HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials

HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials (http://www.howtoforge.com/forums/index.php)

- Server Operation (http://www.howtoforge.com/forums/forumdisplay.php?f=5)

- - SMTP SASL authentication (http://www.howtoforge.com/forums/showthread.php?t=51990)

SMTP SASL authentication

Hello,

I'm running postfix on FC14. Followed Falko's brilliant-as-always guide to do this. I setup 3 virtual users. I'll call them a@domain, b@domain, c@domain. I inserted them into the user table in that order, and used ENCRYPT command on the password field for all.

I am using my cellphone to connect to the accounts. My phone managed to connect to both incoming (IMAP) and outgoing (SMTP, duh!) servers with a@domain's credentials.

However, for b and c, it only authenticated the incoming, but responds saying User Authentication failed for outgoing. If I put a's credentials for outgoing, it works.

This is also true in Thunderbird. I have to use a's credentials to login to SMTP.
Maillog shows the following:

Using b

Code:

Mar 22 23:44:21 server postfix/smtpd[6560]: warning: unknown[192.168.1.1]: SASL LOGIN authentication failed: authentication failure

Using a

Code:

Mar 22 23:48:56 server postfix/qmgr[4119]: 2F8522C1F6F: from=<b@domain>, size=1113, nrcpt=1 (queue active)

Mar 22 23:48:56 server postfix/smtpd[6584]: disconnect from unknown[127.0.0.1]

Mar 22 23:48:56 server amavis[5490]: (05490-04) Passed CLEAN, MYNETS LOCAL [192.168.1.1] [192.168.1.1] <b@domain> -> <test@gmail.com>, Message-ID: <4D896D9A.9050503@domain>, mail_id: fPRia-+vwGsw, Hits: -1, size: 677, queued_as: 2F8522C1F6F, 6504 ms

Mar 22 23:48:56 server postfix/smtp[6576]: A58952C03D6: to=<test@gmail.com>, relay=127.0.0.1[127.0.0.1]:10024, delay=6.6, delays=0.11/0.02/0.01/6.5, dsn=2.0.0, status=sent (250 2.0.0 Ok, id=05490-04, from MTA([127.0.0.1]:10025): 250 2.0.0 Ok: queued as 2F8522C1F6F)

Since a's credentials work, it would only follow that b and c should work, too; I can't see where there would be a config issue... what could be the problem?

That's strange. Do b and c's password contain any special characters?

What's the output of

Code:

getenforce

SELINUX is disabled, and passwords are alpha-numeric only.

Do you have the same problem for further users as well? Does it maybe have anything to do with the password length?

The password for user a is the same as the password for user c. Right now I really only have 3 users on my server. User b has a different password from a and c.

Since a and c have the same password, however, I don't know why it would work for a and not c.

This is interesting, though. I turned on level2 debugging in authdaemonrc:

Syslog

Code:

Mar 24 10:00:20 server saslauthd[1906]: do_auth         : auth failure: [user=c] [service=smtp] [realm=domain] [mech=pam] [reason=PAM auth error]

Maillog

Code:

Mar 24 10:06:34 server imapd-ssl: Connection, ip=[::ffff:174.252.166.49]

Mar 24 10:06:35 server authdaemond: received auth request, service=imap, authtype=login

Mar 24 10:06:35 server authdaemond: authmysql: trying this module

Mar 24 10:06:35 server authdaemond: authmysqllib: connected. Versions: header 50155, client 50155, server 50155

Mar 24 10:06:35 server authdaemond: SQL query: SELECT email, password, "", 5000, 5000, "/home/vmail", CONCAT(SUBSTRING_INDEX(email,'@',-1),'/',SUBSTRING_INDEX(email,'@',1),'/'), quota, "", "" FROM users WHERE email = 'c@domain'

Mar 24 10:06:35 server authdaemond: password matches successfully

Mar 24 10:06:35 server authdaemond: authmysql: sysusername=<null>, sysuserid=5000, sysgroupid=5000, homedir=/home/vmail, address=domain, fullname=<null>, maildir=domain/c/, quota=10485760, options=<null>

Mar 24 10:06:35 server authdaemond: authmysql: clearpasswd=<null>, passwd=(shows encoded p/w as it appears in db)

Mar 24 10:06:35 server authdaemond: Authenticated: sysusername=<null>, sysuserid=5000, sysgroupid=5000, homedir=/home/vmail, address=c@domain, fullname=<null>, maildir=domain/c/, quota=10485760, options=<null>

Mar 24 10:06:35 server authdaemond: Authenticated: clearpasswd=(shows password in plain text), passwd=(shows p/w as it appears in p/w field of db)

Mar 24 10:06:35 server imapd-ssl: LOGIN, user=c@domain, ip=[::ffff:174.252.166.49], port=[21857], protocol=IMAP

Mar 24 10:14:14 server postfix/smtpd[9059]: timeout after AUTH from 49.sub-174-252-166.myvzw.com[174.252.166.49]

Mar 24 10:14:14 server postfix/smtpd[9059]: warning: network_biopair_interop: error writing 37 bytes to the network: Connection reset by peer

Mar 24 10:14:14 server postfix/smtpd[9059]: disconnect from 49.sub-174-252-166.myvzw.com[174.252.166.49]

Mar 24 10:14:15 server postfix/smtpd[9059]: connect from 49.sub-174-252-166.myvzw.com[174.252.166.49]

Mar 24 10:14:18 server postfix/smtpd[9059]: warning: SASL authentication failure: Password verification failed

Mar 24 10:14:18 server postfix/smtpd[9059]: warning: 49.sub-174-252-166.myvzw.com[174.252.166.49]: SASL PLAIN authentication failed: authentication failure

NOW I'M MAD!! The server is not accepting connections from the outside for mail delivery... I can send to anyone, receive e-mails from user a>c, b>a, etc. But mails coming from say, Gmail, are not being processed and I can't find any logs that will let me know where the connection is dropping... I've tried it with firewall off, so it's not that.

Fixed the not receiving from outside... I forgot that I changed smtp in main.cf file to listen at port 465... guess what? Port 25 is still needed for mail exchange from outside world. I uncommented the smtps line in main.cf to allow port 465 connections.
Reloaded postfix and now I can receive again.
Now, if I could only get this authenctication thing figured out... I feel like I'm writing a novel here... lol