#1  
Old 26th August 2012, 08:56
johnnygear johnnygear is offline
Junior Member
 
Join Date: Aug 2012
Posts: 7
Thanks: 0
Thanked 0 Times in 0 Posts
Default SMTPD SASL Auth Issues

Hi All,

I have done a lot of searching and can't seem to figure this out.

I have setup a mail server; components are as follows: Ubuntu 12.04 Server, Courier, MySQL, Amavisd-new, SpamAssassin, ClamAV, SASL, TLS, Postgrey and Roundcube

I can login to Courier and Roundcube.
I can send mail(including to external recipients).
I can recieve mail.

As far as I can tell everything is working, except for SMTPD authentication.

saslfinger -s output below:
Code:
saslfinger - postfix Cyrus sasl configuration Sun Aug 26 04:24:18 EST 2012
version: 1.0.4
mode: server-side SMTP AUTH

-- basics --
Postfix: 2.9.3
System: Ubuntu 12.04.1 LTS \n \l

-- smtpd is linked to --
        libsasl2.so.2 => /usr/lib/x86_64-linux-gnu/libsasl2.so.2 (0x00007fbf13fcc000)

-- active SMTP AUTH and TLS parameters for smtpd --
broken_sasl_auth_clients = no
smtpd_sasl_auth_enable = yes
smtpd_sasl_local_domain =
smtpd_sasl_security_options = noanonymous
smtpd_tls_cert_file = /etc/ssl/certs/ssl-cert-snakeoil.pem
smtpd_tls_key_file = /etc/ssl/private/ssl-cert-snakeoil.key
smtpd_tls_loglevel = 1
smtpd_tls_received_header = yes
smtpd_tls_security_level = may
smtpd_tls_session_cache_timeout = 3600s


-- listing of /usr/lib/sasl2 --
total 20
drwxr-xr-x  2 root root  4096 Jul 22 15:06 .
drwxr-xr-x 65 root root 12288 Aug 25 21:07 ..
-rw-r--r--  1 root root     1 May  4 14:15 berkeley_db.txt

-- listing of /etc/postfix/sasl --
total 12
drwxr-xr-x 2 root root 4096 Aug 26 04:21 .
drwxr-xr-x 3 root root 4096 Aug 26 01:38 ..
-rw-r--r-- 1 root root  308 Aug 26 04:21 smtpd.conf




-- content of /etc/postfix/sasl/smtpd.conf --
pwcheck_method: saslauthd
mech_list: plain login cram-md5 digest-md5
log_level: 7
allow_plaintext: true
auxprop_plugin: mysql
sql_engine: mysql
sql_hostnames: 127.0.0.1
sql_user: --- replaced ---
sql_passwd: --- replaced ---
sql_database: maildb
sql_select: select crypt from users where id='%u@%r' and enabled = 1

-- content of /etc/postfix/sasl/smtpd.conf --
pwcheck_method: saslauthd
mech_list: plain login cram-md5 digest-md5
log_level: 7
allow_plaintext: true
auxprop_plugin: mysql
sql_engine: mysql
sql_hostnames: 127.0.0.1
sql_user: --- replaced ---
sql_passwd: --- replaced ---
sql_database: maildb
sql_select: select crypt from users where id='%u@%r' and enabled = 1


-- active services in /etc/postfix/master.cf --
# service type  private unpriv  chroot  wakeup  maxproc command + args
#               (yes)   (yes)   (yes)   (never) (100)
smtp      inet   n       -       -       -       -       smtpd
pickup    fifo  n       -       -       60      1       pickup
cleanup   unix  n       -       -       -       0       cleanup
qmgr      fifo  n       -       n       300     1       qmgr
tlsmgr    unix  -       -       -       1000?   1       tlsmgr
rewrite   unix  -       -       -       -       -       trivial-rewrite
bounce    unix  -       -       -       -       0       bounce
defer     unix  -       -       -       -       0       bounce
trace     unix  -       -       -       -       0       bounce
verify    unix  -       -       -       -       1       verify
flush     unix  n       -       -       1000?   0       flush
proxymap  unix  -       -       n       -       -       proxymap
proxywrite unix -       -       n       -       1       proxymap
smtp      unix  -       -       -       -       -       smtp
relay     unix  -       -       -       -       -       smtp
showq     unix  n       -       -       -       -       showq
error     unix  -       -       -       -       -       error
retry     unix  -       -       -       -       -       error
discard   unix  -       -       -       -       -       discard
local     unix  -       n       n       -       -       local
virtual   unix  -       n       n       -       -       virtual
lmtp      unix  -       -       -       -       -       lmtp
anvil     unix  -       -       -       -       1       anvil
scache    unix  -       -       -       -       1       scache
maildrop  unix  -       n       n       -       -       pipe
  flags=DRhu user=vmail argv=/usr/bin/maildrop -d ${recipient}
uucp      unix  -       n       n       -       -       pipe
  flags=Fqhu user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail ($recipient)
ifmail    unix  -       n       n       -       -       pipe
  flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient)
bsmtp     unix  -       n       n       -       -       pipe
  flags=Fq. user=bsmtp argv=/usr/lib/bsmtp/bsmtp -t$nexthop -f$sender $recipient
scalemail-backend unix  -       n       n       -       2       pipe
  flags=R user=scalemail argv=/usr/lib/scalemail/bin/scalemail-store ${nexthop} ${user} ${extension}
mailman   unix  -       n       n       -       -       pipe
  flags=FR user=list argv=/usr/lib/mailman/bin/postfix-to-mailman.py
  ${nexthop} ${user}




amavis      unix    -       -       -       -       2       smtp
        -o smtp_data_done_timeout=1200
        -o smtp_send_xforward_command=yes
        -o disable_dns_lookups=yes
        -o max_use=20

127.0.0.1:10025 inet    n       -       -       -       -       smtpd
        -o content_filter=
        -o local_recipient_maps=
        -o relay_recipient_maps=
        -o smtpd_restriction_classes=
        -o smtpd_delay_reject=no
        -o smtpd_client_restrictions=permit_mynetworks,reject
        -o smtpd_helo_restrictions=
        -o smtpd_sender_restrictions=
        -o smtpd_recipient_restrictions=permit_mynetworks,reject
        -o smtpd_data_restrictions=reject_unauth_pipelining
        -o smtpd_end_of_data_restrictions=
        -o mynetworks=127.0.0.0/8
        -o smtpd_error_sleep_time=0
        -o smtpd_soft_error_limit=1001
        -o smtpd_hard_error_limit=1000
        -o smtpd_client_connection_count_limit=0
        -o smtpd_client_connection_rate_limit=0
        -o receive_override_options=no_header_body_checks,no_unknown_recipient_checks
        -o local_header_rewrite_clients=

 -o content_filter=
        -o receive_override_options=no_header_body_checks

submission inet n       -       n       -       -       smtpd
  -o smtpd_sasl_auth_enable=yes
  -o smtpd_tls_auth_only=yes
  -o smtpd_client_restrictions=permit_sasl_authenticated,reject_unauth_destination,reject
  -o smtpd_sasl_security_options=noanonymous,noplaintext
  -o smtpd_sasl_tls_security_options=noanonymous
smtps     inet  n       -       -       -       -       smtpd
  -o smtpd_tls_wrappermode=yes
  -o smtpd_sasl_auth_enable=yes
  -o smtpd_tls_auth_only=yes
  -o smtpd_client_restrictions=permit_sasl_authenticated,reject
  -o smtpd_sasl_security_options=noanonymous,noplaintext
  -o smtpd_sasl_tls_security_options=noanonymous

-- mechanisms on localhost --
250-AUTH PLAIN LOGIN CRAM-MD5 DIGEST-MD5


-- end of saslfinger output --
Here are some relevant logs:
Code:
Aug 26 16:42:08 host postfix/smtpd[26752]: connect from localhost[127.0.0.1]
Aug 26 16:42:08 host postfix/smtpd[26752]: Anonymous TLS connection established from localhost[127.0.0.1]: TLSv1.1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits)
Aug 26 16:42:08 host postfix/smtpd[26752]: NOQUEUE: reject: RCPT from localhost[127.0.0.1]: 554 5.7.1 <localhost[127.0.0.1]>: Client host rejected: Access denied; from=<user@domain.com> to=<root@domain.com> proto=ESMTP helo=<host.domain.com>

Aug 26 16:42:08 host postfix/smtpd[26752]: sql auxprop plugin using mysql engine
Any help would be appreciated as I have been at this for hours, and can't seem to work it out.

Regards,

JG
Reply With Quote
Sponsored Links
  #2  
Old 26th August 2012, 16:03
johnnygear johnnygear is offline
Junior Member
 
Join Date: Aug 2012
Posts: 7
Thanks: 0
Thanked 0 Times in 0 Posts
Default

made a few slight changes to master.cf; reflected in update saslfinger below:

Code:
saslfinger - postfix Cyrus sasl configuration Mon Aug 27 00:00:27 EST 2012
version: 1.0.4
mode: server-side SMTP AUTH

-- basics --
Postfix: 2.9.3
System: Ubuntu 12.04.1 LTS \n \l

-- smtpd is linked to --
        libsasl2.so.2 => /usr/lib/x86_64-linux-gnu/libsasl2.so.2 (0x00007fbcc393f000)

-- active SMTP AUTH and TLS parameters for smtpd --
broken_sasl_auth_clients = no
smtpd_sasl_auth_enable = yes
smtpd_sasl_local_domain =
smtpd_sasl_security_options = noanonymous
smtpd_tls_cert_file = /etc/ssl/certs/ssl-cert-snakeoil.pem
smtpd_tls_key_file = /etc/ssl/private/ssl-cert-snakeoil.key
smtpd_tls_loglevel = 1
smtpd_tls_received_header = yes
smtpd_tls_security_level = may
smtpd_tls_session_cache_timeout = 3600s


-- listing of /usr/lib/sasl2 --
total 20
drwxr-xr-x  2 root root  4096 Jul 22 15:06 .
drwxr-xr-x 65 root root 12288 Aug 25 21:07 ..
-rw-r--r--  1 root root     1 May  4 14:15 berkeley_db.txt

-- listing of /etc/postfix/sasl --
total 12
drwxr-xr-x 2 root root 4096 Aug 26 04:21 .
drwxr-xr-x 3 root root 4096 Aug 26 23:27 ..
-rw-r--r-- 1 root root  308 Aug 26 04:21 smtpd.conf




-- content of /etc/postfix/sasl/smtpd.conf --
pwcheck_method: saslauthd
mech_list: plain login cram-md5 digest-md5
log_level: 7
allow_plaintext: true
auxprop_plugin: mysql
sql_engine: mysql
sql_hostnames: 127.0.0.1
sql_user: --- replaced ---
sql_passwd: --- replaced ---
sql_database: maildb
sql_select: select crypt from users where id='%u@%r' and enabled = 1

-- content of /etc/postfix/sasl/smtpd.conf --
pwcheck_method: saslauthd
mech_list: plain login cram-md5 digest-md5
log_level: 7
allow_plaintext: true
auxprop_plugin: mysql
sql_engine: mysql
sql_hostnames: 127.0.0.1
sql_user: --- replaced ---
sql_passwd: --- replaced ---
sql_database: maildb
sql_select: select crypt from users where id='%u@%r' and enabled = 1


-- active services in /etc/postfix/master.cf --
#                       (yes)   (yes)                   (yes)           (never)         (100)
smtp            inet    n                       -               -               -               -               smtpd
pickup          fifo    n                       -               -               60              1               pickup
        -o content_filter=
                -o receive_override_options=no_header_body_checks
cleanup         unix    n                       -               -               -               0               cleanup
qmgr            fifo    n                       -               n               300             1               qmgr
tlsmgr          unix    -                       -               -               1000?           1               tlsmgr
rewrite         unix    -                       -               -               -               -               trivial-rewrite
bounce          unix    -                       -               -               -               0               bounce
defer           unix    -                       -               -               -               0               bounce
trace           unix    -                       -               -               -               0               bounce
verify          unix    -                       -               -               -               1               verify
flush           unix    n                       -               -               1000?           0               flush
proxymap        unix    -                       -               n               -               -               proxymap
proxywrite      unix    -                       -               n               -               1               proxymap
smtp            unix    -                       -               -               -               -               smtp
relay           unix    -                       -               -               -               -               smtp
showq           unix    n                       -               -               -               -               showq
error           unix    -                       -               -               -               -               error
retry           unix    -                       -               -               -               -               error
discard         unix    -                       -               -               -               -               discard
local           unix    -                       n               n               -               -               local
virtual         unix    -                       n               n               -               -               virtual
lmtp            unix    -                       -               -               -               -               lmtp
anvil           unix    -                       -               -               -               1               anvil
scache          unix    -                       -               -               -               1               scache
maildrop        unix    -                       n               n               -               -               pipe
        flags=DRhu user=mail argv=/usr/bin/maildrop -d ${recipient}
uucp            unix    -                       n               n               -               -               pipe
        flags=Fqhu user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail ($recipient)
ifmail          unix    -                       n               n               -               -               pipe
        flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient)
bsmtp           unix    -                       n               n               -               -               pipe
        flags=Fq. user=bsmtp argv=/usr/lib/bsmtp/bsmtp -t$nexthop -f$sender $recipient
scalemail-backend unix  -                       n               n               -               2               pipe
        flags=R user=scalemail argv=/usr/lib/scalemail/bin/scalemail-store ${nexthop} ${user} ${extension}
mailman         unix    -                       n               n               -               -               pipe
        flags=FR user=list argv=/usr/lib/mailman/bin/postfix-to-mailman.py ${nexthop} ${user}
amavis          unix    -                       -               -               -               2               smtp
        -o smtp_data_done_timeout=1200
        -o smtp_send_xforward_command=yes
        -o disable_dns_lookups=yes
        -o max_use=20
127.0.0.1:10025 inet    n                       -               -               -               -               smtpd
        -o content_filter=
        -o local_recipient_maps=
        -o relay_recipient_maps=
        -o smtpd_restriction_classes=
        -o smtpd_delay_reject=no
        -o smtpd_client_restrictions=permit_mynetworks,reject
        -o smtpd_helo_restrictions=
        -o smtpd_sender_restrictions=
        -o smtpd_recipient_restrictions=permit_mynetworks,reject
        -o smtpd_data_restrictions=reject_unauth_pipelining
        -o smtpd_end_of_data_restrictions=
        -o mynetworks=127.0.0.0/8
        -o smtpd_error_sleep_time=0
        -o smtpd_soft_error_limit=1001
        -o smtpd_hard_error_limit=1000
        -o smtpd_client_connection_count_limit=0
        -o smtpd_client_connection_rate_limit=0
        -o receive_override_options=no_header_body_checks,no_unknown_recipient_checks
submission      inet    n                       -               n               -               -               smtpd
        -o smtpd_sasl_auth_enable=yes
        -o smtpd_tls_auth_only=yes
        -o smtpd_tls_security_level=encrypt
        -o smtpd_client_restrictions=permit_sasl_authenticated,reject_unauth_destination,reject
        -o smtpd_sasl_security_options=noanonymous,noplaintext
        -o smtpd_sasl_tls_security_options=noanonymous
        -o milter_macro_daemon_name=ORIGINATING
smtps           inet    n                       -               -               -               -               smtpd
        -o smtpd_tls_wrappermode=yes
        -o smtpd_sasl_auth_enable=yes
        -o smtpd_tls_auth_only=yes
        -o smtpd_client_restrictions=permit_sasl_authenticated,reject
        -o smtpd_sasl_security_options=noanonymous,noplaintext
        -o smtpd_sasl_tls_security_options=noanonymous
        -o milter_macro_daemon_name=ORIGINATING

-- mechanisms on localhost --
250-AUTH PLAIN LOGIN CRAM-MD5 DIGEST-MD5


-- end of saslfinger output --
same issues; can't auth to SMTPD...

can't tell when I am going wrong, the error message is always 'no mechanisms available' but there are clearly mechanisms available..

JG
Reply With Quote
  #3  
Old 27th August 2012, 18:52
falko falko is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 41,701
Thanks: 1,900
Thanked 2,740 Times in 2,575 Posts
Default

Which tutorial (URL) did you use to set this up?
__________________
Falko
--
Download the ISPConfig 3 Manual! | Check out the ISPConfig 3 Billing Module!

FB: http://www.facebook.com/howtoforge

nginx-Webhosting: Timme Hosting | Follow me on:
Reply With Quote
Reply

Bookmarks

Tags
mysql, postfix, sasl

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
ISPConfig3 won't start after update Cracklefish Installation/Configuration 15 28th February 2012 14:11
Mail hold in Q fisherofer Installation/Configuration 1 5th February 2012 13:29
SquirrelMail login not working glenneh Installation/Configuration 13 9th April 2011 20:01
Cannot login to SquirrelMail sellotape Installation/Configuration 13 26th October 2010 11:03
proFTPd passive mode problems bisbell Server Operation 8 6th August 2008 21:12


All times are GMT +2. The time now is 22:03.


Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.