SMTP Auth error

Discussion in 'HOWTO-Related Questions' started by PhilyWisk, Feb 20, 2008.

  1. PhilyWisk

    PhilyWisk New Member

    SMTP Auth error *Resolved post #3*

    I'm sorry if I am being a bit dimm but I can't authenticate SMTP after following the Virtual Users And Domains With Postfix, Courier And MySQL (+ SMTP-AUTH, Quota, SpamAssassin, ClamAV) tutorial almost word-for-word.

    Both pop and imap are working brilliantly, but when I come to enter my UN & PW (same ones for pop & imap auth) it is refused.

    Note: DNS & PortForwarding is set up correctly. A telnet localhost 25 returns correctly, it is just the un & pw that seem to be the problem.

    Thunderbird says:
    Here are some of my sasl files:
    /etc/default/saslauthd
    Code:
    # This needs to be uncommented before saslauthd will be run automatically
    START=yes
    
    # You must specify the authentication mechanisms you wish to use.
    # This defaults to "pam" for PAM support, but may also include
    # "shadow" or "sasldb", like this:
    # MECHANISMS="pam shadow"
    
    MECHANISMS="pam"
    PARAMS="-m /var/spool/postfix/var/run/saslauthd -r"
    
    /etc/init.d/saslauthd
    Code:
    #! /bin/sh
    ### BEGIN INIT INFO
    # Provides:          saslauthd
    # Required-Start:    $local_fs $remote_fs
    # Required-Stop:     $local_fs $remote_fs
    # Default-Start:     2 3 4 5
    # Default-Stop:      S 0 1 6
    # Short-Description: saslauthd startup script
    # Description:       This script starts the saslauthd daemon. It is
    #                    configured using the file /etc/default/saslauthd.
    ### END INIT INFO
    
    # Author: Fabian Fagerholm <[email protected]>
    #
    # Based on previous work by Dima Barsky.
    
    # Do NOT "set -e"
    
    # PATH should only include /usr/* if it runs after the mountnfs.sh script
    PATH=/usr/sbin:/usr/bin:/sbin:/bin
    DESC="SASL Authentication Daemon"
    NAME=saslauthd
    DAEMON=/usr/sbin/$NAME
    DAEMON_ARGS=""
    SCRIPTNAME=/etc/init.d/$NAME
    FALLBACK_RUN_DIR=/var/run/$NAME
    EXIT_ERROR_CODE=1
    
    # Exit if the daemon is not installed
    test -x "$DAEMON" || exit 0
    
    # Read configuration variable file if it is present
    [ -r /etc/default/$NAME ] && . /etc/default/$NAME
    
    # Load the VERBOSE setting and other rcS variables
    [ -f /etc/default/rcS ] && . /etc/default/rcS
    
    # Define LSB log_* functions.
    # Depend on lsb-base (>= 3.0-6) to ensure that this file is present.
    . /lib/lsb/init-functions
    
    # Determine run directory and pid file location by looking for an -m option.
    RUN_DIR=`echo "$OPTIONS" | xargs -n 1 echo | sed -n '/^-m$/{n;p}'`
    if [ -z "$RUN_DIR" ]; then
    	# No run directory defined in defaults file, use fallback
    	RUN_DIR=$FALLBACK_RUN_DIR
    fi
    [B]PIDFILE="/var/spool/postfix/var/run/${NAME}/saslauthd.pid"[/B]
    
    # If the daemon is not enabled, give the user a warning and then exit,
    # unless we are stopping the daemon
    if [ "$START" != "yes" -a "$1" != "stop" ]; then
    	log_warning_msg "To enable $NAME, edit /etc/default/$NAME and set START=yes"
    	exit 0
    fi
    
    # If no mechanisms are defined, log this and exit
    if [ -z "$MECHANISMS" ]; then
    	log_failure_msg "No mechanisms defined in /etc/default/$NAME," \
    			"not starting $NAME"
    	exit $EXIT_ERROR_CODE
    fi
    
    # If there are mechanism options defined, prepare them for use with the -O flag
    if [ -n "$MECH_OPTIONS" ]; then
    	MECH_OPTIONS="-O $MECH_OPTIONS"
    fi
    
    # If there is a threads option defined, prepare it for use with the -n flag
    if [ -n "$THREADS" ]; then
    	THREAD_OPTIONS="-n $THREADS"
    fi
    
    # Construct argument string
    DAEMON_ARGS="$DAEMON_ARGS -a $MECHANISMS $MECH_OPTIONS $OPTIONS $THREAD_OPTIONS"
    
    #
    # Function that creates a directory with the specified
    # ownership and permissions
    #
    createdir()
    {
    # $1 = user
    # $2 = group
    # $3 = permissions (octal)
    # $4 = path to directory
    	# In the future, use -P/-Z to have SE Linux enhancement.
    	install -d --group="$2" --mode="$3" --owner="$1" "$4"
    }
    
    #
    # Function that starts the daemon/service
    #
    do_start()
    {
    	# Return
    	#   0 if daemon has been started
    	#   1 if daemon was already running
    	#   2 if daemon could not be started
    
    	if dpkg-statoverride --list $RUN_DIR > /dev/null; then
    		dir=`dpkg-statoverride --list $RUN_DIR`
    	fi
    	test -z "$dir" || createdir $dir
    
    	start-stop-daemon --start --quiet --pidfile $PIDFILE --name $NAME \
    		--exec $DAEMON --test > /dev/null \
    		|| return 1
    	start-stop-daemon --start --quiet --pidfile $PIDFILE --name $NAME \
    		--exec $DAEMON -- $DAEMON_ARGS \
    		|| return 2
    	# Add code here, if necessary, that waits for the process to be ready
    	# to handle requests from services started subsequently which depend
    	# on this one.  As a last resort, sleep for some time.
    }
    
    #
    # Function that stops the daemon/service
    #
    do_stop()
    {
    	# Return
    	#   0 if daemon has been stopped
    	#   1 if daemon was already stopped
    	#   2 if daemon could not be stopped
    	#   other if a failure occurred
    	start-stop-daemon --stop --quiet --retry=TERM/30/KILL/5 \
    		--pidfile $PIDFILE --name $NAME
    	RETVAL="$?"
    	[ "$RETVAL" = 2 ] && return 2
    	# Wait for children to finish too if this is a daemon that forks
    	# and if the daemon is only ever run from this initscript.
    	# If the above conditions are not satisfied then add some other code
    	# that waits for the process to drop all resources that could be
    	# needed by services started subsequently.  A last resort is to
    	# sleep for some time.
    	start-stop-daemon --stop --quiet --oknodo --retry=0/30/KILL/5 \
    		--exec $DAEMON
    	[ "$?" = 2 ] && return 2
    	# Many daemons don't delete their pidfiles when they exit.
    	rm -f $PIDFILE
    	return "$RETVAL"
    }
    
    #
    # Function that sends a SIGHUP to the daemon/service
    #
    do_reload() {
    	#
    	# If the daemon can reload its configuration without
    	# restarting (for example, when it is sent a SIGHUP),
    	# then implement that here.
    	#
    	start-stop-daemon --stop --signal 1 --quiet --pidfile $PIDFILE \
    		--name $NAME
    	return 0
    }
    
    case "$1" in
      start)
    	[ "$VERBOSE" != no ] && log_daemon_msg "Starting $DESC" "$NAME"
    	do_start
    	case "$?" in
    		0) [ "$VERBOSE" != no ] && log_end_msg 0 ;;
    		1) [ "$VERBOSE" != no ] && log_progress_msg "(already running)" && \
    		                           log_end_msg 0 ;;
    		2) [ "$VERBOSE" != no ] && log_end_msg 1 ;;
    	esac
    	;;
      stop)
    	[ "$VERBOSE" != no ] && log_daemon_msg "Stopping $DESC" "$NAME"
    	do_stop
    	case "$?" in
    		0) [ "$VERBOSE" != no ] && log_end_msg 0 ;;
    		1) [ "$VERBOSE" != no ] && log_progress_msg "(not running)" && \
    		                           log_end_msg 0 ;;
    		2) [ "$VERBOSE" != no ] && log_end_msg 1 ;;
    	esac
    	;;
      #reload|force-reload)
    	#
    	# If do_reload() is not implemented then leave this commented out
    	# and leave 'force-reload' as an alias for 'restart'.
    	#
    	#log_daemon_msg "Reloading $DESC" "$NAME"
    	#do_reload
    	#log_end_msg $?
    	#;;
      restart|force-reload)
    	#
    	# If the "reload" option is implemented then remove the
    	# 'force-reload' alias
    	#
    	log_daemon_msg "Restarting $DESC" "$NAME"
    	do_stop
    	case "$?" in
    	  0|1)
    		do_start
    		case "$?" in
    			0) log_end_msg 0 ;;
    			1) log_end_msg 1 ;; # Old process is still running
    			*) log_end_msg 1 ;; # Failed to start
    		esac
    		;;
    	  *)
    	  	# Failed to stop
    		log_end_msg 1
    		;;
    	esac
    	;;
      *)
    	echo "Usage: $SCRIPTNAME {start|stop|restart|force-reload}" >&2
    	exit 3
    	;;
    esac
    
    :
    
    /etc/pam.d/smtp
    Code:
    auth    required   pam_mysql.so user=mail_admin passwd=[B]CORRECT_PWD_REPLACED[/B] host=127.0.0.1 db=mail table=users usercolumn=email passwdcolumn=password crypt=1
    account sufficient pam_mysql.so user=mail_admin passwd=[B]CORRECT_PWD_REPLACED[/B] host=127.0.0.1 db=mail table=users usercolumn=email passwdcolumn=password crypt=1
    
    /etc/postfix/sasl/smtpd.conf
    Code:
    pwcheck_method: saslauthd
    mech_list: plain login
    allow_plaintext: true
    auxprop_plugin: mysql
    sql_hostnames: 127.0.0.1
    sql_user: mail_admin
    sql_passwd: [B]CORRECT_PWD_REPLACED[/B]
    sql_database: mail
    sql_select: select password from users where email = '%u'
    
    Finally, my /etc/postfix/main.cf
    Code:
    # See /usr/share/postfix/main.cf.dist for a commented, more complete version
    
    
    #Lines for SASL
    smtpd_sasl_auth_enable = yes
    smtpd_sasl_local_domain = [B]MYDOMAIN[/B]
    smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination
    smtpd_sasl_security_options = noanonymous
    
    # Debian specific:  Specifying a file name will cause the first
    # line of that file to be used as the name.  The Debian default
    # is /etc/mailname.
    #myorigin = /etc/mailname
    
    smtpd_banner = $myhostname ESMTP $mail_name (Debian/GNU)
    biff = no
    
    # appending .domain is the MUA's job.
    append_dot_mydomain = no
    
    # Uncomment the next line to generate "delayed mail" warnings
    #delay_warning_time = 4h
    
    # TLS parameters
    smtpd_tls_cert_file = /etc/postfix/smtpd.cert
    smtpd_tls_key_file = /etc/postfix/smtpd.key
    smtpd_use_tls = yes
    smtpd_tls_session_cache_database = btree:${queue_directory}/smtpd_scache
    smtp_tls_session_cache_database = btree:${queue_directory}/smtp_scache
    
    # See /usr/share/doc/postfix/TLS_README.gz in the postfix-doc package for
    # information on enabling SSL in the smtp client.
    
    myhostname = [B]MYDOMAIN[/B]
    alias_maps = hash:/etc/aliases
    alias_database = hash:/etc/aliases
    mydestination = [B]MYDOMAIN[/B], localhost, localhost.localdomain
    relayhost = 
    mynetworks = 127.0.0.0/8
    mailbox_command = procmail -a "$EXTENSION"
    mailbox_size_limit = 0
    recipient_delimiter = +
    inet_interfaces = all
    virtual_alias_domains = 
    virtual_alias_maps = proxy:mysql:/etc/postfix/mysql-virtual_forwardings.cf, mysql:/etc/postfix/mysql-virtual_email2email.cf
    virtual_mailbox_domains = proxy:mysql:/etc/postfix/mysql-virtual_domains.cf
    virtual_mailbox_maps = proxy:mysql:/etc/postfix/mysql-virtual_mailboxes.cf
    virtual_mailbox_base = /home/vmail
    virtual_uid_maps = static:5000
    virtual_gid_maps = static:5000
    virtual_sasl_auth_enable = yes
    virtual_sasl_auth_clients = yes
    broken_sasl_auth_clients = yes
    smtpd_use_cert_file = /etc/postfix/smtpd.cert
    smtpd_use_key_file = /etc/postfix/smtpd.key
    transport_maps = proxy:mysql:/etc/postfix/mysql-virtual_transports.cf
    virtual_mailbox_extended = yes
    virtual_mailbox_limit_maips = proxy:mysql:/etc/postfix/mysql-virtual_mailbox_limit_maps.cf
    virtual_mailbox_limit_override = yes
    virtual_mailbox_limit_message = "The user you are trying to reach is over their quota, sorry."
    virtual_overquota_bounce = yes
    proxy_read_maps = $local_recipient_maps $mydestination $virtual_alias_maps $virtual_alias_domains $virtual_mailbox_maps $virtual_mailbox_domains $relay_recipient_maps $relay_domains $canonical_maps $sender_canonical_maps $recipient_canonical_maps $relocated_maps $transport_maps $mynetworks $virtual_mailbox_limit_maps
    content_filter = amavis:[127.0.0.1]:10024
    recieve_override_options = no_address_mappings
    virtual_create_maildirsize = yes
    virtual_mailbox_limit_maps = proxy:mysql:/etc/postfix/mysql-virtual_mailbox_limit_maps.cf
    virtual_maildir_limit_message = "The user you are trying to reach is over quota."
    
    tail -f /var/log/mail.log - during SMTP attempt
    Code:
    Feb 20 22:22:26 CHANGED_DOMAIN postfix/smtpd[19346]: connect from 216.XXX.XXXXXXXXX[84.XXX.XXX.XXX]
    Feb 20 22:23:33 CHANGED_DOMAIN postfix/smtpd[19346]: warning: SASL authentication failure: cannot connect to saslauthd server: No such file or directory
    Feb 20 22:23:33 CHANGED_DOMAIN postfix/smtpd[19346]: warning: SASL authentication failure: Password verification failed
    Feb 20 22:23:33 CHANGED_DOMAIN postfix/smtpd[19346]: warning: 216.XXX.XXXXXXXXX[84.XXX.XXX.XXX]: SASL PLAIN authentication failed: generic failure
    Feb 20 22:23:34 CHANGED_DOMAIN postfix/smtpd[19346]: warning: SASL authentication failure: cannot connect to saslauthd server: No such file or directory
    Feb 20 22:23:34 CHANGED_DOMAIN postfix/smtpd[19346]: warning: 216.XXX.XXXXXXXXX[84.XXX.XXX.XXX]: SASL LOGIN authentication failed: generic failure
    Feb 20 22:24:22 CHANGED_DOMAIN postfix/smtpd[19346]: disconnect from 216.XXX.XXXXXXXXX[84.XXX.XXX.XXX]
                                                                                                                       
     
    Last edited: Feb 21, 2008
  2. topdog

    topdog Active Member HowtoForge Supporter

    It seems like postfix is unable to locate the saslauthd socket. If you are running postfix chrooted set this option
    Code:
    smtpd_sasl_path = /var/run/saslauthd
    
    If not chrooted then
    Code:
    smtpd_sasl_path = /var/spool/postfix/var/run/saslauthd
    
     
  3. PhilyWisk

    PhilyWisk New Member

    Resolved

    Thanks very much topdog but I noticed that in /etc/init.d/saslauthd I had
    Code:
    DAEMON_ARGS=" "
    so I replaced this with
    Code:
    DAEMON_ARGS=" -m /var/spool/postfix/var/run/saslauthd -r"
    et voila!

    Hope this helps someone else. :D
     

Share This Page