[alpine] SASL authentication failure: No worthy mechs found

Question

[alpine] SASL authentication failure: No worthy mechs found

0x9394 opened this issue 5 years ago · 8 comments

tag with latest works fine. while alpine will not work with same config.

Mar 31 09:09:30 538f84b25f17 postfix/smtpd[97]: connect from wiki[10.0.2.3]
Mar 31 09:09:30 538f84b25f17 postfix/smtpd[97]: 2437A1A3CC0: client=bookstack.wiki[10.0.2.3]
Mar 31 09:09:30 538f84b25f17 postfix/cleanup[100]: 2437A1A3CC0: message-id=<28d2899d457986ba836ef47ca80aefbe@_>
Mar 31 09:09:30 538f84b25f17 postfix/qmgr[95]: 2437A1A3CC0: from=<service-notice@xxx.com>, size=11492, nrcpt=1 (queue active)
Mar 31 09:09:30 538f84b25f17 postfix/smtpd[97]: disconnect from wiki[10.0.2.3] ehlo=1 mail=1 rcpt=1 data=1 quit=1 commands=5
Mar 31 09:09:30 538f84b25f17 postfix/smtp[101]: warning: SASL authentication failure: No worthy mechs found
Mar 31 09:09:30 538f84b25f17 postfix/smtp[101]: 2437A1A3CC0: to=<by@xxx.com>, relay=smtp2.xxx.xx[172.20.1.100]:587, delay=0.12, delays=0.01/0.03/0.08/0, dsn=4.7.0, status=deferred (SASL authentication failed; cannot authenticate to server smtp2.xxx.xx[172.20.1.100]: no mechanism available)

Answer 1 · 2020-03-31T15:43:18.000Z

Hi @kt1024 ,

Thanks for testing, the alpine image is still a work in progress, I will check this error and post back.

Answer 2 · 2020-04-07T15:43:59.000Z

Hi @kt1024 ,

How did you test ?I just tested the container and it is delivering emails without errors:


tpd[97]: connect from unknown[172.17.0.1]
Apr  7 15:33:15 b0f7a38c2491 postfix/smtpd[97]: 8BF82477: client=unknown[172.17.0.1]
Apr  7 15:33:15 b0f7a38c2491 postfix/cleanup[100]: 8BF82477: message-id=<170670.867755206-sendEmail@airbourne>
Apr  7 15:33:15 b0f7a38c2491 postfix/qmgr[95]: 8BF82477: from=<jbaptiste@xxxxx.com>, size=995, nrcpt=1 (queue active)
Apr  7 15:33:15 b0f7a38c2491 postfix/smtpd[97]: disconnect from unknown[172.17.0.1] ehlo=1 mail=1 rcpt=1 data=1 quit=1 commands=5
Apr  7 15:33:17 b0f7a38c2491 postfix/smtp[101]: 8BF82477: to=<jbaptiste@xxxxx.com>, relay=smtp.sendgrid.net[167.89.123.58]:587, delay=1.6, delays=0.03/0.02/1.3/0.23, dsn=2.0.0, status=sent (250 Ok: queued as OkMFpXn6TKCmgYW5Hxry3g)
Apr  7 15:33:17 b0f7a38c2491 postfix/qmgr[95]: 8BF82477: removed

Answer 3 · 2020-04-09T09:10:31.000Z

@juanluisbaptiste containers is running as systemd service.
bookstack container in same network send email to port 25 of postfix.

docker run --name postfix -m 256m --net wiki -e SMTP_SERVER=smtp2.xxx.xx --restart=always -e SMTP_USERNAME=sys-notice@xxx.com -e SMTP_PASSWORD=xxx -e SERVER_HOSTNAME=wiki.xxx.com juanluisbaptiste/postfix

Answer 4 · 2020-04-09T15:44:12.000Z

@juanluisbaptiste containers is running as systemd service.
bookstack container in same network send email to port 25 of postfix.

docker run --name postfix -m 256m --net wiki -e SMTP_SERVER=smtp2.xxx.xx --restart=always -e SMTP_USERNAME=sys-notice@xxx.com -e SMTP_PASSWORD=xxx -e SERVER_HOSTNAME=wiki.xxx.com juanluisbaptiste/postfix

Here you are not running the alpine image but the official CentOS based image...

Answer 5 · 2020-04-09T16:49:06.000Z

I really cannot understand why you could have that error, comparing both image postfix configurations you can see they are the same:

This is the CentOS 7 image (latest tag):

myhostname = support.xxxx.com
mydomain = xxxx.com
myorigin = $mydomain
relayhost = [smtp.xxxxxx.net]:587
smtp_use_tls = yes
smtp_sasl_auth_enable = yes
smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd
smtp_sasl_security_options = noanonymous
mynetworks = 10.0.0.0/8, 172.16.0.0/12, 192.168.0.0/16

And this is the new alpine image (alpine tag):

myhostname = support.xxxx.com
mydomain = xxxx.com
mydestination = $myhostname
myorigin = $mydomain
relayhost = [smtp.xxxxx.net]:587
smtp_use_tls = yes
smtp_sasl_auth_enable = yes
smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd
smtp_sasl_security_options = noanonymous
mynetworks = 10.0.0.0/8, 172.16.0.0/12, 192.168.0.0/16

And this are the SASL files of both images:

CentOS image:

sh-4.2# find / -iname *sasl*
/etc/postfix/sasl_passwd.db
/etc/postfix/sasl_passwd
/etc/sysconfig/saslauthd
/etc/sasl2
/usr/lib/systemd/system/saslauthd.service
/usr/lib64/sasl2
/usr/lib64/sasl2/libsasldb.so
/usr/lib64/sasl2/libsasldb.so.3.0.0
/usr/lib64/sasl2/libsasldb.so.3
/usr/lib64/libsasl2.so.3.0.0
/usr/lib64/libsasl2.so.3
/usr/sbin/testsaslauthd
/usr/sbin/saslauthd
/usr/sbin/saslpasswd2
/usr/sbin/sasldblistusers2

Alpine image:

# find / -iname *sasl*
/etc/postfix/sasl_passwd.db
/etc/postfix/sasl_passwd
/etc/sasl2
/usr/lib/sasl2
/usr/lib/sasl2/libsasldb.so
/usr/lib/sasl2/libsasldb.so.3.0.0
/usr/lib/sasl2/libsasldb.so.3
/usr/lib/libsasl2.so.3.0.0
/usr/lib/libsasl2.so.3
/usr/sbin/testsaslauthd
/usr/sbin/saslauthd
/usr/sbin/saslpasswd2
/usr/sbin/sasldblistusers2

Both images configuration and installed packages are the same, this looks more like an issue with the auth mechs with your smtp server. Could you test with an gmail or sendgrid account ?

Answer 6 · 2020-04-09T17:31:06.000Z

Another user in issue #16 also reports the alpine image to be working fine.

Answer 7 · 2020-04-16T20:45:55.000Z

@kt1024 could you test the latest alpine build ?

Answer 8 · 2020-04-17T02:49:27.000Z

@juanluisbaptiste test success, thank you.

1st test , with local hmailserver (tls only), alpine:latest (image id 5eff59bf2238) success.

Apr 17 02:16:18 5d92b731020d postfix/smtpd[98]: connect from bookstack.wiki[10.0.2.3]
Apr 17 02:16:18 5d92b731020d postfix/smtpd[98]: 0BFBF1C4D88: client=bookstack.wiki[10.0.2.3]
Apr 17 02:16:18 5d92b731020d postfix/cleanup[101]: 0BFBF1C4D88: message-id=<ad669aad01027f5a53fa3355ed62e118@_>
Apr 17 02:16:18 5d92b731020d postfix/qmgr[96]: 0BFBF1C4D88: from=<service-notice@xx02.com>, size=11492, nrcpt=1 (queue active)
Apr 17 02:16:18 5d92b731020d postfix/smtpd[98]: disconnect from bookstack.wiki[10.0.2.3] ehlo=1 mail=1 rcpt=1 data=1 quit=1 commands=5
Apr 17 02:16:18 5d92b731020d postfix/smtp[102]: 0BFBF1C4D88: to=<by@xx.com>, relay=smtp2.xx.xx[172.20.1.100]:587, delay=0.21, delays=0.01/0.01/0.13/0.06, dsn=2.0.0, status=sent (250 Queued (0.000 seconds))
Apr 17 02:16:18 5d92b731020d postfix/qmgr[96]: 0BFBF1C4D88: removed

2nd test ,test aliyun mail with pervious alpine version (image id c139d8f7fab1). using telnet to test, mail was sent to remote server without error. (last time this image failed with hmailserver/tls)

Apr 17 02:33:18 1fda3af7d5d6 postfix/smtpd[98]: connect from unknown[172.16.1.1]
Apr 17 02:34:09 1fda3af7d5d6 postfix/smtpd[98]: BEEDA1C4D89: client=unknown[172.16.1.1]
Apr 17 02:34:35 1fda3af7d5d6 postfix/cleanup[101]: BEEDA1C4D89: message-id=<>
Apr 17 02:34:35 1fda3af7d5d6 postfix/qmgr[96]: BEEDA1C4D89: from=<m2@xx.net>, size=215, nrcpt=1 (queue active)
Apr 17 02:34:42 1fda3af7d5d6 postfix/smtpd[98]: disconnect from unknown[172.16.1.1] helo=1 mail=1 rcpt=1 data=1 quit=1 unknown=0/1 commands=5/6
Apr 17 02:35:05 1fda3af7d5d6 postfix/smtp[102]: connect to smtp.mxhichina.com[42.120.226.4]:587: Operation timed out
Apr 17 02:35:05 1fda3af7d5d6 postfix/smtp[102]: BEEDA1C4D89: to=<k2@xx.com>, relay=smtp.mxhichina.com[42.120.219.29]:587, delay=74, delays=43/0.04/30/0.23, dsn=2.0.0, status=sent (250 Data Ok: queued as freedom)
Apr 17 02:35:05 1fda3af7d5d6 postfix/qmgr[96]: BEEDA1C4D89: removed