Date: Wed, 02 Dec 2009 00:38:23 -0800 From: Corey Chandler <lists@sequestered.net> To: FreeBSD Questions <freebsd-questions@freebsd.org> Subject: authdaemond issues / breakage after upgrade to 8.0 Message-ID: <4B16277F.8020802@sequestered.net>
next in thread | raw e-mail | index | archive | help
I recently upgraded from FreeBSD 7.2 to 8.0. This resulted in a strange
error with authdaemond (part of the Courier imap package, used to
authenticate users) when used in conjunction with postfix; I've rebuilt
all of the packages, but the config they're using has worked since the
6.0 days.
I attempt to send a message using SASL and get the following in my logs
(passwords and hashes have been consistently redacted; nothing else has
been altered):
Dec 1 14:49:06 alcatraz authdaemond: Authenticated: sysusername=<null>,
sysuserid=1008, sysgroupid=1008, homedir=/usr/local/virtual/,
address=jay@sequestered.net, fullname=Jay Chandler,
maildir=sequestered.net/jay@sequestered.net/, quota=1024000000S,
options=<null>
Dec 1 14:49:06 alcatraz authdaemond: Authenticated:
clearpasswd=omgponies, passwd=$1$6dICANHAZPONIEZ?$Z1ySHXcliB8vx0jqwZ9Bp1
Dec 1 14:49:06 alcatraz imapd-ssl: LOGIN, user=jay@sequestered.net,
ip=[166.191.99.147], port=[52341], protocol=IMAP
Dec 1 14:49:07 alcatraz imapd-ssl: LOGOUT, user=jay@sequestered.net,
ip=[166.191.99.147], headers=0, body=0, rcvd=25, sent=699, time=1,
starttls=1
Dec 1 14:49:08 alcatraz imapd-ssl: LOGIN, user=jay@sequestered.net,
ip=[166.191.99.147], port=[52342], protocol=IMAP
Dec 1 14:49:08 alcatraz authdaemond: Authenticated: sysusername=<null>,
sysuserid=1008, sysgroupid=1008, homedir=/usr/local/virtual/,
address=jay@sequestered.net, fullname=Jay Chandler,
maildir=sequestered.net/jay@sequestered.net/, quota=1024000000S,
options=<null>
Dec 1 14:49:08 alcatraz authdaemond: Authenticated:
clearpasswd=omgponies, passwd=$1$6dICANHAZPONIEZ?$Z1ySHXcliB8vx0jqwZ9Bp1
Dec 1 14:49:11 alcatraz imapd-ssl: LOGIN, user=jay@sequestered.net,
ip=[166.191.99.147], port=[52343], protocol=IMAP
Dec 1 14:49:11 alcatraz authdaemond: Authenticated: sysusername=<null>,
sysuserid=1008, sysgroupid=1008, homedir=/usr/local/virtual/,
address=jay@sequestered.net, fullname=Jay Chandler,
maildir=sequestered.net/jay@sequestered.net/, quota=1024000000S,
options=<null>
Dec 1 14:49:11 alcatraz authdaemond: Authenticated:
clearpasswd=omgponies, passwd=$1$6dICANHAZPONIEZ?$Z1ySHXcliB8vx0jqwZ9Bp1
It appears I'm authing correctly; in fact, authtest shows:
alcatraz# authtest jay@sequestered.net omgponies
Authentication succeeded.
Authenticated: jay@sequestered.net (uid 1008, gid 1008)
Home Directory: /usr/local/virtual/
Maildir: sequestered.net/jay@sequestered.net/
Quota: 1024000000S
Encrypted Password: $1$6dICANHAZPONIEZ?$Z1ySHXcliB8vx0jqwZ9Bp
Cleartext Password: omgponies
Options: wbnodsn=1
At this point I'm at a loss as to what else I can try.
I've included saslfinger and postconf -n output below.
saslfinger - postfix Cyrus sasl configuration Tue Dec 1 18:18:47 PST 2009
version: 1.0.2
mode: server-side SMTP AUTH
-- basics --
Postfix: 2.6.5
-- smtpd is linked to --
libsasl2.so.2 => /usr/local/lib/libsasl2.so.2 (0x28114000)
-- active SMTP AUTH and TLS parameters for smtpd --
broken_sasl_auth_clients = yes
smtpd_sasl_auth_enable = yes
smtpd_sasl_authenticated_header = yes
smtpd_sasl_local_domain = $myhostname
smtpd_sasl_security_options = noanonymous
smtpd_tls_CAfile = /usr/local/etc/postfix/mail.pem
smtpd_tls_cert_file = /usr/local/etc/postfix/mail.pem
smtpd_tls_key_file = $smtpd_tls_cert_file
smtpd_tls_loglevel = 1
smtpd_tls_received_header = yes
smtpd_tls_session_cache_timeout = 3600s
smtpd_use_tls = yes
-- listing of /usr/local/lib/sasl2 --
total 508
drwxr-xr-x 2 root wheel 1024 Dec 1 13:20 .
drwxr-xr-x 22 root wheel 13312 Dec 1 16:50 ..
-rw-r--r-- 1 root wheel 12652 Dec 1 13:20 libanonymous.a
-rwxr-xr-x 1 root wheel 957 Dec 1 13:20 libanonymous.la
-rwxr-xr-x 1 root wheel 16078 Dec 1 13:20 libanonymous.so
-rwxr-xr-x 1 root wheel 16078 Dec 1 13:20 libanonymous.so.2
-rw-r--r-- 1 root wheel 14866 Dec 1 13:20 libcrammd5.a
-rwxr-xr-x 1 root wheel 943 Dec 1 13:20 libcrammd5.la
-rwxr-xr-x 1 root wheel 18370 Dec 1 13:20 libcrammd5.so
-rwxr-xr-x 1 root wheel 18370 Dec 1 13:20 libcrammd5.so.2
-rw-r--r-- 1 root wheel 44016 Dec 1 13:20 libdigestmd5.a
-rwxr-xr-x 1 root wheel 966 Dec 1 13:20 libdigestmd5.la
-rwxr-xr-x 1 root wheel 46792 Dec 1 13:20 libdigestmd5.so
-rwxr-xr-x 1 root wheel 46792 Dec 1 13:20 libdigestmd5.so.2
-rw-r--r-- 1 root wheel 22040 Dec 1 13:20 libgssapiv2.a
-rwxr-xr-x 1 root wheel 1038 Dec 1 13:20 libgssapiv2.la
-rwxr-xr-x 1 root wheel 26726 Dec 1 13:20 libgssapiv2.so
-rwxr-xr-x 1 root wheel 26726 Dec 1 13:20 libgssapiv2.so.2
-rw-r--r-- 1 root wheel 12978 Dec 1 13:20 liblogin.a
-rwxr-xr-x 1 root wheel 937 Dec 1 13:20 liblogin.la
-rwxr-xr-x 1 root wheel 16431 Dec 1 13:20 liblogin.so
-rwxr-xr-x 1 root wheel 16431 Dec 1 13:20 liblogin.so.2
-rw-r--r-- 1 root wheel 13170 Dec 1 13:20 libplain.a
-rwxr-xr-x 1 root wheel 937 Dec 1 13:20 libplain.la
-rwxr-xr-x 1 root wheel 16489 Dec 1 13:20 libplain.so
-rwxr-xr-x 1 root wheel 16489 Dec 1 13:20 libplain.so.2
-rw-r--r-- 1 root wheel 19552 Dec 1 13:20 libsasldb.a
-rwxr-xr-x 1 root wheel 936 Dec 1 13:20 libsasldb.la
-rwxr-xr-x 1 root wheel 21756 Dec 1 13:20 libsasldb.so
-rwxr-xr-x 1 root wheel 21756 Dec 1 13:20 libsasldb.so.2
-rw-r--r-- 1 root wheel 114 Nov 27 2008 smtpd.conf
-- content of /usr/local/lib/sasl2/smtpd.conf --
pwcheck_method: authdaemond
log_level: 7
mech_list: PLAIN LOGIN
authdaemond_path: /var/run/authdaemond/socket
-- active services in /usr/local/etc/postfix/master.cf --
# service type private unpriv chroot wakeup maxproc command + args
# (yes) (yes) (yes) (never) (100)
smtp inet n - n - - smtpd
submission inet n - n - - smtpd
-o smtpd_sasl_auth_enable=yes
-o smtpd_client_restrictions=permit_sasl_authenticated,reject
pickup fifo n - n 60 1 pickup
cleanup unix n - n - 0 cleanup
qmgr fifo n - n 300 1 qmgr
tlsmgr unix - - n 1000? 1 tlsmgr
rewrite unix - - n - - trivial-rewrite
bounce unix - - n - 0 bounce
defer unix - - n - 0 bounce
trace unix - - n - 0 bounce
verify unix - - n - 1 verify
flush unix n - n 1000? 0 flush
proxymap unix - - n - - proxymap
proxywrite unix - - n - 1 proxymap
smtp unix - - n - - smtp
relay unix - - n - - smtp
-o smtp_fallback_relay=
showq unix n - n - - showq
error unix - - n - - error
retry unix - - n - - error
discard unix - - n - - discard
local unix - n n - - local
virtual unix - n n - - virtual
lmtp unix - - n - - lmtp
anvil unix - - n - 1 anvil
scache unix - - n - 1 scache
maildrop unix - n n - - pipe
flags=DRhu user=vmail argv=/usr/local/bin/maildrop -d ${recipient}
-- mechanisms on localhost --
250-AUTH LOGIN PLAIN
250-AUTH=LOGIN PLAIN
-- end of saslfinger output --
alcatraz# ll /var/run/authdaemond/socket
srwxrwxrwx 1 root courier 0 Dec 1 17:57 /var/run/authdaemond/socket
postconf -n output:
broken_sasl_auth_clients = yes
command_directory = /usr/local/sbin
config_directory = /usr/local/etc/postfix
daemon_directory = /usr/local/libexec/postfix
data_directory = /var/db/postfix
debug_peer_level = 2
disable_vrfy_command = yes
hash_queue_depth = 2
hash_queue_names = incoming,active,deferred,bounce,defer,flush,hold
header_checks = regexp:/usr/local/etc/postfix/header_checks
html_directory = /usr/local/share/doc/postfix
inet_interfaces = all
inet_protocols = ipv4, ipv6
mail_owner = postfix
mailbox_size_limit = 0
mailbox_transport = virtual
mailq_path = /usr/local/bin/mailq
manpage_directory = /usr/local/man
message_size_limit = 150000000
milter_default_action = accept
milter_protocol = 2
mydomain = sequestered.net
myhostname = alcatraz.sequestered.net
mynetworks = 192.168.0.0/16, 10.0.0.0/8, 127.0.0.0/8
newaliases_path = /usr/local/bin/newaliases
non_smtpd_milters = unix:/var/run/milterdkim/dkim-filter.sock
proxy_read_maps = $local_recipient_maps $mydestination
$virtual_alias_maps $virtual_alias_domains $virtual_mailbox_maps
$virtual_mailbox_domains $relay_recipient_maps $relay_domains
$canonical_maps $sender_canonical_maps $recipient_canonical_maps
$relocated_maps $transport_maps $mynetworks $virtual_mailbox_limit_maps
queue_directory = /var/spool/postfix
readme_directory = /usr/local/share/doc/postfix
relay_domains =
proxy:mysql:/usr/local/etc/postfix/mysql_relay_domains_maps.cf
sample_directory = /usr/local/etc/postfix
sendmail_path = /usr/local/sbin/sendmail
setgid_group = maildrop
smtp_tls_note_starttls_offer = yes
smtp_use_tls = yes
smtpd_client_restrictions = ${stress?reject_unknown_client_hostname}
check_client_access cidr:/usr/local/etc/postfix/cidr_access
smtpd_data_restrictions = reject_multi_recipient_bounce
reject_unauth_pipelining
smtpd_helo_required = yes
smtpd_milters = unix:/var/run/milterdkim/dkim-filter.sock
smtpd_recipient_restrictions = permit_sasl_authenticated
permit_mynetworks reject_unauth_destination
reject_unlisted_recipient check_recipient_access
hash:/usr/local/etc/postfix/access check_sender_access
hash:/usr/local/etc/postfix/undesirable_senders
reject_non_fqdn_hostname reject_rbl_client
psbl.surriel.com reject_rbl_client zen.spamhaus.org
reject_rbl_client dnsbl.ahbl.org reject_rbl_client
bl.spamcop.net reject_rhsbl_sender rhsbl.ahbl.org
warn_if_reject reject_rbl_client dnsbl.sorbs.net permit
smtpd_sasl_auth_enable = yes
smtpd_sasl_authenticated_header = yes
smtpd_sasl_local_domain = $myhostname
smtpd_sasl_security_options = noanonymous
smtpd_timeout = 120
smtpd_tls_CAfile = /usr/local/etc/postfix/mail.pem
smtpd_tls_cert_file = /usr/local/etc/postfix/mail.pem
smtpd_tls_key_file = $smtpd_tls_cert_file
smtpd_tls_loglevel = 1
smtpd_tls_received_header = yes
smtpd_tls_session_cache_timeout = 3600s
smtpd_use_tls = yes
soft_bounce = yes
tls_random_source = dev:/dev/urandom
unknown_local_recipient_reject_code = 550
virtual_alias_maps =
proxy:mysql:/usr/local/etc/postfix/mysql_virtual_alias_maps.cf
virtual_gid_maps = static:1008
virtual_mailbox_base = /usr/local/virtual
virtual_mailbox_domains =
proxy:mysql:/usr/local/etc/postfix/mysql_virtual_domains_maps.cf
virtual_mailbox_limit = 5120000000000
virtual_mailbox_limit_maps =
proxy:mysql:/usr/local/etc/postfix/mysql_virtual_mailbox_limit_maps.cf
virtual_mailbox_limit_override = yes
virtual_mailbox_maps =
proxy:mysql:/usr/local/etc/postfix/mysql_virtual_mailbox_maps.cf
virtual_maildir_limit_message = Sorry, the user's maildir has overdrawn
his diskspace quota, please try again later.
virtual_minimum_uid = 125
virtual_overquota_bounce = yes
virtual_transport = maildrop
virtual_uid_maps = static:1008
-- Corey / KB1JWQ
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4B16277F.8020802>