#1  
Old 16th September 2007, 21:36
marsvin marsvin is offline
Junior Member
 
Join Date: Dec 2006
Posts: 19
Thanks: 0
Thanked 0 Times in 0 Posts
Default smtp auth w/ sasl.

I set up my mail server following the virtual users and domains with postfix debian etch tutorial.

Everything seems to be working perfectly except smtp login (I can receive mail through pop no problem and local smtp delivery works.) Here's what the mail.log says:
Code:
Sep 16 19:57:32 my_hostname postfix/smtpd[20191]: connect from <my_ip>[<my_ip>]
Sep 16 19:57:33 my_hostname postfix/smtpd[20191]: warning: SASL authentication failure: Password verification failed
Sep 16 19:57:33 my_hostname postfix/smtpd[20191]: warning: <my_ip>[<my_ip>]: SASL PLAIN authentication failed: authentication failure
Sep 16 19:57:33 my_hostname postfix/smtpd[20191]: warning: <my_ip>[<my_ip>]: SASL LOGIN authentication failed: authentication failure
Sep 16 19:57:34 my_hostname postfix/smtpd[20191]: disconnect from <my_ip>[<my_ip>]
auth.log says only this:
Code:
Sep 16 19:57:32 my_hostname postfix/smtpd[20191]: sql auxprop plugin using mysql engine
I've seen a lot of authentication error threads on this forum but they all reported a specific error in the logs. I can't find anything besides 'authentication failed' so I don't know where to start looking for the problem.

My /etc/default/saslauthd
Code:
root@my_hostname:~# cat /etc/default/saslauthd
# This needs to be uncommented before saslauthd will be run automatically
START=yes

# You must specify the authentication mechanisms you wish to use.
# This defaults to "pam" for PAM support, but may also include
# "shadow" or "sasldb", like this:
# MECHANISMS="pam shadow"

MECHANISMS="pam"
PARAMS="-m /var/spool/postfix/var/run/saslauthd -r"
/etc/pam.d/smtp:
Code:
root@my_hostname:~# cat /etc/pam.d/smtp
auth    required   pam_mysql.so user=mail_admin passwd=<passwd> host=127.0.0.1 db=mail table=users usercolumn=email passwdcolumn=password crypt=1
account sufficient pam_mysql.so user=mail_admin passwd=<passwd> host=127.0.0.1 db=mail table=users usercolumn=email passwdcolumn=password crypt=1
/etc/postfix/main.cf:
Code:
root@my_hostname:~# cat /etc/postfix/main.cf
# See /usr/share/postfix/main.cf.dist for a commented, more complete version


# Debian specific:  Specifying a file name will cause the first
# line of that file to be used as the name.  The Debian default
# is /etc/mailname.
#myorigin = /etc/mailname

smtpd_banner = $myhostname ESMTP $mail_name (Debian/GNU)
biff = no

# appending .domain is the MUA's job.
append_dot_mydomain = no

# Uncomment the next line to generate "delayed mail" warnings
#delay_warning_time = 4h

# TLS parameters
smtpd_tls_cert_file = /etc/postfix/smtpd.cert
smtpd_tls_key_file = /etc/postfix/smtpd.key
smtpd_use_tls = yes
smtpd_tls_session_cache_database = btree:${queue_directory}/smtpd_scache
smtp_tls_session_cache_database = btree:${queue_directory}/smtp_scache

# See /usr/share/doc/postfix/TLS_README.gz in the postfix-doc package for
# information on enabling SSL in the smtp client.

myhostname = mail.myhost.com
mydomain = myhost.com
alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases
myorigin = /etc/mailname
mydestination = mail.myhost.com, localhost, localhost.localdomain
relayhost =
mynetworks = 127.0.0.0/8
mailbox_size_limit = 0
recipient_delimiter = +
inet_interfaces = all
notify_classes = resource, software, delay
virtual_alias_domains =
virtual_alias_maps = proxy:mysql:/etc/postfix/mysql-virtual_forwardings.cf, mysql:/etc/postfix/mysql-virtual_email2email.cf
virtual_mailbox_domains = proxy:mysql:/etc/postfix/mysql-virtual_domains.cf
virtual_mailbox_maps = proxy:mysql:/etc/postfix/mysql-virtual_mailboxes.cf
virtual_mailbox_base = /home/vmail
virtual_uid_maps = static:5000
virtual_gid_maps = static:5000
smtpd_sasl_auth_enable = yes
broken_sasl_auth_clients = yes
smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination
transport_maps = proxy:mysql:/etc/postfix/mysql-virtual_transports.cf
virtual_create_maildirsize = yes
virtual_mailbox_extended = yes
virtual_mailbox_limit_maps = proxy:mysql:/etc/postfix/mysql-virtual_mailbox_limit_maps.cf
virtual_mailbox_limit_override = yes
virtual_maildir_limit_message = "The user you are trying to reach is over quota."
virtual_overquota_bounce = yes
proxy_read_maps = $local_recipient_maps $mydestination $virtual_alias_maps $virtual_alias_domains $virtual_mailbox_maps $virtual_mailbox_domains $relay_recipient_maps $relay_domains $canonical_maps $sender_canonical_maps $recipient_canonical_maps $relocated_maps $transport_maps $mynetworks $virtual_mailbox_limit_maps
content_filter = amavis:[127.0.0.1]:10024
receive_override_options = no_address_mappings
smtpd.conf:
Code:
root@my_hostname:~# cat /etc/postfix/sasl/smtpd.conf
pwcheck_method: saslauthd
mech_list: plain login
log_level: 5
allow_plaintext: true
auxprop_plugin: mysql
sql_hostnames: 127.0.0.1
sql_user: mail_admin
sql_passwd: <my password>
sql_database: mail
sql_select: select password from users where email = '%u'
Everything looks the same as in the tutorial. I even re-generated my server certificate just to be sure. If anyone has any more ideas I'd be very grateful.
Reply With Quote
Sponsored Links
  #2  
Old 17th September 2007, 17:03
falko falko is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 41,701
Thanks: 1,900
Thanked 2,745 Times in 2,578 Posts
Default

Your /etc/default/saslauthd is wrong. This is how it should look: http://www.howtoforge.com/virtual_us...debian_etch_p3
__________________
Falko
--
Download the ISPConfig 3 Manual! | Check out the ISPConfig 3 Billing Module!

FB: http://www.facebook.com/howtoforge

nginx-Webhosting: Timme Hosting | Follow me on:
Reply With Quote
  #3  
Old 17th September 2007, 20:03
marsvin marsvin is offline
Junior Member
 
Join Date: Dec 2006
Posts: 19
Thanks: 0
Thanked 0 Times in 0 Posts
Default

The only significant difference I see there is the -c option (which enables caching.) The other two (MECH_OPTIONS="" and THREADS=5) are defaults.

To be 100% sure I copied all the default options too so now my saslauthd looks like this:

Code:
root@my_host:~# cat /etc/default/saslauthd
# This needs to be uncommented before saslauthd will be run automatically
START=yes

# You must specify the authentication mechanisms you wish to use.
# This defaults to "pam" for PAM support, but may also include
# "shadow" or "sasldb", like this:
# MECHANISMS="pam shadow"

MECHANISMS="pam"
MECH_OPTIONS=""
THREADS=5
PARAMS="-c -m /var/spool/postfix/var/run/saslauthd -r"
But the error reported is exactly the same:

Code:
Sep 17 18:56:04 my_host postfix/smtpd[24417]: warning: SASL authentication failure: Password verification failed
Sep 17 18:56:04 my_host postfix/smtpd[24417]: warning: my_ip[my_ip]: SASL PLAIN authentication failed: authentication failure
Sep 17 18:56:04 my_host postfix/smtpd[24417]: warning: my_ip[my_ip]: SASL LOGIN authentication failed: authentication failure
Reply With Quote
  #4  
Old 18th September 2007, 19:42
falko falko is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 41,701
Thanks: 1,900
Thanked 2,745 Times in 2,578 Posts
Default

It must be OPTIONS, not PARAMS:

Code:
#
# Settings for saslauthd daemon
#

# Should saslauthd run automatically on startup? (default: no)
START=yes

# Which authentication mechanisms should saslauthd use? (default: pam)
#
# Available options in this Debian package:
# getpwent  -- use the getpwent() library function
# kerberos5 -- use Kerberos 5
# pam       -- use PAM
# rimap     -- use a remote IMAP server
# shadow    -- use the local shadow password file
# sasldb    -- use the local sasldb database file
# ldap      -- use LDAP (configuration is in /etc/saslauthd.conf)
#
# Only one option may be used at a time. See the saslauthd man page
# for more information.
#
# Example: MECHANISMS="pam"
MECHANISMS="pam"

# Additional options for this mechanism. (default: none)
# See the saslauthd man page for information about mech-specific options.
MECH_OPTIONS=""

# How many saslauthd processes should we run? (default: 5)
# A value of 0 will fork a new process for each connection.
THREADS=5

# Other options (default: -c)
# See the saslauthd man page for information about these options.
#
# Example for postfix users: "-c -m /var/spool/postfix/var/run/saslauthd"
# Note: See /usr/share/doc/sasl2-bin/README.Debian
OPTIONS="-c -m /var/spool/postfix/var/run/saslauthd -r"
__________________
Falko
--
Download the ISPConfig 3 Manual! | Check out the ISPConfig 3 Billing Module!

FB: http://www.facebook.com/howtoforge

nginx-Webhosting: Timme Hosting | Follow me on:
Reply With Quote
  #5  
Old 19th September 2007, 01:56
marsvin marsvin is offline
Junior Member
 
Join Date: Dec 2006
Posts: 19
Thanks: 0
Thanked 0 Times in 0 Posts
Default

I'm not sure that's correct for my installation.

When I change it from PARAMS to OPTIONS, this happens:
Code:
root@my_host:~# ps aux | grep saslau
root      3499  0.0  0.0  30412  1648 ?        Ss   00:47   0:00 /usr/sbin/saslauthd -a pam
root      3500  0.0  0.0  30412  1640 ?        S    00:47   0:00 /usr/sbin/saslauthd -a pam
root      3501  0.0  0.0  30412  1640 ?        S    00:47   0:00 /usr/sbin/saslauthd -a pam
root      3502  0.0  0.0  30412  1640 ?        S    00:47   0:00 /usr/sbin/saslauthd -a pam
root      3503  0.0  0.0  29344   672 ?        S    00:47   0:00 /usr/sbin/saslauthd -a pam
And when I change it back to PARAMS:

Code:
root@my_host:~# ps aux | grep saslau
root      3689  0.0  0.0  30312  1156 ?        Ss   00:50   0:00 /usr/sbin/saslauthd -c -m /var/spool/postfix/var/run/saslauthd -r -a pam
root      3690  0.0  0.0  30312   672 ?        S    00:50   0:00 /usr/sbin/saslauthd -c -m /var/spool/postfix/var/run/saslauthd -r -a pam
root      3691  0.0  0.0  30312   484 ?        S    00:50   0:00 /usr/sbin/saslauthd -c -m /var/spool/postfix/var/run/saslauthd -r -a pam
root      3692  0.0  0.0  30312   484 ?        S    00:50   0:00 /usr/sbin/saslauthd -c -m /var/spool/postfix/var/run/saslauthd -r -a pam
root      3693  0.0  0.0  30312   484 ?        S    00:50   0:00 /usr/sbin/saslauthd -c -m /var/spool/postfix/var/run/saslauthd -r -a pam
And either way I'm not getting authenticated.
Reply With Quote
  #6  
Old 19th September 2007, 16:22
falko falko is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 41,701
Thanks: 1,900
Thanked 2,745 Times in 2,578 Posts
Default

You are sure that this is Debian Etch?
__________________
Falko
--
Download the ISPConfig 3 Manual! | Check out the ISPConfig 3 Billing Module!

FB: http://www.facebook.com/howtoforge

nginx-Webhosting: Timme Hosting | Follow me on:
Reply With Quote
  #7  
Old 19th September 2007, 23:45
lindows2006 lindows2006 is offline
Junior Member
 
Join Date: May 2007
Posts: 20
Thanks: 0
Thanked 0 Times in 0 Posts
Send a message via AIM to lindows2006
 
Default Hi

Hi,

When you built your email server. That means you created your very own email address. For example if i built a mail server, i can make an email address called lindows25@script.net

If im way off, would you mind explaining the concept.

Lindows
Reply With Quote
Reply

Bookmarks

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
sending e-mail using mail() function linuxuser1 HOWTO-Related Questions 38 21st April 2009 13:20
SMTP SASL Auth Erro barney.parker Installation/Configuration 3 16th August 2007 16:01
Centos 4.4 32bit Hangs, High Server load 3cwired_com Server Operation 11 16th November 2006 16:47
SASL AUTH with postfix on Sarge keulu Server Operation 6 31st August 2006 23:49
postfix smtp sasl auth problem hammer Installation/Configuration 1 13th July 2006 19:19


All times are GMT +2. The time now is 18:26.


Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.