503 5.5.1 Error: authentication not enabled: Difference between revisions

<hide> page type::article thing type::error message returned by::Postfix </hide>

503 5.5.1 Error: authentication not enabled is an error message returned by Postfix.

Another symptom is the absence of any "AUTH" lines in the response from Postfix when the client sends EHLO:

EHLO hypertwins.org
250-(redacted).com
250-PIPELINING
250-SIZE 10240000
250-VRFY
250-ETRN
250-STARTTLS
250-ENHANCEDSTATUSCODES
250-8BITMIME
250 DSN
AUTH LOGIN
503 5.5.1 Error: authentication not enabled

EHLO hypertwins.org
250-(redacted).com
250-PIPELINING
250-SIZE 10240000
250-VRFY
250-ETRN
250-STARTTLS
250-AUTH PLAIN LOGIN
250-AUTH=PLAIN LOGIN
250-ENHANCEDSTATUSCODES
250-8BITMIME
250 DSN
AUTH LOGIN
334 VXNlcm5hbWU6

This message can appear even when smtpd_sasl_auth_enable is set to "yes" in main.cf.

The changes suggested here seemed to work, albeit with some modifications for my particular config:

## 2011-07-31 trying this, per http://forums.gplhost.com/phpBB2/image-vp3985.html , in attempt to fix smtp external auth
smtp_sasl_auth_enable = no
smtpd_sasl_security_options = noanonymous
smtpd_sasl_local_domain = /etc/mailname
smtpd_sasl_auth_enable = yes
smtpd_tls_auth_only = no

### OVERRIDE -- required in order to authenticate with Frontier's SMTP server/relay
smtp_sasl_auth_enable = yes

## (wzl added 2010-07-04)
smtpd_sasl_type = dovecot
smtpd_sasl_path = private/dovecot-auth
smtpd_sasl_authenticated_header = yes
smtpd_sasl_local_domain = $myhostname
broken_sasl_auth_clients = yes
smtpd_recipient_restrictions = reject_unknown_sender_domain, reject_unknown_recipient_domain, reject_unauth_pipelining, permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination 
smtpd_sender_restrictions = reject_unknown_sender_domain

## more SASL/TLS stuff (was at the end of main.cf, moved here 2011-07-31)
smtp_sasl_authentication_filter =
myorigin = (redacted).com
smtpd_tls_security_level = may
smtpd_sasl_security_options = noanonymous