Go Back   HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials > Linux Forums > Server Operation

Do you like HowtoForge? Please consider supporting us by becoming a subscriber.
Reply
 
Thread Tools Display Modes
  #1  
Old 1st December 2012, 21:05
wigglez wigglez is offline
Junior Member
 
Join Date: Nov 2012
Posts: 14
Thanks: 0
Thanked 1 Time in 1 Post
Default Sasl Authentication Failure

I'm not entirely sure if this is the place to post this but, I have a new error with postfix that popped up when using thunderbird.

Code:
warning: SASL authentication failure: Password verification failed
Webmail works, just can't connect from outside.

Which password is it referring to.

I've double checked the password for user@domain.net with mysql

Could it have something to do with this:
Code:
250-AUTH LOGIN NTLM DIGEST-MD5 PLAIN CRAM-MD5
Instead of:
Code:
250-AUTH PLAIN LOGIN
I can't change that. I did a grep for every mechlist that it found. Changing the values to plain login, didn't work.

Edit: Oh, I should mention this is for sending mail, receiving it with courier and thunderbird works just fine.

Last edited by wigglez; 1st December 2012 at 22:26.
Reply With Quote
Sponsored Links
  #2  
Old 2nd December 2012, 12:06
falko falko is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lneburg, Germany
Posts: 41,701
Thanks: 1,900
Thanked 2,735 Times in 2,571 Posts
Default

Which distribution do you use? Are there any errors in your mail log?
__________________
Falko
--
Download the ISPConfig 3 Manual! | Check out the ISPConfig 3 Billing Module!

FB: http://www.facebook.com/howtoforge

nginx-Webhosting: Timme Hosting | Follow me on:
Reply With Quote
  #3  
Old 2nd December 2012, 17:23
wigglez wigglez is offline
Junior Member
 
Join Date: Nov 2012
Posts: 14
Thanks: 0
Thanked 1 Time in 1 Post
Default

Ubuntu 8.04

mail.log:
Code:
SASL authentication failure: Password verification failed
SASL PLAIN authentication failed: authentication failure
SASL LOGIN authentication failed: authentication failure
Reply With Quote
  #4  
Old 3rd December 2012, 08:23
wigglez wigglez is offline
Junior Member
 
Join Date: Nov 2012
Posts: 14
Thanks: 0
Thanked 1 Time in 1 Post
Default

Was having an issue with testsaslauthd not working unless i specified a path in the command. Created a symlink, and was hoping fixing that would take care of it, but it didn't. It made testsaslauthd work without manually entering a path.

Code:
rm -rf /var/run/saslauthd
ln -s /var/spool/postfix/var/run/saslauthd /var/run/saslauthd
Code:
testsaslauthd -s smtp -u user@domain.com -p password

Last edited by wigglez; 3rd December 2012 at 08:29.
Reply With Quote
  #5  
Old 4th December 2012, 06:01
wigglez wigglez is offline
Junior Member
 
Join Date: Nov 2012
Posts: 14
Thanks: 0
Thanked 1 Time in 1 Post
Default

I am getting quite suspicious that this is whats causing it:

Code:
250-AUTH LOGIN NTLM DIGEST-MD5 PLAIN CRAM-MD5
It should read:
Code:
250-AUTH PLAIN LOGIN
I only told it to use plain login, I don't know why it's still wanting to use the extras.

I changed the name of anything that could intercede smtpd.conf

In both directories /usr/lib/sasl2 and /usr/lib64/sasl2, I changed the names of Sendmail.conf, smtpd.conf, and saslpaswd.conf incase they were overriding /etc/postfix/sasl/smtpd.conf.

Code:
pwcheck_method: saslauthd
mech_list: plain login
log_level: 7
allow plaintext: true
auxprop_plugin: sql
sql_engine: mysql
sql_hostnames: 127.0.0.1
sql_user: mail_admin
sql_passwd: mail_admin_pass
sql_database: mail
sql_select: select password from users where email = '%u@%r'
I can't figure out what is overriding this. It can't be overriding the whole file, or I imagine it would be more broken. It's just overriding the mech list.

Last edited by wigglez; 4th December 2012 at 06:04.
Reply With Quote
  #6  
Old 5th December 2012, 14:15
falko falko is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lneburg, Germany
Posts: 41,701
Thanks: 1,900
Thanked 2,735 Times in 2,571 Posts
Default

What's in /etc/postfix/main.cf?
__________________
Falko
--
Download the ISPConfig 3 Manual! | Check out the ISPConfig 3 Billing Module!

FB: http://www.facebook.com/howtoforge

nginx-Webhosting: Timme Hosting | Follow me on:
Reply With Quote
  #7  
Old 5th December 2012, 15:32
wigglez wigglez is offline
Junior Member
 
Join Date: Nov 2012
Posts: 14
Thanks: 0
Thanked 1 Time in 1 Post
Default

Code:
# See /usr/share/postfix/main.cf.dist for a commented, more complete version


# Debian specific:  Specifying a file name will cause the first
# line of that file to be used as the name.  The Debian default
# is /etc/mailname.
#myorigin = /etc/mailname

smtpd_banner = $myhostname ESMTP $mail_name (Ubuntu)
biff = no

# appending .domain is the MUA's job.
append_dot_mydomain = no

# Uncomment the next line to generate "delayed mail" warnings
#delay_warning_time = 4h

readme_directory = no

# TLS parameters
smtpd_tls_cert_file = /etc/postfix/smtpd.cert
smtpd_tls_key_file = /etc/postfix/smtpd.key
smtpd_use_tls = yes
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
#smtpd_tls_exclude_ciphers=RC4-MD5
smtpd_sasl_path = /var/spool/postfix/var/run/saslauthd
#smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd


# See /usr/share/doc/postfix/TLS_README.gz in the postfix-doc package for
# information on enabling SSL in the smtp client.

myhostname = smtp.domain.net
alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases
#myorigin = /etc/mailname
myorigin = domain.net
mydestination = smtp.domain.net, localhost, localhost.localdomain
relayhost =
mynetworks = 127.0.0.0/8
mailbox_command = procmail -a "$EXTENSION"
mailbox_size_limit = 0
recipient_delimiter = +
inet_interfaces = all
mynetworks_style = host
virtual_alias_domains =
virtual_alias_maps = proxy:mysql:/etc/postfix/mysql-virtual_forwardings.cf, mysql:/etc/postfix/mysql-virtual_email2email.cf
virtual_mailbox_domains = proxy:mysql:/etc/postfix/mysql-virtual_domains.cf
virtual_mailbox_maps = proxy:mysql:/etc/postfix/mysql-virtual_mailboxes.cf
virtual_mailbox_base = /home/vmail
virtual_uid_maps = static:5000
virtual_gid_maps = static:5000

#SASL
smtpd_sasl_auth_enable = yes
broken_sasl_auth_clients = yes
smtpd_sasl_security_options = noanonymous
smtpd_sasl_local_domain =
smtpd_sasl_authenticated_header = yes

smtpd_sender_restrictions=permit_sasl_authenticated, permit_mynetworks, warn_if_reject, reject_non_fqdn_sender, reject_unknown_sender_domain, reject_unauth_pipelining, permit

smtpd_recipient_restrictions=permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination, check_relay_domains


virtual_create_maildirsize = yes
virtual_maildir_extended = yes
virtual_mailbox_limit_maps = proxy:mysql:/etc/postfix/mysql-virtual_mailbox_limit_maps.cf
virtual_mailbox_limit_override = yes
virtual_maildir_limit_message = "The user you are trying to reach is over quota."
virtual_overquota_bounce = yes
proxy_read_maps = $local_recipient_maps $mydestination $virtual_alias_maps $virtual_alias_domains $virtual_mailbox_maps $virtual_mailbox_domains $relay_recipient_maps $relay_domains $canonical_maps $sender_canonical_maps $recipient_canonical_maps $relocated_maps $mynetworks $virtual_mailbox_limit_maps
Reply With Quote
  #8  
Old 9th December 2012, 03:28
wigglez wigglez is offline
Junior Member
 
Join Date: Nov 2012
Posts: 14
Thanks: 0
Thanked 1 Time in 1 Post
Default

Accidentally nuked everything except mysql by trying to purge libsasl packages

It kept some of my config files intact, but redoing it. It fixed the plain login issue.

From
Code:
250-AUTH LOGIN NTLM DIGEST-MD5 PLAIN CRAM-MD5
To
Code:
250-AUTH LOGIN PLAIN
Unfortunately it didn't fix the thunderbird issue.
Reply With Quote
  #9  
Old 9th December 2012, 11:24
wigglez wigglez is offline
Junior Member
 
Join Date: Nov 2012
Posts: 14
Thanks: 0
Thanked 1 Time in 1 Post
 
Default

It works now...

It was different error. Whatever happened when I nuked it, fixed the first one.

I noticed it wasn't even connecting in the logs.

I changed the smtp server on thunderbird to 25, which I find strange because it connected before on the 587 port.


Could someone explain the difference between the two ports and why thunderbird defaults to 587.


So, anybody reading this and having the same problem where the mech list isn't updating right. Nuke it, and check your ports. haha
Reply With Quote
Reply

Bookmarks

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
SASL LOGIN authentication failed Captain Installation/Configuration 4 13th March 2012 20:07
Mail hold in Q fisherofer Installation/Configuration 1 5th February 2012 13:29
Need help with ISPConfig Mail and Squirrelmail m.xander Installation/Configuration 109 3rd February 2012 00:15
strange fail2ban behaviour > doesn't ban specific IP Djamu Server Operation 2 13th January 2012 02:29
Fail2ban + sasl problem and Solution pititis General 1 2nd March 2011 07:02


All times are GMT +2. The time now is 00:37.


Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.