From owner-freebsd-questions@FreeBSD.ORG Tue Aug 8 16:15:57 2006 Return-Path: X-Original-To: freebsd-questions@freebsd.org Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 7C42D16A4DA for ; Tue, 8 Aug 2006 16:15:57 +0000 (UTC) (envelope-from gerard@seibercom.net) Received: from wx-out-0506.google.com (wx-out-0506.google.com [66.249.82.224]) by mx1.FreeBSD.org (Postfix) with ESMTP id D3BA143D73 for ; Tue, 8 Aug 2006 16:15:56 +0000 (GMT) (envelope-from gerard@seibercom.net) Received: by wx-out-0506.google.com with SMTP id i27so793004wxd for ; Tue, 08 Aug 2006 09:15:56 -0700 (PDT) Received: by 10.70.89.1 with SMTP id m1mr1016351wxb; Tue, 08 Aug 2006 09:15:56 -0700 (PDT) Received: from scorpio.seibercom.net ( [67.189.184.224]) by mx.gmail.com with ESMTP id i10sm5141991wxd.2006.08.08.09.15.55; Tue, 08 Aug 2006 09:15:55 -0700 (PDT) Received: from [192.168.0.4] (boss.seibercom.net [192.168.0.4]) (Authenticated sender: gerard@seibercom.net) by scorpio.seibercom.net (Postfix) with ESMTP id 09A0EBE4E for ; Tue, 8 Aug 2006 12:15:54 -0400 (EDT) Date: Tue, 08 Aug 2006 12:16:00 -0400 From: Gerard Seibert To: freebsd-questions@freebsd.org Organization: Seibercom In-Reply-To: <44D8A5F8.40509@gregs-garage.com> References: <20060808101410.6387.GERARD@seibercom.net> <44D8A5F8.40509@gregs-garage.com> X-Face: "\j?x](l|]4p?-1Bf@!wN<&p=$.}^k-HgL}cJKbQZ3r#Ar]\%U(#6}'?<3s7%(%(gxJxxcR nSNPNr*/^~StawWU9KDJ-CT0k$f#@t2^K&BS_f|?ZV/.7Q Message-Id: <20060808121302.F5B2.GERARD@seibercom.net> MIME-Version: 1.0 Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: 8bit X-Mailer: Becky! ver. 2.25 [en] Subject: Re: Postfix & SASL Authentication X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: freebsd-questions@freebsd.org List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 08 Aug 2006 16:15:57 -0000 Greg Groth wrote: > On 8/8/2006 9:20 AM, Gerard Seibert wrote: > > FreeBSD 6.1 STABLE > > > > I have SASL and Postfix installed and for the most part they seem to > > work all right together. However, there is one small problem. > > > > When attempting to send a message from one of the PC's on the network, > > actually any PC on the network except for the one with Postfix installed > > on it, this error message is inserted into the maillog file. > > > > Aug 8 10:11:32 scorpio postfix/smtpd[1310]: connect from boss.seibercom.net[192.168.0.4] > > Aug 8 10:11:32 scorpio postfix/smtpd[1310]: warning: SASL authentication failure: no user in db > > Aug 8 10:11:32 scorpio postfix/smtpd[1310]: 859B9BD6C: client=boss.seibercom.net[192.168.0.4], sasl_method=LOGIN, sasl_username=gerard@seibercom.net > > > > All of the users are authenticated. Exactly what is it referring to and how do I correct it? The mail does get relayed however, so it is not a fatal warning. > > > > > Which version of SASL? v1 or v2? > > The following is based on ym experience with v2, and I don't know if it > applies to v1 or not. > > As far as the message in you log file, it's attempting to authenticate, > but it's not connecting to the user database to verify the user. More > than likely it's allowing you to send mail from the local server because > you have Postfix configured to allow it to relay mail from localhost, > and that this is allowing you to send the email even though > authentication is failing. > > To determine which authentication methods Postfix will accept, telnet to > localhost on port 25 and issue a EHLO: > > mail# telnet localhost 25 > Trying ::1... > Connected to localhost.domain.com. > Escape character is '^]'. > 220 mail.domain.com ESMTP Postfix > > EHLO localhost > > 250-mail.domain.com > 250-PIPELINING > 250-SIZE 10240000 > 250-VRFY > 250-ETRN > 250-AUTH NTLM LOGIN PLAIN GSSAPI DIGEST-MD5 CRAM-MD5 > 250-AUTH=NTLM LOGIN PLAIN GSSAPI DIGEST-MD5 CRAM-MD5 > 250-ENHANCEDSTATUSCODES > 250-8BITMIME > 250 DSN > > In this instance, the AUTH line dictates which authentication mechanisms > Postfix will accept. In this case: NTLM LOGIN PLAIN GSSAPI DIGEST-MD5 > CRAM-MD5 This is the output of mine: $ telnet localhost 25 Trying ::1... telnet: connect to address ::1: Connection refused Trying 127.0.0.1... Connected to localhost. Escape character is '^]'. 220 scorpio.seibercom.net ESMTP Postfix (2.4-20060727) ehlo localhost 250-scorpio.seibercom.net 250-PIPELINING 250-SIZE 10240000 250-VRFY 250-ETRN 250-AUTH LOGIN PLAIN 250-AUTH=LOGIN PLAIN 250-ENHANCEDSTATUSCODES 250-8BITMIME 250 DSN I noticed that the first attempt is refused. Why I wonder. > > Check your /usr/local/lib/sasl2/smtpd.conf file and make sure that you > have the correct auth mechanism listed. For plain text login that's > verified against your existing users, your smtpd.conf file would read as > follows: > > pwcheck_method: saslauthd > > This will verify against your existing user accounts. There are other > methods, such as pwcheck_method: sasldb, that will verify against > SASL's own password database, which I've never used. > > Make sure that you have saslauthd running (which it appears you do). > > Issue the following: > > # /usr/local/sbin/testsaslauthd -u username -p password > 0: OK "Success." > > If saslauthd is operating correctly, you'll recieve the OK "Success." > If not, your problem is with saslauthd. > > If your AUTH line does not list the right AUTH mechanism, the problem is > with Postfix. For instance, if you're trying to use SMTP-AUTH from a > client on your network, and have pwcheck_method: saslauthd defined in > your smtpd.conf file, you have to have PLAIN LOGIN appear in the AUTH > line when telnetting. This is the contents of the smtpd.conf file: ## Global Values pwcheck_method: auxprop auxprop_plugin: sasldb log_level: 7 mech_list: PLAIN LOGIN -- Gerard Seibert gerard@seibercom.net