Join Log in
Score:1
avatar Server

Postfix unable to authenticate with Microsoft Exchange (No credentials were supplied)

us flag
qroberts

I want to setup postfix on my nagios server to relay emails to our Microsoft Exchange server and I am running into issues with authenticating with Microsoft Exchange.

Specifically I am getting this error:

warning: SASL authentication failure: GSSAPI Error: No credentials were supplied, or the credentials were unavailable or inaccessible (No Kerberos credentials available (default cache: KCM:))

I have the cyrus-sasl packages installed

[root@nag postfix]# yum list installed | grep sas

cyrus-sasl.x86_64                                2.1.27-17.el9                         @baseos
cyrus-sasl-gssapi.x86_64                         2.1.27-17.el9                         @anaconda
cyrus-sasl-lib.x86_64                            2.1.27-17.el9                         @anaconda
cyrus-sasl-md5.x86_64                            2.1.27-17.el9                         @appstream
cyrus-sasl-plain.x86_64                          2.1.27-17.el9                         @anaconda

[root@nag postfix]# postconf -df | grep sasl

broken_sasl_auth_clients = no
cyrus_sasl_config_path =
lmtp_sasl_auth_cache_name =
lmtp_sasl_auth_cache_time = 90d
lmtp_sasl_auth_enable = no
lmtp_sasl_auth_soft_bounce = yes
lmtp_sasl_mechanism_filter =
lmtp_sasl_password_maps =
lmtp_sasl_path =
lmtp_sasl_security_options = noplaintext, noanonymous
lmtp_sasl_tls_security_options = $lmtp_sasl_security_options
lmtp_sasl_tls_verified_security_options = $lmtp_sasl_tls_security_options
lmtp_sasl_type = cyrus
    $lmtp_sasl_password_maps $lmtp_tls_policy_maps $mailbox_command_maps
    $smtp_pix_workaround_maps $smtp_sasl_password_maps $smtp_tls_policy_maps
proxy_write_maps = $smtp_sasl_auth_cache_name $lmtp_sasl_auth_cache_name
send_cyrus_sasl_authzid = no
smtp_sasl_auth_cache_name =
smtp_sasl_auth_cache_time = 90d
smtp_sasl_auth_enable = no
smtp_sasl_auth_soft_bounce = yes
smtp_sasl_mechanism_filter =
smtp_sasl_password_maps =
smtp_sasl_path =
smtp_sasl_security_options = noplaintext, noanonymous
smtp_sasl_tls_security_options = $smtp_sasl_security_options
smtp_sasl_tls_verified_security_options = $smtp_sasl_tls_security_options
smtp_sasl_type = cyrus
    {permit_mynetworks, permit_sasl_authenticated, defer_unauth_destination}}
smtpd_sasl_auth_enable = no
smtpd_sasl_authenticated_header = no
smtpd_sasl_exceptions_networks =
smtpd_sasl_local_domain =
smtpd_sasl_path = smtpd
smtpd_sasl_response_limit = 12288
smtpd_sasl_security_options = noanonymous
smtpd_sasl_service = smtp
smtpd_sasl_tls_security_options = $smtpd_sasl_security_options
smtpd_sasl_type = cyrus

main.cf

compatibility_level = 2
queue_directory = /var/spool/postfix
command_directory = /usr/sbin
daemon_directory = /usr/libexec/postfix
data_directory = /var/lib/postfix
mail_owner = postfix
myhostname = host.domain.tld
mydomain = domain.tld
myorigin = $mydomain
inet_interfaces = all
inet_protocols = all
mydestination = $myhostname, localhost.$mydomain, localhost
unknown_local_recipient_reject_code = 550
mynetworks = 0.0.0.0/24, 1.1.1.0/24
relayhost = [relayhost.domain.tld]:587
alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases
home_mailbox = Maildir/
 
  
debug_peer_level = 2
debugger_command =
     PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin
     ddd $daemon_directory/$process_name $process_id & sleep 5
sendmail_path = /usr/sbin/sendmail.postfix
newaliases_path = /usr/bin/newaliases.postfix
mailq_path = /usr/bin/mailq.postfix
setgid_group = postdrop
html_directory = no
manpage_directory = /usr/share/man
sample_directory = /usr/share/doc/postfix/samples
readme_directory = /usr/share/doc/postfix/README_FILES
smtpd_tls_security_level = may
smtp_tls_CApath = /etc/pki/tls/certs
meta_directory = /etc/postfix
shlib_directory = /usr/lib64/postfix
myhostname = host.domain.tld
relayhost = [relayhost.domain.tld]:587
smtp_use_tls = yes
smtp_sasl_auth_enable = yes
smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd
smtp_tls_CAfile = /etc/ssl/certs/ca-bundle.crt
smtp_sasl_security_options = noanonymous
smtp_sasl_tls_security_options = noanonymous

[root@nag postfix]# systemctl status postfix

 postfix.service - Postfix Mail Transport Agent
     Loaded: loaded (/usr/lib/systemd/system/postfix.service; enabled; vendor preset: disabled)
     Active: active (running) since Tue 2021-12-14 14:05:42 NST; 8min ago
    Process: 29028 ExecStartPre=/usr/libexec/postfix/aliasesdb (code=exited, status=0/SUCCESS)
    Process: 29030 ExecStartPre=/usr/libexec/postfix/chroot-update (code=exited, status=0/SUCCESS)
    Process: 29031 ExecStart=/usr/sbin/postfix start (code=exited, status=0/SUCCESS)
   Main PID: 29099 (master)
      Tasks: 4 (limit: 11100)
     Memory: 4.9M
        CPU: 331ms
     CGroup: /system.slice/postfix.service
             ├─29099 /usr/libexec/postfix/master -w
             ├─29100 pickup -l -t unix -u
             ├─29101 qmgr -l -t unix -u
             └─29148 tlsmgr -l -t unix -u

Dec 14 14:07:02 host.domain.tld postfix/pickup[29100]: C4AF631A2671: uid=0 from=<[email protected]>
Dec 14 14:07:02 host.domain.tld postfix/trivial-rewrite[29146]: warning: /etc/postfix/main.cf, line 758: overriding earlier entry: myhostname=host.domain.tld
Dec 14 14:07:02 host.domain.tld postfix/cleanup[29145]: C4AF631A2671: message-id=<20211214173702.OJWqL%[email protected]>
Dec 14 14:07:02 host.domain.tld postfix/qmgr[29101]: C4AF631A2671: from=<[email protected]>, size=330, nrcpt=1 (queue active)
Dec 14 14:07:02 host.domain.tld postfix/smtp[29147]: warning: /etc/postfix/main.cf, line 758: overriding earlier entry: myhostname=host.domain.tld
Dec 14 14:07:02 host.domain.tld postfix/tlsmgr[29148]: warning: /etc/postfix/main.cf, line 758: overriding earlier entry: myhostname=host.domain.tld
Dec 14 14:07:03 host.domain.tld postfix/smtp[29147]: warning: SASL authentication failure: GSSAPI Error: No credentials were supplied, or the credentials were unavailable or inaccessible (No Kerberos credentials available (default cache: KCM:))
Dec 14 14:07:03 host.domain.tld postfix/bounce[29150]: warning: /etc/postfix/main.cf, line 758: overriding earlier entry: myhostname=host.domain.tld
Dec 14 14:07:03 host.domain.tld postfix/smtp[29147]: C4AF631A2671: to=<[email protected]>, relay=mail.domain.tld[1.1.1.2]:587, delay=0.29, delays=0.01/0.07/0.21/0, dsn=4.7.0, status=deferred (SASL authentication failed; cannot authenticate to server mail.domain.tld[1.1.1.2]: generic failure)
Dec 14 14:07:25 host.domain.tld postfix/showq[29198]: warning: /etc/postfix/main.cf, line 758: overriding earlier entry: myhostname=host.domain.tld

sasl_passwd

[relayhost.domain.tld]:587 [email protected]:bestpassword

[root@nag postfix]# mailq

mailq: warning: /etc/postfix/main.cf, line 758: overriding earlier entry: myhostname=host.domain.tld
postqueue: warning: /etc/postfix/main.cf, line 758: overriding earlier entry: myhostname=host.domain.tld
-Queue ID-  --Size-- ----Arrival Time---- -Sender/Recipient-------
C4AF631A2671     330 Tue Dec 14 14:07:02  [email protected]
(SASL authentication failed; cannot authenticate to server relayhost.domain.tld[1.1.1.2]: generic failure)
                                         [email protected]

EDIT

I found out what the issue was. This question answered it How to configure Postfix client relay to Exchange 2010 server

I added smtp_sasl_mechanism_filter = !gssapi, !ntlm, static:rest to the main.cf

254
0 + 0
ธงชาติไทย
Elon Musk
I sit in a Tesla and translated this thread with Ai:

mangohost

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.