SMTP Auth error

Discussion in 'HOWTO-Related Questions' started by PhilyWisk, Feb 20, 2008.

  1. PhilyWisk

    PhilyWisk New Member

    SMTP Auth error *Resolved post #3*

    I'm sorry if I am being a bit dimm but I can't authenticate SMTP after following the Virtual Users And Domains With Postfix, Courier And MySQL (+ SMTP-AUTH, Quota, SpamAssassin, ClamAV) tutorial almost word-for-word.

    Both pop and imap are working brilliantly, but when I come to enter my UN & PW (same ones for pop & imap auth) it is refused.

    Note: DNS & PortForwarding is set up correctly. A telnet localhost 25 returns correctly, it is just the un & pw that seem to be the problem.

    Thunderbird says:
    Here are some of my sasl files:
    /etc/default/saslauthd
    Code:
    # This needs to be uncommented before saslauthd will be run automatically
    START=yes
    
    # You must specify the authentication mechanisms you wish to use.
    # This defaults to "pam" for PAM support, but may also include
    # "shadow" or "sasldb", like this:
    # MECHANISMS="pam shadow"
    
    MECHANISMS="pam"
    PARAMS="-m /var/spool/postfix/var/run/saslauthd -r"
    
    /etc/init.d/saslauthd
    Code:
    #! /bin/sh
    ### BEGIN INIT INFO
    # Provides:          saslauthd
    # Required-Start:    $local_fs $remote_fs
    # Required-Stop:     $local_fs $remote_fs
    # Default-Start:     2 3 4 5
    # Default-Stop:      S 0 1 6
    # Short-Description: saslauthd startup script
    # Description:       This script starts the saslauthd daemon. It is
    #                    configured using the file /etc/default/saslauthd.
    ### END INIT INFO
    
    # Author: Fabian Fagerholm <fabbe@debian.org>
    #
    # Based on previous work by Dima Barsky.
    
    # Do NOT "set -e"
    
    # PATH should only include /usr/* if it runs after the mountnfs.sh script
    PATH=/usr/sbin:/usr/bin:/sbin:/bin
    DESC="SASL Authentication Daemon"
    NAME=saslauthd
    DAEMON=/usr/sbin/$NAME
    DAEMON_ARGS=""
    SCRIPTNAME=/etc/init.d/$NAME
    FALLBACK_RUN_DIR=/var/run/$NAME
    EXIT_ERROR_CODE=1
    
    # Exit if the daemon is not installed
    test -x "$DAEMON" || exit 0
    
    # Read configuration variable file if it is present
    [ -r /etc/default/$NAME ] && . /etc/default/$NAME
    
    # Load the VERBOSE setting and other rcS variables
    [ -f /etc/default/rcS ] && . /etc/default/rcS
    
    # Define LSB log_* functions.
    # Depend on lsb-base (>= 3.0-6) to ensure that this file is present.
    . /lib/lsb/init-functions
    
    # Determine run directory and pid file location by looking for an -m option.
    RUN_DIR=`echo "$OPTIONS" | xargs -n 1 echo | sed -n '/^-m$/{n;p}'`
    if [ -z "$RUN_DIR" ]; then
    	# No run directory defined in defaults file, use fallback
    	RUN_DIR=$FALLBACK_RUN_DIR
    fi
    [B]PIDFILE="/var/spool/postfix/var/run/${NAME}/saslauthd.pid"[/B]
    
    # If the daemon is not enabled, give the user a warning and then exit,
    # unless we are stopping the daemon
    if [ "$START" != "yes" -a "$1" != "stop" ]; then
    	log_warning_msg "To enable $NAME, edit /etc/default/$NAME and set START=yes"
    	exit 0
    fi
    
    # If no mechanisms are defined, log this and exit
    if [ -z "$MECHANISMS" ]; then
    	log_failure_msg "No mechanisms defined in /etc/default/$NAME," \
    			"not starting $NAME"
    	exit $EXIT_ERROR_CODE
    fi
    
    # If there are mechanism options defined, prepare them for use with the -O flag
    if [ -n "$MECH_OPTIONS" ]; then
    	MECH_OPTIONS="-O $MECH_OPTIONS"
    fi
    
    # If there is a threads option defined, prepare it for use with the -n flag
    if [ -n "$THREADS" ]; then
    	THREAD_OPTIONS="-n $THREADS"
    fi
    
    # Construct argument string
    DAEMON_ARGS="$DAEMON_ARGS -a $MECHANISMS $MECH_OPTIONS $OPTIONS $THREAD_OPTIONS"
    
    #
    # Function that creates a directory with the specified
    # ownership and permissions
    #
    createdir()
    {
    # $1 = user
    # $2 = group
    # $3 = permissions (octal)
    # $4 = path to directory
    	# In the future, use -P/-Z to have SE Linux enhancement.
    	install -d --group="$2" --mode="$3" --owner="$1" "$4"
    }
    
    #
    # Function that starts the daemon/service
    #
    do_start()
    {
    	# Return
    	#   0 if daemon has been started
    	#   1 if daemon was already running
    	#   2 if daemon could not be started
    
    	if dpkg-statoverride --list $RUN_DIR > /dev/null; then
    		dir=`dpkg-statoverride --list $RUN_DIR`
    	fi
    	test -z "$dir" || createdir $dir
    
    	start-stop-daemon --start --quiet --pidfile $PIDFILE --name $NAME \
    		--exec $DAEMON --test > /dev/null \
    		|| return 1
    	start-stop-daemon --start --quiet --pidfile $PIDFILE --name $NAME \
    		--exec $DAEMON -- $DAEMON_ARGS \
    		|| return 2
    	# Add code here, if necessary, that waits for the process to be ready
    	# to handle requests from services started subsequently which depend
    	# on this one.  As a last resort, sleep for some time.
    }
    
    #
    # Function that stops the daemon/service
    #
    do_stop()
    {
    	# Return
    	#   0 if daemon has been stopped
    	#   1 if daemon was already stopped
    	#   2 if daemon could not be stopped
    	#   other if a failure occurred
    	start-stop-daemon --stop --quiet --retry=TERM/30/KILL/5 \
    		--pidfile $PIDFILE --name $NAME
    	RETVAL="$?"
    	[ "$RETVAL" = 2 ] && return 2
    	# Wait for children to finish too if this is a daemon that forks
    	# and if the daemon is only ever run from this initscript.
    	# If the above conditions are not satisfied then add some other code
    	# that waits for the process to drop all resources that could be
    	# needed by services started subsequently.  A last resort is to
    	# sleep for some time.
    	start-stop-daemon --stop --quiet --oknodo --retry=0/30/KILL/5 \
    		--exec $DAEMON
    	[ "$?" = 2 ] && return 2
    	# Many daemons don't delete their pidfiles when they exit.
    	rm -f $PIDFILE
    	return "$RETVAL"
    }
    
    #
    # Function that sends a SIGHUP to the daemon/service
    #
    do_reload() {
    	#
    	# If the daemon can reload its configuration without
    	# restarting (for example, when it is sent a SIGHUP),
    	# then implement that here.
    	#
    	start-stop-daemon --stop --signal 1 --quiet --pidfile $PIDFILE \
    		--name $NAME
    	return 0
    }
    
    case "$1" in
      start)
    	[ "$VERBOSE" != no ] && log_daemon_msg "Starting $DESC" "$NAME"
    	do_start
    	case "$?" in
    		0) [ "$VERBOSE" != no ] && log_end_msg 0 ;;
    		1) [ "$VERBOSE" != no ] && log_progress_msg "(already running)" && \
    		                           log_end_msg 0 ;;
    		2) [ "$VERBOSE" != no ] && log_end_msg 1 ;;
    	esac
    	;;
      stop)
    	[ "$VERBOSE" != no ] && log_daemon_msg "Stopping $DESC" "$NAME"
    	do_stop
    	case "$?" in
    		0) [ "$VERBOSE" != no ] && log_end_msg 0 ;;
    		1) [ "$VERBOSE" != no ] && log_progress_msg "(not running)" && \
    		                           log_end_msg 0 ;;
    		2) [ "$VERBOSE" != no ] && log_end_msg 1 ;;
    	esac
    	;;
      #reload|force-reload)
    	#
    	# If do_reload() is not implemented then leave this commented out
    	# and leave 'force-reload' as an alias for 'restart'.
    	#
    	#log_daemon_msg "Reloading $DESC" "$NAME"
    	#do_reload
    	#log_end_msg $?
    	#;;
      restart|force-reload)
    	#
    	# If the "reload" option is implemented then remove the
    	# 'force-reload' alias
    	#
    	log_daemon_msg "Restarting $DESC" "$NAME"
    	do_stop
    	case "$?" in
    	  0|1)
    		do_start
    		case "$?" in
    			0) log_end_msg 0 ;;
    			1) log_end_msg 1 ;; # Old process is still running
    			*) log_end_msg 1 ;; # Failed to start
    		esac
    		;;
    	  *)
    	  	# Failed to stop
    		log_end_msg 1
    		;;
    	esac
    	;;
      *)
    	echo "Usage: $SCRIPTNAME {start|stop|restart|force-reload}" >&2
    	exit 3
    	;;
    esac
    
    :
    
    /etc/pam.d/smtp
    Code:
    auth    required   pam_mysql.so user=mail_admin passwd=[B]CORRECT_PWD_REPLACED[/B] host=127.0.0.1 db=mail table=users usercolumn=email passwdcolumn=password crypt=1
    account sufficient pam_mysql.so user=mail_admin passwd=[B]CORRECT_PWD_REPLACED[/B] host=127.0.0.1 db=mail table=users usercolumn=email passwdcolumn=password crypt=1
    
    /etc/postfix/sasl/smtpd.conf
    Code:
    pwcheck_method: saslauthd
    mech_list: plain login
    allow_plaintext: true
    auxprop_plugin: mysql
    sql_hostnames: 127.0.0.1
    sql_user: mail_admin
    sql_passwd: [B]CORRECT_PWD_REPLACED[/B]
    sql_database: mail
    sql_select: select password from users where email = '%u'
    
    Finally, my /etc/postfix/main.cf
    Code:
    # See /usr/share/postfix/main.cf.dist for a commented, more complete version
    
    
    #Lines for SASL
    smtpd_sasl_auth_enable = yes
    smtpd_sasl_local_domain = [B]MYDOMAIN[/B]
    smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination
    smtpd_sasl_security_options = noanonymous
    
    # Debian specific:  Specifying a file name will cause the first
    # line of that file to be used as the name.  The Debian default
    # is /etc/mailname.
    #myorigin = /etc/mailname
    
    smtpd_banner = $myhostname ESMTP $mail_name (Debian/GNU)
    biff = no
    
    # appending .domain is the MUA's job.
    append_dot_mydomain = no
    
    # Uncomment the next line to generate "delayed mail" warnings
    #delay_warning_time = 4h
    
    # TLS parameters
    smtpd_tls_cert_file = /etc/postfix/smtpd.cert
    smtpd_tls_key_file = /etc/postfix/smtpd.key
    smtpd_use_tls = yes
    smtpd_tls_session_cache_database = btree:${queue_directory}/smtpd_scache
    smtp_tls_session_cache_database = btree:${queue_directory}/smtp_scache
    
    # See /usr/share/doc/postfix/TLS_README.gz in the postfix-doc package for
    # information on enabling SSL in the smtp client.
    
    myhostname = [B]MYDOMAIN[/B]
    alias_maps = hash:/etc/aliases
    alias_database = hash:/etc/aliases
    mydestination = [B]MYDOMAIN[/B], localhost, localhost.localdomain
    relayhost = 
    mynetworks = 127.0.0.0/8
    mailbox_command = procmail -a "$EXTENSION"
    mailbox_size_limit = 0
    recipient_delimiter = +
    inet_interfaces = all
    virtual_alias_domains = 
    virtual_alias_maps = proxy:mysql:/etc/postfix/mysql-virtual_forwardings.cf, mysql:/etc/postfix/mysql-virtual_email2email.cf
    virtual_mailbox_domains = proxy:mysql:/etc/postfix/mysql-virtual_domains.cf
    virtual_mailbox_maps = proxy:mysql:/etc/postfix/mysql-virtual_mailboxes.cf
    virtual_mailbox_base = /home/vmail
    virtual_uid_maps = static:5000
    virtual_gid_maps = static:5000
    virtual_sasl_auth_enable = yes
    virtual_sasl_auth_clients = yes
    broken_sasl_auth_clients = yes
    smtpd_use_cert_file = /etc/postfix/smtpd.cert
    smtpd_use_key_file = /etc/postfix/smtpd.key
    transport_maps = proxy:mysql:/etc/postfix/mysql-virtual_transports.cf
    virtual_mailbox_extended = yes
    virtual_mailbox_limit_maips = proxy:mysql:/etc/postfix/mysql-virtual_mailbox_limit_maps.cf
    virtual_mailbox_limit_override = yes
    virtual_mailbox_limit_message = "The user you are trying to reach is over their quota, sorry."
    virtual_overquota_bounce = yes
    proxy_read_maps = $local_recipient_maps $mydestination $virtual_alias_maps $virtual_alias_domains $virtual_mailbox_maps $virtual_mailbox_domains $relay_recipient_maps $relay_domains $canonical_maps $sender_canonical_maps $recipient_canonical_maps $relocated_maps $transport_maps $mynetworks $virtual_mailbox_limit_maps
    content_filter = amavis:[127.0.0.1]:10024
    recieve_override_options = no_address_mappings
    virtual_create_maildirsize = yes
    virtual_mailbox_limit_maps = proxy:mysql:/etc/postfix/mysql-virtual_mailbox_limit_maps.cf
    virtual_maildir_limit_message = "The user you are trying to reach is over quota."
    
    tail -f /var/log/mail.log - during SMTP attempt
    Code:
    Feb 20 22:22:26 CHANGED_DOMAIN postfix/smtpd[19346]: connect from 216.XXX.XXXXXXXXX[84.XXX.XXX.XXX]
    Feb 20 22:23:33 CHANGED_DOMAIN postfix/smtpd[19346]: warning: SASL authentication failure: cannot connect to saslauthd server: No such file or directory
    Feb 20 22:23:33 CHANGED_DOMAIN postfix/smtpd[19346]: warning: SASL authentication failure: Password verification failed
    Feb 20 22:23:33 CHANGED_DOMAIN postfix/smtpd[19346]: warning: 216.XXX.XXXXXXXXX[84.XXX.XXX.XXX]: SASL PLAIN authentication failed: generic failure
    Feb 20 22:23:34 CHANGED_DOMAIN postfix/smtpd[19346]: warning: SASL authentication failure: cannot connect to saslauthd server: No such file or directory
    Feb 20 22:23:34 CHANGED_DOMAIN postfix/smtpd[19346]: warning: 216.XXX.XXXXXXXXX[84.XXX.XXX.XXX]: SASL LOGIN authentication failed: generic failure
    Feb 20 22:24:22 CHANGED_DOMAIN postfix/smtpd[19346]: disconnect from 216.XXX.XXXXXXXXX[84.XXX.XXX.XXX]
                                                                                                                       
     
    Last edited: Feb 21, 2008
  2. topdog

    topdog Active Member

    It seems like postfix is unable to locate the saslauthd socket. If you are running postfix chrooted set this option
    Code:
    smtpd_sasl_path = /var/run/saslauthd
    
    If not chrooted then
    Code:
    smtpd_sasl_path = /var/spool/postfix/var/run/saslauthd
    
     
  3. PhilyWisk

    PhilyWisk New Member

    Resolved

    Thanks very much topdog but I noticed that in /etc/init.d/saslauthd I had
    Code:
    DAEMON_ARGS=" "
    so I replaced this with
    Code:
    DAEMON_ARGS=" -m /var/spool/postfix/var/run/saslauthd -r"
    et voila!

    Hope this helps someone else. :D
     

Share This Page