Help with SMTP AUTH

Reko Turja reko.turja at liukuma.net
Sun Mar 16 09:46:06 UTC 2014 

From: Drew Tomlinson
Sent: Sunday, March 16, 2014 2:48 AM
To: Reko Turja ; freebsd-questions at FreeBSD.org
Subject: Re: Help with SMTP AUTH

> Now authentication is attempted but fails with these lines in my maillog:
> Mar 15 17:40:39 blacklamb postfix/smtpd[91702]: warning: SASL 
> authentication failure: no user in db

Sasl tried to access authdb and the authenticating username was not found. 
It seems that sasl is trying to authenticate using the wrong mech. Are you 
trying to get authentication working against /etc/passwd or database 
backend? if using Cyrus sasl you need to tell sasl what mechanisms it uses 
for each service

> I would have expected to see something during the sasl_auth attempt. 
> Should I have?

You should have seen something like the following:

postfix log snippet
Mar 16 11:11:29 cerebro postfix/smtpd[16044]: connect from 
my.homeip.fi[my.home.ip.fi]
Mar 16 11:11:29 cerebro postfix/smtpd[16044]: B43B08A0122: 
client=my.homeip.fi[my.home.ip.fi], sasl_method=LOGIN, 
sasl_username=username at cerebro.mydomain.com

saslauth log snippet
saslauthd[16234] :do_auth         : auth success: [user=username] 
[service=smtp] [realm=cerebro.mydomain.com] [mech=pam]
saslauthd[16234] :do_request      : response: OK
saslauthd[16235] :rel_accept_lock : released accept lock
saslauthd[16236] :get_accept_lock : acquired accept lock
saslauthd[16235] :do_auth         : auth success: [user=username] 
[service=imap] [realm=] [mech=pam]
saslauthd[16235] :do_request      : response: OK

In another mail your conf had:

smtpd_sasl_path = /usr/local/lib/sasl2/smtpd
smtp_sasl_password_maps = hash:/usr/local/etc/postfix/sasl_passwd

Is your sasl config file for smtpd named /usr/local/lib/sasl2/smtpd or 
/usr/local/lib/sasl2/smtpd.conf - in latter case postfix and sasl should not 
need the option at all. THe same goes with the smtpd_sasl_password_maps 
(unless you are authing against remote machine with sasl). Postfix should 
not really need details of saslauth internals like where are the passwords 
or which mech to use, it just asks the saslauthd if user has proper 
credentials. Sasl checks the credentials against given login mechs for the 
service in question and returns whether or not the login is ok.

-Reko

More information about the freebsd-questions mailing list