#1  
Old 23rd March 2011, 04:53
carlos1014 carlos1014 is offline
Junior Member
 
Join Date: Apr 2009
Location: U.S.
Posts: 11
Thanks: 0
Thanked 0 Times in 0 Posts
Question SMTP SASL authentication

Hello,

I'm running postfix on FC14. Followed Falko's brilliant-as-always guide to do this. I setup 3 virtual users. I'll call them a@domain, b@domain, c@domain. I inserted them into the user table in that order, and used ENCRYPT command on the password field for all.

I am using my cellphone to connect to the accounts. My phone managed to connect to both incoming (IMAP) and outgoing (SMTP, duh!) servers with a@domain's credentials.

However, for b and c, it only authenticated the incoming, but responds saying User Authentication failed for outgoing. If I put a's credentials for outgoing, it works.

This is also true in Thunderbird. I have to use a's credentials to login to SMTP.
Maillog shows the following:

Using b
Code:
Mar 22 23:44:21 server postfix/smtpd[6560]: warning: unknown[192.168.1.1]: SASL LOGIN authentication failed: authentication failure
Using a
Code:
Mar 22 23:48:56 server postfix/qmgr[4119]: 2F8522C1F6F: from=<b@domain>, size=1113, nrcpt=1 (queue active)
Mar 22 23:48:56 server postfix/smtpd[6584]: disconnect from unknown[127.0.0.1]
Mar 22 23:48:56 server amavis[5490]: (05490-04) Passed CLEAN, MYNETS LOCAL [192.168.1.1] [192.168.1.1] <b@domain> -> <test@gmail.com>, Message-ID: <4D896D9A.9050503@domain>, mail_id: fPRia-+vwGsw, Hits: -1, size: 677, queued_as: 2F8522C1F6F, 6504 ms
Mar 22 23:48:56 server postfix/smtp[6576]: A58952C03D6: to=<test@gmail.com>, relay=127.0.0.1[127.0.0.1]:10024, delay=6.6, delays=0.11/0.02/0.01/6.5, dsn=2.0.0, status=sent (250 2.0.0 Ok, id=05490-04, from MTA([127.0.0.1]:10025): 250 2.0.0 Ok: queued as 2F8522C1F6F)
Since a's credentials work, it would only follow that b and c should work, too; I can't see where there would be a config issue... what could be the problem?
Reply With Quote
Sponsored Links
  #2  
Old 23rd March 2011, 16:01
falko falko is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 41,701
Thanks: 1,900
Thanked 2,722 Times in 2,563 Posts
Default

That's strange. Do b and c's password contain any special characters?

What's the output of
Code:
getenforce
?
__________________
Falko
--
Download the ISPConfig 3 Manual! | Check out the ISPConfig 3 Billing Module!

FB: http://www.facebook.com/howtoforge

nginx-Webhosting: Timme Hosting | Follow me on:
Reply With Quote
  #3  
Old 23rd March 2011, 18:09
carlos1014 carlos1014 is offline
Junior Member
 
Join Date: Apr 2009
Location: U.S.
Posts: 11
Thanks: 0
Thanked 0 Times in 0 Posts
Default

SELINUX is disabled, and passwords are alpha-numeric only.

Last edited by carlos1014; 24th March 2011 at 01:18. Reason: correcting falko's question
Reply With Quote
  #4  
Old 24th March 2011, 14:37
falko falko is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 41,701
Thanks: 1,900
Thanked 2,722 Times in 2,563 Posts
Default

Do you have the same problem for further users as well? Does it maybe have anything to do with the password length?
__________________
Falko
--
Download the ISPConfig 3 Manual! | Check out the ISPConfig 3 Billing Module!

FB: http://www.facebook.com/howtoforge

nginx-Webhosting: Timme Hosting | Follow me on:
Reply With Quote
  #5  
Old 24th March 2011, 14:45
carlos1014 carlos1014 is offline
Junior Member
 
Join Date: Apr 2009
Location: U.S.
Posts: 11
Thanks: 0
Thanked 0 Times in 0 Posts
Default

The password for user a is the same as the password for user c. Right now I really only have 3 users on my server. User b has a different password from a and c.

Since a and c have the same password, however, I don't know why it would work for a and not c.
Reply With Quote
  #6  
Old 24th March 2011, 15:25
carlos1014 carlos1014 is offline
Junior Member
 
Join Date: Apr 2009
Location: U.S.
Posts: 11
Thanks: 0
Thanked 0 Times in 0 Posts
Default

sorry double post

Last edited by carlos1014; 24th March 2011 at 18:25. Reason: duplicate post
Reply With Quote
  #7  
Old 24th March 2011, 15:25
carlos1014 carlos1014 is offline
Junior Member
 
Join Date: Apr 2009
Location: U.S.
Posts: 11
Thanks: 0
Thanked 0 Times in 0 Posts
Default

This is interesting, though. I turned on level2 debugging in authdaemonrc:

Syslog
Code:
Mar 24 10:00:20 server saslauthd[1906]: do_auth         : auth failure: [user=c] [service=smtp] [realm=domain] [mech=pam] [reason=PAM auth error]
Maillog
Code:
Mar 24 10:06:34 server imapd-ssl: Connection, ip=[::ffff:174.252.166.49]
Mar 24 10:06:35 server authdaemond: received auth request, service=imap, authtype=login
Mar 24 10:06:35 server authdaemond: authmysql: trying this module
Mar 24 10:06:35 server authdaemond: authmysqllib: connected. Versions: header 50155, client 50155, server 50155
Mar 24 10:06:35 server authdaemond: SQL query: SELECT email, password, "", 5000, 5000, "/home/vmail", CONCAT(SUBSTRING_INDEX(email,'@',-1),'/',SUBSTRING_INDEX(email,'@',1),'/'), quota, "", "" FROM users WHERE email = 'c@domain'
Mar 24 10:06:35 server authdaemond: password matches successfully
Mar 24 10:06:35 server authdaemond: authmysql: sysusername=<null>, sysuserid=5000, sysgroupid=5000, homedir=/home/vmail, address=domain, fullname=<null>, maildir=domain/c/, quota=10485760, options=<null>
Mar 24 10:06:35 server authdaemond: authmysql: clearpasswd=<null>, passwd=(shows encoded p/w as it appears in db)
Mar 24 10:06:35 server authdaemond: Authenticated: sysusername=<null>, sysuserid=5000, sysgroupid=5000, homedir=/home/vmail, address=c@domain, fullname=<null>, maildir=domain/c/, quota=10485760, options=<null>
Mar 24 10:06:35 server authdaemond: Authenticated: clearpasswd=(shows password in plain text), passwd=(shows p/w as it appears in p/w field of db)
Mar 24 10:06:35 server imapd-ssl: LOGIN, user=c@domain, ip=[::ffff:174.252.166.49], port=[21857], protocol=IMAP
Mar 24 10:14:14 server postfix/smtpd[9059]: timeout after AUTH from 49.sub-174-252-166.myvzw.com[174.252.166.49]
Mar 24 10:14:14 server postfix/smtpd[9059]: warning: network_biopair_interop: error writing 37 bytes to the network: Connection reset by peer
Mar 24 10:14:14 server postfix/smtpd[9059]: disconnect from 49.sub-174-252-166.myvzw.com[174.252.166.49]
Mar 24 10:14:15 server postfix/smtpd[9059]: connect from 49.sub-174-252-166.myvzw.com[174.252.166.49]
Mar 24 10:14:18 server postfix/smtpd[9059]: warning: SASL authentication failure: Password verification failed
Mar 24 10:14:18 server postfix/smtpd[9059]: warning: 49.sub-174-252-166.myvzw.com[174.252.166.49]: SASL PLAIN authentication failed: authentication failure

Last edited by carlos1014; 24th March 2011 at 15:30. Reason: removing sensitive info
Reply With Quote
  #8  
Old 24th March 2011, 18:28
carlos1014 carlos1014 is offline
Junior Member
 
Join Date: Apr 2009
Location: U.S.
Posts: 11
Thanks: 0
Thanked 0 Times in 0 Posts
Angry

NOW I'M MAD!! The server is not accepting connections from the outside for mail delivery... I can send to anyone, receive e-mails from user a>c, b>a, etc. But mails coming from say, Gmail, are not being processed and I can't find any logs that will let me know where the connection is dropping... I've tried it with firewall off, so it's not that.
Reply With Quote
  #9  
Old 24th March 2011, 19:23
carlos1014 carlos1014 is offline
Junior Member
 
Join Date: Apr 2009
Location: U.S.
Posts: 11
Thanks: 0
Thanked 0 Times in 0 Posts
 
Default

Fixed the not receiving from outside... I forgot that I changed smtp in main.cf file to listen at port 465... guess what? Port 25 is still needed for mail exchange from outside world. I uncommented the smtps line in main.cf to allow port 465 connections.
Reloaded postfix and now I can receive again.
Now, if I could only get this authenctication thing figured out... I feel like I'm writing a novel here... lol
Reply With Quote
Reply

Bookmarks

Tags
authentication, postfix, smtp

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Fail2ban + sasl problem and Solution pititis General 1 2nd March 2011 07:02
Cannot login to SquirrelMail sellotape Installation/Configuration 13 26th October 2010 11:03
Need some Hints to "The Perfect Server - Debian Lenny (Debian 5.0) [ISPConfig 3]" wahid HOWTO-Related Questions 10 25th August 2010 15:18
Mail server attack princebenin Server Operation 1 19th November 2007 14:02
Centos 4.4 32bit Hangs, High Server load 3cwired_com Server Operation 11 16th November 2006 15:47


All times are GMT +2. The time now is 17:40.


Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.