Skip site navigation (1)Skip section navigation (2)
Date:      Sun, 16 Mar 2014 12:46:30 -0700
From:      Drew Tomlinson <drew@mykitchentable.net>
To:        Reko Turja <reko.turja@liukuma.net>, freebsd-questions@FreeBSD.org
Subject:   Re: Help with SMTP AUTH -- SOLVED
Message-ID:  <BLU0-SMTP457C3A01533CDA4C4998756B3720@phx.gbl>
In-Reply-To: <579E8EE06D0D49DB88726917BFCDFF8E@Rivendell>
References:  <BLU0-SMTP4079D728856FBE24B0A93C9B3730@phx.gbl> <CE8684D1E0E64379B17CD55A149AA466@Rivendell> <BLU0-SMTP40877E7CD3C03FC72E1A57EB3720@phx.gbl> <579E8EE06D0D49DB88726917BFCDFF8E@Rivendell>

next in thread | previous in thread | raw e-mail | index | archive | help
On 3/16/2014 2:46 AM, Reko Turja wrote:
> From: Drew Tomlinson
> Sent: Sunday, March 16, 2014 2:48 AM
> To: Reko Turja ; freebsd-questions@FreeBSD.org
> Subject: Re: Help with SMTP AUTH
>
>> Now authentication is attempted but fails with these lines in my 
>> maillog:
>> Mar 15 17:40:39 blacklamb postfix/smtpd[91702]: warning: SASL 
>> authentication failure: no user in db
>
> Sasl tried to access authdb and the authenticating username was not 
> found. It seems that sasl is trying to authenticate using the wrong 
> mech. Are you trying to get authentication working against /etc/passwd 
> or database backend? if using Cyrus sasl you need to tell sasl what 
> mechanisms it uses for each service
>
>> I would have expected to see something during the sasl_auth attempt. 
>> Should I have?
>
> You should have seen something like the following:
>
> postfix log snippet
> Mar 16 11:11:29 cerebro postfix/smtpd[16044]: connect from 
> my.homeip.fi[my.home.ip.fi]
> Mar 16 11:11:29 cerebro postfix/smtpd[16044]: B43B08A0122: 
> client=my.homeip.fi[my.home.ip.fi], sasl_method=LOGIN, 
> sasl_username=username@cerebro.mydomain.com

I'm not seeing the sasl_method line.  Here is a complete session from my 
maillog:

Mar 16 12:20:08 blacklamb postfix/smtpd[96374]: connect from 
unknown[x.x.x.x]
Mar 16 12:20:08 blacklamb postfix/smtpd[96374]: Anonymous TLS connection 
established from unknown[x.x.x.x]: TLSv1 with cipher 
ECDHE-RSA-AES256-SHA (256/256 bits)
Mar 16 12:20:08 blacklamb postfix/smtpd[96374]: warning: SASL 
authentication failure: no user in db
Mar 16 12:20:08 blacklamb postfix/smtpd[96374]: warning: SASL 
authentication failure: no user in db
Mar 16 12:20:08 blacklamb postfix/smtpd[96374]: warning: SASL 
authentication failure: Password verification failed
Mar 16 12:20:08 blacklamb postfix/smtpd[96374]: warning: 
unknown[x.x.x.x]: SASL PLAIN authentication failed: authentication failure
Mar 16 12:20:08 blacklamb postfix/smtpd[96374]: warning: SASL 
authentication failure: no user in db
Mar 16 12:20:08 blacklamb postfix/smtpd[96374]: warning: SASL 
authentication failure: no user in db
Mar 16 12:20:08 blacklamb postfix/smtpd[96374]: warning: 
unknown[x.x.x.x]: SASL LOGIN authentication failed: authentication failure
Mar 16 12:20:11 blacklamb postfix/smtpd[96374]: disconnect from 
unknown[x.x.x.x]
>
> saslauth log snippet
> saslauthd[16234] :do_auth         : auth success: [user=username] 
> [service=smtp] [realm=cerebro.mydomain.com] [mech=pam]
> saslauthd[16234] :do_request      : response: OK
> saslauthd[16235] :rel_accept_lock : released accept lock
> saslauthd[16236] :get_accept_lock : acquired accept lock
> saslauthd[16235] :do_auth         : auth success: [user=username] 
> [service=imap] [realm=] [mech=pam]
> saslauthd[16235] :do_request      : response: OK
Not getting anything here.  I started saslauthd in debug mode. There has 
been on activity displayed since it was first started.
> In another mail your conf had:
>
> smtpd_sasl_path = /usr/local/lib/sasl2/smtpd
> smtp_sasl_password_maps = hash:/usr/local/etc/postfix/sasl_passwd
>
> Is your sasl config file for smtpd named /usr/local/lib/sasl2/smtpd or 
> /usr/local/lib/sasl2/smtpd.conf - in latter case postfix and sasl 
> should not need the option at all. THe same goes with the 
> smtpd_sasl_password_maps (unless you are authing against remote 
> machine with sasl). Postfix should not really need details of saslauth 
> internals like where are the passwords or which mech to use, it just 
> asks the saslauthd if user has proper credentials. Sasl checks the 
> credentials against given login mechs for the service in question and 
> returns whether or not the login is ok.
My file is /usr/local/lib/sasl2/smtpd.conf.  It contains:

  # cat /usr/local/lib/sasl2/smtpd.conf
pwcheck_method: saslauthd
mech_list: PLAIN LOGIN
log_level: 9

The smtp_sasl_password_maps option is there because I have to relay 
using smtp auth via my ISP's server.  My ISP won't let me send mail direct.

I just tried commenting out the smtpd_sasl_path option and tested. 
SUCCESS!!!.  In my comments, I have a note from back when I first got 
this working on FBSD 4 back in 2003  that says "Cyrus adds the .conf to 
the file name".  Apparently that is no longer the case.

But what I don't understand is that if I include smtpd_sasl_path = 
/usr/local/lib/sasl2/smtpd.conf in my config, it still doesn't work.  It 
will only work if I leave this commented out.  Why?

Thanks for all of your help!

Cheers,

Drew

-- 
Like card tricks?

Visit The Alchemist's Warehouse to
learn card magic secrets for free!

http://alchemistswarehouse.com




Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?BLU0-SMTP457C3A01533CDA4C4998756B3720>