postfix auth problem (sasl)

Discussion in 'Installation/Configuration' started by lerra, Mar 6, 2006.

  1. lerra

    lerra New Member

    caveguard:~# ls -la /var/spool/postfix/etc/
    total 44
    drwxr-xr-x 2 root root 4096 Mar 7 23:59 .
    drwxr-xr-x 20 root root 4096 Jan 22 13:43 ..
    -rw-r--r-- 1 root root 422 Mar 7 23:59 hosts
    -rw-r--r-- 1 root root 675 Mar 7 23:59 localtime
    -rw-r--r-- 1 root root 465 Mar 7 23:59 nsswitch.conf
    -rw-r--r-- 1 root root 107 Mar 7 23:59 resolv.conf
    -rw-r--r-- 1 root root 17571 Mar 7 23:59 services
    caveguard:~# ls -Rla /var/spool/postfix/usr/
    /var/spool/postfix/usr/:
    total 12
    drwxr-xr-x 3 root root 4096 Jan 22 13:37 .
    drwxr-xr-x 20 root root 4096 Jan 22 13:43 ..
    drwxr-xr-x 3 root root 4096 Jan 22 13:37 lib

    /var/spool/postfix/usr/lib:
    total 12
    drwxr-xr-x 3 root root 4096 Jan 22 13:37 .
    drwxr-xr-x 3 root root 4096 Jan 22 13:37 ..
    drwxr-xr-x 2 root root 4096 Mar 7 23:59 zoneinfo

    /var/spool/postfix/usr/lib/zoneinfo:
    total 8
    drwxr-xr-x 2 root root 4096 Mar 7 23:59 .
    drwxr-xr-x 3 root root 4096 Jan 22 13:37 ..
    lrwxrwxrwx 1 root root 14 Mar 7 23:59 localtime -> /etc/localtime
     
  2. todvard

    todvard ISPConfig Developer ISPConfig Developer

    hmm, weird.
    Code:
    dpkg -l | grep postfix
    ls -Rla /var/spool/postfix/lib
     
  3. lerra

    lerra New Member

    caveguard:~# dpkg -l | grep postfix
    ii postfix 2.1.5-9 A high-performance mail transport agent
    ii postfix-tls 2.1.5-9 TLS and SASL support for Postfix
    caveguard:~# ls -Rla /var/spool/postfix/lib
    /var/spool/postfix/lib:
    total 232
    drwxr-xr-x 2 root root 4096 Mar 7 23:59 .
    drwxr-xr-x 20 root root 4096 Jan 22 13:43 ..
    -rw-r--r-- 1 root root 31744 May 12 2005 libnss_compat-2.3.2.so
    lrwxrwxrwx 1 root root 22 Mar 7 23:59 libnss_compat.so.2 -> libnss_compat-2.3.2.so
    -rw-r--r-- 1 root root 21536 May 23 2005 libnss_db-2.2.so
    lrwxrwxrwx 1 root root 16 Mar 7 23:59 libnss_db.so.2 -> libnss_db-2.2.so
    -rw-r--r-- 1 root root 16216 May 12 2005 libnss_dns-2.3.2.so
    lrwxrwxrwx 1 root root 19 Mar 7 23:59 libnss_dns.so.2 -> libnss_dns-2.3.2.so
    -rw-r--r-- 1 root root 41600 May 12 2005 libnss_files-2.3.2.so
    lrwxrwxrwx 1 root root 21 Mar 7 23:59 libnss_files.so.2 -> libnss_files-2.3.2.so
    -rw-r--r-- 1 root root 17768 May 12 2005 libnss_hesiod-2.3.2.so
    lrwxrwxrwx 1 root root 22 Mar 7 23:59 libnss_hesiod.so.2 -> libnss_hesiod-2.3.2.so
    -rw-r--r-- 1 root root 39488 May 12 2005 libnss_nis-2.3.2.so
    lrwxrwxrwx 1 root root 19 Mar 7 23:59 libnss_nis.so.2 -> libnss_nis-2.3.2.so
    -rw-r--r-- 1 root root 45344 May 12 2005 libnss_nisplus-2.3.2.so
    lrwxrwxrwx 1 root root 23 Mar 7 23:59 libnss_nisplus.so.2 -> libnss_nisplus-2.3.2.so
    caveguard:~#


    What do you have in your thoughts?
     
  4. todvard

    todvard ISPConfig Developer ISPConfig Developer

    My first thoghts was that you are using postfix not in chroot and you are trying to access saslauthd in wrong folder, but everything seems fine in your config files and folders so far.
    I could find some hints searching by google, this one is promising http://bsdsearch.com/eao/phorum/read.php?f=38&i=2810&t=2810&v=f
    Lets see other config files
    Code:
    cat /etc/init.d/saslauthd
    /* about your main.cf, i guess you forgot to install procmail, or just forgot to configure postfix to using it.
    mailbox_command = procmail -a "$EXTENSION"
    just ignore me if you are planning to not use procmail :) */
     
  5. lerra

    lerra New Member

    What feutures will procmail do? Or what does it add?


    here is the file


    #!/bin/sh -e

    NAME=saslauthd
    DAEMON="/usr/sbin/${NAME}"
    DESC="SASL Authentication Daemon"
    DEFAULTS=/etc/default/saslauthd
    PWDIR="/var/spool/postfix/var/run/${NAME}"
    PIDFILE="${PWDIR}/saslauthd.pid"
    dir="root sasl 755 ${PWDIR}"

    createdir() {
    # $1 = user
    # $2 = group
    # $3 = permissions (octal)
    # $4 = path to directory
    [ -d "$4" ] || mkdir -p "$4"
    chown -c -h "$1:$2" "$4"
    chmod -c "$3" "$4"
    }

    test -f "${DAEMON}" || exit 0

    # Source defaults file; edit that file to configure this script.
    caveguard:~# clear
    caveguard:~# cat /etc/init.d/saslauthd
    #!/bin/sh -e

    NAME=saslauthd
    DAEMON="/usr/sbin/${NAME}"
    DESC="SASL Authentication Daemon"
    DEFAULTS=/etc/default/saslauthd
    PWDIR="/var/spool/postfix/var/run/${NAME}"
    PIDFILE="${PWDIR}/saslauthd.pid"
    dir="root sasl 755 ${PWDIR}"

    createdir() {
    # $1 = user
    # $2 = group
    # $3 = permissions (octal)
    # $4 = path to directory
    [ -d "$4" ] || mkdir -p "$4"
    chown -c -h "$1:$2" "$4"
    chmod -c "$3" "$4"
    }

    test -f "${DAEMON}" || exit 0

    # Source defaults file; edit that file to configure this script.
    if [ -e "${DEFAULTS}" ]; then
    . "${DEFAULTS}"
    fi

    # If we're not to start the daemon, simply exit
    if [ "${START}" != "yes" ]; then
    exit 0
    fi

    # If we have no mechanisms defined
    if [ "x${MECHANISMS}" = "x" ]; then
    echo "You need to configure ${DEFAULTS} with mechanisms to be used"
    exit 0
    fi

    # Add our mechanimsms with the necessary flag
    PARAMS="${PARAMS} -a ${MECHANISMS}"

    START="--start --quiet --pidfile ${PIDFILE} --startas ${DAEMON} --name ${NAME} -- ${PARAMS}"

    # Consider our options
    case "${1}" in
    start)
    echo -n "Starting ${DESC}: "
    #comment out
    #dir=`dpkg-statoverride --list $PWDIR`
    test -z "$dir" || createdir $dir
    if start-stop-daemon ${START} >/dev/null 2>&1 ; then
    echo "${NAME}."
    else
    if start-stop-daemon --test ${START} >/dev/null 2>&1; then
    echo "(failed)."
    exit 1
    else
    echo "${DAEMON} already running."
    exit 0
    fi
    fi
    ;;
    stop)
    echo -n "Stopping ${DESC}: "
    if start-stop-daemon --stop --quiet --pidfile "${PIDFILE}" \
    --startas ${DAEMON} --retry 10 --name ${NAME} \
    >/dev/null 2>&1 ; then
    echo "${NAME}."
    else
    if start-stop-daemon --test ${START} >/dev/null 2>&1; then
    echo "(not running)."
    exit 0
    else
    echo "(failed)."
    exit 1
    fi
    fi
    ;;
    restart|force-reload)
    $0 stop
    exec $0 start
    ;;
    *)
    echo "Usage: /etc/init.d/${NAME} {start|stop|restart|force-reload}" >&2
    exit 1
    ;;
    esac

    exit 0
     
  6. falko

    falko Super Moderator ISPConfig Developer

    Looks ok, too... :confused:
     
  7. todvard

    todvard ISPConfig Developer ISPConfig Developer

    Procmail is needed for selecting and forwarding messages to different services like the spamfilter, virusscanner, mail forward, quota, autoresponder and such..
    I hope Falko or Till will correct me if i am wrong.. :)

    about sasl, i can not see errors im your config files. it could be smthing very annoying typo somewhere.. or maybe not.. :confused: If i were you i would reinstall all packages related to this issue:
    Code:
     apt-get --reinstall install postfix postfix-tls libsasl2 libsasl2-modules sasl2-bin
     
    Last edited: Mar 9, 2006
  8. lerra

    lerra New Member

    Hm, i already use thows feutures and they seams to work..
    Hm, ok, i will do that and come back...will follow perfect setup 3.1 debian again and report back.
     
  9. lerra

    lerra New Member

    Is there nobody that can help me with the sasl problem? Still haveing the problem.. :/
     
  10. falko

    falko Super Moderator ISPConfig Developer

    You must have something wrong. If you simply copy & paste the commands from the "Perfect Setup", it will work.
     
  11. r12dk

    r12dk New Member

    Falko, i think something has changed in the debian packages since you wrote the howto. Lot of people seem to have problems with saslauth and smtp auth'ing, including me.

    I also followed the perfect setup, step by step, and it simply wornt work.
     
  12. falko

    falko Super Moderator ISPConfig Developer

    Believe me, it's working. I've just set up another server with this tutorial two days ago. If you just follow it and don't look left and right, then it's working. Don't do anything else, just do what is said in the tutorial.
     
  13. lerra

    lerra New Member

    Solved! After some hours of googleing and testing i found a page:
    http://lists.debian.org/debian-user/2005/07/msg01010.html

    What i did was that i added postfix to the sals group,
    rm -rf /var/run/saslauthd
    ln -s /var/spool/postfix/var/run/saslauthd/ /var/run/saslauthd

    And it works now! I am runnign Sarge 3.1 amd64
    I hope this will help people, please support the ispconfig community by postback sollutions! Creds to the codehackers!
     
  14. Hans

    Hans Moderator ISPConfig Developer

  15. minskog

    minskog New Member

    I have the same problem,and dont work with that commands. I do a vimdiff from my files to howto's configuration files and are the same except the domain, of course.

    update:
    Im restart all services and now (thanks to $deity) gives an error:
    warning: SASL authentication failure: cannot connect to saslauthd server: Permission denied

    And with testsaslauthd runs well, before the restart dont work:
    testsaslauthd -f /var/spool/postfix/var/run/saslauthd/mux -u minskog.net_minskog -p password
    0: OK "Success."

    Update 2:
    lerra have: PWDIR="/var/spool/postfix/var/run/${NAME}"
    I have: PWDIR=/var/run/saslauthd


    But ig i put PWDIR="/var/spool/postfix/var/run/${NAME}", then sasl dont start.
     
    Last edited: May 10, 2006
  16. falko

    falko Super Moderator ISPConfig Developer

    Please kill your existing saslauthd processes and try to start saslauthd again.
     
  17. minskog

    minskog New Member

    I restart it a lot, but i think that the problem could be here:

    Code:
    Starting SASL Authentication Daemon: mode of `/var/run/saslauthd' changed to 0710 (rwx--x---)
    Update:

    If i put /var/spool/postfix/var/run/saslauthd with 777, dont gives permission error, but continues giving errors, the password is correct and the user, I use them with imap, pop and testsasauthd, and works perfectly:

    Code:
    warning: SASL authentication failure: Password verification failed
     
    Last edited: May 10, 2006
  18. falko

    falko Super Moderator ISPConfig Developer

    Did you kill your existing saslauthd processes and start saslauthd again?
     
  19. minskog

    minskog New Member

    Yes, and the same:
    Code:
    server1:/var/spool/postfix/var/run/saslauthd# killall saslauthd
    server1:/var/spool/postfix/var/run/saslauthd# killall saslauthd saslauthd: no process killed
    server1:/var/spool/postfix/var/run/saslauthd# /etc/init.d/saslauthd start 
    Starting SASL Authentication Daemon: mode of `/var/run/saslauthd' changed to 0710 (rwx--x---) saslauthd.
    then i try to send one mail:
    Code:
    May 10 16:12:27 server1 postfix/smtpd[25016]: warning: SASL authentication failure: cannot connect to saslauthd server: Permission denied May 10 16:12:27 server1 postfix/smtpd[25016]: warning: SASL authentication failure: Password verification failed 
    Update: I am trying in another server, and the same. Are both debian sarge 3.1 32bits, ispconfig version 2.2.2. Updaet 2: I reconfigure postfix and sasl by copy&paste from the howto and the same.

    Update 3:
    im crazy, i have 3 servers with ispconfig, server 1 and server 2 fails, but server 3 runs well, and i dont see any significative differences in configuration ...
     
    Last edited: May 10, 2006
  20. minskog

    minskog New Member

    Server 2 work now with a complete reinstall, but server 1 continues giving sasl errors.

    Code:
    May 10 18:36:17 server1 postfix/smtpd[30797]: warning: SASL authentication failure: Password verification failed
    May 10 18:36:17 server1 postfix/smtpd[30797]: warning: x.Red-x-x-x.staticIP.rima-tde.net[x.x.x.x]: SASL PLAIN authentication failed
    May 10 18:36:17 server1 postfix/smtpd[30797]: warning: x.Red-x-x-x.staticIP.rima-tde.net[x.x.x.x]: SASL LOGIN authentication 
    Postfix telnet:
    Code:
    ehlo minskog
    250-server1.domain.com
    250-PIPELINING
    250-SIZE 10240000
    250-VRFY
    250-ETRN
    250-STARTTLS
    250-AUTH LOGIN PLAIN
    250-AUTH=LOGIN PLAIN
    250 8BITMIME
    
    Says that sasl are active, and the test:

    Code:
    testsaslauthd -f /var/spool/postfix/var/run/saslauthd/mux -u minskog.net_minskog -p password
    0: OK "Success."
     

Share This Page