Help with SMTP AUTH -- SOLVED
Drew Tomlinson
drew at mykitchentable.net
Sun Mar 16 19:47:43 UTC 2014
On 3/16/2014 2:46 AM, Reko Turja wrote:
> From: Drew Tomlinson
> Sent: Sunday, March 16, 2014 2:48 AM
> To: Reko Turja ; freebsd-questions at FreeBSD.org
> Subject: Re: Help with SMTP AUTH
>
>> Now authentication is attempted but fails with these lines in my
>> maillog:
>> Mar 15 17:40:39 blacklamb postfix/smtpd[91702]: warning: SASL
>> authentication failure: no user in db
>
> Sasl tried to access authdb and the authenticating username was not
> found. It seems that sasl is trying to authenticate using the wrong
> mech. Are you trying to get authentication working against /etc/passwd
> or database backend? if using Cyrus sasl you need to tell sasl what
> mechanisms it uses for each service
>
>> I would have expected to see something during the sasl_auth attempt.
>> Should I have?
>
> You should have seen something like the following:
>
> postfix log snippet
> Mar 16 11:11:29 cerebro postfix/smtpd[16044]: connect from
> my.homeip.fi[my.home.ip.fi]
> Mar 16 11:11:29 cerebro postfix/smtpd[16044]: B43B08A0122:
> client=my.homeip.fi[my.home.ip.fi], sasl_method=LOGIN,
> sasl_username=username at cerebro.mydomain.com
I'm not seeing the sasl_method line. Here is a complete session from my
maillog:
Mar 16 12:20:08 blacklamb postfix/smtpd[96374]: connect from
unknown[x.x.x.x]
Mar 16 12:20:08 blacklamb postfix/smtpd[96374]: Anonymous TLS connection
established from unknown[x.x.x.x]: TLSv1 with cipher
ECDHE-RSA-AES256-SHA (256/256 bits)
Mar 16 12:20:08 blacklamb postfix/smtpd[96374]: warning: SASL
authentication failure: no user in db
Mar 16 12:20:08 blacklamb postfix/smtpd[96374]: warning: SASL
authentication failure: no user in db
Mar 16 12:20:08 blacklamb postfix/smtpd[96374]: warning: SASL
authentication failure: Password verification failed
Mar 16 12:20:08 blacklamb postfix/smtpd[96374]: warning:
unknown[x.x.x.x]: SASL PLAIN authentication failed: authentication failure
Mar 16 12:20:08 blacklamb postfix/smtpd[96374]: warning: SASL
authentication failure: no user in db
Mar 16 12:20:08 blacklamb postfix/smtpd[96374]: warning: SASL
authentication failure: no user in db
Mar 16 12:20:08 blacklamb postfix/smtpd[96374]: warning:
unknown[x.x.x.x]: SASL LOGIN authentication failed: authentication failure
Mar 16 12:20:11 blacklamb postfix/smtpd[96374]: disconnect from
unknown[x.x.x.x]
>
> saslauth log snippet
> saslauthd[16234] :do_auth : auth success: [user=username]
> [service=smtp] [realm=cerebro.mydomain.com] [mech=pam]
> saslauthd[16234] :do_request : response: OK
> saslauthd[16235] :rel_accept_lock : released accept lock
> saslauthd[16236] :get_accept_lock : acquired accept lock
> saslauthd[16235] :do_auth : auth success: [user=username]
> [service=imap] [realm=] [mech=pam]
> saslauthd[16235] :do_request : response: OK
Not getting anything here. I started saslauthd in debug mode. There has
been on activity displayed since it was first started.
> In another mail your conf had:
>
> smtpd_sasl_path = /usr/local/lib/sasl2/smtpd
> smtp_sasl_password_maps = hash:/usr/local/etc/postfix/sasl_passwd
>
> Is your sasl config file for smtpd named /usr/local/lib/sasl2/smtpd or
> /usr/local/lib/sasl2/smtpd.conf - in latter case postfix and sasl
> should not need the option at all. THe same goes with the
> smtpd_sasl_password_maps (unless you are authing against remote
> machine with sasl). Postfix should not really need details of saslauth
> internals like where are the passwords or which mech to use, it just
> asks the saslauthd if user has proper credentials. Sasl checks the
> credentials against given login mechs for the service in question and
> returns whether or not the login is ok.
My file is /usr/local/lib/sasl2/smtpd.conf. It contains:
# cat /usr/local/lib/sasl2/smtpd.conf
pwcheck_method: saslauthd
mech_list: PLAIN LOGIN
log_level: 9
The smtp_sasl_password_maps option is there because I have to relay
using smtp auth via my ISP's server. My ISP won't let me send mail direct.
I just tried commenting out the smtpd_sasl_path option and tested.
SUCCESS!!!. In my comments, I have a note from back when I first got
this working on FBSD 4 back in 2003 that says "Cyrus adds the .conf to
the file name". Apparently that is no longer the case.
But what I don't understand is that if I include smtpd_sasl_path =
/usr/local/lib/sasl2/smtpd.conf in my config, it still doesn't work. It
will only work if I leave this commented out. Why?
Thanks for all of your help!
Cheers,
Drew
--
Like card tricks?
Visit The Alchemist's Warehouse to
learn card magic secrets for free!
http://alchemistswarehouse.com
More information about the freebsd-questions
mailing list