search

tarickb / sasl-xoauth2

SASL plugin for XOAUTH2
Other
72 stars 20 forks source link

Postfix Not working #68

Open tejavivek opened 1 year ago

tejavivek commented 1 year ago

Jun 14 15:32:02 SystaUbuntu postfix/postfix-script[23625]: stopping the Postfix mail system Jun 14 15:32:02 SystaUbuntu postfix/master[22635]: terminating on signal 15 Jun 14 15:32:03 SystaUbuntu postfix/postfix-script[23996]: warning: unable to create missing queue directories Jun 14 15:32:03 SystaUbuntu postfix/postfix-script[24016]: warning: symlink leaves directory: /etc/postfix/./makedefs.out Jun 14 15:32:03 SystaUbuntu postfix/postfix-script[24192]: starting the Postfix mail system Jun 14 15:32:03 SystaUbuntu postfix/master[24194]: daemon started -- version 3.4.13, configuration /etc/postfix Jun 14 18:06:31 SystaUbuntu postmulti[1277]: warning: /etc/postfix/main.cf, line 45: overriding earlier entry: smtp_tls_security_level=may Jun 14 18:06:31 SystaUbuntu postfix[1279]: warning: /etc/postfix/main.cf, line 45: overriding earlier entry: smtp_tls_security_level=may Jun 14 18:06:31 SystaUbuntu postfix/master[1289]: warning: /etc/postfix/main.cf, line 45: overriding earlier entry: smtp_tls_security_level=may Jun 14 18:06:31 SystaUbuntu postfix/postlog[1314]: warning: /etc/postfix/main.cf, line 45: overriding earlier entry: smtp_tls_security_level=may Jun 14 18:06:31 SystaUbuntu postfix/postfix-script[1314]: warning: unable to create missing queue directories Jun 14 18:06:31 SystaUbuntu postfix/postsuper[1317]: warning: /etc/postfix/main.cf, line 45: overriding earlier entry: smtp_tls_security_level=may Jun 14 18:06:31 SystaUbuntu postfix/postlog[1339]: warning: /etc/postfix/main.cf, line 45: overriding earlier entry: smtp_tls_security_level=may Jun 14 18:06:31 SystaUbuntu postfix/postfix-script[1339]: warning: symlink leaves directory: /etc/postfix/./makedefs.out Jun 14 18:06:32 SystaUbuntu postfix/postlog[1519]: warning: /etc/postfix/main.cf, line 45: overriding earlier entry: smtp_tls_security_level=may Jun 14 18:06:32 SystaUbuntu postfix/postfix-script[1519]: starting the Postfix mail system Jun 14 18:06:32 SystaUbuntu postfix/master[1522]: warning: /etc/postfix/main.cf, line 45: overriding earlier entry: smtp_tls_security_level=may Jun 14 18:06:32 SystaUbuntu postfix/master[1522]: daemon started -- version 3.4.13, configuration /etc/postfix Jun 14 18:06:32 SystaUbuntu postfix/qmgr[1526]: warning: /etc/postfix/main.cf, line 45: overriding earlier entry: smtp_tls_security_level=may Jun 14 18:06:32 SystaUbuntu postfix/pickup[1525]: warning: /etc/postfix/main.cf, line 45: overriding earlier entry: smtp_tls_security_level=may Jun 14 18:15:04 SystaUbuntu postfix/postmap[1785]: warning: /etc/postfix/main.cf, line 45: overriding earlier entry: smtp_tls_security_level=may Jun 14 18:15:15 SystaUbuntu postfix/postmap[1786]: warning: /etc/postfix/main.cf, line 45: overriding earlier entry: smtp_tls_security_level=may Jun 14 18:15:15 SystaUbuntu postfix/postmap[1786]: fatal: usage: postmap [-bfFhimnNoprsuUvw] [-c config_dir] [-d key] [-q key] [map_type:]file... Jun 14 19:13:02 SystaUbuntu postfix/postfix-script[1323]: warning: unable to create missing queue directories Jun 14 19:13:02 SystaUbuntu postfix/postfix-script[1350]: warning: symlink leaves directory: /etc/postfix/./makedefs.out Jun 14 19:13:02 SystaUbuntu postfix/postfix-script[1575]: starting the Postfix mail system Jun 14 19:13:02 SystaUbuntu postfix/master[1577]: daemon started -- version 3.4.13, configuration /etc/postfix Jun 15 11:41:10 SystaUbuntu postfix/postfix-script[1323]: warning: unable to create missing queue directories Jun 15 11:41:10 SystaUbuntu postfix/postfix-script[1350]: warning: symlink leaves directory: /etc/postfix/./makedefs.out Jun 15 11:41:11 SystaUbuntu postfix/postfix-script[1552]: starting the Postfix mail system Jun 15 11:41:11 SystaUbuntu postfix/master[1561]: daemon started -- version 3.4.13, configuration /etc/postfix Jun 15 19:55:01 SystaUbuntu postfix/postfix-script[1344]: warning: unable to create missing queue directories Jun 15 19:55:01 SystaUbuntu postfix/postfix-script[1366]: warning: symlink leaves directory: /etc/postfix/./makedefs.out Jun 15 19:55:02 SystaUbuntu postfix/postfix-script[1579]: starting the Postfix mail system Jun 15 19:55:02 SystaUbuntu postfix/master[1582]: daemon started -- version 3.4.13, configuration /etc/postfix Jun 16 11:34:10 SystaUbuntu postfix/postfix-script[1321]: warning: unable to create missing queue directories Jun 16 11:34:10 SystaUbuntu postfix/postfix-script[1344]: warning: symlink leaves directory: /etc/postfix/./makedefs.out Jun 16 11:34:11 SystaUbuntu postfix/postfix-script[1534]: starting the Postfix mail system Jun 16 11:34:11 SystaUbuntu postfix/master[1536]: daemon started -- version 3.4.13, configuration /etc/postfix Jun 16 12:28:52 SystaUbuntu postfix/postfix-script[3824]: stopping the Postfix mail system Jun 16 12:28:52 SystaUbuntu postfix/master[1536]: terminating on signal 15 Jun 16 12:28:53 SystaUbuntu postfix/postfix-script[4195]: warning: unable to create missing queue directories Jun 16 12:28:53 SystaUbuntu postfix/postfix-script[4215]: warning: symlink leaves directory: /etc/postfix/./makedefs.out Jun 16 12:28:53 SystaUbuntu postfix/postfix-script[4391]: starting the Postfix mail system Jun 16 12:28:53 SystaUbuntu postfix/master[4393]: daemon started -- version 3.4.13, configuration /etc/postfix Jun 16 12:33:20 SystaUbuntu postfix/pickup[4395]: 3EE477E296: uid=0 from=MeganB@M365x73155947.OnMicrosoft.com Jun 16 12:33:20 SystaUbuntu postfix/cleanup[4406]: 3EE477E296: message-id=20230616123320.3EE477E296@SystaUbuntu.gc3la0oxiipulnnolxyrk3nxrg.bx.internal.cloudapp.net Jun 16 12:33:20 SystaUbuntu postfix/qmgr[4396]: 3EE477E296: from=MeganB@M365x73155947.OnMicrosoft.com, size=512, nrcpt=1 (queue active) Jun 16 12:33:20 SystaUbuntu postfix/smtp[4408]: warning: SASL authentication failure: No worthy mechs found Jun 16 12:33:20 SystaUbuntu postfix/smtp[4408]: 3EE477E296: SASL authentication failed; cannot authenticate to server smtp.office365.com[52.96.90.34]: no mechanism available Jun 16 12:33:20 SystaUbuntu postfix/smtp[4408]: warning: SASL authentication failure: No worthy mechs found Jun 16 12:33:20 SystaUbuntu postfix/smtp[4408]: 3EE477E296: SASL authentication failed; cannot authenticate to server smtp.office365.com[52.96.88.98]: no mechanism available Jun 16 12:33:20 SystaUbuntu postfix/smtp[4408]: connect to smtp.office365.com[2603:1036:302:505c::2]:587: Network is unreachable Jun 16 12:33:20 SystaUbuntu postfix/smtp[4408]: warning: SASL authentication failure: No worthy mechs found Jun 16 12:33:20 SystaUbuntu postfix/smtp[4408]: 3EE477E296: SASL authentication failed; cannot authenticate to server smtp.office365.com[52.96.179.226]: no mechanism available Jun 16 12:33:20 SystaUbuntu postfix/smtp[4408]: connect to smtp.office365.com[2603:1036:302:40d0::2]:587: Network is unreachable Jun 16 12:33:20 SystaUbuntu postfix/smtp[4408]: 3EE477E296: to=AllanD@M365x73155947.OnMicrosoft.com, relay=none, delay=0.3, delays=0.05/0.18/0.08/0, dsn=4.4.1, status=deferred (connect to smtp.office365.com[2603:1036:302:40d0::2]:587: Network is unreachable

tejavivek commented 1 year ago

ls -la total 88 drwxr-xr-x 5 root root 4096 Jun 16 12:23 . drwxr-xr-x 107 root root 4096 Jun 16 11:40 .. -rw-r--r-- 1 root root 60 Jun 14 15:24 dynamicmaps.cf drwxr-xr-x 2 root root 4096 Sep 7 2021 dynamicmaps.cf.d -rw-r--r-- 1 root root 1808 Jun 16 12:23 main.cf -rw-r--r-- 1 root root 27120 Jun 14 15:25 main.cf.proto lrwxrwxrwx 1 root root 31 Jun 14 15:25 makedefs.out -> /usr/share/postfix/makedefs.out -rw-r--r-- 1 root root 6208 Jun 14 15:24 master.cf -rw-r--r-- 1 root root 6208 Jun 14 15:25 master.cf.proto drwxr-xr-x 2 root root 4096 Sep 7 2021 postfix-files.d drwxr-xr-x 2 root root 4096 Sep 7 2021 sasl -rw-r--r-- 1 root root 111 Jun 14 18:46 sasl_passwd -rw-r--r-- 1 root root 12288 Jun 14 19:23 sasl_passwd.db -rw-r--r-- 1 root root 44 Jun 15 21:25 sender_canonical_maps

tarickb commented 1 year ago

Please review the debugging section of the README and include the relevant logs.

tejavivek commented 1 year ago

image Could you please help with this?

tejavivek commented 1 year ago

image After that as mention in ReadMe I had run these two commands

tarickb commented 1 year ago

The "failed to open file" messages are useful here. Can you confirm that there is indeed a token file at that path? If you're using the default Postfix setup on Ubuntu then I think you've probably got chroot enabled, so you'll want to make sure that token file actually exists at /var/spool/postfix/etc/tokens/....

tejavivek commented 1 year ago

I am using ubuntu as you can see image

tejavivek commented 1 year ago

image

tarickb commented 1 year ago

Okay so create a directory /var/spool/postfix/etc/tokens/ and then copy your token file there.

tejavivek commented 1 year ago

image

As you can see eve after creating and coping token file to /var/spool/postfix/etc/tokens/ I dont see any change

tejavivek commented 1 year ago

Shold i make any changes here ? image

tejavivek commented 1 year ago

image

Could you please help with this thing?

tarickb commented 1 year ago

Can you provide the output of ls -l /var/spool/postfix/etc/tokens/?

tejavivek commented 1 year ago

Hey I got ride of those errors now what i got is these image

tejavivek commented 1 year ago

image

tejavivek commented 1 year ago

image

tejavivek commented 1 year ago

image These are the contents of /etc/postfix/mian.cf file

tarickb commented 1 year ago

Please please carefully go through the README. The path you put in /etc/postfix/sasl_passwd should be /etc/tokens/... even though the token file is actually in /var/spool/postfix/etc/tokens/....

It would also be helpful if you could document what exactly you're changing, what you're trying, etc. so that I don't have to guess. Thanks.

tejavivek commented 1 year ago

Hey I have used this command to download certficates files to eastablish tls connection do you think it is unnecssary or what is the way to download cetifactes? openssl s_client -showcerts -starttls smtp -crlf -connect smtp.office365.com:587

tejavivek commented 1 year ago

Please please carefully go through the README. The path you put in /etc/postfix/sasl_passwd should be /etc/tokens/... even though the token file is actually in /var/spool/postfix/etc/tokens/....

It would also be helpful if you could document what exactly you're changing, what you're trying, etc. so that I don't have to guess. Thanks.

at first I have specificed only /etc/tokens but since there is errro saying dont understand where to access token files from wether form '/etc/tokens/'.. or '/var/spool/postfix/etc/tokens..' to resolve this error i have changed path to '/var/spool/postfix/etc/tokens/username@domain.com' 2 days ago above pics i have given you contents of '/etc/postfix/main.cf' please see if there is any misconfigurations in that. Thank you hope you got the clear picture now. if you want any other config files i will post them thanks the patience and help.

tarickb commented 1 year ago

Let's focus first on the "No such file or directory" errors in your logs. I'm asking you a few questions here, please reply to all of them.

  1. What is the output of cat /etc/postfix/sasl_passwd?
  2. Did you run sudo postmap /etc/postfix/sasl_passwd after editing /etc/postfix/sasl_passwd?
  3. What is the output of ls -l /var/spool/postfix/etc/tokens/?
  4. What is the output of cat /etc/postfix/master.cf | grep ^smtp?
tejavivek commented 1 year ago

Do I need to enable basic smtp auth to get SASAL Authentication done? Thank You. I have gone through READMe and done everything properly and figured out what happened only doubt is this.

tejavivek commented 1 year ago

  1. image

  2. Yes i Did run sudo postmap /etc/postfix/sasl_passwd after editing /etc/postfix/sasl_passwd

  3. image

  4. image

tarickb commented 1 year ago

Okay and with that exact configuration, can you provide Postfix logs?

Also no, you don't need to enable basic SMTP authentication.

tejavivek commented 1 year ago

I have another query could you please check if my config in /etc/postfix/main.cf is correct or not image

tejavivek commented 1 year ago

Hey could you please help with above things thank you

tarickb commented 1 year ago

That latest log snippet doesn't show anything from sasl-xoauth2, leading me to believe something in your configuration is causing it to be disabled. Try setting smtp_sasl_security_options = (i.e., explicitly setting it to empty).

tejavivek commented 1 year ago

I already set it to smtp_sasl_security_options= nothing

image

tarickb commented 1 year ago

Is your token file in /var/spool/postfix/etc getting updated (check the timestamp or the contents)? If so, the plugin is working, and there's something else in your Postfix or your Office 365 configuration that's causing authentication to fail. I'm not really sure what that might be.

tejavivek commented 1 year ago

image image

Do you think any changes should be made here in above and below

image

tarickb commented 1 year ago

What is "SMTP Relay Server"? Did you inadvertently create an "enterprise application" on Azure instead of an "app registration"? AFAICT they're different things.

tejavivek commented 1 year ago

image

tarickb commented 1 year ago

That looks fine to me. Are you using client credentials from this new application? Is the error message different at all?

tejavivek commented 12 months ago

There is no different error message all same

tarickb commented 11 months ago

Can you try the new device flow token request method in 0.23? There are detailed instructions in the README but basically you need to enable "Allow public client flows" for your app registration (in the Azure console), and pass --use-device-flow to sasl-xoauth2-tool.