SASL PLAIN authentication failed: no mechanism available

Discussion in 'Installation/Configuration' started by r_s, Sep 3, 2011.

  1. r_s

    r_s New Member

    Hello.

    Yesterday I've updated my Debian Squeeze to Wheezy. Since then, I can't send emails anymore. (At least I assume it has something to do with the update to Wheezy, because that's the only thing I changed. Everything worked well before the update)

    Code:
    $ cat /etc/default/saslauthd
    START=yes
    DESC="SASL Authentication Daemon"
    NAME="saslauthd"
    MECHANISMS="pam"
    MECH_OPTIONS=""
    THREADS=5
    OPTIONS="-c -m /var/spool/postfix/var/run/saslauthd -r"
    Code:
    $ cat /etc/postfix/sasl/smtpd.conf 
    pwcheck_method: saslauthd
    mech_list: plain login
    allow_plaintext: true
    auxprop_plugin: mysql
    sql_hostnames: 127.0.0.1
    sql_user: ispconfig
    sql_passwd: *****
    sql_database: dbispconfig
    sql_select: select password from mail_user where email = '%u'
    Sasalauthd starts without errors, but the userlist is empty (I don't know if intentionally):

    Code:
    $ /etc/init.d/saslauthd restart
    Stopping SASL Authentication Daemon: saslauthd.
    Starting SASL Authentication Daemon: saslauthd.
    $ sasldblistusers2 
    $
    Any ideas? Thank you in advance!
     
  2. CSsab

    CSsab New Member

    Why?

    Wheezy is for testing and development purposes and is entirely unsupported at production level :(

    Your system is probably broken - who knows how badly.

    You may need to try to downgrade to the stable Debian version and run an ISPConfig 3 update somehow - at least you must downgrade Dovecot because Dovecot v.2 is not yet supported.
     
  3. r_s

    r_s New Member

    Exactly because of this:

    I don't have dovecot, but courier. My ISPConfig-installation has 'grown' since Lenny (installation is according to http://www.howtoforge.com/perfect-server-debian-lenny-ispconfig3-p3).
     
    Last edited: Sep 3, 2011
  4. CSsab

    CSsab New Member

    Okay.

    I am not sure about courier but as a troubleshooting start point you could look here:

    http://www.courier-mta.org/authlib/README.authmysql.html

    I had a similar problem with Dovecot and it was solved by installing package dovecot-mysql.

    I hope your problem is as easily fixed.

    :)
     
  5. r_s

    r_s New Member

    Thanks, but I don't assume that my problem is caused by courier, but by postfix. It happens when I try to send an email via smtp. Checking emails works without problems.

    But since you mentioned dovecot: Is there any advantage of dovecot over courier? Further I still (?) use MyDNS.
     
  6. CSsab

    CSsab New Member

    Till sums it up here:
    http://www.howtoforge.com/forums/showthread.php?t=53538

    MyDNS is still supported as far as I know.

    I use bind9 and it works fine - i think to change over would be fairly easy on a new system.
     
  7. r_s

    r_s New Member

    Thanks, as I assumed, nothing critical. ;)

    By time, I will see if it is possible to switch over, MyDNS' insserv errors are a little bit annoying, although not critical either.

    But so far, my postfix problem remains unsolved... :-(
     
  8. falko

    falko Super Moderator ISPConfig Developer

    Can you check if there's another smtpd.conf on your system?
    Code:
    updatedb
    locate smtpd.conf
    Did your main.cf change?
     
  9. r_s

    r_s New Member

    Only one:

    Code:
    $ locate smtpd.conf
    /etc/postfix/sasl/smtpd.conf
    $
    Yes, acutally it did. But I copied back the main.cf~ from July 6, same result.

    This is the diff:
    Code:
    $ diff main.cf main.cf~
    66,70d65
    < content_filter = amavis:[127.0.0.1]:10024
    < receive_override_options = no_address_mappings
    < message_size_limit = 0
    < mailbox_command = procmail -a "$EXTENSION"
    < inet_protocols = ipv4
    This is the complete (new) main.cf (comments stripped):

    Code:
    smtpd_banner = $myhostname ESMTP $mail_name (Debian/GNU)
    biff = no
    
    append_dot_mydomain = no
    
    readme_directory = /usr/share/doc/postfix
    
    smtpd_tls_cert_file = /etc/postfix/smtpd.cert
    smtpd_tls_key_file = /etc/postfix/smtpd.key
    smtpd_use_tls = yes
    smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
    smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
    
    myhostname = grind.***.***
    alias_maps = hash:/etc/aliases
    alias_database = hash:/etc/aliases
    myorigin = /etc/mailname
    mydestination = grind.***.***, localhost, localhost.localdomain
    relayhost = 
    mynetworks = 127.0.0.0/8 [::1]/128
    mailbox_size_limit = 0
    recipient_delimiter = +
    inet_interfaces = all
    html_directory = /usr/share/doc/postfix/html
    virtual_alias_domains = 
    virtual_alias_maps = proxy:mysql:/etc/postfix/mysql-virtual_forwardings.cf, mysql:/etc/postfix/mysql-virtual_email2email.cf
    virtual_mailbox_domains = proxy:mysql:/etc/postfix/mysql-virtual_domains.cf
    virtual_mailbox_maps = proxy:mysql:/etc/postfix/mysql-virtual_mailboxes.cf
    virtual_mailbox_base = /var/vmail
    virtual_uid_maps = static:5000
    virtual_gid_maps = static:5000
    smtpd_sasl_auth_enable = yes
    broken_sasl_auth_clients = yes
    smtpd_sasl_authenticated_header = yes
    smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, check_recipient_access mysql:/etc/postfix/mysql-virtual_recipient.cf, reject_unauth_destination
    smtpd_tls_security_level = may
    transport_maps = proxy:mysql:/etc/postfix/mysql-virtual_transports.cf
    relay_domains = mysql:/etc/postfix/mysql-virtual_relaydomains.cf
    relay_recipient_maps = mysql:/etc/postfix/mysql-virtual_relayrecipientmaps.cf
    proxy_read_maps = $local_recipient_maps $mydestination $virtual_alias_maps $virtual_alias_domains $virtual_mailbox_maps $virtual_mailbox_domains $relay_recipient_maps $relay_domains $canonical_maps $sender_canonical_maps $recipient_canonical_maps $relocated_maps $transport_maps $mynetworks $virtual_mailbox_limit_maps
    smtpd_sender_restrictions = check_sender_access mysql:/etc/postfix/mysql-virtual_sender.cf
    smtpd_client_restrictions = check_client_access mysql:/etc/postfix/mysql-virtual_client.cf
    maildrop_destination_concurrency_limit = 1
    maildrop_destination_recipient_limit = 1
    virtual_transport = maildrop
    header_checks = regexp:/etc/postfix/header_checks
    mime_header_checks = regexp:/etc/postfix/mime_header_checks
    nested_header_checks = regexp:/etc/postfix/nested_header_checks
    body_checks = regexp:/etc/postfix/body_checks
    content_filter = amavis:[127.0.0.1]:10024
    receive_override_options = no_address_mappings
    message_size_limit = 0
    mailbox_command = procmail -a "$EXTENSION"
    inet_protocols = ipv4
     
  10. falko

    falko Super Moderator ISPConfig Developer

    Have you tried to restart saslauthd?

    Can you post your master.cf as well?
     
  11. r_s

    r_s New Member

    Yes, I even restarted the whole machine to make sure to rule out side effects from other services.

    Code:
    26        inet  n       -       -       -       -       smtpd
    localhost:smtp  inet n - n - - smtpd
    ***.***.***.74:smtp inet n - n - - smtpd -o myhostname=grind.***.***
    ***.***.***.126:smtp inet n - n - - smtpd -o myhostname=grind.***.***.***
    
    pickup    fifo  n       -       -       60      1       pickup
    cleanup   unix  n       -       -       -       0       cleanup
    qmgr      fifo  n       -       n       300     1       qmgr
    #qmgr     fifo  n       -       -       300     1       oqmgr
    tlsmgr    unix  -       -       -       1000?   1       tlsmgr
    rewrite   unix  -       -       -       -       -       trivial-rewrite
    bounce    unix  -       -       -       -       0       bounce
    defer     unix  -       -       -       -       0       bounce
    trace     unix  -       -       -       -       0       bounce
    verify    unix  -       -       -       -       1       verify
    flush     unix  n       -       -       1000?   0       flush
    proxymap  unix  -       -       n       -       -       proxymap
    proxywrite unix -       -       n       -       1       proxymap
    smtp      unix  -       -       -       -       -       smtp
    # When relaying mail as backup MX, disable fallback_relay to avoid MX loops
    relay     unix  -       -       -       -       -       smtp
    	-o smtp_fallback_relay=
    #       -o smtp_helo_timeout=5 -o smtp_connect_timeout=5
    showq     unix  n       -       -       -       -       showq
    error     unix  -       -       -       -       -       error
    retry     unix  -       -       -       -       -       error
    discard   unix  -       -       -       -       -       discard
    local     unix  -       n       n       -       -       local
    virtual   unix  -       n       n       -       -       virtual
    lmtp      unix  -       -       -       -       -       lmtp
    anvil     unix  -       -       -       -       1       anvil
    scache    unix  -       -       -       -       1       scache
    
    maildrop  unix  -       n       n       -       -       pipe
      flags=DRhu user=vmail argv=/usr/bin/maildrop -d vmail ${extension} ${recipient} ${user} ${nexthop} ${sender}
    
    uucp      unix  -       n       n       -       -       pipe
      flags=Fqhu user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail ($recipient)
    
    ifmail    unix  -       n       n       -       -       pipe
      flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient)
    bsmtp     unix  -       n       n       -       -       pipe
      flags=Fq. user=bsmtp argv=/usr/lib/bsmtp/bsmtp -t$nexthop -f$sender $recipient
    scalemail-backend unix	-	n	n	-	2	pipe
      flags=R user=scalemail argv=/usr/lib/scalemail/bin/scalemail-store ${nexthop} ${user} ${extension}
    mailman   unix  -       n       n       -       -       pipe
      flags=FR user=list argv=/usr/lib/mailman/bin/postfix-to-mailman.py
      ${nexthop} ${user}
    
    
    amavis unix - - - - 2 smtp
            -o smtp_data_done_timeout=1200
            -o smtp_send_xforward_command=yes
    
    127.0.0.1:10025 inet n - - - - smtpd
            -o content_filter=
            -o local_recipient_maps=
            -o relay_recipient_maps=
            -o smtpd_restriction_classes=
            -o smtpd_client_restrictions=
            -o smtpd_helo_restrictions=
            -o smtpd_sender_restrictions=
            -o smtpd_recipient_restrictions=permit_mynetworks,reject
            -o mynetworks=127.0.0.0/8
            -o strict_rfc821_envelopes=yes
            -o receive_override_options=no_unknown_recipient_checks,no_header_body_checks
            -o smtpd_bind_address=***.***.***.74
     
  12. johnnygear

    johnnygear New Member

    Was this ever resolved?

    I have exactly the same issue...
     
  13. admin

    admin Administrator Staff Member Moderator

    Which ISPConfig version do you use? Should be ok with the latest version (3.0.4.6).
     
  14. johnnygear

    johnnygear New Member

    Didn't use ISPconfig sorry. I am not sure exactly what that is.

    I mostly followed: http://flurdy.com/docs/postfix/

    My exact list of components are:
    - Ubuntu 12:04
    - Postfix
    - Courier
    - MySQL
    - Amavisd-new
    - SpamAssassin
    - ClamAV
    - SASL(Cyrus)
    - Postgrey
    - Roundcube

    saslfinger -s output:
    Code:
    saslfinger - postfix Cyrus sasl configuration Mon Aug 27 21:19:21 EST 2012
    version: 1.0.4
    mode: server-side SMTP AUTH
    
    -- basics --
    Postfix: 2.9.3
    System: Ubuntu 12.04.1 LTS \n \l
    
    -- smtpd is linked to --
            libsasl2.so.2 => /usr/lib/x86_64-linux-gnu/libsasl2.so.2 (0x00007f50f49a8000)
    
    -- active SMTP AUTH and TLS parameters for smtpd --
    broken_sasl_auth_clients = no
    smtpd_sasl_auth_enable = yes
    smtpd_sasl_local_domain =
    smtpd_sasl_security_options = noanonymous
    smtpd_tls_cert_file = /etc/ssl/certs/ssl-cert-snakeoil.pem
    smtpd_tls_key_file = /etc/ssl/private/ssl-cert-snakeoil.key
    smtpd_tls_loglevel = 1
    smtpd_tls_received_header = yes
    smtpd_tls_security_level = may
    smtpd_tls_session_cache_timeout = 3600s
    
    
    -- listing of /usr/lib/sasl2 --
    total 20
    drwxr-xr-x  2 root root  4096 Jul 22 15:06 .
    drwxr-xr-x 65 root root 12288 Aug 25 21:07 ..
    -rw-r--r--  1 root root     1 May  4 14:15 berkeley_db.txt
    
    -- listing of /etc/postfix/sasl --
    total 12
    drwxr-xr-x 2 root root 4096 Aug 26 04:21 .
    drwxr-xr-x 3 root root 4096 Aug 27 00:17 ..
    -rw-r--r-- 1 root root  308 Aug 26 04:21 smtpd.conf
    
    
    
    
    -- content of /etc/postfix/sasl/smtpd.conf --
    pwcheck_method: saslauthd
    mech_list: plain login cram-md5 digest-md5
    log_level: 7
    allow_plaintext: true
    auxprop_plugin: mysql
    sql_engine: mysql
    sql_hostnames: 127.0.0.1
    sql_user: --- replaced ---
    sql_passwd: --- replaced ---
    sql_database: maildb
    sql_select: select crypt from users where id='%u@%r' and enabled = 1
    
    -- content of /etc/postfix/sasl/smtpd.conf --
    pwcheck_method: saslauthd
    mech_list: plain login cram-md5 digest-md5
    log_level: 7
    allow_plaintext: true
    auxprop_plugin: mysql
    sql_engine: mysql
    sql_hostnames: 127.0.0.1
    sql_user: --- replaced ---
    sql_passwd: --- replaced ---
    sql_database: maildb
    sql_select: select crypt from users where id='%u@%r' and enabled = 1
    
    
    -- active services in /etc/postfix/master.cf --
    #                       (yes)   (yes)                   (yes)           (never)         (100)
    smtp            inet    n                       -               -               -               -               smtpd
    pickup          fifo    n                       -               -               60              1               pickup
            -o content_filter=
                    -o receive_override_options=no_header_body_checks
    cleanup         unix    n                       -               -               -               0               cleanup
    qmgr            fifo    n                       -               n               300             1               qmgr
    tlsmgr          unix    -                       -               -               1000?           1               tlsmgr
    rewrite         unix    -                       -               -               -               -               trivial-rewrite
    bounce          unix    -                       -               -               -               0               bounce
    defer           unix    -                       -               -               -               0               bounce
    trace           unix    -                       -               -               -               0               bounce
    verify          unix    -                       -               -               -               1               verify
    flush           unix    n                       -               -               1000?           0               flush
    proxymap        unix    -                       -               n               -               -               proxymap
    proxywrite      unix    -                       -               n               -               1               proxymap
    smtp            unix    -                       -               -               -               -               smtp
    relay           unix    -                       -               -               -               -               smtp
    showq           unix    n                       -               -               -               -               showq
    error           unix    -                       -               -               -               -               error
    retry           unix    -                       -               -               -               -               error
    discard         unix    -                       -               -               -               -               discard
    local           unix    -                       n               n               -               -               local
    virtual         unix    -                       n               n               -               -               virtual
    lmtp            unix    -                       -               -               -               -               lmtp
    anvil           unix    -                       -               -               -               1               anvil
    scache          unix    -                       -               -               -               1               scache
    maildrop        unix    -                       n               n               -               -               pipe
            flags=DRhu user=mail argv=/usr/bin/maildrop -d ${recipient}
    uucp            unix    -                       n               n               -               -               pipe
            flags=Fqhu user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail ($recipient)
    ifmail          unix    -                       n               n               -               -               pipe
            flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient)
    bsmtp           unix    -                       n               n               -               -               pipe
            flags=Fq. user=bsmtp argv=/usr/lib/bsmtp/bsmtp -t$nexthop -f$sender $recipient
    scalemail-backend unix  -                       n               n               -               2               pipe
            flags=R user=scalemail argv=/usr/lib/scalemail/bin/scalemail-store ${nexthop} ${user} ${extension}
    mailman         unix    -                       n               n               -               -               pipe
            flags=FR user=list argv=/usr/lib/mailman/bin/postfix-to-mailman.py ${nexthop} ${user}
    amavis          unix    -                       -               -               -               2               smtp
            -o smtp_data_done_timeout=1200
            -o smtp_send_xforward_command=yes
            -o disable_dns_lookups=yes
            -o max_use=20
    127.0.0.1:10025 inet    n                       -               -               -               -               smtpd
            -o content_filter=
            -o local_recipient_maps=
            -o relay_recipient_maps=
            -o smtpd_restriction_classes=
            -o smtpd_delay_reject=no
            -o smtpd_client_restrictions=permit_mynetworks,reject
            -o smtpd_helo_restrictions=
            -o smtpd_sender_restrictions=
            -o smtpd_recipient_restrictions=permit_mynetworks,reject
            -o smtpd_data_restrictions=reject_unauth_pipelining
            -o smtpd_end_of_data_restrictions=
            -o mynetworks=127.0.0.0/8
            -o smtpd_error_sleep_time=0
            -o smtpd_soft_error_limit=1001
            -o smtpd_hard_error_limit=1000
            -o smtpd_client_connection_count_limit=0
            -o smtpd_client_connection_rate_limit=0
            -o receive_override_options=no_header_body_checks,no_unknown_recipient_checks
    submission      inet    n                       -               n               -               -               smtpd
            -o smtpd_sasl_auth_enable=yes
            -o smtpd_tls_auth_only=yes
            -o smtpd_tls_security_level=encrypt
            -o smtpd_client_restrictions=permit_sasl_authenticated,reject_unauth_destination,reject
            -o smtpd_sasl_security_options=noanonymous,noplaintext
            -o smtpd_sasl_tls_security_options=noanonymous
            -o milter_macro_daemon_name=ORIGINATING
    smtps           inet    n                       -               -               -               -               smtpd
            -o smtpd_tls_wrappermode=yes
            -o smtpd_sasl_auth_enable=yes
            -o smtpd_tls_auth_only=yes
            -o smtpd_client_restrictions=permit_sasl_authenticated,reject
            -o smtpd_sasl_security_options=noanonymous,noplaintext
            -o smtpd_sasl_tls_security_options=noanonymous
            -o milter_macro_daemon_name=ORIGINATING
    
    -- mechanisms on localhost --
    250-AUTH PLAIN LOGIN CRAM-MD5 DIGEST-MD5
    
    
    -- end of saslfinger output --
    
    Regards,

    JG
     
  15. till

    till Super Moderator Staff Member ISPConfig Developer

    You posted here in a thread about mail authentication with ISPConfig controlpanel in the ispconfig forum. You might want to make a new post in the general Linux forum then:

    http://www.howtoforge.com/forums/forumdisplay.php?f=4
     
  16. johnnygear

    johnnygear New Member

    sorry; thanks for your help

    JG
     
  17. eloopz

    eloopz New Member

    I had the same issue, but after upgrading to Jessie, it worked again.
     

Share This Page