.0/8
May 31 16:55:19 filter postfix/smtpd[17149]: match_hostaddr: 192.168.0.33 ~? 127.0.0.0/8
May 31 16:55:19 filter postfix/smtpd[17149]: match_hostname: unknown ~? 192.168.0.0/24
May 31 16:55:19 filter postfix/smtpd[17149]: match_hostaddr: 192.168.0.33 ~? 192.168.0.0/24
May 31 16:55:19 filter postfix/smtpd[17149]: match_hostname: unknown ~? 192.168.0.0/24
May 31 16:55:19 filter postfix/smtpd[17149]: match_hostaddr: 192.168.0.33 ~? 192.168.0.0/24
May 31 16:55:19 filter postfix/smtpd[17149]: > unknown[192.168.0.33]: 220 filter.mydomain.local ESMTP Postfix
May 31 16:55:19 filter postfix/smtpd[17149]: watchdog_pat: 0x9883ba0
May 31 16:55:19 filter postfix/smtpd[17149]: < unknown[192.168.0.33]: EHLO mypc
May 31 16:55:19 filter postfix/smtpd[17149]: > unknown[192.168.0.33]: 250-filter.mydomain.local
May 31 16:55:19 filter postfix/smtpd[17149]: > unknown[192.168.0.33]: 250-PIPELINING
May 31 16:55:19 filter postfix/smtpd[17149]: > unknown[192.168.0.33]: 250-SIZE 10240000
May 31 16:55:19 filter postfix/smtpd[17149]: > unknown[192.168.0.33]: 250-VRFY
May 31 16:55:19 filter postfix/smtpd[17149]: match_list_match: unknown: no match
May 31 16:55:19 filter postfix/smtpd[17149]: match_list_match: 192.168.0.33: no match
May 31 16:55:19 filter postfix/smtpd[17149]: > unknown[192.168.0.33]: 250-ETRN
May 31 16:55:19 filter postfix/smtpd[17149]: > unknown[192.168.0.33]: 250-ENHANCEDSTATUSCODES
May 31 16:55:19 filter postfix/smtpd[17149]: > unknown[192.168.0.33]: 250-8BITMIME
May 31 16:55:19 filter postfix/smtpd[17149]: > unknown[192.168.0.33]: 250 DSN
May 31 16:55:19 filter postfix/smtpd[17149]: watchdog_pat: 0x9883ba0
May 31 16:55:19 filter postfix/smtpd[17149]: smtp_get: EOF
May 31 16:55:19 filter postfix/smtpd[17149]: match_hostname: unknown ~? 127.0.0.0/8
May 31 16:55:19 filter postfix/smtpd[17149]: match_hostaddr: 192.168.0.33 ~? 127.0.0.0/8
May 31 16:55:19 filter postfix/smtpd[17149]: match_hostname: unknown ~? 192.168.0.0/24
May 31 16:55:19 filter postfix/smtpd[17149]: match_hostaddr: 192.168.0.33 ~? 192.168.0.0/24
May 31 16:55:19 filter postfix/smtpd[17149]: match_hostname: unknown ~? 192.168.0.0/24
May 31 16:55:19 filter postfix/smtpd[17149]: match_hostaddr: 192.168.0.33 ~? 192.168.0.0/24
Postfix master.cf
smtp inet n - - - 20 smtpd -v
-o smtpd_proxy_filter=127.0.0.1:10025
-o smtpd_client_connection_count_limit=10
# After-filter SMTP server. Receive mail from the content filter
# on localhost port 10026.
#
127.0.0.1:10026 inet n - n - - smtpd
-o smtpd_authorized_xforward_hosts=127.0.0.0/8
-o smtpd_client_restrictions=
-o smtpd_helo_restrictions=
-o smtpd_sender_restrictions=
-o smtpd_recipient_restrictions=permit_mynetworks,reject
-o smtpd_data_restrictions=
-o mynetworks=127.0.0.0/8
-o receive_override_options=no_unknown_recipient_checks
Please help in this regard.
I've further diagnose it. Below are the diagnose with Outlook Express.
created thread for connection
processing 4 on thread b7f66b90
accepted connection from 192.168.0.50
SERVER connected to 192.168.0.51
SERVER < 220-mydomain.com ESMTP
CLIENT > 220-mydomain.com ESMTP
CLIENT < EHLO mypc
SERVER > EHLO mypc
SERVER < 250-mydomain.com Hello virata [192.168.0.151], pleased to meet you.
intercepting host response
CLIENT > 250-smtp.passthru
SERVER < 250-ENHANCEDSTATUSCODES
CLIENT > 250-ENHANCEDSTATUSCODES
SERVER < 250-SIZE
CLIENT > 250-SIZE
SERVER < 250-EXPN
CLIENT > 250-EXPN
SERVER < 250-ETRN
CLIENT > 250-ETRN
SERVER < 250-ATRN
CLIENT > 250-ATRN
SERVER < 250-DSN
CLIENT > 250-DSN
SERVER < 250-CHECKPOINT
filtered ESMTP feature CHECKPOINT
SERVER < 250-8BITMIME
CLIENT > 250-8BITMIME
SERVER < 250-AUTH CRAM-MD5 DIGEST-MD5 LOGIN PLAIN
CLIENT > 250-AUTH CRAM-MD5 DIGEST-MD5 LOGIN PLAIN
SERVER < 250-AUTH=LOGIN
CLIENT > 250-AUTH=LOGIN
SERVER < 250-STARTTLS
filtered ESMTP feature STARTTLS
SERVER < 250 HELP
CLIENT > 250 HELP
CLIENT < AUTH LOGIN
SERVER > AUTH LOGIN
SERVER < 334 VXNlcm5hbWU6
CLIENT > 334 VXNlcm5hbWU6
CLIENT < YXNpbUBnYWxpbGVvLm5leGxpbngubmV0LnBr
SERVER > YXNpbUBnYWxpbGVvLm5leGxpbngubmV0LnBr
SERVER < 334 UGFzc3dvcmQ6
CLIENT > 334 UGFzc3dvcmQ6
CLIENT < MTIzNDU2
SERVER > MTIzNDU2
SERVER < 235 2.0.0 Authentication successful
Client authenticated successfully
CLIENT > 235 2.0.0 Authentication successful
CLIENT < MAIL FROM <[email protected]>
SERVER > MAIL FROM <[email protected]>
SERVER < 250 2.1.0 <[email protected]>... Sender ok
CLIENT > 250 2.1.0 <[email protected]>... Sender ok
CLIENT < RCPT TO <[email protected]>
SERVER > RCPT TO <[email protected]>
SERVER < 250 2.1.5 <[email protected]>... Recipient ok; will forward
CLIENT > 250 2.1.5 <[email protected]>... Recipient ok; will forward
CLIENT < DATA
CLIENT > 354 Start mail input; end with <CRLF>.<CRLF>
executed filter command /usr/local/bin/spamassassin.sh (pid 22927)
created cache file /tmp/.Os81QA
Below are the diagnose with Microsoft Outlook 2007.
created thread for connection
processing 4 on thread b7f92b90
accepted connection from: 192.168.0.33
SERVER connected to: 192.168.0.82
SERVER < 220-mydomain.com ESMTP
CLIENT > 220-mydomain.com ESMTP
CLIENT < EHLO mypc
SERVER > EHLO mypc
SERVER < 250-mydomain.com Hello mypc [192.168.0.151], pleased to meet you.
intercepting host response
CLIENT > 250-smtp.passthru
SERVER < 250-ENHANCEDSTATUSCODES
CLIENT > 250-ENHANCEDSTATUSCODES
SERVER < 250-SIZE
CLIENT > 250-SIZE
SERVER < 250-EXPN
CLIENT > 250-EXPN
SERVER < 250-ETRN
CLIENT > 250-ETRN
SERVER < 250-ATRN
CLIENT > 250-ATRN
SERVER < 250-DSN
CLIENT > 250-DSN
SERVER < 250-CHECKPOINT
filtered ESMTP feature: CHECKPOINT
SERVER < 250-8BITMIME
CLIENT > 250-8BITMIME
SERVER < 250-AUTH CRAM-MD5 DIGEST-MD5 LOGIN PLAIN
CLIENT > 250-AUTH CRAM-MD5 DIGEST-MD5 LOGIN PLAIN
SERVER < 250-AUTH=LOGIN
CLIENT > 250-AUTH=LOGIN
SERVER < 250-STARTTLS
filtered ESMTP feature: STARTTLS
SERVER < 250 HELP
CLIENT > 250 HELP
CLIENT < AUTH DIGEST-MD5
SERVER > AUTH DIGEST-MD5
SERVER < 334 mVhbG09ImdhbGlsZW8ubmV4bGlueC5uZXQucGsiLG5vbmNlPSJPVGMxTkdaaFlXWmlZalE0Iix
CLIENT > 334 mVhbG09ImdhbGlsZW8ubmV4bGlueC5uZXQucGsiLG5vbmNlPSJPVGMxTkdaaFlXWmlZalE0Iix
CLIENT < XNlcm5hbWU9ImFzaW0iLHJlYWxtPSJnYWxpbGVvLm5leGxpbngubmV0LnBrIixub25jZT0iT1RjMU5
SERVER > XNlcm5hbWU9ImFzaW0iLHJlYWxtPSJnYWxpbGVvLm5leGxpbngubmV0LnBrIixub25jZT0iT1RjMU5
SERVER < 501 5.7.0 Authentication failed
CLIENT > 501 5.7.0 Authentication failed
CLIENT < AUTH LOGIN
SERVER > AUTH LOGIN
SERVER < 334 VXNlcm5hbWU6
CLIENT > 334 VXNlcm5hbWU6
CLIENT < YXNpbUBnYWxpbGVvLm5leGxpbngubmV0LnBr
SERVER > YXNpbUBnYWxpbGVvLm5leGxpbngubmV0LnBr
SERVER < 334 UGFzc3dvcmQ6
CLIENT > 334 UGFzc3dvcmQ6
CLIENT < MTIzNDU2
SERVER > MTIzNDU2
SERVER < 235 2.0.0 Authentication successful
Client authenticated successfully
CLIENT > 235 2.0.0 Authentication successful
CLIENT < MAIL FROM: <[email protected]>
SERVER > MAIL FROM: <[email protected]>
SERVER < 250 2.1.0 <[email protected]>... Sender ok
CLIENT > 250 2.1.0 <[email protected]>... Sender ok
CLIENT < RCPT TO: <[email protected]>
SERVER > RCPT TO: <[email protected]>
SERVER < 250 2.1.5 <[email protected]>... Recipient ok; will forward
CLIENT > 250 2.1.5 <[email protected]>... Recipient ok; will forward
CLIENT < DATA
CLIENT > 354 Start mail input; end with <CRLF>.<CRLF>
created cache file: /tmp/bixHC8
wrote 2440 bytes to filter, read 0 bytes
filter exit code: 127
CLIENT > 550 Content Rejected; sh: From:: command not found
SERVER > RSET
SERVER < 250 2.0.0 Reset state
client=192.168.0.33, [email protected], [email protected], status=sh: From:: command not found
CLIENT < RSET
SERVER > RSET
SERVER < 250 2.0.0 Reset state
CLIENT > 250 2.0.0 Reset state
CLIENT < MAIL FROM: <[email protected]>
SERVER > MAIL FROM: <[email protected]>
SERVER < 250 2.1.0 <[email protected]>... Sender ok
CLIENT > 250 2.1.0 <[email protected]>... Sender ok
CLIENT < RCPT TO: <[email protected]>
SERVER > RCPT TO: <[email protected]>
SERVER < 250 2.1.5 <[email protected]>... Recipient ok; will forward
CLIENT > 250 2.1.5 <[email protected]>... Recipient ok; will forward
CLIENT < DATA
CLIENT > 354 Start mail input; end with <CRLF>.<CRLF>
created cache file: /tmp/Jh3Ic7
wrote 2437 bytes to filter, read 0 bytes
filter exit code: 127
CLIENT > 550 Content Rejected; sh: From:: command not found
SERVER > RSET
SERVER < 250 2.0.0 Reset state
client=192.168.0.33, [email protected], [email protected], status=sh: From:: command not found
CLIENT < QUIT
SERVER > QUIT
CLIENT connection closed
SERVER connection closed
waiting for threads to quit
cleaning up completed thread
The difference between both of the diagnose is as following.
CLIENT < AUTH DIGEST-MD5 SERVER > AUTH DIGEST-MD5 SERVER < 334 cmVhbG09ImdhbGlsZW8ubmV4bGlueC5uZXQucGsiLG5vbmNlPSJPVGMxTkdaaFlXWmlZalE0Iix CLIENT > 334 cmVhbG09ImdhbGlsZW8ubmV4bGlueC5uZXQucGsiLG5vbmNlPSJPVGMxTkdaaFlXWmlZalE0Iix CLIENT < dXNlcm5hbWU9ImFzaW0iLHJlYWxtPSJnYWxpbGVvLm5leGxpbngubmV0LnBrIixub25jZT0iT1RjMU5 SERVER > dXNlcm5hbWU9ImFzaW0iLHJlYWxtPSJnYWxpbGVvLm5leGxpbngubmV0LnBrIixub25jZT0iT1RjMU5 SERVER < 501 5.7.0 Authentication failed CLIENT > 501 5.7.0 Authentication failed
Which means Microsoft Outlook First try Authentication method "DIGEST-MD5" which is causing the problem. Any help please...
I can't see your problem. Your server (whatever it is, but it is not Postfix) announces
250-AUTH CRAM-MD5 DIGEST-MD5 LOGIN PLAIN
. Allowing all the given authentication methods. And when Outlook tries to send the password as DIGEST-MD5 encrypted, your authentication server rejects this (password or method). So Outlook tries the next possibility to send it asAUTH LOGIN
which succeeds. Outlook Express directly usesAUTH LOGIN
because of the250-AUTH=LOGIN
. This is a workaround for the buggy Outlook Express.Then your filter rejects the mail because it is misconfigured as it can't find the program(s) or files needed to scan the mail (
550 Content Rejected; sh: From:: command not found
)This is not a Postfix problem at all. Nor is it a problem of Outlook or Outlook Express.