Postfix smarthost + authentication: 535 incorrect authentication data

[Demented ZA]

On Ubuntu server 10.10, with a relay smtp server with authentication via postfix; I keep getting 535: Incorrect authentication data. I'm sure my username and password is correct.

Heres how I set up postfix:

I created a file called smarthosts.conf in my /etc/postfix/ directory that contains the following:

Code:

smtp.myisp.com username:password

I ran the following after creation of the file:

Code:

sudo chown root:root /etc/postfix/
sudo chmod 600 /etc/postfix/smarthosts.conf
sudo postmap hash:/etc/postfix/smarthosts.conf

My /etc/postfix/main.cf file:

Code:

# See /usr/share/postfix/main.cf.dist for a commented, more complete version


# Debian specific:  Specifying a file name will cause the first
# line of that file to be used as the name.  The Debian default
# is /etc/mailname.
#myorigin = /etc/mailname

smtpd_banner = $myhostname ESMTP $mail_name (Ubuntu)
biff = no

# appending .domain is the MUA's job.
append_dot_mydomain = no

# Uncomment the next line to generate "delayed mail" warnings
#delay_warning_time = 4h

readme_directory = no

# TLS parameters
smtpd_tls_cert_file=/etc/ssl/certs/ssl-cert-snakeoil.pem
smtpd_tls_key_file=/etc/ssl/private/ssl-cert-snakeoil.key
smtpd_use_tls=yes
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache

# See /usr/share/doc/postfix/TLS_README.gz in the postfix-doc package for
# information on enabling SSL in the smtp client.

alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases
myorigin = /etc/mailname
mydestination = localhost
relayhost = smtp.myisp.com
smtp_sasl_auth_enable = yes
smtp_sasl_password_maps = hash:/etc/postfix/smarthosts.conf
smtp_sasl_security_options =
mailbox_size_limit = 0
recipient_delimiter = +
home_mailbox = /Maildir/

When I send an e-mail, it gets stuck in the mail que. Here's the output from my mail.log file:

Code:

SASL authentication failed; server smtp.myisp.com[*.*.*.*] said: 535 Incorrect authentication data

I'm sure my username/password combination is correct, but I get the feeling the settings related to security is wrong.

my server uses plain text authentication on port 25. I would like to use security like SSL , but this particular server is unsecured.

Any advice would be appreciated.

[rubylaser]

In the past when I've hashed for SASL, I've never done it the way you tried. I normally just call postmap on my file.
postmap /etc/postfix/smarthosts.conf, instead of adding hash: in front of it. What do the contents of /etc/postfix/smarthosts.conf look like?

Code:

cat /etc/postfix/smarthosts.conf

[Demented ZA]

Code:

smtp.audca.co.za user@audca.co.za 12345

I edited the above, as is an actual user e-mail and password, along with its server.

I basically followed numerous guides like this one.

How would you have done it? I tried it without the hash bit in front. Didn't seem to make a difference.

[Demented ZA]

If I try setting up Thunderbird with that exact same smtp, username and pass, I can send e-mails to my gmail and other domain e-mails without a problem. That is if I use port 25, unencrypted password.

[Demented ZA]

I have a hunch that my password is getting mangled from that file and is not sent to the server as I expect it to be sent, thus the invalid authentication data.

I just don't know how to debug, and what to change?

Btw, what is the actual message if I were to login to a server with the wrong username and password? Wouldn't it be a different error like invalid username/password?

[rubylaser]

The reason why I asked, is this is how a correctly hashed file looks...

Code:

[smtp.gmail.com]:587 me@gmail.com:password

The smtp part above should match your relayhost...
And I normally add transport_maps into my main.cf

Code:

transport_maps = hash:/etc/postfix/transport

This is what I have in mine

Code:

root@fileserver:~# cat /etc/postfix/transport
# This sends mail to Gmail
gmail.com smtp:[smtp.gmail.com]:587

Finally, your error is telling your auth info is bad, either user or password for the host you've specified.

[Demented ZA]

Thanks for your reply.

Your file looks way different than mine. Since the how-to I worked of wasn't focussed on Ubuntu, or any debian-based distribution, and I'm absolutely sure mu username+password is correct, I think my configfile is just not set up as postfix expects, and I'm sure the info that reaches the server is not what I would expect to see as my username and password.

I'm going change my information to the format of your file and see what that does, and then post back.

On a seperate note, what does transport_maps do? Googling it now...

[Demented ZA]

Hmmm, according to Postfix.org tranpost maps are additional parameters to tell postfix what to do with certain addresses etc.

I could be wrong, but this isn't something I need, is it? Did you configure your own transport maps, or is it a generic configuration?

[Demented ZA]

Brilliant, it works!

Its just the syntax/formatting that was the problem. The moment I changed it to your layout, it worked!

This is what it looks like now:

Code:

$ cat /etc/postfix/smarthosts.conf
[smtp.audca.co.za]:25 user@audca.co.za:password

Also, removing or prepending the "hash:" portion in postfix configuration doesn't seem to make a difference to functionality.

From what I gather on the internet, defining hash: in the configuration like

Code:

smtp_sasl_password_maps = hash:/etc/postfix/smarthosts.conf

, tells postfix to hash the file before reading it, cuircumventing the need to do a

Code:

postmap /etc/postfix/smarthosts.conf

This means you can edit the postfix file directly, and not have to worry about forgetting to issue postmap command.


Now I would like to telnet into my smtp server, see what capabilities it has, and try SSL instead of plain text.

[rubylaser]

Great, glad you got it sorted out.