HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials

HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials (http://www.howtoforge.com/forums/index.php)
-   Server Operation (http://www.howtoforge.com/forums/forumdisplay.php?f=5)
-   -   Sasl Authentication Failure (http://www.howtoforge.com/forums/showthread.php?t=59760)

wigglez 1st December 2012 21:05
Sasl Authentication Failure
 
I'm not entirely sure if this is the place to post this but, I have a new error with postfix that popped up when using thunderbird.

Code:
warning: SASL authentication failure: Password verification failed
Webmail works, just can't connect from outside.

Which password is it referring to.

I've double checked the password for user@domain.net with mysql

Could it have something to do with this:
Code:
250-AUTH LOGIN NTLM DIGEST-MD5 PLAIN CRAM-MD5
Instead of:
Code:
250-AUTH PLAIN LOGIN
I can't change that. I did a grep for every mechlist that it found. Changing the values to plain login, didn't work.

Edit: Oh, I should mention this is for sending mail, receiving it with courier and thunderbird works just fine.

falko 2nd December 2012 12:06
Which distribution do you use? Are there any errors in your mail log?

wigglez 2nd December 2012 17:23
Ubuntu 8.04

mail.log:
Code:
SASL authentication failure: Password verification failed
SASL PLAIN authentication failed: authentication failure
SASL LOGIN authentication failed: authentication failure

wigglez 3rd December 2012 08:23
Was having an issue with testsaslauthd not working unless i specified a path in the command. Created a symlink, and was hoping fixing that would take care of it, but it didn't. It made testsaslauthd work without manually entering a path.

Code:
rm -rf /var/run/saslauthd
ln -s /var/spool/postfix/var/run/saslauthd /var/run/saslauthd
Code:
testsaslauthd -s smtp -u user@domain.com -p password

wigglez 4th December 2012 06:01
I am getting quite suspicious that this is whats causing it:

Code:
250-AUTH LOGIN NTLM DIGEST-MD5 PLAIN CRAM-MD5
It should read:
Code:
250-AUTH PLAIN LOGIN
I only told it to use plain login, I don't know why it's still wanting to use the extras.

I changed the name of anything that could intercede smtpd.conf

In both directories /usr/lib/sasl2 and /usr/lib64/sasl2, I changed the names of Sendmail.conf, smtpd.conf, and saslpaswd.conf incase they were overriding /etc/postfix/sasl/smtpd.conf.

Code:
pwcheck_method: saslauthd
mech_list: plain login
log_level: 7
allow plaintext: true
auxprop_plugin: sql
sql_engine: mysql
sql_hostnames: 127.0.0.1
sql_user: mail_admin
sql_passwd: mail_admin_pass
sql_database: mail
sql_select: select password from users where email = '%u@%r'
I can't figure out what is overriding this. It can't be overriding the whole file, or I imagine it would be more broken. It's just overriding the mech list.

falko 5th December 2012 14:15
What's in /etc/postfix/main.cf?

wigglez 5th December 2012 15:32
Code:
# See /usr/share/postfix/main.cf.dist for a commented, more complete version


# Debian specific:  Specifying a file name will cause the first
# line of that file to be used as the name.  The Debian default
# is /etc/mailname.
#myorigin = /etc/mailname

smtpd_banner = $myhostname ESMTP $mail_name (Ubuntu)
biff = no

# appending .domain is the MUA's job.
append_dot_mydomain = no

# Uncomment the next line to generate "delayed mail" warnings
#delay_warning_time = 4h

readme_directory = no

# TLS parameters
smtpd_tls_cert_file = /etc/postfix/smtpd.cert
smtpd_tls_key_file = /etc/postfix/smtpd.key
smtpd_use_tls = yes
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
#smtpd_tls_exclude_ciphers=RC4-MD5
smtpd_sasl_path = /var/spool/postfix/var/run/saslauthd
#smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd


# See /usr/share/doc/postfix/TLS_README.gz in the postfix-doc package for
# information on enabling SSL in the smtp client.

myhostname = smtp.domain.net
alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases
#myorigin = /etc/mailname
myorigin = domain.net
mydestination = smtp.domain.net, localhost, localhost.localdomain
relayhost =
mynetworks = 127.0.0.0/8
mailbox_command = procmail -a "$EXTENSION"
mailbox_size_limit = 0
recipient_delimiter = +
inet_interfaces = all
mynetworks_style = host
virtual_alias_domains =
virtual_alias_maps = proxy:mysql:/etc/postfix/mysql-virtual_forwardings.cf, mysql:/etc/postfix/mysql-virtual_email2email.cf
virtual_mailbox_domains = proxy:mysql:/etc/postfix/mysql-virtual_domains.cf
virtual_mailbox_maps = proxy:mysql:/etc/postfix/mysql-virtual_mailboxes.cf
virtual_mailbox_base = /home/vmail
virtual_uid_maps = static:5000
virtual_gid_maps = static:5000

#SASL
smtpd_sasl_auth_enable = yes
broken_sasl_auth_clients = yes
smtpd_sasl_security_options = noanonymous
smtpd_sasl_local_domain =
smtpd_sasl_authenticated_header = yes

smtpd_sender_restrictions=permit_sasl_authenticated, permit_mynetworks, warn_if_reject, reject_non_fqdn_sender, reject_unknown_sender_domain, reject_unauth_pipelining, permit

smtpd_recipient_restrictions=permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination, check_relay_domains


virtual_create_maildirsize = yes
virtual_maildir_extended = yes
virtual_mailbox_limit_maps = proxy:mysql:/etc/postfix/mysql-virtual_mailbox_limit_maps.cf
virtual_mailbox_limit_override = yes
virtual_maildir_limit_message = "The user you are trying to reach is over quota."
virtual_overquota_bounce = yes
proxy_read_maps = $local_recipient_maps $mydestination $virtual_alias_maps $virtual_alias_domains $virtual_mailbox_maps $virtual_mailbox_domains $relay_recipient_maps $relay_domains $canonical_maps $sender_canonical_maps $recipient_canonical_maps $relocated_maps $mynetworks $virtual_mailbox_limit_maps

wigglez 9th December 2012 03:28
Accidentally nuked everything except mysql by trying to purge libsasl packages

It kept some of my config files intact, but redoing it. It fixed the plain login issue.

From
Code:
250-AUTH LOGIN NTLM DIGEST-MD5 PLAIN CRAM-MD5
To
Code:
250-AUTH LOGIN PLAIN
Unfortunately it didn't fix the thunderbird issue.

wigglez 9th December 2012 11:24
It works now...

It was different error. Whatever happened when I nuked it, fixed the first one.

I noticed it wasn't even connecting in the logs.

I changed the smtp server on thunderbird to 25, which I find strange because it connected before on the 587 port.


Could someone explain the difference between the two ports and why thunderbird defaults to 587.


So, anybody reading this and having the same problem where the mech list isn't updating right. Nuke it, and check your ports. haha


All times are GMT +2. The time now is 20:16.

Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2013, vBulletin Solutions, Inc.