warning: SASL authentication failure: Password verification failed

Discussion in 'Installation/Configuration' started by Samgarr, Mar 1, 2011.

  1. Samgarr

    Samgarr New Member

    Hello,
    i have ispconfig3@Debian 5.0. everything works perfectly, thanks for your work on ISPConfig;) a
    And now my problem.I can not send mail via thunderbird / outlook. Thundebird error is:

    Code:
    Login to server failed www.study21.cz.
    in /var/log/mail.log is:
    Code:
    Mar  1 19:43:44 toxie postfix/smtpd[3658]: warning: SASL authentication failure: Password verification failed
    Mar  1 19:43:44 toxie postfix/smtpd[3658]: warning: ip-89-176-96-114.net.upcbroadband.cz[89.176.96.114]: SASL PLAIN authentication failed: authentication failure
    Mar  1 19:43:44 toxie postfix/smtpd[3658]: warning: ip-89-176-96-114.net.upcbroadband.cz[89.176.96.114]: SASL LOGIN authentication failed: authentication failure
    /etc/default/saslauthd
    Code:
    # Available options in this Debian package:
    # getpwent  -- use the getpwent() library function
    # kerberos5 -- use Kerberos 5
    # pam       -- use PAM
    # rimap     -- use a remote IMAP server
    # shadow    -- use the local shadow password file
    # sasldb    -- use the local sasldb database file
    # ldap      -- use LDAP (configuration is in /etc/saslauthd.conf)
    #
    # Only one option may be used at a time. See the saslauthd man page
    # for more information.
    #
    # Example: MECHANISMS="pam"
    MECHANISMS="pam"
    
    # Additional options for this mechanism. (default: none)
    # See the saslauthd man page for information about mech-specific options.
    MECH_OPTIONS=""
    
    # How many saslauthd processes should we run? (default: 5)
    # A value of 0 will fork a new process for each connection.
    THREADS=5
    
    # Other options (default: -c -m /var/run/saslauthd)
    # Note: You MUST specify the -m option or saslauthd won't run!
    #
    # WARNING: DO NOT SPECIFY THE -d OPTION.
    # The -d option will cause saslauthd to run in the foreground instead of as
    # a daemon. This will PREVENT YOUR SYSTEM FROM BOOTING PROPERLY. If you wish
    # to run saslauthd in debug mode, please run it by hand to be safe.
    #
    # See /usr/share/doc/sasl2-bin/README.Debian for Debian-specific information.
    # See the saslauthd man page and the output of 'saslauthd -h' for general
    # information about these options.
    #
    # Example for postfix users: "-c -m /var/spool/postfix/var/run/saslauthd"
    #odstraneno -r anzto v tehle konfiguraci znemoznuje odeslat poslu thunderbirdem
    OPTIONS="-c -m /var/spool/postfix/var/run/saslauthd"
    /etc/postfix/sasl/smtpd.conf
    Code:
    pwcheck_method: saslauthd
    mech_list: plain login
    allow_plaintext: true
    auxprop_plugin: mysql
    sql_hostnames: 127.0.0.1
    sql_user: ispconfig
    sql_passwd: 41e9ab22906b04d7b199fc09a4a02885
    sql_database: dbispconfig
    sql_select: select password from mail_user where email = '%u'
    In roundcube (plugin + Password) Sending mails normally. Any ideas? Thanks!
     
  2. till

    till Super Moderator Howtoforge Staff HowtoForge Supporter ISPConfig Developer

    a) Do you use courier or dovecot?
    b) Check the thunderbird configuration and ensure that you use the full email address as username for smtp-auth and not just the part in front of the @.
     
  3. Samgarr

    Samgarr New Member

    a)courier
    b)checked, i use full mail address

    [​IMG]

    thanks!
     
  4. Samgarr

    Samgarr New Member

    Now I tried to login via telnet and got this:
    Code:
    telnet samtech.cz 25
    Trying 178.79.136.203...
    Connected to samtech.cz.
    Escape character is '^]'.
    220 toxie.bathost.cz ESMTP Postfix (Debian/GNU)
    AUTH LOGIN
    334 VXNlcm5hbWU6
    aW5mb0BzdHVkeTIxLmN6
    334 UGFzc3dvcmQ6
    aW5mb2luZm8=
    535 5.7.8 Error: authentication failed: authentication failure
    
     
  5. falko

    falko Super Moderator Howtoforge Staff Moderator HowtoForge Supporter ISPConfig Developer

    Does it work without STARTTLS?
     
  6. Samgarr

    Samgarr New Member

    No, same error in mail.log.
    Thanks for you time.
     
  7. falko

    falko Super Moderator Howtoforge Staff Moderator HowtoForge Supporter ISPConfig Developer

    Do you use the email address as the username in your email client? Does the email address exist in the mail_user table?
     
  8. gral

    gral New Member

    same problem here; as information i can say

    im using courier , config the mail account as user@domain.com , and doesnt work without STARTTLS neither , the user exist at the mail_user table;

    ps aux | grep sasl
    Code:
    root     13576  0.0  0.0   5680  1008 ?        Ss   13:02   0:00 /usr/sbin/saslauthd -m /var/run/saslauthd -a pam -n 2
    root     13577  0.0  0.0   5680   996 ?        S    13:02   0:00 /usr/sbin/saslauthd -m /var/run/saslauthd -a pam -n 2
    
    /usr/lib/sasl2/smtpd.conf
    Code:
    pwcheck_method: saslauthd
    
    /etc/postfix/main.cf
    Code:
    queue_directory = /var/spool/postfix
    command_directory = /usr/sbin
    daemon_directory = /usr/libexec/postfix
    mail_owner = postfix
    inet_interfaces = all
    mydestination = mail.myserver.net, localhost, localhost.localdomain
    unknown_local_recipient_reject_code = 550
    alias_maps = hash:/etc/aliases
    alias_database = hash:/etc/aliases
    debug_peer_level = 2
    debugger_command =
    	 PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin
    	 xxgdb $daemon_directory/$process_name $process_id & sleep 5
    sendmail_path = /usr/sbin/sendmail.postfix
    newaliases_path = /usr/bin/newaliases.postfix
    mailq_path = /usr/bin/mailq.postfix
    setgid_group = postdrop
    html_directory = no
    manpage_directory = /usr/share/man
    sample_directory = /usr/share/doc/postfix-2.3.3/samples
    readme_directory = /usr/share/doc/postfix-2.3.3/README_FILES
    myhostname = mail.myserver.net
    mynetworks = 127.0.0.0/8 [::1]/128
    virtual_alias_domains = 
    virtual_alias_maps = proxy:mysql:/etc/postfix/mysql-virtual_forwardings.cf, mysql:/etc/postfix/mysql-virtual_email2email.cf
    virtual_mailbox_domains = proxy:mysql:/etc/postfix/mysql-virtual_domains.cf
    virtual_mailbox_maps = proxy:mysql:/etc/postfix/mysql-virtual_mailboxes.cf
    virtual_mailbox_base = /var/vmail
    virtual_uid_maps = static:5000
    virtual_gid_maps = static:5000
    smtpd_sasl_auth_enable = yes
    broken_sasl_auth_clients = yes
    smtpd_sasl_authenticated_header = yes
    smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, check_recipient_access mysql:/etc/postfix/mysql-virtual_recipient.cf, reject_unauth_destination
    smtpd_use_tls = yes
    smtpd_tls_security_level = may
    smtpd_tls_cert_file = /etc/postfix/smtpd.cert
    smtpd_tls_key_file = /etc/postfix/smtpd.key
    transport_maps = proxy:mysql:/etc/postfix/mysql-virtual_transports.cf
    relay_domains = mysql:/etc/postfix/mysql-virtual_relaydomains.cf
    relay_recipient_maps = mysql:/etc/postfix/mysql-virtual_relayrecipientmaps.cf
    proxy_read_maps = $local_recipient_maps $mydestination $virtual_alias_maps $virtual_alias_domains $virtual_mailbox_maps $virtual_mailbox_domains $relay_recipient_maps $relay_domains $canonical_maps $sender_canonical_maps $recipient_canonical_maps $relocated_maps $transport_maps $mynetworks $virtual_mailbox_limit_maps
    smtpd_sender_restrictions = check_sender_access mysql:/etc/postfix/mysql-virtual_sender.cf
    smtpd_client_restrictions = check_client_access mysql:/etc/postfix/mysql-virtual_client.cf
    maildrop_destination_concurrency_limit = 1
    maildrop_destination_recipient_limit = 1
    virtual_transport = maildrop
    header_checks = regexp:/etc/postfix/header_checks
    mime_header_checks = regexp:/etc/postfix/mime_header_checks
    nested_header_checks = regexp:/etc/postfix/nested_header_checks
    body_checks = regexp:/etc/postfix/body_checks
    receive_override_options = no_address_mappings
    relayhost = 
    mailbox_size_limit = 0
    message_size_limit = 0
    
    And i cant use the smtp i always receive;

    Code:
    warning: SASL authentication failure: Password verification failed
    Sep 12 13:03:46 myserver postfix/smtpd[13644]: warning: unknown[xx.xx.xx.xx]: SASL PLAIN authentication failed: authentication failure
    Sep 12 13:03:46 myserver postfix/smtpd[13644]: warning: unknown[xx.xx.xx.xx]: SASL LOGIN authentication failed: authentication failure
    
    Any suggestion ?... im really confused.

    Thanks in advance!.
     
  9. gral

    gral New Member

    add new logs that i didnt checked before; in /var/log/messages

    Code:
    mail.server saslauthd[25679]: do_auth         : auth failure: [user=mailuser] [service=smtp] [realm=domain.com.ar] [mech=pam] [reason=PAM auth error]
    mail.server saslauthd[25680]: do_auth         : auth failure: [user=mailuser] [service=smtp] [realm=domain.com.ar] [mech=pam] [reason=PAM auth error]
    
     
  10. falko

    falko Super Moderator Howtoforge Staff Moderator HowtoForge Supporter ISPConfig Developer

    Which distribution do you use? And which tutorial (URL)?
     
  11. gral

    gral New Member

  12. Dakser

    Dakser New Member

    Can you solve this?

    Hi, Id like to know if you could solve this problem because i have the same. Thanks.
     
  13. gral

    gral New Member

    two things i would check;

    1- be sure you have installed cyrus-sasl-plain
    2- that the server_id match of the mail_user match with the server id of the server

    cheers,
     
  14. a.master

    a.master New Member

    excerpt of /var/log/mail.log

    May 7 21:42:27 foo.bar postfix/smtpd[5668]: connect from a123456789.adsl.alicedsl.de[12.34.956.178]
    May 7 21:42:30 foo.bar postfix/smtpd[5668]: warning: SASL authentication failure: Password verification failed
    May 7 21:42:30 foo.bar postfix/smtpd[5668]: warning: a123456789.adsl.alicedsl.de[12.34.956.178]: SASL PLAIN authentication failed: authentication failure
    May 7 21:42:33 foo.bar postfix/smtpd[5668]: warning: a123456789.adsl.alicedsl.de[12.34.956.178]: SASL LOGIN authentication failed: authentication failure

    excerpt of /var/mail/auth.log

    May 7 21:42:27 h2035294 postfix/smtpd[5668]: sql auxprop plugin using mysql engine
    May 7 21:42:28 h2035294 saslauthd[5659]: pam_unix(smtp:auth): check pass; user unknown
    May 7 21:42:28 h2035294 saslauthd[5659]: pam_unix(smtp:auth): authentication failure; logname= uid=0 euid=0 tty= ruser= rhost=
    May 7 21:42:30 h2035294 saslauthd[5659]: DEBUG: auth_pam: pam_authenticate failed: Authentication failure
    May 7 21:42:30 h2035294 saslauthd[5659]: do_auth : auth failure: [service=smtp] [realm=ccmail.me] [mech=pam] [reason=PAM auth erro$
    May 7 21:42:30 h2035294 saslauthd[5660]: pam_unix(smtp:auth): check pass; user unknown
    May 7 21:42:30 h2035294 saslauthd[5660]: pam_unix(smtp:auth): authentication failure; logname= uid=0 euid=0 tty= ruser= rhost=
    May 7 21:42:33 h2035294 saslauthd[5660]: DEBUG: auth_pam: pam_authenticate failed: Authentication failure
    May 7 21:42:33 h2035294 saslauthd[5660]: do_auth : auth failure: [service=smtp] [realm=ccmail.me] [mech=pam] [reason=PAM auth erro$

    The problem caused by the file /etc/pam.d/smtp

    #--> commenting out these three lines works fine for me!
    ##########################
    #@include common-auth
    #@include common-account
    #@include common-password
    ##########################

    auth required pam_mysql.so user=mail_admin passwd=pass_4_mailadmin host=127.0.0.1 db=mail table=users usercolumn=email passwdcolumn=password crypt=1
    account sufficient pam_mysql.so user=mail_admin passwd=pass_4_mailadmin host=127.0.0.1 db=mail table=users usercolumn=email passwdcolumn=password crypt=1
     

Share This Page