HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials - SMTP Auth problems in Debian Etch w/ISPConfig

HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials (http://www.howtoforge.com/forums/index.php)

- Installation/Configuration (http://www.howtoforge.com/forums/forumdisplay.php?f=16)

- - SMTP Auth problems in Debian Etch w/ISPConfig (http://www.howtoforge.com/forums/showthread.php?t=11645)

SMTP Auth problems in Debian Etch w/ISPConfig

Hi guys,

Maybe somebody could help me out with this issue.
I followed the Perfect setup for Debian 3.1 (sarge) for my Debian 4.0 (Etch) Install. I then proceeded to install ISPConfig. Everything works perfect except authetication through smtp. I can send emails using the webmail, but if i try to send mail through my smtp server from somewhere else, authentication fails.
The only problem that i have seen besides the smtp is this:

Quote:

/etc/init.d/openbsd-inetd start
* Not starting internet superserver: no services enabled.

Here is the error i get when i try to authenticate smtp:

Quote:

Out: 220 debian.aquatikamarine.com ESMTP Postfix (Debian/GNU)
In: EHLO [192.168.42.81]
Out: 250-debian.aquatikamarine.com
Out: 250-PIPELINING
Out: 250-SIZE 10240000
Out: 250-VRFY
Out: 250-ETRN
Out: 250-STARTTLS
Out: 250-AUTH PLAIN LOGIN
Out: 250-AUTH=PLAIN LOGIN
Out: 250-ENHANCEDSTATUSCODES
Out: 250-8BITMIME
Out: 250 DSN
In: STARTTLS
Out: 454 4.3.0 TLS not available due to local problem
In: AUTH PLAIN AGplb3ZhbmkAT21lcmEzMg==
Out: 535 5.7.0 Error: authentication failed: generic failure
In: AUTH LOGIN
Out: 334 VXNlcm5hbWU6
In: amVvdmFuaQ==
Out: 334 UGFzc3dvcmQ6
In: T21lcmEzMg==
Out: 535 5.7.0 Error: authentication failed: generic failure

Session aborted, reason: lost connection

Thank you in advance for your help,

Jeovani

Which errors do you get in your mail log? If you want to use TLS, enable TLS in the file /etc/postfix/master.cf.

looks like sasl is having an issue. I tried several things and nothing worked. I also tried changing the path of smtpd_sasl_domain. That didnt work. Also theres a cert issue, i dont know why i would be getting that. I followed the how to to the T. Any thoughts? Heres the output of /var/log/mail.log

Quote:

Mar 25 23:32:19 debian postfix/smtpd[19077]: cannot load Certificate Authority data
Mar 25 23:32:19 debian postfix/smtpd[19077]: warning: TLS library problem: 19077:error:02001002:system library:fopen:No such file or directory:bss_file.c:122:fopen('/etc/postfix/ssl/cacert.pem','r'):
Mar 25 23:32:19 debian postfix/smtpd[19077]: warning: TLS library problem: 19077:error:2006D080:BIO routines:BIO_new_file:no such file:bss_file.c:125:
Mar 25 23:32:19 debian postfix/smtpd[19077]: warning: TLS library problem: 19077:error:0B084002:x509 certificate routines:X509_load_cert_crl_file:system lib:by_file.c:274:
Mar 25 23:32:19 debian postfix/smtpd[19077]: connect from adsl-225-255-181.mia.bellsouth.net[74.225.255.181]
Mar 25 23:32:20 debian postfix/smtpd[19077]: warning: SASL authentication failure: cannot connect to saslauthd server: No such file or directory
Mar 25 23:32:20 debian postfix/smtpd[19077]: warning: SASL authentication failure: Password verification failed
Mar 25 23:32:20 debian postfix/smtpd[19077]: warning: adsl-225-255-181.mia.bellsouth.net[74.225.255.181]: SASL PLAIN authentication failed: generic failure
Mar 25 23:32:20 debian postfix/smtpd[19077]: warning: SASL authentication failure: cannot connect to saslauthd server: No such file or directory
Mar 25 23:32:20 debian postfix/smtpd[19077]: warning: adsl-225-255-181.mia.bellsouth.net[74.225.255.181]: SASL LOGIN authentication failed: generic failure
Mar 25 23:32:23 debian postfix/smtpd[19077]: warning: SASL authentication failure: cannot connect to saslauthd server: No such file or directory
Mar 25 23:32:23 debian postfix/smtpd[19077]: warning: SASL authentication failure: Password verification failed
Mar 25 23:32:23 debian postfix/smtpd[19077]: warning: adsl-225-255-181.mia.bellsouth.net[74.225.255.181]: SASL PLAIN authentication failed: generic failure
Mar 25 23:32:23 debian postfix/smtpd[19077]: warning: SASL authentication failure: cannot connect to saslauthd server: No such file or directory
Mar 25 23:32:23 debian postfix/smtpd[19077]: warning: adsl-225-255-181.mia.bellsouth.net[74.225.255.181]: SASL LOGIN authentication failed: generic failure

Do you get an error when you start the saslauthd server?

nope. No errors, and when i ps aux shows five processes of sasl running.

here's the exerpt of my /etc/postfix/main.cf:

Quote:

smtpd_use_tls = yes
smtpd_tls_session_cache_database = btree:${queue_directory}/smtpd_scache
smtp_tls_session_cache_database = btree:${queue_directory}/smtp_scache

# See /usr/share/doc/postfix/TLS_README.gz in the postfix-doc package for
# information on enabling SSL in the smtp client.

myhostname = debian.aquatikamarine.com
alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases
myorigin = /etc/mailname
#mydestination = debian.aquatikamarine.com, localhost.aquatikamarine.com, , localhost
relayhost =
mynetworks = 127.0.0.0/8
mailbox_command =
mailbox_size_limit = 0
recipient_delimiter = +
inet_interfaces = all
smtpd_sasl_local_domain =
smtpd_sasl_auth_enable = yes
smtpd_sasl_security_options = noanonymous
broken_sasl_auth_clients = yes
smtpd_recipient_restrictions = permit_sasl_authenticated,permit_mynetworks,reject _unauth_destination
smtpd_tls_auth_only = no
smtp_use_tls = yes
smtp_tls_note_starttls_offer = yes
smtpd_tls_CAfile = /etc/postfix/ssl/cacert.pem
smtpd_tls_loglevel = 1
smtpd_tls_received_header = yes
smtpd_tls_session_cache_timeout = 3600s
tls_random_source = dev:/dev/urandom
home_mailbox = Maildir/

virtual_maps = hash:/etc/postfix/virtusertable

mydestination = /etc/postfix/local-host-names

What's the output of

Code:

ps aux|grep saslauthd

?
What's in /etc/default/saslauthd and /etc/init.d/saslauthd?

ps aux | grep saslauthd:

Quote:

debian:/home/aquatika# ps aux | grep saslauthd
root 2493 0.0 0.0 6292 988 ? Ss Mar25 0:00 /usr/sbin/saslauthd -a pam
root 2494 0.0 0.0 6292 600 ? S Mar25 0:00 /usr/sbin/saslauthd -a pam
root 2495 0.0 0.0 6292 544 ? S Mar25 0:00 /usr/sbin/saslauthd -a pam
root 2496 0.0 0.0 6292 544 ? S Mar25 0:00 /usr/sbin/saslauthd -a pam
root 2497 0.0 0.0 6292 544 ? S Mar25 0:00 /usr/sbin/saslauthd -a pam
root 31413 0.0 0.0 2848 708 pts/0 R+ 13:58 0:00 grep saslauthd

/etc/default/saslauthd:

Quote:

START=yes
PARAMS="-m /var/spool/postfix/var/run/saslauthd -r"
MECHANISMS="pam"

/etc/init.d/saslauthd:

Quote:

PATH=/usr/sbin:/usr/bin:/sbin:/bin
DESC="SASL Authentication Daemon"
NAME=saslauthd
DAEMON=/usr/sbin/$NAME
DAEMON_ARGS=""
SCRIPTNAME=/etc/init.d/$NAME
FALLBACK_RUN_DIR=/var/run/$NAME
EXIT_ERROR_CODE=1
test -x "$DAEMON" || exit 0

[ -r /etc/default/$NAME ] && . /etc/default/$NAME
[ -f /etc/default/rcS ] && . /etc/default/rcS
. /lib/lsb/init-functions

RUN_DIR=`echo "$OPTIONS" | xargs -n 1 echo | sed -n '/^-m$/{n;p}'`
if [ -z "$RUN_DIR" ]; then
# No run directory defined in defaults file, use fallback
RUN_DIR=$FALLBACK_RUN_DIR
fi

PIDFILE="/var/spool/postfix/var/run/${NAME}/saslauthd.pid"

if [ "$START" != "yes" -a "$1" != "stop" ]; then
log_warning_msg "To enable $NAME, edit /etc/default/$NAME and set START=yes"
exit 0
fi

if [ -z "$MECHANISMS" ]; then
log_failure_msg "No mechanisms defined in /etc/default/$NAME," \
"not starting $NAME"
exit $EXIT_ERROR_CODE
fi

if [ -n "$MECH_OPTIONS" ]; then
MECH_OPTIONS="-O $MECH_OPTIONS"
fi

if [ -n "$THREADS" ]; then
THREAD_OPTIONS="-n $THREADS"
fi

DAEMON_ARGS="$DAEMON_ARGS -a $MECHANISMS $MECH_OPTIONS $OPTIONS $THREAD_OPTIONS"

createdir()
{

install -d --group="$2" --mode="$3" --owner="$1" "$4"
}

do_start()

{

if dpkg-statoverride --list $RUN_DIR > /dev/null; then
dir=`dpkg-statoverride --list $RUN_DIR`
fi
test -z "$dir" || createdir $dir

start-stop-daemon --start --quiet --pidfile $PIDFILE --name $NAME \
--exec $DAEMON --test > /dev/null \
|| return 1
start-stop-daemon --start --quiet --pidfile $PIDFILE --name $NAME \
--exec $DAEMON -- $DAEMON_ARGS \
|| return 2
}
do_stop()
{
start-stop-daemon --stop --quiet --retry=TERM/30/KILL/5 \
--pidfile $PIDFILE --name $NAME
RETVAL="$?"
[ "$RETVAL" = 2 ] && return 2
start-stop-daemon --stop --quiet --oknodo --retry=0/30/KILL/5 \
--exec $DAEMON
[ "$?" = 2 ] && return 2
# Many daemons don't delete their pidfiles when they exit.
rm -f $PIDFILE
return "$RETVAL"
do_reload() {
start-stop-daemon --stop --signal 1 --quiet --pidfile $PIDFILE \
--name $NAME
return 0
}

case "$1" in
start)
[ "$VERBOSE" != no ] && log_daemon_msg "Starting $DESC" "$NAME"
do_start
case "$?" in
0) [ "$VERBOSE" != no ] && log_end_msg 0 ;;
1) [ "$VERBOSE" != no ] && log_progress_msg "(already running)" && \
log_end_msg 0 ;;
2) [ "$VERBOSE" != no ] && log_end_msg 1 ;;
esac
;;
stop)
[ "$VERBOSE" != no ] && log_daemon_msg "Stopping $DESC" "$NAME"
do_stop
case "$?" in
0) [ "$VERBOSE" != no ] && log_end_msg 0 ;;
1) [ "$VERBOSE" != no ] && log_progress_msg "(not running)" && \
log_end_msg 0 ;;
2) [ "$VERBOSE" != no ] && log_end_msg 1 ;;
esac
;;
restart|force-reload)
#
log_daemon_msg "Restarting $DESC" "$NAME"
do_stop
case "$?" in
0|1)
do_start
case "$?" in
0) log_end_msg 0 ;;
1) log_end_msg 1 ;; # Old process is still running
*) log_end_msg 1 ;; # Failed to start
esac
;;
*)
# Failed to stop
log_end_msg 1
;;
esac
;;
*)
echo "Usage: $SCRIPTNAME {start|stop|restart|force-reload}" >&2
exit 3
;;
esac

:

So by reading this, is it safe for me to assume that I can follow the Sarge How-To for Etch? Are the packages recommended for Sarge the same as those recommended for Etch?

I want to re-install, but don't want to put Sarge back on this machine (since it won't be supported for much longer)...but i don't want to have to wait for Etch to become "stable".

Thanks.

Quote:

So by reading this, is it safe for me to assume that I can follow the Sarge How-To for Etch? Are the packages recommended for Sarge the same as those recommended for Etch?

Most packages are the same, but not all. Also some of the config files have been changed. ISPConfig works generally well on Etch, butthe perefct setup instructions are not 100% the same for etch, we will release a new howto when etch is released. If you have some linux knowledge, you should be able to use the sarge howto with etch too.

Like i said, the only problem s i had in following the sarge how to with ispconfig is only with SMTP auth. I am still not able to authenticate. Still trying to fix this problem myslef but no luck yet. Im not very familiar with saslauthd