Find the answer to your Linux question:
Results 1 to 2 of 2
I've got a Debian Etch mail server that I'm trying to get Cyrus-SASL to work on. I'm using Postfix 2.5.5 and 2.1.22 of saslauthd. No matter what I do, I ...
Enjoy an ad free experience by logging in. Not a member yet? Register.
  1. #1
    Just Joined!
    Join Date
    May 2009
    Posts
    4

    Postfix SASL SMTP Authentication problem


    I've got a Debian Etch mail server that I'm trying to get Cyrus-SASL to work on. I'm using Postfix 2.5.5 and 2.1.22 of saslauthd. No matter what I do, I can't seem to get any SMTP authentication to work.

    I have the following in /etc/postfix/sasl/smtpd.conf:
    Code:
    mech_list: plain login digest-md5 cram-md5
    pwcheck_method: saslauthd
    Here is the relevant part of my main.cf for postfix:
    Code:
    smtpd_sasl_path = /etc/postfix/sasl:/usr/lib/sasl2:/usr/lib
    smtpd_sasl_auth_enable = yes
    smtpd_sasl_security_options = noanonymous
    broken_sasl_auth_clients = yes
    smtpd_recipient_restrictions =
            permit_sasl_authenticated,
            permit_mynetworks,
            check_policy_service inet:127.0.0.1:60000,
            reject_non_fqdn_hostname,
            reject_non_fqdn_sender,
            reject_non_fqdn_recipient,
            reject_invalid_hostname,
            reject_unauth_destination,
            reject_unauth_pipelining,
            reject_unknown_sender_domain,
            reject_unknown_address,
            reject_unknown_sender_domain,
            reject_unknown_recipient_domain,
            reject_rbl_client multihop.dsbl.org,
            reject_rbl_client list.dsbl.org,
            reject_rbl_client cbl.abuseat.org
    Here is what I have in /etc/defaults/saslauthd:
    Code:
    START=yes
    MECHANISMS="rimap -O localhost"
    MECH_OPTIONS=""
    THREADS=5
    OPTIONS="-c"
    PARAMS="-m /var/spool/postfix/var/run/saslauthd"
    I have saslauthd authenticating to my IMAP server, and it seems to work fine. I can authenticate all my users both by directly logging in to the IMAP server, and using the testsaslauthd command. However, when I telnet to port 25 of my server and try to login in, I get an authentication failed error. I login by using the string from this command (replacing username and password with my own credentials, of course):
    perl -MMIME::Base64 -e 'print encode_base64("username\0username\0password");'

    Then, when I try to log in this is the error I get:
    Code:
    220 clamato.whatsmykarma.com ESMTP Postfix (Debian/GNU)
    EHLO localhost
    250-clamato.whatsmykarma.com
    250-PIPELINING
    250-SIZE 10240000
    250-ETRN
    250-STARTTLS
    250-AUTH DIGEST-MD5 LOGIN NTLM CRAM-MD5 PLAIN
    250-AUTH=DIGEST-MD5 LOGIN NTLM CRAM-MD5 PLAIN
    250-ENHANCEDSTATUSCODES
    250-8BITMIME
    250 DSN
    AUTH PLAIN dXNlcm5hbWUAdXNlcm5hbWUAcGFzc3dvcmQ=
    535 5.7.8 Error: authentication failed: authentication failure
    This is what I get in /var/log/maillog:
    Code:
    May 21 16:19:41 clamato postfix/smtpd[25045]: warning: localhost[127.0.0.1]: SASL PLAIN authentication failed: authentication failure
    May 21 16:20:02 clamato postfix/smtpd[25045]: disconnect from localhost[127.0.0.1]
    I thought at first it could be that Postfix is running in a chroot and can't access the sasl mux, but it should be able to reach it from where I have it set. Also, the error doesn't really suggest that's the case. Any ideas? I've been struggling with this for a while.

  2. #2
    Just Joined!
    Join Date
    Jul 2009
    Posts
    1
    A bit late, but I think this can work, it did work for me:

    I login by using the string from this command (replacing username and password with my own credentials, of course):


    perl -MMIME::Base64 -e 'print encode_base64("username\000username\000password");'

    Or just

    perl -MMIME::Base64 -e 'print encode_base64("username");'
    perl -MMIME::Base64 -e 'print encode_base64("password");'

    and past them after each other

    AUTH LOGIN
    334 encrypt 1
    334 encrypt 2

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •