"503 5.5.1 Error: authentication not enabled" when trying to connect to my postfix server remotley

Question

I have the following:

postfix-2.10.1-6.el7.x86_64
cyrus-sasl-lib-2.1.26-17.el7.x86_64
cyrus-sasl-plain-2.1.26-17.el7.x86_64
cyrus-sasl-2.1.26-17.el7.x86_64

my postconf -n is:

   alias_database = hash:/etc/aliases
   alias_maps = hash:/etc/aliases
   command_directory = /usr/sbin
   config_directory = /etc/postfix
   daemon_directory = /usr/libexec/postfix
   data_directory = /var/lib/postfix
   debug_peer_level = 2
   debugger_command = PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin ddd         $daemon_directory/$process_name $process_id & sleep 5
  html_directory = no
  inet_interfaces = all
  inet_protocols = all
  mail_owner = postfix
  mailq_path = /usr/bin/mailq.postfix
  manpage_directory = /usr/share/man
  mydestination = $myhostname, localhost.$mydomain, localhost
  newaliases_path = /usr/bin/newaliases.postfix
  queue_directory = /var/spool/postfix
  readme_directory = /usr/share/doc/postfix-2.10.1/README_FILES
  relayhost = smtp.dynect.net:25
  sample_directory = /usr/share/doc/postfix-2.10.1/samples
  sendmail_path = /usr/sbin/sendmail.postfix
  setgid_group = postdrop
  smtp_sasl_auth_enable = yes
  smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd
  unknown_local_recipient_reject_code = 550

My /etc/sysconfig/saslauthd has:

SOCKETDIR=/run/saslauthd
MECH=pam
FLAGS=

My /etc/sasl2/smtpd.conf has:

pwcheck_method: saslauthd
mech_list: plain login    

when I try to login from a remote server I get the following error:

telnet 10.65.60.23 25
Trying 10.65.60.23...
Connected to 10.65.60.23.
Escape character is '^]'.
220 jira.radwarecloud.com ESMTP Postfix
EHLO local.domain.name
250-jira.radwarecloud.com
250-PIPELINING
250-SIZE 10240000
250-VRFY
250-ETRN
250-ENHANCEDSTATUSCODES
250-8BITMIME
250 DSN
auth login
503 5.5.1 Error: authentication not enabled

what am I missing here??? Thanks! Elad.

Answer 1

For enable SASL when receiving email via smtpd, you need to put this parameter

smtpd_sasl_auth_enable = yes

For enable SASL when sending email via smtp, you need to put this parameter

smtp_sasl_auth_enable = yes

In your postconf output above, you only put smtp_sasl_auth_enable not smtpd_sasl_auth_enable. That's why postfix complain with error

Error: authentication not enabled

Answer 2

AUTH is not part of basic SMTP, but of ESMTP. So in order to use AUTH, you need to start the SMTP session with EHLO instead of HELO.

Answer 3

How to debug whether it's really the SELinux issue which is blocking these SMTP connections? You can use the getsebool command to check whether the httpd daemon is allowed to make an SMTP connection over the network to send an email.

getsebool httpd_can_sendmail

getsebool httpd_can_network_connect

This command will return a boolean on or off. If it's disabled, then you will see an output like this; getsebool: SELinux is disabled We can turn it on using the following command:

sudo setsebool -P httpd_can_sendmail 1

sudo setsebool -P httpd_can_network_connect 1

If you are running your code on a shared hosting provider and trying to connect to some third-party SMTP provider like smtp.pepipost.com or smtp.sendgrid.com and getting some errors like this.​

Answer 4

chown -R saslauth:saslauth /var/run/saslauthd/