smtpd, SASL authentication failure:

Discussion in 'Installation/Configuration' started by Steve_P, Mar 30, 2006.

  1. Steve_P

    Steve_P New Member

    I have installed as per Perfect Setup Debian 3.1 (Danke, Falko), substituting Dovecot. I installed Squirrelmail and now have it working. Thunderbird can connect and get mail only if ssl is checked in server settings. However, it cannot send mail no matter what setting is checked for outgoing server settings.

    Find below relevant info.
    main.cf
    Code:
    # See /usr/share/postfix/main.cf.dist for a commented, more complete version
    
    smtpd_banner = $myhostname ESMTP $mail_name (Debian/GNU)
    biff = no
    
    # appending .domain is the MUA's job.
    append_dot_mydomain = no
    
    # Uncomment the next line to generate "delayed mail" warnings
    #delay_warning_time = 4h
    home_mailbox = Maildir/
    #myhostname = localhost.localdomain
    myhostname = ocotillo.sytes.net
    alias_maps = hash:/etc/aliases
    alias_database = hash:/etc/aliases
    myorigin = /etc/mailname
    #mydestination =ocotillo.sytes.net, localhost.sytes.net. localhost.localdomain, localhost.localdomain, localhost
    relayhost = 
    mynetworks = 127.0.0.0/8
    #mailbox_command = procmail -a "$EXTENSION"
    mailbox_command = 
    mailbox_size_limit = 0
    recipient_delimiter = +
    inet_interfaces = all
    smtpd_sasl_local_domain = $myhostname
    #smtpd_sasl_local_domain =
    smtpd_sasl_auth_enable = yes
    smtpd_sasl_security_options = noanonymous
    broken_sasl_auth_clients = yes
    smtpd_recipient_restrictions = permit_sasl_authenticated,permit_mynetworks,reject_unauth_destination
    smtpd_tls_auth_only = no
    smtp_use_tls = yes
    smtpd_use_tls = yes
    smtp_tls_note_starttls_offer = yes
    smtpd_tls_key_file = /etc/postfix/ssl/smtpd.key
    smtpd_tls_cert_file = /etc/postfix/ssl/smtpd.crt
    smtpd_tls_CAfile = /etc/postfix/ssl/cacert.pem
    smtpd_tls_loglevel = 1
    smtpd_tls_received_header = yes
    smtpd_tls_session_cache_timeout = 3600s
    tls_random_source = dev:/dev/urandom
    virtual_maps = hash:/etc/postfix/virtusertable
    mydestination = /etc/postfix/local-host-names
    
    telnet localhost 25
    Code:
    Trying 127.0.0.1...
    Connected to localhost.localdomain.
    Escape character is '^]'.
    220 ocotillo.sytes.net ESMTP Postfix (Debian/GNU)
    ehlo localhost
    250-ocotillo.sytes.net
    250-PIPELINING
    250-SIZE 10240000
    250-VRFY
    250-ETRN
    250-STARTTLS
    250-AUTH LOGIN PLAIN
    250-AUTH=LOGIN PLAIN
    250 8BITMIME
    quit
    221 Bye
    Connection closed by foreign host.
    
    ps aux|grep saslauthd
    Code:
    root      5743  0.0  1.0   6188  1276 ?        Ss   14:59   0:00 /usr/sbin/saslauthd -m /var/spool/postfix/var/run/saslauthd -r -a pam
    root      5744  0.0  0.9   6188  1264 ?        S    14:59   0:00 /usr/sbin/saslauthd -m /var/spool/postfix/var/run/saslauthd -r -a pam
    root      5745  0.0  0.9   6188  1264 ?        S    14:59   0:00 /usr/sbin/saslauthd -m /var/spool/postfix/var/run/saslauthd -r -a pam
    root      5746  0.0  0.9   6188  1264 ?        S    14:59   0:00 /usr/sbin/saslauthd -m /var/spool/postfix/var/run/saslauthd -r -a pam
    root      5747  0.0  0.9   6188  1264 ?        S    14:59   0:00 /usr/sbin/saslauthd -m /var/spool/postfix/var/run/saslauthd -r -a pam
    root     15328  0.0  0.4   1944   616 pts/0    R+   23:06   0:00 grep saslauthd
    
    mail.log
    Code:
    Mar 29 22:36:49 ocotillo postfix/master[14840]: daemon started -- version 2.2.9, configuration /etc/postfix
    Mar 29 22:36:52 ocotillo postfix/smtpd[14846]: connect from unknown[192.168.0.50]
    Mar 29 22:36:52 ocotillo postfix/smtpd[14846]: setting up TLS connection from unknown[192.168.0.50]
    Mar 29 22:36:55 ocotillo postfix/smtpd[14846]: TLS connection established from unknown[192.168.0.50]: TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)
    Mar 29 22:37:04 ocotillo postfix/smtpd[14846]: warning: SASL authentication failure: Password verification failed
    Mar 29 22:37:04 ocotillo postfix/smtpd[14846]: warning: unknown[192.168.0.50]: SASL PLAIN authentication failed
    Mar 29 22:37:06 ocotillo postfix/smtpd[14846]: warning: unknown[192.168.0.50]: SASL LOGIN authentication failed
    Mar 29 22:37:12 ocotillo postfix/smtpd[14846]: warning: SASL authentication failure: Password verification failed
    Mar 29 22:37:12 ocotillo postfix/smtpd[14846]: warning: unknown[192.168.0.50]: SASL PLAIN authentication failed
    Mar 29 22:37:13 ocotillo postfix/smtpd[14846]: warning: unknown[192.168.0.50]: SASL LOGIN authentication failed
    Mar 29 22:37:19 ocotillo postfix/smtpd[14846]: lost connection after AUTH from unknown[192.168.0.50]
    Mar 29 22:37:19 ocotillo postfix/smtpd[14846]: disconnect from unknown[192.168.0.50]
    Mar 29 22:38:08 ocotillo postfix/master[14840]: terminating on signal 15
    netstat -tap
    Code:
    Active Internet connections (servers and established)
    Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name
    tcp        0      0 *:imaps                 *:*                     LISTEN     5782/dovecot
    tcp        0      0 *:pop3s                 *:*                     LISTEN     5782/dovecot
    tcp        0      0 localhost.localdo:mysql *:*                     LISTEN     5625/mysqld
    tcp        0      0 *:pop3                  *:*                     LISTEN     5782/dovecot
    tcp        0      0 *:imap2                 *:*                     LISTEN     5782/dovecot
    tcp        0      0 *:81                    *:*                     LISTEN     5906/ispconfig_http
    tcp        0      0 *:ftp                   *:*                     LISTEN     6127/proftpd: (acce
    tcp        0      0 virtual-ip1.syte:domain *:*                     LISTEN     5539/named
    tcp        0      0 192.168.0.100:domain    *:*                     LISTEN     5539/named
    tcp        0      0 localhost.locald:domain *:*                     LISTEN     5539/named
    tcp        0      0 *:smtp                  *:*                     LISTEN     14937/master
    tcp        0      0 192.168.0.100:4620      64.233.187.104:www      ESTABLISHED13276/mozilla-bin
    tcp        0      0 192.168.0.100:3916      h7252.serverkompete:www TIME_WAIT  -
    tcp        0      0 192.168.0.100:imaps     192.168.0.50:2685       ESTABLISHED6333/imap-login
    tcp        0      0 192.168.0.100:imaps     192.168.0.50:2684       ESTABLISHED6303/imap-login
    tcp        0      0 192.168.0.100:4568      209.50.189.200:www      ESTABLISHED13276/mozilla-bin
    tcp        0      0 192.168.0.100:imaps     192.168.0.50:2687       ESTABLISHED6324/imap-login
    tcp        0      0 192.168.0.100:imaps     192.168.0.50:2686       ESTABLISHED6302/imap-login
    tcp        0      0 192.168.0.100:imaps     192.168.0.50:2683       ESTABLISHED5820/imap-login
    tcp6       0      0 *:www                   *:*                     LISTEN     9834/apache2
    tcp6       0      0 *:ssh                   *:*                     LISTEN     5753/sshd
    tcp6       0      0 *:https                 *:*                     LISTEN     9834/apache2
    
    The result is the same whether on lan or non-associated network.
    Squirrelmail can send and rec.
    Any Ideas for auth failure??

    Thank You,
    Stephen
     
  2. falko

    falko Super Moderator

    The information you posted looks ok. Please make sure you use the correct username (something like web1_testuser, for example) and password.
     
  3. Steve_P

    Steve_P New Member

    I have 2 users created with ispconfig, xxxxxxxx and xxxx with emails of steve and test.

    I have tried the following combinations for each user
    (sub in domain and above names/emails)
    user
    user@domain.com
    user@mysite.domain.com
    user@hostname
    user@192.168.0.100

    error log show the same.

    a quick trip to command line shows that I can send mail via telnet from localhost. I cannot from another machine.
    localhost:
    Code:
    Mar 30 08:41:33 ocotillo postfix/smtpd[22978]: connect from localhost.localdomain[127.0.0.1]
    Mar 30 08:42:16 ocotillo postfix/smtpd[22978]: 1D80912F6EC: client=localhost.localdomain[127.0.0.1]
    Mar 30 08:44:24 ocotillo postfix/cleanup[23212]: 1D80912F6EC: message-id=<20060330154216.1D80912F6EC@ocotillo.sytes.net>
    Mar 30 08:44:24 ocotillo postfix/qmgr[14939]: 1D80912F6EC: from=<xxxxxxxxe@ocotillo.sytes.net>, size=424, nrcpt=1 (queue active)
    Mar 30 08:44:26 ocotillo postfix/smtp[23239]: 1D80912F6EC: to=<xxxxxxxxxx@netmdc.com>, relay=mx1.tularosa.net[66.18.160.23], delay=146, status=sent (250 Ok: queued as 40BE3D5472A4)
    Mar 30 08:44:26 ocotillo postfix/qmgr[14939]: 1D80912F6EC: removed
    Another Machine:
    Code:
    Mar 30 08:44:42 ocotillo postfix/smtpd[23244]: connect from unknown[192.168.0.50]
    Mar 30 08:46:12 ocotillo postfix/smtpd[23244]: NOQUEUE: reject: RCPT from unknown[192.168.0.50]: 554 <xxxxxxxxxx@netmdc.com>: Relay access denied; from=<xxxxxxxx@ocotillo.sytes.net> to=<xxxxxxxxxx@netmdc.com> proto=ESMTP helo=<loca????ocotillo.sytes.net>
    
    On remote machine, I rec error "Relay access denied"
     
    Last edited: Mar 30, 2006
  4. Steve_P

    Steve_P New Member

    -=*solved*=-

    I do not know what may come from this but my problem was solved by
    editing /etc/defalut/saslauthd.

    I changed
    MECHANISMS="pam"
    to
    MECHANISMS="shadow"

    /etc/init.d/saslauthd restart ; /etc/init.d/postfix restart
     
  5. Mali

    Mali New Member

    try to install this package : libpam-mysql

    and restore ur MECHANISM to pam
     

Share This Page