Results 1 to 1 of 1
Hi everybody,
I'm trying to set up an SMTP server on my Gentoo box that uses SASL for authentication that sits on top of a MySQL database - right now ...
Enjoy an ad free experience by logging in. Not a member yet? Register.
- 01-31-2013 #1Just Joined!
- Join Date
- Jul 2004
- Location
- ATL
- Posts
- 4
Postfix + SASL + MySQL - saslauthd not authenticating
Hi everybody,
I'm trying to set up an SMTP server on my Gentoo box that uses SASL for authentication that sits on top of a MySQL database - right now I'm just working on the authentication part - and I just can't get it to work - I've read maybe 10 howtos and done quite a bit of research, but everything I try still has authentication failing. I select simple authentication in my mail client and it just won't go - interestingly I can send to system users with no password at all.
Would you mind taking a look and seeing if there is anything obvious that I am doing wrong? As usual, I would be very appreciative.
Thanks!
/etc/postfix/main.cf:
/etc/sasl2/smtpd.confCode:soft_bounce = yes queue_directory = /var/spool/postfix command_directory = /usr/sbin daemon_directory = /usr/libexec/postfix data_directory = /var/lib/postfix mail_owner = postfix myhostname = gentoo.charlesread.com mydomain = charlesread.com myorigin = $myhostname inet_interfaces = all mydestination = $myhostname, localhost.$mydomain, localhost unknown_local_recipient_reject_code = 550 mynetworks_style = host #mynetworks = 127.0.0.0/8 #mynetworks = $config_directory/mynetworks #mynetworks = hash:/etc/postfix/network_table debug_peer_level = 2 sendmail_path = /usr/sbin/sendmail mailq_path = /usr/bin/mailq setgid_group = postdrop html_directory = no manpage_directory = /usr/share/man sample_directory = /etc/postfix readme_directory = no inet_protocols = ipv4 home_mailbox = .maildir/ smtpd_sasl_auth_enable = yes smtpd_sasl_security_options = noanonymous broken_sasl_auth_clients = yes smtpd_sasl_path = /etc/sasl2/smtpd.conf smtpd_sasl_type =cyrus smtpd_sasl_authenticated_header = yes #smtpd_sasl_local_domain = #smtpd_recipient_restrictions = permit_sasl_authenticated, permit_mynetworks, reject_unauth_destination
/etc/conf.d/saslauthd:Code:log_level: 7 mech_list: PLAIN LOGIN pwcheck_method: saslauthd
/etc/pam.d/smtp: (yeah, I know keeping the password plain is bad, this is just for testing, so I can change it more easily - and I have verified that the vsftpd user has access [I happen to be using the same DB that I use for vsFTPd])Code:SASLAUTHD_OPTS=" -a pam -n 5"
/var/log/auth.log: (after restarting everything and attempting a connection)Code:auth required pam_mysql.so user=XXX passwd=XXX host=localhost db=web table=accounts usercolumn=username passwdcolumn=pass_plain crypt=1 account required pam_mysql.so user=XXX passwd=XXX host=localhost db=web table=accounts usercolumn=username passwdcolumn=pass_plain crypt=1
/var/log/mail.log: (after restarting everything and attempting a connection)Code:Jan 30 21:24:00 gentoo saslauthd[13189]: server_exit : master exited: 13189 Jan 30 21:24:00 gentoo saslauthd[13467]: detach_tty : master pid is: 13467 Jan 30 21:24:00 gentoo saslauthd[13467]: ipc_init : listening on socket: /var/lib/sasl2/mux
With the important part being:Code:Jan 30 21:27:57 gentoo postfix/smtpd[13637]: name_mask: ipv4 Jan 30 21:27:57 gentoo postfix/smtpd[13637]: name_mask: host Jan 30 21:27:57 gentoo postfix/smtpd[13637]: inet_addr_local: configured 2 IPv4 addresses Jan 30 21:27:57 gentoo postfix/smtpd[13637]: been_here: 127.0.0.1/32: 0 Jan 30 21:27:57 gentoo postfix/smtpd[13637]: been_here: 10.0.1.201/32: 0 Jan 30 21:27:57 gentoo postfix/smtpd[13637]: mynetworks: 127.0.0.1/32 10.0.1.201/32 Jan 30 21:27:57 gentoo postfix/smtpd[13637]: process generation: 7 (7) Jan 30 21:27:57 gentoo postfix/smtpd[13637]: match_string: mynetworks ~? debug_peer_list Jan 30 21:27:57 gentoo postfix/smtpd[13637]: match_string: mynetworks ~? fast_flush_domains Jan 30 21:27:57 gentoo postfix/smtpd[13637]: match_string: mynetworks ~? mynetworks Jan 30 21:27:57 gentoo postfix/smtpd[13637]: match_string: relay_domains ~? debug_peer_list Jan 30 21:27:57 gentoo postfix/smtpd[13637]: match_string: relay_domains ~? fast_flush_domains Jan 30 21:27:57 gentoo postfix/smtpd[13637]: match_string: relay_domains ~? mynetworks Jan 30 21:27:57 gentoo postfix/smtpd[13637]: match_string: relay_domains ~? permit_mx_backup_networks Jan 30 21:27:57 gentoo postfix/smtpd[13637]: match_string: relay_domains ~? qmqpd_authorized_clients Jan 30 21:27:57 gentoo postfix/smtpd[13637]: match_string: relay_domains ~? relay_domains Jan 30 21:27:57 gentoo postfix/smtpd[13637]: match_string: permit_mx_backup_networks ~? debug_peer_list Jan 30 21:27:57 gentoo postfix/smtpd[13637]: match_string: permit_mx_backup_networks ~? fast_flush_domains Jan 30 21:27:57 gentoo postfix/smtpd[13637]: match_string: permit_mx_backup_networks ~? mynetworks Jan 30 21:27:57 gentoo postfix/smtpd[13637]: match_string: permit_mx_backup_networks ~? permit_mx_backup_networks Jan 30 21:27:57 gentoo postfix/smtpd[13637]: connect to subsystem private/proxymap Jan 30 21:27:57 gentoo postfix/smtpd[13637]: send attr request = open Jan 30 21:27:57 gentoo postfix/smtpd[13637]: send attr table = unix:passwd.byname Jan 30 21:27:57 gentoo postfix/smtpd[13637]: send attr flags = 0 Jan 30 21:27:57 gentoo postfix/smtpd[13637]: private/proxymap socket: wanted attribute: status Jan 30 21:27:57 gentoo postfix/smtpd[13637]: input attribute name: status Jan 30 21:27:57 gentoo postfix/smtpd[13637]: input attribute value: 0 Jan 30 21:27:57 gentoo postfix/smtpd[13637]: private/proxymap socket: wanted attribute: flags Jan 30 21:27:57 gentoo postfix/smtpd[13637]: input attribute name: flags Jan 30 21:27:57 gentoo postfix/smtpd[13637]: input attribute value: 16 Jan 30 21:27:57 gentoo postfix/smtpd[13637]: private/proxymap socket: wanted attribute: (list terminator) Jan 30 21:27:57 gentoo postfix/smtpd[13637]: input attribute name: (end) Jan 30 21:27:57 gentoo postfix/smtpd[13637]: dict_proxy_open: connect to map=unix:passwd.byname status=0 server_flags=fixed Jan 30 21:27:57 gentoo postfix/smtpd[13637]: dict_open: proxy:unix:passwd.byname Jan 30 21:27:57 gentoo postfix/smtpd[13637]: Compiled against Berkeley DB: 4.8.30? Jan 30 21:27:57 gentoo postfix/smtpd[13637]: Run-time linked against Berkeley DB: 4.8.30? Jan 30 21:27:57 gentoo postfix/smtpd[13637]: dict_open: hash:/etc/mail/aliases Jan 30 21:27:57 gentoo postfix/smtpd[13637]: match_string: smtpd_access_maps ~? debug_peer_list Jan 30 21:27:57 gentoo postfix/smtpd[13637]: match_string: smtpd_access_maps ~? fast_flush_domains Jan 30 21:27:57 gentoo postfix/smtpd[13637]: match_string: smtpd_access_maps ~? mynetworks Jan 30 21:27:57 gentoo postfix/smtpd[13637]: match_string: smtpd_access_maps ~? permit_mx_backup_networks Jan 30 21:27:57 gentoo postfix/smtpd[13637]: match_string: smtpd_access_maps ~? qmqpd_authorized_clients Jan 30 21:27:57 gentoo postfix/smtpd[13637]: match_string: smtpd_access_maps ~? relay_domains Jan 30 21:27:57 gentoo postfix/smtpd[13637]: match_string: smtpd_access_maps ~? smtpd_access_maps Jan 30 21:27:57 gentoo postfix/smtpd[13637]: unknown_helo_hostname_tempfail_action = defer_if_permit Jan 30 21:27:57 gentoo postfix/smtpd[13637]: unknown_address_tempfail_action = defer_if_permit Jan 30 21:27:57 gentoo postfix/smtpd[13637]: unverified_recipient_tempfail_action = defer_if_permit Jan 30 21:27:57 gentoo postfix/smtpd[13637]: unverified_sender_tempfail_action = defer_if_permit Jan 30 21:27:57 gentoo postfix/smtpd[13637]: xsasl_cyrus_server_init: SASL config file is /etc/sasl2/smtpd.conf.conf Jan 30 21:27:57 gentoo postfix/smtpd[13637]: match_string: fast_flush_domains ~? debug_peer_list Jan 30 21:27:57 gentoo postfix/smtpd[13637]: match_string: fast_flush_domains ~? fast_flush_domains Jan 30 21:27:57 gentoo postfix/smtpd[13637]: auto_clnt_create: transport=local endpoint=private/anvil Jan 30 21:27:57 gentoo postfix/smtpd[13637]: connection established Jan 30 21:27:57 gentoo postfix/smtpd[13637]: master_notify: status 0 Jan 30 21:27:57 gentoo postfix/smtpd[13637]: name_mask: resource Jan 30 21:27:57 gentoo postfix/smtpd[13637]: name_mask: software Jan 30 21:27:57 gentoo postfix/smtpd[13637]: connect from XXX.XXX.XXX.XXXX Jan 30 21:27:57 gentoo postfix/smtpd[13637]: match_list_match: XXX.XXX.XXX.XXXX: no match Jan 30 21:27:57 gentoo postfix/smtpd[13637]: match_list_match: XXX.XXX.XXX.XXXX: no match Jan 30 21:27:57 gentoo postfix/smtpd[13637]: match_list_match: XXX.XXX.XXX.XXXX: no match Jan 30 21:27:57 gentoo postfix/smtpd[13637]: match_list_match: XXX.XXX.XXX.XXXX: no match Jan 30 21:27:57 gentoo postfix/smtpd[13637]: smtp_stream_setup: maxtime=300 enable_deadline=0 Jan 30 21:27:57 gentoo postfix/smtpd[13637]: match_hostname: XXX.XXX.XXX.XXXX ~? 127.0.0.1/32 Jan 30 21:27:57 gentoo postfix/smtpd[13637]: match_hostaddr: XXX.XXX.XXX.XXXX ~? 127.0.0.1/32 Jan 30 21:27:57 gentoo postfix/smtpd[13637]: match_hostname: XXX.XXX.XXX.XXXX ~? 10.0.1.201/32 Jan 30 21:27:57 gentoo postfix/smtpd[13637]: match_hostaddr: XXX.XXX.XXX.XXXX ~? 10.0.1.201/32 Jan 30 21:27:57 gentoo postfix/smtpd[13637]: match_list_match: XXX.XXX.XXX.XXXX: no match Jan 30 21:27:57 gentoo postfix/smtpd[13637]: match_list_match: XXX.XXX.XXX.XXXX: no match Jan 30 21:27:57 gentoo postfix/smtpd[13637]: auto_clnt_open: connected to private/anvil Jan 30 21:27:57 gentoo postfix/smtpd[13637]: send attr request = connect Jan 30 21:27:57 gentoo postfix/smtpd[13637]: send attr ident = smtp:XXX.XXX.XXX.XXXX Jan 30 21:27:57 gentoo postfix/smtpd[13637]: private/anvil: wanted attribute: status Jan 30 21:27:57 gentoo postfix/smtpd[13637]: input attribute name: status Jan 30 21:27:57 gentoo postfix/smtpd[13637]: input attribute value: 0 Jan 30 21:27:57 gentoo postfix/smtpd[13637]: private/anvil: wanted attribute: count Jan 30 21:27:57 gentoo postfix/smtpd[13637]: input attribute name: count Jan 30 21:27:57 gentoo postfix/smtpd[13637]: input attribute value: 1 Jan 30 21:27:57 gentoo postfix/smtpd[13637]: private/anvil: wanted attribute: rate Jan 30 21:27:57 gentoo postfix/smtpd[13637]: input attribute name: rate Jan 30 21:27:57 gentoo postfix/smtpd[13637]: input attribute value: 1 Jan 30 21:27:57 gentoo postfix/smtpd[13637]: private/anvil: wanted attribute: (list terminator) Jan 30 21:27:57 gentoo postfix/smtpd[13637]: input attribute name: (end) Jan 30 21:27:57 gentoo postfix/smtpd[13637]: > XXX.XXX.XXX.XXXX: 220 gentoo.charlesread.com ESMTP Postfix Jan 30 21:27:57 gentoo postfix/smtpd[13637]: xsasl_cyrus_server_create: SASL service=smtp, realm=(null) Jan 30 21:27:57 gentoo postfix/smtpd[13637]: name_mask: noanonymous Jan 30 21:27:57 gentoo postfix/smtpd[13637]: < XXX.XXX.XXX.XXXX: EHLO [10.0.1.7] Jan 30 21:27:57 gentoo postfix/smtpd[13637]: match_list_match: XXX.XXX.XXX.XXXX: no match Jan 30 21:27:57 gentoo postfix/smtpd[13637]: match_list_match: XXX.XXX.XXX.XXXX: no match Jan 30 21:27:57 gentoo postfix/smtpd[13637]: > XXX.XXX.XXX.XXXX: 250-gentoo.charlesread.com Jan 30 21:27:57 gentoo postfix/smtpd[13637]: > XXX.XXX.XXX.XXXX: 250-PIPELINING Jan 30 21:27:57 gentoo postfix/smtpd[13637]: > XXX.XXX.XXX.XXXX: 250-SIZE 10240000 Jan 30 21:27:57 gentoo postfix/smtpd[13637]: > XXX.XXX.XXX.XXXX: 250-VRFY Jan 30 21:27:57 gentoo postfix/smtpd[13637]: > XXX.XXX.XXX.XXXX: 250-ETRN Jan 30 21:27:57 gentoo postfix/smtpd[13637]: > XXX.XXX.XXX.XXXX: 250-AUTH SCRAM-SHA-1 DIGEST-MD5 OTP NTLM CRAM-MD5 LOGIN PLAIN Jan 30 21:27:57 gentoo postfix/smtpd[13637]: > XXX.XXX.XXX.XXXX: 250-AUTH=SCRAM-SHA-1 DIGEST-MD5 OTP NTLM CRAM-MD5 LOGIN PLAIN Jan 30 21:27:57 gentoo postfix/smtpd[13637]: > XXX.XXX.XXX.XXXX: 250-ENHANCEDSTATUSCODES Jan 30 21:27:57 gentoo postfix/smtpd[13637]: > XXX.XXX.XXX.XXXX: 250-8BITMIME Jan 30 21:27:57 gentoo postfix/smtpd[13637]: > XXX.XXX.XXX.XXXX: 250 DSN Jan 30 21:27:57 gentoo postfix/smtpd[13637]: < XXX.XXX.XXX.XXXX: EHLO [10.0.1.7] Jan 30 21:27:57 gentoo postfix/smtpd[13637]: match_list_match: XXX.XXX.XXX.XXXX: no match Jan 30 21:27:57 gentoo postfix/smtpd[13637]: match_list_match: XXX.XXX.XXX.XXXX: no match Jan 30 21:27:57 gentoo postfix/smtpd[13637]: > XXX.XXX.XXX.XXXX: 250-gentoo.charlesread.com Jan 30 21:27:57 gentoo postfix/smtpd[13637]: > XXX.XXX.XXX.XXXX: 250-PIPELINING Jan 30 21:27:57 gentoo postfix/smtpd[13637]: > XXX.XXX.XXX.XXXX: 250-SIZE 10240000 Jan 30 21:27:57 gentoo postfix/smtpd[13637]: > XXX.XXX.XXX.XXXX: 250-VRFY Jan 30 21:27:57 gentoo postfix/smtpd[13637]: > XXX.XXX.XXX.XXXX: 250-ETRN Jan 30 21:27:57 gentoo postfix/smtpd[13637]: > XXX.XXX.XXX.XXXX: 250-AUTH SCRAM-SHA-1 DIGEST-MD5 OTP NTLM CRAM-MD5 LOGIN PLAIN Jan 30 21:27:57 gentoo postfix/smtpd[13637]: > XXX.XXX.XXX.XXXX: 250-AUTH=SCRAM-SHA-1 DIGEST-MD5 OTP NTLM CRAM-MD5 LOGIN PLAIN Jan 30 21:27:57 gentoo postfix/smtpd[13637]: > XXX.XXX.XXX.XXXX: 250-ENHANCEDSTATUSCODES Jan 30 21:27:57 gentoo postfix/smtpd[13637]: > XXX.XXX.XXX.XXXX: 250-8BITMIME Jan 30 21:27:57 gentoo postfix/smtpd[13637]: > XXX.XXX.XXX.XXXX: 250 DSN Jan 30 21:27:57 gentoo postfix/smtpd[13637]: < XXX.XXX.XXX.XXXX: AUTH PLAIN AHRlc3QAMTIzNA== Jan 30 21:27:57 gentoo postfix/smtpd[13637]: xsasl_cyrus_server_first: sasl_method PLAIN, init_response AHRlc3QAMTIzNA== Jan 30 21:27:57 gentoo postfix/smtpd[13637]: xsasl_cyrus_server_first: decoded initial response Jan 30 21:27:57 gentoo postfix/smtpd[13637]: warning: SASL authentication failure: Password verification failed Jan 30 21:27:57 gentoo postfix/smtpd[13637]: warning: XXX.XXX.XXX.XXXX: SASL PLAIN authentication failed: authentication failure Jan 30 21:27:57 gentoo postfix/smtpd[13637]: > XXX.XXX.XXX.XXXX: 435 4.7.8 Error: authentication failed: authentication failure Jan 30 21:27:57 gentoo postfix/smtpd[13637]: smtp_get: EOF Jan 30 21:27:57 gentoo postfix/smtpd[13637]: match_hostname: XXX.XXX.XXX.XXXX ~? 127.0.0.1/32 Jan 30 21:27:57 gentoo postfix/smtpd[13637]: match_hostaddr: XXX.XXX.XXX.XXXX ~? 127.0.0.1/32 Jan 30 21:27:57 gentoo postfix/smtpd[13637]: match_hostname: XXX.XXX.XXX.XXXX ~? 10.0.1.201/32 Jan 30 21:27:57 gentoo postfix/smtpd[13637]: match_hostaddr: XXX.XXX.XXX.XXXX ~? 10.0.1.201/32 Jan 30 21:27:57 gentoo postfix/smtpd[13637]: match_list_match: XXX.XXX.XXX.XXXX: no match Jan 30 21:27:57 gentoo postfix/smtpd[13637]: match_list_match: XXX.XXX.XXX.XXXX: no match Jan 30 21:27:57 gentoo postfix/smtpd[13637]: send attr request = disconnect Jan 30 21:27:57 gentoo postfix/smtpd[13637]: send attr ident = smtp:XXX.XXX.XXX.XXXX Jan 30 21:27:57 gentoo postfix/smtpd[13637]: private/anvil: wanted attribute: status Jan 30 21:27:57 gentoo postfix/smtpd[13637]: input attribute name: status Jan 30 21:27:57 gentoo postfix/smtpd[13637]: input attribute value: 0 Jan 30 21:27:57 gentoo postfix/smtpd[13637]: private/anvil: wanted attribute: (list terminator) Jan 30 21:27:57 gentoo postfix/smtpd[13637]: input attribute name: (end) Jan 30 21:27:57 gentoo postfix/smtpd[13637]: lost connection after AUTH from XXX.XXX.XXX.XXXX Jan 30 21:27:57 gentoo postfix/smtpd[13637]: disconnect from XXX.XXX.XXX.XXXX Jan 30 21:27:57 gentoo postfix/smtpd[13637]: master_notify: status 1 Jan 30 21:27:57 gentoo postfix/smtpd[13637]: connection closed Jan 30 21:28:02 gentoo postfix/smtpd[13637]: proxymap stream disconnect
Code:Jan 30 21:27:57 gentoo postfix/smtpd[13637]: xsasl_cyrus_server_first: sasl_method PLAIN, init_response AHRlc3QAMTIzNA== Jan 30 21:27:57 gentoo postfix/smtpd[13637]: xsasl_cyrus_server_first: decoded initial response Jan 30 21:27:57 gentoo postfix/smtpd[13637]: warning: SASL authentication failure: Password verification failed Jan 30 21:27:57 gentoo postfix/smtpd[13637]: warning: XXX.XXX.XXX.XXXX: SASL PLAIN authentication failed: authentication failure
Reply With Quote 
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
