search

bokysan / docker-postfix

Multi architecture simple SMTP server (postfix null relay) host for your Docker and Kubernetes containers. Based on Debian/Ubuntu/Alpine.
MIT License
555 stars 152 forks source link

boky/postfix:4.3.0-alpine (on Alpine host) no mechanism available #215

Closed mauroreggio closed 1 month ago

mauroreggio commented 1 month ago

Hi. Thanks for this project. Run boky/postfix:4.3.0-alpine on an Alpine 3.20 host, try relay to Microsoft 365, with OAUTH2, i receive this error:

*postfix | 2024-10-06T15:16:41.845278+00:00 WARNING postfix/smtp[278]: sasl-xoauth2: Exception during init: Line 2, Column 18#012 Missing ',' or '}' in object declaration#012 postfix | 2024-10-06T15:16:41.845404+00:00 WARNING postfix/smtp[278]: sasl_client_add_plugin(): entry_point(): failed for plugname sasl-xoauth2: generic failure postfix | 2024-10-06T15:16:41.845466+00:00 DEBUG postfix/smtp[278]: _sasl_plugin_load failed on sasl_client_plug_init for plugin: sasl-xoauth2 postfix | 2024-10-06T15:16:41.857557+00:00 INFO postfix/smtpd[273]: disconnect from unknown[192.168.0.4] ehlo=1 mail=1 rcpt=1 data=1 commands=4 postfix | 2024-10-06T15:16:42.088207+00:00 WARNING postfix/smtp[278]: warning: SASL authentication failure: No worthy mechs found postfix | 2024-10-06T15:16:42.088976+00:00 INFO postfix/smtp[278]: BE042241A19: SASL authentication failed; cannot authenticate to server smtp.office365.com[52.98.242.226]: no mechanism available postfix | 2024-10-06T15:16:42.196293+00:00 WARNING postfix/smtp[278]: warning: SASL authentication failure: No worthy mechs found postfix | 2024-10-06T15:16:42.197323+00:00 INFO postfix/smtp[278]: BE042241A19: SASL authentication failed; cannot authenticate to server smtp.office365.com[52.98.237.162]: no mechanism available postfix | 2024-10-06T15:16:42.306844+00:00 WARNING postfix/smtp[278]: warning: SASL authentication failure: No worthy mechs found postfix | 2024-10-06T15:16:42.306878+00:00 INFO postfix/smtp[278]: BE042241A19: SASL authentication failed; cannot authenticate to server smtp.office365.com[52.98.237.146]: no mechanism available postfix | 2024-10-06T15:16:42.413490+00:00 WARNING postfix/smtp[278]: warning: SASL authentication failure: No worthy mechs found**

Try add to host libsasl (apk add cyrus-sasl) but not know if i'm in the right direction and/or if what i try add to the host is correct. But the docker image not have all it need for run?

Here my docker-compose.yml

_name: postfix-docker services: postfix: restart: unless-stopped container_name: postfix environment:

Thanks. Mauro.

mauroreggio commented 1 month ago

I do some debug. Enter in the container shell and explore postfix configuration. This is how "/etc/postfix/main.cf" is created (only the final part)

inet_protocols = ipv4 meta_directory = /etc/postfix shlib_directory = /usr/lib/postfix mydestination = relay_domains = header_size_limit = 4096000 smtpd_delay_reject = yes smtpd_helo_required = yes smtpd_client_restrictions = permit_mynetworks,reject smtpd_helo_restrictions = permit_mynetworks,reject_invalid_helo_hostname,permit smtpd_sender_restrictions = permit_mynetworks,reject relayhost = smtp.office365.com:587 smtp_tls_CAfile = /etc/ssl/certs/ca-certificates.crt smtp_sasl_auth_enable = yes smtp_sasl_password_maps = lmdb:/etc/postfix/sasl_passwd smtp_sasl_security_options = smtp_sasl_tls_security_options = noanonymous smtp_sasl_mechanism_filter = xoauth2 smtp_tls_session_cache_database = lmdb:${data_directory}/smtp_scache message_size_limit = 0 myhostname = mail01 mynetworks = 127.0.0.0/8,10.0.0.0/8,172.16.0.0/12,192.168.0.0/16 smtp_tls_security_level = encrypt

I read this page where there are some suggestion for configure postfix with oauth2, and merge with our config: https://mmogilvi.users.sourceforge.net/software/oauthbearer.html In our config:

Can be this the problem? I try create the file myself, but i not know exactly what the file must contain.

Thanks. Mauro.

bokysan commented 1 month ago

Hello.

I'm looking at your issue, and I'm still not entirely sure what's it about. I believe you're running into a config issue and not really a bug in the system.

If you're using xoauth2, there is a specific way how this is configured. Check out the tutorial at SASL-XOAUTH2 project page for details.

If you do believe there is a bug, please be so kind and offer more details and reopen this ticket.

mauroreggio commented 1 month ago

Hi bokysan and thanks for reply me. Sorry because i not have the right skill for understand how create a container, so i not want bother you and waste your time. I double check all and i not find config problem in my config. Reading the tutorial you provide i can read something that tarickb write in the "debug session" of the project page:

SASL Mechanisms If Postfix complains about not finding a SASL mechanism (along the lines of warning: SASL authentication failure: No worthy mechs found), it's possible that either make install or the pre-built package put libsasl-xoauth2.so in the wrong directory.

This is exactly what happens to me. I apreciate if anyone other that use this container with Microsoft 365, with OAUTH2, can say me that all works good, so i can concentrate me again in config problems. I think that you do a great work with this project and if i can test OAUTH2 function and make it work, i think it become very important for permit send email with legacy application.

Thanks again.

bokysan commented 1 month ago

Hey,

I can tell you that it works for me with Google OAuth, but I haven't tested it in a while, and it's quite cumbersome. If you can, I would suggest switching to another authentication method.

Unfortunately I don't have Microsoft 365 to test against, but I know some people have made it work.

If I may suggest, have you tried other flavours of this image (Debian or Ubuntu?)