Go Back   HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials > Linux Forums > Server Operation

Do you like HowtoForge? Please consider supporting us by becoming a subscriber.
Reply
 
Thread Tools Display Modes
  #1  
Old 18th March 2008, 14:35
aragod aragod is offline
Junior Member
 
Join Date: Apr 2007
Posts: 11
Thanks: 1
Thanked 3 Times in 3 Posts
Default SASL Auth Problem

Hey. I'm having a PITA problem that is frustrating me. I am running the "Virtual Users And Domains With Postfix" email server on Sarge and it has been working like a dream for about a year. The only problems I have run into with it has been the occasional problem with amavis dying (which a restart fixes) and the problem with the soft link related to chrooted postfix
(requiring a ln -s /var/spool/postfix/var/run/saslauthd /var/run/saslauthd on server reboot).

About 48 hours ago amavis died and on a server reboot auth stopped working.

telnet localhost 25
Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'.
220 most.openguild.net ESMTP Postfix (Debian/GNU)
ehlo most.openguild.net
250-most.openguild.net
250-PIPELINING
250-SIZE 10240000
250-VRFY
250-ETRN
250-STARTTLS
250 8BITMIME

So saslauth (250 AUTH) isn't working correctly. I am looking for ways to troubleshoot this. Thoughts?
Reply With Quote
Sponsored Links
  #2  
Old 19th March 2008, 16:02
falko falko is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 41,701
Thanks: 1,900
Thanked 2,747 Times in 2,578 Posts
Default

Any errors in your mail log? What's in /etc/postfix/main.cf?

Did you (or a cron job) maybe upgrade the packages that are installed on the system?
__________________
Falko
--
Download the ISPConfig 3 Manual! | Check out the ISPConfig 3 Billing Module!

FB: http://www.facebook.com/howtoforge

nginx-Webhosting: Timme Hosting | Follow me on:
Reply With Quote
  #3  
Old 9th April 2008, 21:59
aragod aragod is offline
Junior Member
 
Join Date: Apr 2007
Posts: 11
Thanks: 1
Thanked 3 Times in 3 Posts
Default

Quote:
Originally Posted by falko
Any errors in your mail log? What's in /etc/postfix/main.cf?

Did you (or a cron job) maybe upgrade the packages that are installed on the system?
What are your thoughts about troubleshooting if a package has been upgraded? I don't believe anything in the postfix-saslauth family of packages has been but what do you believe the symptoms would looks like?

This is as good as I'm getting for errors on this issue

Apr 9 12:00:37 most postfix/smtpd[9594]: connect from adsl.pltn13.sbcglobal.net[ip]
Apr 9 12:00:40 most postfix/smtpd[9594]: warning: adsl.dsl.pltn13.sbcglobal.net[ip]: SASL PLAIN authentication failed
Apr 9 12:00:40 most postfix/smtpd[9594]: warning: adsl.dsl.pltn13.sbcglobal.net[ip]: SASL LOGIN authentication failed
Apr 9 12:00:49 most postfix/smtpd[9594]: disconnect from adsl.pltn13.sbcglobal.net[ip]

and the postfix main.cf should look exactly like the tutorial

# See /usr/share/postfix/main.cf.dist for a commented, more complete version
smtpd_banner = $myhostname ESMTP $mail_name (Debian/GNU)
biff = no
# appending .domain is the MUA's job.
append_dot_mydomain = no
# Uncomment the next line to generate "delayed mail" warnings
#delay_warning_time = 4h
myhostname = domain.domain
alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases
myorigin = /etc/mailname
mydestination = domain.domain, domain, localhost.localdomain, localhost
mynetworks = 127.0.0.0/8
mailbox_size_limit = 0
recipient_delimiter = +
inet_interfaces = all
virtual_alias_domains =
virtual_alias_maps = proxy:mysql:/etc/postfix/mysql-virtual_forwardings.cf, mysql:/etc/postfix/mysql-virtual_email2email.cf
virtual_mailbox_domains = proxy:mysql:/etc/postfix/mysql-virtual_domains.cf
virtual_mailbox_maps = proxy:mysql:/etc/postfix/mysql-virtual_mailboxes.cf
virtual_mailbox_base = /home/vmail
virtual_uid_maps = static:5000
virtual_gid_maps = static:5000
maildrop_destination_recipient_limit = 1
smtpd_sasl_auth_enable = yes
smtpd_tls_auth_only = yes
smtp_tls_loglevel = 3
broken_sasl_auth_clients = yes
smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination
smtpd_use_tls = yes
smtpd_tls_cert_file = /etc/postfix/smtpd.cert
smtpd_tls_key_file = /etc/postfix/smtpd.key
transport_maps = proxy:mysql:/etc/postfix/mysql-virtual_transports.cf
virtual_create_maildirsize = yes
virtual_mailbox_extended = yes
virtual_mailbox_limit_maps = proxy:mysql:/etc/postfix/mysql-virtual_mailbox_limit_maps.cf
virtual_mailbox_limit_override = yes
virtual_maildir_limit_message = "The user you are trying to reach is over quota."
virtual_overquota_bounce = yes
proxy_read_maps = $local_recipient_maps $mydestination $virtual_alias_maps $virtual_alias_domains $virtual_mailbox_maps $virtual_mailbox_domains $relay_recipient_maps $relay_domains $canonical_maps $sender_canonical_maps $recipient_canonical_maps $relocated_maps $transport_maps $mynetworks $virtual_mailbox_limit_maps
content_filter = amavis:[127.0.0.1]:10024
receive_override_options = no_address_mappings
Reply With Quote
  #4  
Old 10th April 2008, 19:24
falko falko is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 41,701
Thanks: 1,900
Thanked 2,747 Times in 2,578 Posts
Default

Take a look at the postfix, amavisd, saslauthd binaries (you can find them with
Code:
which saslauthd
, for example) and check their modification dates (e.g.
Code:
ls -l /usr/bin/saskauthd
) to find out if they've been changed recently.
__________________
Falko
--
Download the ISPConfig 3 Manual! | Check out the ISPConfig 3 Billing Module!

FB: http://www.facebook.com/howtoforge

nginx-Webhosting: Timme Hosting | Follow me on:
Reply With Quote
  #5  
Old 11th April 2008, 07:58
aragod aragod is offline
Junior Member
 
Join Date: Apr 2007
Posts: 11
Thanks: 1
Thanked 3 Times in 3 Posts
Default

Quote:
Originally Posted by falko
Take a look at the postfix, amavisd, saslauthd binaries and check their modification dates to find out if they've been changed recently.
Doesn't look like it

-rwxr-xr-x 1 root root 6868 Mar 20 2007 /usr/sbin/postfix
-rwxr-xr-x 1 root root 762560 Feb 24 2007 /usr/sbin/amavisd-new
-rwxr-xr-x 1 root root 72312 Aug 7 2006 /usr/sbin/saslauthd

This server is just about exactly a year old so I am thinking the issue may be related to an expired cert but on replacing it (/etc/postfix/smtp.cert & key) there wasn't any change in behavior. Frustrating!
Reply With Quote
  #6  
Old 12th April 2008, 18:19
falko falko is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 41,701
Thanks: 1,900
Thanked 2,747 Times in 2,578 Posts
Default

What's in /etc/default/saslauthd, /etc/pam.d/smtp, and /etc/postfix/sasl/smtpd.conf?
__________________
Falko
--
Download the ISPConfig 3 Manual! | Check out the ISPConfig 3 Billing Module!

FB: http://www.facebook.com/howtoforge

nginx-Webhosting: Timme Hosting | Follow me on:
Reply With Quote
  #7  
Old 13th April 2008, 03:55
aragod aragod is offline
Junior Member
 
Join Date: Apr 2007
Posts: 11
Thanks: 1
Thanked 3 Times in 3 Posts
Default

/etc/default/saslauthd
Quote:
START=yes
MECHANISMS="pam"
PARAMS="-m /var/spool/postfix/var/run/saslauthd -r"
/etc/pam.d/smtp
Quote:
auth required pam_mysql.so user=mail_admin passwd=mail_admin_password host=127.0.0.1 db=mail table=users usercolumn=email passwdcolumn=password crypt=1
account sufficient pam_mysql.so user=mail_admin passwd=mail_admin_password host=127.0.0.1 db=mail table=users usercolumn=email passwdcolumn=password crypt=1
/etc/postfix/sasl/smtpd.conf
Quote:
pwcheck_method: saslauthd
mech_list: plain login
#mech_list: digest-md5 cram-md5
allow_plaintext: true
#allow_plaintext: false
auxprop_plugin: mysql
sql_hostnames: 127.0.0.1
sql_user: mail_admin
sql_passwd: mail_admin_password
sql_database: mail
sql_select: select password from users where email = '%u'
Reply With Quote
  #8  
Old 13th April 2008, 21:38
falko falko is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 41,701
Thanks: 1,900
Thanked 2,747 Times in 2,578 Posts
Default

Looks ok. I'm still thinking it might be an update problem...
__________________
Falko
--
Download the ISPConfig 3 Manual! | Check out the ISPConfig 3 Billing Module!

FB: http://www.facebook.com/howtoforge

nginx-Webhosting: Timme Hosting | Follow me on:
Reply With Quote
  #9  
Old 16th April 2008, 12:13
aragod aragod is offline
Junior Member
 
Join Date: Apr 2007
Posts: 11
Thanks: 1
Thanked 3 Times in 3 Posts
Default

I never solved this problem, which as you can imagine is frustrating, since I feel like I know enough about mail servers to get myself into trouble...

Instead I fixed the problem by creating a second email server (using the install instructions for etch instead of sarge) but with the same howto. This works great (and works!) for external email addresses but NOT for addresses in the domains I actually host. So if I send an email from aragod@domain to friend@domain it never actually does a name lookup, but instead just uses the mysql info to sort the email into a mail dir.

In this case I'd like it to do lookups for mx records rather than starting with address information in the db. Thoughts about how to do this?
Reply With Quote
  #10  
Old 17th April 2008, 20:34
falko falko is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 41,701
Thanks: 1,900
Thanked 2,747 Times in 2,578 Posts
 
Default

So you mean you have friend@domain in your database, but have another server that is the MX for domain, and you want the server to send to the MX instead of delivering the mail locally?
__________________
Falko
--
Download the ISPConfig 3 Manual! | Check out the ISPConfig 3 Billing Module!

FB: http://www.facebook.com/howtoforge

nginx-Webhosting: Timme Hosting | Follow me on:
Reply With Quote
Reply

Bookmarks

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
SASL authentication problem _Alien__ HOWTO-Related Questions 17 24th June 2010 14:15
SASL - SMTP Auth - authdaemond - Berkeley db /etc/sasldb2 nightmare digumo Server Operation 0 24th November 2007 21:36
mail problem - relay access denied - maybe sasl auth??? bss Installation/Configuration 2 10th January 2007 15:09
postfix smtp sasl auth problem hammer Installation/Configuration 1 13th July 2006 19:19
postfix auth problem (sasl) lerra Installation/Configuration 40 11th May 2006 00:36


All times are GMT +2. The time now is 12:14.


Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.