Date: Tue, 08 Aug 2006 12:16:00 -0400 From: Gerard Seibert <gerard@seibercom.net> To: freebsd-questions@freebsd.org Subject: Re: Postfix & SASL Authentication Message-ID: <20060808121302.F5B2.GERARD@seibercom.net> In-Reply-To: <44D8A5F8.40509@gregs-garage.com> References: <20060808101410.6387.GERARD@seibercom.net> <44D8A5F8.40509@gregs-garage.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Greg Groth wrote: > On 8/8/2006 9:20 AM, Gerard Seibert wrote: > > FreeBSD 6.1 STABLE > > > > I have SASL and Postfix installed and for the most part they seem to > > work all right together. However, there is one small problem. > > > > When attempting to send a message from one of the PC's on the network, > > actually any PC on the network except for the one with Postfix installed > > on it, this error message is inserted into the maillog file. > > > > Aug 8 10:11:32 scorpio postfix/smtpd[1310]: connect from boss.seibercom.net[192.168.0.4] > > Aug 8 10:11:32 scorpio postfix/smtpd[1310]: warning: SASL authentication failure: no user in db > > Aug 8 10:11:32 scorpio postfix/smtpd[1310]: 859B9BD6C: client=boss.seibercom.net[192.168.0.4], sasl_method=LOGIN, sasl_username=gerard@seibercom.net > > > > All of the users are authenticated. Exactly what is it referring to and how do I correct it? The mail does get relayed however, so it is not a fatal warning. > > > > > Which version of SASL? v1 or v2? > > The following is based on ym experience with v2, and I don't know if it > applies to v1 or not. > > As far as the message in you log file, it's attempting to authenticate, > but it's not connecting to the user database to verify the user. More > than likely it's allowing you to send mail from the local server because > you have Postfix configured to allow it to relay mail from localhost, > and that this is allowing you to send the email even though > authentication is failing. > > To determine which authentication methods Postfix will accept, telnet to > localhost on port 25 and issue a EHLO: > > mail# telnet localhost 25 > Trying ::1... > Connected to localhost.domain.com. > Escape character is '^]'. > 220 mail.domain.com ESMTP Postfix > > EHLO localhost > > 250-mail.domain.com > 250-PIPELINING > 250-SIZE 10240000 > 250-VRFY > 250-ETRN > 250-AUTH NTLM LOGIN PLAIN GSSAPI DIGEST-MD5 CRAM-MD5 > 250-AUTH=NTLM LOGIN PLAIN GSSAPI DIGEST-MD5 CRAM-MD5 > 250-ENHANCEDSTATUSCODES > 250-8BITMIME > 250 DSN > > In this instance, the AUTH line dictates which authentication mechanisms > Postfix will accept. In this case: NTLM LOGIN PLAIN GSSAPI DIGEST-MD5 > CRAM-MD5 This is the output of mine: $ telnet localhost 25 Trying ::1... telnet: connect to address ::1: Connection refused Trying 127.0.0.1... Connected to localhost. Escape character is '^]'. 220 scorpio.seibercom.net ESMTP Postfix (2.4-20060727) ehlo localhost 250-scorpio.seibercom.net 250-PIPELINING 250-SIZE 10240000 250-VRFY 250-ETRN 250-AUTH LOGIN PLAIN 250-AUTH=LOGIN PLAIN 250-ENHANCEDSTATUSCODES 250-8BITMIME 250 DSN I noticed that the first attempt is refused. Why I wonder. > > Check your /usr/local/lib/sasl2/smtpd.conf file and make sure that you > have the correct auth mechanism listed. For plain text login that's > verified against your existing users, your smtpd.conf file would read as > follows: > > pwcheck_method: saslauthd > > This will verify against your existing user accounts. There are other > methods, such as pwcheck_method: sasldb, that will verify against > SASL's own password database, which I've never used. > > Make sure that you have saslauthd running (which it appears you do). > > Issue the following: > > # /usr/local/sbin/testsaslauthd -u username -p password > 0: OK "Success." > > If saslauthd is operating correctly, you'll recieve the OK "Success." > If not, your problem is with saslauthd. > > If your AUTH line does not list the right AUTH mechanism, the problem is > with Postfix. For instance, if you're trying to use SMTP-AUTH from a > client on your network, and have pwcheck_method: saslauthd defined in > your smtpd.conf file, you have to have PLAIN LOGIN appear in the AUTH > line when telnetting. This is the contents of the smtpd.conf file: ## Global Values pwcheck_method: auxprop auxprop_plugin: sasldb log_level: 7 mech_list: PLAIN LOGIN -- Gerard Seibert gerard@seibercom.net
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20060808121302.F5B2.GERARD>