Thursday, February 3, 2011

How to configure Postfix client relay to Exchange 2010 server

I'm getting

(delivery temporarily suspended: SASL authentication failed; server myserver.com[xxx.xxx.xxx.x] said: 535 5.7.3 Authentication unsuccessful)
when I try to relay mail from Postfix 2.5.5-1.1 on Debian Lenny box to Exchange 2010.

I think I tried all possible combinations but I'm definitely missing something. Here is relevant part of main.cf:

broken_sasl_auth_clients = yes
smtp_sasl_auth_enable = yes
smtp_sasl_security_options = noanonymous
smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd
smtp_pix_workarounds =
smtp_sasl_type = cyrus
smtp_always_send_ehlo = yes
relayhost = myserver.com

And I got libsasl2-modules installed. Anybody managed to successfully relay mail between Postfix and Exchange? Oh, and I already double-checked if password is right.

  • The Exchange Server will offer GSSAPI (Kerberos) but it seems that Cyrus SASL providing authentication service to Postfix was not configured to handle GSSAPI.

    man 5 postconf | less +/^smtp_sasl_mechanism_filter

    this will tell you what you need to set smtp_sasl_mechanism_filter to in order to get this to authenticate properly.

    helcim : So if I'm right i should have smtp_sasl_mechanism_filter = gssapi but then i'm getting postfix/smtp[3196]: warning: myserver.com[xxx.xxx.xxx.x]:25 offered no supported AUTH mechanisms: 'NTLM'
    Khushil : that would sugggest that the MS Exchange Server is setup with other auth mech - can you please check which auth is turned on with MS Exchange server or follow the guide at http://support.microsoft.com/kb/239869 to setup NTLM(GSSAPI) with MS Exchange server.
    Khushil : you could also try smtp_sasl_mechanism_filter = !gssapi, !ntlm, static:rest
    From Khushil

0 comments:

Post a Comment