Go Back   HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials > Linux Forums > Server Operation

Do you like HowtoForge? Please consider supporting us by becoming a subscriber.
Reply
 
Thread Tools Display Modes
  #1  
Old 18th November 2008, 19:22
openman openman is offline
Junior Member
 
Join Date: Nov 2008
Posts: 16
Thanks: 4
Thanked 0 Times in 0 Posts
Default postfix does not authenticate through saslauthd

Hello,
I have upgrade from ubuntu 6.06LTS to 8.01 LTS and after that it is impossible to authenticate through saslauthd thunderbird to send e-mail.

The following command I believe leave the saslauthd without conf problems:
Code:
testsaslauthd -f /var/spool/postfix/var/run/saslauthd/mux -u user -p password.
0: OK "Success."
The saslfinger gives the following:
Code:
saslfinger - postfix Cyrus sasl configuration Τρι 18 Νοέ 2008 08:13:00 μμ EET
version: 1.0.4
mode: server-side SMTP AUTH

-- basics --
Postfix: 2.5.4
System: Ubuntu 8.04.1 \n \l

-- smtpd is linked to --
        libsasl2.so.2 => /usr/lib/libsasl2.so.2 (0xb7d23000)

-- active SMTP AUTH and TLS parameters for smtpd --
broken_sasl_auth_clients = yes
smtpd_sasl_auth_enable = yes
smtpd_sasl_local_domain =
smtpd_sasl_path = /etc/postfix/sasl/
smtpd_sasl_security_options = noanonymous
smtpd_tls_CAfile = /etc/postfix/ssl/cacert.pem
smtpd_tls_auth_only = no
smtpd_tls_cert_file = /etc/postfix/ssl/smtpd.crt
smtpd_tls_key_file = /etc/postfix/ssl/smtpd.key
smtpd_tls_loglevel = 0
smtpd_tls_received_header = yes
smtpd_tls_session_cache_database = btree:${queue_directory}/smtpd_scache
smtpd_tls_session_cache_timeout = 3600s
smtpd_use_tls = yes


-- listing of /usr/lib/sasl2 --
total 796
drwxr-xr-x  2 root root  4096 2008-11-06 09:04 .
drwxr-xr-x 59 root root 16384 2008-11-18 20:11 ..
-rw-r--r--  1 root root 13568 2008-04-10 00:50 libanonymous.a
-rw-r--r--  1 root root   862 2008-04-10 00:49 libanonymous.la
-rw-r--r--  1 root root 12984 2008-04-10 00:50 libanonymous.so
-rw-r--r--  1 root root 12984 2008-04-10 00:50 libanonymous.so.2
-rw-r--r--  1 root root 12984 2008-04-10 00:50 libanonymous.so.2.0.22
-rw-r--r--  1 root root 15834 2008-04-10 00:50 libcrammd5.a
-rw-r--r--  1 root root   848 2008-04-10 00:49 libcrammd5.la
-rw-r--r--  1 root root 15320 2008-04-10 00:50 libcrammd5.so
-rw-r--r--  1 root root 15320 2008-04-10 00:50 libcrammd5.so.2
-rw-r--r--  1 root root 15320 2008-04-10 00:50 libcrammd5.so.2.0.22
-rw-r--r--  1 root root 46332 2008-04-10 00:50 libdigestmd5.a
-rw-r--r--  1 root root   871 2008-04-10 00:49 libdigestmd5.la
-rw-r--r--  1 root root 43020 2008-04-10 00:50 libdigestmd5.so
-rw-r--r--  1 root root 43020 2008-04-10 00:50 libdigestmd5.so.2
-rw-r--r--  1 root root 43020 2008-04-10 00:50 libdigestmd5.so.2.0.22
-rw-r--r--  1 root root 13574 2008-04-10 00:50 liblogin.a
-rw-r--r--  1 root root   842 2008-04-10 00:49 liblogin.la
-rw-r--r--  1 root root 13268 2008-04-10 00:50 liblogin.so
-rw-r--r--  1 root root 13268 2008-04-10 00:50 liblogin.so.2
-rw-r--r--  1 root root 13268 2008-04-10 00:50 liblogin.so.2.0.22
-rw-r--r--  1 root root 30016 2008-04-10 00:50 libntlm.a
-rw-r--r--  1 root root   836 2008-04-10 00:49 libntlm.la
-rw-r--r--  1 root root 29236 2008-04-10 00:50 libntlm.so
-rw-r--r--  1 root root 29236 2008-04-10 00:50 libntlm.so.2
-rw-r--r--  1 root root 29236 2008-04-10 00:50 libntlm.so.2.0.22
-rw-r--r--  1 root root 13798 2008-04-10 00:50 libplain.a
-rw-r--r--  1 root root   842 2008-04-10 00:49 libplain.la
-rw-r--r--  1 root root 13396 2008-04-10 00:50 libplain.so
-rw-r--r--  1 root root 13396 2008-04-10 00:50 libplain.so.2
-rw-r--r--  1 root root 13396 2008-04-10 00:50 libplain.so.2.0.22
-rw-r--r--  1 root root 22126 2008-04-10 00:50 libsasldb.a
-rw-r--r--  1 root root   873 2008-04-10 00:49 libsasldb.la
-rw-r--r--  1 root root 18080 2008-04-10 00:50 libsasldb.so
-rw-r--r--  1 root root 18080 2008-04-10 00:50 libsasldb.so.2
-rw-r--r--  1 root root 18080 2008-04-10 00:50 libsasldb.so.2.0.22
-rw-r--r--  1 root root 23696 2008-04-10 00:50 libsql.a
-rw-r--r--  1 root root   971 2008-04-10 00:49 libsql.la
-rw-r--r--  1 root root 23140 2008-04-10 00:50 libsql.so
-rw-r--r--  1 root root 23140 2008-04-10 00:50 libsql.so.2
-rw-r--r--  1 root root 23140 2008-04-10 00:50 libsql.so.2.0.22

-- listing of /etc/postfix/sasl --
total 12
drwxr-xr-x 2 root root 4096 2007-06-25 13:30 .
drwxr-xr-x 4 root root 4096 2008-11-18 13:27 ..
-rw-r--r-- 1 root root   85 2008-11-08 09:09 smtpd.conf




-- content of /etc/postfix/sasl/smtpd.conf --
pwcheck_method: saslauthd
mech_list: plain login
log_level: 10
allow_plaintext: true

-- content of /etc/postfix/sasl/smtpd.conf --
pwcheck_method: saslauthd
mech_list: plain login
log_level: 10
allow_plaintext: true


-- active services in /etc/postfix/master.cf --
# service type  private unpriv  chroot  wakeup  maxproc command + args
#               (yes)   (yes)   (yes)   (never) (100)
smtp      inet  n       -       -       -       -       smtpd
pickup    fifo  n       -       -       60      1       pickup
cleanup   unix  n       -       -       -       0       cleanup
qmgr      fifo  n       -       n       300     1       qmgr
tlsmgr    unix  -       -       -       1000?   1       tlsmgr
rewrite   unix  -       -       -       -       -       trivial-rewrite
bounce    unix  -       -       -       -       0       bounce
defer     unix  -       -       -       -       0       bounce
trace     unix  -       -       -       -       0       bounce
verify    unix  -       -       -       -       1       verify
flush     unix  n       -       -       1000?   0       flush
proxymap  unix  -       -       n       -       -       proxymap
smtp      unix  -       -       -       -       -       smtp
relay     unix  -       -       -       -       -       smtp
        -o fallback_relay=
showq     unix  n       -       -       -       -       showq
error     unix  -       -       -       -       -       error
discard   unix  -       -       -       -       -       discard
local     unix  -       n       n       -       -       local
virtual   unix  -       n       n       -       -       virtual
lmtp      unix  -       -       -       -       -       lmtp
anvil     unix  -       -       -       -       1       anvil
scache    unix  -       -       -       -       1       scache
maildrop  unix  -       n       n       -       -       pipe
  flags=DRhu user=vmail argv=/usr/bin/maildrop -d ${recipient}
uucp      unix  -       n       n       -       -       pipe
  flags=Fqhu user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail ($recipient)
ifmail    unix  -       n       n       -       -       pipe
  flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient)
bsmtp     unix  -       n       n       -       -       pipe
  flags=Fq. user=bsmtp argv=/usr/lib/bsmtp/bsmtp -t$nexthop -f$sender $recipient
scalemail-backend unix  -       n       n       -       2       pipe
  flags=R user=scalemail argv=/usr/lib/scalemail/bin/scalemail-store ${nexthop} ${user} ${extension}
mailman   unix  -       n       n       -       -       pipe
  flags=FR user=list argv=/usr/lib/mailman/bin/postfix-to-mailman.py
  ${nexthop} ${user}

amavis unix - - - - 2 smtp
        -o smtp_data_done_timeout=1200
        -o smtp_send_xforward_command=yes

127.0.0.1:10025 inet n - - - - smtpd
        -o content_filter=
        -o local_recipient_maps=
        -o relay_recipient_maps=
        -o smtpd_restriction_classes=
        -o smtpd_client_restrictions=
        -o smtpd_helo_restrictions=
        -o smtpd_sender_restrictions=
        -o smtpd_recipient_restrictions=permit_mynetworks,reject
        -o mynetworks=127.0.0.0/8
        -o strict_rfc821_envelopes=yes
        -o receive_override_options=no_unknown_recipient_checks,no_header_body_checks
        -o smtpd_bind_address=127.0.0.1
retry     unix  -       -       -       -       -       error

-- mechanisms on localhost --
250-AUTH NTLM LOGIN PLAIN DIGEST-MD5 CRAM-MD5
250-AUTH=NTLM LOGIN PLAIN DIGEST-MD5 CRAM-MD5


-- end of saslfinger output --
The mail.info gives the following:
Code:
Nov 18 19:56:53 galinos postfix/master[1584]: daemon started -- version 2.5.4, configuration /etc/postfix
Nov 18 19:57:07 galinos postfix/tlsmgr[1591]: warning: request to update table btree:/var/spool/postfix/smtpd_scache in non-postfix directory /var/spool/postfix
Nov 18 19:57:07 galinos postfix/tlsmgr[1591]: warning: redirecting the request to postfix-owned data_directory /var/lib/postfix
Nov 18 19:57:07 galinos postfix/tlsmgr[1591]: warning: request to update table btree:/var/spool/postfix/smtp_scache in non-postfix directory /var/spool/postfix
Nov 18 19:57:07 galinos postfix/tlsmgr[1591]: warning: redirecting the request to postfix-owned data_directory /var/lib/postfix
Nov 18 19:57:07 galinos postfix/smtpd[1589]: connect from unknown[195.167.65.109]
Nov 18 19:57:14 galinos postfix/smtpd[1589]: warning: SASL authentication failure: no secret in database
Nov 18 19:57:14 galinos postfix/smtpd[1589]: warning: unknown[195.167.65.109]: SASL CRAM-MD5 authentication failed: authentication failure
Nov 18 19:57:15 galinos postfix/smtpd[1589]: warning: SASL authentication failure: no secret in database
Nov 18 19:57:15 galinos postfix/smtpd[1589]: warning: unknown[195.167.65.109]: SASL NTLM authentication failed: authentication failure
Nov 18 19:57:15 galinos postfix/smtpd[1589]: warning: SASL authentication failure: Password verification failed
Nov 18 19:57:15 galinos postfix/smtpd[1589]: warning: unknown[195.167.65.109]: SASL PLAIN authentication failed: authentication failure
Nov 18 19:57:16 galinos postfix/smtpd[1589]: warning: unknown[195.167.65.109]: SASL LOGIN authentication failed: authentication failure
Nov 18 19:57:21 galinos postfix/smtpd[1589]: warning: SASL authentication failure: no secret in database
Nov 18 19:57:21 galinos postfix/smtpd[1589]: warning: unknown[195.167.65.109]: SASL CRAM-MD5 authentication failed: authentication failure
Nov 18 19:57:22 galinos postfix/smtpd[1589]: warning: SASL authentication failure: no secret in database
Nov 18 19:57:22 galinos postfix/smtpd[1589]: warning: unknown[195.167.65.109]: SASL NTLM authentication failed: authentication failure
Nov 18 19:57:22 galinos postfix/smtpd[1589]: warning: SASL authentication failure: Password verification failed
Nov 18 19:57:22 galinos postfix/smtpd[1589]: warning: unknown[195.167.65.109]: SASL PLAIN authentication failed: authentication failure
Nov 18 19:57:23 galinos postfix/smtpd[1589]: warning: unknown[195.167.65.109]: SASL LOGIN authentication failed: authentication failure
Nov 18 19:57:25 galinos postfix/smtpd[1589]: disconnect from unknown[195.167.65.109]
Except the above, I can not understand why the authentication methods are not limited in the ehlo command when in the smtpd.conf it is limited to "plain text"

Any ideas?
Reply With Quote
Sponsored Links
  #2  
Old 18th November 2008, 19:48
_X_ _X_ is offline
Senior Member
 
Join Date: Oct 2008
Posts: 247
Thanks: 8
Thanked 37 Times in 35 Posts
Default

do you have:
smtpd_recipient_restrictions = permit_sasl_authenticated,permit_mynetworks,reject _unauth_destination

in /etc/postfix/main.cf
Reply With Quote
The Following User Says Thank You to _X_ For This Useful Post:
openman (21st November 2008)
  #3  
Old 18th November 2008, 19:51
openman openman is offline
Junior Member
 
Join Date: Nov 2008
Posts: 16
Thanks: 4
Thanked 0 Times in 0 Posts
Default

yes,
Code:
smtpd_recipient_restrictions =  permit_sasl_authenticated, permit_mynetworks ,  reject_unauth_destination
Reply With Quote
  #4  
Old 18th November 2008, 20:04
_X_ _X_ is offline
Senior Member
 
Join Date: Oct 2008
Posts: 247
Thanks: 8
Thanked 37 Times in 35 Posts
Default

similar to your problem:
http://securepoint.com/lists/html/po.../msg00245.html

http://www.irbs.net/internet/postfix/0402/2024.html

http://nico.schottelius.org/notizbuc...cation-failure

http://www.mail-archive.com/debian-b...msg380508.html
Reply With Quote
The Following User Says Thank You to _X_ For This Useful Post:
openman (21st November 2008)
  #5  
Old 18th November 2008, 20:12
_X_ _X_ is offline
Senior Member
 
Join Date: Oct 2008
Posts: 247
Thanks: 8
Thanked 37 Times in 35 Posts
Default

but this looks as possible solution:

http://www.howtoforge.com/forums/sho...d.php?p=120393

try this:

http://www.howtoforge.com/forums/sho...5&postcount=10

Last edited by _X_; 18th November 2008 at 20:20.
Reply With Quote
The Following User Says Thank You to _X_ For This Useful Post:
openman (21st November 2008)
  #6  
Old 18th November 2008, 20:32
openman openman is offline
Junior Member
 
Join Date: Nov 2008
Posts: 16
Thanks: 4
Thanked 0 Times in 0 Posts
Default

nothing of the above helped...

Why does it present all authenticate methods even when it is limited to plain login in configuration?

Last edited by openman; 18th November 2008 at 20:36.
Reply With Quote
  #7  
Old 18th November 2008, 21:08
_X_ _X_ is offline
Senior Member
 
Join Date: Oct 2008
Posts: 247
Thanks: 8
Thanked 37 Times in 35 Posts
Default

does mail auth works from other mail clients like Outlook (Express)?
Reply With Quote
  #8  
Old 18th November 2008, 22:02
openman openman is offline
Junior Member
 
Join Date: Nov 2008
Posts: 16
Thanks: 4
Thanked 0 Times in 0 Posts
Default

Quote:
Originally Posted by _X_ View Post
does mail auth works from other mail clients like Outlook (Express)?
no, it does not.
Reply With Quote
  #9  
Old 18th November 2008, 22:19
_X_ _X_ is offline
Senior Member
 
Join Date: Oct 2008
Posts: 247
Thanks: 8
Thanked 37 Times in 35 Posts
Default

can you post main.cf?
Reply With Quote
  #10  
Old 18th November 2008, 22:39
openman openman is offline
Junior Member
 
Join Date: Nov 2008
Posts: 16
Thanks: 4
Thanked 0 Times in 0 Posts
 
Default

main.cf
Code:
# See /usr/share/postfix/main.cf.dist for a commented, more complete version


# Debian specific:  Specifying a file name will cause the first
# line of that file to be used as the name.  The Debian default
# is /etc/mailname.
#myorigin = /etc/mailname

smtpd_banner = $myhostname ESMTP $mail_name (Ubuntu)
biff = no

# appending .domain is the MUA's job.
append_dot_mydomain = no

# Uncomment the next line to generate "delayed mail" warnings
delay_warning_time = 6h

# TLS parameters
smtpd_tls_cert_file = /etc/postfix/ssl/smtpd.crt
smtpd_tls_key_file = /etc/postfix/ssl/smtpd.key
smtpd_use_tls = yes
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
smtpd_tls_auth_only = no
smtp_tls_note_starttls_offer = yes
smtpd_tls_loglevel = 0
smtpd_tls_received_header = yes
smtpd_tls_session_cache_timeout = 3600s
tls_random_source = dev:/dev/urandom


smtpd_sasl_auth_enable = yes
smtpd_sasl_security_options = noanonymous
smtpd_sasl_local_domain = 
smtpd_sasl_path = /etc/postfix/sasl/
broken_sasl_auth_clients = yes
smtpd_tls_auth_only = no

smtpd_recipient_restrictions =  permit_sasl_authenticated, permit_mynetworks ,  reject_unauth_destination

# See /usr/share/doc/postfix/TLS_README.gz in the postfix-doc package for
# information on enabling SSL in the smtp client.

myhostname = galinos.xxx.xxx
alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases
myorigin = /etc/mailname
mydestination = galinos.xxx.xxx
relayhost =
mynetworks = 127.0.0.0/8
mailbox_command = procmail -a "$EXTENSION"
mailbox_size_limit = 0
recipient_delimiter = +
inet_interfaces = all
content_filter = amavis:[127.0.0.1]:10024
receive_override_options = no_address_mappings
home_mailbox = Maildir/

smtpd_helo_required = yes
disable_vrfy_command = yes
strict_rfc821_envelopes = yes
invalid_hostname_reject_code = 554
multi_recipient_bounce_reject_code = 554
non_fqdn_reject_code = 554
relay_domains_reject_code = 554
unknown_address_reject_code = 554
unknown_client_reject_code = 554
unknown_hostname_reject_code = 554
unknown_local_recipient_reject_code = 554
unknown_relay_recipient_reject_code = 554
unknown_sender_reject_code = 554
unknown_virtual_alias_reject_code = 554
unknown_virtual_mailbox_reject_code = 554
unverified_recipient_reject_code = 554
unverified_sender_reject_code = 554

readme_directory = /usr/share/doc/postfix
html_directory = /usr/share/doc/postfix/html
smtpd_tls_CAfile = /etc/postfix/ssl/cacert.pem
Reply With Quote
Reply

Bookmarks

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Undelivered Mail Returned to Sender Error202 General 5 7th May 2009 11:14
localhost postfix/master: fatal: bind 127.0.0.1 port 125: Permission denied g18c Installation/Configuration 4 24th March 2009 17:39
CentoS doesn't send the emails vaio1 Installation/Configuration 18 5th November 2008 17:51
Centos 4.4 32bit Hangs, High Server load 3cwired_com Server Operation 11 16th November 2006 15:47
Verify email setup meekish Installation/Configuration 28 27th October 2006 15:36


All times are GMT +2. The time now is 03:16.


Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.