SASL authentication failure

Discussion in 'Server Operation' started by asus, Aug 11, 2008.

  1. asus

    asus New Member

    Code:
    postfix/smtp[29356]: warning: SASL authentication failure: No worthy mechs found
    postfix/smtp[29356]: B35FEA02962: to=<*****@*****>, relay=smtp.broadband.rogers.com[206.190.36.18]:25, delay=0.14, delays=0.01/0.02/0.11/0, dsn=4.7.0, status=deferred (SASL authentication failed; cannot authenticate to server smtp.broadband.rogers.com[206.190.36.18]: no mechanism available
     
  2. falko

    falko Super Moderator ISPConfig Developer

    Which distribution are you using?
     
  3. asus

    asus New Member

    Ubuntu 8.04
     
  4. falko

    falko Super Moderator ISPConfig Developer

    Please run
    Code:
    echo 'pwcheck_method: saslauthd' >> /etc/postfix/sasl/smtpd.conf
    echo 'mech_list: plain login' >> /etc/postfix/sasl/smtpd.conf
    and restart Postfix.
     
  5. asus

    asus New Member

    I'm still getting the same error, I always follow the perfect setup to the T, What would cause this if I followed the perfect setup guide, I have setup this machine for a client but outgoing and incoming email still isn't working only local email.
     
  6. falko

    falko Super Moderator ISPConfig Developer

    What's in /etc/postfix/sasl/smtpd.conf?
     
  7. asus

    asus New Member

    pwcheck_method: saslauthd
    mech_list: plain login
     
  8. ralic

    ralic New Member

    Which guide did you follow? We may then be able to know what to expect to see in your system.

    Is that everything?
    What are the permissions on the file? Can the postfix user read the contents?
    Code:
    ls -l /etc/postfix/sasl
    What SASL options do you have set in postfix's main.cf? Can you post the the contents of that file here, xxxx'ing out any site sensitive information?
     
    Last edited: Aug 15, 2008
  9. asus

    asus New Member

    I used the Ubuntu 8.04 Perfect Server setup. Yes that is everything that was in the file and these are the permissions
    Code:
    -rw-r--r-- 1 root root 50 2008-08-14 15:42 smtpd.conf
    and here is my main.cf
    Code:
    # See /usr/share/postfix/main.cf.dist for a commented, more complete version
    
    
    # Debian specific:  Specifying a file name will cause the first
    # line of that file to be used as the name.  The Debian default
    # is /etc/mailname.
    #myorigin = /etc/mailname
    
    smtpd_banner = $myhostname ESMTP $mail_name (Ubuntu)
    biff = no
    
    # appending .domain is the MUA's job.
    append_dot_mydomain = no
    
    # Uncomment the next line to generate "delayed mail" warnings
    #delay_warning_time = 4h
    
    readme_directory = no
    
    # TLS parameters
    smtpd_tls_cert_file = /etc/postfix/ssl/smtpd.crt
    smtpd_tls_key_file = /etc/postfix/ssl/smtpd.key
    smtpd_use_tls = yes
    smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
    smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
    
    # See /usr/share/doc/postfix/TLS_README.gz in the postfix-doc package for
    # information on enabling SSL in the smtp client.
    
    myhostname = *********
    alias_maps = hash:/etc/aliases
    alias_database = hash:/etc/aliases
    myorigin = /etc/mailname
    #mydestination = ***********, localhost.********, localhost.localdomain, localhost
    relayhost = [smtp.broadband.rogers.com]
    mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128
    mailbox_command = 
    mailbox_size_limit = 0
    recipient_delimiter = +
    inet_interfaces = all
    inet_protocols = all
    smtpd_sasl_local_domain = 
    smtpd_sasl_auth_enable = yes
    smtpd_sasl_security_options = noanonymous
    broken_sasl_auth_clients = yes
    smtpd_sasl_authenticated_header = yes
    smtpd_recipient_restrictions = permit_sasl_authenticated,permit_mynetworks,reject_unauth_destination
    smtpd_tls_auth_only = no
    smtp_use_tls = yes
    smtp_tls_note_starttls_offer = yes
    smtpd_tls_CAfile = /etc/postfix/ssl/cacert.pem
    smtpd_tls_loglevel = 1
    smtpd_tls_received_header = yes
    smtpd_tls_session_cache_timeout = 3600s
    tls_random_source = dev:/dev/urandom
    
    virtual_maps = hash:/etc/postfix/virtusertable
    
    mydestination = /etc/postfix/local-host-names
    home_mailbox = Maildir/
    smtp_sasl_auth_enable = yes
    smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd
    smtp_sasl_security_option =
    
     
    Last edited: Aug 15, 2008
  10. falko

    falko Super Moderator ISPConfig Developer

    Can you post your /etc/postfix/master.cf as well? Maybe Postfix is running chrooted...

    Did you disable AppArmor?
     
  11. asus

    asus New Member

    yes I disabled apparmor and removed it completely.
    Code:
    # Postfix master process configuration file.  For details on the format
    # of the file, see the master(5) manual page (command: "man 5 master").
    #
    # Do not forget to execute "postfix reload" after editing this file.
    #
    # ==========================================================================
    # service type  private unpriv  chroot  wakeup  maxproc command + args
    #               (yes)   (yes)   (yes)   (never) (100)
    # ==========================================================================
    smtp      inet  n       -       -       -       -       smtpd
    #submission inet n       -       -       -       -       smtpd
    #  -o smtpd_tls_security_level=encrypt
    #  -o smtpd_sasl_auth_enable=yes
    #  -o smtpd_client_restrictions=permit_sasl_authenticated,reject
    #  -o milter_macro_daemon_name=ORIGINATING
    #smtps     inet  n       -       -       -       -       smtpd
    #  -o smtpd_tls_wrappermode=yes
    #  -o smtpd_sasl_auth_enable=yes
    #  -o smtpd_client_restrictions=permit_sasl_authenticated,reject
    #  -o milter_macro_daemon_name=ORIGINATING
    #628      inet  n       -       -       -       -       qmqpd
    pickup    fifo  n       -       -       60      1       pickup
    cleanup   unix  n       -       -       -       0       cleanup
    qmgr      fifo  n       -       n       300     1       qmgr
    #qmgr     fifo  n       -       -       300     1       oqmgr
    tlsmgr    unix  -       -       -       1000?   1       tlsmgr
    rewrite   unix  -       -       -       -       -       trivial-rewrite
    bounce    unix  -       -       -       -       0       bounce
    defer     unix  -       -       -       -       0       bounce
    trace     unix  -       -       -       -       0       bounce
    verify    unix  -       -       -       -       1       verify
    flush     unix  n       -       -       1000?   0       flush
    proxymap  unix  -       -       n       -       -       proxymap
    proxywrite unix -       -       n       -       1       proxymap
    smtp      unix  -       -       -       -       -       smtp
    # When relaying mail as backup MX, disable fallback_relay to avoid MX loops
    relay     unix  -       -       -       -       -       smtp
    	-o smtp_fallback_relay=
    #       -o smtp_helo_timeout=5 -o smtp_connect_timeout=5
    showq     unix  n       -       -       -       -       showq
    error     unix  -       -       -       -       -       error
    retry     unix  -       -       -       -       -       error
    discard   unix  -       -       -       -       -       discard
    local     unix  -       n       n       -       -       local
    virtual   unix  -       n       n       -       -       virtual
    lmtp      unix  -       -       -       -       -       lmtp
    anvil     unix  -       -       -       -       1       anvil
    scache    unix  -       -       -       -       1       scache
    #
    # ====================================================================
    # Interfaces to non-Postfix software. Be sure to examine the manual
    # pages of the non-Postfix software to find out what options it wants.
    #
    # Many of the following services use the Postfix pipe(8) delivery
    # agent.  See the pipe(8) man page for information about ${recipient}
    # and other message envelope options.
    # ====================================================================
    #
    # maildrop. See the Postfix MAILDROP_README file for details.
    # Also specify in main.cf: maildrop_destination_recipient_limit=1
    #
    maildrop  unix  -       n       n       -       -       pipe
      flags=DRhu user=vmail argv=/usr/bin/maildrop -d ${recipient}
    #
    # See the Postfix UUCP_README file for configuration details.
    #
    uucp      unix  -       n       n       -       -       pipe
      flags=Fqhu user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail ($recipient)
    #
    # Other external delivery methods.
    #
    ifmail    unix  -       n       n       -       -       pipe
      flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient)
    bsmtp     unix  -       n       n       -       -       pipe
      flags=Fq. user=bsmtp argv=/usr/lib/bsmtp/bsmtp -t$nexthop -f$sender $recipient
    scalemail-backend unix	-	n	n	-	2	pipe
      flags=R user=scalemail argv=/usr/lib/scalemail/bin/scalemail-store ${nexthop} ${user} ${extension}
    mailman   unix  -       n       n       -       -       pipe
      flags=FR user=list argv=/usr/lib/mailman/bin/postfix-to-mailman.py
      ${nexthop} ${user}
     
  12. ralic

    ralic New Member

    I don't see anything obviously amiss.
    Just check that the relay server name in /etc/postfix/sasl_passwd is also enclosed in [].
     
  13. falko

    falko Super Moderator ISPConfig Developer

    Can you try
    Code:
    smtp      inet  n       -       n       -       -       smtpd
    instead of
    Code:
    smtp      inet  n       -       -       -       -       smtpd
    in master.cf?
     
  14. asus

    asus New Member

    same error postfix/smtp[13159]: warning: SASL authentication failure: No worthy mechs found
     
  15. asus

    asus New Member

    I'm not sure this is related but also found this in logwatch
    Code:
    --------------------- Kernel Begin ------------------------ 
    
     
     WARNING:  Segmentation Faults in these executables
        [74592.920762] console-kit-dae :  1 Time(s)
     
     ---------------------- Kernel End ------------------------- 
    
     
  16. ralic

    ralic New Member

    Last edited: Aug 16, 2008
  17. asus

    asus New Member

    Code:
    saslfinger - postfix Cyrus sasl configuration Sat Aug 16 14:28:36 EDT 2008
    version: 1.0.4
    mode: client-side SMTP AUTH
    
    -- basics --
    Postfix: 2.5.1
    System: Ubuntu 8.04.1 \n \l
    
    -- smtp is linked to --
            libsasl2.so.2 => /usr/lib/libsasl2.so.2 (0xb7cff000)
    
    -- active SMTP AUTH and TLS parameters for smtp --
    relayhost = [smtp.broadband.rogers.com]
    smtp_sasl_auth_enable = yes
    smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd
    smtp_tls_note_starttls_offer = yes
    smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
    smtp_use_tls = yes
    
    
    -- listing of /usr/lib/sasl2 --
    total 724
    drwxr-xr-x   2 root root  4096 2008-04-22 13:49 .
    drwxr-xr-x 171 root root 45056 2008-08-14 15:30 ..
    -rw-r--r--   1 root root 13568 2008-04-09 17:50 libanonymous.a
    -rw-r--r--   1 root root   862 2008-04-09 17:49 libanonymous.la
    -rw-r--r--   1 root root 12984 2008-04-09 17:50 libanonymous.so
    -rw-r--r--   1 root root 12984 2008-04-09 17:50 libanonymous.so.2
    -rw-r--r--   1 root root 12984 2008-04-09 17:50 libanonymous.so.2.0.22
    -rw-r--r--   1 root root 15834 2008-04-09 17:50 libcrammd5.a
    -rw-r--r--   1 root root   848 2008-04-09 17:49 libcrammd5.la
    -rw-r--r--   1 root root 15320 2008-04-09 17:50 libcrammd5.so
    -rw-r--r--   1 root root 15320 2008-04-09 17:50 libcrammd5.so.2
    -rw-r--r--   1 root root 15320 2008-04-09 17:50 libcrammd5.so.2.0.22
    -rw-r--r--   1 root root 46332 2008-04-09 17:50 libdigestmd5.a
    -rw-r--r--   1 root root   871 2008-04-09 17:49 libdigestmd5.la
    -rw-r--r--   1 root root 43020 2008-04-09 17:50 libdigestmd5.so
    -rw-r--r--   1 root root 43020 2008-04-09 17:50 libdigestmd5.so.2
    -rw-r--r--   1 root root 43020 2008-04-09 17:50 libdigestmd5.so.2.0.22
    -rw-r--r--   1 root root 13574 2008-04-09 17:50 liblogin.a
    -rw-r--r--   1 root root   842 2008-04-09 17:49 liblogin.la
    -rw-r--r--   1 root root 13268 2008-04-09 17:50 liblogin.so
    -rw-r--r--   1 root root 13268 2008-04-09 17:50 liblogin.so.2
    -rw-r--r--   1 root root 13268 2008-04-09 17:50 liblogin.so.2.0.22
    -rw-r--r--   1 root root 30016 2008-04-09 17:50 libntlm.a
    -rw-r--r--   1 root root   836 2008-04-09 17:49 libntlm.la
    -rw-r--r--   1 root root 29236 2008-04-09 17:50 libntlm.so
    -rw-r--r--   1 root root 29236 2008-04-09 17:50 libntlm.so.2
    -rw-r--r--   1 root root 29236 2008-04-09 17:50 libntlm.so.2.0.22
    -rw-r--r--   1 root root 13798 2008-04-09 17:50 libplain.a
    -rw-r--r--   1 root root   842 2008-04-09 17:49 libplain.la
    -rw-r--r--   1 root root 13396 2008-04-09 17:50 libplain.so
    -rw-r--r--   1 root root 13396 2008-04-09 17:50 libplain.so.2
    -rw-r--r--   1 root root 13396 2008-04-09 17:50 libplain.so.2.0.22
    -rw-r--r--   1 root root 22126 2008-04-09 17:50 libsasldb.a
    -rw-r--r--   1 root root   873 2008-04-09 17:49 libsasldb.la
    -rw-r--r--   1 root root 18080 2008-04-09 17:50 libsasldb.so
    -rw-r--r--   1 root root 18080 2008-04-09 17:50 libsasldb.so.2
    -rw-r--r--   1 root root 18080 2008-04-09 17:50 libsasldb.so.2.0.22
    
    -- listing of /etc/postfix/sasl --
    total 12
    drwxr-xr-x 2 root root 4096 2008-08-01 02:45 .
    drwxr-xr-x 4 root root 4096 2008-08-16 12:32 ..
    -rw-r--r-- 1 root root   50 2008-08-14 15:42 smtpd.conf
    
    
    -- permissions for /etc/postfix/sasl_passwd --
    -rw------- 1 root root 66 2008-08-10 20:47 /etc/postfix/sasl_passwd
    
    -- permissions for /etc/postfix/sasl_passwd.db --
    -rw------- 1 root root 12288 2008-08-10 20:48 /etc/postfix/sasl_passwd.db
    
    /etc/postfix/sasl_passwd.db is up to date.
    
    -- active services in /etc/postfix/master.cf --
    # service type  private unpriv  chroot  wakeup  maxproc command + args
    #               (yes)   (yes)   (yes)   (never) (100)
    smtp      inet  n       -       n       -       -       smtpd
    pickup    fifo  n       -       -       60      1       pickup
    cleanup   unix  n       -       -       -       0       cleanup
    qmgr      fifo  n       -       n       300     1       qmgr
    tlsmgr    unix  -       -       -       1000?   1       tlsmgr
    rewrite   unix  -       -       -       -       -       trivial-rewrite
    bounce    unix  -       -       -       -       0       bounce
    defer     unix  -       -       -       -       0       bounce
    trace     unix  -       -       -       -       0       bounce
    verify    unix  -       -       -       -       1       verify
    flush     unix  n       -       -       1000?   0       flush
    proxymap  unix  -       -       n       -       -       proxymap
    proxywrite unix -       -       n       -       1       proxymap
    smtp      unix  -       -       -       -       -       smtp
    relay     unix  -       -       -       -       -       smtp
            -o smtp_fallback_relay=
    showq     unix  n       -       -       -       -       showq
    error     unix  -       -       -       -       -       error
    retry     unix  -       -       -       -       -       error
    discard   unix  -       -       -       -       -       discard
    local     unix  -       n       n       -       -       local
    virtual   unix  -       n       n       -       -       virtual
    lmtp      unix  -       -       -       -       -       lmtp
    anvil     unix  -       -       -       -       1       anvil
    scache    unix  -       -       -       -       1       scache
    maildrop  unix  -       n       n       -       -       pipe
      flags=DRhu user=vmail argv=/usr/bin/maildrop -d ${recipient}
    uucp      unix  -       n       n       -       -       pipe
      flags=Fqhu user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail ($recipient)
    ifmail    unix  -       n       n       -       -       pipe
      flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient)
    bsmtp     unix  -       n       n       -       -       pipe
      flags=Fq. user=bsmtp argv=/usr/lib/bsmtp/bsmtp -t$nexthop -f$sender $recipient
    scalemail-backend unix  -       n       n       -       2       pipe
      flags=R user=scalemail argv=/usr/lib/scalemail/bin/scalemail-store ${nexthop}                                                                              ${user} ${extension}
    mailman   unix  -       n       n       -       -       pipe
      flags=FR user=list argv=/usr/lib/mailman/bin/postfix-to-mailman.py
      ${nexthop} ${user}
    
    -- mechanisms on [smtp.broadband.rogers.com] --
    
    
    -- end of saslfinger output --
    I also need help with godaddy, this is the first time I registerd a domain with godaddy, when i send a email to my server from rogers it always fails and its pointing to godaddy's server not mine. do i have to use godaddy's email server for incoming ? and my isp's for outgoing? if so how do i setup that up.
     
    Last edited: Aug 16, 2008
  18. ralic

    ralic New Member

    This shows that there are no AUTH mechanisms being offered by the server, however if you telnet to the port directly, it does offer:
    Code:
    [email protected]:~$ telnet smtp.broadband.rogers.com 25
    Trying 206.190.36.18...
    Connected to smtp-rog.mail.yahoo.com.
    Escape character is '^]'.
    220 smtp104.rog.mail.re2.yahoo.com ESMTP
    ehlo hostname.example.com
    250-smtp104.rog.mail.re2.yahoo.com
    [b]250-AUTH LOGIN PLAIN XYMCOOKIE[/b]
    250-PIPELINING
    250 8BITMIME
    quit
    221 smtp104.rog.mail.re2.yahoo.com
    Connection closed by foreign host.
    
    I should have see this earlier.
    Add the following to main.cf and restart postfix:
    Code:
    smtp_sasl_security_options = 
    By default it is set to smtp_sasl_security_options = noplaintext, noanonymous effectively disallowing plaintext which is all that's on offer.

    I also note that you are using TLS (smtp_use_tls = yes), but have none of the following:
    smtp_tls_CAfile =
    smtp_tls_cert_file =
    smtp_tls_key_file =

    That's likely to generate some warnings/errors in future with any attempts at TLS. Perhaps turn it off until you've digested Postfix TLS Support.

    Incoming mail is directed according your domain's MX record in the DNS. You have to configure your MX record for your domain in the DNS server for the domain and it must point to the mail server that will receive your domain's email. If email to your domain is going to godaddy's mail server, then your MX is probably pointing there instead of your server.

    If DNS is managed at your registrar (godaddy) then you must add/change the MX record there. If you manage the DNS yourself (bind on your box), then you add the MX record there.

    Which server to use for outgoing depends on your situation. You can use your isp's server if they allow it and provide the necessary connection details. Currently it looks like you are planning on relaying everything out through roger's as a type of isp/smarthost. You can also opt to use your own server, depending on your capabilities and resources and provided it's not being blocked for some reason. There's various different ways and it's really up to you to decide what you'd like to do.
     
  19. ralic

    ralic New Member

    While trying to emulate this it seems that the saslfinger utility doesn't like hostnames wrapped in [], hence you get:
    Code:
    -- mechanisms on [smtp.broadband.rogers.com] --
    
    
    -- end of saslfinger output --
    Adding smtp_sasl_security_options = might help, but can you please verify that you can telnet to the relay and issue the ehlo command from your server and post the output?

    Reviewing the details you've posted so far, I see that your main.cf does contain the above line, but with a slight typo. Yours is missing the s in _options.
     
    Last edited: Aug 17, 2008

Share This Page